Bump the npm_and_yarn group across 6 directories with 10 updates #11

dependabot · 2024-06-11T02:02:14Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
ejs	`3.1.9`	`3.1.10`
follow-redirects	`1.15.2`	`1.15.6`
protobufjs	`7.2.4`	`7.3.0`
tar	`6.1.11`	`6.2.1`
lerna	`7.1.4`	`8.1.3`

Bumps the npm_and_yarn group with 5 updates in the /dapp-example directory:

Package	From	To
ejs	`3.1.8`	`3.1.10`
follow-redirects	`1.15.2`	`1.15.6`
protobufjs	`7.2.3`	`7.3.0`
express	`4.18.2`	`4.19.2`
webpack-dev-middleware	`5.3.3`	`5.3.4`

Bumps the npm_and_yarn group with 3 updates in the /tools/hardhat-example directory: follow-redirects, protobufjs and undici.
Bumps the npm_and_yarn group with 6 updates in the /tools/subgraph-example directory:

Package	From	To
ejs	`2.7.4`	`3.1.10`
@graphprotocol/graph-cli	`0.37.1`	`0.73.0`
follow-redirects	`1.15.2`	`1.15.6`
protobufjs	`7.2.4`	`7.3.0`
tar	`6.1.13`	`6.2.1`
undici	`5.20.0`	`5.28.4`

Bumps the npm_and_yarn group with 2 updates in the /tools/truffle-example directory: follow-redirects and express.
Bumps the npm_and_yarn group with 2 updates in the /tools/web3js-example directory: tar and web3.

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates protobufjs from 7.2.4 to 7.3.0

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

add handling for extension range options (#1990) (2d58011)

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

crash in comment parsing (#1890) (eaf9f0a)

deprecation warning for new Buffer (#1905) (e93286e)

possible infinite loop when parsing option (#1923) (f2a8620)

Changelog

Sourced from protobufjs's changelog.

7.3.0 (2024-05-10)

Features

add handling for extension range options (#1990) (2d58011)

7.2.6 (2024-01-16)

Bug Fixes

report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

crash in comment parsing (#1890) (eaf9f0a)

deprecation warning for new Buffer (#1905) (e93286e)

possible infinite loop when parsing option (#1923) (f2a8620)

Commits

722b635 chore: release master (#1991)
2d58011 feat: add handling for extension range options (#1990)
2f846fe chore: release master (#1962)
af3ff83 fix: report missing import properly in loadSync (#1960)
4436cc7 chore: release master (#1925)
e93286e fix: deprecation warning for new Buffer (#1905)
eaf9f0a fix: crash in comment parsing (#1890)
f2a8620 fix: possible infinite loop when parsing option (#1923)
See full diff in compare view

Updates tar from 6.1.11 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

57493ee #332 ensuring close event is emited after stream has ended (@webark)

b003c64 #314 replace deprecated String.prototype.substr() (#314) (@CommanderRoot, @lukekarrys)

Documentation

f129929 #313 remove dead link to benchmarks (#313) (@yetzt)

c1faa9f add examples/explanation of using tar.t (@isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.2

DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

Update minipass to v7.1.0

Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

Rewrite in TypeScript, provide ESM and CommonJS hybrid interface

Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.

Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.

Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

Add support for brotli compression

Add maxDepth option to prevent extraction into excessively deep folders.

6.1

remove dead link to benchmarks (#313) (@yetzt)

add examples/explanation of using tar.t (@isaacs)

ensure close event is emited after stream has ended (@webark)

replace deprecated String.prototype.substr() (@CommanderRoot, @lukekarrys)

6.0

Drop support for node 6 and 8

fix symlinks and hardlinks on windows being packed with \-style path targets

... (truncated)

Commits

bef7b1e 6.2.1
fe8cd57 prevent extraction in excessively deep subfolders
fe7ebfd remove security.md
5bc9d40 6.2.0
fe1ef5e changelog 6.2
e483220 get rid of npm lint stuff
689928a ci that works outside of npm org
db6f539 file inference improvements for .tbr and .tgz
336fa8f refactor: dry and other pr comments
eeba222 chore: lint fixes
Additional commits viewable in compare view

