Skip to content

Bump immutable from 5.1.3 to 5.1.5 in /backend#110

Open
dependabot[bot] wants to merge 8 commits into
masterfrom
dependabot/npm_and_yarn/backend/immutable-5.1.5
Open

Bump immutable from 5.1.3 to 5.1.5 in /backend#110
dependabot[bot] wants to merge 8 commits into
masterfrom
dependabot/npm_and_yarn/backend/immutable-5.1.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 4, 2026

Copy link
Copy Markdown
Contributor

Bumps immutable from 5.1.3 to 5.1.5.

Release notes

Sourced from immutable's releases.

v5.1.5

What's Changed

Full Changelog: immutable-js/immutable-js@v5.1.4...v5.1.5

v5.1.4

What's Changed

Documentation

Internal

New Contributors

Full Changelog: immutable-js/immutable-js@v5.1.3...v5.1.4

Changelog

Sourced from immutable's changelog.

5.1.5

  • Fix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

5.1.4

Documentation

Internal

Commits
  • b37b855 5.1.5
  • 16b3313 Merge commit from fork
  • fd2ef49 fix new proto key injection
  • 6734b7b fix Prototype Pollution in mergeDeep, toJS, etc.
  • 6f772de Merge pull request #2175 from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0
  • 5f3dc61 Bump rollup from 4.34.8 to 4.59.0
  • 049a594 Merge pull request #2173 from immutable-js/dependabot/npm_and_yarn/lodash-4.1...
  • 2481a77 Merge pull request #2172 from mrazauskas/update-tstyche
  • eb04779 Bump lodash from 4.17.21 to 4.17.23
  • b973bf3 format
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for immutable since your current version.


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Mandrak-Kimigo and others added 8 commits October 18, 2025 12:53
* désactivation colonne fees et suppression symbole monétaire pour tableurs

* bad syntax

* Suppression de la colonne stock

Suppression de l'import / export suite à la nouvelle gestion des stocks

* Ajout GroupDisabledReason SUSPENDED

Non participation aux frais

* MantisBT 0000237

Error#500: "from" date should be earlier than "to" date.

* Catch error 500 from TimeFrame

* Catch error 500

* MantisBT 237

Supression de l'affichage de la boite de date en haut du formulaire qui ne sert plus puisque toutes les dates sont affichées dans la page, et qui fait planter l'appli

* MantisBT 237

Réduction du timeframe à 1 an

* MantisBT 237

typo

* MantisBT 237

* MantisBT 237

* MantisBT 237

* MantisBT 237

* MantisBT 237

* MantisBT 237

* v2.0.4

* MantisBT 238

Correction bug introduit par v2.0.2

* v2.0.5

* MantisBT 238

Correction bug introduit par v2.0.2

* debug msg

* debug msg

* debug msg

* debug msg

* debug msg

* debug msg

* debug

* debug

* debug

* MantisBT 238

Remove debug msg and validate fixes

* MantisBT 238

Ajout test sur nouvelle absence dans le passé

* MantisBT 223 the retour of the bug

bug réapparu suite au fix du 238

* MantisBT 223 the retour of the bug

boucle la

* MantisBT 223 the retour of the bug

bad check ?

* MantisBT 223 the retour of the bug

Ajout du check des absences sur la date de début modifiée

* MantisBT 223 the retour of the bug

Modification du message d'erreur

* v2.0.6

* Bump path-to-regexp from 1.8.0 to 1.9.0 in /frontend

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump rollup from 2.79.1 to 2.79.2 in /frontend

Bumps [rollup](https://github.com/rollup/rollup) from 2.79.1 to 2.79.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v2.79.1...v2.79.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump elliptic from 6.5.5 to 6.6.1 in /frontend

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.5 to 6.6.1.
- [Commits](indutny/elliptic@v6.5.5...v6.6.1)

---
updated-dependencies:
- dependency-name: elliptic
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump shell-quote from 1.6.1 to 1.8.2 in /backend

Bumps [shell-quote](https://github.com/ljharb/shell-quote) from 1.6.1 to 1.8.2.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.6.1...v1.8.2)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* v2.0.6 (#71) (#76)

* MantisBT 223 the retour of the bug

bug réapparu suite au fix du 238

* v2.0.6

* v2.0.7

* Bump react-router and react-router-dom in /frontend

Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom). These dependencies needed to be updated together.

Updates `react-router` from 4.3.1 to 7.5.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.5.2/packages/react-router)

Updates `react-router-dom` from 4.3.1 to 7.5.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.5.2/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: react-router
  dependency-version: 7.5.2
  dependency-type: direct:production
- dependency-name: react-router-dom
  dependency-version: 7.5.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Enlevé un lien mort vers polyfill.io

* resolution de conflit de packages front

* chaque ligne produit d'une commande embarque la quantité de référence au moment de la commande, elle ne peut pas etre modifiée si le produit de référence a changé depuis la commande

* fix les documents publiques liés aux catalogues ne sont pas visible sur la page publique du groupe

* ajout des options d'envoi de mail à la fermeture de la commande - l'envoi n'est pas implementé pour les coordinateurs

* envoi mail pour contrat constant, envoi mail au coordinateur, ajout liste nouvelles souscriptions au mail fin de commande

* cursor rules

* add tooling to compile strings from the project without external tool

* redesign des boutons de la page contractAdmin/selectDistrib

* restructure le menu en haut à droite te ajoute une icone dropdown

* Evolutions 2025 batch 1 (#78)

* v2.0.6 (#71)

* MantisBT 223 the retour of the bug

bug réapparu suite au fix du 238

* v2.0.6

* Bump path-to-regexp from 1.8.0 to 1.9.0 in /frontend

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump rollup from 2.79.1 to 2.79.2 in /frontend

Bumps [rollup](https://github.com/rollup/rollup) from 2.79.1 to 2.79.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v2.79.1...v2.79.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump elliptic from 6.5.5 to 6.6.1 in /frontend

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.5 to 6.6.1.
- [Commits](indutny/elliptic@v6.5.5...v6.6.1)

---
updated-dependencies:
- dependency-name: elliptic
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump shell-quote from 1.6.1 to 1.8.2 in /backend

Bumps [shell-quote](https://github.com/ljharb/shell-quote) from 1.6.1 to 1.8.2.
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.6.1...v1.8.2)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump react-router and react-router-dom in /frontend

Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) and [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom). These dependencies needed to be updated together.

Updates `react-router` from 4.3.1 to 7.5.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.5.2/packages/react-router)

Updates `react-router-dom` from 4.3.1 to 7.5.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.5.2/packages/react-router-dom)

---
updated-dependencies:
- dependency-name: react-router
  dependency-version: 7.5.2
  dependency-type: direct:production
- dependency-name: react-router-dom
  dependency-version: 7.5.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Enlevé un lien mort vers polyfill.io

* resolution de conflit de packages front

* chaque ligne produit d'une commande embarque la quantité de référence au moment de la commande, elle ne peut pas etre modifiée si le produit de référence a changé depuis la commande

* fix les documents publiques liés aux catalogues ne sont pas visible sur la page publique du groupe

* ajout des options d'envoi de mail à la fermeture de la commande - l'envoi n'est pas implementé pour les coordinateurs

* envoi mail pour contrat constant, envoi mail au coordinateur, ajout liste nouvelles souscriptions au mail fin de commande

* cursor rules

* add tooling to compile strings from the project without external tool

* redesign des boutons de la page contractAdmin/selectDistrib

* restructure le menu en haut à droite te ajoute une icone dropdown

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Amaury <108131079+Mandrak-Kimigo@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix stabilité de la plage de dates quand on manipule la participation aux distributions dans contractAdmin/distributions

* prerempli le montant de la balance dans la feuille de saisie des paiements

* ajout du bouton preremplir tout

* ajout de scripts pour rapidement traduire depuis le repo

* fix remplissage avec montant négtif

* fix bouton export rapide depuis list des commandes

* #172 fix probleme avec les noms longs

* fix preremplissage des montants

* normalise l'affichage des noms et les methodes de tri de slistes d'utilisateurs

* fix sql orderby (pas de collate posible)

* fix datepicker sur la page catalog/edit

* tryfix probleme d'arrondi sur les montants preremplis (neko/templo ?)

* fix typo

* fix affichage nom sur page member/view

* fix affichage du nom dans contractadmin/souscriptionpayment

* utilisation du neomodule csaCatalogSubscription au lieu de la macro souscription, permet la modification des absences en mode admin

* fis sort en utilisant bien la clé de sort complete

* Revert "chaque ligne produit d'une commande embarque la quantité de référence au moment de la commande, elle ne peut pas etre modifiée si le produit de référence a changé depuis la commande"

This reverts commit 6a91418.

* bloque les options de modification de quantité et unité de base et les remplace par un bouton pour dupliquer le produit

* affiche la quantité au sein du message si modification impossible

* fix appels a getCoupleName sans arguments

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: renaud <renaud.bardet@lonestone.io>
Updated the Docker publish workflow to include tag verification and multi-architecture support.
This workflow publishes Docker images to GitHub Container Registry for feature branches and tags. It includes verification steps to ensure compliance with feature rules and prevents builds from merging into main branches if configured.
Bumps [immutable](https://github.com/immutable-js/immutable-js) from 5.1.3 to 5.1.5.
- [Release notes](https://github.com/immutable-js/immutable-js/releases)
- [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md)
- [Commits](immutable-js/immutable-js@v5.1.3...v5.1.5)

---
updated-dependencies:
- dependency-name: immutable
  dependency-version: 5.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 4, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant