chore(deps): bump the npm_and_yarn group across 5 directories with 4 updates #1428
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
…updates Bumps the npm_and_yarn group with 4 updates in the / directory: [got](https://github.com/sindresorhus/got), [axios](https://github.com/axios/axios), [semver](https://github.com/npm/node-semver) and [zod](https://github.com/colinhacks/zod). Bumps the npm_and_yarn group with 1 update in the /targets/alert-cli directory: [semver](https://github.com/npm/node-semver). Bumps the npm_and_yarn group with 1 update in the /targets/export-elasticsearch directory: [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 1 update in the /targets/frontend directory: [zod](https://github.com/colinhacks/zod). Bumps the npm_and_yarn group with 2 updates in the /targets/ingester directory: [got](https://github.com/sindresorhus/got) and [semver](https://github.com/npm/node-semver). Updates `got` from 11.8.5 to 11.8.6 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v11.8.5...v11.8.6) Updates `axios` from 0.26.1 to 0.28.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.28.0/CHANGELOG.md) - [Commits](axios/axios@v0.26.1...v0.28.0) Updates `semver` from 7.3.5 to 7.5.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.5.2) Updates `zod` from 3.21.4 to 3.22.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Changelog](https://github.com/colinhacks/zod/blob/main/CHANGELOG.md) - [Commits](colinhacks/zod@v3.21.4...v3.22.3) Updates `semver` from 7.3.5 to 7.5.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.5.2) Updates `axios` from 0.26.1 to 1.7.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.28.0/CHANGELOG.md) - [Commits](axios/axios@v0.26.1...v0.28.0) Updates `zod` from 3.21.4 to 3.22.3 - [Release notes](https://github.com/colinhacks/zod/releases) - [Changelog](https://github.com/colinhacks/zod/blob/main/CHANGELOG.md) - [Commits](colinhacks/zod@v3.21.4...v3.22.3) Updates `got` from 11.8.5 to 14.4.1 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v11.8.5...v11.8.6) Updates `semver` from 7.3.5 to 7.5.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.3.5...v7.5.2) --- updated-dependencies: - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: zod dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: zod dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
|
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
Superseded by #1429. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/npm_and_yarn-49a6a279f6
branch
Bumps the npm_and_yarn group with 4 updates in the / directory: got, axios, semver and zod.
Bumps the npm_and_yarn group with 1 update in the /targets/alert-cli directory: semver.
Bumps the npm_and_yarn group with 1 update in the /targets/export-elasticsearch directory: axios.
Bumps the npm_and_yarn group with 1 update in the /targets/frontend directory: zod.
Bumps the npm_and_yarn group with 2 updates in the /targets/ingester directory: got and semver.
Updates
gotfrom 11.8.5 to 11.8.6Release notes
Sourced from got's releases.
Commits
2b1482c11.8.62d1497eDestroy request object after successful response (#2187)Updates
axiosfrom 0.26.1 to 0.28.0Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
3b7635a[Release] v0.28.0 (#6211)27c0076feat(backport): added ability for paramsSerializer to handle function; (#6227)80c3d74chore(ci): backported publish action; (#6224)2755df5fix(security): fixed CVE-2023-45857 by backportingwithXSRFTokenoption to ...880b42edocs: Fix a typo in READMEc4bf0a4Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)1e2679ffix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...80b546cfix: loosing request header (#4858) (#4871)6acb5effeat: brower platform add data protocol. (#4814)bbb2264fix(typing): axios response headers can be undefined (#4813)Updates
semverfrom 7.3.5 to 7.5.2Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
e7b78dechore: release 7.5.258c791ffix: diff when detecting major change from prerelease (#566)5c8efbcfix: preserve build in raw after inc (#565)717534efix: better handling of whitespace (#564)2f738e9chore: bump@npmcli/template-ossfrom 4.14.1 to 4.15.1 (#558)aa016a6chore: release 7.5.1d30d25afix: show type on invalid semver error (#559)09c69e2chore: bump@npmcli/template-ossfrom 4.13.0 to 4.14.1 (#555)5b02ad7chore: release 7.5.0e219bb4fix: throw on bad version with correct error message (#552)Maintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Updates
zodfrom 3.21.4 to 3.22.3Release notes
Sourced from zod's releases.
... (truncated)
Commits
1e61d763.22.32ba00fe[2609] fix ReDoS vulnerability in email regex (#2824)ae0f7a2docs: update ref to discriminated-unions docs (#2485)ad2ee9c2718 Updated Custom Schemas documentation example to use type narrowing (#2778)28c1927Update sponsors18115a8Formatting64dcc8eUpdate sponsorsf59be09clarify datetime ISO 8601 (#2673)9bd3879docs: remove obsolete text about readonly types (#2676)1e23990CommitUpdates
semverfrom 7.3.5 to 7.5.2Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
e7b78dechore: release 7.5.258c791ffix: diff when detecting major change from prerelease (#566)5c8efbcfix: preserve build in raw after inc (#565)717534efix: better handling of whitespace (#564)2f738e9chore: bump@npmcli/template-ossfrom 4.14.1 to 4.15.1 (#558)aa016a6chore: release 7.5.1d30d25afix: show type on invalid semver error (#559)09c69e2chore: bump@npmcli/template-ossfrom 4.13.0 to 4.14.1 (#555)5b02ad7chore: release 7.5.0e219bb4fix: throw on bad version with correct error message (#552)Maintainer changes
This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.
Updates
axiosfrom 0.26.1 to 1.7.2Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.