[PR #377] [MERGED] Bump webpack-merge from 4.2.2 to 5.1.3 #431

New issue

Closed

opened 2026-02-26 06:30:46 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 06:30:46 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/nextcloud/twofactor_gateway/pull/377
Author: @dependabot-preview[bot]
Created: 8/31/2020
Status: ✅ Merged
Merged: 8/31/2020
Merged by: @dependabot-preview[bot]

Base: master ← Head: dependabot/npm_and_yarn/webpack-merge-5.1.3

---

📝 Commits (1)

• 37c4e8d Bump webpack-merge from 4.2.2 to 5.1.3

📊 Changes

2 files changed (+32 additions, -11 deletions)

View changed files

📝 package-lock.json (+31 -10)
📝 package.json (+1 -1)

📄 Description

Bumps webpack-merge from 4.2.2 to 5.1.3.

Changelog

Sourced from webpack-merge's changelog.

5.1.3 / 2020-08-30

• Fix - Allow merging a RegExp to itself #145

5.1.2 / 2020-08-18

• Fix - Allow overriding an object field with null #144

5.1.1 / 2020-08-04

• Fix - Drop <reference types="webpack-dev-server" /> from index.d.ts #143

5.1.0 / 2020-08-03

• Feature - Expose merge as default for backwards-compatibility with TypeScript. Now import merge from "webpack-merge"; works there. In CommonJS, the default alias is exposed through default property due to technical constraints.

5.0.9 / 2020-07-09

• Fix - Don't crash on merge() and merge([]). Now {} is returned in these corner cases.

5.0.8 / 2020-07-07

• Fix - Support Node 10 #138

5.0.7 / 2020-07-06

• Fix - Drop tslib dependency by setting "importHelpers": false,

5.0.6 / 2020-07-06

• Fix - Add tslib to dependencies

5.0.5 / 2020-07-06

• Tech - Optimize build size (UMD isn't needed)

5.0.4 / 2020-07-06

• Documentation - Use CommonJS imports at the examples. #137

5.0.3 / 2020-07-06

• Feature - Support TypeScript out of the box. #84 #86 #95 #110 #112
• Deprecation - merge.smart has been dropped as it's tricky to support all the corner cases. Instead, it's better to use the provided utilities to put together a merge that fits your case.
• Deprecation - mergeStrategy has been dropped in favor of using mergeWithCustomize with customizeArray and customizeObject.
• Deprecation - merge.multiple has been dropped as the functionality was too specific and it's better to implement in the user space if needed.
• Breaking - merge has been moved as a regular import (i.e. import { merge } from 'webpack-merge').
• Breaking - Merge customization has been moved behind mergeWithCustomize.
• Breaking - Bump supported Node version to 12
• Feature - customizeArray supports wildcards now. Example: 'entry.*': 'prepend'. #45 #99

Commits

• fcd5167 5.1.3
• fd8449b fix: Allow merging a RegExp to itself
• 17fb00f fix: Drop .only from test
• f65cc3d 5.1.2
• 4eb811c fix: Allow overriding an object field with null
• 2e8780e 5.1.1
• b762ff4 chore: Update changelog
• a68b069 chore: Update dev dependencies
• 455ca91 5.1.0
• a282242 feat: Expose merge through default for TypeScript
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/nextcloud/twofactor_gateway/pull/377 **Author:** [@dependabot-preview[bot]](https://github.com/apps/dependabot-preview) **Created:** 8/31/2020 **Status:** ✅ Merged **Merged:** 8/31/2020 **Merged by:** [@dependabot-preview[bot]](https://github.com/apps/dependabot-preview) **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/webpack-merge-5.1.3` --- ### 📝 Commits (1) - [`37c4e8d`](https://github.com/nextcloud/twofactor_gateway/commit/37c4e8d4234e4afc1788a6c5774b0f78330d3208) Bump webpack-merge from 4.2.2 to 5.1.3 ### 📊 Changes **2 files changed** (+32 additions, -11 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+31 -10) 📝 `package.json` (+1 -1) </details> ### 📄 Description Bumps [webpack-merge](https://github.com/survivejs/webpack-merge) from 4.2.2 to 5.1.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/survivejs/webpack-merge/blob/master/CHANGELOG.md">webpack-merge's changelog</a>.</em></p> <blockquote> <h2>5.1.3 / 2020-08-30</h2> <ul> <li>Fix - Allow merging a <code>RegExp</code> to itself <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/145">#145</a></li> </ul> <h2>5.1.2 / 2020-08-18</h2> <ul> <li>Fix - Allow overriding an object field with <code>null</code> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/144">#144</a></li> </ul> <h2>5.1.1 / 2020-08-04</h2> <ul> <li>Fix - Drop <code>&lt;reference types=&quot;webpack-dev-server&quot; /&gt;</code> from <strong>index.d.ts</strong> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/143">#143</a></li> </ul> <h2>5.1.0 / 2020-08-03</h2> <ul> <li>Feature - Expose <code>merge</code> as <code>default</code> for backwards-compatibility with TypeScript. Now <code>import merge from &quot;webpack-merge&quot;;</code> works there. In CommonJS, the default alias is exposed through <code>default</code> property due to technical constraints.</li> </ul> <h2>5.0.9 / 2020-07-09</h2> <ul> <li>Fix - Don't crash on <code>merge()</code> and <code>merge([])</code>. Now <code>{}</code> is returned in these corner cases.</li> </ul> <h2>5.0.8 / 2020-07-07</h2> <ul> <li>Fix - Support Node 10 <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/138">#138</a></li> </ul> <h2>5.0.7 / 2020-07-06</h2> <ul> <li>Fix - Drop tslib dependency by setting <code>&quot;importHelpers&quot;: false,</code></li> </ul> <h2>5.0.6 / 2020-07-06</h2> <ul> <li>Fix - Add tslib to dependencies</li> </ul> <h2>5.0.5 / 2020-07-06</h2> <ul> <li>Tech - Optimize build size (UMD isn't needed)</li> </ul> <h2>5.0.4 / 2020-07-06</h2> <ul> <li>Documentation - Use CommonJS imports at the examples. <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/137">#137</a></li> </ul> <h2>5.0.3 / 2020-07-06</h2> <ul> <li>Feature - Support TypeScript out of the box. <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/84">#84</a> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/86">#86</a> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/95">#95</a> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/110">#110</a> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/112">#112</a></li> <li>Deprecation - <code>merge.smart</code> has been dropped as it's tricky to support all the corner cases. Instead, it's better to use the provided utilities to put together a <code>merge</code> that fits your case.</li> <li>Deprecation - <code>mergeStrategy</code> has been dropped in favor of using <code>mergeWithCustomize</code> with <code>customizeArray</code> and <code>customizeObject</code>.</li> <li>Deprecation - <code>merge.multiple</code> has been dropped as the functionality was too specific and it's better to implement in the user space if needed.</li> <li>Breaking - <code>merge</code> has been moved as a regular import (i.e. <code>import { merge } from 'webpack-merge'</code>).</li> <li>Breaking - Merge customization has been moved behind <code>mergeWithCustomize</code>.</li> <li>Breaking - Bump supported Node version to 12</li> <li>Feature - <code>customizeArray</code> supports wildcards now. Example: <code>'entry.*': 'prepend'</code>. <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/45">#45</a> <a href="https://github-redirect.dependabot.com/survivejs/webpack-merge/issues/99">#99</a></li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/survivejs/webpack-merge/commit/fcd51678b43d8a92957d1400b27a96beeb42d933"><code>fcd5167</code></a> 5.1.3</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/fd8449bd840830f791e66f3b4873d1c268bbe98c"><code>fd8449b</code></a> fix: Allow merging a RegExp to itself</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/17fb00fa22d5999682e473b9026c057b8b7888c9"><code>17fb00f</code></a> fix: Drop .only from test</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/f65cc3dc50a5958774b4ca2e1e849c4513c6de95"><code>f65cc3d</code></a> 5.1.2</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/4eb811cea573fc7cf600a750ae4aec32708864d0"><code>4eb811c</code></a> fix: Allow overriding an object field with null</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/2e8780ead820b9b2eecb13f394613acf325c0d91"><code>2e8780e</code></a> 5.1.1</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/b762ff4fcf0587c9c22d461ec24ea92facc42a72"><code>b762ff4</code></a> chore: Update changelog</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/a68b069e7c1fd8c9719587fe7bd850a222778e8e"><code>a68b069</code></a> chore: Update dev dependencies</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/455ca91caf9be2140e7243769ce652b3cfbc9818"><code>455ca91</code></a> 5.1.0</li> <li><a href="https://github.com/survivejs/webpack-merge/commit/a28224266dd22de4604eac8bd2f1d06a62bceb51"><code>a282242</code></a> feat: Expose merge through default for TypeScript</li> <li>Additional commits viewable in <a href="https://github.com/survivejs/webpack-merge/compare/v4.2.2...v5.1.3">compare view</a></li> </ul> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=webpack-merge&package-manager=npm_and_yarn&previous-version=4.2.2&new-version=5.1.3) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) If all status checks pass Dependabot will automatically merge this pull request. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 06:30:46 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 06:30:57 +03:00

[PR #431] [MERGED] [Security] Bump elliptic from 6.5.3 to 6.5.4 #476

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

stable32

stable33

dependabot/npm_and_yarn/vue/test-utils-2.4.8

dependabot/npm_and_yarn/vue-3.5.33

dependabot/npm_and_yarn/vitest-4.1.5

dependabot/npm_and_yarn/nextcloud/axios-2.6.0

dependabot/npm_and_yarn/dompurify-3.4.1

feat/whatsapp-business-driver

stable31

v3.2.0

v2.4.0

v3.1.0

v2.3.0

v2.2.2

v3.0.2

v3.0.1

v2.2.1

v1.2.1

v3.0.0

v1.2.0

v2.2.0

v1.0.0

v2.0.0

v0.20.0

v0.19.0

v0.17.0

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.13

v0.12.0

v0.11.0

v0.11.0-beta1

v0.10.1

v0.10.1-beta1

v0.10.0

v0.10.0-beta1

v0.9.0

v0.9.0-beta1

v0.8.0

v0.8.0-beta1

v0.7.0

v0.7.0-beta2

v0.7.0-beta1

v0.6.1

v0.6.0

v0.5.0

v0.2.0

v0.2

Labels

Clear labels   

0. to triage

  

1. to develop

  

3. to review

  

blocked

  

bug

  

discussion

  

duplicate

  

enhancement

  

enhancement

  

gateway:signal

  

gateway:signal

  

gateway:signal

  

gateway:sms

  

gateway:telegram

  

hacktoberfest

  

help wanted

  

invalid

  

needs info

  

php

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

technical debt

No labels

0. to triage

1. to develop

3. to review

blocked

bug

discussion

duplicate

enhancement

enhancement

gateway:signal

gateway:signal

gateway:signal

gateway:sms

gateway:telegram

hacktoberfest

help wanted

invalid

needs info

php

pull-request

question

technical debt

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/twofactor_gateway-nextcloud#431

No description provided.