Skip to content
This repository has been archived by the owner on Jun 7, 2023. It is now read-only.

Upgrade: Bump moment and handsontable #1364

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Upgrade: Bump moment and handsontable #1364

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 9, 2022
edited
Loading

Bumps moment and handsontable. These dependencies needed to be updated together.
Updates moment from 2.20.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits

Updates handsontable from 7.2.2 to 12.1.2

Release notes

Sourced from handsontable's releases.

12.1.2

For more information on this release, see:

Changed

  • Changed the version of the Moment.js dependency from 2.29.3 to 2.29.4, in reaction to a recently-found Moment.js security vulnerability. The vulnerability did not affect a correct configuration of Handsontable. #9638
  • Vue: Freezed the version of the Vue framework that is used in our build chain to ~2.6. This shouldn't affect apps that use Vue 2.7+. #9624

12.1.1

For more information on this release, see:

Fixed

  • Angular: Fixed an issue where the installation of @handsontable/angular package failed for versions of Angular other than 9 #9622

12.1.0

For more information on this release, see:

Added

  • Added smoother row and column moving when some row or columns are hidden. #7613
  • Added getNearestNotHiddenIndex(), a new method that finds the visual index of the nearest not-hidden row or column and works even with large numbers of hidden rows or columns. The previous method, getFirstNotHiddenIndex(), still works, but is marked as deprecated. #9064
  • Added a Czech translation. #9343
  • Added a Serbian translation. #9469
  • Added new hooks: beforeColumnFreeze, afterColumnFreeze, beforeColumnUnfreeze, and afterColumnUnfreeze. #9248

Changed

  • Replaced HTML entities appearing in Handsontable's license texts with canonical counterparts. #9487
  • Updated the Pikaday optional dependency to 1.8.2, to let Handsontable work with Parcel 2 without errors. #9410
  • React: Changed the wrapper's lifecycle methods, to let Handsontable work with React 17+ without warnings. #8748
  • Angular: Moved the @angular/core dependency to peer dependencies. #9574

Fixed

  • Fixed an issue where dropdown and autocomplete cell editors rendered incorrectly if the preventOverflow option was set to 'horizontal'. #3828
  • Fixed an issue where frozen rows were getting duplicated. #4454
  • Fixed an issue where comments rendered outside the viewport. #4785
  • Fixed an issue where comments got positioned incorrectly when Handsontable ran within a scrollable element. #6744
  • Fixed an issue that occurred when Handsontable ran within an HTML <form>: pressing Enter inside another form's <input> could open Handsontable's dropdown menu. #9295
  • Fixed an issue where it was impossible to unmerge cells in the RTL layout direction. #9362
  • Fixed an issue where columns wider than the viewport's width and rows higher than the viewport's height didn't render correctly. #9473
  • Fixed an issue where dragging-to-scroll on mobile didn't work properly in the RTL layout direction. #9475
  • Fixed an issue where hiding columns with nested headers caused incorrect column width calculation (for the stretchH: 'all' option). #9496
  • Fixed an issue where ShortcutManager unnecessarily handled keyup events with no key defined. #9562

12.0.1

For more information on this release, see:

... (truncated)

Changelog

Sourced from handsontable's changelog.

[12.1.2] - 2022-07-08

For more information on this release, see:

Changed

  • Changed the version of the Moment.js dependency from 2.29.3 to 2.29.4, in reaction to a recently-found Moment.js security vulnerability. The vulnerability did not affect a correct configuration of Handsontable. #9638
  • Vue: Freezed the version of the Vue framework that is used in our build chain to ~2.6. This shouldn't affect apps that use Vue 2.7+. #9624

[12.1.1] - 2022-07-05

For more information on this release, see:

Fixed

  • Angular: Fixed an issue where the installation of @handsontable/angular package failed for versions of Angular other than 9 #9622

[12.1.0] - 2022-06-28

For more information on this release, see:

Added

  • Added smoother row and column moving when some row or columns are hidden. #7613
  • Added getNearestNotHiddenIndex(), a new method that finds the visual index of the nearest not-hidden row or column and works even with large numbers of hidden rows or columns. The previous method, getFirstNotHiddenIndex(), still works, but is marked as deprecated. #9064
  • Added a Czech translation. #9343
  • Added a Serbian translation. #9469
  • Added new hooks: beforeColumnFreeze, afterColumnFreeze, beforeColumnUnfreeze, and afterColumnUnfreeze. #9248

Changed

  • Replaced HTML entities appearing in Handsontable's license texts with canonical counterparts. #9487
  • Updated the Pikaday optional dependency to 1.8.2, to let Handsontable work with Parcel 2 without errors. #9410
  • React: Changed the wrapper's lifecycle methods, to let Handsontable work with React 17+ without warnings. #8748
  • Angular: Moved the @angular/core dependency to peer dependencies. #9574

Fixed

  • Fixed an issue where dropdown and autocomplete cell editors rendered incorrectly if the preventOverflow option was set to 'horizontal'. #3828
  • Fixed an issue where frozen rows were getting duplicated. #4454
  • Fixed an issue where comments rendered outside the viewport. #4785
  • Fixed an issue where comments got positioned incorrectly when Handsontable ran within a scrollable element. #6744
  • Fixed an issue that occurred when Handsontable ran within an HTML <form>: pressing Enter inside another form's <input> could open Handsontable's dropdown menu. #9295
  • Fixed an issue where it was impossible to unmerge cells in the RTL layout direction. #9362
  • Fixed an issue where columns wider than the viewport's width and rows higher than the viewport's height didn't render correctly. #9473
  • Fixed an issue where dragging-to-scroll on mobile didn't work properly in the RTL layout direction. #9475
  • Fixed an issue where hiding columns with nested headers caused incorrect column width calculation (for the stretchH: 'all' option). #9496
  • Fixed an issue where ShortcutManager unnecessarily handled keyup events with no key defined. #9562

[12.0.1] - 2022-05-16

... (truncated)

Commits
  • 7fa1857 Merge branch 'release/12.1.2'
  • 264d5df Docs: Adding 12.1.2 docs (#9642)
  • 200cca2 Revert the change that had blocked the code freeze
  • 4933bb1 12.1.2
  • 4f3866e Fix freeze script
  • 24ae7fb Add ability to create freeze and release in the same day
  • e7e7c41 Security upgrade moment from 2.29.3 to 2.29.4 (#9637)
  • e0fabdb create a link from custom editor/renderer page to hot-column page (#9633) (#9...
  • a1d3a36 Freeze the Vue dev dependency to ~2.6 (#9629)
  • a5a0d2a Merge branch 'release/12.1.1' into develop
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 9, 2022
@dependabot dependabot bot mentioned this pull request Sep 9, 2022
Closed
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/moment-and-handsontable-2.29.4 branch from 83b118c to 9a1174d Compare September 16, 2022 15:35
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/moment-and-handsontable-2.29.4 branch from 9a1174d to 395de2b Compare January 26, 2023 00:41
@dependabot
Upgrade: Bump moment and handsontable
a55a96a 
Bumps [moment](https://github.com/moment/moment) and [handsontable](https://github.com/handsontable/handsontable). These dependencies needed to be updated together.

Updates `moment` from 2.20.1 to 2.29.4
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.20.1...2.29.4)

Updates `handsontable` from 7.2.2 to 12.1.2
- [Release notes](https://github.com/handsontable/handsontable/releases)
- [Changelog](https://github.com/handsontable/handsontable/blob/develop/CHANGELOG.md)
- [Commits](handsontable/handsontable@7.2.2...12.1.2)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: indirect
- dependency-name: handsontable
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/moment-and-handsontable-2.29.4 branch from 395de2b to a55a96a Compare February 17, 2023 14:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants