Bumps the npm_and_yarn group with 2 updates in the /packages/iac-cli-alert directory: axios and @slack/webhook.
Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/extra-large-response-payload directory: yarn.
Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/fail-on/patchable directory: ms.
Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/gradle-monorepo directory: qs and node-uuid.
Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/mono-repo-poetry directory: qs and node-uuid.
Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/mono-repo-project directory: qs and node-uuid.
Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/mono-repo-project-manifests-only directory: qs and node-uuid.
Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/mono-repo-with-ignores directory: qs.
Bumps the npm_and_yarn group with 6 updates in the /test/acceptance/workspaces/monorepo-bad-project directory:
Bumps the npm_and_yarn group with 4 updates in the /test/acceptance/workspaces/npm-lock-v2-with-npm-prefixed-sub-dep-version directory: tar, @semantic-release/npm, acorn and qs.
Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/npm-lock-v2-with-simple-version-range-override directory: json-bigint and @google-cloud/storage.
Bumps the npm_and_yarn group with 6 updates in the /test/acceptance/workspaces/npm-out-of-sync-graph directory:
Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface
Add tree-shake friendly exports, like import('tar/create')
and import('tar/read-entry') to get individual functions or
classes.
Add chmod option that defaults to false, and deprecate
noChmod. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.
Add processUmask option to avoid having to call
process.umask() when chmod: true (or noChmod: false) is
set.
6.2
Add support for brotli compression
Add maxDepth option to prevent extraction into excessively
deep folders.
Option code.esm to generate ESM exports for standalone validation functions (@rehanvdm, #1861)
Support discriminator keyword with $ref in oneOf subschemas (@dfeufel, #1815)
Fix browser bundles in cdnjs
regExp option allowing to specify alternative RegExp engine, e.g. re2 (@efebarlas)
v8.7.1
Publish Ajv bundle for JSON Schema 2020-12 to cdnjs.com
v8.7.0
Update JSON Schema Test Suite.
Change minContains: 0 now correctly allows empty array.
v8.6.3
Fix $ref resolution for schemas without $id (@rbuckton, #1725)
Support standalone module import from ESM modules without using .default property (@bhvngt, #1757)
This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).
To trigger a single review, invoke the @coderabbitai review command.
You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Share
- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)
Tips
### Chat
There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai):
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- `I pushed a fix in commit .`
- `Generate unit testing code for this file.`
- `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
- `@coderabbitai generate unit testing code for this file.`
- `@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- `@coderabbitai generate interesting stats about this repository and render them as a table.`
- `@coderabbitai show all the console.log statements in this repository.`
- `@coderabbitai read src/utils.ts and generate unit testing code.`
- `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
### CodeRabbit Commands (invoked as PR comments)
- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai help` to get help.
Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
### CodeRabbit Configration File (`.coderabbit.yaml`)
- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`
### Documentation and Community
- Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.
Bumps the npm_and_yarn group with 17 updates in the / directory:
6.3.1
7.6.0
6.1.11
6.2.1
6.12.6
8.12.0
4.17.1
4.19.2
5.8.0
5.8.1
5.54.0
5.76.0
0.2.0
0.2.2
3.1.0
3.1.1
11.8.2
11.8.6
1.0.1
1.0.2
8.5.1
9.0.2
10.9.0
12.1.0
1.4.0
1.4.2
1.2.6
1.2.8
3.1.25
3.3.7
8.3.6
8.4.38
1.7.2
1.8.1
Bumps the npm_and_yarn group with 2 updates in the /packages/iac-cli-alert directory: axios and @slack/webhook. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/extra-large-response-payload directory: yarn. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/fail-on/patchable directory: ms. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/gradle-monorepo directory: qs and node-uuid. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/mono-repo-poetry directory: qs and node-uuid. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/mono-repo-project directory: qs and node-uuid. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/mono-repo-project-manifests-only directory: qs and node-uuid. Bumps the npm_and_yarn group with 1 update in the /test/acceptance/workspaces/mono-repo-with-ignores directory: qs. Bumps the npm_and_yarn group with 6 updates in the /test/acceptance/workspaces/monorepo-bad-project directory:
3.2.5
3.2.7
5.5.1
5.7.2
4.17.11
4.17.21
3.0.4
3.1.2
2.1.1
2.1.3
3.12.0
3.14.1
Bumps the npm_and_yarn group with 4 updates in the /test/acceptance/workspaces/npm-lock-v2-with-npm-prefixed-sub-dep-version directory: tar, @semantic-release/npm, acorn and qs. Bumps the npm_and_yarn group with 2 updates in the /test/acceptance/workspaces/npm-lock-v2-with-simple-version-range-override directory: json-bigint and @google-cloud/storage. Bumps the npm_and_yarn group with 6 updates in the /test/acceptance/workspaces/npm-out-of-sync-graph directory:
4.3.1
4.3.4
5.6.0
5.7.2
3.0.0
3.0.1
1.3.1
1.4.3
0.28.0
1.6.8
3.12.0
3.14.1
Updates
semver
from 6.3.1 to 7.6.0Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
377f709
chore: release 7.6.0 (#661)a7ab13a
feat: preserve pre-release and build parts of a version on coerce (#671)816c7b2
chore: postinstall for dependabot template-oss PR0bd24d9
chore: bump@npmcli/template-oss
from 4.21.1 to 4.21.3e521932
chore: postinstall for dependabot template-oss PR8873991
chore: chore: chore: postinstall for dependabot template-oss PRf317dc8
chore: bump@npmcli/template-oss
from 4.19.0 to 4.21.07303db1
chore: add clean() test for build metadata (#658)6240d75
chore: add missing quotes in README.md (#656)14d263f
chore: postinstall for dependabot template-oss PRUpdates
tar
from 6.1.11 to 6.2.1Release notes
Sourced from tar's releases.
