[Snyk] Upgrade: , , , cross-fetch, css-vars-ponyfill, globalize, intersection-observer, pepjs, requirejs-text, resize-observer-polyfill, tslib, web-animations-js, wicg-inert

[X-oss-byte]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@types/cldrjs
from 0.4.20 to 0.4.28 | 8 versions ahead of your current version | 10 months ago
on 2023-11-07
@types/globalize
from 0.0.34 to 0.0.37 | 3 versions ahead of your current version | 4 years ago
on 2020-05-15
@webcomponents/webcomponentsjs
from 2.5.0 to 2.8.0 | 3 versions ahead of your current version | a year ago
on 2023-03-30
cross-fetch
from 3.0.2 to 3.1.8 | 18 versions ahead of your current version | a year ago
on 2023-07-02
css-vars-ponyfill
from 2.3.0 to 2.4.9 | 12 versions ahead of your current version | 6 months ago
on 2024-03-05
globalize
from 1.4.0 to 1.7.0 | 6 versions ahead of your current version | 3 years ago
on 2021-08-02
intersection-observer
from 0.4.2 to 0.12.2 | 12 versions ahead of your current version | 2 years ago
on 2022-06-14
pepjs
from 0.4.2 to 0.5.3 | 5 versions ahead of your current version | 4 years ago
on 2020-12-01
requirejs-text
from 2.0.15 to 2.0.16 | 1 version ahead of your current version | 3 years ago
on 2021-04-08
resize-observer-polyfill
from 1.5.0 to 1.5.1 | 1 version ahead of your current version | 6 years ago
on 2018-12-09
tslib
from 1.9.3 to 1.14.1 | 8 versions ahead of your current version | 4 years ago
on 2020-10-09
web-animations-js
from 2.3.1 to 2.3.2 | 1 version ahead of your current version | 5 years ago
on 2019-06-25
wicg-inert
from 3.0.0 to 3.1.3 | 7 versions ahead of your current version | a month ago
on 2024-08-12

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Information Exposure SNYK-JS-NODEFETCH-2342118	539	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	539	No Known Exploit

Release notes

Package name: @types/cldrjs

• 0.4.28 - 2023-11-07
• 0.4.27 - 2023-10-18
• 0.4.26 - 2023-10-17
• 0.4.25 - 2023-09-04
• 0.4.24 - 2023-04-29
• 0.4.23 - 2023-04-18
• 0.4.22 - 2019-11-26
• 0.4.21 - 2019-11-26
• 0.4.20 - 2017-08-21

from @types/cldrjs GitHub release notes

Package name: @types/globalize

• 0.0.37 - 2020-05-15
• 0.0.36 - 2020-02-13
• 0.0.35 - 2019-12-07
• 0.0.34 - 2018-07-16

from @types/globalize GitHub release notes

Package name: @webcomponents/webcomponentsjs

• 2.8.0 - 2023-03-30
  

  @ webcomponents/[email protected]

• 2.7.0 - 2022-10-20
  

  @ webcomponents/[email protected]

• 2.6.0 - 2021-08-02
• 2.5.0 - 2020-10-21

from @webcomponents/webcomponentsjs GitHub release notes

Package name: cross-fetch

• 3.1.8 - 2023-07-02
  

  What's Changed

  • Restored caret range to node-fetch version for automatic feature and fix updates.

  Full Changelog: v3.1.7...v3.1.8

• 3.1.7 - 2023-07-01
  

  What's Changed

  • Updated node-fetch version to 2.6.12

  Full Changelog: v3.1.6...v3.1.7

• 3.1.7-test.0 - 2023-06-11
• 3.1.6 - 2023-05-14
• 3.1.5 - 2022-01-20
• 3.1.4 - 2021-04-02
• 3.1.4-alpha.0 - 2021-04-01
• 3.1.3 - 2021-03-30
• 3.1.3-alpha.6 - 2021-03-28
• 3.1.3-alpha.5 - 2021-03-28
• 3.1.3-alpha.4 - 2021-03-28
• 3.1.2 - 2021-03-19
• 3.1.1 - 2021-03-18
• 3.1.0 - 2021-03-13
• 3.0.6 - 2020-09-11
• 3.0.5 - 2020-06-14
• 3.0.4 - 2019-06-08
• 3.0.3 - 2019-05-25
• 3.0.2 - 2019-03-27

from cross-fetch GitHub release notes

Package name: css-vars-ponyfill

• 2.4.9 - 2024-03-05
  

  2.4.9

• 2.4.8 - 2022-07-29
  

  2.4.8

• 2.4.7 - 2021-09-01
  

  2.4.7

• 2.4.6 - 2021-07-26
  

  2.4.6

• 2.4.5 - 2021-04-30
  

  2.4.5

• 2.4.4 - 2021-04-26
  

  2.4.4

• 2.4.3 - 2021-01-31
  

  2.4.3

• 2.4.2 - 2020-11-21
  

  2.4.2

• 2.4.1 - 2020-11-05
  

  2.4.1

• 2.4.0 - 2020-11-03
  

  2.4.0

• 2.3.2 - 2020-06-22
• 2.3.1 - 2020-05-07
• 2.3.0 - 2020-04-27

from css-vars-ponyfill GitHub release notes

Package name: globalize

• 1.7.0 - 2021-08-02
  

  🎉 New Features

  • Currency: Add support for the new regular expression introduced in CLDR v38 @ stukalin
• 1.6.0 - 2020-09-08
  

  🎉 New Features

  • Packages: Bump Cldr.js up, use its latest updates #904
• 1.5.0 - 2020-03-25
  

  🎉 New Features

  • Number & Currency: Add format to parts support #679 #680 (via PR #891) by @ rxaviers
  • Currency: Fix code style (via PR #891) by @ rxaviers

  🐛 Fixes

  • Currency: pluralGenerator better error handling (via PR #891) by @ rxaviers
• 1.4.3 - 2020-03-19
  

  🐛 Fixes

  • Various: Escape '' as a single quote ' (via PR #890) by @ rxaviers
  • Various: Always un-register event listeners for CLDR validation ) #878 (via PR #889) by @ robaw
• 1.4.2 - 2019-03-07
  

  🐛 Fixes

  • Package.json: Don't publish examples/**/node_modules (via PR #859) by @ rxaviers
• 1.4.1 - 2019-03-06
  

  🐛 Fixes

  • Number: Remove unused code, fix strict mode (via PR #855) by @ ashubham
  • Unit: Fix exception using compound units with languages w/o "one" prop (via PR #850) by @ willsp
  • Unit: Use formatted value for compound units (via PR #839) by @ EdwardSalter
• 1.4.0 - 2018-07-17
  

  🎉 New Features

  • Number and Currency: Compact form support #416 (via PR #759) by Katie Sievert @ sieverk (revision fixes by Shiwani @ shivijais #805 and #830)
    • Formatting Compact Numbers (e.g., "14K")
    • Formatting Compact Currencies (e.g., "$1.2B")
  • Currency: Narrow symbol support (e.g., $ instead of HK$) #479 (via PR #738) by Gethin Webster @ gethinwebster

  🎉 Enhancements

  • Date: Add fractional seconds support #753 (via PR #763) by Matt York @ mattyork
  • Cldr: Bump cldrjs dependency up: ^0.5.0 by Christian Tellnes @ tellnes

  🐛 Fixes

  • Date: Fix leaking handler (via PR #806) by Alex Sexton @ SlexAxton and co-worker
  • Unit (runtime only): Fix unitFormatter when using optional numberFormatter #704 (via PR #719) by Nikola Kovacs @ nkovacs
  • Number: Fix a bug when setting the minimumFractionDigits or maximumFractionDigits options for number patterns that contain no fraction digits, such as for JPY #472, #565 (via PR #757) by Nova Patch @ patch
  • Number: Fix incorrect rounding precision when calculating significant digits #821 (via PR #830) by Shiwani @ shivijais

  ⚙️ Others

  • Examples update:
    • Webpack example: Support webpack 3 (via PR #812) by Adam Brons @ ambrons
    • Basic globalize-compiler example (via PR #637) by Jac @ jacalata
  • Documentation improvements/updates/fixes by @ gingerbbm, @ zky829, Nova Patch @ patch, Jörn Zaefferer @ jzaefferer, Kemal Ahmed @ goatandsheep
  • Chore: Update development dependencies by Rob Garrison @ Mottie

from globalize GitHub release notes

Package name: intersection-observer

• 0.12.2 - 2022-06-14
• 0.12.1 - 2022-06-14
• 0.12.0 - 2020-12-10
• 0.11.0 - 2020-06-23
• 0.10.0 - 2020-04-23
• 0.9.0 - 2020-04-17
• 0.8.0 - 2020-04-13
• 0.7.0 - 2019-05-10
• 0.6.0 - 2019-04-24
• 0.5.1 - 2018-10-22
• 0.5.0 - 2017-12-02
• 0.4.3 - 2017-11-10
• 0.4.2 - 2017-08-29

from intersection-observer GitHub release notes

Package name: pepjs

• 0.5.3 - 2020-12-01
  

  Last release of the 0.5.3 version before the repository is archived.

