The web interface for the PDS DOI Service providing the ability management PDS archive DOIs. See the DOI Service for more details on the available capabilities. https://nasa-pds.github.io/doi-service/
Apache License 2.0
0
stars
4
forks
source link
Bump the npm_and_yarn group group with 13 updates #235
Coerce numbers to strings when passed to semver.coerce()
Add rtl option to coerce from right to left
6.1.3
Handle X-ranges properly in includePrerelease mode
6.1.2
Do not throw when testing invalid version strings
6.1.1
Add options support for semver.coerce()
Handle undefined version passed to Range.test
6.1.0
Add semver.compareBuild function
Support * in semver.intersects
6.0
Fix intersects logic.
This is technically a bug fix, but since it is also a change to behavior
that may require users updating their code, it is marked as a major
version increment.
5.7
Add minVersion method
5.6
Move boolean loose param to an options object, with
backwards-compatibility protection.
Add ability to opt out of special prerelease version handling with
the includePrerelease option flag.
RFC 3447 and RFC 8017 allow for optional DigestAlgorithmNULL parameters
for sha* algorithms and require NULL paramters for md2 and md5
algorithms.
1.3.0 - 2022-03-17
Security
Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa
Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
HIGH: Leniency in checking digestAlgorithm structure can lead to
signature forgery.
The code is lenient in checking the digest algorithm structure. This can
allow a crafted structure that steals padding bytes and uses unchecked
portion of the PKCS#1 encoded message to forge a signature when a low
public exponent is being used. For more information, please see
"Bleichenbacher's RSA signature forgery based on implementation
error"
by Hal Finney.
HIGH: Failing to check tailing garbage bytes can lead to signature
forgery.
The code does not check for tailing garbage bytes after decoding a
DigestInfo ASN.1 structure. This can allow padding bytes to be removed
and garbage data added to forge a signature when a low public exponent is
being used. For more information, please see "Bleichenbacher's RSA
signature forgery based on implementation
error"
by Hal Finney.
DigestInfo is not properly checked for proper ASN.1 structure. This can
lead to successful verification with signatures that contain invalid
structures but a valid digest.
[asn1] Add fallback to pretty print invalid UTF8 data.
[asn1] fromDer is now more strict and will default to ensuring all input
bytes are parsed or throw an error. A new option parseAllBytes can disable
this behavior.
NOTE: The previous behavior is being changed since it can lead to
security issues with crafted inputs. It is possible that code doing custom
DER parsing may need to adapt to this new behavior and optional flag.
[rsa] Add and use a validator to check for proper structure of parsed ASN.1
This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NASA-PDS/doi-ui/network/alerts).
Bumps the npm_and_yarn group group with 13 updates:
0.17.0
0.18.5
5.7.2
6.3.1
4.0.3
5.0.1
1.4.2
2.0.0
4.14.2
4.23.0
2.7.4
3.1.9
1.15.3
1.15.5
3.1.0
5.1.2
8.0.1
9.0.21
3.0.4
3.1.2
0.10.0
1.3.1
7.0.36
7.0.39
1.7.2
1.8.1
Updates
xlsx
from 0.17.0 to 0.18.5Changelog
Sourced from xlsx's changelog.
Commits
0400a87
version bump 0.18.5: basic NUMBERS writee69ecd4
remove broken CDNs [ci skip]0f0b3de
popping IIFEs to appease rollup tree shaking2f274dd
book_append_sheet rolling namesa5b3877
Fix rawNumber support inside sheet_to_json69bb1e7
"side-effect free"90a7b4e
remove SSF._general_int61487bc
use TextEncoder for zip strings (fixes #2616)61b17a8
version bump 0.18.42cbc28d
vue-modify demo [ci skip]Updates
semver
from 5.7.2 to 6.3.1Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
44d27bc
chore: release 6.3.1928e56d
fix: better handling of whitespace (#591)39f6326
chore:@npmcli/template-oss
@4
.16.00eeceec
6.3.02779d96
Expose the token enum on the exports9f5f615
changelogce6190e
6.2.024af461
Add test coverage for bin file388ec1c
Addrtl
option to coerce from right to leftd062593
coerce(number) will coerce to a stringUpdates
react-scripts
from 4.0.3 to 5.0.1Commits
19fa58d
Publish9802941
fix: webpack noise printed only if error or warning (#12245)2eef1d0
Update templates to use React 18createRoot
(#12220)221e511
Publish5614c87
Add support for Tailwind (#11717)20edab4
fix(webpackDevServer): disable overlay for warnings (#11413)3afbbc0
Update all dependencies (#11624)f5467d5
feat(eslint-config-react-app): support ESLint 8.x (#11375)c7627ce
Update webpack and dev server (#11646)544befe
Update package.json (#11597)Updates
loader-utils
from 1.4.2 to 2.0.0Release notes
Sourced from loader-utils's releases.
Changelog
Sourced from loader-utils's changelog.
... (truncated)
Commits
d9f4e23
chore(release): 2.0.0865dc03
refactor: switch tomd4
by default (#168)b595cfb
refactor: thegetOptions
method returns empty object on empty query (#167)c937e8c
chore: minimum requiredNode.js
version is8.9.0
(#166)c78786d
chore: upgrade json5 to fix a vulnerability (#165)Updates
browserslist
from 4.14.2 to 4.23.0Release notes
Sourced from browserslist's releases.
