Skip to content

Bump the npm_and_yarn group across 1 directory with 5 updates#9

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-96de2a4242
Open

Bump the npm_and_yarn group across 1 directory with 5 updates#9
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm_and_yarn-96de2a4242

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2024

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
electron-updater 4.2.0 6.2.1
handlebars 4.7.0 4.7.7
marked 0.8.0 4.0.10
electron 7.1.8 22.3.25
xmldom 0.2.1 0.6.0

Updates electron-updater from 4.2.0 to 6.2.1

Release notes

Sourced from electron-updater's releases.

electron-updater@6.2.1

Patch Changes

electron-updater@6.2.0

Minor Changes

electron-updater@6.1.9

Patch Changes

electron-updater@6.1.8

Patch Changes

electron-updater@6.1.7

Patch Changes

electron-updater@6.1.6

Patch Changes

  • Updated dependencies [549d07b0]:
    • builder-util-runtime@9.2.2

electron-updater@6.1.5

Patch Changes

  • #7767 21f3069c Thanks @​jackple! - fix: When error code is ENOENT, try to use electron.shell.openPath to run installer on Windows

electron-updater@6.1.4

Patch Changes

electron-updater@6.1.3

Patch Changes

... (truncated)

Changelog

Sourced from electron-updater's changelog.

6.2.1

Patch Changes

6.2.0

Minor Changes

6.1.9

Patch Changes

6.1.8

Patch Changes

6.1.7

Patch Changes

6.1.6

Patch Changes

  • Updated dependencies [549d07b0]:
    • builder-util-runtime@9.2.2

6.1.5

Patch Changes

  • #7767 21f3069c Thanks @​jackple! - fix: When error code is ENOENT, try to use electron.shell.openPath to run installer on Windows

6.1.4

... (truncated)

Commits
  • 62d1991 chore(deploy): Release (electron-updater@6.2.1) (#8092)
  • e2a181d fix(mac): revert mac differential autoupdate (#8091)
  • cb335ec chore(deploy): Release v24.13.3 (electron-updater@6.2.0) (#8084)
  • 79df542 feat: add support for differential zip updates on macOS (#7709)
  • 8965608 chore(deploy): Release v24.13.1 (electron-updater@6.1.9) (#8056)
  • ccbb80d chore: upgrading connected dependencies (typescript 5.3.3 requires higher esl...
  • 48603ba fix: auto-update powershell script requires reset of PSModulePath (#8051)
  • fc13810 chore(deploy): Release v24.11.0 (electron-updater@6.1.8) (#7954)
  • 03c9451 feat(nsis): add option to disable differential download (#7950)
  • 061d729 chore(docs): exporting more things to API docs (#7898)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by onegoldfishh, a new releaser for electron-updater since your current version.


Updates handlebars from 4.7.0 to 4.7.7

Changelog

Sourced from handlebars's changelog.

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

  • Node.js < v6 is no longer supported Reverted in 4.7.6

Commits

v4.7.4 - April 1st, 2020

Chore/Housekeeping:

Compatibility notes:

... (truncated)

Commits

Updates marked from 0.8.0 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

  • security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

  • table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits

Updates electron from 7.1.8 to 22.3.25

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

  • API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
  • Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
  • Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
  • Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
  • Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (32.0)

Removed: File.path

The nonstandard path property of the Web File object was added in an early version of Electron as a convenience method for working with native files when doing everything in the renderer was more common. However, it represents a deviation from the standard and poses a minor security risk as well, so beginning in Electron 32.0 it has been removed in favor of the webUtils.getPathForFile method.

// Before (renderer)
const file = document.querySelector('input[type=file]')
alert(Uploaded file path was: ${file.path})

// After (renderer)
const file = document.querySelector('input[type=file]')
electron.showFilePath(file)
// (preload)
const { contextBridge, webUtils } = require('electron')
contextBridge.exposeInMainWorld('electron', {
showFilePath (file) {
// It's best not to expose the full file path to the web content if
// possible.
const path = webUtils.getPathForFile(file)
alert(Uploaded file path was: ${path})
}
})

Deprecated: clearHistory, canGoBack, goBack, canGoForward, goForward, canGoToOffset, goToOffset on WebContents

The navigation-related APIs are now deprecated.

... (truncated)

Commits

Updates xmldom from 0.2.1 to 0.6.0

Release notes

Sourced from xmldom's releases.

