Bump the npm_and_yarn group across 13 directories with 31 updates #4

dependabot · 2024-04-12T16:15:19Z

Bumps the npm_and_yarn group with 29 updates in the / directory:

Package	From	To
jose	`4.14.4`	`4.15.5`
codemirror	`5.48.2`	`5.58.2`
markdown-it	`13.0.1`	`13.0.2`
moment-timezone	`0.5.23`	`0.5.35`
semver	`7.5.4`	`7.6.0`
validator	`7.2.0`	`13.7.0`
express	`4.18.2`	`4.19.2`
express-hbs	`2.4.1`	`2.4.2`
got	`9.6.0`	`11.8.5`
jsonwebtoken	`8.5.1`	`9.0.0`
knex	`2.4.2`	`2.5.0`
luxon	`3.4.1`	`3.4.2`
moment	`2.24.0`	`2.29.4`
mysql2	`3.5.2`	`3.9.4`
sanitize-html	`2.11.0`	`2.12.1`
postcss	`8.4.28`	`8.4.31`
vite	`4.4.9`	`4.5.3`
@adobe/css-tools	`4.2.0`	`4.3.3`
@babel/traverse	`7.22.8`	`7.24.1`
@xmldom/xmldom	`0.8.3`	`0.8.10`
browserify-sign	`4.2.1`	`4.2.3`
cookiejar	`2.1.3`	`2.1.4`
decode-uri-component	`0.2.0`	`0.2.2`
follow-redirects	`1.15.2`	`1.15.6`
get-func-name	`2.0.0`	`2.0.2`
ip	`2.0.0`	`2.0.1`
nodemailer	`6.8.0`	`6.9.13`
tar	`6.1.14`	`6.2.1`
word-wrap	`1.2.3`	`1.2.5`

Bumps the npm_and_yarn group with 1 update in the /ghost/extract-api-key directory: jsonwebtoken.
Bumps the npm_and_yarn group with 1 update in the /ghost/magic-link directory: jsonwebtoken.
Bumps the npm_and_yarn group with 4 updates in the /ghost/members-api directory: express, got, jsonwebtoken and moment.
Bumps the npm_and_yarn group with 2 updates in the /ghost/members-events-service directory: moment-timezone and moment.
Bumps the npm_and_yarn group with 1 update in the /ghost/members-importer directory: moment-timezone.
Bumps the npm_and_yarn group with 1 update in the /ghost/members-ssr directory: jsonwebtoken.
Bumps the npm_and_yarn group with 1 update in the /ghost/mw-session-from-token directory: express.
Bumps the npm_and_yarn group with 1 update in the /ghost/session-service directory: express.
Bumps the npm_and_yarn group with 1 update in the /ghost/slack-notifications directory: got.
Bumps the npm_and_yarn group with 1 update in the /ghost/staff-service directory: moment.
Bumps the npm_and_yarn group with 4 updates in the /ghost/stats-service directory: knex, luxon, @types/luxon and moment.
Bumps the npm_and_yarn group with 1 update in the /ghost/update-check-service directory: moment.

Updates jose from 4.14.4 to 4.15.5

Release notes

Sourced from jose's releases.

v4.15.5

Fixes

add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176

v4.15.4

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

v4.15.3

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

v4.15.1

Fixes

resolve missing types for the cryptoRuntime const (1627965)

v4.15.0

Features

export the used crypto runtime as a constant (0681dda)

v4.14.6

Fixes

build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

v4.14.5

Refactor

catch type error when decoding base64url signature (#569) (935e920)

catch type errors when decoding various base64url strings (9024e87)

Changelog

Sourced from jose's changelog.

