Bump the npm_and_yarn group across 6 directories with 7 updates #526

dependabot · 2024-03-27T22:40:08Z

Bumps the npm_and_yarn group with 1 update in the / directory: axios.
Bumps the npm_and_yarn group with 2 updates in the /addons/serverless-schedule-manager directory: axios and express.
Bumps the npm_and_yarn group with 5 updates in the /addons/twilio-video-demo-app directory:

Package	From	To
axios	`1.6.1`	`1.6.2`
jsonwebtoken	`8.5.1`	`9.0.2`
twilio	`3.84.1`	`5.0.1`
next	`12.3.4`	`13.5.1`
postcss	`8.4.14`	`8.4.31`
next	`13.5.1`	`13.5.6`
Bumps the npm_and_yarn group with 3 updates in the /docs directory: express, postcss and webpack-dev-middleware.
Bumps the npm_and_yarn group with 1 update in the /plugin-flex-ts-template-v2 directory: express.
Bumps the npm_and_yarn group with 2 updates in the /serverless-functions directory: axios and express.

Updates axios from 1.6.7 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Commits

ab3f0f9 chore(release): v1.6.8 (#6303)
2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
7320430 fix(import): use named export for EventEmitter;
8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
d844227 chore: update and bump deps (#6238)
caa0625 docs: update README responseEncoding types (#6194)
41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
bf6974f chore(ci): add npm tag action; (#6231)
See full diff in compare view

Updates axios from 1.6.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Commits

ab3f0f9 chore(release): v1.6.8 (#6303)
2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
7320430 fix(import): use named export for EventEmitter;
8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
d844227 chore: update and bump deps (#6238)
caa0625 docs: update README responseEncoding types (#6194)
41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
bf6974f chore(ci): add npm tag action; (#6231)
See full diff in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates axios from 1.6.1 to 1.6.2

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Commits

ab3f0f9 chore(release): v1.6.8 (#6303)
2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
7320430 fix(import): use named export for EventEmitter;
8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
d844227 chore: update and bump deps (#6238)
caa0625 docs: update README responseEncoding types (#6194)
41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
bf6974f chore(ci): add npm tag action; (#6231)
See full diff in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.

refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

bc28861 Release 9.0.2 (#935)
96b8906 refactor: use specific lodash packages (#933)
ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
84539b2 Updating package version to 9.0.1 (#920)
a99fd4b fix(stubs): allow decode method to be stubbed (#876)
e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates twilio from 3.84.1 to 5.0.1

Release notes

Sourced from twilio's releases.

5.0.1

Release Notes

Oauth

Add new APIs for vendor authorize and token endpoints

Docs

5.0.0

Release Notes

Note: This release contains breaking changes, check our upgrade guide for detailed migration notes.

Library - Feature

[PR #1011](twilio/twilio-node#1011): Merge branch '5.0.0-rc' into main. Thanks to @tiwarishubham635! (breaking change)

Api

Correct precedence documentation for application_sid vs status_callback in message creation

Mark MaxPrice as deprecated

Flex

Making plugins visibility to public

Messaging

Add new errors attribute to the Brand Registration resource.

Mark brand_feedback attribute as deprecated.

Mark failure_reason attribute as deprecated.

The new errors attribute is expected to provide additional information about Brand registration failures and feedback (if any has been provided by The Campaign Registry). Consumers should use this attribute instead of brand_feedback and failure_reason.

Numbers

Correcting mount_name for porting port in fetch API

Trusthub

Add new field in statusCallbackUrl in compliance_registration.

Add new field in isvRegisteringForSelfOrTenant in compliance_registration.

Twiml

Expanded description of Action parameter for Message verb

Docs

5.0.0-rc.1

Release Notes

Library - Chore

[PR #991](twilio/twilio-node#991): sync with main. Thanks to @tiwarishubham635!

... (truncated)

Changelog

Sourced from twilio's changelog.

[2024-03-14] Version 5.0.1

Oauth

Add new APIs for vendor authorize and token endpoints

[2024-03-12] Version 5.0.0

Note: This release contains breaking changes, check our upgrade guide for detailed migration notes.

Library - Feature

[PR #1011](twilio/twilio-node#1011): Merge branch '5.0.0-rc' into main. Thanks to @tiwarishubham635! (breaking change)

Api

Correct precedence documentation for application_sid vs status_callback in message creation

Mark MaxPrice as deprecated

Flex

Making plugins visibility to public

Messaging

Add new errors attribute to the Brand Registration resource.