Changelog
Sourced from browserslist's changelog.
... (truncated)
Commits
a23d971
Release 4.23 version61e7712
Update dependencies2c313aa
Add Github release workflow3caf908
Update CIb58ae05
feat: add BROWSERSLIST_ROOT_PATH (#819)8ddc4d8
Update grammar definition file (#817)65ad382
Release 4.22.3 version0efec9b
Add Node.js 21 to CIaaf5f2b
Update dependenciesa3ba90b
Updated regex to have the option of adding an extension after@companyName
bu...Updates
ejs
from 2.7.4 to 3.1.9Release notes
Sourced from ejs's releases.
Commits
aed0124
Version 3.1.97083793
Updated dev deps87f1da6
Merge pull request #707 from mde/dependabot/npm_and_yarn/minimatch-3.1.2e41a914
Removed old changelog, please rely on git log9ea36ba
Merge pull request #719 from jportner/frozen-prototype-fix181a537
Fall back to assignment, update test58bc2eb
Change approach to shadowing "toString" property for escapeXML76c9c61
Bump minimatch from 3.0.4 to 3.1.2f818bce
Merge pull request #706 from mde/dependabot/npm_and_yarn/flat-and-mocha-5.0.20fca863
Bump flat and mochaUpdates
follow-redirects
from 1.15.3 to 1.15.5Commits
b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.3d42aec
Add bracket tests.bcbb096
Do not directly set Error properties.Updates
glob-parent
from 3.1.0 to 5.1.2Release notes
Sourced from glob-parent's releases.
Changelog
Sourced from glob-parent's changelog.
... (truncated)
Commits
eb2c439
chore: update changelog12bcb6c
chore: release 5.1.2f923116
fix: eliminate ReDoS (#36)0b014a7
chore: add JSDoc returns information (#33)2b24ebd
chore: generate initial changelog9b6e874
chore: release 5.1.1749c35e
ci: try wrapping the JOB_ID in a string5d39def
ci: attempt to switch to published coveralls0b5b37f
ci: put the npm step back in for only Windows473f5d8
ci: update azure build imagesMaintainer changes
This version was pushed to npm by phated, a new releaser for glob-parent since your current version.
Updates
immer
from 8.0.1 to 9.0.21Release notes
Sourced from immer's releases.
... (truncated)
Commits
7c15339
chore(deps): bump loader-utils from 2.0.0 to 2.0.4 in /website (#1026)f07ec9d
chore(deps): bump@sideway/formula
from 3.0.0 to 3.0.1 in /website (#1027)b6ccd0f
fix: ensure type exports is first in package.json export declaration (#1018)385837d
chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#1017)e1696b7
chore(deps): bump webpack from 5.75.0 to 5.76.1 in /website (#1024)dd83e2e
fix: patching maps failed when using number keys (#1025)082eecd
fix: Upgrade Github actions to Node 16 attempt 29d4ea93
fix: Upgrade Github actions to Node 16 attempt 182acc40
fix: release and publish from 'main' rather than 'master' branch3eeb331
fix: revert earlier fix (#990) for recursive types (#1014)Updates
minimatch
from 3.0.4 to 3.1.2Commits
699c459
3.1.22f2b5ff
fix: trim pattern25d7c0d
3.1.155dda29
fix: treat nocase:true as always having magic5e1fb8d
3.1.0f8145c5
Add 'allowWindowsEscape' option570e8b1
add publishConfig for v3 publishes5b7cd33
3.0.620b4b56
[fix] revert all breaking syntax changes2ff0388
document, expose, and test 'partial:true' optionUpdates
node-forge
from 0.10.0 to 1.3.1Changelog
Sourced from node-forge's changelog.
... (truncated)
Commits
a0a4a42
Release 1.3.1.a33830f
Update changelog.740954d
Allow optional DigestAlgorithm parameters.56f4316
Allow DigestInfo.DigestAlgorith.parameters to be optionalcbf0bd5
Start 1.3.1-0.6c5b901
Release 1.3.0.0f3972a
Update changelog.dc77b39
Fix error checking.bb822c0
Add advisory links.d4395fe
Update changelog.Updates
postcss
from 7.0.36 to 7.0.39Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
e17c1ef
Release 7.0.39 version6791bd3
Reduce npm package44c581a
Replace nanocolors with picocolors8ba21fd
Remove eslint-ci3994c4a
Release 7.0.38 version6944e1d
Remove development keys from package.json4dd0af0
Release 7.0.37 version8408eb4
Add compilation step0c68063
Move tests to GitHub Actions98b61ba
Replace chalk to nanocolorsUpdates
shell-quote
from 1.7.2 to 1.8.1Changelog
Sourced from shell-quote's changelog.
... (truncated)
Commits
da8a3ab
v1.8.1a66de94
[Tests] increase coverageb42ac73
[Refactor]parse
: hoistgetVar
to module levelfcb2e1a
[Refactor]parse
: useslice
oversubstr
, cache some valuesecf2a60
[Fix]parse
: preserve whitespace in comments1d58679
[Refactor]parse
: avoid shadowing a function arg6780ec5
[Refactor]parse
: a bit of cleanup227d474
[Refactor]parse
: tweak the regex to not match nothing7bcd90e
[Fix] properly support theescape
option8f0c5c3
[Refactor] hoist some vars to module levelMaintainer changes
This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show