Skip to content

Bump underscore and azure-storage in /Tools#688

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/Tools/multi-537ff12623
Open

Bump underscore and azure-storage in /Tools#688
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/Tools/multi-537ff12623

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 3, 2026

Bumps underscore to 1.13.8 and updates ancestor dependency azure-storage. These dependencies need to be updated together.

Updates underscore from 1.8.3 to 1.13.8

Commits
  • 9374840 Merge branch 'release/1.13.8'
  • 309ad7e Re-generate annotated sources and minified codemaps
  • a1ac1d3 Add links to diff and docs in 1.13.8 change log entry
  • b579595 Mention CVE-2026-27601 in comments and documentation (#3011)
  • 45ea015 Revert obfuscations from 42823bb.
  • 4a4019e Update minified bundles
  • 1ccfdd0 Add preliminary release notes for 1.13.8
  • 42823bb Temporarily obfuscate comments
  • a6e23ae Make _.isEqual nonrecursive
  • f2b5164 Add regression test against stack overflow in _.isEqual
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates azure-storage from 2.10.2 to 2.10.7

Release notes

Sourced from azure-storage's releases.

Storage Client Library 2.10.3

2019.04 Version 2.10.3

  • Fixed callback not being called in _getBlobToLocalFile.
  • Removed retryInfo.retryable check in retrypolicyfilter.js.
  • Removed comment about maxResults.
  • Fixed Travis-CI failed validation.
  • Updated latest links and descriptions to V10 SDK in readme.md.
  • Fixed some errors are thrown in a inner async callback which cannot be caught.
Changelog

Sourced from azure-storage's changelog.

Note: This is an Azure Storage only package. The all up Azure node sdk still has the old storage bits in there. In a future release, those storage bits will be removed and an npm dependency to this storage node sdk will be taken. This is a GA release and the changes described below indicate the changes from the Azure node SDK 0.9.8 available here - https://github.com/Azure/azure-sdk-for-node.

2021.12 Version 2.10.7

  • Update to use more recent version of dependencies.

2021.12 Version 2.10.6

  • Upgraded validator to 13.7.0.
  • Upgraded json-schema to 0.4.0.
  • Fixed an issue where customized retry interval doesn't take effact.

2021.09 Version 2.10.5

  • Upgraded validator to 13.6.0.

2020.05 Version 2.10.4

  • Upgraded underscore to 1.12.1.
  • Added host property to StorageServiceClient.

2019.04 Version 2.10.3

  • Fixed callback not being called in _getBlobToLocalFile.
  • Removed retryInfo.retryable check in retrypolicyfilter.js.
  • Removed comment about maxResults.
  • Fixed Travis-CI failed validation.
  • Updated latest links and descriptions to V10 SDK in readme.md.
  • Fixed some errors are thrown in a inner async callback which cannot be caught.

2018.10 Version 2.10.2

ALL

  • Upgrade xmlbuilder to 9.0.7 and extend to 3.0.2 to avoid vulnerabilities.
  • Removed deprecated Buffer constructor calls in favor of static methods Buffer.from and Buffer.alloc.
  • Added JSv10 link and docs.microsoft.com link.
  • Improved documents.

BLOB

  • Added typescript declarations to listBlobDirectoriesSegmented and listBlobDirectoriesSegmentedWithPrefix.

FILE

  • Fixed an issue that empty text isn’t supported in createFileFromText.

TABLE

  • Fixed an issue that uncaught TypeError could be thrown from createTable when request is not sent properly.

2018.08 Version 2.10.1

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump underscore and azure-storage in /Tools
1535ccb 
Bumps [underscore](https://github.com/jashkenas/underscore) to 1.13.8 and updates ancestor dependency [azure-storage](https://github.com/Azure/azure-storage-node). These dependencies need to be updated together.


Updates `underscore` from 1.8.3 to 1.13.8
- [Commits](jashkenas/underscore@1.8.3...1.13.8)

Updates `azure-storage` from 2.10.2 to 2.10.7
- [Release notes](https://github.com/Azure/azure-storage-node/releases)
- [Changelog](https://github.com/Azure/azure-storage-node/blob/master/ChangeLog.md)
- [Commits](https://github.com/Azure/azure-storage-node/commits)

---
updated-dependencies:
- dependency-name: underscore
  dependency-version: 1.13.8
  dependency-type: indirect
- dependency-name: azure-storage
  dependency-version: 2.10.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies javascript Pull requests that update Javascript code labels Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants