Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group group with 1 update #24

Closed
wants to merge 9 commits into from
Closed

Bump the npm_and_yarn group group with 1 update #24

wants to merge 9 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 24, 2024
edited
Loading

Bumps the npm_and_yarn group group with 1 update: cross-fetch.

Updates cross-fetch from 3.1.5 to 3.1.8

Release notes

Sourced from cross-fetch's releases.

v3.1.8

What's Changed

  • Restored caret range to node-fetch version for automatic feature and fix updates.

Full Changelog: lquixada/cross-fetch@v3.1.7...v3.1.8

v3.1.7

What's Changed

  • Updated node-fetch version to 2.6.12

Full Changelog: lquixada/cross-fetch@v3.1.6...v3.1.7

v3.1.6

What's Changed

  • Updated node-fetch version to 2.6.11
  • Added caret range to node-fetch version for automatic feature and fix updates.

Full Changelog: lquixada/cross-fetch@v3.1.5...v3.1.6

Changelog

Sourced from cross-fetch's changelog.

3.1.8 (2023-07-02)

Bug Fixes

  • restored caret on node-fetch version (6669927)

3.1.7 (2023-07-01)

3.1.6 (2023-05-14)

Features

  • allowed minor and patch update of node-fetch (#132) (425395b), closes #129

Bug Fixes

  • fixed ESTree.StaticBlock error (a66f21b)
Commits
  • 0922089 chore(release): 3.1.8
  • 6669927 fix: restored caret on node-fetch version
  • ff14bdd chore: improved release script
  • d625e0d chore: release workflow now uses .nvmrc
  • 098ed1e chore: improved release workflow
  • cc2663b chore(release): 3.1.7
  • 7c1fdde chore: updated node-fetch to 2.6.12
  • e298dbb chore: reordered if statement
  • 81049e1 chore: removed github publish pipeline
  • a80be7c chore: removed console log from specs
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

wmitsuda and others added 9 commits March 24, 2024 20:13
@wmitsuda
Enable dependabot/nvm
01ef00c
@dependabot
Bump actions/setup-node from 1 to 4 (#2)
bc5d22a 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 1 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v1...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/checkout from 2 to 4 (#3)
bc49cb4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/setup-go from 2 to 5 (#6)
39e6ec8 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v2...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump crazy-max/ghaction-github-pages from 3 to 4 (#4)
5bfcb41 
Bumps [crazy-max/ghaction-github-pages](https://github.com/crazy-max/ghaction-github-pages) from 3 to 4.
- [Release notes](https://github.com/crazy-max/ghaction-github-pages/releases)
- [Commits](crazy-max/ghaction-github-pages@v3...v4)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-pages
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump rojopolis/spellcheck-github-actions from 0.29.0 to 0.36.0 (#5)
953198c 
Bumps [rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions) from 0.29.0 to 0.36.0.
- [Release notes](https://github.com/rojopolis/spellcheck-github-actions/releases)
- [Changelog](https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md)
- [Commits](rojopolis/spellcheck-github-actions@0.29.0...0.36.0)

---
updated-dependencies:
- dependency-name: rojopolis/spellcheck-github-actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the npm_and_yarn group group with 15 updates (#20)
80f11f1 
Bumps the npm_and_yarn group group with 15 updates:

| Package | From | To |
| --- | --- | --- |
| [gatsby](https://github.com/gatsbyjs/gatsby) | `4.16.0` | `4.25.7` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.18.5` | `7.24.1` |
| [cross-fetch](https://github.com/lquixada/cross-fetch) | `3.1.4` | `3.1.5` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.1` | `1.15.6` |
| [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `3.7.3` | `4.3.0` |
| [got](https://github.com/sindresorhus/got) | `9.6.0` | `11.8.6` |
| [gatsby](https://github.com/gatsbyjs/gatsby) | `4.25.7` | `5.13.3` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` |
| [loader-utils](https://github.com/webpack/loader-utils) | `1.4.0` | `2.0.4` |
| [parse-path](https://github.com/IonicaBizau/parse-path) | `4.0.4` | `7.0.0` |
| [parse-url](https://github.com/IonicaBizau/parse-url) | `6.0.0` | `8.1.0` |
| [postcss](https://github.com/postcss/postcss) | `8.4.14` | `8.4.38` |
| [sharp](https://github.com/lovell/sharp) | `0.30.6` | `0.32.6` |
| [socket.io-parser](https://github.com/socketio/socket.io-parser) | `4.0.4` | `4.2.4` |
| [webpack](https://github.com/webpack/webpack) | `5.73.0` | `5.91.0` |


Updates `gatsby` from 4.16.0 to 4.25.7
- [Release notes](https://github.com/gatsbyjs/gatsby/releases)
- [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gatsbyjs/gatsby/compare/[email protected]@4.25.7)

Updates `@babel/traverse` from 7.18.5 to 7.24.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse)

Updates `cross-fetch` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/lquixada/cross-fetch/releases)
- [Changelog](https://github.com/lquixada/cross-fetch/blob/v4.x/CHANGELOG.md)
- [Commits](lquixada/cross-fetch@v3.1.4...v3.1.5)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `follow-redirects` from 1.15.1 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.6)

Updates `webpack-dev-middleware` from 3.7.3 to 4.3.0
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/master/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v3.7.3...v4.3.0)

Updates `got` from 9.6.0 to 11.8.6
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v9.6.0...v11.8.6)

Updates `gatsby` from 4.25.7 to 5.13.3
- [Release notes](https://github.com/gatsbyjs/gatsby/releases)
- [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gatsbyjs/gatsby/compare/[email protected]@4.25.7)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

Updates `loader-utils` from 1.4.0 to 2.0.4
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v2.0.4)

Updates `parse-path` from 4.0.4 to 7.0.0
- [Release notes](https://github.com/IonicaBizau/parse-path/releases)
- [Commits](IonicaBizau/parse-path@4.0.4...7.0.0)

Updates `parse-url` from 6.0.0 to 8.1.0
- [Release notes](https://github.com/IonicaBizau/parse-url/releases)
- [Commits](IonicaBizau/parse-url@6.0.0...8.1.0)

Updates `postcss` from 8.4.14 to 8.4.38
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.14...8.4.38)

Updates `sharp` from 0.30.6 to 0.32.6
- [Release notes](https://github.com/lovell/sharp/releases)
- [Changelog](https://github.com/lovell/sharp/blob/main/docs/changelog.md)
- [Commits](lovell/sharp@v0.30.6...v0.32.6)

Updates `socket.io-parser` from 4.0.4 to 4.2.4
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io-parser@4.0.4...4.2.4)

Updates `webpack` from 5.73.0 to 5.91.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.73.0...v5.91.0)

---
updated-dependencies:
- dependency-name: gatsby
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: cross-fetch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: got
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: gatsby
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: loader-utils
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: parse-path
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: parse-url
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: sharp
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: socket.io-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: webpack
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump gh-pages from 4.0.0 to 6.1.1 (#16)
3a6d989 
Bumps [gh-pages](https://github.com/tschaub/gh-pages) from 4.0.0 to 6.1.1.
- [Release notes](https://github.com/tschaub/gh-pages/releases)
- [Changelog](https://github.com/tschaub/gh-pages/blob/main/changelog.md)
- [Commits](tschaub/gh-pages@v4.0.0...v6.1.1)

---
updated-dependencies:
- dependency-name: gh-pages
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the npm_and_yarn group group with 1 update
faa6750 
Bumps the npm_and_yarn group group with 1 update: [cross-fetch](https://github.com/lquixada/cross-fetch).


Updates `cross-fetch` from 3.1.5 to 3.1.8
- [Release notes](https://github.com/lquixada/cross-fetch/releases)
- [Changelog](https://github.com/lquixada/cross-fetch/blob/v3.1.8/CHANGELOG.md)
- [Commits](lquixada/cross-fetch@v3.1.5...v3.1.8)

---
updated-dependencies:
- dependency-name: cross-fetch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 24, 2024
@wmitsuda wmitsuda force-pushed the main branch 2 times, most recently from dad2768 to ab18e7e Compare March 25, 2024 00:45
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Mar 25, 2024

Looks like cross-fetch is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Mar 25, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-8eacf28b03 branch March 25, 2024 01:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wmitsuda