Bump the npm_and_yarn group across 28 directories with 9 updates

Open dependabot[bot] opened this issue 1 year ago • 4 comments

Bumps the npm_and_yarn group with 2 updates in the / directory: node-fetch and axios. Bumps the npm_and_yarn group with 2 updates in the /packages/embed directory: node-fetch and follow-redirects. Bumps the npm_and_yarn group with 4 updates in the /samples/01.getting-started/g.hybrid-react-npm directory: axios, ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/01.getting-started/g.hybrid-react-npm/packages/app directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 1 update in the /samples/01.getting-started/g.hybrid-react-npm/packages/chat-component directory: postcss. Bumps the npm_and_yarn group with 2 updates in the /samples/01.getting-started/k.direct-line-token/javascript/bot directory: axios and botbuilder. Bumps the npm_and_yarn group with 2 updates in the /samples/01.getting-started/k.direct-line-token/javascript/web directory: node-fetch and follow-redirects. Bumps the npm_and_yarn group with 3 updates in the /samples/04.api/e.piping-to-redux directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/04.api/f.selectable-activity directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/04.api/g.chat-send-history directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/04.api/h.clear-after-idle directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/06.recomposing-ui/a.minimizable-web-chat directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/06.recomposing-ui/b.speech-ui directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/06.recomposing-ui/c.smart-display directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/06.recomposing-ui/d.plain-ui directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/06.recomposing-ui/e.extending-ui directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/bot directory: axios, botbuilder and botbuilder-dialogs. Bumps the npm_and_yarn group with 2 updates in the /samples/07.advanced-web-chat-apps/a.upload-to-azure-storage/web directory: node-fetch and follow-redirects. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/b.sso-for-enterprise/app directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/b.sso-for-enterprise/bot directory: axios, botbuilder and botbuilder-dialogs. Bumps the npm_and_yarn group with 2 updates in the /samples/07.advanced-web-chat-apps/b.sso-for-enterprise/rest-api directory: node-fetch and follow-redirects. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/c.sso-for-intranet/bot directory: axios, botbuilder and botbuilder-dialogs. Bumps the npm_and_yarn group with 2 updates in the /samples/07.advanced-web-chat-apps/c.sso-for-intranet/web directory: node-fetch and follow-redirects. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/d.sso-for-teams/bot directory: axios, botbuilder and botbuilder-dialogs. Bumps the npm_and_yarn group with 2 updates in the /samples/07.advanced-web-chat-apps/d.sso-for-teams/web directory: node-fetch and follow-redirects. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/app directory: ejs, ip and tough-cookie. Bumps the npm_and_yarn group with 3 updates in the /samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/bot directory: axios, botbuilder and botbuilder-dialogs. Bumps the npm_and_yarn group with 2 updates in the /samples/07.advanced-web-chat-apps/e.sso-on-behalf-of-authentication/rest-api directory: node-fetch and follow-redirects.

Updates node-fetch from 2.7.0 to 3.3.2

Release notes

Sourced from node-fetch's releases.

v3.3.2

3.3.2 (2023-07-25)

Bug Fixes

Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473

v3.3.1

3.3.1 (2023-03-11)

Bug Fixes

release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

v3.3.0

3.3.0 (2022-11-10)

Features

add static Response.json (#1670) (55a4870)

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

possibly flaky test (#1523) (11b7033)

... (truncated)

Commits

8b3320d fix: Remove the default connection close header. (#1736)
7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
8ced5b9 docs: readme - non ESM example (#1707)
71e376b ci(release): use latest Node LTS (#1697)
e093030 Allow URL class object as an argument for fetch() (#1696)
55a4870 feat: add static Response.json (#1670)
c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
6f72caa docs: fix missing comma in example (#1623)
2880238 fix: ReDoS referrer (#1611)
e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
Additional commits viewable in compare view

Updates axios from 1.6.2 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Release v1.6.7

Release notes:

Bug Fixes

capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Dmitriy Mozgovoy

zhoulixiang

Release v1.6.6

Release notes:

Bug Fixes

fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)

wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Ilya Priven

Zao Soula

Release v1.6.5

Release notes:

Bug Fixes

ci: refactor notify action as a job of publish action; (#6176) (0736f95)

dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

1.6.7 (2024-01-25)

Bug Fixes

capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Dmitriy Mozgovoy

zhoulixiang

1.6.6 (2024-01-24)

Bug Fixes

fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)

wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Ilya Priven

Zao Soula

1.6.5 (2024-01-05)

Bug Fixes

ci: refactor notify action as a job of publish action; (#6176) (0736f95)

... (truncated)

Commits

ab3f0f9 chore(release): v1.6.8 (#6303)
2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
7320430 fix(import): use named export for EventEmitter;
8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
d844227 chore: update and bump deps (#6238)
caa0625 docs: update README responseEncoding types (#6194)
41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
bf6974f chore(ci): add npm tag action; (#6231)
a52e4d9 chore(release): v1.6.7 (#6204)
2b69888 chore: remove unnecessary check (#6186)
Additional commits viewable in compare view

Updates node-fetch from 2.7.0 to 3.3.2

Release notes

Sourced from node-fetch's releases.

v3.3.2

3.3.2 (2023-07-25)

Bug Fixes

Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473

v3.3.1

3.3.1 (2023-03-11)

Bug Fixes

release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

v3.3.0

3.3.0 (2022-11-10)

Features

add static Response.json (#1670) (55a4870)

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

possibly flaky test (#1523) (11b7033)

... (truncated)

Commits

8b3320d fix: Remove the default connection close header. (#1736)
7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
8ced5b9 docs: readme - non ESM example (#1707)
71e376b ci(release): use latest Node LTS (#1697)
e093030 Allow URL class object as an argument for fetch() (#1696)
55a4870 feat: add static Response.json (#1670)
c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
6f72caa docs: fix missing comma in example (#1623)
2880238 fix: ReDoS referrer (#1611)
e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
Additional commits viewable in compare view

Updates follow-redirects from 1.14.9 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates axios from 1.2.0 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Release v1.6.7

Release notes:

Bug Fixes

capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Dmitriy Mozgovoy

zhoulixiang

Release v1.6.6

Release notes:

Bug Fixes

fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)

wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Ilya Priven

Zao Soula

Release v1.6.5

Release notes:

Bug Fixes

ci: refactor notify action as a job of publish action; (#6176) (0736f95)

dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

1.6.7 (2024-01-25)

Bug Fixes

capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Dmitriy Mozgovoy

zhoulixiang

1.6.6 (2024-01-24)

Bug Fixes

fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)

wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Ilya Priven

Zao Soula

1.6.5 (2024-01-05)

Bug Fixes

ci: refactor notify action as a job of publish action; (#6176) (0736f95)

... (truncated)

Commits

ab3f0f9 chore(release): v1.6.8 (#6303)
2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
7320430 fix(import): use named export for EventEmitter;
8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
d844227 chore: update and bump deps (#6238)
caa0625 docs: update README responseEncoding types (#6194)
41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
bf6974f chore(ci): add npm tag action; (#6231)
a52e4d9 chore(release): v1.6.7 (#6204)
2b69888 chore: remove unnecessary check (#6186)
Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
5dc3b2f 1.1.8
8e6f28b lib: even better node 6 support
088c9e5 1.1.7
1a4ca35 lib: add back support for Node.js 6
af82ef4 1.1.6
dba19f6 package: exclude test folder from publishing
7cd7f30 ci: use github workflows
4de50ae lib: node 18 support
See full diff in compare view

Updates tough-cookie from 4.1.3 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
cf6debd Fix incorrect string validation for URL
See full diff in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
5dc3b2f 1.1.8
8e6f28b lib: even better node 6 support
088c9e5 1.1.7
1a4ca35 lib: add back support for Node.js 6
af82ef4 1.1.6
dba19f6 package: exclude test folder from publishing
7cd7f30 ci: use github workflows
4de50ae lib: node 18 support
See full diff in compare view

Updates tough-cookie from 4.1.3 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

Add local alias for toString by @corvidism in salesforce/tough-cookie#409

Fix incorrect string validation for URL by @coditva in salesforce/tough-cookie#261

New Contributors

@corvidism made their first contribution in salesforce/tough-cookie#409

@coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4

Commits

cacbc37 Bump version to 4.1.4
a48fb3a Add tests for url validation
50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
1253d58 Merge pull request #409 from corvidism/validators-to-string
238367e Add local alias for toString
cf6debd Fix incorrect string validation for URL
See full diff in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates postcss from 8.4.32 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

Changelog

Sourced from postcss's changelog.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

Commits

a69d45e Release 8.4.38 version
64e35d9 Update dependencies
c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
b45e7e9 fix endIndex
1bea246 failing test: for endIndex 0 in rangeBy
0fd1d86 Add changelog auto release on Github
49c906e Release 8.4.37 version
b5bd92c Fix another broken prev source map issue
2882039 Update dependencies
e5ad939 Release 8.4.36 version
Additional commits viewable in compare view

Updates axios from 0.25.0 to 0.28.1

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Release v1.6.7

Release notes:

Bug Fixes

capture async...
Description has been truncated

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

May 02 '24 19:05 dependabot[bot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

May 03 '24 22:05 dependabot[bot]

@dependabot rebase

May 08 '24 22:05 compulim

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

May 08 '24 22:05 dependabot[bot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

May 09 '24 03:05 dependabot[bot]

All dependencies bumped in #5532. This is resolved.

Aug 04 '25 18:08 compulim

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

Aug 04 '25 18:08 dependabot[bot]