0.6.0

0.6.0

Fixes

0.5.0

Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)
    • Improve error reporting; throw on duplicate attribute BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them. It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

      To accomplish this and also be able to verify it in tests I needed to

      • create a new Error type ParseError and export it
      • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
      • export DOMHandler constructor as __DOMHandler
    • Preserve quotes in DOCTYPE declaration Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes. BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping. (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

      https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors' directives when parsing attributes [#171](https://github.com/xmldom/xmldom/issues/171)
  • fix(dom): Escape ]]&gt; when serializing CharData [#181](https://github.com/xmldom/xmldom/issues/181)
  • Switch to (only) MIT license (drop problematic LGPL license option) [#178](https://github.com/xmldom/xmldom/issues/178)
  • Export DOMException; remove custom assertions; etc. [#174](https://github.com/xmldom/xmldom/issues/174)

Docs

0.4.0

Fixes

Docs

... (truncated)

Changelog

Sourced from xmldom's changelog.

0.6.0

Commits

Fixes

0.5.0

Commits

Fixes

  • Avoid misinterpretation of malicious XML input - GHSA-h6q6-9hqw-rwfv (CVE-2021-21366)

    • Improve error reporting; throw on duplicate attribute
      BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them. It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.

      To accomplish this and also be able to verify it in tests I needed to

      • create a new Error type ParseError and export it
      • Throw ParseError from errorHandler.fatalError and prevent those from being caught in XMLReader.
      • export DOMHandler constructor as __DOMHandler
    • Preserve quotes in DOCTYPE declaration Since the only purpose of parsing the DOCTYPE is to be able to restore it when serializing, we decided that it would be best to leave the parsed publicId and systemId as is, including any quotes. BREAKING CHANGE: If somebody relies on the actual unquoted values of those ids, they will need to take care of either single or double quotes and the right escaping. (Without this change this would not have been possible because the SAX parser already dropped the information about the quotes that have been used in the source.)

      https://www.w3.org/TR/2006/REC-xml11-20060816/#dtd https://www.w3.org/TR/2006/REC-xml11-20060816/#IDAX1KS (External Entity Declaration)

  • Fix breaking preprocessors' directives when parsing attributes [#171](https://github.com/xmldom/xmldom/issues/171)

  • fix(dom): Escape ]]&gt; when serializing CharData [#181](https://github.com/xmldom/xmldom/issues/181)

  • Switch to (only) MIT license (drop problematic LGPL license option) [#178](https://github.com/xmldom/xmldom/issues/178)

  • Export DOMException; remove custom assertions; etc. [#174](https://github.com/xmldom/xmldom/issues/174)

Docs

0.4.0

Commits

Fixes

... (truncated)

Commits
  • c80a161 xmldon version 0.6.0
  • bc36efd chore: regenerate package-lock.json
  • 8a92704 Update eslint -> ^7.23.0 - devDependencies (#202)
  • b12106e Update @​stryker-mutator/core -> ^4.5.1 - devDependencies (#192)
  • af4642e docs: Update Changelog (#197)
  • 5869d76 test(stryker): Replace line numbers by error index (#201)
  • a681852 fix: Escape < when serializing attribute values (#199)
  • bb12247 Update eslint-config-prettier -> 8 - devDependencies (#187)
  • 48c51b3 Update eslint -> ^7.22.0 - devDependencies (#185)
  • 82b0481 refactor!: Avoid empty namespace value like xmlns:ds="" (#168)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by karfau, a new releaser for xmldom since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [electron-updater](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-updater) | `4.2.0` | `6.2.1` |
| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.0` | `4.7.7` |
| [marked](https://github.com/markedjs/marked) | `0.8.0` | `4.0.10` |
| [electron](https://github.com/electron/electron) | `7.1.8` | `22.3.25` |
| [xmldom](https://github.com/xmldom/xmldom) | `0.2.1` | `0.6.0` |



Updates `electron-updater` from 4.2.0 to 6.2.1
- [Release notes](https://github.com/electron-userland/electron-builder/releases)
- [Changelog](https://github.com/electron-userland/electron-builder/blob/master/packages/electron-updater/CHANGELOG.md)
- [Commits](https://github.com/electron-userland/electron-builder/commits/electron-updater@6.2.1/packages/electron-updater)

Updates `handlebars` from 4.7.0 to 4.7.7
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.0...v4.7.7)

Updates `marked` from 0.8.0 to 4.0.10
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json)
- [Commits](markedjs/marked@v0.8.0...v4.0.10)

Updates `electron` from 7.1.8 to 22.3.25
- [Release notes](https://github.com/electron/electron/releases)
- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)
- [Commits](electron/electron@v7.1.8...v22.3.25)

Updates `xmldom` from 0.2.1 to 0.6.0
- [Release notes](https://github.com/xmldom/xmldom/releases)
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md)
- [Commits](xmldom/xmldom@0.2.1...0.6.0)

---
updated-dependencies:
- dependency-name: electron-updater
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: handlebars
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: marked
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: electron
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: xmldom
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants