build(deps): bump the npm_and_yarn group across 8 directories with 17 updates

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
web3-utils	`1.6.1`	`1.7.0`
axios	`1.5.1`	`1.6.0`
express	`4.18.2`	`4.19.2`
bl	`5.0.0`	`5.1.0`
undici	`6.11.1`	`6.12.0`
qs	`6.7.3`	`6.8.3`
vite	`5.0.13`	`5.1.7`
pkg	`4.5.1`	`5.8.1`
@adobe/css-tools	`4.2.0`	`4.3.3`
apollo-server-core	`3.12.0`	`3.13.0`
browserify-sign	`4.2.1`	`4.2.3`
es5-ext	`0.10.53`	`0.10.64`
ip	`1.1.5`	`1.1.9`
react-devtools-core	`4.27.8`	`4.28.5`
word-wrap	`1.2.3`	`1.2.5`

Bumps the npm_and_yarn group with 1 update in the /examples/cactus-example-tcs-huawei directory: jsonwebtoken. Bumps the npm_and_yarn group with 1 update in the /examples/test-run-transaction directory: jsonwebtoken. Bumps the npm_and_yarn group with 2 updates in the /extensions/cactus-plugin-htlc-coordinator-besu directory: web3-utils and axios. Bumps the npm_and_yarn group with 1 update in the /packages/cactus-plugin-ledger-connector-tcs-huawei-socketio directory: jsonwebtoken. Bumps the npm_and_yarn group with 1 update in the /packages/cactus-test-plugin-keychain-memory directory: express. Bumps the npm_and_yarn group with 1 update in the /weaver/docs directory: gh-pages. Bumps the npm_and_yarn group with 1 update in the /weaver/samples/fabric/fabric-cli directory: pkg.

Updates web3-utils from 1.6.1 to 1.7.0

Release notes

Sourced from web3-utils's releases.

[email protected]

Initial alpha release

Install with yarn add [email protected]

Changelog

Sourced from web3-utils's changelog.

[1.6.1]

Added

Support for eth_createAccessList as both an rpc call (web3.eth.createAccessList) and property of contract method wrappers (contractInstance.methods.getValue().createAccessList) (#4332)

Changed

Not considering tx.chainId if tx.common.customChain.chainId is provided for web3.eth.accounts.signTransaction function (#4293)

Added missing PromiEvent handler types (#4194)

Updated README to include webpack 5 angular support instructions (#4174)

Updated the documentation for the Web3.utils, removed context for _ (underscore lib) (#4403)

Emit subscription id with connect event when creating a subscription (#4300)

Introduced new configuration "blockHeaderTimeout" for waiting of block headers for transaction receipt (#3891)

Format block.baseFeePerGas to number (#4330)

Correct web3-eth-personal.sendTransaction example in documentation (#4409)

Updated README to include webpack 5 angular support instructions (#4174)

Fixed

Fix 1.6.1 build size issue with removing static asset files (#4506)

Correct web3.rst example in documentation (#4511)

Correct BlockHeader typing (receiptRoot -> receiptsRoot) (#4452)

[1.7.0]

Added

maxPriorityFeePerGas and maxFeePerGas added to Transaction and TransactionConfig interfaces (#4232) (#4585)

Fixed

Fix readthedoc's build for web3js documentation (#4425)

Fix response sorting for batch requests (#4250)

Changed

Changed getFeeHistory first parameter type from number to hex according to the spec (#4529)

[1.7.1]

Added

transactionPollingInterval added to web3, contract and method constructor options. defaults to 1 second. (#4584)

Add example import for package level types (#4611)

Fixed

Fix a typo in the documentation for methods.myMethod.send (#4599)

Use globalThis to locate global object if possible (#4613)

... (truncated)

Commits

cd4b4d1 Build for v1.7.0
d30033f v1.7.0
c191d9a Merge branch '1.x' into release/1.7.0
b32555c add: custom transaction polling interval (#4584) (#4672)
0b890b7 adding effective gas price to transactionreceipt (#4694)
9c9417a correction in documentation for signtransaction accounts (#4674)
9b19af8 added webpack 5 create-react-app instructions (#4670)
8783f4d Fix a typo in docs #4616 (#4640)
bbb9cdf Manual build commit for 1.7.0-rc.0
e76d9dc v1.7.0-rc.0
Additional commits viewable in compare view

Updates axios from 1.5.1 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)

dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)

types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

CVE 2023 45857 ( #6028 )
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release

Dmitriy Mozgovoy

Valentin Panov

Rinku Chaudhari

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)

dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)

types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

CVE 2023 45857 ( #6028 )
⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release

Dmitriy Mozgovoy

Valentin Panov

Rinku Chaudhari

Commits

f7adacd chore(release): v1.6.0 (#6031)
9917e67 chore(ci): fix release-it arg; (#6032)
96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
a48a63a chore(docs): added AxiosHeaders docs; (#5932)
a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
2ac731d chore(docs): update readme.md (#5889)
See full diff in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates bl from 5.0.0 to 5.1.0

Release notes

Sourced from bl's releases.

v5.1.0

5.1.0 (2022-10-18)

Features

added integrated TypeScript typings (#108) (433ff89)

Bug Fixes

windows support in tests (387dfaf)

Trivial Changes

GH Actions, Dependabot, auto-release, remove Travis (997f058)

no-release: bump standard from 16.0.4 to 17.0.0 (#112) (078bfe3)

Changelog

Sourced from bl's changelog.

5.1.0 (2022-10-18)

Features

added integrated TypeScript typings (#108) (433ff89)

Bug Fixes

windows support in tests (387dfaf)

Trivial Changes

GH Actions, Dependabot, auto-release, remove Travis (997f058)

no-release: bump standard from 16.0.4 to 17.0.0 (#112) (078bfe3)

Commits

3af8c54 chore(release): 5.1.0 [skip ci]
433ff89 feat: added integrated TypeScript typings (#108)
078bfe3 chore(no-release): bump standard from 16.0.4 to 17.0.0 (#112)
387dfaf fix: windows support in tests
997f058 chore: GH Actions, Dependabot, auto-release, remove Travis
See full diff in compare view

Updates undici from 6.11.1 to 6.12.0

Release notes

Sourced from undici's releases.

v6.12.0

What's Changed

fix: broken test by @tsctx in nodejs/undici#3045

fix: http2 header parsing by @climba03003 in nodejs/undici#3047

types: fix Request.refererPolicy and RequestInit.refererPolicy are incompatible by @zbinlin in nodejs/undici#3039

fix(types): onHeaders always takes headers as an array of buffer by @ronag in nodejs/undici#3050

fix: ProxyAgent causes request.headers.host to be forcibly reset by @1zilc in nodejs/undici#3026

fallback to Buffer.isUtf8 on platforms without icu by @KhafraDev in nodejs/undici#3006

build(deps): bump github/codeql-action from 3.24.6 to 3.24.9 by @dependabot in nodejs/undici#3037

build(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.5 by @dependabot in nodejs/undici#3035

build(deps): bump node from 577f8eb to 87524df in /build by @dependabot in nodejs/undici#3055

build(deps): bump node from 87524df to 9696b26 in /build by @dependabot in nodejs/undici#3058

fetch: Block ports 4190 & 6679 by @KhafraDev in nodejs/undici#3059

test: activate testing for interceptors and cache by @Uzlopak in nodejs/undici#3061

cache: improve test coverage by @Uzlopak in nodejs/undici#3063

feat: modernize fuzzing by @Uzlopak in nodejs/undici#3060

fix: request abort by @ronag in nodejs/undici#3056

fix: signal handling by @ronag in nodejs/undici#3053

fix(H2): handle goaway properly by @metcoder95 in nodejs/undici#3057

test: client, set body to null if bigger than CHUNK_LIMIT by @Uzlopak in nodejs/undici#3064

mock: improve mock interceptor by @Uzlopak in nodejs/undici#3062

fix: bad client destroy on servername change by @ronag in nodejs/undici#3066

perf: improve isBlobLike by @Uzlopak in nodejs/undici#3070

test: add sanity check for llhttp wasm files by @Uzlopak in nodejs/undici#3068

New Contributors

@zbinlin made their first contribution in nodejs/undici#3039

@1zilc made their first contribution in nodejs/undici#3026

Full Changelog: https://github.com/nodejs/undici/compare/v6.11.1...v6.12.0

Commits

7751d9b Bumped v6.12.0
e9c3b22 Revert "automate releases (#3052)"
f51f226 automate releases (#3052)
502e134 test: add test for llhttp wasm (#3068)
413fd4d perf: improve isBlobLike (#3070)
7ae20e6 fix: bad client destroy on servername change (#3066)
ad3fac5 mock: improve mock interceptor (#3062)
d399b3d test: client, set body to null if bigger than CHUNK_LIMIT (#3064)
bc4b206 fix(H2): handle goaway properly (#3057)
b6aa794 fix: signal handling (#3053)
Additional commits viewable in compare view

Updates qs from 6.7.3 to 6.8.3

Changelog

Sourced from qs's changelog.

6.8.3

[Fix] parse: ignore __proto__ keys (#428)

[Robustness] stringify: avoid relying on a global undefined (#427)

[Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Tests] clean up stringify tests slightly

[Docs] add note and links for coercing primitive values (#408)

[meta] fix README.md (#399)

[actions] backport actions from main

[Dev Deps] backport updates from main

[Refactor] stringify: reduce branching

[meta] do not publish workflow files

6.8.2

[Fix] proper comma parsing of URL-encoded commas (#361)

[Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)

6.8.1

[Fix] parse: Fix parsing array from object with comma true (#359)

[Fix] parse: throw a TypeError instead of an Error for bad charset (#349)

[Fix] parse: with comma true, handle field that holds an array of arrays (#335)

[fix] parse: with comma true, do not split non-string values (#334)

[meta] add tidelift marketing copy

[meta] add funding field

[Dev Deps] update eslint, @ljharb/eslint-config, tape, safe-publish-latest, evalmd, has-symbols, iconv-lite, mkdirp, object-inspect

[Tests] parse: add passing arrayFormat tests

[Tests] use shared travis-ci configs

[Tests] Buffer.from in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray

[actions] add automatic rebasing / merge commit blocking

6.8.0

[New] add depth=false to preserve the original key; [Fix] depth=0 should preserve the original key (#326)

[New] [Fix] stringify symbols and bigints

[Fix] ensure node 0.12 can stringify Symbols

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Refactor] formats: tiny bit of cleanup.

[Dev Deps] update eslint, @ljharb/eslint-config, browserify, safe-publish-latest, iconv-lite, tape

[Tests] add tests for depth=0 and depth=false behavior, both current and intuitive/intended (#326)

[Tests] use eclint instead of editorconfig-tools

[docs] readme: add security note

[meta] add github sponsorship

[meta] add FUNDING.yml

[meta] Clean up license text so it’s properly detected as BSD-3-Clause

Commits

0db5538 v6.8.3
639a381 [meta] do not publish workflow files
fc36827 [Fix] parse: ignore __proto__ keys (#428)
4e312c4 [Robustness] stringify: avoid relying on a global undefined (#427)
57918da [Fix] stringify: avoid encoding arrayformat comma when `encodeValuesOnly = ...
48673ca [readme] remove travis badge; add github actions/codecov badges; update URLs
554ba81 [Tests] clean up stringify tests slightly
dbb54a8 [Docs] add note and links for coercing primitive values (#408)
6868128 [meta] fix README.md (#399)
49bed69 [actions] backport actions from main
Additional commits viewable in compare view

Updates vite from 5.0.13 to 5.1.7

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.1.7 (2024-03-24)

fix: fs.deny with globs with directories (#16250) (5a056dd), closes #16250

5.1.6 (2024-03-11)

chore(deps): update all non-major dependencies (#16131) (a862ecb), closes #16131

fix: check for publicDir before checking if it is a parent directory (#16046) (b6fb323), closes #16046

fix: escape single quote when relative base is used (#16060) (8f74ce4), closes #16060

fix: handle function property extension in namespace import (#16113) (f699194), closes #16113

fix: server middleware mode resolve (#16122) (8403546), closes #16122

fix(esbuild): update tsconfck to fix bug that could cause a deadlock (#16124) (fd9de04), closes #16124

fix(worker): hide "The emitted file overwrites" warning if the content is same (#16094) (60dfa9e), closes #16094

fix(worker): throw error when circular worker import is detected and support self referencing worker (eef9da1), closes #16103

style(utils): remove null check (#16112) (0d2df52), closes #16112

refactor(runtime): share more code between runtime and main bundle (#16063) (93be84e), closes #16063

5.1.5 (2024-03-04)

fix: __vite__mapDeps code injection (#15732) (aff54e1), closes #15732

fix: analysing build chunk without dependencies (#15469) (bd52283), closes #15469

fix: import with query with imports field (#16085) (ab823ab), closes #16085

fix: normalize literal-only entry pattern (#16010) (1dccc37), closes #16010

fix: optimizeDeps.entries with literal-only pattern(s) (#15853) (49300b3), closes #15853

fix: output correct error for empty import specifier (#16055) (a9112eb), closes #16055

fix: upgrade esbuild to 0.20.x (#16062) (899d9b1), closes #16062

fix(runtime): runtime HMR affects only imported files (#15898) (57463fc), closes #15898

fix(scanner): respect experimentalDecorators: true (#15206) (4144781), closes #15206

revert: "fix: upgrade esbuild to 0.20.x" (#16072) (11cceea), closes #16072

refactor: share code with vite runtime (#15907) (b20d542), closes #15907

refactor(runtime): use functions from pathe (#16061) (aac2ef7), closes #16061

chore(deps): update all non-major dependencies (#16028) (7cfe80d), closes #16028

5.1.4 (2024-02-21)

perf: remove unnecessary regex s modifier (#15766) (8dc1b73), closes #15766

fix: fs cached checks disabled by default for yarn pnp (#15920) (8b11fea), closes #15920

fix: resolve directory correctly when fs.cachedChecks: true (#15983) (4fe971f), closes #15983

fix: srcSet with optional descriptor (#15905) (81b3bd0), closes #15905

fix(deps): update all non-major dependencies (#15959) (571a3fd), closes #15959

fix(watch): build watch fails when outDir is empty string (#15979) (1d263d3), closes #15979

... (truncated)

Commits

e710c2f release: v5.1.7
5a056dd fix: fs.deny with globs with directories (#16250)
6f7466e release: v5.1.6
a862ecb chore(deps): update all non-major dependencies (#16131)
8403546 fix: server middleware mode resolve (#16122)
b6fb323 fix: check for publicDir before checking if it is a parent directory (#16046)
fd9de04 fix(esbuild): update tsconfck to fix bug that could cause a deadlock (#16124)
f699194 fix: handle function property extension in namespace import (#16113)
0d2df52 style(utils): remove null check (#16112)
eef9da1 fix(worker): throw error when circular worker import is detected and support ...
Additional commits viewable in compare view

Updates pkg from 4.5.1 to 5.8.1

Release notes

Sourced from pkg's releases.

5.8.1

Patches

Producer: properly call "prebuild-install" if N-API is used: dd9de59c9fca2751bf5d22b57bd9b03d43e85e80

Chore: clean up obsolete eslint disable comments: #1760

Chore: add prettier check in linting step: #1764

Chore: separate individual test scripts: #1759

Chore: use @types/babel__generator package: #1755

Chore: remove unused entry: #1766

Chore: upgrade actions runners: #1767

Style: fix typo in test-99-#1192/main.js: #1790

Chore: bump [email protected]: #1788

Fix: add force flag to codesign to avoid already signed error: #1756

Credits

Huge thanks to @ignatiusmb, @eltociear, @PraveenAnaparthi, and @brianunlam for helping!

5.8.0

Highlights

Support more language features, including but not limited to classPrivateMethods (#1248, #1249)

Note: pkg uses Babel to trace dependencies. It does NOT transform your sources. You should make sure that your code can run on the target Node.js version.

What's Changed

Bump to vercel/[email protected] by @jesec in vercel/pkg#1693

Add Node 14.20.0, 16.16.0 and 18.5.0 binaries

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

detector: use Babel AST and default plugins by @jesec in vercel/pkg#1648

test: rearrange and fix order by @jesec in vercel/pkg#1650

fix: typo in fabricator.ts by @eltociear in vercel/pkg#1661

New Contributors

@eltociear made their first contribution in vercel/pkg#1661

Full Changelog: https://github.com/vercel/pkg/compare/5.7.0...5.8.0

5.7.0

Highlights

Node 18 is now supported!

What's Changed

Bump to vercel/[email protected] by @jesec in vercel/pkg#1616

No longer take NODE_OPTIONS from the environment of the end-user. Only the users (developers who use pkg to package their project) should have control over the flags via the "bake in" (--options) mechanism (Fixes: vercel/pkg#954, vercel/pkg#989, vercel/pkg#1194, vercel/pkg#1517)

Patched Node: bump to 16.15.0, add 18.1.0 and drop 17

fix broken tests on node 12; latest pnpm requires node >= 14.19 by @kldzj in vercel/pkg#1613

dependencies: bump (minor) by @jesec in vercel/pkg#1615

fix(bootstrap): prevent to override existing node addon file by @renkei in vercel/pkg#1611

New Contributors

... (truncated)

Commits

5dc987b 5.8.1
f19285d fix: add force flag to codesign to avoid already signed error (#1756)
e3ac490 chore: bump [email protected] (#1788)
be1123c style: fix typo in test-99-#1192/main.js (#1790)
614c02a chore: upgrade actions runners (#1767)
39e9985 chore: remove unused entry (#1766)
b8deba4 chore: use @types/babel__generator package (#1755)
332c7d9 chore: separate individual test scripts (#1759)
6efa7cf chore: add prettier check in linting step (#1764)
56135b5 chore: clean up obsolete eslint disable comments (#1760)
Additional commits viewable in compare view

Updates @adobe/css-tools from 4.2.0 to 4.3.3

Changelog

Sourced from @adobe/css-tools's changelog.

4.3.3 / 2024-01-24

Update export property #271

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

4.3.1 / 2023-03-14

Fix redos vulnerability with specific crafted css string - CVE-2023-26364

4.3.0 / 2023-03-07

Update build tools

Update exports path and files

Commits

See full diff in compare view

Updates apollo-server-core from 3.12.0 to 3.13.0

Commits

f93284e Release
4745ebe Rename option from disableValidation to dangerouslyDisableValidation
11f5981 Add disableValidation option to apollo-server-core
ea2e2c3 Release
1dd45b8 get CI passing
d38b43b Merge pull request from GHSA-j5g3-5c8r-7qfx
See full diff in compare view

Maintainer changes

This version was pushed to npm by apollo-bot, a new releaser for apollo-server-core since your current version.

...

Description has been truncated

May 06 '24 13:05 dependabot[bot]