• 0.5.2 - 2019-04-15
• 0.5.1 - 2019-04-11
  

  0.5.1

• 0.5.0 - 2019-04-02
  

  0.5.0

• 0.4.3 - 2017-05-07
  
  • Add navigator.maxTouchPoints to current list of limitations (d1aa08d)
  • Add PE Level 2 twist and tangentialPressure props (2891ce5)
  • Capture: Add Element.hasPointerCapture() (#333, 7a5bc90)
  • Define navigator.maxTouchPoints as 0 when unknown (#332, b684991)
  • Dispatcher: Fix event propagation for IE10 (#320, 0fae1e5)
  • Dispatcher: IE10 does not support document.contains (3770a82)
  • Dispatcher: Do not propagate over removed nodes (#326, 3448030)
  • Document React usage via Pointable component (#255, 6ec9e84)
  • Fix incorrect radiusX/radiusY to width/height translation (e1a456c)
  • Tests: Handle subdirectories in W3C tests (12f6ce5)
  • Tests: Update to the latest W3C commit that isn't problematic (0c3e84b)
  • Tests: Update Chromedriver (#318, 4620037)
• 0.4.2 - 2016-09-29
  
  • Build: Add grunt-selenium-standalone (#244, 3d1060f)
  • Build: Update version references in the README during releases (#249, 35d17d8)
  • Build: Replace Esperanto with Rollup (#268, 82df764)
  • Build: Document how to build PEP; remove dependency on global grunt-cli (#294, 54022bd)
  • Capture: Assert target is connected (b8c0250)
  • Dispatcher: Pointercapture events are pointer events (#269, 4f5deef)
  • Dispatcher: Handle nested pointerenter/leave (#197, f075fb7)
  • Forward modifier keys from touch events (#304, b7a47c9)
  • Mouse: Mouse is always active pointer (#275, 04ae42f)
  • Mouse: Recover after out of document mouseup (#279, a9d1b71)
  • PointerEvent: set pressure to 0 unless pointer is down (#180, 00f2e8f)
  • Set button property to -1 if no mouse button is depressed (#173, 24e6d2a)
  • Touch: Remove touch-action-delay support (6ca690f)

from pepjs GitHub release notes

Package name: requirejs-text

• 2.0.16 - 2021-04-08
  

  2.0.16

• 2.0.15 - 2016-12-18
  

  2.0.15

from requirejs-text GitHub release notes

Package name: resize-observer-polyfill

• 1.5.1 - 2018-12-09
  
  • 854554b Fix issue #44
• 1.5.0 - 2017-11-16
  
  • fa71780 Added Flow types
  • 97e73ec Fix issue #26
  • def4c99 Fix issue #20
  • 733984e Enabled MutationObserver in IE 11 (#19)
  • 10d761d Partial fix for the issue #17

from resize-observer-polyfill GitHub release notes

Package name: tslib

• 1.14.1 - 2020-10-09
• 1.14.0 - 2020-10-06
• 1.13.0 - 2020-05-13
• 1.12.0 - 2020-05-12
• 1.11.2 - 2020-05-05
• 1.11.1 - 2020-02-27
• 1.11.0 - 2020-02-20
• 1.10.0 - 2019-06-10
• 1.9.3 - 2018-06-22

from tslib GitHub release notes

Package name: web-animations-js

• 2.3.2 - 2019-06-25
  

  2.3.2 - June 25 2019

  • Fix the wrapping IIFE of the prod bundle.
  • Minor fixes for Closure compilation compatibility.
  • Fixed Cannot set property _isFinished of #<Object> which has only a getter
• 2.3.1 - 2017-07-20
  
  • Fix missing web-animations.min.js issue

from web-animations-js GitHub release notes

Package name: wicg-inert

• 3.1.3 - 2024-08-12
  

  Really this just removes references to polyfill.io from documentation

• 3.1.2 - 2022-06-09
  

  • bump version and dependabot updates

  • Fix the versions we're running the tests on to those that don't support - those that do support are suddenly landing and lots of tests are about the polyfill not the native

  • add the package-lock updates

• 3.1.1 - 2021-02-19
  

  3.1.1

• 3.1.0 - 2020-10-30
  

  3.1.0

• 3.0.3 - 2020-05-20
  

  3.0.3

• 3.0.2 - 2020-02-06
  

  3.0.2

• 3.0.1 - 2020-01-27
  

  3.0.1

• 3.0.0 - 2019-09-23
  

  Adds a non-transpiled version of the library to the module field in `package.json.

  See v2.2.1 notes.

from wicg-inert GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 823e312

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.