Mark brand_feedback attribute as deprecated.

Mark failure_reason attribute as deprecated.

The new errors attribute is expected to provide additional information about Brand registration failures and feedback (if any has been provided by The Campaign Registry). Consumers should use this attribute instead of brand_feedback and failure_reason.

Numbers

Correcting mount_name for porting port in fetch API

Trusthub

Add new field in statusCallbackUrl in compliance_registration.

Add new field in isvRegisteringForSelfOrTenant in compliance_registration.

Twiml

Expanded description of Action parameter for Message verb

[2024-02-27] Version 4.23.0

Library - Chore

[PR #1005](twilio/twilio-node#1005): cluster tests enabled. Thanks to @sbansla!

Api

remove feedback and feedback summary from call resource

Flex

Adding routing_properties to Interactions Channels Participant

Lookups

Add new line_status package to the lookup response

... (truncated)

Upgrade guide

Sourced from twilio's upgrade guide.

Upgrade Guide

All MAJOR version bumps will have upgrade notes posted here.

[2024-03-07] 4.x.x to 5.x.x

Overview

Twilio Node Helper Library’s major version 5.0.0 is now available. We ensured that you can upgrade to Node helper Library 5.0.0 version without any breaking changes of existing apis

Behind the scenes Node Helper is now auto-generated via OpenAPI with this release. This enables us to rapidly add new features and enhance consistency across versions and languages. We're pleased to inform you that version 5.0.0 adds support for the application/json content type in the request body.

[2023-01-25] 3.x.x to 4.x.x
Supported Node.js versions updated

Upgrade to Node.js >= 14

Dropped support for Node.js < 14 (#791)

Added support for Node.js 18 (#794)

Lazy loading enabled by default (#752)

Required Twilio modules now lazy load by default

See the README for how to disable lazy loading

Type changes from object to Record (#873)

Certain response properties now use the Record type with string keys

Including the subresourceUris property for v2010 APIs and the links properties for non-v2010 APIs

Access Tokens

Creating an AccessToken requires an identity in the options (#875)

ConversationsGrant has been deprecated in favor of VoiceGrant (#783)

IpMessagingGrant has been removed (#784)
TwiML function deprecations (#788)
<Refer>

Refer.referSip() replaced by Refer.sip()
<Say>
Say.ssmlBreak() and Say.break_() replaced by Say.break()

Say.ssmlEmphasis() replaced by Say.emphasis()

Say.ssmlLang() replaced by Say.lang()

Say.ssmlP() replaced by Say.p()

Say.ssmlPhoneme() replaced by Say.phoneme()

Say.ssmlProsody() replaced by Say.prosody()

Say.ssmlS() replaced by Say.s()

Say.ssmlSayAs() replaced by Say.sayAs()

Say.ssmlSub() replaced by Say.sub()
Say.ssmlW() replaced by Say.w()

Old:

... (truncated)

Commits

9931e4e Release 5.0.1
f5f0458 [Librarian] Regenerated @ 84df4a97cab4aa96362a9d21aaf3909bbd2dbf5a
1ec67a5 Release 5.0.0
e3f6d44 [Librarian] Regenerated @ 2264f28906b87ae1f1aedbf72f8dc0e4b57a545a
dfb418d feat!: Merge branch '5.0.0-rc' into main (#1011)
0a797ba Release 4.23.0
450593c [Librarian] Regenerated @ f75e0fb81b57afeb6b457dc85e19644ebb530f9b
010d9f9 chore: cluster tests enabled (#1005)
cc9b7b1 Release 4.22.0
84bcabe [Librarian] Regenerated @ c3db20dd5f24647ef2bd3fb8b955496c59bb22bd
Additional commits viewable in compare view

Updates next from 12.3.4 to 13.5.1

Commits

0c1c7f8 v13.5.1
9744285 v13.5.1-canary.1
44eba02 improve publish-release (#55597)
c652dc8 v13.5.1-canary.0
ffafad2 v13.5.0
4a589ed v13.4.20-canary.41
deb81cf fix styled-jsx alias (#55581)
1a9b0f6 improve internal error logging (#55582)
0631549 Fix react packages are not bundled for metadata routes (#55579)
bad5365 Update supported config options for Turbopack (#55556)
Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by @remcohaszing).

8.4.21

Fixed Input#error types (by @hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by @romainmenke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by @KingSora).

8.4.17

Fixed Node.before() unexpected behavior (by @romainmenke).

