creative-bot

creative-bot copied to clipboard

Bumps [loader-utils](https://github.com/webpack/loader-utils) to 1.4.2 and updates ancestor dependency [html-webpack-plugin](https://github.com/jantimon/html-webpack-plugin). These dependencies need to be updated together. Updates `loader-utils` from 1.2.3 to 1.4.2 Release notes Sourced from loader-utils's releases. v1.4.2 1.4.2...

dependabot[bot]

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`....

dependabot[bot]

Removes [xmldom](https://github.com/xmldom/xmldom). It's no longer used after updating ancestor dependency [plist](https://github.com/TooTallNate/node-plist). These dependencies need to be updated together. Removes `xmldom` Updates `plist` from 3.0.1 to 3.0.6 Changelog Sourced from plist's...

dependabot[bot]

Bumps [terser](https://github.com/terser/terser) from 4.2.1 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) v4.8.0 Support for numeric separators (million...

dependabot[bot]

Bumps [moment](https://github.com/moment/moment) from 2.24.0 to 2.29.4. Changelog Sourced from moment's changelog. 2.29.4 Release Jul 6, 2022 #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex 2.29.3 Full changelog Release Apr 17, 2022...

dependabot[bot]

Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from async's changelog. v2.6.4 Fix potential prototype pollution exploit (#1828) Commits c6bdaca Version 2.6.4 8870da9 Update built files 4df6754 update changelog 8f7f903...

dependabot[bot]

Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.3. Release notes Sourced from ajv's releases. v6.12.3 Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas...

dependabot[bot]

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.4.1 to 4.5.1. Release notes Sourced from normalize-url's releases. v4.5.0 Strip default MIME type and charset in data URLs (#100) 308909b https://github.com/sindresorhus/normalize-url/compare/v4.4.1...v4.5.0 Commits See full diff in...

dependabot[bot]

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.4 to 2.8.9. Changelog Sourced from hosted-git-info's changelog. 2.8.9 (2021-04-07) Bug Fixes backport regex fix from #76 (29adfe5), closes #84 2.8.8 (2020-02-29) Bug Fixes #61 & #65...

dependabot[bot]