Bump the npm_and_yarn group across 1 directory with 13 updates #1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 11 updates in the /Backend directory:
4.18.0
4.19.2
8.5.1
9.0.0
6.19.0
6.29.0
5.0.5
5.1.5
3.0.2
3.0.3
2.0.2
2.0.6
9.6.0
removed
2.0.15
2.0.22
4.1.0
4.1.1
5.7.1
5.7.2
6.1.11
6.2.1
Updates
express
from 4.18.0 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: [email protected]Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
jsonwebtoken
from 8.5.1 to 9.0.0Changelog
Sourced from jsonwebtoken's changelog.
Commits
e1fa9dc
Merge pull request from GHSA-8cf7-32gw-wr335eaedbf
chore(ci): remove github test actions job (#861)cd4163e
chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)ecdf6cc
fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...8345030
fix(sign&verify)!: Remove defaultnone
support fromsign
andverify
met...7e6a86b
Upload OpsLevel YAML (#849)74d5719
docs: update references vercel/ms references (#770)d71e383
docs: document "invalid token" error3765003
docs: fix spelling in README.md: Peak -> Peek (#754)a46097e
docs: make decode impossible to discover before verifyMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates
sequelize
from 6.19.0 to 6.29.0Release notes
Sourced from sequelize's releases.
... (truncated)
Commits
d3f5b5a
feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578)...53bd9b7
meta: fix null test getWhereConditions (#15705)13f2e89
fix: accept undefined in where (#15703)d9e0728
fix: throw if where receives an invalid value (#15699)48d6193
fix: update moment-timezone version (#15685)fd4afa6
feat(types): use retry-as-promised types for retry options to match documenta...1247c01
feat: add support for bigints (backport of #14485) (#15413)94beace
feat(postgres): add support for lock_timeout #15345 (#15355)7885000
fix(oracle): remove hardcoded maxRows value (#15323)bc39fd6
fix: fix parameters not being replaced when after $$ strings (#15307)Updates
sqlite3
from 5.0.5 to 5.1.5Release notes
Sourced from sqlite3's releases.
... (truncated)
Commits
6a806f8
v5.1.5edb1934
Fixed code execution vulnerability due to Object coercion3a48888
Updated bundled SQLite to v3.41.1c1440bd
Fixed rpath linker option when using a custom sqlite (#1654)93affa4
Update microsoft/setup-msbuild action to v1.36f6318e
v5.1.4aeafe25
Revert "Renamedmaster
references tomain
"57ce2d4
Fixed glib compatibility by downgrading to Ubuntu 20af8e567
Renamedmaster
references tomain
8fd18a3
Extracted function checking code into macroUpdates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
dottie
from 2.0.2 to 2.0.6Release notes
Sourced from dottie's releases.
Commits
03d7ee7
2.0.60371a92
Bump minimatch and mocha (#38)0715d4c
2.0.510e4b14
remove preventExtensions in transform()0edfecf
Bump pathval from 1.1.0 to 1.1.1 (#36)f840241
add maintenance noticeb183fff
remove mention of preventExtensionse0c8bae
2.0.47d3aee1
rudimentary proto guardingb48e227
add github action to run testsRemoves
got
Updates
nodemon
from 2.0.15 to 2.0.22Release notes
Sourced from nodemon's releases.
... (truncated)
Commits
c971fdc
Merge branch 'main' of github.com:remy/nodemonb9679a2
chore: supportersf7816e4
fix: remove ts mapping if loader present9f3ffdb
One more fixabc8522
Get rid of spawning shell windows if nodemon is started without console.b11ddd1
Merge branch 'main' of github.com:remy/nodemon204af11
chore: missing supporters1468397
fix: remove ts mapping if loader present26b1f0f
chore: add conventional commit checkadaafa1
One more fixUpdates
http-cache-semantics
from 4.1.0 to 4.1.1Commits
2449650
Update mocha560b2d8
Don't use regex to trim whitespaceb1bdb92
Remove linting package zooc20dc7e
Cache 308Updates
semver
from 5.7.1 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313
chore: release 5.7.22f8fd41
fix: better handling of whitespace (#585)deb5ad5
chore:@npmcli/template-oss
@4
.16.0Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
moment
from 2.29.3 to 2.30.1Changelog
Sourced from moment's changelog.
Commits
485d9a7
Build 2.30.1e048b09
Bump version to 2.30.1f9f2d58
Update changelog for 2.30.1a52ffb2
Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"ddd6809
Build 2.30.0be64d00
Bump version to 2.30.0ad41179
Update changelog for 2.30.063fe479
[misc] Make code ES6 compatible0f0195f
Revert "Merge pull request #5599 from Alanscut:issue_4985"15b82f5
Revert "Merge pull request #5597 from Alanscut:issue-5596"Updates
moment-timezone
from 0.5.34 to 0.5.45Release notes
Sourced from moment-timezone's releases.
Changelog
Sourced from moment-timezone's changelog.
Commits
16157c7
Build moment-timezone 0.5.452d2b9a3
Bump version to 0.5.450a32e82
ci: Update to latest version of all actions253bb00
Add editorconfig file for consistent indentation526030f
docs: Clarify data update PRs in contributing guide6c31d29
Merge pull request #1095 from moment/automated/data-update4d6bced
ci: Force running tests after updating data filesa276881
data: Add 2024aba275d2
ci: Allow downloading tzcode archive as well as tzdata6bf33a2
build(deps): bump@babel/traverse
from 7.17.3 to 7.23.2 (#1094)Maintainer changes
This version was pushed to npm by gilmoreorless, a new releaser for moment-timezone since your current version.
Updates
tar
from 6.1.11 to 6.2.1Release notes
Sourced from tar's releases.
Changelog
Sourced from tar's changelog.
... (truncated)
Commits
bef7b1e
6.2.1fe8cd57
prevent extraction in excessively deep subfoldersfe7ebfd
remove security.md5bc9d40
6.2.0fe1ef5e
changelog 6.2e483220
get rid of npm lint stuff689928a
ci that works outside of npm orgdb6f539
file inference improvements for .tbr and .tgz336fa8f
refactor: dry and other pr commentseeba222
chore: lint fixesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.