Added TOC to docs (by @muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

Fixed Node.before() unexpected behavior (by Romain Menke).

Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
4fff8e4 Improve pnpm test output
cd43ed1 Update dependencies
caa916b Update dependencies
8972f76 Typo
11a5286 Typo
45c5501 Release 8.4.30 version
bc3c341 Update linter
b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
Additional commits viewable in compare view

Updates next from 13.5.1 to 13.5.6

Commits

0c1c7f8 v13.5.1
9744285 v13.5.1-canary.1
44eba02 improve publish-release (#55597)
c652dc8 v13.5.1-canary.0
ffafad2 v13.5.0
4a589ed v13.4.20-canary.41
deb81cf fix styled-jsx alias (#55581)
1a9b0f6 improve internal error logging (#55582)
0631549 Fix react packages are not bundled for metadata routes (#55579)
bad5365 Update supported config options for Turbopack (#55556)
Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by

Bumps the npm_and_yarn group with 1 update in the / directory: [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 2 updates in the /addons/serverless-schedule-manager directory: [axios](https://github.com/axios/axios) and [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 5 updates in the /addons/twilio-video-demo-app directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.6.1` | `1.6.2` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.2` | | [twilio](https://github.com/twilio/twilio-node) | `3.84.1` | `5.0.1` | | [next](https://github.com/vercel/next.js) | `12.3.4` | `13.5.1` | | [postcss](https://github.com/postcss/postcss) | `8.4.14` | `8.4.31` | | [next](https://github.com/vercel/next.js) | `13.5.1` | `13.5.6` | Bumps the npm_and_yarn group with 3 updates in the /docs directory: [express](https://github.com/expressjs/express), [postcss](https://github.com/postcss/postcss) and [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware). Bumps the npm_and_yarn group with 1 update in the /plugin-flex-ts-template-v2 directory: [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 2 updates in the /serverless-functions directory: [axios](https://github.com/axios/axios) and [express](https://github.com/expressjs/express). Updates `axios` from 1.6.7 to 1.6.8 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.7...v1.6.8) Updates `axios` from 1.6.1 to 1.6.8 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.7...v1.6.8) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `axios` from 1.6.1 to 1.6.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.7...v1.6.8) Updates `jsonwebtoken` from 8.5.1 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.2) Updates `twilio` from 3.84.1 to 5.0.1 - [Release notes](https://github.com/twilio/twilio-node/releases) - [Changelog](https://github.com/twilio/twilio-node/blob/main/CHANGES.md) - [Upgrade guide](https://github.com/twilio/twilio-node/blob/main/UPGRADE.md) - [Commits](twilio/twilio-node@3.84.1...5.0.1) Updates `next` from 12.3.4 to 13.5.1 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v12.3.4...v13.5.1) Updates `postcss` from 8.4.14 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.14...8.4.31) Updates `next` from 13.5.1 to 13.5.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v12.3.4...v13.5.1) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `postcss` from 8.4.31 to 8.4.38 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.14...8.4.31) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `axios` from 1.6.7 to 1.6.8 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.7...v1.6.8) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: axios dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: jsonwebtoken dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: twilio dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2024-03-27T22:42:24Z

0 ESLint error(s) and 0 ESLint warning(s) found in pull request changed files.
0 ESLint error(s) and 0 ESLint warning(s) found in files outside of the pull request.

✅ No issues found!

dremin · 2024-04-02T16:16:28Z

This broke the video app, investigating...

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 27, 2024

dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-a7824a354a branch from b9deb36 to 7b2634f Compare March 27, 2024 22:40

dremin self-requested a review March 27, 2024 22:43

Fix video app dependencies

6cdf505

dremin temporarily deployed to sam April 2, 2024 17:23 — with GitHub Actions Inactive

dremin temporarily deployed to sam April 2, 2024 17:24 — with GitHub Actions Inactive

dremin temporarily deployed to sam April 2, 2024 17:28 — with GitHub Actions Inactive

dremin approved these changes Apr 2, 2024

View reviewed changes

dremin merged commit 53ebd48 into main Apr 2, 2024
11 checks passed

dremin deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-a7824a354a branch April 2, 2024 17:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 6 directories with 7 updates #526

Bump the npm_and_yarn group across 6 directories with 7 updates #526

dependabot bot commented on behalf of github Mar 27, 2024

github-actions bot commented Mar 27, 2024

dremin commented Apr 2, 2024