Closed renovate[bot] closed 4 months ago
vercel[bot]
commented
4 months ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| styled-code-formats | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Apr 23, 2024 5:58pm |
github-actions[bot]
commented
4 months ago Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.
github-actions[bot]
commented
4 months ago Is your PR ready for review and processing? Mark the PR ready by including #pr-ready in a comment.
If you still have work to do, even after marking this ready. Put the PR on hold by including #pr-onhold in a comment.
github-actions[bot]
commented
4 months ago Thanks for the PR!
This section of the codebase is owner by https://github.com/AlexRogalskiy/ - if they write a comment saying "LGTM" then it will be merged.
socket-security[bot]
commented
4 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@typescript-eslint/eslint-plugin@5.62.0 | Transitive: environment, filesystem | +34 |
6.72 MB | jameshenry |
| npm/@typescript-eslint/parser@5.62.0 | Transitive: environment, filesystem | +23 |
1.91 MB | jameshenry |
| npm/eslint-config-prettier@8.10.0 | None | 0 |
19.9 kB | lydell |
| npm/eslint-plugin-jest@27.9.0 | filesystem Transitive: environment | +30 |
3.28 MB | simenb |
| npm/eslint@8.57.0 | environment, filesystem Transitive: eval, shell, unsafe | +63 |
11 MB | eslintbot |
| npm/formidable@3.5.1 | None | +3 |
210 kB | grossacasacs |
🚮 Removed packages: npm/@types/lunr@2.3.3, npm/@typescript-eslint/eslint-plugin@4.15.1, npm/@typescript-eslint/parser@4.15.1, npm/eslint-config-prettier@6.15.0, npm/eslint-plugin-jest@23.20.0, npm/eslint@7.20.0, npm/formidable@1.2.2
This PR contains the following updates:
^1.2.2->^3.0.0GitHub Vulnerability Alerts
CVE-2022-29622
Disputed: An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename.
Release Notes
node-formidable/formidable (formidable)
### [`v3.2.4`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#324) [Compare Source](https://togithub.com/node-formidable/formidable/compare/971e3a7f2c6510ee803dcace68ce850a9d573c21...v3.2.4) - fix: ([#857](https://togithub.com/node-formidable/formidable/pull/857)) improve keep extension - The code from before 3.2.4 already removed some characters from the file extension. But not always. So it was inconsistent. - The new code cuts the file extension at the first invalid character (invalid in a file extension). - The characters that are considered invalid inside a file extension are all except the . numbers and a-Z. - This change only has an effect if filename option is not used and keepextension option is used ### [`v3.2.3`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#323) [Compare Source](https://togithub.com/node-formidable/formidable/compare/64f32c2d5486918b2b8afdc2c6cc994d5f9a4a61...971e3a7f2c6510ee803dcace68ce850a9d573c21) - fix: ([#852](https://togithub.com/node-formidable/formidable/pull/852)) end event is emitted once ### [`v3.2.1`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#321) [Compare Source](https://togithub.com/node-formidable/formidable/compare/3.2.0...64f32c2d5486918b2b8afdc2c6cc994d5f9a4a61) - fix: do not let empty file on error ([#796](https://togithub.com/node-formidable/formidable/pull/796)) - it was probably due to the fact that .destroy on a file stream does not always complete on time ### [`v3.2.0`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#320) [Compare Source](https://togithub.com/node-formidable/formidable/compare/27fdf692da49b37f1055eaf444628ffca699a06c...3.2.0) - feat: maxFileSize option is now per file (as the name suggests) ([#791](https://togithub.com/node-formidable/formidable/pull/791)) - feat: add maxFiles option, default Infinity - feat: add maxTotalFileSize, default is maxFileSize (for backwards compatibility) - fix: minFileSize is per file - fix: allowEmptyFiles fix in cases where one file is not empty - fix: allowEmptyFiles false option by default - fix: rename wrongly named error - refactor: rename wrongly named maxFileSize into maxTotalFileSize ### [`v3.1.5`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#315) [Compare Source](https://togithub.com/node-formidable/formidable/compare/3.1.4...27fdf692da49b37f1055eaf444628ffca699a06c) - fix: PersistentFile.toString ([#796](https://togithub.com/node-formidable/formidable/pull/796)) ### [`v3.1.4`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#314) [Compare Source](https://togithub.com/node-formidable/formidable/compare/babb94e9d88541beec3d3ce951e6d848627b23b9...3.1.4) - fix: add missing pluginFailed error ([#794](https://togithub.com/node-formidable/formidable/pull/794)) - refactor: use explicit node imports ([#786](https://togithub.com/node-formidable/formidable/issues/786)) ### [`v3.1.3`](https://togithub.com/node-formidable/formidable/compare/bbf3e8b17e2e5662087749a51b570894bef3647e...babb94e9d88541beec3d3ce951e6d848627b23b9) [Compare Source](https://togithub.com/node-formidable/formidable/compare/bbf3e8b17e2e5662087749a51b570894bef3647e...babb94e9d88541beec3d3ce951e6d848627b23b9) ### [`v2.1.2`](https://togithub.com/node-formidable/formidable/compare/bbf3e8b17e2e5662087749a51b570894bef3647e...bbf3e8b17e2e5662087749a51b570894bef3647e) [Compare Source](https://togithub.com/node-formidable/formidable/compare/bbf3e8b17e2e5662087749a51b570894bef3647e...bbf3e8b17e2e5662087749a51b570894bef3647e) ### [`v2.1.1`](https://togithub.com/node-formidable/formidable/compare/v2.1.0...bbf3e8b17e2e5662087749a51b570894bef3647e) [Compare Source](https://togithub.com/node-formidable/formidable/compare/v2.1.0...bbf3e8b17e2e5662087749a51b570894bef3647e) ### [`v2.1.0`](https://togithub.com/node-formidable/formidable/compare/48521d7c82e6c5ce4dab4014de30f1c7fd8dee91...v2.1.0) [Compare Source](https://togithub.com/node-formidable/formidable/compare/48521d7c82e6c5ce4dab4014de30f1c7fd8dee91...v2.1.0) ### [`v2.0.1`](https://togithub.com/node-formidable/formidable/compare/1c30ec67648eb7ddcf50e548b0cd8bed384fde40...48521d7c82e6c5ce4dab4014de30f1c7fd8dee91) [Compare Source](https://togithub.com/node-formidable/formidable/compare/1c30ec67648eb7ddcf50e548b0cd8bed384fde40...48521d7c82e6c5ce4dab4014de30f1c7fd8dee91) ### [`v2.0.0`](https://togithub.com/node-formidable/formidable/blob/HEAD/CHANGELOG.md#200) [Compare Source](https://togithub.com/node-formidable/formidable/compare/f1d43172da4f8f299f6d84884109809c7ca80422...1c30ec67648eb7ddcf50e548b0cd8bed384fde40) - feat: files are detected if a mimetype is present (previously it was based on filename) - feat: add options.filter ([#716](https://togithub.com/node-formidable/formidable/pull/716)) - feat: add code and httpCode to most errors ([#686](https://togithub.com/node-formidable/formidable/pull/686)) - rename: option.hash into option.hashAlgorithm ([#689](https://togithub.com/node-formidable/formidable/pull/689)) - rename: file.path into file.filepath ([#689](https://togithub.com/node-formidable/formidable/pull/689)) - rename: file.type into file.mimetype ([#689](https://togithub.com/node-formidable/formidable/pull/689)) - refactor: split file.name into file.newFilename and file.originalFilename ([#689](https://togithub.com/node-formidable/formidable/pull/689)) - feat: prevent directory traversal attacks by default ([#689](https://togithub.com/node-formidable/formidable/pull/689)) - meta: stop including test files in npm ([7003c](https://togithub.com/node-formidable/formidable/commit/7003cd6133f90c384081accb51743688d5e1f4be)) - fix: handle invalid filenames ([d0a34](https://togithub.com/node-formidable/formidable/commit/d0a3484b048b8c177e62d66aecb03f5928f7a857)) - feat: add fileWriteStreamHandler option - feat: add allowEmptyFiles and minFileSize options - feat: Array support for fields and files ([#380](https://togithub.com/node-formidable/node-formidable/pull/380), [#340](https://togithub.com/node-formidable/node-formidable/pull/340), [#367](https://togithub.com/node-formidable/node-formidable/pull/367), [#33](https://togithub.com/node-formidable/node-formidable/issues/33), [#498](https://togithub.com/node-formidable/node-formidable/issues/498), [#280](https://togithub.com/node-formidable/node-formidable/issues/280), [#483](https://togithub.com/node-formidable/node-formidable/issues/483)) - possible partial fix of [#386](https://togithub.com/node-formidable/node-formidable/pull/386) with [#380](https://togithub.com/node-formidable/formidable/issues/380) (need tests and better implementation) - refactor: use