Updates lerna from 7.1.4 to 8.1.3

Release notes

Sourced from lerna's releases.

v8.1.3

8.1.3 (2024-05-13)

Bug Fixes

deps: bump tar from 6.1.11 to 6.2.1 (#3990) (3fe0cf0)

list: flush output before exiting (#3971) (6426da8)

update to nx 19 (#4003) (03f476b)

version: create release when using custom tag-version-separator (#3979) (cbe01ba)

v8.1.2

8.1.2 (2024-02-05)

Bug Fixes

improve git binary error (#3945) (7637972)

v8.1.1

8.1.1 (2024-02-05)

Bug Fixes

list: explicitly exit upon completion (bafe090)

v8.1.0

8.1.0 (2024-02-05)

Features

support nx v18 (#3950) (ea3fb65)

version: custom tag-version-separator for independent projects (#3951) (43de79c)

v8.0.2

8.0.2 (2024-01-05)

Bug Fixes

add-caching: explicitly set targetDefaults for all scripts (#3929) (dae18c9)

v8.0.1

8.0.1 (2023-12-15)

Bug Fixes

... (truncated)

Changelog

Sourced from lerna's changelog.

8.1.3 (2024-05-13)

Bug Fixes

deps: bump tar from 6.1.11 to 6.2.1 (#3990) (3fe0cf0)

update to nx 19 (#4003) (03f476b)

8.1.2 (2024-02-05)

Note: Version bump only for package lerna

8.1.1 (2024-02-05)

Note: Version bump only for package lerna

8.1.0 (2024-02-05)

Features

support nx v18 (#3950) (ea3fb65)

8.0.2 (2024-01-05)

Bug Fixes

add-caching: explicitly set targetDefaults for all scripts (#3929) (dae18c9)

8.0.1 (2023-12-15)

Bug Fixes

update node-gyp usage to v10 to resolve npm warning (#3919) (f5fdcba)

8.0.0 (2023-11-23)

Features

version: add --premajor-version-bump option to force patch bumps for non-breaking changes in premajor packages (#3876) (3b05947)

8.0.0-alpha.0 (2023-11-22)

Features

version: add --premajor-version-bump option to force patch bumps for non-breaking changes in premajor packages (#3876) (3b05947)

7.4.2 (2023-10-27)

Bug Fixes

version: support changelog-presets using async factory funcs (#3873) (bb5e7d7)

... (truncated)

Commits

059864f chore(misc): publish 8.1.3
03f476b fix: update to nx 19 (#4003)
3fe0cf0 fix(deps): bump tar from 6.1.11 to 6.2.1 (#3990)
bb68e00 chore: update snapshots (#3968)
13c80ae chore: unset GITHUB_ACTIONS environment variable in other node versions workflow
9a4ad5e chore(misc): publish 8.1.2
b2b8b7d chore(misc): publish 8.1.1
8c7316e chore(misc): publish 8.1.0
ea3fb65 feat: support nx v18 (#3950)
bd0b5ce chore: update repo to nx 17.3 (#3944)
Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates protobufjs from 7.2.3 to 7.3.0

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

add handling for extension range options (#1990) (2d58011)

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

crash in comment parsing (#1890) (eaf9f0a)

deprecation warning for new Buffer (#1905) (e93286e)

possible infinite loop when parsing option (#1923) (f2a8620)

Changelog

Sourced from protobufjs's changelog.

