Skip to content

Bump the npm_and_yarn group across 1 directory with 2 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-a9f852c250
Open

Bump the npm_and_yarn group across 1 directory with 2 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-a9f852c250

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 5, 2025
edited
Loading

Bumps the npm_and_yarn group with 2 updates in the / directory: braces and gulp.

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed
  • Require Node.js >= 8.3

Non-breaking changes

  • Caching was removed
Commits

Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump the npm_and_yarn group across 1 directory with 2 updates
b6611b3 
Bumps the npm_and_yarn group with 2 updates in the / directory: [braces](https://github.com/micromatch/braces) and [gulp](https://github.com/gulpjs/gulp).


Updates `braces` from 2.3.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.3)

Updates `gulp` from 4.0.2 to 5.0.0
- [Release notes](https://github.com/gulpjs/gulp/releases)
- [Changelog](https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md)
- [Commits](gulpjs/gulp@v4.0.2...v5.0.0)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: gulp
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 5, 2025
orca-security-us[bot]
orca-security-us bot reviewed Feb 5, 2025
View reviewed changes
Copy link

@orca-security-us orca-security-us bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Vulnerabilities high 0   medium 0   low 0   info 0 View in Orca

pb-pete pushed a commit that referenced this pull request Mar 2, 2025
@zeeye
Mobkoi User ID module: Initial Release (prebid#12733)
ff56019 
* feat: max-848 Prebid: setup development harness.  max-849: Prebid: Make prebid RTB ORTB request to /bid (#1)

harness](https://mobkoi.atlassian.net/browse/MAX-848)

Set up a local development environment for testing and iterating on
Prebid customization changes.

Sub-tasks:

Install Prebid.js dependencies.

Create a custom Prebid.js Adapter (mobkoiBidAdapter) and build a custom
Prebid.js package to serve locally (the custom Prebid.js package is
available to serve to a local webpage).

Initialize Ad Service Bid endpoint, ensuring it can serve dummy bid
objects to the client.

Initialize Ad Server Ad endpoint to serve dummy ads/creatives that
display on the sample website.

Set up a sample website for end-to-end testing, including page load,
Prebid.js, Ad Service Bid endpoint, returning bids to the front-end, Ad
Server Ad endpoint, and loading ads on the page.

/bid](https://mobkoi.atlassian.net/browse/MAX-849)

Update Prebid.js to create ORTB-formatted bid requests for the /bid
endpoint.

Sub-tasks:

Modify Prebid request formatting to ORTB.

Validate bid responses from /bid with ORTB formatting.

Integrate the new ORTB bid request structure in the /bid endpoint base
on the data provided by Prebid.js.

Create unit tests.

feat: max-852: Prebid: Log bid win to adserver (prebid#3)

> Related PRs https://github.com/mobkoi/adserver/pull/6

adserver](https://mobkoi.atlassian.net/browse/MAX-852)

Implement logging of bid wins directly to the ad server.

Sub-tasks:

Capture winning bid events in the Prebid.js custom adapter in various
steps of biding process.

feat: max-853: Prebid: Log bid loss to adserver (prebid#4)

adserver](https://mobkoi.atlassian.net/browse/MAX-853)

Implement logging of failed bid events for monitoring purposes.

Sub-tasks:

Initialise a Prebid custom analytic adapter.

Capture bid failure events within Prebid.js during various steps of the
bidding process

Initialise the endpoint for receiving bid loss signals.

Logs will log into Grafana, but this will be done in a separate ticket

feat: max-876: Prebid: Analytic Adapter Log debug info to adserver (prebid#5)

> Related PR: https://github.com/mobkoi/adserver/pull/10

adserver](https://mobkoi.atlassian.net/browse/MAX-876)

Add logging for debugging information to assist with monitoring and
troubleshooting.

Sub-tasks

Record events at different stages of bid processing on the client side
via the custom analytic adapter

Save event messages locally on the client.

Tag each message with one of three levels: info, warn, or debug.

feat: writing unit tests for mobkoi adapters (prebid#6)

Co-authored-by: nvkftw <kevin.gallet@mobkoi.com>

updated doc description

added the missing mobkoiBidAdapter md

small fix for our unit test

added intergration with mobkoi getuid and setuid endpoint

double encoded the setuid callback

added mobkoiIdSystem module

got a working smartadserver sync url from provided example

got a working equativ url

before rollback to ajax call for equativ intergration

WIP testing droping pixel in iframe

feat: max-970: Prebid.js Bidder Adapter: Retrieve Adapter Parameters from Bid Configuration Object (prebid#8)

Configuration Object](https://mobkoi.atlassian.net/browse/MAX-970)

At this stage, we are only focused on bid win events, so there is no
need for analytics adapter integration yet. To streamline the
publisher's configuration for our custom bid adapter integration, we
retrieve adapter parameters directly from the bid configuration object
instead of using "bidderConfiguration."

updated bid adapter doc

wip equativ pixel in an iframe

approvated concept cookie sync work on client side

code tidy up for the working cookie solution

removed the need for cookieName param

matches the backend endpoint name changes

feat: max-956: We need the placement ID from Tag and HB Connector to be past to the AdServer (prebid#9)

the AdServer](https://mobkoi.atlassian.net/browse/MAX-956)

removed unexpected code

transfer the user id to ortb2 request body and set the field to null if not avaiable

fixed a minor bug

enabed consent string

added unit tests for mobkoi ID system module

fixed a minor bug

removed the code that wrapping URL in URL objects. It just make things complicated

fixed the publisher ID in macro issue

clean up branch for offical PR

pass the expiration value when setting storage using the storage manager

updated id system module md

pass expire setting to storage

* code tidy up

* switch to getStorageManager instead of getCoreStorageManager

* add mobkoiIdSystem to modules/.submodules.json file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@orca-security-us orca-security-us[bot] orca-security-us[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants