Bump the npm_and_yarn group across 9 directories with 9 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
next	12.3.1	14.1.3
axios	1.2.1	1.6.0
@nestjs/core	8.4.7	10.3.3
protobufjs	7.2.5	7.2.6
follow-redirects	1.15.2	1.15.6
ip	2.0.0	2.0.1
json5	1.0.1	1.0.2
Bumps the npm_and_yarn group with 1 update in the /activities-examples directory: axios.
Bumps the npm_and_yarn group with 1 update in the /expense directory: axios.
Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/driver directory: next and sharp.
Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/menu directory: next and sharp.
Bumps the npm_and_yarn group with 1 update in the /nestjs-exchange-rates directory: @nestjs/core.
Bumps the npm_and_yarn group with 1 update in the /patching-api directory: axios.
Bumps the npm_and_yarn group with 1 update in the /protobufs directory: protobufjs.
Bumps the npm_and_yarn group with 1 update in the /timer-examples directory: axios.

Updates next from 12.3.1 to 14.1.3

Release notes

Sourced from next's releases.

v14.1.3

Core Changes

• Upgrade to latest @​edge-runtime packages: #62955
• Fix output: export with custom distDir: #62064
• Migrate locale redirect handling to router-server: #62606

Credits

Huge thanks to @​ijjk

v14.1.2

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes

• Fix sitemap generateSitemaps support for string id (#61088)
• Fix: generateSitemaps in production giving 404 (#62212)
• Fix redirect under suspense boundary with basePath (#62597)
• Fix: Add stricter check for "use server" exports (#62821)
• ensure server action errors notify rejection handlers (#61588)
• make router restore action resilient to a missing tree (#62098)
• build: remove sentry from the externals list #61194
• Reduce memory/cache overhead from over loader processing #62005

Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

v14.1.2-canary.7

Core Changes

• remove reducer unit tests: #62766

Documentation Changes

• Update sitemap.mdx: #62809

Credits

Huge thanks to @​ztanner and @​devr77 for helping!

v14.1.2-canary.6

Core Changes

• fix: Add stricter check for "use server" exports: #62821
• fix(next-core): throw on invalid metadata handler: #62829
• Revert "Add experimental config for navigation raf test (#62668)": #62834
• Revert "refactor(analysis): rust based page-static-info, deprecate js parse interface in next-swc": #62838

... (truncated)

Commits

• fc38ee1 v14.1.3
• 85a5c4d fix type
• 4b059bc Upgrade to latest @​edge-runtime packages (#62955)
• b10a610 Fix output: export with custom distDir (#62064)
• 960b738 Migrate locale redirect handling to router-server (#62606)
• 2f210d4 update release workflow
• f564dee v14.1.2
• a85519e Fix sitemap generateSitemaps support for string id (#61088)
• 0a2d775 Fix: generateSitemaps in production giving 404 (#62212)
• 400b57c Fix redirect under suspense boundary with basePath (#62597)
• Additional commits viewable in compare view

Updates axios from 1.2.1 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates @nestjs/core from 8.4.7 to 10.3.3

Release notes

Sourced from @​nestjs/core's releases.

v10.3.2 (2024-02-07)

Bug fixes

• microservices
  • #12974 fix(microservices): send rmq nack without matching message handler (@​toxol)
  • #13084 fix: #13077 KafkaJs typing consistency (@​edeesis)
  • #13151 fix(packages/microservices): pass inboxPrefix as argument to createInbox (@​leandrogenas)
• common, core
  • #13000 fix(core,common): 🐛 missing registration handling of SEARCH http verb (@​doronguttman)

Enhancements

• core, platform-express, platform-fastify
  • #12955 feat: Implement getHeader and appendHeader methods in adapters (@​josesilveiraa07)
• microservices
  • #13105 feat(microservices): add type for rmq connection options (@​Deniks)
• platform-fastify
  • #13152 fix: allow @​fastify/static v7 (@​alexfriesen)

Dependencies

• common, core, microservices, websockets
  • #12943 fix(deps): update dependency reflect-metadata to v0.2.1 (@​renovate[bot])
• Other
  • #13101 chore(deps-dev): bump @​commitlint/config-angular from 18.5.0 to 18.6.0 (@​dependabot[bot])
  • #13173 chore(deps-dev): bump @​grpc/grpc-js from 1.9.14 to 1.10.0 (@​dependabot[bot])
  • #13162 chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 (@​dependabot[bot])
  • #13166 chore(deps): bump fast-json-stringify from 5.11.1 to 5.12.0 (@​dependabot[bot])
  • #13170 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 (@​dependabot[bot])
  • #13167 chore(deps-dev): bump redis from 4.6.12 to 4.6.13 (@​dependabot[bot])
  • #13168 chore(deps-dev): bump artillery from 2.0.4 to 2.0.5 (@​dependabot[bot])
  • #13171 chore(deps-dev): bump lint-staged from 15.2.1 to 15.2.2 (@​dependabot[bot])
  • #13172 chore(deps-dev): bump @​typescript-eslint/parser from 6.20.0 to 6.21.0 (@​dependabot[bot])
  • #13129 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 (@​dependabot[bot])
  • #13134 chore(deps): update mysql docker tag to v8.3.0 (@​renovate[bot])
  • #13142 fix(deps): update dependency mysql2 to v3.9.1 (@​renovate[bot])
  • #13149 chore(deps-dev): bump lint-staged from 15.2.0 to 15.2.1 (@​dependabot[bot])
  • #13154 chore(deps-dev): bump @​fastify/static from 6.12.0 to 7.0.0 (@​dependabot[bot])
  • #13155 chore(deps-dev): bump husky from 9.0.7 to 9.0.10 (@​dependabot[bot])
  • #13156 chore(deps-dev): bump @​types/node from 20.11.13 to 20.11.16 (@​dependabot[bot])
  • #13157 chore(deps): bump fast-json-stringify from 5.10.0 to 5.11.1 (@​dependabot[bot])
  • #13114 chore(deps): update dependency eslint-plugin-prettier to v5.1.3 (@​renovate[bot])
  • #13117 chore(deps): update dependency ts-jest to v29.1.2 (@​renovate[bot])
  • #13118 fix(deps): update dependency @​graphql-tools/utils to v10.0.13 (@​renovate[bot])
  • #13120 fix(deps): update dependency class-validator to v0.14.1 (@​renovate[bot])
  • #13127 chore(deps-dev): bump mysql2 from 3.9.0 to 3.9.1 (@​dependabot[bot])
  • #13130 chore(deps-dev): bump @​typescript-eslint/parser from 6.19.1 to 6.20.0 (@​dependabot[bot])
  • #13131 chore(deps-dev): bump husky from 9.0.6 to 9.0.7 (@​dependabot[bot])
  • #13137 chore(deps-dev): bump @​types/node from 20.11.10 to 20.11.13 (@​dependabot[bot])
  • #13138 fix(deps): update dependency @​nestjs/cache-manager to v2.2.0 (@​renovate[bot])
  • #13139 fix(deps): update dependency @​nestjs/swagger to v7.2.0 (@​renovate[bot])
  • #13140 fix(deps): update dependency cache-manager to v5.4.0 (@​renovate[bot])

... (truncated)

Commits

• d658942 chore(@​nestjs) publish v10.3.3 release
• 985c5e1 style(common,core): fix formatting
• 441715a fix(core): when having multiple versions on middleware builder
• a35938a chore(@​nestjs) publish v10.3.2 release
• 6c6bc29 Merge pull request #12943 from nestjs/renovate/reflect-metadata-0.x
• 8f4e945 Merge pull request #12955 from josesilveiraa07/master
• 32b0aa8 fix(deps): update dependency reflect-metadata to v0.2.1
• 33aae84 refactor(common): ♻️ PR #13000 comments
• cb6664c fix(core,common): 🐛 missing registration handling of SEARCH http verb
• c91e21c chore(@​nestjs) publish v10.3.1 release
• Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates protobufjs from 7.2.5 to 7.2.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Changelog

Sourced from protobufjs's changelog.

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Commits

• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• See full diff in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[mjameswh]

@dependabot rebase

[dependabot[bot]]

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

[dependabot[bot]]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml