build(deps-dev): bump the npm_and_yarn group across 1 directory with 2 updates #21
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
*Total -- 2,649.42kb -> 2,123.12kb (19.86%) /static/icons/settings.png -- 3.06kb -> 1.26kb (58.84%) /static/icons/icon-512.png -- 5.85kb -> 2.62kb (55.21%) /static/assets/onboard-logo.png -- 12.21kb -> 6.09kb (50.13%) /static/icons/dashboard.png -- 3.72kb -> 1.97kb (46.96%) /static/assets/blog-images/ens-2.png -- 50.11kb -> 26.69kb (46.73%) /static/assets/avatar.png -- 4.59kb -> 2.46kb (46.35%) /static/icons/icon-192.png -- 2.08kb -> 1.24kb (40.4%) /static/assets/share/og-generic.png -- 87.14kb -> 60.05kb (31.09%) /static/assets/share/box-dark.png -- 1.03kb -> 0.71kb (31%) /static/assets/share/twitter-summary.png -- 52.40kb -> 36.26kb (30.8%) /static/assets/blog-images/radworks-lists.png -- 463.34kb -> 343.82kb (25.8%) /docs/assets/drips-logo-illustration.png -- 160.04kb -> 119.78kb (25.16%) /static/assets/blog-images/ens.gif -- 771.00kb -> 581.44kb (24.59%) /static/assets/wbtc-coin.png -- 4.42kb -> 3.50kb (20.74%) /static/assets/share/dripList.png -- 1.09kb -> 0.86kb (20.74%) /static/assets/share/heart.png -- 1.12kb -> 0.98kb (12.73%) /static/assets/blog-images/octant-dl.png -- 165.58kb -> 147.47kb (10.94%) /static/assets/blog-images/ens-4.png -- 171.92kb -> 154.74kb (9.99%) /static/assets/blog-images/ens-3.png -- 93.95kb -> 85.57kb (8.91%) /static/assets/blog-images/oscoin-manifesto.png -- 245.05kb -> 224.31kb (8.46%) /static/assets/blog-images/radworks-announcement.jpeg -- 225.17kb -> 206.36kb (8.35%) /static/assets/blog-images/ens-1.png -- 123.54kb -> 113.95kb (7.76%) /static/assets/share/box-light.png -- 0.67kb -> 0.64kb (3.65%) /static/icons/icon.svg -- 0.34kb -> 0.33kb (1.74%) Signed-off-by: ImgBotApp <[email protected]>
Snyk has created this PR to upgrade ethers from 5.7.2 to 6.13.2. See this package in npm: ethers See this project in Snyk: https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade graphql-request from 7.0.1 to 7.1.0. See this package in npm: graphql-request See this project in Snyk: https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @uniswap/default-token-list from 11.19.0 to 12.6.0. See this package in npm: @uniswap/default-token-list See this project in Snyk: https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=upgrade-pr
Snyk has created this PR to upgrade @web3-onboard/core from 2.22.1 to 2.22.2. See this package in npm: @web3-onboard/core See this project in Snyk: https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=upgrade-pr
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PHIN-6598077
 ### Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project. #### Snyk changed the following file(s): - `package.json` - `package-lock.json` #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:-------------------------  | Exposure of Sensitive Information to an Unauthorized Actor <br/>[SNYK-JS-PHIN-6598077](https://snyk.io/vuln/SNYK-JS-PHIN-6598077) | **39** --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIyZjlhZmE2NC1mYzgzLTRmNjEtODVlYy0yMmQwODUxNTBlMGQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjJmOWFmYTY0LWZjODMtNGY2MS04NWVjLTIyZDA4NTE1MGUwZCJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"jimp","from":"0.22.12","to":"1.0.2"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-PHIN-6598077","priority_score":39,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 12 2024 12:03:30 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":2.35},{"name":"likelihood","value":1.64},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Exposure of Sensitive Information to an Unauthorized Actor"}],"prId":"2f9afa64-fc83-4f61-85ec-22d085150e0d","prPublicId":"2f9afa64-fc83-4f61-85ec-22d085150e0d","packageManager":"npm","priorityScoreList":[39],"projectPublicId":"3b5ab094-49f3-4ae7-b32e-64f0df8a2797","projectUrl":"https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-JS-PHIN-6598077"],"vulns":["SNYK-JS-PHIN-6598077"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860 - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 - https://snyk.io/vuln/SNYK-JS-EXPRESS-7926867 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 - https://snyk.io/vuln/SNYK-JS-SEND-7926862 - https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 - https://snyk.io/vuln/SNYK-JS-WS-7266574
 ### Snyk has created this PR to fix 9 vulnerabilities in the npm dependencies of this project. #### Snyk changed the following file(s): - `package.json` - `package-lock.json` #### Vulnerabilities that will be fixed with an upgrade: | | Issue | :-------------------------:|:-------------------------  | Asymmetric Resource Consumption (Amplification) <br/>[SNYK-JS-BODYPARSER-7926860](https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860)  | Open Redirect <br/>[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509)  | Cross-site Scripting <br/>[SNYK-JS-EXPRESS-7926867](https://snyk.io/vuln/SNYK-JS-EXPRESS-7926867)  | Missing Release of Resource after Effective Lifetime <br/>[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116)  | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-JS-PATHTOREGEXP-7925106](https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106)  | Cross-site Scripting <br/>[SNYK-JS-SEND-7926862](https://snyk.io/vuln/SNYK-JS-SEND-7926862)  | Cross-site Scripting <br/>[SNYK-JS-SERVESTATIC-7926865](https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865)  | Path Traversal <br/>[SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555](https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555)  | Denial of Service (DoS) <br/>[SNYK-JS-WS-7266574](https://snyk.io/vuln/SNYK-JS-WS-7266574) --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2NDcyODgwYy03ZWI1LTRhMmUtYmY2Mi00ZTgyNDZlZDZiZTYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjY0NzI4ODBjLTdlYjUtNGEyZS1iZjYyLTRlODI0NmVkNmJlNiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr) 🦉 [Cross-site Scripting](https://learn.snyk.io/lesson/dom-based-xss/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"jimp","from":"1.0.2","to":"1.0.3"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BODYPARSER-7926860","severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BODYPARSER-7926860","severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-6474509","severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-7926867","severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-6474509","severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-7926867","severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHTOREGEXP-7925106","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHTOREGEXP-7925106","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SERVESTATIC-7926865","severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SERVESTATIC-7926865","severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","severity":"high","title":"Path Traversal"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WS-7266574","priority_score":169,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Jun 17 2024 14:34:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"}],"prId":"6472880c-7eb5-4a2e-bf62-4e8246ed6be6","prPublicId":"6472880c-7eb5-4a2e-bf62-4e8246ed6be6","packageManager":"npm","priorityScoreList":[null,null,null,null,null,null,null,null,169],"projectPublicId":"3b5ab094-49f3-4ae7-b32e-64f0df8a2797","projectUrl":"https://app.snyk.io/org/okeamah/project/3b5ab094-49f3-4ae7-b32e-64f0df8a2797?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title"],"type":"auto","upgrade":["SNYK-JS-BODYPARSER-7926860","SNYK-JS-EXPRESS-6474509","SNYK-JS-EXPRESS-7926867","SNYK-JS-INFLIGHT-6095116","SNYK-JS-PATHTOREGEXP-7925106","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574"],"vulns":["SNYK-JS-BODYPARSER-7926860","SNYK-JS-EXPRESS-6474509","SNYK-JS-EXPRESS-7926867","SNYK-JS-INFLIGHT-6095116","SNYK-JS-PATHTOREGEXP-7925106","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","SNYK-JS-WS-7266574"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'
Bumps the npm_and_yarn group with 1 update in the / directory: [micromatch](https://github.com/micromatch/micromatch). Updates `micromatch` from 4.0.7 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.7...4.0.8) --- updated-dependencies: - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps the npm_and_yarn group with 1 update in the / directory: [dset](https://github.com/lukeed/dset). Updates `dset` from 3.1.3 to 3.1.4 - [Release notes](https://github.com/lukeed/dset/releases) - [Commits](lukeed/dset@v3.1.3...v3.1.4) --- updated-dependencies: - dependency-name: dset dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
…f130328831b93e5b7d66978244cfe2de [Snyk] Upgrade @web3-onboard/core from 2.22.1 to 2.22.2
Bumps the npm_and_yarn group with 1 update in the / directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte). Updates `svelte` from 4.2.18 to 4.2.19 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/[email protected]/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) --- updated-dependencies: - dependency-name: svelte dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
…bd7123b2e0657fa5ea9bff2338c071c
…4cf5f98520dad8487db78d09e715fe1
…m_and_yarn/npm_and_yarn-d3f2d8bafc
…m_and_yarn/npm_and_yarn-403ef0d4c9
…m_and_yarn/npm_and_yarn-07a849e1ae
…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `svelte` from 4.2.19 to 5.0.0 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) Updates `vite` from 5.3.1 to 5.4.9 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.9/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.9/packages/vite) Updates `rollup` from 4.18.0 to 4.24.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.18.0...v4.24.0) --- updated-dependencies: - dependency-name: svelte dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
…m_and_yarn/npm_and_yarn-d2205893fb
…5e043d2e42ab565e4efc78784eac7f6
dependabot
bot
added
the
dependencies
|
🧙 Sourcery has finished reviewing your pull request! Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
…2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [secp256k1](https://github.com/cryptocoinjs/secp256k1-node). Updates `svelte` from 5.0.0 to 5.0.1 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) Updates `secp256k1` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/cryptocoinjs/secp256k1-node/releases) - [Commits](cryptocoinjs/secp256k1-node@v4.0.3...v4.0.4) --- updated-dependencies: - dependency-name: svelte dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: secp256k1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/npm_and_yarn-fecd4e25a5
branch
from
8f5651c to
5e29a44
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 2 updates in the / directory: svelte and secp256k1.
Updates
sveltefrom 5.0.0 to 5.0.1Release notes
Sourced from svelte's releases.
Changelog
Sourced from svelte's changelog.
Commits
c73c683Version Packages (#13702)6ad017ffix: use typedef for JSDoc props and maintain comments (#13698)Updates
secp256k1from 4.0.3 to 4.0.4Commits
756fce14.0.48bd6446elliptic: fix key verification in loadCompressedPublicKey840834eUpdate elliptic to 6.5.7 (CVE-2024-42461) (#206)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.