Changelog
Sourced from tar's changelog.
... (truncated)
Commits
bef7b1e
6.2.1fe8cd57
prevent extraction in excessively deep subfoldersfe7ebfd
remove security.md5bc9d40
6.2.0fe1ef5e
changelog 6.2e483220
get rid of npm lint stuff689928a
ci that works outside of npm orgdb6f539
file inference improvements for .tbr and .tgz336fa8f
refactor: dry and other pr commentseeba222
chore: lint fixesUpdates
ajv
from 6.12.6 to 8.12.0Release notes
Sourced from ajv's releases.
... (truncated)
Commits
bf1266a
8.12.0321fad6
update node versions (#2195)c5c195b
fix JTD discriminator with more than 8 properties, fixes #1971 (#2194)527d43a
build(deps-dev): bump@rollup/plugin-commonjs
from 23.0.7 to 24.0.0 (#2184)2e5884b
build(deps-dev): bump@rollup/plugin-typescript
from 9.0.2 to 10.0.1 (#2193)a697668
build(deps-dev): bump@rollup/plugin-json
from 5.0.2 to 6.0.0 (#2183)dab8504
special case empty object for jtd (#2158)d2c57d9
build(deps-dev): bump@rollup/plugin-typescript
from 8.5.0 to 9.0.2 (#2160)a489265
correctly narrow "number" type to "integer", fixes #1935 (#2192)a211e8d
JTD empty values schema, fixes #1949 (#2191)Updates
express
from 4.17.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
pkg
from 5.8.0 to 5.8.1Release notes
Sourced from pkg's releases.
Commits
5dc987b
5.8.1f19285d
fix: add force flag to codesign to avoid already signed error (#1756)e3ac490
chore: bump prebuild-install@7.1.1 (#1788)be1123c
style: fix typo in test-99-#1192/main.js (#1790)614c02a
chore: upgrade actions runners (#1767)39e9985
chore: remove unused entry (#1766)b8deba4
chore: use@types/babel__generator
package (#1755)332c7d9
chore: separate individual test scripts (#1759)6efa7cf
chore: add prettier check in linting step (#1764)56135b5
chore: clean up obsolete eslint disable comments (#1760)Updates
webpack
from 5.54.0 to 5.76.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
97b1718
Merge pull request #16781 from askoufis/loader-context-target-typeb84efe6
Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perfc98e9e0
Merge pull request #16493 from piwysocki/patch-15f34acf
feat: Addtarget
toLoaderContext
typeb7fc4d8
Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-1616063ea82d
Merge branch 'webpack:main' into patch-14ba2252
Merge pull request #16446 from akhilgkrishnan/patch-11acd635
Merge pull request #16613 from jakebailey/ts-logo302eb37
Merge pull request #16614 from jakebailey/html5-logocfdb1df
Improve performance of hashRegExp lookupMaintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.
Updates
ansi-regex
from 2.1.1 to 4.1.1Commits
f545bdb
3.0.1c57d4c2
fix a few old XO issues for backport419250f
Fix potential ReDoS (#37)Updates
qs
from 6.7.0 to 6.11.0Changelog
Sourced from qs's changelog.
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by ljharb, a new releaser for qs since your current version.
Updates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Micro-Learning Topic: Open redirect (Detected by phrase)
Matched on "open redirect"
What is this? (2min video)
This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).
Try a challenge in Secure Code Warrior
Helpful references
Micro-Learning Topic: Race condition (Detected by phrase)
Matched on "race condition"
What is this? (2min video)
A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.
Try a challenge in Secure Code Warrior
Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information
Processing PR updates...
Check out the playback for this Pull Request here.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Share
- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)Tips
### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commitThanks @dependabot[bot] for opening this PR!
For COLLABORATOR only :
To add labels, comment on the issue
/label add label1,label2,label3
To remove labels, comment on the issue
/label remove label1,label2,label3
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
+21
+10
+1
0
🚮 Removed packages: npm/esprima@3.1.3
View full report↗︎