Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
Fix object pollution vulnerability in math.config. Thanks Snyk.
2020-10-07, version 7.5.0
Function pickRandom now allows randomly picking elements from matrices
with 2 or more dimensions instead of only from a vector, see #1974.
Thanks @KonradLinkowski.
2020-10-07, version 7.4.0
Implemented support for passing a precision in functions ceil, floor,
and fix, similar to round, see #1967, #1901. Thanks @rnd-debug.
Implement a clear error message when using sqrtm with a matrix having
more than two dimensions. Thanks @KonradLinkowski.
Update dependency decimal.js to 10.2.1.
2020-09-26, version 7.3.0
Implemented functions usolveAll and lsolveAll, see #1916. Thanks @m93a.
Implemented support for units in functions std and variance, see #1950.
Thanks @rnd-debug.
Implemented support for binary, octal, and hexadecimal notation in the
expression parser, and implemented functions bin, oct, and hex for
formatting. Thanks @clnhlzmn.
Fix #1964: inconsistent calculation of negative dividend modulo for
BigNumber and Fraction. Thanks @ovk.
Implemented support for norm 2 for matrices in function norm.
Thanks @rnd-debug.
2020-07-13, version 7.1.0
Implement support for recursion (self-referencing) of typed-functions,
new in typed-function@2.0.0. This fixes #1885: functions which where
extended with a new data type did not always work. Thanks @nickewing.
Fix #1899: documentation on expression trees still using old namespace
math.expression.node.* instead of math.*.
2020-06-24, version 7.0.2
Fix #1882: have DenseMatrix.resize and SparseMatrix.resize accept
DenseMatrix and SparseMatrix as inputs too, not only Array.
Fix functions sum, prod, min, and max not throwing a conversion error
when passing a single string, like sum("abc").
Set req.authInfo by default when using the assignProperty option to
authenticate() middleware. This makes the behavior the same as when not using
the option, and can be disabled by setting authInfo option to false.
[0.6.0] - 2022-05-20
Added
authenticate(), req#login, and req#logout accept a
keepSessionInfo: true option to keep session information after regenerating
the session.
Changed
req#login() and req#logout() regenerate the the session and clear session
information by default.
req#logout() is now an asynchronous function and requires a callback
function as the last argument.
Security
Improved robustness against session fixation attacks in cases where there is
physical access to the same system or the application is susceptible to
cross-site scripting (XSS).
[0.5.3] - 2022-05-16
Fixed
initialize() middleware extends request with login(), logIn(),
logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions
again, reverting change from 0.5.1.
[0.5.2] - 2021-12-16
Fixed
Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x or earlier (such as passport-azure-ad), which were
broken by the removal of private variables in passport@0.5.1.
[0.5.1] - 2021-12-15
Added
Informative error message in session strategy if session support is not
available.
Changed
authenticate() middleware, rather than initialize() middleware, extends
request with login(), logIn(), logout(), logOut(), isAuthenticated(),
and isUnauthenticated() functions.
This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LouisLalonde/LOG8100-TP2-MOCK/network/alerts).
Bumps the npm_and_yarn group with 8 updates in the /dvna directory:
1.0.35.1.12.7.43.1.100.4.01.5.10.18.81.0.113.10.17.5.11.7.03.11.30.4.10.7.04.44.46.37.4Updates
bcryptfrom 1.0.3 to 5.1.1Release notes
Sourced from bcrypt's releases.
... (truncated)
Changelog
Sourced from bcrypt's changelog.
... (truncated)
Commits
33043f5v5.1.1571d7abMerge pull request #993 from kelektiv/deps-update24aa2a2Update dependencies11d2dddMerge pull request #968 from laijonathan/zos_fix0884c5bMerge pull request #894 from lpizzinidev/patch-1fc225b1Merge pull request #960 from kelektiv/release-v5-1-0809ad03Prepare for v5.1.09eec9e8Merge pull request #959 from kelektiv/release-v5-1-0b309eafPin NAPI to v39d6516aMerge pull request #958 from kelektiv/jestMaintainer changes
This version was pushed to npm by amitosh, a new releaser for bcrypt since your current version.
Updates
ejsfrom 2.7.4 to 3.1.10Release notes
Sourced from ejs's releases.
Commits
d3f807dVersion 3.1.109ee26ddMocha TDDe469741Basic pollution protection715e950Merge pull request #756 from Jeffrey-mu/maincabe314Include advanced usage examples29b076cAdded header11503c7Merge branch 'main' of github.com:mde/ejs into main7690404Added security banner to READMEf47d7aeUpdate SECURITY.md828cea1Update SECURITY.mdUpdates
express-fileuploadfrom 0.4.0 to 1.5.1Release notes
Sourced from express-fileupload's releases.
... (truncated)
Commits
2bc6274Merge pull request #375 from Kpovoc/master7349650PR 375: Suggested changesa230423Issue 374: Allow an option to choose the hashing algorithm3325e62Merge pull request #372 from RomanBurunkov/master4cdd94aUpd. deps & bump version to 1.5.03c715bfUse refresh for upload timer, instead of creating new timer each data chunk4313856Merge pull request #371 from RobinTail/feat-custom-loggercb317f7Readme: minor, adjusting the actual type of the log method consumed (single a...586d2fcReadme: reducing diff.d660b60CR: making logger option to be console by default.Maintainer changes
This version was pushed to npm by romon2002, a new releaser for express-fileupload since your current version.
Updates
libxmljsfrom 0.18.8 to 1.0.11Release notes
Sourced from libxmljs's releases.
Commits
3121013Fix ci darwin arm64 (#639)18c3030v1.0.10b24dbdeBump semver from 5.7.1 to 5.7.2 (#629)dda151fchore: add build steps for node 20 (#635)6507332Update package-lock.jsoncc1606cv1.0.936f0c8bFix resolving flags in parseHtmlAsync and parseXmlAsync (#625)2f1ec9fSave old linux test merge config9734364v1.0.81a2acd2Fix deployUpdates
mathjsfrom 3.10.1 to 7.5.1Changelog
Sourced from mathjs's changelog.
... (truncated)
Commits
2594c69Publish v7.5.1ecb8051Fix object pollution vulnerability inmath.configa2858e2Publish v7.5.0a72deb3Update historyc5ab722Merge branch 'pickrandom-allow-any-array)' of https://github.com/KonradLinkow...7575156Publish v7.4.0642db06Update history439ec41Feat/rotate matrix (#1984)7854a9bUpdate historya5cbb6apickRandom - flatten the arrayUpdates
mysql2from 1.7.0 to 3.11.3Release notes
Sourced from mysql2's releases.
... (truncated)
Changelog
Sourced from mysql2's changelog.
... (truncated)
Commits
Updates
passportfrom 0.4.1 to 0.7.0Changelog
Sourced from passport's changelog.
... (truncated)
Commits
33b92f90.7.08dd8ec5Update changelog.2815dc9Merge pull request #1012 from jaredhanson/authinfo-assignprop0f2f81cFix test to allow setting of authInfo with assignProperty.b4e4cffFix test to allow setting of authInfo from authorize call.da379a0Merge branch 'master' into authinfo-assignpropcfdbd4aUpdate sponsors.6cc8a7cUpdate sponsors.b6ab747Update sponsors.c521bc8Add FusionAuth as sponsor.Updates
sequelizefrom 4.44.4 to 6.37.4Release notes
Sourced from sequelize's releases.
... (truncated)
Commits
78a9733meta: ignore mssql failures for releasing v6 (#17524)5deadd2fix(oracle): validate input with TO_TIMESTAMP_TZ and TO_DATE (#17516)b9e71a7fix(oracle): add support for Oracle Database 23ai (#17345)6aba382fix(postgres): use schema for foreign key constrains of a table (#17099)7c8972ffix: addreadOnlyto the transaction options types and docs (#17226)505467bfix(types): Add definition ofreturninginSaveOptions. (#16954)e81200efeat(postgres): support connectionTimeoutMillis dialectOption (#14119)a250058feat(postgres): backport stream dialectOption to v6 (#16868)cb8ea88fix: sort keys by depth in groupJoinData (#16823)47cba67fix(mssql): allow calling describeTable a table with a dot in its name (#16769)Maintainer changes
This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show