search

HarmlessKey / Shieldmaiden

A combat tracker and other tools for Dungeons & Dragons 5e. Shieldmaiden is the ultimate D&D 5e DM companion app. Manage encounters, track combat & health bars, import D&D Beyond characters, and much more.
https://shieldmaiden.app
Other
27 stars 8 forks source link

Bump the npm_and_yarn group with 7 updates #245

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 7 updates:

Package From To
@grpc/grpc-js 1.9.14 1.10.10
postcss 7.0.39 8.4.38
@quasar/app 2.4.3 3.3.3
braces 2.3.2 3.0.2
express 4.17.3 4.17.2
webpack-dev-middleware 3.7.3 5.3.4
ws 6.2.2 7.5.9

Updates @grpc/grpc-js from 1.9.14 to 1.10.10

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.10

  • Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
  • Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
  • Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
  • Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
  • Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

  • Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

  • Improve reporting of HTTP error codes (#2723)
  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

  • Fix a bug that could cause a server to sometimes send the status early (#2708)

@​grpc/grpc-js 1.10.5

  • Resolve exception when Error.stackTraceLimit is undefined (#2701 contributed by @​davidfiala)
  • Call configured checkServerIdentity when grpc.ssl_target_name_override is set (#2704)
  • Add more information to DEADLINE_EXCEEDED error details strings (#2692)

@​grpc/grpc-js 1.10.4

  • Fix a bug that caused server interceptors to crash when using partially-populated ResponderBuilder and ListenerBuilder objects (#2696)
  • Avoid sending RST_STREAM from the client when the server has already finished its side of the stream (#2695)

@​grpc/grpc-js 1.10.3

  • Revert client reconnection changes in #2680 (#2691)

@​grpc/grpc-js 1.10.2

  • Implement server connection idle timeouts and improve channelz performance (#2677 contributed by @​AVVS)
  • Fix a bug that caused clients to automatically reconnect even when there were no active requests (#2680)
  • Modify order of server call events to more closely match pre-1.10.x behavior (#2683)

@​grpc/grpc-js 1.10.1

  • Fix a bug causing channels using the round_robin LB policy to fail to reconnect after a connection drops (#2667)

@​grpc/grpc-js-xds 1.10.1

  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js-xds 1.10.0

@​grpc/grpc-js 1.10.0

... (truncated)

Commits
  • c934257 Merge pull request #2778 from murgatroid99/grpc-js_1.10.10
  • 3c55b5b Merge pull request #2777 from murgatroid99/grpc-js_1.10_backports
  • 97c4cda Merge pull request #2779 from murgatroid99/grpc-js_max_send_message_size_fix
  • 42844cf grpc-js: Re-add client-side max send message size checking
  • cbab4e5 grpc-js: Bump to 1.10.10
  • 5ae5514 fix: add decoding for url encoded user credentials
  • e759029 HTTP CONNECT: handle early server packets
  • 5c0226d Merge pull request #2760 from davidfiala/@grpc/grpc-js@1.10.x
  • 52fe8e9 Merge pull request #2772 from murgatroid99/grpc-js_cardinality_error_hang
  • 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
  • Additional commits viewable in compare view


Updates postcss from 7.0.39 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

8.4.37

  • Fixed original.column are not numbers error in another case.

8.4.36

  • Fixed original.column are not numbers error on broken previous source map.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

8.4.33

8.4.32

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.38

8.4.37

  • Fixed original.column are not numbers error in another case.

8.4.36

  • Fixed original.column are not numbers error on broken previous source map.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

  • Fixed AtRule#nodes type (by Tim Weißenfels).
  • Cleaned up code (by Dmitry Kirillov).

