Skip to content

Bump semver, react-scripts and dependency-cruiser#118

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/semver-and-react-scripts-and-dependency-cruiser-7.5.3
Open

Bump semver, react-scripts and dependency-cruiser#118
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/semver-and-react-scripts-and-dependency-cruiser-7.5.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jun 25, 2023

Bumps semver to 7.5.3 and updates ancestor dependencies semver, react-scripts and dependency-cruiser. These dependencies need to be updated together.

Updates semver from 5.7.1 to 7.5.3

Release notes

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

v7.5.0

7.5.0 (2023-04-17)

Features

Bug Fixes

v7.4.0

7.4.0 (2023-04-10)

Features

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

7.5.0 (2023-04-17)

Features

Bug Fixes

7.4.0 (2023-04-10)

Features

Bug Fixes

... (truncated)

Commits
  • 7fdf1ef chore: release 7.5.3
  • bf53dd8 docs: add example for > comparator (#569)
  • abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
  • e7b78de chore: release 7.5.2
  • 58c791f fix: diff when detecting major change from prerelease (#566)
  • 5c8efbc fix: preserve build in raw after inc (#565)
  • 717534e fix: better handling of whitespace (#564)
  • 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
  • aa016a6 chore: release 7.5.1
  • d30d25a fix: show type on invalid semver error (#559)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates react-scripts from 3.4.3 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Commits

Updates dependency-cruiser from 5.5.0 to 13.0.4

Release notes

Sourced from dependency-cruiser's releases.

v13.0.4

👷 maintenance

  • a0b6dee4 build(npm): updates external dependencies Fixes #817

🔒 shasum of the package as published on npmjs: 69941b3dc27768de4e7b966cb32052e4feb442bb

v13.0.3

👷 maintenance

  • 6276288f chore(extract): makes 'require' detection with typescript >5.2.0 as well (#811) -> this fixes the DeprecationWarning: 'originalKeywordKind' has been deprecated since v5.0.0 and will no longer be usable after v5.2.0. Use 'identifierToKeywordKind(identifier)' instead. typescript/ tsc warning some of you might've been getting.
  • 3930f4cc build(npm): updates external dependencies
  • 5d6d4b32 chore(tools): updates meta.js generator to use top level await
  • da31be91 doc(cli|options): removes 'experimental' notices + various other copy edits

🔏 shasum of the the release as published on npmjs: 2f8ed287ca761340b38a3881a3277a2b0c9cea60

v13.0.2

🐛 fixes

  • 4dffca28 fix(doc): adds type exports for config-utl (babel, depcruise, webpack)

👷 maintenance

♻️ life cycle management

  • 04202b27 build(npm): updates external dependencies

💻 DX

  • cb87dfcf chore(gitignore): adds .clinic to folders to ignore
  • aaf4e53e chore(.gitattributes): tellss linguist what's generated, what's documentation
  • 1381506e chore(package.json): store format tmp file somewhere in node_modules

🔒 shasum of the package as published on npmjs: 8ecfe1b82d15ea3bacae4d5a3af20d157d5a79b0

v13.0.1

🐛 fixes

  • 399eba72 fix(doc): corrects extract-ts-config return type also in tsdoc
  • 80a2f8d3 fix(types): adds root and extract-ts-config types (#809) - thank you @​mrmckeb for finding the bug and creating the pull request for this!

type exports for the other config-utl (babel, webpack, dependency-cruiser) will follow in a separate patch release

👷 maintenance

  • a36b968a build(npm): updates external dependencies
  • bd43513d fix(build): lists all sources for the json schema in the Makefile

... (truncated)

Commits
  • 36e6154 13.0.4
  • a0b6dee build(npm): updates external dependencies
  • 35d721b 13.0.3
  • 6276288 chore(extract): makes 'require' detection with typescript >5.2.0 as well (#811)
  • 3930f4c build(npm): updates external dependencies
  • 5d6d4b3 chore(tools): updates meta.js generator to use top level await
  • da31be9 doc(cli|options): removes 'experimental' notices + various other copy edits
  • 809a804 13.0.2
  • 04202b2 build(npm): updates external dependencies
  • cb87dfc chore(gitignore): adds .clinic to folders to ignore
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump semver, react-scripts and dependency-cruiser
02b7e2f 
Bumps [semver](https://github.com/npm/node-semver) to 7.5.3 and updates ancestor dependencies [semver](https://github.com/npm/node-semver), [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts) and [dependency-cruiser](https://github.com/sverweij/dependency-cruiser). These dependencies need to be updated together.


Updates `semver` from 5.7.1 to 7.5.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v7.5.3)

Updates `react-scripts` from 3.4.3 to 5.0.1
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-3.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts)

Updates `dependency-cruiser` from 5.5.0 to 13.0.4
- [Release notes](https://github.com/sverweij/dependency-cruiser/releases)
- [Changelog](https://github.com/sverweij/dependency-cruiser/blob/main/CHANGELOG.md)
- [Commits](sverweij/dependency-cruiser@v5.5.0...v13.0.4)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
- dependency-name: react-scripts
  dependency-type: direct:production
- dependency-name: dependency-cruiser
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants