Skip to content

Bump the npm_and_yarn group across 1 directory with 7 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 7 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 27, 2025

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package From To
deap 1.0.0 1.0.1
fsevents 1.0.15 1.2.13
handlebars 4.0.6 4.7.8
ini 1.3.4 1.3.8
stringstream 0.0.5 0.0.6
urijs 1.18.4 1.19.11
y18n 3.2.1 3.2.2

Updates deap from 1.0.0 to 1.0.1

Commits
Maintainer changes

This version was pushed to npm by prestaul, a new releaser for deap since your current version.


Updates fsevents from 1.0.15 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

  • Added node v10 for pre-built binaries
  • C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

  • BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
    • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
  • Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
  • Compatibility updates for nan v2.9.0

v1.1.3

  • Added node v9 for pre-built binaries
  • Fixed bug related to using --no-bin-links option on install
  • Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

  • Added Node.js v8 to the prebuild binary assets.
  • Stopped prebuilding for io.js (can still be built locally)
  • Updated node-pre-gyp to latest version (0.6.36)

v1.1.1

... (truncated)

Commits

Updates handlebars from 4.0.6 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits
  • 8dc3d25 v4.7.8
  • 668c4fb Fix browser tests in CI pipeline
  • c65c6cc Test on Node 18
  • 3d3796c Make library compatible with workers
  • 075b354 Fix sync issue with npm lock-file
  • 30dbf04 Fix compiling of each block params in strict mode
  • e3a5448 Fix bundler issue with webpack 5
  • 8e23642 Fix integration-tests issue with npm >= 7
  • 88ac068 use https instead of git for mustache submodule
  • c68bc08 Fix typo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates ini from 1.3.4 to 1.3.8

Commits
  • a2c5da8 1.3.8
  • af5c6bb Do not use Object.create(null)
  • 8b648a1 don't test where our devdeps don't even work
  • c74c8af 1.3.7
  • 024b8b5 update deps, add linting
  • 032fbaf Use Object.create(null) to avoid default object property hazards
  • 2da9039 1.3.6
  • cfea636 better git push script, before publish instead of after
  • 56d2805 do not allow invalid hazardous string as section name
  • 738eca5 v1.3.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.


Updates stringstream from 0.0.5 to 0.0.6

Commits

Updates urijs from 1.18.4 to 1.19.11

Release notes

Sourced from urijs's releases.

1.19.11 (April 3rd 2022)

1.19.10 (March 5th 2022)

1.19.9 (March 3rd 2022)

1.19.8 (February 15th 2022)

1.19.7 (July 14th 2021)

  • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
  • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

1.19.6 (February 13th 2021)

  • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

1.19.5 (December 30th 2020)

1.19.4 (December 23rd 2020)

1.19.3 (December 20th 2020)

1.19.2 (October 20th 2019)

1.19.1 (February 10th 2018)

1.19.0 (October 1st 2017)

1.18.12 (August 9th 2017)

1.18.11 (August 8th 2017)

... (truncated)

Changelog

Sourced from urijs's changelog.

1.19.11 (April 3rd 2022)

1.19.10 (March 5th 2022)

1.19.9 (March 3rd 2022)

1.19.8 (February 15th 2022)

1.19.7 (July 14th 2021)

  • SECURITY fixing URI.parseQuery() to prevent overwriting __proto__ in parseQuery() - disclosed privately by @​NewEraCracker
  • SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

1.19.6 (February 13th 2021)

  • SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx

1.19.5 (December 30th 2020)

1.19.4 (December 23rd 2020)

1.19.3 (December 20th 2020)

1.19.2 (October 20th 2019)

1.19.1 (February 10th 2018)

... (truncated)

Commits
  • b655c1b chore(build): bumping to version 1.19.11
  • b0c9796 fix(parse): handle CR,LF,TAB
  • 88805fd fix(parse): handle excessive slashes in scheme-relative URLs
  • 926b2aa chore(build): bumping to version 1.19.10
  • a8166fe fix(parse): handle excessive colons in scheme delimiter
  • 01920b5 chore(build): bumping to version 1.19.9
  • 86d1052 fix(parse): remove leading whitespace
  • efae1e5 chore(build): bumping to version 1.19.8
  • 6ea641c fix(parse): case insensitive scheme - #412
  • 19e54c7 chore(build): bumping to version 1.19.7
  • Additional commits viewable in compare view

Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

  • release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

  • security: ensure entry exists for backport (#120) (b22c0df)
Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 7 updates
bf48d8b 
Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [deap](https://github.com/selfcontained/deap) | `1.0.0` | `1.0.1` |
| [fsevents](https://github.com/fsevents/fsevents) | `1.0.15` | `1.2.13` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.6` | `4.7.8` |
| [ini](https://github.com/npm/ini) | `1.3.4` | `1.3.8` |
| [stringstream](https://github.com/mhart/StringStream) | `0.0.5` | `0.0.6` |
| [urijs](https://github.com/medialize/URI.js) | `1.18.4` | `1.19.11` |
| [y18n](https://github.com/yargs/y18n) | `3.2.1` | `3.2.2` |



Updates `deap` from 1.0.0 to 1.0.1
- [Commits](https://github.com/selfcontained/deap/commits)

Updates `fsevents` from 1.0.15 to 1.2.13
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.0.15...v1.2.13)

Updates `handlebars` from 4.0.6 to 4.7.8
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.0.6...v4.7.8)

Updates `ini` from 1.3.4 to 1.3.8
- [Release notes](https://github.com/npm/ini/releases)
- [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md)
- [Commits](npm/ini@v1.3.4...v1.3.8)

Updates `stringstream` from 0.0.5 to 0.0.6
- [Commits](mhart/StringStream@v0.0.5...v0.0.6)

Updates `urijs` from 1.18.4 to 1.19.11
- [Release notes](https://github.com/medialize/URI.js/releases)
- [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md)
- [Commits](medialize/URI.js@v1.18.4...v1.19.11)

Updates `y18n` from 3.2.1 to 3.2.2
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

---
updated-dependencies:
- dependency-name: deap
  dependency-version: 1.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fsevents
  dependency-version: 1.2.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-version: 4.7.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ini
  dependency-version: 1.3.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: stringstream
  dependency-version: 0.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: urijs
  dependency-version: 1.19.11
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: y18n
  dependency-version: 3.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant