Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group with 3 updates #451

Open
wants to merge 1 commit into
base: source
Choose a base branch
from
Open

Bump the npm_and_yarn group with 3 updates #451

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 26, 2024
edited
Loading

Bumps the npm_and_yarn group with 3 updates: pdfjs-dist, braces and micromatch.

Updates pdfjs-dist from 4.0.379 to 4.2.67

Release notes

Sourced from pdfjs-dist's releases.

v4.2.67

This release includes a new JPX decoder, based on OpenJPEG, which improves JPX image rendering performance and correctness. Moreover, this release contains improvements for the annotation editor, font conversion and the viewer.

Note that text selection boxes for some PDF files may overlap visually. This is a known issue that we currently track in mozilla/pdf.js#17561.

Changes since v4.1.392

v4.1.392

This release features improvements, bugfixes and optimizations for accessibility, annotation rendering, annotation editing, font rendering, form handling, image rendering, text selection and the viewer.

... (truncated)

Commits
  • 49b3881 Merge pull request #18001 from Snuffleupagus/api-pageRefCache
  • 150964d Remove unnecessary check from PDFLinkService.goToDestination (PR 17984 foll...
  • f6cd039 [api-minor] Move the page reference/number caching into the API
  • fa69d9a Inline the helper method in PDFLinkService.goToDestination
  • 3052e99 Merge pull request #18013 from Snuffleupagus/SimpleLinkService-extends-PDFLin...
  • 2b2ade7 Merge pull request #18018 from Snuffleupagus/CompiledFont-tweak-caching
  • 627fe2d Merge pull request #18017 from Snuffleupagus/validate-widths
  • 85ff8f3 Reduce code-duplication when caching data in CompiledFont.getPathJs
  • d411a07 Add more validation of width-data
  • 234067e Merge pull request #18014 from Snuffleupagus/validate-font-properties
  • Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

Updates micromatch from 4.0.5 to 4.0.8

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 26, 2024
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-7f8acd4046 branch 3 times, most recently from 5f70d36 to e15cf0f Compare August 30, 2024 12:40
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-7f8acd4046 branch 3 times, most recently from 02d0da8 to c521bc9 Compare September 10, 2024 12:19
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-7f8acd4046 branch 4 times, most recently from b07c431 to f57409b Compare September 17, 2024 12:16
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-7f8acd4046 branch 3 times, most recently from 362bff4 to 0ef6566 Compare September 24, 2024 12:21
@dependabot
Bump the npm_and_yarn group with 3 updates
af1ab24 
Bumps the npm_and_yarn group with 3 updates: [pdfjs-dist](https://github.com/mozilla/pdf.js), [braces](https://github.com/micromatch/braces) and [micromatch](https://github.com/micromatch/micromatch).


Updates `pdfjs-dist` from 4.0.379 to 4.2.67
- [Release notes](https://github.com/mozilla/pdf.js/releases)
- [Commits](mozilla/pdf.js@v4.0.379...v4.2.67)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/4.0.8/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: pdfjs-dist
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-7f8acd4046 branch from 0ef6566 to af1ab24 Compare September 25, 2024 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants