Update the deps to fix the vulnerability #236
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [svelte-spa-router](https://github.com/ItalyPaleAle/svelte-spa-router) from 3.3.0 to 4.0.1. - [Release notes](https://github.com/ItalyPaleAle/svelte-spa-router/releases) - [Changelog](https://github.com/ItalyPaleAle/svelte-spa-router/blob/main/CHANGELOG.md) - [Commits](ItalyPaleAle/svelte-spa-router@v3.3.0...v4.0.1) --- updated-dependencies: - dependency-name: svelte-spa-router dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [eslint](https://github.com/eslint/eslint) from 8.56.0 to 8.57.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.56.0...v8.57.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [nanoid](https://github.com/ai/nanoid) from 5.0.4 to 5.0.6. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@5.0.4...5.0.6) --- updated-dependencies: - dependency-name: nanoid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [postcss-load-config](https://github.com/postcss/postcss-load-config) from 4.0.2 to 5.0.3. - [Release notes](https://github.com/postcss/postcss-load-config/releases) - [Changelog](https://github.com/postcss/postcss-load-config/blob/main/CHANGELOG.md) - [Commits](postcss/postcss-load-config@v4.0.2...v5.0.3) --- updated-dependencies: - dependency-name: postcss-load-config dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [prettier-plugin-svelte](https://github.com/sveltejs/prettier-plugin-svelte) from 3.1.2 to 3.2.2. - [Changelog](https://github.com/sveltejs/prettier-plugin-svelte/blob/master/CHANGELOG.md) - [Commits](sveltejs/prettier-plugin-svelte@v3.1.2...v3.2.2) --- updated-dependencies: - dependency-name: prettier-plugin-svelte dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [lint-staged](https://github.com/okonet/lint-staged) from 15.2.0 to 15.2.2. - [Release notes](https://github.com/okonet/lint-staged/releases) - [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md) - [Commits](lint-staged/lint-staged@v15.2.0...v15.2.2) --- updated-dependencies: - dependency-name: lint-staged dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) from 4.2.8 to 4.2.12. - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/[email protected]/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) --- updated-dependencies: - dependency-name: svelte dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [prettier](https://github.com/prettier/prettier) from 3.1.1 to 3.2.5. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.1.1...3.2.5) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [husky](https://github.com/typicode/husky) from 8.0.3 to 9.0.11. - [Release notes](https://github.com/typicode/husky/releases) - [Commits](typicode/husky@v8.0.3...v9.0.11) --- updated-dependencies: - dependency-name: husky dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [svelte-check](https://github.com/sveltejs/language-tools) from 3.6.2 to 3.6.8. - [Release notes](https://github.com/sveltejs/language-tools/releases) - [Commits](sveltejs/language-tools@svelte-check-3.6.2...svelte-check-3.6.8) --- updated-dependencies: - dependency-name: svelte-check dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [postcss](https://github.com/postcss/postcss) from 8.4.33 to 8.4.38. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.33...8.4.38) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@tsconfig/svelte](https://github.com/tsconfig/bases/tree/HEAD/bases) from 5.0.2 to 5.0.4. - [Commits](https://github.com/tsconfig/bases/commits/HEAD/bases) --- updated-dependencies: - dependency-name: "@tsconfig/svelte" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.202 to 4.17.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) --- updated-dependencies: - dependency-name: "@types/lodash" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 10.4.16 to 10.4.19. - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@10.4.16...10.4.19) --- updated-dependencies: - dependency-name: autoprefixer dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…ging/autoprefixer-10.4.19 chore(deps-dev): bump autoprefixer from 10.4.16 to 10.4.19
…ging/types/lodash-4.17.0 chore(deps-dev): bump @types/lodash from 4.14.202 to 4.17.0
…ging/tsconfig/svelte-5.0.4 chore(deps-dev): bump @tsconfig/svelte from 5.0.2 to 5.0.4
…ging/postcss-8.4.38 chore(deps-dev): bump postcss from 8.4.33 to 8.4.38
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 6.18.1 to 7.7.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.7.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.1 to 3.4.3. - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/v3.4.3/CHANGELOG.md) - [Commits](tailwindlabs/tailwindcss@v3.4.1...v3.4.3) --- updated-dependencies: - dependency-name: tailwindcss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…ging/typescript-eslint/parser-7.7.0 chore(deps-dev): bump @typescript-eslint/parser from 6.18.1 to 7.7.0
…ging/tailwindcss-3.4.3 chore(deps-dev): bump tailwindcss from 3.4.1 to 3.4.3
…ging/svelte-check-3.6.8 chore(deps-dev): bump svelte-check from 3.6.2 to 3.6.8
…ging/husky-9.0.11 chore(deps-dev): bump husky from 8.0.3 to 9.0.11
…ging/prettier-plugin-svelte-3.2.2 chore(deps-dev): bump prettier-plugin-svelte from 3.1.2 to 3.2.2
…aging/postcss-load-config-5.0.3' into staging # Conflicts: # package-lock.json # package.json
…aging/nanoid-5.0.6' into staging # Conflicts: # package-lock.json
…aging/lint-staged-15.2.2' into staging # Conflicts: # package-lock.json # package.json
…aging/eslint-8.57.0' into staging # Conflicts: # package.json
…aging/prettier-3.2.5' into staging # Conflicts: # package.json
…aging/svelte-4.2.12' into staging # Conflicts: # package.json
…aging/svelte-spa-router-4.0.1' into staging # Conflicts: # package.json
Use MapLibre v4's version of handling custom attributions Use of updated loadImage API
… after ending a previous drag
…ce to check the current interactivity state.
…ng drag-related event listeners
smellyshovel
added
semver:patch
Miguel-Sanches
approved these changes
Aug 5, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Nothing special here.
Tried to update the deps but failed because of mismatching versions of some packages, rollbacked the changes. Instead, only ran "npm audit fix" and committed the changes (this solves one critical vulnerability).