hasOwnProperty in check against files/fields ([#522](https://togithub.com/node-formidable/node-formidable/pull/522)) - meta: do not promote `IncomingForm` and add `exports.default` ([#529](https://togithub.com/node-formidable/node-formidable/pull/529)) - meta: Improve examples and tests ([#523](https://togithub.com/node-formidable/node-formidable/pull/523)) - refactor: First step of Code quality improvements ([#525](https://togithub.com/node-formidable/node-formidable/pull/525)) - chore(funding): remove patreon & add npm funding field ([#525](https://togithub.com/node-formidable/node-formidable/pull/532) - feat: use Modern Streams API ([#531](https://togithub.com/node-formidable/node-formidable/pull/531)) - fix: urlencoded parsing to emit end [#543](https://togithub.com/node-formidable/node-formidable/pull/543), introduced in [#531](https://togithub.com/node-formidable/node-formidable/pull/531) - fix(tests): include multipart and qs parser unit tests, part of [#415](https://togithub.com/node-formidable/node-formidable/issues/415) - fix: reorganize exports + move parsers to `src/parsers/` - fix: update docs and examples [#544](https://togithub.com/node-formidable/node-formidable/pull/544) ([#248](https://togithub.com/node-formidable/node-formidable/issues/248), [#335](https://togithub.com/node-formidable/node-formidable/issues/335), [#371](https://togithub.com/node-formidable/node-formidable/issues/371), [#372](https://togithub.com/node-formidable/node-formidable/issues/372), [#387](https://togithub.com/node-formidable/node-formidable/issues/387), partly [#471](https://togithub.com/node-formidable/node-formidable/issues/471), [#535](https://togithub.com/node-formidable/node-formidable/issues/535)) - feat: introduce Plugins API, fix silent failing tests ([#545](https://togithub.com/node-formidable/node-formidable/pull/545), [#391](https://togithub.com/node-formidable/node-formidable/pull/391), [#407](https://togithub.com/node-formidable/node-formidable/pull/407), [#386](https://togithub.com/node-formidable/node-formidable/pull/386), [#374](https://togithub.com/node-formidable/node-formidable/pull/374), [#521](https://togithub.com/node-formidable/node-formidable/pull/521), [#267](https://togithub.com/node-formidable/node-formidable/pull/267)) - fix: exposing file writable stream errors ([#520](https://togithub.com/node-formidable/node-formidable/pull/520), [#316](https://togithub.com/node-formidable/node-formidable/pull/316), [#469](https://togithub.com/node-formidable/node-formidable/pull/469), [#470](https://togithub.com/node-formidable/node-formidable/pull/470)) - feat: custom file (re)naming, thru options.filename ([#591](https://togithub.com/node-formidable/node-formidable/pull/591), [#84](https://togithub.com/node-formidable/node-formidable/issues/84), [#86](https://togithub.com/node-formidable/node-formidable/issues/86), [#94](https://togithub.com/node-formidable/node-formidable/issues/94), [#154](https://togithub.com/node-formidable/node-formidable/issues/154), [#158](https://togithub.com/node-formidable/node-formidable/issues/158), [#488](https://togithub.com/node-formidable/node-formidable/issues/488), [#595](https://togithub.com/node-formidable/node-formidable/issues/595)) ### [`v1.2.6`](https://togithub.com/node-formidable/formidable/compare/c0f0f92c81e03ee604b518159e1c0d08b23261c1...f1d43172da4f8f299f6d84884109809c7ca80422) [Compare Source](https://togithub.com/node-formidable/formidable/compare/c0f0f92c81e03ee604b518159e1c0d08b23261c1...f1d43172da4f8f299f6d84884109809c7ca80422) ### [`v1.2.5`](https://togithub.com/node-formidable/formidable/compare/dcff40c5ae59f9c98e7ea480d3056360529b10d3...c0f0f92c81e03ee604b518159e1c0d08b23261c1) [Compare Source](https://togithub.com/node-formidable/formidable/compare/dcff40c5ae59f9c98e7ea480d3056360529b10d3...c0f0f92c81e03ee604b518159e1c0d08b23261c1) ### [`v1.2.4`](https://togithub.com/node-formidable/formidable/compare/v1.2.3...dcff40c5ae59f9c98e7ea480d3056360529b10d3) [Compare Source](https://togithub.com/node-formidable/formidable/compare/v1.2.3...dcff40c5ae59f9c98e7ea480d3056360529b10d3)Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Moscow, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.