dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Bump the prod-patch-updates group with 3 updates #360

Closed
dependabot[bot] wants to merge 1 commits from dependabot/npm_and_yarn/prod-patch-updates-e27dd5179b into main
pull from: dependabot/npm_and_yarn/prod-patch-updates-e27dd5179b
merge into: dennii:main
Conversation 1 Commits 1 Files Changed 2 +95 -51
dependabot[bot] commented 2025-10-06 04:53:04 +00:00 (Migrated from github.com)
Copy Link

Bumps the prod-patch-updates group with 3 updates: @types/jszip, drizzle-orm and react-simple-keyboard.

Updates @types/jszip from 3.4.0 to 3.4.1

Changelog

Sourced from @​types/jszip's changelog.

title: Changelog layout: default section: main

v3.10.1 2022-08-02

  • Add sponsorship files.
    • If you appreciate the time spent maintaining JSZip then I would really appreciate your sponsorship.
  • Consolidate metadata types and expose OnUpdateCallback #851 and #852
  • use const instead var in example from README.markdown #828
  • Switch manual download link to HTTPS #839

Internals:

  • Replace jshint with eslint #842
  • Add performance tests #834

v3.10.0 2022-05-20

  • Change setimmediate dependency to more efficient one. Fixes Stuk/jszip#617 (see #829)
  • Update types of currentFile metadata to include null (see #826)

v3.9.1 2022-04-06

  • Fix recursive definition of InputFileFormat introduced in 3.9.0.

v3.9.0 2022-04-04

  • Update types JSZip#loadAsync to accept a promise for data, and remove arguments from new JSZip() (see #752)
  • Update types for compressionOptions to JSZipFileOptions and JSZipGeneratorOptions (see #722)
  • Add types for generateInternalStream (see #774)

v3.8.0 2022-03-30

  • Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

  • Fix build of dist files.
    • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

v3.7.0 2021-07-23

  • Fix: Use a null prototype object for this.files (see #766)
    • This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

v3.6.0 2021-02-09

... (truncated)

Commits

Updates drizzle-orm from 0.44.5 to 0.44.6

Release notes

Sourced from drizzle-orm's releases.

0.44.6

  • feat: add $replicas reference #4874
Commits

Updates react-simple-keyboard from 3.8.125 to 3.8.126

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Bumps the prod-patch-updates group with 3 updates: [@types/jszip](https://github.com/Stuk/jszip), [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [react-simple-keyboard](https://github.com/hodgef/react-simple-keyboard). Updates `@types/jszip` from 3.4.0 to 3.4.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stuk/jszip/blob/main/CHANGES.md"><code>@​types/jszip</code>'s changelog</a>.</em></p> <blockquote> <hr /> <h2>title: Changelog layout: default section: main</h2> <h3>v3.10.1 2022-08-02</h3> <ul> <li>Add sponsorship files. <ul> <li>If you appreciate the time spent maintaining JSZip then I would really appreciate <a href="https://github.com/sponsors/Stuk">your sponsorship</a>.</li> </ul> </li> <li>Consolidate metadata types and expose OnUpdateCallback <a href="https://redirect.github.com/Stuk/jszip/pull/851">#851</a> and <a href="https://redirect.github.com/Stuk/jszip/pull/852">#852</a></li> <li>use <code>const</code> instead <code>var</code> in example from README.markdown <a href="https://redirect.github.com/Stuk/jszip/pull/828">#828</a></li> <li>Switch manual download link to HTTPS <a href="https://redirect.github.com/Stuk/jszip/pull/839">#839</a></li> </ul> <p>Internals:</p> <ul> <li>Replace jshint with eslint <a href="https://redirect.github.com/Stuk/jszip/pull/842">#842</a></li> <li>Add performance tests <a href="https://redirect.github.com/Stuk/jszip/pull/834">#834</a></li> </ul> <h3>v3.10.0 2022-05-20</h3> <ul> <li>Change setimmediate dependency to more efficient one. Fixes <a href="https://redirect.github.com/Stuk/jszip/issues/617">Stuk/jszip#617</a> (see <a href="https://redirect.github.com/Stuk/jszip/pull/829">#829</a>)</li> <li>Update types of <code>currentFile</code> metadata to include <code>null</code> (see <a href="https://redirect.github.com/Stuk/jszip/pull/826">#826</a>)</li> </ul> <h3>v3.9.1 2022-04-06</h3> <ul> <li>Fix recursive definition of <code>InputFileFormat</code> introduced in 3.9.0.</li> </ul> <h3>v3.9.0 2022-04-04</h3> <ul> <li>Update types JSZip#loadAsync to accept a promise for data, and remove arguments from <code>new JSZip()</code> (see <a href="https://redirect.github.com/Stuk/jszip/pull/752">#752</a>)</li> <li>Update types for <code>compressionOptions</code> to JSZipFileOptions and JSZipGeneratorOptions (see <a href="https://redirect.github.com/Stuk/jszip/pull/722">#722</a>)</li> <li>Add types for <code>generateInternalStream</code> (see <a href="https://redirect.github.com/Stuk/jszip/pull/774">#774</a>)</li> </ul> <h3>v3.8.0 2022-03-30</h3> <ul> <li>Santize filenames when files are loaded with <code>loadAsync</code>, to avoid <a href="https://snyk.io/research/zip-slip-vulnerability">&quot;zip slip&quot; attacks</a>. The original filename is available on each zip entry as <code>unsafeOriginalName</code>. See the <a href="https://stuk.github.io/jszip/documentation/api_jszip/load_async.html">documentation</a>. Many thanks to McCaulay Hudson for reporting.</li> </ul> <h3>v3.7.1 2021-08-05</h3> <ul> <li>Fix build of <code>dist</code> files. <ul> <li>Note: this version ensures the changes from 3.7.0 are actually included in the <code>dist</code> files. Thanks to Evan W for reporting.</li> </ul> </li> </ul> <h3>v3.7.0 2021-07-23</h3> <ul> <li>Fix: Use a null prototype object for this.files (see <a href="https://redirect.github.com/Stuk/jszip/pull/766">#766</a>) <ul> <li>This change might break existing code if it uses prototype methods on the <code>.files</code> property of a zip object, for example <code>zip.files.toString()</code>. This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.</li> </ul> </li> </ul> <h3>v3.6.0 2021-02-09</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Stuk/jszip/commits">compare view</a></li> </ul> </details> <br /> Updates `drizzle-orm` from 0.44.5 to 0.44.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/drizzle-team/drizzle-orm/releases">drizzle-orm's releases</a>.</em></p> <blockquote> <h2>0.44.6</h2> <ul> <li>feat: add $replicas reference <a href="https://redirect.github.com/drizzle-team/drizzle-orm/issues/4874">#4874</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/a9136ee2df9616fef059cf398bea486da23faa47"><code>a9136ee</code></a> dprint</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/6f89bddc9b3f4340e0e280e1a269794ce033f4bd"><code>6f89bdd</code></a> Merge branch 'feat/issue-4873'</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/b529598c72c2c7fed0d72fb706084eafc228fa41"><code>b529598</code></a> dprint</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/e31c65f526ab5253ffc2b08fdd1b266b7679d030"><code>e31c65f</code></a> feat: add <code>$replicas</code> reference (<a href="https://redirect.github.com/drizzle-team/drizzle-orm/issues/4874">#4874</a>)</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/d1d61d9d45cc7430f1644022bdeff8bc93b46937"><code>d1d61d9</code></a> Bump version</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/c920a3aa0e45fa29f322129c5b0bb2fd073cf43a"><code>c920a3a</code></a> Merge branch 'main' into feat/issue-4873</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/8e8a9e902410ed2068a015d59180b225045dddf1"><code>8e8a9e9</code></a> [Drizzle Kit]: Add casing support to studio configuration and related functio...</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/d58d7e695e00da3b8573383d461b1cbc03025450"><code>d58d7e6</code></a> Merge branch 'main' into feat/issue-4873</li> <li><a href="https://github.com/drizzle-team/drizzle-orm/commit/dd5de50677c2c769ab9b07a0e8a28750408902f2"><code>dd5de50</code></a> feat: add <code>$replicas</code> reference</li> <li>See full diff in <a href="https://github.com/drizzle-team/drizzle-orm/compare/0.44.5...0.44.6">compare view</a></li> </ul> </details> <br /> Updates `react-simple-keyboard` from 3.8.125 to 3.8.126 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/hodgef/react-simple-keyboard/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details>
dependabot[bot] commented 2025-10-07 04:32:20 +00:00 (Migrated from github.com)
Copy Link

Looks like these dependencies are updatable in another way, so this is no longer needed.

Looks like these dependencies are updatable in another way, so this is no longer needed.

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 dependencies
Pull requests that update a dependency file
 docker
Pull requests that update docker code
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 github_actions
Pull requests that update GitHub Actions code
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 javascript
Pull requests that update javascript code
 question
Further information is requested
 security
Questions about network security
 wontfix
This will not be worked on
No Label dependencies javascript
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dennii
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dennii/Termix#360
Delete Branch "dependabot/npm_and_yarn/prod-patch-updates-e27dd5179b"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?