Bump tar, web3 and serverless#11
Conversation
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependencies [tar](https://github.com/isaacs/node-tar), [web3](https://github.com/ChainSafe/web3.js) and [serverless](https://github.com/serverless/serverless). These dependencies need to be updated together. Removes `tar` Updates `web3` from 1.7.5 to 4.16.0 - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](web3/web3.js@v1.7.5...v4.16.0) Updates `serverless` from 3.22.0 to 4.38.1 - [Release notes](https://github.com/serverless/serverless/releases) - [Changelog](https://github.com/serverless/serverless/blob/main/RELEASE_PROCESS.md) - [Commits](https://github.com/serverless/serverless/compare/v3.22.0...sf-core@4.38.1) --- updated-dependencies: - dependency-name: tar dependency-version: dependency-type: indirect - dependency-name: web3 dependency-version: 4.16.0 dependency-type: direct:production - dependency-name: serverless dependency-version: 4.38.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
Removes tar. It's no longer used after updating ancestor dependencies tar, web3 and serverless. These dependencies need to be updated together.
Removes
tarUpdates
web3from 1.7.5 to 4.16.0Release notes
Sourced from web3's releases.
Changelog
Sourced from web3's changelog.
... (truncated)
Commits
aa197b8add typescript and version bump to changelogs82ceab7update web3-types2b7cf1cv4.16.0 release926044bchore(deps-dev): bump http-proxy-middleware from 2.0.6 to 2.0.7 (#7407)7a8df69update typescript version to 5 (#7272)984cb7cchore(deps): bump cross-spawn from 7.0.3 to 7.0.6 (#7404)3b122a2fix: upgrade@cookbookdev/docsbotfrom 4.24.0 to 4.24.4 (#7403)56d4aecReplaces #7390, #7391, & #7400 (#7401)6379aa8fix: remove force exit from blackbox tests (#7397)5437fbcfix: upgrade@mdx-js/reactfrom 3.0.1 to 3.1.0 (#7395)Maintainer changes
This version was pushed to npm by luu-alex, a new releaser for web3 since your current version.
Updates
serverlessfrom 3.22.0 to 4.38.1Release notes
Sourced from serverless's releases.
... (truncated)
Commits
fb7ac39chore: release 4.38.1 (#13658)7565a78chore(deps): bump undici (#13657)56e78c1chore: release 4.38.0 (#13651)27daceachore(deps): bump golang.org/x/mod in /binary-installer (#13650)384a7e4fix(agentcore): unpin heroku/builder digest; add artifact.image.builder overr...ea79235fix(api-gateway): use resolved API Gateway stage for stage tags and service e...a2804b0chore(deps): bump the npm_and_yarn group across 13 directories with 2 updates...90183bcchore(deps): update package-lock.json (#13648)64e189cfeat(agentcore): support Python 3.14 and improve agent runtime validation (#1...312a842chore(deps): bump the actions group with 2 updates (#13641)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for serverless since your current version.
Install script changes
This version modifies
postinstallscript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.