Bump the npm_and_yarn group across 4 directories with 8 updates #54

dependabot · 2025-01-30T00:03:14Z

Bumps the npm_and_yarn group with 3 updates in the /examples/llama-3-code-interpreter-js directory: braces, micromatch and nanoid.
Bumps the npm_and_yarn group with 6 updates in the /examples/nextjs-code-interpreter directory:

Package	From	To
braces	`3.0.2`	`3.0.3`
micromatch	`4.0.5`	`4.0.8`
nanoid	`3.3.7`	`3.3.8`
@ai-sdk/openai	`0.0.9`	`1.1.5`
next	`14.2.3`	`14.2.21`
svelte	`4.2.15`	`4.2.19`

Bumps the npm_and_yarn group with 1 update in the /examples/scrape-and-analyze-airbnb-data-with-firecrawl directory: axios.
Bumps the npm_and_yarn group with 1 update in the /examples/together-ai-with-code-interpreting/together-ai-code-interpreter-js directory: path-to-regexp.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

Fixed a way to break Nano ID by passing non-integer size (by @myndzi).

Commits

3044cd5 Release 3.3.8 version
4fe3495 Update size limit
d643045 Fix pool pollution, infinite loop (#510)
See full diff in compare view

Updates @ai-sdk/openai from 0.0.9 to 1.1.5

Release notes

Sourced from @ai-sdk/openai's releases.

@ai-sdk/openai@1.1.5

Patch Changes

Updated dependencies [3a602ca]

@ai-sdk/provider-utils@2.1.5

@ai-sdk/openai@1.1.4

Patch Changes

Updated dependencies [066206e]

@ai-sdk/provider-utils@2.1.4

@ai-sdk/openai@1.1.3

Patch Changes

Updated dependencies [39e5c1f]

@ai-sdk/provider-utils@2.1.3

@ai-sdk/openai-compatible@0.1.6

Patch Changes

Updated dependencies [3a602ca]

@ai-sdk/provider-utils@2.1.5

@ai-sdk/openai-compatible@0.1.5

Patch Changes

Updated dependencies [066206e]

@ai-sdk/provider-utils@2.1.4

@ai-sdk/openai-compatible@0.1.4

Patch Changes

Updated dependencies [39e5c1f]

@ai-sdk/provider-utils@2.1.3

Commits

6b211c8 Version Packages (#4550)
3a602ca chore (core): rename CoreTool to Tool (#4548)
9881bd8 Version Packages (#4545)
3864284 feat (provider/groq): add deepseek r1 (#4546)
883a7e8 docs: update deepseek provider compatibility (#4544)
92f5f36 feat (core): add extractReasoningMiddleware (#4541)
3e65901 docs: update agents page (#4499)
9c3536e chore (provider/perplexity): fix processor legacy name in test (#4537)
706058c Version Packages (#4535)
ef594a3 fix (provider/luma): update README to correct model id and docs link (#4536)
Additional commits viewable in compare view

Updates next from 14.2.3 to 14.2.21

Release notes

Sourced from next's releases.

v14.2.21

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade React from 14898b6a9 to 178c267a4e: vercel/next.js#74115

Fix unstable_allowDynamic when used with pnpm: vercel/next.js#73765

Misc Changes

chore(docs): add missing search: '' on remotePatterns: vercel/next.js#73927

chore(docs): update version history of next/image: vercel/next.js#73926

Credits

Huge thanks to @unstubbable, @ztanner, and @styfle for helping!

v14.2.20

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix fetch cloning bug (vercel/next.js#73532)

Credits

Huge thanks to @wyattjoh for helping!

v14.2.19

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

ensure worker exits bubble to parent process (#73433)

Increase max cache tags to 128 (#73125)

Misc Changes

Update max tag items limit in docs (#73445)

Credits

Huge thanks to @ztanner and @ijjk for helping!

Commits

2655f6e v14.2.21
8803d2b Backport (v14): Upgrade React from 14898b6a9 to 178c267a4e (#74115)
6e35243 chore(docs): add missing search: '' on remotePatterns (#73925) (#73927)
54919d2 chore(docs): update version history of next/image (#73926)
049a690 Backport: Fix unstable_allowDynamic when used with pnpm (#73765)
663fa9c Fix SWC and React versions for 14-2-1 branch (#73791)
ed78a4a v14.2.20
530421d [backport] Fix/dedupe fetch clone (#73532)
cbc62ad v14.2.19
92280dc [backport] Update max tag items limit in docs (#73445)
Additional commits viewable in compare view

Updates svelte from 4.2.15 to 4.2.19

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

fix: ensure typings for <svelte:options> are picked up (#12902)

fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

chore: speed up regex (#11922)

4.2.17

Patch Changes

fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

fix: check if svelte component exists on custom element destroy (#11489)

Commits

d8b3133 Version Packages (#12990)
83e96e0 fix: escape < in attribute strings (#12989)
5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
230916f Version Packages (#11925)
dbe6057 chore: speed up regex (#11922)
a8deae9 Version Packages (#11594)
8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
8e4c778 Version Packages (#11491)
1bab571 fix: additional check for component on destroy (svelte4) (#11489)
See full diff in compare view

Updates axios from 1.7.1 to 1.7.9

Release notes

Sourced from axios's releases.

Release v1.7.9

Release notes:

Reverts

Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

Jay

Release v1.7.8

Release notes:

Bug Fixes

allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)

core: fixed config merging bug (#6668) (5d99fe4)

fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)

http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)

http: fixed proxy-from-env module import (#5222) (12b3295)

http: use globalThis.TextEncoder when available (#6634) (df956d1)

ios11 breaks when build (#6608) (7638952)

types: add missing types for mergeConfig function (#6590) (00de614)

types: export CJS types from ESM (#6218) (c71811b)

updated stream aborted error message to be more clear (#6615) (cc3217a)

use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

Remco Haszing

Jay

Aayush Yadav

Dmitriy Mozgovoy

Ell Bradshaw

Amit Saini

Tommaso Paulon

Akki

Sampo Silvennoinen

Kasper Isager Dalsgarð

Christian Clauss

Pavan Welihinda

Taylor Flatt

Kenzo Wada

Ngole Lawson

Haven

Shrivali Dutt

Henco Appel

Release v1.7.7

Release notes:

Bug Fixes

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.9 (2024-12-04)

Reverts

Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

Jay

1.7.8 (2024-11-25)

Bug Fixes

allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)

core: fixed config merging bug (#6668) (5d99fe4)

fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)

http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)

http: fixed proxy-from-env module import (#5222) (12b3295)

http: use globalThis.TextEncoder when available (#6634) (df956d1)

ios11 breaks when build (#6608) (7638952)

types: add missing types for mergeConfig function (#6590) (00de614)

types: export CJS types from ESM (#6218) (c71811b)

updated stream aborted error message to be more clear (#6615) (cc3217a)

use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

Remco Haszing

Jay

Aayush Yadav

Dmitriy Mozgovoy

Ell Bradshaw

Amit Saini

Tommaso Paulon

Akki

Sampo Silvennoinen

Kasper Isager Dalsgarð

Christian Clauss

Pavan Welihinda

Taylor Flatt

Kenzo Wada

Ngole Lawson

Haven

Shrivali Dutt

Henco Appel

1.7.7 (2024-08-31)

... (truncated)

Commits

b2cb45d chore(release): v1.7.9 (#6730)
c44d2f2 Revert "fix(types): export CJS types from ESM (#6218)" (#6729)
415ca94 chore(release): v1.7.8 (#6715)
0a8d6e1 fix: use URL API instead of DOM to fix a potential vulnerability warning; (#6...
c71811b fix(types): export CJS types from ESM (#6218)
4355a6d chore(sponsor): update sponsor block (#6709)
5d54d22 chore(sponsor): update sponsor block (#6707)
eac4619 fix: allow passing a callback as paramsSerializer to buildURL (#6680)
df956d1 fix(http): use globalThis.TextEncoder when available (#6634)
7139ce9 chore(deps): bump cookie and socket.io (#6704)
Additional commits viewable in compare view

Updates path-to-regexp from 1.8.0 to 1.9.0

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 1.x

Fixed

Add backtrack protection to 1.x release (#320) 925ac8e

Fix re.exec(&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);/test/route&[#39](https://github.com/pillarjs/path-to-regexp/issues/39);) result (#267) 32a14b0

pillarjs/path-to-regexp@v1.8.0...v1.9.0

Commits

c75eb10 1.9.0
925ac8e Add backtrack protection to 1.x release (#320)
32a14b0 Fix re.exec('/test/route') result (#267)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 3 updates in the /examples/llama-3-code-interpreter-js directory: [braces](https://github.com/micromatch/braces), [micromatch](https://github.com/micromatch/micromatch) and [nanoid](https://github.com/ai/nanoid). Bumps the npm_and_yarn group with 6 updates in the /examples/nextjs-code-interpreter directory: | Package | From | To | | --- | --- | --- | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [@ai-sdk/openai](https://github.com/vercel/ai) | `0.0.9` | `1.1.5` | | [next](https://github.com/vercel/next.js) | `14.2.3` | `14.2.21` | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.15` | `4.2.19` | Bumps the npm_and_yarn group with 1 update in the /examples/scrape-and-analyze-airbnb-data-with-firecrawl directory: [axios](https://github.com/axios/axios). Bumps the npm_and_yarn group with 1 update in the /examples/together-ai-with-code-interpreting/together-ai-code-interpreter-js directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `micromatch` from 4.0.5 to 4.0.8 - [Release notes](https://github.com/micromatch/micromatch/releases) - [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md) - [Commits](micromatch/micromatch@4.0.5...4.0.8) Updates `nanoid` from 3.3.7 to 3.3.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.7...3.3.8) Updates `@ai-sdk/openai` from 0.0.9 to 1.1.5 - [Release notes](https://github.com/vercel/ai/releases) - [Changelog](https://github.com/vercel/ai/blob/main/CHANGELOG.md) - [Commits](https://github.com/vercel/ai/compare/@ai-sdk/openai@0.0.9...@ai-sdk/openai@1.1.5) Updates `next` from 14.2.3 to 14.2.21 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.3...v14.2.21) Updates `svelte` from 4.2.15 to 4.2.19 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/svelte@4.2.19/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/svelte@4.2.19/packages/svelte) Updates `axios` from 1.7.1 to 1.7.9 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.1...v1.7.9) Updates `path-to-regexp` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: micromatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@ai-sdk/openai" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: svelte dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from tizkovatereza as a code owner January 30, 2025 00:03

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 4 directories with 8 updates #54

Bump the npm_and_yarn group across 4 directories with 8 updates #54

dependabot bot commented on behalf of github Jan 30, 2025

Bump the npm_and_yarn group across 4 directories with 8 updates #54

Are you sure you want to change the base?

Bump the npm_and_yarn group across 4 directories with 8 updates #54

Conversation

dependabot bot commented on behalf of github Jan 30, 2025

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

3.3.8

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

3.3.8

@​ai-sdk/openai@​1.1.5

Patch Changes

@​ai-sdk/openai@​1.1.4

Patch Changes

@​ai-sdk/openai@​1.1.3

Patch Changes

@​ai-sdk/openai-compatible@​0.1.6

Patch Changes

@​ai-sdk/openai-compatible@​0.1.5

Patch Changes

@​ai-sdk/openai-compatible@​0.1.4

Patch Changes

v14.2.21

Core Changes

Misc Changes

Credits

v14.2.20

Core Changes

Credits

v14.2.19

Core Changes

Misc Changes

Credits

4.2.19

Patch Changes

4.2.18

Patch Changes

4.2.17

Patch Changes

4.2.16

Patch Changes

Release v1.7.9

Release notes:

Reverts

Contributors to this release

Release v1.7.8

Release notes:

Bug Fixes

Contributors to this release

Release v1.7.7

Release notes:

Bug Fixes

1.7.9 (2024-12-04)

Reverts

Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes

Contributors to this release

1.7.7 (2024-08-31)

Fix backtracking in 1.x

`@ai-sdk/openai@1`.1.5

`@ai-sdk/openai@1`.1.4

`@ai-sdk/openai@1`.1.3

`@ai-sdk/openai-compatible@0`.1.6

`@ai-sdk/openai-compatible@0`.1.5

`@ai-sdk/openai-compatible@0`.1.4