Bump the npm_and_yarn group across 1 directory with 7 updates #79
+1,329
−2,838
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the npm_and_yarn group with 7 updates in the /firebird-ng directory: | Package | From | To | | --- | --- | --- | | [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) | `20.1.7` | `20.3.14` | | [express](https://github.com/expressjs/express) | `4.21.2` | `4.22.1` | | [express](https://github.com/expressjs/express) | `5.1.0` | `5.2.1` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` | | [jspdf](https://github.com/parallax/jsPDF) | `3.0.1` | `3.0.4` | | [mermaid](https://github.com/mermaid-js/mermaid) | `11.9.0` | `11.12.1` | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.3.2` | | [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.3` | `2.1.4` | Updates `@angular/common` from 20.1.7 to 20.3.14 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/main/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/20.3.14/packages/common) Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) Updates `express` from 5.1.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) Updates `js-yaml` from 4.1.0 to 4.1.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) Updates `jspdf` from 3.0.1 to 3.0.4 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v3.0.1...v3.0.4) Updates `mermaid` from 11.9.0 to 11.12.1 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.9.0...mermaid@11.12.1) Updates `node-forge` from 1.3.1 to 1.3.2 - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) Updates `tar-fs` from 2.1.3 to 2.1.4 - [Commits](mafintosh/tar-fs@v2.1.3...v2.1.4) --- updated-dependencies: - dependency-name: "@angular/common" dependency-version: 20.3.14 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-version: 5.2.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jspdf dependency-version: 3.0.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mermaid dependency-version: 11.12.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 2.1.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
4 tasks
- Updated core Angular packages to ^20.3.14 - Updated @angular/cdk and @angular/material to ^20.2.14 (latest compatible) - Updated @angular/cli and @angular-devkit/build-angular to ^20.3.12 (latest available) - Fixes all Angular security vulnerabilities (0 vulnerabilities remaining) - Installed with --legacy-peer-deps due to minor version mismatches
- Updated all Angular core packages to ~20.3.15 (aligned version) - Changed from caret (^) to tilde (~) ranges for better version control - Tilde ranges allow patch updates only (e.g., 20.3.x) - Fixes Angular Stored XSS vulnerability (GHSA-v4hv-rgfq-gp49) - All packages now at exact same version: 20.3.15 - 0 vulnerabilities remaining
Contributor
|
Contributor
|
DraTeots
approved these changes
Dec 2, 2025
wdconinc
deleted the
dependabot/npm_and_yarn/firebird-ng/npm_and_yarn-c0813ee94c
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: description below to be amended with non-dependabot commits commented below.
Bumps the npm_and_yarn group with 7 updates in the /firebird-ng directory:
20.1.720.3.144.21.24.22.15.1.05.2.14.1.04.1.13.0.13.0.411.9.011.12.11.3.11.3.22.1.32.1.4Updates
@angular/commonfrom 20.1.7 to 20.3.14Release notes
Sourced from
@angular/common's releases.... (truncated)
Changelog
Sourced from
@angular/common's changelog.... (truncated)
Commits
0276479fix(http): prevent XSRF token leakage to protocol-relative URLsa8c577ddocs: add reference to Built-in Pipes in multiple pipe files8922caeRevert "refactor(http): migrate XSRF classes to use inject() function"5047849fix(common): remove placeholder image listeners once view is removed4c66fe4refactor(core): markVERSIONas@__PURE__for better tree-shaking2ad6b72refactor(http): migrate XSRF classes to use inject() functionee578d3build: format md files744cd5crefactor(http): simplifies destruction tracking using destroyed property5ce9d88docs: Adds guide links to HTTP API docs for better discoverability020f176feat(common): Blocks IPv6 localhost from preconnect checksUpdates
expressfrom 4.21.2 to 4.22.1Release notes
Sourced from express's releases.
Changelog
Sourced from express's changelog.
Commits
12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-519996a23d34deps: use tilde notation forqs(#6919)8c12cdfdeps: qs@6.14.0 (#6909)7fea74fdeps: use tilde notation for certain dependencies (#6905)dac7a04chore: wider range for query test skip (#6513)997919bci: add node.js 24 to test matrix (#6506)36fb59cfix(ci): reordernpm isteps to fix ci for older node versions (#6336)Updates
expressfrom 5.1.0 to 5.2.1Release notes
Sourced from express's releases.
Changelog
Sourced from express's changelog.
Commits
12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-519996a23d34deps: use tilde notation forqs(#6919)8c12cdfdeps: qs@6.14.0 (#6909)7fea74fdeps: use tilde notation for certain dependencies (#6905)dac7a04chore: wider range for query test skip (#6513)997919bci: add node.js 24 to test matrix (#6506)36fb59cfix(ci): reordernpm isteps to fix ci for older node versions (#6336)Updates
js-yamlfrom 4.1.0 to 4.1.1Changelog
Sourced from js-yaml's changelog.
Commits
cc482e74.1.1 released50968b8dist rebuildd092d86lint fix383665ffix prototype pollution in merge (<<)0d3ca7aREADME.md: HTTP => HTTPS (#678)49baadddoc: 'empty' style option for !!nullba3460eFix demo link (#618)Updates
jspdffrom 3.0.1 to 3.0.4Release notes
Sourced from jspdf's releases.
... (truncated)
Commits
a504e973.0.4de802abFix Incorrect Typing for Margins in the TableConfig Interface Definition (#3816)87162d1chore: bump checkout, setup-node, and stale actions (#3907)e7dc622Fix: Context2d font regex too restrictive ( #3904 ) (#3906)e080935Do not add pages dynamically unless autoPaging is enabled (#3915)c768910add package.json exports field (#3903)c10d90cFix API.internal.pages not being updated when restoring a RenderTarget ( #389...2db3d9dfix font list cache invalidation issue in context2d module (#3891)af7dd5aremove duplicate function "ga" in webp decoder (#3902)777089afix: cell function now properly accepts align parameter (#3896)Updates
mermaidfrom 11.9.0 to 11.12.1Release notes
Sourced from mermaid's releases.
... (truncated)
Commits
762b44cMerge pull request #7108 from mermaid-js/changeset-release/master02c0091Version Packages16359adMerge pull request #7107 from mermaid-js/patch/dagre-d3-es-7.0.13061632cUpdate .changeset/slick-wasps-bathe.mdcbf8946fix: update dagre-d3-es to version 7.0.13ad82448Merge pull request #7053 from mermaid-js/changeset-release/master9498619Version Packages7a8557aMerge pull request #7036 from mermaid-js/knsv-patch-174863c9Merge pull request #7051 from mermaid-js/patch-parser-release63df702chore: added changeset fileUpdates
node-forgefrom 1.3.1 to 1.3.2Changelog
Sourced from node-forge's changelog.
Commits
235ad3eRelease 1.3.2.2598244Update changelog.0032dd0Fix typos.d75e08dRun new security test.a5ce91dUpdate changelog formatting.4652de6Cleanups.eb932d9Fix typo.db6954bFix style.afbf7d8Align error message style.6607445Revert minor changes.Updates
tar-fsfrom 2.1.3 to 2.1.4Commits
f421a232.1.4c412fa1refactor to same pattern as v3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.