MatthieuLemoine / electron-push-receiver

A module to bring Web Push support to Electron allowing it to receive notifications from Firebase Cloud Messaging (FCM).
https://medium.com/@MatthieuLemoine/my-journey-to-bring-web-push-support-to-node-and-electron-ce70eea1c0b0
MIT License
194 stars 69 forks source link

⬆️ Bump protobufjs from 6.8.0 to 6.8.8 #58

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 5 years ago

Bumps protobufjs from 6.8.0 to 6.8.8.

Release notes *Sourced from [protobufjs's releases](https://github.com/dcodeIO/protobuf.js/releases).* > ## 6.8.6 > This is a security patch: > > * Fixes `typeRefRe` used in the parser (1.X-6.8.5) being vulnerable to [ReDoS](https://en.wikipedia.org/wiki/ReDoS) as reported by James Davis. Relevant where a user is allowed to provide .proto sources for parsing. Applications using trusted .proto definitions, JSON descriptors or static code exclusively are not affected.
Changelog *Sourced from [protobufjs's changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md).* > # [6.8.8](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.8) > > ## Fixed > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/3001425b0d896d14188307cd0cc84ce195ad9e04) Persist recent index.d.ts changes in JSDoc
> > # [6.8.7](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.7) > > ## Fixed > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/e8449c4bf1269a2cc423708db6f0b47a383d33f0) Fix package browser field descriptor ([#1046](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1046))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/996b3fa0c598ecc73302bfc39208c44830f07b1a) Fix static codegen issues with uglifyjs3
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/a06317139b92fdd8c6b3b188fb7b9704dc8ccbf1) Fix lint issues / pbts on windows
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/a927a6646e8fdddebcb3e13bc8b28b041b3ee40a) Fix empty 'bytes' field decoding, now using Buffer where applicable ([#1020](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1020))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/f13a81fb41fbef2ce9dcee13f23b7276c83fbcfd) Fix circular dependency of Namespace and Enum ([#994](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/994))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/c05c58fad61c16e5ce20ca19758e4782cdd5d2e3) Ignore optional commas in aggregate options ([#999](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/999))
> > ## New > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/36fc964b8db1e4372c76b1baf9f03857cd875b07) Make Message have a default type param ([#1086](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1086))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/996b3fa0c598ecc73302bfc39208c44830f07b1a) Explicitly define service method names when generating static code, see [#857](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/857)
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/07c5d59e1da8c5533a39007ba332928206281408) Also handle services in ext/descriptor ([#1001](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1001))
> > ## CLI > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/2c5ef95818a310243f88ffba0331cd47ee603c0a) Extend list of ignored ESLint rules for pbjs, fixes [#1085](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1085)
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/8576b49ad3e55b8beae2a8f044c51040484eef12) Fix declared return type of pbjs/pbts callback ([#1025](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1025))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/9fceaa69667895e609a3ed78eb2efa7a0ecfb890) Added an option to pbts to allow custom imports ([#1038](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1038))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/65d113b0079fa2570837f3cf95268ce24714a248) Get node executable path from process.execPath ([#1018](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1018))
> > ## Other > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/b611875cfbc1f98d8973a2e86f1506de84f00049) Slim down CI testing and remove some not ultimately necesssary dependencies with audit issues
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/812b38ddabb35e154f9ff94f32ad8ce2a70310f1) Move global handling to util, see [#995](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/995)
> > # [6.8.6](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.6) > > ## Fixed > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/2ee1028d631a328e152d7e09f2a0e0c5c83dc2aa) Fix typeRefRe being vulnerable to ReDoS
> > # [6.8.5](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.6) > > ## New > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/462132f222d8febb8211d839635aad5b82dc6315) Preserve comments when serializing/deserializing with toJSON and fromJSON. ([#983](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/983))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/d29c0caa715a14214fc755b3cf10ac119cdaf199) Add more details to some frequent error messages ([#962](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/962))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/8400f87ad8ed2b47e659bc8bb6c3cf2467802425) Add IParseOptions#alternateCommentMode ([#968](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/968))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/d6e3b9e218896ec1910e02448b5ee87e4d96ede6) Added field_mask to built-in common wrappers ([#982](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/982))
> > ## Other > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/635fef013fbb3523536d92c690ffd7d84829db35) Remove code climate config in order to use 'in-app' config instead
> > # [6.8.4](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.4) > > ## Other > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/69440c023e6962c644715a0c95363ddf19db648f) Update jsdoc dependency (pinned vulnerable marked)
> ... (truncated)
Commits - [`69623a9`](https://github.com/protobufjs/protobuf.js/commit/69623a91c1e4a99d5210b5295a9e5b39d9517554) Update changelog for 6.8.8 - [`3001425`](https://github.com/protobufjs/protobuf.js/commit/3001425b0d896d14188307cd0cc84ce195ad9e04) Fixed: Persist recent index.d.ts changes in JSDoc - [`182bb16`](https://github.com/protobufjs/protobuf.js/commit/182bb16297d1ed6efb87616bfe94b5e291589850) Update dist files and changelog for 6.8.7 - [`2c5ef95`](https://github.com/protobufjs/protobuf.js/commit/2c5ef95818a310243f88ffba0331cd47ee603c0a) CLI: Extend list of ignored ESLint rules for pbjs, fixes [#1085](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1085) - [`36fc964`](https://github.com/protobufjs/protobuf.js/commit/36fc964b8db1e4372c76b1baf9f03857cd875b07) Make Message\ have a default type param ([#1086](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1086)) - [`e8449c4`](https://github.com/protobufjs/protobuf.js/commit/e8449c4bf1269a2cc423708db6f0b47a383d33f0) Fix package browser field descriptor ([#1046](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1046)) - [`8576b49`](https://github.com/protobufjs/protobuf.js/commit/8576b49ad3e55b8beae2a8f044c51040484eef12) CLI: Fix declared return type of pbjs/pbts callback ([#1025](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1025)) - [`9fceaa6`](https://github.com/protobufjs/protobuf.js/commit/9fceaa69667895e609a3ed78eb2efa7a0ecfb890) CLI: Added an option to pbts to allow custom imports ([#1038](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/1038)) - [`996b3fa`](https://github.com/protobufjs/protobuf.js/commit/996b3fa0c598ecc73302bfc39208c44830f07b1a) Fix static codegen issues with uglifyjs3; New: Explicitly define service meth... - [`b611875`](https://github.com/protobufjs/protobuf.js/commit/b611875cfbc1f98d8973a2e86f1506de84f00049) Other: Slim down CI testing and remove some not ultimately necesssary depende... - Additional commits viewable in [compare view](https://github.com/dcodeIO/protobuf.js/compare/6.8.0...6.8.8)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MatthieuLemoine/electron-push-receiver/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #88.