WebCeph icon indicating copy to clipboard operation
WebCeph copied to clipboard
verified publisher icon forabi

Bump the npm_and_yarn group across 1 directory with 31 updates

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package From To
jszip 3.1.3 3.8.0
lodash 4.17.4 4.17.21
moment 2.17.1 2.29.4
express 4.14.1 4.19.2
karma 1.4.1 6.3.16
minimist 1.2.0 1.2.6
node-sass 4.5.0 7.0.0
webpack-dev-middleware 1.10.0 5.3.4
brace-expansion 1.1.6 1.1.11
browserify-sign 4.0.0 4.2.3
es5-ext 0.10.12 0.10.64
extend 3.0.0 3.0.2
fsevents 1.0.15 1.2.13
handlebars 4.0.6 4.7.8
hosted-git-info 2.1.5 2.8.9
is-my-json-valid 2.15.0 2.20.6
lodash-es 4.17.2 4.17.21
macaddress 0.2.8 0.2.9
sshpk 1.10.1 1.18.0
thenify 3.2.1 3.3.1
y18n 3.2.1 3.2.2

Updates jszip from 3.1.3 to 3.8.0

Changelog

Sourced from jszip's changelog.

v3.8.0 2022-03-30

  • Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

  • Fix build of dist files.
    • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

v3.7.0 2021-07-23

  • Fix: Use a null prototype object for this.files (see #766)
    • This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

v3.6.0 2021-02-09

  • Fix: redirect main to dist on browsers (see #742)
  • Fix duplicate require DataLengthProbe, utils (see #734)
  • Fix small error in read_zip.md (see #703)

v3.5.0 2020-05-31

  • Fix 'End of data reached' error when file extra field is invalid (see #544).
  • Typescript definitions: Add null to return types of functions that may return null (see #669).
  • Typescript definitions: Correct nodeStream's type (see #682)
  • Typescript definitions: Add string output type (see #666)

v3.4.0 2020-04-19

  • Add Typescript type definitions (see #601).

v3.3.0 2020-04-1

  • Change browser module resolution to support Angular packager (see #614).

v3.2.2 2019-07-04

  • No public changes, but a number of testing dependencies have been updated.
  • Tested browsers are now: Internet Explorer 11, Chrome (most recent) and Firefox (most recent). Other browsers (specifically Safari) are still supported however testing them on Saucelabs is broken and so they were removed from the test matrix.

v3.2.1 2019-03-22

  • Corrected built dist files

v3.2.0 2019-02-21

  • Update dependencies to reduce bundle size (see #532).
  • Fix deprecated Buffer constructor usage and add safeguards (see #506).

v3.1.5 2017-11-09

  • Fix IE11 memory leak (see #429).
  • Handle 2 nodejs deprecations (see #459).
  • Improve the "unsupported format" error message (see #461).

... (truncated)

Commits
  • 3b98cfc 3.8.0
  • 2edab36 Sanitize filenames with loadAsync to prevent zip slip attacks
  • 1f631b0 Update contributing
  • 459ff79 Add tests for utils that remove leading slash
  • d4702a7 Merge pull request #541 from PatricSteffen/patch-1
  • 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
  • 85c4989 Merge pull request #796 from Stuk/ghci
  • 40cc7f4 Add dependency caching
  • 5ee321e Install deps needed for Playwright on Github Actions
  • eeb841e Remove code and dependencies used for Saucelabs
  • Additional commits viewable in compare view

Updates lodash from 4.17.4 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates moment from 2.17.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits

Updates express from 4.14.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: [email protected]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates karma from 1.4.1 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

  • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

  • remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

  • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

  • logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits
  • ab4b328 chore(release): 6.3.16 [skip ci]
  • ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
  • c1befa0 chore(release): 6.3.15 [skip ci]
  • d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
  • 653c762 ci: prevent duplicate CI tasks on creating a PR
  • c97e562 chore(release): 6.3.14 [skip ci]
  • 91d5acd fix: remove string template from client code
  • 69cfc76 fix: warn when singleRun and autoWatch are false
  • 839578c fix(security): remove XSS vulnerability in returnUrl query param
  • db53785 chore(release): 6.3.13 [skip ci]
  • Additional commits viewable in compare view

Updates minimist from 1.2.0 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

  • security notice 4cf1354
  • additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

  • more failing proto pollution tests 13c01a5
  • even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

v1.2.1 - 2020-03-10

Merged

Commits

Commits

Updates node-sass from 4.5.0 to 7.0.0

Release notes

Sourced from node-sass's releases.

v7.0.0

Breaking changes

Features

Dependencies

Community

  • Remove double word "support" from documentation (@​pzrq, #3159)

Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Dependencies

Misc

Supported Environments

... (truncated)

Changelog

Sourced from node-sass's changelog.

v4.14.0

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

https://github.com/sass/node-sass/releases/tag/v4.12.0

v4.11.0

https://github.com/sass/node-sass/releases/tag/v4.11.0

v4.10.0

https://github.com/sass/node-sass/releases/tag/v4.10.0

v4.9.4

https://github.com/sass/node-sass/releases/tag/v4.9.4

v4.9.3

https://github.com/sass/node-sass/releases/tag/v4.9.3

v4.9.2

https://github.com/sass/node-sass/releases/tag/v4.9.2

v4.9.1

https://github.com/sass/node-sass/releases/tag/v4.9.1

v4.9.0

https://github.com/sass/node-sass/releases/tag/v4.9.0

v4.8.3

https://github.com/sass/node-sass/releases/tag/v4.8.3

v4.8.2

... (truncated)

Commits

Updates webpack-dev-middleware from 1.10.0 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

  • node types (#1195) (d68ab36)
  • compatibility with Node.js 18

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

v5.3.0

5.3.0 (2021-12-16)

Features

v5.2.2

5.2.2 (2021-11-17)

Chore

  • update schema-utils package to 4.0.0 version

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

5.3.2 (2022-05-17)

Bug Fixes

5.3.1 (2022-02-01)

Bug Fixes

5.3.0 (2021-12-16)

Features

5.2.2 (2021-11-17)

Chore

  • update schema-utils package to 4.0.0 version

5.2.1 (2021-09-25)

  • internal release, no visible changes and features

5.2.0 (2021-09-24)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-middleware since your current version.


Updates brace-expansion from 1.1.6 to 1.1.11

Release notes

Sourced from brace-expansion's releases.

v1.1.11

brace-expansion

Brace expansion, as known from sh/bash, in JavaScript.

build status downloads Greenkeeper badge

testling badge

Example

var expand = require('brace-expansion');

expand('file-{a,b,c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']


expand('-v{,,}')
// => ['-v', '-v', '-v']


expand('file{0..2}.jpg')
// => ['file0.jpg', 'file1.jpg', 'file2.jpg']


expand('file-{a..c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']


expand('file{2..0}.jpg')
// => ['file2.jpg', 'file1.jpg', 'file0.jpg']


expand('file{0..4..2}.jpg')
// => ['file0.jpg', 'file2.jpg', 'file4.jpg']


expand('file-{a..e..2}.jpg')
// => ['file-a.jpg', 'file-c.jpg', 'file-e.jpg']


expand('file{00..10..5}.jpg')
// => ['file00.jpg', 'file05.jpg', 'file10.jpg']


expand('{{A..C},{a..c}}')
// => ['A', 'B', 'C', 'a', 'b', 'c']


expand('ppp{,config,oe{,conf}}')
// => ['ppp', 'pppconfig', 'pppoe', 'pppoeconf']

API

... (truncated)

Commits

Updates braces from 0.1.5 to 1.8.5

Changelog

Sourced from braces's changelog.

[1.8.5] - 2016-05-21

  • Refactor (#10)

[1.8.4] - 2016-04-20

[1.8.0] - 2015-03-18

[1.6.0] - 2015-01-30

  • optimizations, bash mode:
  • improve path escaping

[1.5.0] - 2015-01-28

  • Merge pull request #5 from eush77/lib-files

[1.4.0] - 2015-01-24

  • add extglob tests
  • externalize exponent function
  • better whitespace handling

[1.3.0] - 2015-01-24

  • make regex patterns explicity

[1.1.0] - 2015-01-11

  • don't create a match group with makeRe

[1.0.0] - 2014-12-23

  • Merge commit '97b05f5544f8348736a8efaecf5c32bbe3e2ad6e'
  • support empty brace syntax
  • better bash coverage
  • better support for regex strings

[0.1.4] - 2014-11-14

  • improve recognition of bad args, recognize mismatched argument types
  • support escaping
  • remove pathname-expansion
  • support whitespace in patterns

... (truncated)

Commits

Updates browserify-sign from 4.0.0 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

  • Only apps should have lockfiles 09a8995
  • [eslint] switch to eslint 83fe463
  • [meta] add npmignore and auto-changelog 4418183
  • [meta] fix package.json indentation 9ac5a5e
  • [Tests] migrate from travis to github actions d845d85
  • [Fix] sign: throw on unsupported padding scheme 8767739
  • [Fix] properly check the upper bound for DSA signatures 85994cd
  • [Tests] handle openSSL not supporting a scheme f5f17c2
  • [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
  • [Dev Deps] update nyc, standard, tape cc5350b
  • [Tests] always run coverage; downgrade nyc 75ce1d5
  • [meta] add safe-publish-latest dcf49ce
  • [Tests] add npm run posttest 75dd8fd
  • [Dev Deps] update tape 3aec038
  • [Tests] skip unsupported schemes 703c83e
  • [Tests] node < 6 lacks array includes 3aa43cf
  • [Dev Deps] fix eslint range 98d4e0d

Description%20has%20been%20truncated

%0A" rel="nofollow" target="_blank" >

dependabot[bot] avatar Apr 09 '24 21:04 dependabot[bot]