Skip to content

Bump the npm_and_yarn group with 2 updates #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group with 2 updates #13

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 4, 2024
edited
Loading

Bumps the npm_and_yarn group with 2 updates: browser-sync and socket.io-parser.

Updates browser-sync from 2.26.3 to 2.29.3

Release notes

Sourced from browser-sync's releases.

The one that fixes snippetOptions

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.2...v2.29.3

v2.29.1

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.0...v2.29.1

The one that restores IE11 support 💪

What's Changed

esbuild does not support down-level transpiling as far as IE11 - so when I switched to it, it accidentally broke IE11 support 😢

This is an important issue for me - many devs that support old browsers like IE11 are doing so because their projects are used in public services, or internal applications. Not every developer out there has the luxury of supporting evergreen-only browsers.

So, IE11 will work once again 🎉. Please use the issues thread to make me aware of any problem that's preventing you from using Browsersync in your day job 💪 (and be sure to thumbs-up the issues you want to see resolved)

# IE11 works, again
npm install browser-sync@latest

Full Changelog: BrowserSync/browser-sync@v2.28.3...v2.29.0

the one that finally removes document.write

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.27.12...v2.28.0

2.27.9

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: BrowserSync/browser-sync@v2.27.8...v2.27.9

... (truncated)

Commits

Updates socket.io-parser from 3.2.0 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

  • ensure reserved events cannot be used as event names (d9db473)
  • properly detect plain objects (b0e6400)

Links

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

  • check the format of the event name (3b78117)

Links

4.2.2

Bug Fixes

  • calling destroy() should clear all internal state (22c42e3)
  • do not modify the input packet upon encoding (ae8dd88)

Links

4.2.1

Bug Fixes

  • check the format of the index of each attachment (b5d0cb7)

Links

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.2.4 (2023-05-31)

Bug Fixes

  • ensure reserved events cannot be used as event names (d9db473)
  • properly detect plain objects (b0e6400)

3.4.3 (2023-05-22)

Bug Fixes

  • check the format of the event name (2dc3c92)

4.2.3 (2023-05-22)

Bug Fixes

  • check the format of the event name (3b78117)

4.2.2 (2023-01-19)

Bug Fixes

  • calling destroy() should clear all internal state (22c42e3)
  • do not modify the input packet upon encoding (ae8dd88)

3.3.3 (2022-11-09)

Bug Fixes

  • check the format of the index of each attachment (fb21e42)

3.4.2 (2022-11-09)

... (truncated)

Commits
  • 164ba2a chore(release): 4.2.4
  • b0e6400 fix: properly detect plain objects
  • d9db473 fix: ensure reserved events cannot be used as event names
  • 6a5a004 docs(changelog): include changelog for release 3.4.3
  • b6c824f chore(release): 4.2.3
  • dcc70d9 refactor: export typescript declarations for the commonjs build
  • 3b78117 fix: check the format of the event name
  • 0841bd5 chore: bump ua-parser-js from 1.0.32 to 1.0.33 (#121)
  • 28dd668 chore(release): 4.2.2
  • 22c42e3 fix: calling destroy() should clear all internal state
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group with 2 updates
433029e 
Bumps the npm_and_yarn group with 2 updates: [browser-sync](https://github.com/BrowserSync/browser-sync) and [socket.io-parser](https://github.com/socketio/socket.io-parser).


Updates `browser-sync` from 2.26.3 to 2.29.3
- [Release notes](https://github.com/BrowserSync/browser-sync/releases)
- [Changelog](https://github.com/BrowserSync/browser-sync/blob/master/CHANGELOG.md)
- [Commits](BrowserSync/browser-sync@v2.26.3...v2.29.3)

Updates `socket.io-parser` from 3.2.0 to 4.2.4
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io-parser@3.2.0...4.2.4)

---
updated-dependencies:
- dependency-name: browser-sync
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: socket.io-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 4, 2024
@dependabot dependabot bot mentioned this pull request Apr 4, 2024
Closed
@w8r
Copy link
Collaborator

w8r commented Apr 5, 2024

@dependabot rebase

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@w8r