Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

Bump the npm_and_yarn group across 1 directory with 4 updates #23

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 4 updates #23

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 25, 2024

Bumps the npm_and_yarn group with 4 updates in the / directory: tough-cookie, universal-analytics, jsdom and pkg.

Updates tough-cookie from 2.3.3 to 5.0.0

Release notes

Sourced from tough-cookie's releases.

v5.0.0

Summary

Breaking Changes

  • We've migrated the project to TypeScript! First-party types are now available.
  • The minimum supported version of node is v18.
  • We no longer provide official support for non-node enviroments.

API Changes

  • We've standardized most of our exposed interfaces to accept both null and undefined and return only undefined.
  • getCookie and getCookies now accept a string or URL as a parameter.
  • We've removed the inspect function in favor of node's util.inspect.custom symbol. Cookies may appear different when logged in non-node environments.

Other Changes

  • Fixed the expiry time not updating when a cookie is updating.
  • Fixed validation errors not getting called in some callbacks.
  • New documentation that is always kept up to date!
  • Performance improvements.

What's Changed

... (truncated)

Commits
  • 7ed1b8a Merge pull request #451 from salesforce/prepare_v5
  • cbaa1a5 Prepare v5 release
  • 57b534c 5.0.0
  • 2e6b3f4 Bump eslint from 8.57.0 to 9.9.1 (#449)
  • b72cdb2 Bump the dev-dependencies group with 2 updates (#448)
  • 93d550b upgrade typescript-eslint to 8.0.1 (#440)
  • 07a7a4d Bump the dev-dependencies group with 6 updates (#444)
  • 9b78073 Bump tldts from 6.1.37 to 6.1.41 in the production-dependencies group (#443)
  • 25a769c Bump the dev-dependencies group across 1 directory with 6 updates (#439)
  • 99dab1b Bump tldts from 6.1.32 to 6.1.37 in the production-dependencies group (#436)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates universal-analytics from 0.4.23 to 0.5.3

Changelog

Sourced from universal-analytics's changelog.

0.5.3

  • Refactored request sending to no use JSON.stringify
  • Removed chapter regarding requestOptions that are no longer available since 0.5
  • Fixed UUID test errors

0.5.2

  • Upgraded debug to 4.3.1
  • Improved documentation

0.5.1

  • Fixed bug that caused requests to fail

0.5

  • Removed request dependency
  • Updated Readme
  • Added nodejs 10 and 12 in travis tests
  • Option to override default instance name
  • Invalid configuration key in README file.

0.4.22

  • Pin native-request version to 1.0.5

0.4.21

  • Upgraded request to native-request

0.4.20

  • Maintenance release

0.4.19

  • Updated request package

0.4.18

  • Fixed package-lock.json bug

0.4.17

  • Default to https instead of http when submitting data to Google Analytics
  • Switched from custom debugger to debug module

Deprecated:

  • .debug() is now deprecated in favor of setting the DEBUG environment variable: DEBUG=universal-analytics

... (truncated)

Commits

Updates jsdom from 11.12.0 to 25.0.1

Release notes

Sourced from jsdom's releases.

Version 25.0.1

  • Updated dependencies, notably tough-cookie, which no longer prints a deprecation warning.

Version 25.0.0

This major release changes the prototype of a jsdom's EventTarget.prototype to point to the Object.prototype inside the jsdom, instead of pointing to the Node.js Object.prototype. Thus, the prototype chain of Window stays entirely within the jsdom, never crossing over into the Node.js realm.

This only occurs when runScripts is set to non-default values of "dangerously" or "outside-only", as with the default value, there is no separate Object.prototype inside the jsdom.

This will likely not impact many programs, but could cause some changes in instanceof behavior, and so out of an abundance of caution, we're releasing it as a new major version.

Version 24.1.3

  • Fixed calls to postMessage() that were done as a bare property (i.e., postMessage() instead of window.postMessage()).

Version 24.1.2

  • Fixed an issue with the in operator applied to EventTarget methods, e.g. 'addEventListener' in window, which only appeared in Node.js ≥22.5.0. (legendecas)
  • Fixed the events fired by blur(): it no longer fires focus and focusin on the Document, and blur and focusout no longer have their relatedTarget property set. (asamuzaK)

Version 24.1.1

  • Fixed selection methods to trigger the selectionchange event on the Document object. (piotr-oles)

Version 24.1.0

  • Added the getSetCookie() method to the Headers class. (ushiboy)
  • Fixed the creation and parsing of elements with names from Object.prototype, like "constructor" or "toString".
  • Updated rweb-cssom, which can now parse additional CSS constructs.

Version 24.0.0

This release reverts our selector engine back to nwsapi. As discussed in #3659, the performance regressions from @asamuzakjp/dom-selector turned out to be higher than anticipated. In the future, we can revisit @asamuzakjp/dom-selector after it reaches nwsapi's performance on the two real-world benchmarks provided by the community.

Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.

Additionally:

  • Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.

Version 23.2.0

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

Version 23.1.0

  • Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)
  • Added the string-valued ARIA attribute-reflecting properties to Element.
  • Fixed history.pushState() and history.replaceState() to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.
  • Fixed the input.valueAsANumber setter to handle NaN correctly. (alexandertrefz)
  • Updated various dependencies, including cssstyle which contains several bug fixes.

Version 23.0.1

  • Fixed the incorrect canvas peer dependency introduced in v23.0.0.

Version 23.0.0

... (truncated)

Changelog

Sourced from jsdom's changelog.

25.0.1

  • Updated dependencies, notably tough-cookie, which no longer prints a deprecation warning.

25.0.0

This major release changes the prototype of a jsdom's EventTarget.prototype to point to the Object.prototype inside the jsdom, instead of pointing to the Node.js Object.prototype. Thus, the prototype chain of Window stays entirely within the jsdom, never crossing over into the Node.js realm.

This only occurs when runScripts is set to non-default values of "dangerously" or "outside-only", as with the default value, there is no separate Object.prototype inside the jsdom.

This will likely not impact many programs, but could cause some changes in instanceof behavior, and so out of an abundance of caution, we're releasing it as a new major version.

24.1.3

  • Fixed calls to postMessage() that were done as a bare property (i.e., postMessage() instead of window.postMessage()).

24.1.2

  • Fixed an issue with the in operator applied to EventTarget methods, e.g. 'addEventListener' in window, which only appeared in Node.js ≥22.5.0. (legendecas)
  • Fixed the events fired by blur(): it no longer fires focus and focusin on the Document, and blur and focusout no longer have their relatedTarget property set. (asamuzaK)

24.1.1

  • Fixed selection methods to trigger the selectionchange event on the Document object. (piotr-oles)

24.1.0

  • Added the getSetCookie() method to the Headers class. (ushiboy)
  • Fixed the creation and parsing of elements with names from Object.prototype, like "constructor" or "toString".
  • Updated rweb-cssom, which can now parse additional CSS constructs.

24.0.0

This release reverts our selector engine back to nwsapi. As discussed in #3659, the performance regressions from @asamuzakjp/dom-selector turned out to be higher than anticipated. In the future, we can revisit @asamuzakjp/dom-selector after it reaches nwsapi's performance on the two real-world benchmarks provided by the community.

Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.

Additionally:

  • Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.

23.2.0

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

23.1.0

  • Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)

... (truncated)

Commits
  • 04541b3 Version 25.0.1
  • 96bd111 Update dependencies and dev dependencies
  • d08440c Upgrade tough-cookie to v5.0.0
  • c53efc8 Version 25.0.0
  • 784c8a5 Set EventTarget.prototype to the jsdom's Object.prototype
  • 0314f1e Version 24.1.3
  • 46d5d5c Fix postMessage referenced as a bare property
  • a241df6 Version 24.1.2
  • c3a9aed Remove upstreamed WPTs
  • 07fab37 Refactor Window object setup code
  • Additional commits viewable in compare view

Updates pkg from 4.4.7 to 5.8.1

Release notes

Sourced from pkg's releases.

5.8.1

Patches

  • Producer: properly call "prebuild-install" if N-API is used: dd9de59c9fca2751bf5d22b57bd9b03d43e85e80
  • Chore: clean up obsolete eslint disable comments: #1760
  • Chore: add prettier check in linting step: #1764
  • Chore: separate individual test scripts: #1759
  • Chore: use @types/babel__generator package: #1755
  • Chore: remove unused entry: #1766
  • Chore: upgrade actions runners: #1767
  • Style: fix typo in test-99-#1192/main.js: #1790
  • Chore: bump [email protected]: #1788
  • Fix: add force flag to codesign to avoid already signed error: #1756

Credits

Huge thanks to @​ignatiusmb, @​eltociear, @​PraveenAnaparthi, and @​brianunlam for helping!

5.8.0

Highlights

  • Support more language features, including but not limited to classPrivateMethods (#1248, #1249)
    • Note: pkg uses Babel to trace dependencies. It does NOT transform your sources. You should make sure that your code can run on the target Node.js version.

What's Changed

New Contributors

Full Changelog: vercel/pkg@5.7.0...5.8.0

5.7.0

Highlights

  • Node 18 is now supported!

What's Changed

New Contributors

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by leerobinson, a new releaser for pkg since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 4 updates
7ec936c 
Bumps the npm_and_yarn group with 4 updates in the / directory: [tough-cookie](https://github.com/salesforce/tough-cookie), [universal-analytics](https://github.com/peaksandpies/universal-analytics), [jsdom](https://github.com/jsdom/jsdom) and [pkg](https://github.com/vercel/pkg).


Updates `tough-cookie` from 2.3.3 to 5.0.0
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.3.3...v5.0.0)

Updates `universal-analytics` from 0.4.23 to 0.5.3
- [Changelog](https://github.com/peaksandpies/universal-analytics/blob/master/HISTORY.md)
- [Commits](https://github.com/peaksandpies/universal-analytics/commits/0.5.3)

Updates `jsdom` from 11.12.0 to 25.0.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@11.12.0...25.0.1)

Updates `pkg` from 4.4.7 to 5.8.1
- [Release notes](https://github.com/vercel/pkg/releases)
- [Commits](vercel/pkg@4.4.7...5.8.1)

---
updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: universal-analytics
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jsdom
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: pkg
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants