Skip to content

Bump tough-cookie, critical, gulp-sass and node-sass in /modules/static-site-scaffold #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump tough-cookie, critical, gulp-sass and node-sass in /modules/static-site-scaffold #128

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 3, 2023

Bumps tough-cookie to 4.1.3 and updates ancestor dependencies tough-cookie, critical, gulp-sass and node-sass. These dependencies need to be updated together.

Updates tough-cookie from 2.4.3 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • b1a8898 fix: allow set cookies with localhost (#253)
  • ec70796 4.1.1 Patch -- allow special use domains by default (#250)
  • d4ac580 fix: allow special use domains by default (#249)
  • 79c2f7d 4.1.0 release to NPM (#245)
  • 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
  • aa4396d fix: distinguish between no samesite and samesite=none (#240)
  • b8d7511 Modernize README (#234)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.


Updates critical from 2.0.0-23 to 2.0.6

Release notes

Sourced from critical's releases.

v2.0.6

  • Chore/bump deps (#472) 0619caa
  • Do not mutate request.method when checking file exists (#470) 73b2a3b

addyosmani/critical@v2.0.5...v2.0.6

v2.0.5

  • Downgrade postcss for backwards compatibility reasons 414ff79
  • Update test.yml (#466) f69c259
  • Update dependencies and regenerate package-lock.json (#467) 9730b24

addyosmani/critical@v2.0.4...v2.0.5

v2.0.4

  • Bump dependencies f0318ff
  • Removed 'dest' key being used in examples (#461) f5b551f

addyosmani/critical@v2.0.3...v2.0.4

v2.0.3

  • Adds dimensions support to cli.js (#457) f67ca79

addyosmani/critical@v2.0.2...v2.0.3

v2.0.2

  • Bump dependencies 8d7f294
  • Adds request option to Readme (#460) dd02ad0
  • Bump elliptic from 6.5.2 to 6.5.3 (#459) 11c514c
  • Bump lodash from 4.17.15 to 4.17.19 (#458) 31c8454
  • Bump dependencies e6d4752
  • Update test.yml f14755d
  • Remove timeout option from example configuration (#454) 973d1d9

addyosmani/critical@v2.0.1...v2.0.2

v2.0.1

  • Removes DeprecationWarning triggered by got 168ba12

addyosmani/critical@v2.0.0...v2.0.1

v2.0.0

Breaking

  • Drop support for Node.js < 10
  • Drop include and timeout options as they can be specified in the penthouse options.
  • Drop options styleTarget & dest in favour of target You can specify either a css file, an html file or an object {css: dest.css, html: dest.html} if you want to store both. We may also add an extract target here in a future release.
  • Drop options destFolder, folder and pathPrefix. We tried our best to improve the way critical auto-detects the paths to used assets in the critical css which should suit for most cases. If this doesn't work out you can use the new rebase option to either specify the location of the css & the html file like this: {from: '/styles/main.css', to: '/en/test.html'}. You can also pass a callback function to dynamically compute the path or specify a cdn for example. We utilize postcss-url for this task.

... (truncated)

Changelog

Sourced from critical's changelog.

v2.0.0 / 2020-06-16

  • Drop support for Node.js < 10
  • Bump dependencies
  • Use Jest for testing
  • Drop include and timeout options as they can be specified in the penthouse options.
  • Drop options styleTarget & dest in favour of target You can specify either a css file, an html file or an object {css: dest.css, html: dest.html} if you want to store both. We may also add an extract target here in a future release.
  • Drop options destFolder, folder and pathPrefix. We tried our best to improve the way critical auto-detects the paths to used assets in the critical css which should suit for most cases. If this doesn't work out you can use the new rebase option to either specify the location of the css & the html file like this: {from: '/styles/main.css', to: '/en/test.html'}. You can also pass a callback function to dynamically compute the path or specify a cdn for example. We utilize postcss-url for this task.
  • Due to some limitations with modern css features we replaced filter-css as the library of choice for handling ignores with postcss-discard. We tried to keep things backwards compatible but you may have to change your ignore configuration.
  • Add concurrency option to specify how many operations can run in parallel.
  • Add the ability to specify used css files using file globs. See supported minimatch patterns.

