Skip to content

Bump the npm_and_yarn group across 1 directory with 13 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 13 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jun 3, 2025

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
webpack 5.76.0 5.99.9
axios 0.26.1 removed
vscode-tas-client 0.1.63 0.1.84
braces 3.0.2 3.0.3
gulp 4.0.2 5.0.1
browserify-sign 4.0.4 4.2.3
@babel/traverse 7.7.4 7.27.4
serialize-javascript 6.0.0 6.0.2
mocha 9.2.2 11.5.0
tar-fs 2.1.1 2.1.3
ws 7.5.7 7.5.10

Updates webpack from 5.76.0 to 5.99.9

Release notes

Sourced from webpack's releases.

v5.99.9

Fixes

  • HMR might fail if there are new initial chunks
  • Destructuring namespace import with default
  • Destructuring namespace import with computed-property
  • Generate valid code for es export generation for multiple module entries
  • Fixed public path issue for ES modules
  • Asset modules work when lazy compilation used
  • Eliminate unused statements in certain scenarios
  • Fixed regression with location and order of dependencies
  • Fixed typescript types

v5.99.8

Fixes

  • Fixed type error with latest @types/node
  • Fixed typescript types

v5.99.7

Fixes

  • Don't skip export generation for default reexport (#19463)
  • Fixed module library export generation for reexport (#19459)
  • Avoid module concatenation in child compilation for module library (#19457)
  • Ensure HMR recover gracefully when CSS module with error
  • Respect cause of any errors and errors of AggregateError in stats output
  • Added missing @types/json-schema in types

v5.99.6

Fixes

  • Respect public path for ES modules
  • Fixed generation of module for module library when mixing commonjs and esm modules
  • Always apply FlagDependencyExportsPlugin for libraries where it required
  • Faster logic for dead control flow
  • Typescript types

v5.99.5

Fixes

  • Control dead flow for labeled and blockless statements

v5.99.4

Fixes

  • Fixed terminated state for if/else

v5.99.3

Fixes

... (truncated)

Commits

Removes axios

Updates vscode-tas-client from 0.1.63 to 0.1.84

Updates braces from 3.0.2 to 3.0.3

Commits

Updates gulp from 4.0.2 to 5.0.1

Release notes

Sourced from gulp's releases.

gulp v5.0.1

Bug Fixes

  • Avoid globbing before read stream is opened (#2839) (19122f3)
  • Avoid Node.js deprecation warning for fs.Stats (#2838) (69a5d0e)
  • Support top-level await on Node 22.12+ (#2836) (04b4a74)

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.1 (2025-06-01)

Bug Fixes

  • Avoid globbing before read stream is opened (#2839) (19122f3)
  • Avoid Node.js deprecation warning for fs.Stats (#2838) (69a5d0e)
  • Support top-level await on Node 22.12+ (#2836) (04b4a74)

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents

... (truncated)

Commits

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

... (truncated)

Commits
  • bf2c3ec v4.2.3
  • 9247adf [patch] widen support to 0.12
  • f427270 [Deps] update `parse-asn1
  • 87f3a35 [Dev Deps] update aud, npmignore, tape
  • fb261ce [Deps] update elliptic
  • 4d0ee49 [patch] drop minimum node support to v1
  • 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
  • 168e16f [Deps] pin elliptic due to a breaking change
  • 37a4758 [actions] remove redundant finisher
  • 4af5a90 v4.2.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.


Updates elliptic from 6.5.4 to 6.6.1

Commits

Updates yargs-parser from 5.0.0-security.0 to 18.1.3

Release notes

Sourced from yargs-parser's releases.

yargs-parser yargs-parser-v15.0.3

Bug Fixes

  • build: should use releases_created when using manifest (49ea4ef)

yargs-parser yargs-parser-v15.0.2

Bug Fixes

  • perf: address slow parse when using unknown-options-as-args (#400) (bc387ec)
Changelog

Sourced from yargs-parser's changelog.

18.1.3 (2020-04-16)

Bug Fixes

  • setArg: options using camel-case and dot-notation populated twice (#268) (f7e15b9)

18.1.2 (2020-03-26)

Bug Fixes

  • array, nargs: support -o=--value and --option=--value format (#262) (41d3f81)

18.1.1 (2020-03-16)

Bug Fixes

  • __proto__ will now be replaced with ___proto___ in parse (#258), patching a potential prototype pollution vulnerability. This was reported by the Snyk Security Research Team.(63810ca)

18.1.0 (2020-03-07)

Features

  • introduce single-digit boolean aliases (#255) (9c60265)

18.0.0 (2020-03-02)

⚠ BREAKING CHANGES

  • the narg count is now enforced when parsing arrays.

Features

  • NaN can now be provided as a value for nargs, indicating "at least" one value is expected for array (#251) (9db4be8)

17.1.0 (2020-03-01)

Features

  • introduce greedy-arrays config, for specifying whether arrays consume multiple positionals (#249) (60e880a)

17.0.1 (2020-02-29)

... (truncated)

Commits

Updates @babel/traverse from 7.7.4 to 7.27.4

Release notes

Sourced from @​babel/traverse's releases.

v7.27.4 (2025-05-30)

👓 Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

💅 Polish

🔬 Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

Committers: 4

v7.27.3 (2025-05-27)

🐛 Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-types
    • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
  • babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
    • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
  • babel-parser
  • babel-generator, babel-parser

Committers: 7

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.4 (2025-05-30)

👓 Spec Compliance

  • babel-parser, babel-plugin-proposal-explicit-resource-management

💅 Polish

🔬 Output optimization

  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

v7.27.3 (2025-05-27)

🐛 Bug Fix

  • babel-generator
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • babel-plugin-proposal-explicit-resource-management
  • babel-plugin-proposal-decorators, babel-types
    • #17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@​magic-akari)
  • babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd
    • #17257 Preserve class id when transforming using declarations with exported class (@​JLHwung)
  • babel-parser
  • babel-generator, babel-parser

v7.27.2 (2025-05-06)

🐛 Bug Fix

  • babel-parser
  • babel-plugin-transform-object-rest-spread
  • babel-plugin-transform-modules-commonjs, babel-template

🏃‍♀️ Performance

  • babel-cli

... (truncated)

Commits

Updates serialize-javascript from 6.0.0 to 6.0.2

Release notes

Sourced from serialize-javascript's releases.

v6.0.2

  • fix: serialize URL string contents to prevent XSS (#173) f27d65d
  • Bump @​babel/traverse from 7.10.1 to 7.23.7 (#171) 02499c0
  • docs: update readme with URL support (#146) 0d88527
  • chore: update node version and lock file e2a3a91
  • fix typo (#164) 5a1fa64

yahoo/serialize-javascript@v6.0.1...v6.0.2

v6.0.1

What's Changed

New Contributors

Full Changelog: yahoo/serialize-javascript@v6.0.0...v6.0.1

Commits

Updates mocha from 9.2.2 to 11.5.0

Release notes

Sourced from mocha's releases.

v11.5.0

11.5.0 (2025-05-22)

🌟 Features

v11.4.0

11.4.0 (2025-05-19)

🌟 Features

📚 Documentation

  • added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)

v11.3.0

11.3.0 (2025-05-16)

🌟 Features

  • add option to use posix exit code upon fatal signal (#4989) (91bbf85)

📚 Documentation

🧹 Chores

  • remove prerelease setting in release-please config (#5363) (8878f22)

v11.2.2

11.2.2 (2025-04-10)

🩹 Fixes

... (truncated)

Changelog

Sourced from mocha's changelog.

11.5.0 (2025-05-22)

🌟 Features

11.4.0 (2025-05-19)

🌟 Features

📚 Documentation

  • added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)

11.3.0 (2025-05-16)

🌟 Features

  • add option to use posix exit code upon fatal signal (#4989) (91bbf85)

📚 Documentation

🧹 Chores

  • remove prerelease setting in release-please config (#5363) (8878f22)

11.2.2 (2025-04-10)

🩹 Fixes

  • deps: update chokidar to v4 (#5256) (8af0f1a)<...

    Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 13 updates
a492bc6 
Bumps the npm_and_yarn group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [webpack](https://github.com/webpack/webpack) | `5.76.0` | `5.99.9` |
| [axios](https://github.com/axios/axios) | `0.26.1` | `removed` |
| vscode-tas-client | `0.1.63` | `0.1.84` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [gulp](https://github.com/gulpjs/gulp) | `4.0.2` | `5.0.1` |
| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.7.4` | `7.27.4` |
| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.0` | `6.0.2` |
| [mocha](https://github.com/mochajs/mocha) | `9.2.2` | `11.5.0` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.3` |
| [ws](https://github.com/websockets/ws) | `7.5.7` | `7.5.10` |



Updates `webpack` from 5.76.0 to 5.99.9
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.76.0...v5.99.9)

Removes `axios`

Updates `vscode-tas-client` from 0.1.63 to 0.1.84

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `gulp` from 4.0.2 to 5.0.1
- [Release notes](https://github.com/gulpjs/gulp/releases)
- [Changelog](https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md)
- [Commits](gulpjs/gulp@v4.0.2...v5.0.1)

Updates `browserify-sign` from 4.0.4 to 4.2.3
- [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md)
- [Commits](browserify/browserify-sign@v4.0.4...v4.2.3)

Updates `elliptic` from 6.5.4 to 6.6.1
- [Commits](indutny/elliptic@v6.5.4...v6.6.1)

Updates `yargs-parser` from 5.0.0-security.0 to 18.1.3
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs-parser/commits/v18.1.3)

Updates `@babel/traverse` from 7.7.4 to 7.27.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-traverse)

Updates `serialize-javascript` from 6.0.0 to 6.0.2
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2)

Updates `mocha` from 9.2.2 to 11.5.0
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](mochajs/mocha@v9.2.2...v11.5.0)

Updates `tar-fs` from 2.1.1 to 2.1.3
- [Commits](https://github.com/mafintosh/tar-fs/commits)

Updates `ws` from 7.5.7 to 7.5.10
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.7...7.5.10)

---
updated-dependencies:
- dependency-name: webpack
  dependency-version: 5.99.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vscode-tas-client
  dependency-version: 0.1.84
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: gulp
  dependency-version: 5.0.1
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: browserify-sign
  dependency-version: 4.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: elliptic
  dependency-version: 6.6.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: yargs-parser
  dependency-version: 18.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.27.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serialize-javascript
  dependency-version: 6.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mocha
  dependency-version: 11.5.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 7.5.10
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants