search

Baeldung / spring-security-oauth

Just Announced - "Learn Spring Security OAuth":
http://bit.ly/github-lsso
MIT License
1.99k stars 1.95k forks source link

Bump tough-cookie and @angular-devkit/build-angular in /oauth-legacy/oauth-ui-password-angular-legacy/src/main/resources #439

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps tough-cookie to 4.1.3 and updates ancestor dependency @angular-devkit/build-angular. These dependencies need to be updated together.

Updates tough-cookie from 2.4.3 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • b1a8898 fix: allow set cookies with localhost (#253)
  • ec70796 4.1.1 Patch -- allow special use domains by default (#250)
  • d4ac580 fix: allow special use domains by default (#249)
  • 79c2f7d 4.1.0 release to NPM (#245)
  • 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
  • aa4396d fix: distinguish between no samesite and samesite=none (#240)
  • b8d7511 Modernize README (#234)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.


Updates @angular-devkit/build-angular from 0.13.7 to 16.2.3

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v16.2.3

16.2.3 (2023-09-20)

@​angular-devkit/build-angular

Commit Description
fix - 39643bee1 correctly re-point RXJS to ESM on Windows
fix - d8d116b31 several windows fixes to application builder prerendering

@​ngtools/webpack

Commit Description
fix - f1195d035 fix recursion in webpack resolve

v16.2.2

16.2.2 (2023-09-13)

@​angular-devkit/build-angular

Commit Description
fix - e3a40a49a support dev server proxy pathRewrite field in Vite-based server

v16.2.1

16.2.1 (2023-08-30)

@​angular-devkit/build-angular

Commit Description
fix - 221ab2483 display warning when using resourcesOutputPath with esbuild builder
fix - fe752ad87 encode Sass package resolve directories in importer URLs
fix - 82b0f94fd handle HMR updates of global CSS when using Vite
fix - 6a48a11b8 update vite to be able to serve app-shell and SSG pages
fix - fdb16f7cd use correct type for extraEntryPoints

v16.2.0

16.2.0 (2023-08-09)

@​angular-devkit/build-angular

Commit Description
feat - e6b377436 add ssr option in application builder
feat - c05c83be7 add initial application builder implementation
feat - 095f5aba6 add initial support for server bundle generation using esbuild
feat - cb165a75d add pre-rendering (SSG) and App-shell support generation to application builder
feat - 2a3fc6846 add preload hints based on transitive initial files
feat - 099cec758 add support for serving SSR with dev-server when using the application builder
fix - 449e21b3a correctly load dev server assets with vite 4.4.0+
fix - f42f10135 ensure preload hints for external stylesheets are marked as styles
fix - 7defb3635 ensure that server dependencies are loaded also in ssr entrypoint
fix - 05f31bd28 prevent race condition in setting up sass worker pool
fix - 5048f6e82 Set chunk names explicitly

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

16.2.3 (2023-09-20)

@​angular-devkit/build-angular

Commit Type Description
39643bee1 fix correctly re-point RXJS to ESM on Windows
d8d116b31 fix several windows fixes to application builder prerendering

@​ngtools/webpack

Commit Type Description
f1195d035 fix fix recursion in webpack resolve

17.0.0-next.4 (2023-09-13)

Breaking Changes

@​schematics/angular

  • Routing is enabled by default for new applications when using ng generate application and ng new. The --no-routing command line option can be used to disable this behaviour.
  • rootModuleClassName, rootModuleFileName and main options have been removed from the public pwa and app-shell schematics.

@​schematics/angular

Commit Type Description
1a6a139aa feat enable routing by default for new applications
3f8aa9d8c feat update ng new to use the esbuild application builder based builder

@​angular-devkit/build-angular

Commit Type Description
2f299fc7b fix account for styles specified as string literals and styleUrl
e41e2015b fix avoid spawning workers when there are no routes to prerender
c11a0f0d3 fix support custom index option paths in Vite-based dev server
7d3fd226c fix support dev server proxy pathRewrite field in Vite-based server
4b67d2afd perf use single JS transformer instance during dev-server prebundling

@​ngtools/webpack

Commit Type Description
f43754570 feat add automated preconnects for image domains

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular-devkit/build-angular since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Baeldung/spring-security-oauth/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.