7.3.0 (2024-05-10)

Features

add handling for extension range options (#1990) (2d58011)

7.2.6 (2024-01-16)

Bug Fixes

report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

crash in comment parsing (#1890) (eaf9f0a)

deprecation warning for new Buffer (#1905) (e93286e)

possible infinite loop when parsing option (#1923) (f2a8620)

Commits

722b635 chore: release master (#1991)
2d58011 feat: add handling for extension range options (#1990)
2f846fe chore: release master (#1962)
af3ff83 fix: report missing import properly in loadSync (#1960)
4436cc7 chore: release master (#1925)
e93286e fix: deprecation warning for new Buffer (#1905)
eaf9f0a fix: crash in comment parsing (#1890)
f2a8620 fix: possible infinite loop when parsing option (#1923)
See full diff in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

security: do not allow to read files above (#1779) (189c4ac)

Commits

86071ea chore(release): 5.3.4
189c4ac fix(security): do not allow to read files above (#1779)
See full diff in compare view

Updates follow-redirects from 1.15.1 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates protobufjs from 6.11.3 to 6.11.4

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

add handling for extension range options (#1990) (2d58011)

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

crash in comment parsing (#1890) (eaf9f0a)

deprecation warning for new Buffer (#1905) (e93286e)

possible infinite loop when parsing option (#1923) (f2a8620)

Changelog

Sourced from protobufjs's changelog.

7.3.0 (2024-05-10)

Features

add handling for extension range options (#1990) (2d58011)

7.2.6 (2024-01-16)

Bug Fixes

report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

crash in comment parsing (#1890) (eaf9f0a)

deprecation warning for new Buffer (#1905) (e93286e)

possible infinite loop when parsing option (#1923) (f2a8620)

Commits

722b635 chore: release master (#1991)
2d58011 feat: add handling for extension range options (#1990)
2f846fe chore: release master (#1962)
af3ff83 fix: report missing import properly in loadSync (#1960)
4436cc7 chore: release master (#1925)
e93286e fix: deprecation warning for new Buffer (#1905)
eaf9f0a fix: crash in comment parsing (#1890)
f2a8620 fix: possible infinite loop when parsing option (#1923)
See full diff in compare view

Updates undici from 5.19.1 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

New Contributors

@bugb made their first contribution in nodejs/undici#2470

@gebsh made their first contribution in nodejs/undici#2455

@ToshB made their first contribution in nodejs/undici#2477

@MzUgM made their first contribution in nodejs/undici#2478

@matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

perf: Improve normalizeMethod by @tsctx in nodejs/undici#2456

fix: dispatch error handling by @ronag in nodejs/undici#2459

... (truncated)

Commits

fb98306 Bumped v5.28.4
2b39440 Merge pull request from GHSA-9qxr-qj54-h672
64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
0e9d54b skip failing test due to Node.js changes
e71cb4c Bumped v5.28.3
20c65b8 Fix tests for Node.js v20.11.0 (#2618)
8ec52cd Fix tests for Node.js v21 (#2609)
d3aa574 Merge pull request from GHSA-3787-6prv-h9w3

Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.4` | `7.3.0` | | [tar](https://github.com/isaacs/node-tar) | `6.1.11` | `6.2.1` | | [lerna](https://github.com/lerna/lerna/tree/HEAD/packages/lerna) | `7.1.4` | `8.1.3` | Bumps the npm_and_yarn group with 5 updates in the /dapp-example directory: | Package | From | To | | --- | --- | --- | | [ejs](https://github.com/mde/ejs) | `3.1.8` | `3.1.10` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.3` | `7.3.0` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | Bumps the npm_and_yarn group with 3 updates in the /tools/hardhat-example directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [protobufjs](https://github.com/protobufjs/protobuf.js) and [undici](https://github.com/nodejs/undici). Bumps the npm_and_yarn group with 6 updates in the /tools/subgraph-example directory: | Package | From | To | | --- | --- | --- | | [ejs](https://github.com/mde/ejs) | `2.7.4` | `3.1.10` | | @graphprotocol/graph-cli | `0.37.1` | `0.73.0` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.4` | `7.3.0` | | [tar](https://github.com/isaacs/node-tar) | `6.1.13` | `6.2.1` | | [undici](https://github.com/nodejs/undici) | `5.20.0` | `5.28.4` | Bumps the npm_and_yarn group with 2 updates in the /tools/truffle-example directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 2 updates in the /tools/web3js-example directory: [tar](https://github.com/isaacs/node-tar) and [web3](https://github.com/ChainSafe/web3.js). Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `protobufjs` from 7.2.4 to 7.3.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.2.4...protobufjs-v7.3.0) Updates `tar` from 6.1.11 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) Updates `lerna` from 7.1.4 to 8.1.3 - [Release notes](https://github.com/lerna/lerna/releases) - [Changelog](https://github.com/lerna/lerna/blob/main/packages/lerna/CHANGELOG.md) - [Commits](https://github.com/lerna/lerna/commits/v8.1.3/packages/lerna) Updates `ejs` from 3.1.8 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `protobufjs` from 7.2.3 to 7.3.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.2.4...protobufjs-v7.3.0) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `follow-redirects` from 1.15.1 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `protobufjs` from 6.11.3 to 6.11.4 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.2.4...protobufjs-v7.3.0) Updates `undici` from 5.19.1 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.19.1...v5.28.4) Updates `ejs` from 2.7.4 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `@graphprotocol/graph-cli` from 0.37.1 to 0.73.0 Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `protobufjs` from 7.2.4 to 7.3.0 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.2.4...protobufjs-v7.3.0) Updates `tar` from 6.1.13 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.11...v6.2.1) Updates `undici` from 5.20.0 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.19.1...v5.28.4) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Removes `tar` Updates `web3` from 1.10.0 to 4.9.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](web3/web3.js@v1.10.0...v4.9.0) --- updated-dependencies: - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lerna dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@graphprotocol/graph-cli" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protobufjs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: web3 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

openzeppelin-code · 2024-06-11T02:08:21Z

Bump the npm_and_yarn group across 6 directories with 10 updates

Generated at commit: 68b3188b6945fd01ca1cbc8cba4a30aa8bdab41f

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	2 1 0 13 29 45
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

For more details view the full report in OpenZeppelin Code Inspector

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 11, 2024

This was referenced Jun 11, 2024

Bump follow-redirects from 1.15.1 to 1.15.6 in /tools/hardhat-example #1

Closed

Bump the npm_and_yarn group across 5 directories with 2 updates #3

Closed

Bump the npm_and_yarn group across 6 directories with 9 updates #10

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 6 directories with 10 updates #11

Bump the npm_and_yarn group across 6 directories with 10 updates #11

dependabot bot commented on behalf of github Jun 11, 2024

openzeppelin-code bot commented Jun 11, 2024

Bump the npm_and_yarn group across 6 directories with 10 updates #11

Are you sure you want to change the base?

Bump the npm_and_yarn group across 6 directories with 10 updates #11

Conversation

dependabot bot commented on behalf of github Jun 11, 2024

v3.1.10

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

7.3.0 (2024-05-10)

Features

7.2.6 (2024-01-16)

Bug Fixes

7.2.5 (2023-08-21)

Bug Fixes

v6.1.13

6.1.13 (2022-12-07)

Dependencies

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

Documentation

Changelog

7.2

7.1

7.0

6.2

6.1

6.0

v8.1.3

8.1.3 (2024-05-13)

Bug Fixes

v8.1.2

8.1.2 (2024-02-05)

Bug Fixes

v8.1.1

8.1.1 (2024-02-05)

Bug Fixes

v8.1.0

8.1.0 (2024-02-05)

Features

v8.0.2

8.0.2 (2024-01-05)

Bug Fixes

v8.0.1

8.0.1 (2023-12-15)

Bug Fixes

8.1.3 (2024-05-13)

Bug Fixes

8.1.2 (2024-02-05)

8.1.1 (2024-02-05)

8.1.0 (2024-02-05)

Features

8.0.2 (2024-01-05)

Bug Fixes

8.0.1 (2023-12-15)

Bug Fixes

8.0.0 (2023-11-23)

Features

8.0.0-alpha.0 (2023-11-22)

Features

7.4.2 (2023-10-27)

Bug Fixes

v3.1.10

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

7.3.0 (2024-05-10)