GoogleChrome / lighthouse-ci

Automate running Lighthouse for every commit, viewing the changes, and preventing regressions
Apache License 2.0
6.45k stars 651 forks source link

chore(deps): bump the npm_and_yarn group across 3 directories with 19 updates #1061

Open dependabot[bot] opened 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package From To
mysql2 2.1.0 3.9.8
debug 4.3.1 4.3.2
express 4.16.4 4.19.2
yargs-parser 13.1.2 15.0.1
plotly.js 1.48.3 2.25.2
acorn 5.7.3 5.7.4
ejs 3.1.9 3.1.10
es5-ext 0.10.50 0.10.64
json5 1.0.1 1.0.2
minimatch 3.0.4 3.1.2
mixin-deep 1.3.1 1.3.2
moment 2.26.0 2.30.1
qs 6.5.2 6.5.3
underscore 1.9.1 1.13.6
webpack-dev-middleware 6.1.1 6.1.3
word-wrap 1.2.3 1.2.5

Bumps the npm_and_yarn group with 1 update in the /docs/recipes/docker-server directory: mysql2. Bumps the npm_and_yarn group with 1 update in the /packages/server directory: plotly.js.

Updates mysql2 from 2.1.0 to 3.9.8

Release notes

Sourced from mysql2's releases.

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

  • SSL: separate each certificate into an individual item #2542 (63f1055)
  • security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
    • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • security: improve results object creation (#2574) (4a964a3)
    • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.8 (2024-05-26)

Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

3.9.7 (2024-04-21)

Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

  • docs: improve the contribution guidelines (#2552) (8a818ce)
  • security: improve results object creation (#2574) (4a964a3)
  • security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

  • security: improve cache key formation (#2424) (0d54b0c)
    • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

... (truncated)

Commits
  • f637d3f chore(master): release 3.9.8 (#2700)
  • efe3db5 fix(security): sanitize fields and tables when using nestTables (#2702)
  • 2e03694 fix: support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2...
  • 8b5f691 fix(typings): typo from jonServerPublicKey to onServerPublicKey (#2699)
  • 5c75802 build(deps-dev): bump tsx from 4.10.5 to 4.11.0 in /website (#2695)
  • 179769f build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#2696)
  • 56289e2 build(deps-dev): bump poku from 1.12.1 to 1.13.0 (#2698)
  • b029308 build(deps-dev): bump poku from 1.12.1 to 1.13.0 in /website (#2697)
  • 539acb8 build(deps): bump lucide-react from 0.378.0 to 0.379.0 in /website (#2693)
  • dc80580 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 i...
  • Additional commits viewable in compare view


Updates debug from 4.3.1 to 4.3.2

Release notes

Sourced from debug's releases.

4.3.2

Patch release 4.3.2

  • Caches enabled statuses on a per-logger basis to speed up .enabled checks (#799)

Thank you @​omg!

Commits


Updates express from 4.16.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates yargs-parser from 13.1.2 to 15.0.1

Commits


Updates plotly.js from 1.48.3 to 2.25.2

Release notes

Sourced from plotly.js's releases.

v2.25.2

Changed

  • Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

  • Fix potential prototype pollution in plot API calls [#6703, 6704]

v2.25.1

Fixed

  • Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

v2.25.0

Added

  • Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
  • Add options to include legends for shapes and newshape [#6653]
  • Add Plotly.deleteActiveShape command [#6679]

Fixed

  • Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
  • Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
  • Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

v2.24.3

Fixed

  • Fix double clicking one item in a legend hides traces in other legends [#6655]
  • Fix double click pie slices when having multiple legends [#6657]
  • Fix per legend group and traceorder defaults when having multiple legends [#6664]

v2.24.2

Fixed

  • Fix legend groups toggle (regression introduced in 2.22.0) #6639
  • Fix waterfall hovertemplate not showing delta on totals similar #6635

v2.24.1

Fixed

  • Fix minimal copying of arrays in minExtend function (regression introduced in 2.24.0) #6632

v2.24.0

Added

Fixed

  • Fix to prevent accessing undefined (hoverText.hoverLabels) in case all currently shown markers have hoverinfo: "none" (regression introduced in 2.6.0) #6614,

... (truncated)

Changelog

Sourced from plotly.js's changelog.

[2.25.2] -- 2023-08-11

Changed

  • Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

  • Fix potential prototype pollution in plot API calls [#6703, 6704]

[2.25.1] -- 2023-08-02

Fixed

  • Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

[2.25.0] -- 2023-07-25

Added

  • Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
  • Add options to include legends for shapes and newshape [#6653]
  • Add Plotly.deleteActiveShape command [#6679]

Fixed

  • Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
  • Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
  • Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

[2.24.3] -- 2023-07-05

Fixed

  • Fix double clicking one item in a legend hides traces in other legends [#6655]
  • Fix double click pie slices when having multiple legends [#6657]
  • Fix per legend group and traceorder defaults when having multiple legends [#6664]

[2.24.2] -- 2023-06-09

Fixed

  • Fix legend groups toggle (regression introduced in 2.22.0) #6639
  • Fix waterfall hovertemplate not showing delta on totals similar #6635

[2.24.1] -- 2023-06-07

Fixed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by archmoj, a new releaser for plotly.js since your current version.


Updates acorn from 5.7.3 to 5.7.4

Commits


Updates bl from 1.2.2 to 2.2.1

Release notes

Sourced from bl's releases.

v2.2.1

Fix unintialized memory access

v2.2.0

  • Add indexOf docs #60
  • fix empty shallowSlice return #65

v2.1.2

  • use ES3 only #62

v2.1.1

  • Use native indexOf whenever possible #61

v2.1.0

  • Added indexOf #59

v2.0.1

  • Use require('readable-stream').Duplex #56

v2.0.0

  • Added support for readUIntLE and companions #55
Commits
  • 8cb93f4 Bumped v2.2.1
  • dacc4ac Fix unintialized memory access
  • b6284a8 Bumped v2.2.0.
  • 538a988 Merge pull request #60 from reconbot/reconbot/indexof-readme
  • 635b6ce Merge pull request #65 from reconbot/reconbot/empty-slice
  • 9b80b00 fix: empty shallowSlice return
  • 055a3ff Merge pull request #63 from nwoltman/patch-1
  • c768eb8 Use Buffer.from() in the documentation
  • 270e5f5 Bumped v2.1.2
  • 91cbaf9 Merge pull request #62 from jhaenchen/DontUseES2015Const
  • Additional commits viewable in compare view


Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits


Updates es5-ext from 0.10.50 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements


Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements


Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view


Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits


Updates minimatch from 3.0.4 to 3.1.2

Commits


Updates minimist from 0.0.5 to 0.0.8

Changelog

Sourced from minimist's changelog.

v0.0.8 - 2014-02-20

Commits

  • return '' if flag is string and empty fa63ed4
  • handle joined single letters 66c248f

v0.0.7 - 2014-02-08

Commits

  • another swap of .test for .match d1da408

v0.0.6 - 2014-02-08

Commits

  • use .test() instead of .match() to not crash on non-string values in the arguments array 7e0d1ad
Commits


Updates mixin-deep from 1.3.1 to 1.3.2

Commits
Maintainer changes

This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version.


Updates moment from 2.26.0 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

2.30.0 Full changelog

  • Release Dec 26, 2023

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits


Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)