4.15.5 (2024-03-07)

Fixes

add a maxOutputLength option to zlib inflate (1b91d88)

4.15.4 (2023-10-14)

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

4.15.1 (2023-10-02)

Fixes

resolve missing types for the cryptoRuntime const (1627965)

4.15.0 (2023-10-02)

Features

export the used crypto runtime as a constant (0681dda)

4.14.6 (2023-09-04)

Fixes

build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

4.14.5 (2023-09-02)

Refactor

catch type error when decoding base64url signature (#569) (935e920)

... (truncated)

Commits

765aafd chore(release): 4.15.5
b36e45e test: add export check to x509 pem import tests
e839ecb test: stop testing JWE RSA1_5 Algorithm
1b91d88 fix: add a maxOutputLength option to zlib inflate
9ca2b24 build: remove release action
f3035d8 chore: cleanup after release
f0bb220 chore(release): 4.15.4
6f38554 chore: bump dev deps
936c9df fix(types): export GetKeyFunction (#592)
5ac6619 chore: bump dev deps
Additional commits viewable in compare view

Updates codemirror from 5.48.2 to 5.58.2

Commits

See full diff in compare view

Updates markdown-it from 13.0.1 to 13.0.2

Changelog

Sourced from markdown-it's changelog.

[13.0.2] - 2023-09-26

Security

Fixed crash/infinite loop caused by linkify inline rule, #957.

Fixed

Throw an error if 3rd party plugin doesn't increment line or pos counters (previously, markdown-it would likely go into infinite loop instead), #847.

Commits

e476f78 13.0.2 released
dfd485b Dist rebuild
80a3adc Fix crash in linkify inline rule on malformed input
49ca65b Sync pathological tests with cmark
2b6cac2 Sync pathological tests with cmark
08444a5 Fix typo; minor copy-edits (#879)
940459e fix: remove outdated comments (#891)
1529ff4 Guard against custom rule not incrementing pos
6325878 Multiple refactors
9ff460e Drop a lot of extra code from blockquotes
See full diff in compare view

Updates moment-timezone from 0.5.23 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9

Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

Updated data to IANA TZDB 2021e

Release 0.5.33

Updated data to IANA TZDB 2021a

Release 0.5.32

Updated data to IANA TZDB 2020d

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

Updated data to IANA TZDB 2020a

Fixed typescript definitions

NOTE: You might need to un-install @types/moment-timezone. Check moment/moment-timezone#858 for more info.

Release 0.5.29

Fixed es6 module loading issue moment/moment-timezone@1fd4234

Fixed typescript declarations moment/moment-timezone@ed529ea

Fixed changelog moment/moment-timezone@adb7d7b

Release 0.5.28

Merged pull request #410 from @adgrace:

Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country

Added a method moment.tz(timezone_id).countries() to get countries for some time zone

Added a method moment.tz.countries() to get all country codes

And as you know moment.tz.names() already exists

Release 0.5.27

0.5.27 2019-10-14

Updated data to IANA TZDB `2019c

Release 0.5.26

Updated data to IANA TZDB 2019b

Fix: stabilize Array.sort #762

Release 0.5.25

Fix moment.tz.dataVersion to return 2019a #742

Update path in bower.json

Release 0.5.24

Updated data to IANA TZDB 2019a #737

... (truncated)

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9

Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

Updated data to IANA TZDB 2021e

0.5.33 2021-02-06

Updated data to IANA TZDB 2021a

0.5.32 2020-11-14

Updated data to IANA TZDB 2020d

0.5.31 2020-05-16

Fixed Travis builds for Node.js 4 and 6

0.5.30 2020-05-16

Updated data to IANA TZDB 2020a

Fixed typescript definitions

NOTE: You might need to un-install @types/moment-timezone. Check moment/moment-timezone#858 for more info

0.5.29 2020-05-16

Merged fix of es6 module loading issue moment/moment-timezone@1fd4234

Merged PR with typescript declarations moment/moment-timezone@ed529ea

Merged fixes to changelog moment/moment-timezone@adb7d7b

0.5.28 2020-02-21

Merged pull request #410 from @adgrace:

Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country

Added a method moment.tz(timezone_id).countries() to get countries for some time zone

Added a method moment.tz.countries() to get all country codes

And as you know moment.tz.zones() already exists

0.5.27 2019-10-14

Updated data to IANA TZDB 2019c

0.5.26 2019-06-06

Updated data to IANA TZDB 2019b

Fix: stabilize Array.sort #762

0.5.25 2019-04-17

Fix moment.tz.dataVersion to return 2019a #742

Update path in bower.json

0.5.24 2019-04-17

Updated data to IANA TZDB 2019a #737

... (truncated)

Commits

b8fb1ba Build moment-timezone 0.5.35
f1b5e5a Add changelog for 0.5.35
8b0eb0c Bump version to 0.5.35
7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
9430b4c Merge remote-tracking branch 'origin/master' into develop
feaf900 Updated contributing.md + added 2021e files
704cfac updated contributing.md
877c863 Updated contributing.md + added 2021e files
5a3015c updated contributing.md
Additional commits viewable in compare view

Updates semver from 7.5.4 to 7.6.0

Release notes

Sourced from semver's releases.

v7.6.0

7.6.0 (2024-01-31)

Features

a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa, madtisa, @wraithgar)

Chores

816c7b2 #667 postinstall for dependabot template-oss PR (@lukekarrys)

0bd24d9 #667 bump @npmcli/template-oss from 4.21.1 to 4.21.3 (@dependabot[bot])

e521932 #652 postinstall for dependabot template-oss PR (@lukekarrys)

8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)

f317dc8 #652 bump @npmcli/template-oss from 4.19.0 to 4.21.0 (@dependabot[bot])

7303db1 #658 add clean() test for build metadata (#658) (@jethrodaniel)

6240d75 #656 add missing quotes in README.md (#656) (@zyxkad)

14d263f #625 postinstall for dependabot template-oss PR (@lukekarrys)

7c34e1a #625 bump @npmcli/template-oss from 4.18.1 to 4.19.0 (@dependabot[bot])

123e0b0 #622 postinstall for dependabot template-oss PR (@lukekarrys)

737d5e1 #622 bump @npmcli/template-oss from 4.18.0 to 4.18.1 (@dependabot[bot])

cce6180 #598 postinstall for dependabot template-oss PR (@lukekarrys)

b914a3d #598 bump @npmcli/template-oss from 4.17.0 to 4.18.0 (@dependabot[bot])

Changelog

Sourced from semver's changelog.

7.6.0 (2024-01-31)

Features

a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@madtisa, madtisa, @wraithgar)

Chores

816c7b2 #667 postinstall for dependabot template-oss PR (@lukekarrys)

0bd24d9 #667 bump @npmcli/template-oss from 4.21.1 to 4.21.3 (@dependabot[bot])

e521932 #652 postinstall for dependabot template-oss PR (@lukekarrys)

8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@lukekarrys)

f317dc8 #652 bump @npmcli/template-oss from 4.19.0 to 4.21.0 (@dependabot[bot])

7303db1 #658 add clean() test for build metadata (#658) (@jethrodaniel)

6240d75 #656 add missing quotes in README.md (#656) (@zyxkad)

14d263f #625 postinstall for dependabot template-oss PR (@lukekarrys)

7c34e1a #625 bump @npmcli/template-oss from 4.18.1 to 4.19.0 (@dependabot[bot])

123e0b0 #622 postinstall for dependabot template-oss PR (@lukekarrys)

737d5e1 #622 bump @npmcli/template-oss from 4.18.0 to 4.18.1 (@dependabot[bot])

cce6180 #598 postinstall for dependabot template-oss PR (@lukekarrys)

b914a3d #598 bump @npmcli/template-oss from 4.17.0 to 4.18.0 (@dependabot[bot])

Commits

377f709 chore: release 7.6.0 (#661)
a7ab13a feat: preserve pre-release and build parts of a version on coerce (#671)
816c7b2 chore: postinstall for dependabot template-oss PR
0bd24d9 chore: bump @npmcli/template-oss from 4.21.1 to 4.21.3
e521932 chore: postinstall for dependabot template-oss PR
8873991 chore: chore: chore: postinstall for dependabot template-oss PR
f317dc8 chore: bump @npmcli/template-oss from 4.19.0 to 4.21.0
7303db1 chore: add clean() test for build metadata (#658)
6240d75 chore: add missing quotes in README.md (#656)
14d263f chore: postinstall for dependabot template-oss PR
Additional commits viewable in compare view

Updates validator from 7.2.0 to 13.7.0

Release notes

Sourced from validator's releases.

13.7.0

13.7.0

New Features

#1706 isISO4217, currency code validator @jpaya17

Fixes and Enhancements

#1647 isFQDN: add allow_wildcard option @fasenderos

#1654 isRFC3339: Disallow prepended and appended strings to RFC 3339 date-time @jmacmahon

#1658 maintenance: increase code coverage @tux-tn

#1669 IBAN export list of country codes that implement IBAN @dror-heller @fedeci

#1676 isBoolean: add loose option @brybrophy

#1697 maintenance: fix npm installation error @rubiin

#1708 isISO31661Alpha3: perf @jpaya17

#1711 isDate: allow users to strictly validate dates with . as delimiter @flymans

#1715 isCreditCard: fix for Union Pay cards @shreyassai123

#1718 isEmail: replace all dots in GMail length validation @DasDingGehtNicht

#1721 isURL: add allow_fragments and allow_query_components @cowboy-bebug

#1724 isISO31661Alpha2: perf @jpaya17

#1730 isMagnetURI @tux-tn

#1738 trim: remove regex to prevent ReDOS attack @tux-tn

#1747 maintenance: run scripts in parallel for build and clean @sachinraja

#1748 isURL: higher priority to whitelist @deepanshu2506

#1751 isURL: allow url with colon and no port @MatteoPierro

#1777 isUUID: fix for null version argument @theteladras

#1799 isFQDN: check more special chars @MatteoPierro

#1833 isURL: allow URL with an empty user @MiguelSavignano

#1835 unescape: fixed bug where intermediate string contains escaped @Marcholio

#1836 contains: can check that string contains seed multiple times @Marcholio

#1844 docs: add CDN instructions @luiscobits

#1848 isUUID: add support for validation of v1 and v2 @theteladras

#1941 isEmail: add host_blacklist option @fedeci

New and Improved Locales

isAlpha, isAlphanumeric:

#1716 hi-IN @MiKr13

#1837 fi-FI @Marcholio

isPassportNumber:

#1656 ID @rubiin

#1714 CN @anirudhgiri

#1809 PL @Ronqn

#1810 RU @Theta-Dev

isPostalCode:

#1788 LK @nimanthadilz

... (truncated)

Changelog

Sourced from validator's changelog.

13.7.0

New Features

#1706 isISO4217, currency code validator @jpaya17

Fixes and Enhancements

#1647 isFQDN: add allow_wildcard option @fasenderos

#1654 isRFC3339: Disallow prepended and appended strings to RFC 3339 date-time @jmacmahon

#1658 maintenance: increase code coverage @tux-tn

#1669 IBAN export list of country codes that implement IBAN @dror-heller @fedeci

#1676 isBoolean: add loose option @brybrophy

#1697 maintenance: fix npm installation error @rubiin

#1708 isISO31661Alpha3: perf @jpaya17

#1711 isDate: allow users to strictly validate dates with . as delimiter @flymans

#1715 isCreditCard: fix for Union Pay cards @shreyassai123

#1718 isEmail: replace all dots in GMail length validation @DasDingGehtNicht

#1721 isURL: add allow_fragments and allow_query_components @cowboy-bebug

#1724 isISO31661Alpha2: perf @jpaya17

#1730 isMagnetURI @tux-tn

#1738 rtrim: remove regex to prevent ReDOS attack @tux-tn

#1747 maintenance: run scripts in parallel for build and clean @sachinraja

#1748 isURL: higher priority to whitelist @deepanshu2506

#1751 isURL: allow url with colon and no port @MatteoPierro

#1777 isUUID: fix for null version argument @theteladras

#1799 isFQDN: check more special chars @MatteoPierro

#1833 isURL: allow URL with an empty user @MiguelSavignano

#1835 unescape: fixed bug where intermediate string contains escaped @Marcholio

#1836 contains: can check that string contains seed multiple times @Marcholio

#1844 docs: add CDN instructions @luiscobits

#1848 isUUID: add support for validation of v1 and v2 @theteladras

#1941 isEmail: add host_blacklist option @fedeci

New and Improved Locales

isAlpha, isAlphanumeric:

#1716 hi-IN @MiKr13

#1837 fi-FI @Marcholio

isPassportNumber:

#1656 ID @rubiin

#1714 CN @anirudhgiri

#1809 PL @Ronqn

#1810 RU @Theta-Dev

isPostalCode:

#1788 LK @nimanthadilz

isIdentityCard:

... (truncated)

Commits

47ee5ad 13.7.0
496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
83cb7f8 chore: merge conflict clean-up
f17e220 feat(isMobilePhone): add El Salvador es-SV locale
5b06703 feat(isMobilePhone): add Palestine ar-PS locale
a3faa83 feat(isMobilePhone): add Botswana en-BW locale
26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by profnandaa, a new releaser for validator since your current version.

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates express-hbs from 2.4.1 to 2.4.2

Commits

61c0aee v2.4.2
10b5d09 Removed Bluebird dependency
2b65ccd Update actions/checkout action to v4
b850735 Lock file maintenance
0a9f00b Lock file maintenance
6012b01 Update dependency eslint to v8.48.0
See full diff in compare view

Updates got from 9.6.0 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

Backport security fix sindresorhus/got@861ccd9

CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

Bump cacheable-request dependency (#1921) 9463bb6

Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

v11.8.2

Make the dnsCache option lazy (#1529) 3bd245f This slightly improves Got startup performance and fixes an issue with Jest.

Bumps the npm_and_yarn group with 29 updates in the / directory: | Package | From | To | | --- | --- | --- | | [jose](https://github.com/panva/jose) | `4.14.4` | `4.15.5` | | [codemirror](https://github.com/codemirror/basic-setup) | `5.48.2` | `5.58.2` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `13.0.1` | `13.0.2` | | [moment-timezone](https://github.com/moment/moment-timezone) | `0.5.23` | `0.5.35` | | [semver](https://github.com/npm/node-semver) | `7.5.4` | `7.6.0` | | [validator](https://github.com/validatorjs/validator.js) | `7.2.0` | `13.7.0` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [express-hbs](https://github.com/TryGhost/express-hbs) | `2.4.1` | `2.4.2` | | [got](https://github.com/sindresorhus/got) | `9.6.0` | `11.8.5` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` | | [knex](https://github.com/knex/knex) | `2.4.2` | `2.5.0` | | [luxon](https://github.com/moment/luxon) | `3.4.1` | `3.4.2` | | [moment](https://github.com/moment/moment) | `2.24.0` | `2.29.4` | | [mysql2](https://github.com/sidorares/node-mysql2) | `3.5.2` | `3.9.4` | | [sanitize-html](https://github.com/apostrophecms/sanitize-html) | `2.11.0` | `2.12.1` | | [postcss](https://github.com/postcss/postcss) | `8.4.28` | `8.4.31` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.4.9` | `4.5.3` | | [@adobe/css-tools](https://github.com/adobe/css-tools) | `4.2.0` | `4.3.3` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.22.8` | `7.24.1` | | [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.3` | `0.8.10` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.2.1` | `4.2.3` | | [cookiejar](https://github.com/bmeck/node-cookiejar) | `2.1.3` | `2.1.4` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` | | [ip](https://github.com/indutny/node-ip) | `2.0.0` | `2.0.1` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `6.8.0` | `6.9.13` | | [tar](https://github.com/isaacs/node-tar) | `6.1.14` | `6.2.1` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 1 update in the /ghost/extract-api-key directory: [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 1 update in the /ghost/magic-link directory: [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 4 updates in the /ghost/members-api directory: [express](https://github.com/expressjs/express), [got](https://github.com/sindresorhus/got), [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) and [moment](https://github.com/moment/moment). Bumps the npm_and_yarn group with 2 updates in the /ghost/members-events-service directory: [moment-timezone](https://github.com/moment/moment-timezone) and [moment](https://github.com/moment/moment). Bumps the npm_and_yarn group with 1 update in the /ghost/members-importer directory: [moment-timezone](https://github.com/moment/moment-timezone). Bumps the npm_and_yarn group with 1 update in the /ghost/members-ssr directory: [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken). Bumps the npm_and_yarn group with 1 update in the /ghost/mw-session-from-token directory: [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 1 update in the /ghost/session-service directory: [express](https://github.com/expressjs/express). Bumps the npm_and_yarn group with 1 update in the /ghost/slack-notifications directory: [got](https://github.com/sindresorhus/got). Bumps the npm_and_yarn group with 1 update in the /ghost/staff-service directory: [moment](https://github.com/moment/moment). Bumps the npm_and_yarn group with 4 updates in the /ghost/stats-service directory: [knex](https://github.com/knex/knex), [luxon](https://github.com/moment/luxon), [@types/luxon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/luxon) and [moment](https://github.com/moment/moment). Bumps the npm_and_yarn group with 1 update in the /ghost/update-check-service directory: [moment](https://github.com/moment/moment). Updates `jose` from 4.14.4 to 4.15.5 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/v4.15.5/CHANGELOG.md) - [Commits](panva/jose@v4.14.4...v4.15.5) Updates `codemirror` from 5.48.2 to 5.58.2 - [Changelog](https://github.com/codemirror/basic-setup/blob/main/CHANGELOG.md) - [Commits](https://github.com/codemirror/basic-setup/commits) Updates `markdown-it` from 13.0.1 to 13.0.2 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@13.0.1...13.0.2) Updates `moment-timezone` from 0.5.23 to 0.5.35 - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](moment/moment-timezone@0.5.23...0.5.35) Updates `semver` from 7.5.4 to 7.6.0 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.4...v7.6.0) Updates `validator` from 7.2.0 to 13.7.0 - [Release notes](https://github.com/validatorjs/validator.js/releases) - [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md) - [Commits](validatorjs/validator.js@7.2.0...13.7.0) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `express-hbs` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/TryGhost/express-hbs/releases) - [Commits](TryGhost/express-hbs@v2.4.1...v2.4.2) Updates `got` from 9.6.0 to 11.8.5 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v9.6.0...v11.8.5) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `knex` from 2.4.2 to 2.5.0 - [Release notes](https://github.com/knex/knex/releases) - [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md) - [Commits](knex/knex@2.4.2...2.5.0) Updates `luxon` from 3.4.1 to 3.4.2 - [Changelog](https://github.com/moment/luxon/blob/master/CHANGELOG.md) - [Commits](moment/luxon@3.4.1...3.4.2) Updates `moment` from 2.24.0 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.29.4) Updates `mysql2` from 3.5.2 to 3.9.4 - [Release notes](https://github.com/sidorares/node-mysql2/releases) - [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md) - [Commits](sidorares/node-mysql2@v3.5.2...v3.9.4) Updates `sanitize-html` from 2.11.0 to 2.12.1 - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](apostrophecms/sanitize-html@2.11.0...2.12.1) Updates `postcss` from 8.4.28 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.28...8.4.31) Updates `vite` from 4.4.9 to 4.5.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.3/packages/vite) Updates `@adobe/css-tools` from 4.2.0 to 4.3.3 - [Changelog](https://github.com/adobe/css-tools/blob/main/History.md) - [Commits](https://github.com/adobe/css-tools/commits) Updates `@babel/traverse` from 7.22.8 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `@xmldom/xmldom` from 0.8.3 to 0.8.10 - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.8.3...0.8.10) Updates `browserify-sign` from 4.2.1 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.2.1...v4.2.3) Updates `cookiejar` from 2.1.3 to 2.1.4 - [Commits](https://github.com/bmeck/node-cookiejar/commits) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `get-func-name` from 2.0.0 to 2.0.2 - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) Updates `ip` from 2.0.0 to 2.0.1 - [Commits](indutny/node-ip@v2.0.0...v2.0.1) Updates `nodemailer` from 6.8.0 to 6.9.13 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v6.8.0...v6.9.13) Updates `tar` from 6.1.14 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.1.14...v6.2.1) Updates `undici` from 5.22.1 to 6.13.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.22.1...v6.13.0) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `got` from 11.8.6 to 14.2.1 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v9.6.0...v11.8.5) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `moment` from 2.29.4 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.29.4) Updates `moment-timezone` from 0.5.34 to 0.5.35 - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](moment/moment-timezone@0.5.23...0.5.35) Updates `moment` from 2.29.4 to 2.30.1 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.29.4) Updates `moment-timezone` from 0.5.23 to 0.5.35 - [Release notes](https://github.com/moment/moment-timezone/releases) - [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md) - [Commits](moment/moment-timezone@0.5.23...0.5.35) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `got` from 9.6.0 to 11.8.5 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v9.6.0...v11.8.5) Updates `moment` from 2.29.1 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.29.4) Updates `knex` from 2.4.2 to 3.1.0 - [Release notes](https://github.com/knex/knex/releases) - [Changelog](https://github.com/knex/knex/blob/master/CHANGELOG.md) - [Commits](knex/knex@2.4.2...2.5.0) Updates `luxon` from 3.4.1 to 3.4.4 - [Changelog](https://github.com/moment/luxon/blob/master/CHANGELOG.md) - [Commits](moment/luxon@3.4.1...3.4.2) Updates `@types/luxon` from 3.3.1 to 3.4.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/luxon) Updates `moment` from 2.29.3 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.29.4) Updates `moment` from 2.24.0 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.29.4) --- updated-dependencies: - dependency-name: jose dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: codemirror dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: markdown-it dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: moment-timezone dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: semver dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: validator dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express-hbs dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: knex dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: luxon dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: mysql2 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: sanitize-html dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@adobe/css-tools" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@xmldom/xmldom" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: cookiejar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: get-func-name dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nodemailer dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment-timezone dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: moment-timezone dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: knex dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: luxon dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: "@types/luxon" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

coderabbitai · 2024-04-12T16:15:24Z

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai generate interesting stats about this repository and render them as a table.
- @coderabbitai show all the console.log statements in this repository.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group across 13 directories with 31 updates #4

Bump the npm_and_yarn group across 13 directories with 31 updates #4

Uh oh!

dependabot bot commented on behalf of github Apr 12, 2024

Uh oh!

coderabbitai bot commented Apr 12, 2024

Auto Review Skipped

Chat

CodeRabbit Commands (invoked as PR comments)

CodeRabbit Configration File (`.coderabbit.yaml`)

Documentation and Community

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group across 13 directories with 31 updates #4

Are you sure you want to change the base?

Bump the npm_and_yarn group across 13 directories with 31 updates #4

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 12, 2024

v4.15.5

Fixes

v4.15.4

Fixes

v4.15.3

v4.15.2

Fixes

v4.15.1

Fixes

v4.15.0

Features

v4.14.6

Fixes

v4.14.5

Refactor

4.15.5 (2024-03-07)

Fixes

4.15.4 (2023-10-14)

Fixes

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

4.15.1 (2023-10-02)

Fixes

4.15.0 (2023-10-02)

Features

4.14.6 (2023-09-04)

Fixes

4.14.5 (2023-09-02)

Refactor

[13.0.2] - 2023-09-26

Security

Fixed

Release 0.5.35

Release 0.5.34

Release 0.5.33

Release 0.5.32

Release 0.5.31

Release 0.5.30

Release 0.5.29

Release 0.5.28

Release 0.5.27

0.5.27 2019-10-14

Release 0.5.26

Release 0.5.25

Release 0.5.24

0.5.35 2022-08-23

0.5.34 2021-11-10

0.5.33 2021-02-06

0.5.32 2020-11-14

0.5.31 2020-05-16

0.5.30 2020-05-16

0.5.29 2020-05-16

0.5.28 2020-02-21

0.5.27 2019-10-14

0.5.26 2019-06-06

0.5.25 2019-04-17

0.5.24 2019-04-17

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

7.6.0 (2024-01-31)

Features

Chores

13.7.0

13.7.0

New Features

Fixes and Enhancements

New and Improved Locales

13.7.0

New Features

Fixes and Enhancements

New and Improved Locales

`0.5.27` 2019-10-14

`0.5.35` 2022-08-23

`0.5.34` 2021-11-10

`0.5.33` 2021-02-06

`0.5.32` 2020-11-14

`0.5.31` 2020-05-16

`0.5.30` 2020-05-16

`0.5.29` 2020-05-16

`0.5.28` 2020-02-21

`0.5.27` 2019-10-14

`0.5.26` 2019-06-06

`0.5.25` 2019-04-17

`0.5.24` 2019-04-17

`13.7.0`

CodeRabbit Configration File (`.coderabbit.yaml`)