8.4.33

  • Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
  • Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

  • Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

... (truncated)

Commits
  • a69d45e Release 8.4.38 version
  • 64e35d9 Update dependencies
  • c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
  • b45e7e9 fix endIndex
  • 1bea246 failing test: for endIndex 0 in rangeBy
  • 0fd1d86 Add changelog auto release on Github
  • 49c906e Release 8.4.37 version
  • b5bd92c Fix another broken prev source map issue
  • 2882039 Update dependencies
  • e5ad939 Release 8.4.36 version
  • Additional commits viewable in compare view


Updates @quasar/app from 2.4.3 to 3.3.3

Commits
  • ad27458 chore(app): Bump version
  • f6856ac feat(app): upgrade deps
  • ba04f89 feat(docs): update vue links (since v3 is now default/latest version)
  • 453dfda feat(docs): update vue links (since v3 is now default/latest version)
  • 656a42d fix(app): Capacitor not opening IDE when configured to do so (regression) #12368
  • 2437d97 feat(docs): make some instances of quasar.conf more clear that they refer to ...
  • 9f8a083 chore(ui): Bump version
  • 7d9ab19 feat(ui): various small improvements
  • 7dfca62 feat(TS/QForm): broaden the definition of the submit event #12399
  • dc6d64a Merge branch 'dev' of github.com:quasarframework/quasar into dev
  • Additional commits viewable in compare view


Updates braces from 2.3.2 to 3.0.2

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed

Non-breaking changes

  • Caching was removed
Commits


Updates express from 4.17.3 to 4.17.2

Changelog

Sourced from express's changelog.

4.17.3 / 2022-02-16

  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: negotiator@0.6.3
  • deps: body-parser@1.19.2
    • deps: bytes@3.1.2
    • deps: qs@6.9.7
    • deps: raw-body@2.4.3
  • deps: cookie@0.4.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy

4.17.2 / 2021-12-16

  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: body-parser@1.19.1
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
    • deps: qs@6.9.6
    • deps: raw-body@2.4.2
    • deps: safe-buffer@5.2.1
    • deps: type-is@~1.6.18
  • deps: content-disposition@0.5.4
    • deps: safe-buffer@5.2.1
  • deps: cookie@0.4.1
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: forwarded@0.2.0
    • deps: ipaddr.js@1.9.1
  • deps: qs@6.9.6
  • deps: safe-buffer@5.2.1
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
  • deps: serve-static@1.14.2
    • deps: send@0.17.2
  • deps: setprototypeof@1.2.0

4.17.1 / 2019-05-25

... (truncated)

Commits


Updates webpack-dev-middleware from 3.7.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

  • node types (#1195) (d68ab36)
  • compatibility with Node.js 18

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

v5.3.0

5.3.0 (2021-12-16)

Features

v5.2.2

5.2.2 (2021-11-17)

Chore

  • update schema-utils package to 4.0.0 version

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

5.3.2 (2022-05-17)

Bug Fixes

5.3.1 (2022-02-01)

Bug Fixes

5.3.0 (2021-12-16)

Features

5.2.2 (2021-11-17)

Chore

  • update schema-utils package to 4.0.0 version

5.2.1 (2021-09-25)

  • internal release, no visible changes and features

5.2.0 (2021-09-24)

... (truncated)

Commits


Updates ws from 6.2.2 to 7.5.9

Release notes

Sourced from ws's releases.

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

  • Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

  • Backported b8186dd1 to the 7.x release line (73dec34b).
  • Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

  • Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

  • Backported 6a72da3e to the 7.x release line (76087fbf).
  • Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

  • The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
  • Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
  • Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

  • The opening handshake is now aborted if the client receives a Sec-WebSocket-Extensions header but no extension was requested or if the server indicates an extension not requested by the client (aca94c86).

... (truncated)

Commits
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • a370613 [dist] 7.5.7
  • 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
  • 8ecd890 [dist] 7.5.6
  • 22a26af [fix] Resume the socket in the CLOSING state
  • 73dec34 [fix] Do not throw if the redirect URL is invalid
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/HarmlessKey/Shieldmaiden/network/alerts).
sonarcloud[bot] commented 4 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

dependabot[bot] commented 4 months ago

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.