v1.3.4 / 2018-07-19

  • fix: return Promise.reject instead of re-throw
  • fix: handle PAGE_UNLOADED_DURING_EXECUTION error (#314)
  • output warning on invalid extract setting
  • Add user agent option (#316)
  • Bump dependencies
  • npm audit fix

v1.3.3 / 2018-06-06

  • Bump dependencies
  • Docs: fix typo (#310)
  • Reduced vulnerabilities (#308)

v1.3.2 / 2018-05-15

  • Switched to async-exit-hook

v1.3.1 / 2018-05-14

  • Bump dependencies
  • Removed process.exit on cleanup
  • Adding html-webpack-critical-plugin to README (#306)

v1.3.0 / 2018-05-02

  • Add basic auth option (#295)

v1.2.2 / 2018-04-02

  • Improved handling of protocol-relative asset URLs (#288)
  • Adjust test files according to (#293)
  • Improve error reporting (#258)
  • Replace gutil with fancy-log (#297)
  • Update README.md (#296)

... (truncated)

Commits

Updates gulp-sass from 4.0.2 to 5.1.0

Release notes

Sourced from gulp-sass's releases.

v5.1.0

Huge shout out to @​XhmikosR for putting a ton of effort into this release 🎉

What's Changed

New Contributors

Full Changelog: dlmanning/gulp-sass@v5.0.0...v5.1.0

v5.0.0

First and foremost a huge shout out to @​mxmason for making this long awaited release possible <3

Breaking changes

  • Require Node >= 12
  • Require Gulp 4
  • Drop dependency on the deprecate node-sass
  • Remove hardcoded default Sass compiler

Upgrading to v5

It is now required to explicitly install a Sass compiler.

npm install gulp-sass sass
</tr></table>

... (truncated)

Changelog

Sourced from gulp-sass's changelog.

gulp-sass Changelog

v5.0.0

June 25, 2021

https://github.com/dlmanning/gulp-sass/releases/tag/v5.0.0

v4.1.1

June 24, 2021

https://github.com/dlmanning/gulp-sass/releases/tag/v4.1.1

v4.1.0

April 23, 2020

https://github.com/dlmanning/gulp-sass/releases/tag/v4.1.0

Commits

Updates node-sass from 4.13.1 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

Breaking changes

Supported Environments

OS Architecture Node
Windows x86 & x64 16, 18, 19, 20
OSX x64 16, 18, 19, 20
Linux* x64 16, 18, 19, 20
Alpine Linux x64 16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

Breaking changes

Features

Dependencies

Misc

... (truncated)

Changelog

Sourced from node-sass's changelog.

v4.14.0

https://github.com/sass/node-sass/releases/tag/v4.14.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump tough-cookie, critical, gulp-sass and node-sass
bcfdda2 
Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) to 4.1.3 and updates ancestor dependencies [tough-cookie](https://github.com/salesforce/tough-cookie), [critical](https://github.com/addyosmani/critical), [gulp-sass](https://github.com/dlmanning/gulp-sass) and [node-sass](https://github.com/sass/node-sass). These dependencies need to be updated together.


Updates `tough-cookie` from 2.4.3 to 4.1.3
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.4.3...v4.1.3)

Updates `critical` from 2.0.0-23 to 2.0.6
- [Release notes](https://github.com/addyosmani/critical/releases)
- [Changelog](https://github.com/addyosmani/critical/blob/master/CHANGELOG.md)
- [Commits](addyosmani/critical@v2.0.0-23...v2.0.6)

Updates `gulp-sass` from 4.0.2 to 5.1.0
- [Release notes](https://github.com/dlmanning/gulp-sass/releases)
- [Changelog](https://github.com/dlmanning/gulp-sass/blob/master/CHANGELOG.md)
- [Commits](dlmanning/gulp-sass@v4.0.2...v5.1.0)

Updates `node-sass` from 4.13.1 to 9.0.0
- [Release notes](https://github.com/sass/node-sass/releases)
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md)
- [Commits](sass/node-sass@v4.13.1...v9.0.0)

---
updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
- dependency-name: critical
  dependency-type: direct:production
- dependency-name: gulp-sass
  dependency-type: direct:production
- dependency-name: node-sass
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 3, 2023
@dependabot dependabot bot mentioned this pull request Oct 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants