Bump the npm_and_yarn group across 10 directories with 11 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
next	12.3.1	14.2.3
axios	1.2.1	1.6.0
@nestjs/core	8.4.7	10.3.8
protobufjs	7.2.5	7.2.6
ejs	3.1.8	3.1.10
follow-redirects	1.15.2	1.15.6
ip	2.0.0	2.0.1
json5	1.0.1	1.0.2

Bumps the npm_and_yarn group with 1 update in the /activities-examples directory: axios. Bumps the npm_and_yarn group with 1 update in the /expense directory: axios. Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/driver directory: next and sharp. Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/menu directory: next and sharp. Bumps the npm_and_yarn group with 1 update in the /monorepo-folders/packages/backend-apis directory: express. Bumps the npm_and_yarn group with 1 update in the /nestjs-exchange-rates directory: @nestjs/core. Bumps the npm_and_yarn group with 1 update in the /patching-api directory: axios. Bumps the npm_and_yarn group with 1 update in the /protobufs directory: protobufjs. Bumps the npm_and_yarn group with 1 update in the /timer-examples directory: axios.

Updates next from 12.3.1 to 14.2.3

Release notes

Sourced from next's releases.

v14.2.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix: resolve mixed re-exports module as cjs (#64681)
• fix: mixing namespace import and named import client components (#64809)
• Fix mixed exports in server component with barrel optimization (#64894)
• Fix next/image usage in mdx(#64875)
• fix(fetch-cache): fix additional typo, add type & data validation (#64799)
• prevent erroneous route interception during lazy fetch (#64692)
• fix root page revalidation when redirecting in a server action (#64730)
• fix: remove traceparent from cachekey should not remove traceparent from original object (#64727)
• Clean-up fetch metrics tracking (#64746)

Credits

Huge thanks to @​huozhi, @​samcx, @​ztanner, @​Jeffrey-Zutt, and @​ijjk for helping!

v14.2.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix Server Action error logs for unhandled POST requests (#64315)
• Improve rendering performance (#64408)
• Fix the method prop case in Server Actions transform (#64398)
• fix(next-lint): update option --report-unused-disable-directives to --report-unused-disable-directives-severity (#64405)
• tweak test for Azure (#64424)
• router restore should take priority over pending actions (#64449)
• Fix client boundary inheritance for barrel optimization (#64467)
• improve turborepo caching (#64493)
• feat: strip traceparent header from cachekey (#64499)
• Fix more Turbopack build tests
• Update lockfile for compatibility with turbo (#64360)
• Fix typo in dynamic-rendering.ts (#64365)
• Fix DynamicServerError not being thrown in fetch (#64511)
• fix(next): Metadata.openGraph values not resolving basic values when type is set (#63620)
• disable production chunking in dev (#64488)
• Fix cjs client components tree-shaking (#64558)
• fix refresh behavior for discarded actions (#64532)
• fix: filter out middleware requests in logging (#64549)
• Turbopack: Allow client components to be imported in app routes (#64520)
• Fix ASL bundling for dynamic css (#64451)
• add pathname normalizer for actions (#64592)
• fix incorrect refresh request when basePath is set (#64589)
• test: skip turbopack build test (#64356)
• hotfix(turbopack): Update with patch for postcss.config.js path resolution on Windows (#64677)

... (truncated)

Commits

• 2e7a96a v14.2.3
• a230be4 Clean-up fetch metrics tracking (#64746)
• 73c2d63 fix: remove traceparent from cachekey should not remove traceparent from orig...
• dd44191 fix root page revalidation when redirecting in a server action (#64730)
• 8b4c234 prevent erroneous route interception during lazy fetch (#64692)
• d6a7ca0 fix(fetch-cache): fix additional typo, add type & data validation (#64799)
• 4a6b511 Fix next/image usage in mdx (#64875)
• 04cc13c Fix mixed exports in server component with barrel optimization (#64894)
• 8d01d49 fix: mixing namespace import and named import client components (#64809)
• de84e3a Fix: resolve mixed re-exports module as cjs (#64681)
• Additional commits viewable in compare view

Updates axios from 1.2.1 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates @nestjs/core from 8.4.7 to 10.3.8

Release notes

Sourced from @​nestjs/core's releases.

v10.3.6 (2024-03-27)

Bug fixes

• microservices
  • #13367 Revert "fix(microservices): fix redundant code to emit error" (@​kamilmysliwiec)
• core
  • #13366 fix(core): break reference chain to instance object (@​breeeew)

Dependencies

• Other
  • #13362 chore(deps-dev): bump @​grpc/proto-loader from 0.7.10 to 0.7.11 (@​dependabot[bot])
  • #13358 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.3.1 to 7.4.0 (@​dependabot[bot])
  • #13361 chore(deps-dev): bump mocha from 10.3.0 to 10.4.0 (@​dependabot[bot])
  • #13363 chore(deps-dev): bump @​grpc/grpc-js from 1.10.3 to 1.10.4 (@​dependabot[bot])
  • #13364 chore(deps-dev): bump mysql2 from 3.9.2 to 3.9.3 (@​dependabot[bot])
  • #13355 chore(deps-dev): bump @​apollo/server from 4.10.1 to 4.10.2 (@​dependabot[bot])
  • #13359 chore(deps-dev): bump @​typescript-eslint/parser from 7.3.1 to 7.4.0 (@​dependabot[bot])
  • #13343 chore(deps-dev): bump core-js from 3.36.0 to 3.36.1 (@​dependabot[bot])
  • #13344 chore(deps-dev): bump @​commitlint/cli from 19.2.0 to 19.2.1 (@​dependabot[bot])
  • #13347 chore(deps-dev): bump typescript from 5.4.2 to 5.4.3 (@​dependabot[bot])
  • #13345 chore(deps-dev): bump @​types/node from 20.11.29 to 20.11.30 (@​dependabot[bot])
  • #13348 chore(deps-dev): bump @​fastify/multipart from 8.1.0 to 8.2.0 (@​dependabot[bot])
  • #13352 chore(deps-dev): bump mongoose from 8.2.2 to 8.2.3 (@​dependabot[bot])
• platform-express
  • #13357 chore(deps): bump express from 4.19.1 to 4.19.2 (@​dependabot[bot])
  • #13349 chore(deps): bump express from 4.18.3 to 4.19.1 (@​dependabot[bot])

Committers: 2

• Abdulla Bayramov (@​breeeew)
• Kamil Mysliwiec (@​kamilmysliwiec)

v10.3.4 (2024-03-18)

Bug fixes

• core, platform-fastify
  • #13337 fix(core): middleware is not executed for root route when global prefix is set (@​kamilmysliwiec)
• microservices
  • #13285 fix(microservices): fix rabbitmq no-assert not being applied correctly (@​sorooshme)
• common
  • #13317 fix(common): fix stacktrace regex (@​hokaccha)

Enhancements

• common, core
  • #13225 feat(core,common): Add @RawBody() decorator (@​tolgap)

Docs

• common
  • #13221 docs(common): remove incorrect constructor signature of HttpException (@​kalmanbendeguz)

Dependencies

... (truncated)

Commits

• 6538ede chore(@​nestjs) publish v10.3.8 release
• 8b4dbb3 chore(@​nestjs) publish v10.3.7 release
• 1f2fae7 chore(@​nestjs) publish v10.3.6 release
• 6a7f74f fix(core): break reference chain to instance object
• 8bf0015 chore: update readme
• 28bf1f0 chore(@​nestjs) publish v10.3.5 release
• c13c6b1 chore: update package.json and readme
• 2d6583a chore(@​nestjs) publish v10.3.4 release
• 3321f6c fix(core): middleware is not executed for root route with prefix
• 7d8822c Merge branch 'fix-global-prefix-middleware' of https://github.com/CodyTseng/n...
• Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates protobufjs from 7.2.5 to 7.2.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Changelog

Sourced from protobufjs's changelog.

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Commits

• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• See full diff in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

...

Description has been truncated

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[mjameswh]

@dependabot rebase

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.