search

NASA-PDS / doi-ui

The web interface for the PDS DOI Service providing the ability management PDS archive DOIs. See the DOI Service for more details on the available capabilities. https://nasa-pds.github.io/doi-service/
Apache License 2.0
0 stars 4 forks source link

Bump the npm_and_yarn group across 1 directory with 17 updates #244

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 3 updates in the / directory: xlsx, semver and react-scripts.

Updates xlsx from 0.17.0 to 0.18.5

Changelog

Sourced from xlsx's changelog.

v0.18.5

  • Enabled sideEffects: false in package.json
  • Basic NUMBERS write support

v0.18.4

  • CSV output omits trailing record separator
  • Properly terminate NodeJS Streams
  • DBF preserve column types on import and use when applicable on export

v0.18.3

  • Removed references to require and process in browser builds

v0.18.2

  • Hotfix for unicode processing of XLSX exports

v0.18.1

  • Removed Node ESM build script and folded into standard ESM build
  • Removed undocumented aliases including make_formulae and get_formulae

v0.18.0

  • Browser scripts only expose XLSX variable
  • Module no longer ships with dist/jszip.js browser script

v0.17.4

  • CLI script moved to xlsx-cli package

v0.17.3

  • window.XLSX explicit assignment to satiate LWC
  • CSV Proper formatting of errors
  • HTML emit data-* attributes

v0.17.2

  • Browser and Node optional ESM support
  • DSV correct handling of bare quotes (h/t @​bgamrat)

v0.17.1

  • XLSB writer uses short cell form when viable
Commits
  • 0400a87 version bump 0.18.5: basic NUMBERS write
  • e69ecd4 remove broken CDNs [ci skip]
  • 0f0b3de popping IIFEs to appease rollup tree shaking
  • 2f274dd book_append_sheet rolling names
  • a5b3877 Fix rawNumber support inside sheet_to_json
  • 69bb1e7 "side-effect free"
  • 90a7b4e remove SSF._general_int
  • 61487bc use TextEncoder for zip strings (fixes #2616)
  • 61b17a8 version bump 0.18.4
  • 2cbc28d vue-modify demo [ci skip]
  • Additional commits viewable in compare view


Updates semver from 5.7.2 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

6.2.0

  • Coerce numbers to strings when passed to semver.coerce()
  • Add rtl option to coerce from right to left

6.1.3

  • Handle X-ranges properly in includePrerelease mode

6.1.2

  • Do not throw when testing invalid version strings

6.1.1

  • Add options support for semver.coerce()
  • Handle undefined version passed to Range.test

6.1.0

  • Add semver.compareBuild function
  • Support * in semver.intersects

6.0

  • Fix intersects logic.

    This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits


Updates react-scripts from 4.0.3 to 5.0.1

Commits


Updates ansi-html from 0.0.7 to 0.0.9

Commits


Updates loader-utils from 1.4.2 to 2.0.0

Release notes

Sourced from loader-utils's releases.

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

  • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
  • the getOptions method returns empty object on empty query (#167) (b595cfb)
  • Use md4 by default
Changelog

Sourced from loader-utils's changelog.

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

  • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
  • the getOptions method returns empty object on empty query (#167) (b595cfb)
  • Use md4 by default

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

  • support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

  • interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

  • fixed a hash type extracting in interpolateName (#137) (f8a71f4)

... (truncated)

Commits
  • d9f4e23 chore(release): 2.0.0
  • 865dc03 refactor: switch to md4 by default (#168)
  • b595cfb refactor: the getOptions method returns empty object on empty query (#167)
  • c937e8c chore: minimum required Node.js version is 8.9.0 (#166)
  • c78786d chore: upgrade json5 to fix a vulnerability (#165)
  • See full diff in compare view


Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed

Non-breaking changes

  • Caching was removed
Commits


Updates browserslist from 4.14.2 to 4.23.1

Release notes

Sourced from browserslist's releases.

4.23.1

  • Fixed feature query with mobile to desktop when caniuse lags (by @​steverep).

4.23.0

Changelog

Sourced from browserslist's changelog.

4.23.1

  • Fixed feature query with mobile to desktop when caniuse lags (by @​steverep).

4.23.0

4.22.3

  • Fixed white spaces support in supports query (@​g-plane).
  • Fixed shared config like @company/package/browserslist-config (@​boucodes).

4.22.2

  • Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

4.22

  • Added fully supports query (by Ben Scott).
  • Added partially supports alias for supports query (by Ben Scott).

4.21.11

  • Added warning to --update-db to move to new CLI (by Ivan Vasilev).
  • Fixed docs (by Tatsunori Uchino).

4.21.10

  • Updated Firefox ESR.

4.21.9

  • Fixed Opera Mobile edge cases (by Steve Repsher).

4.21.8

  • Fixed supports query and mobileToDesktop (by Steve Repsher).

4.21.7

  • Fixed last queries for Android (by Steve Repsher).

4.21.6

  • Fixed time queries with mobileToDesktop (by Steve Repsher).
  • Fixed docs (by Tatsunori Uchino, Will Stone, and Dominik Pschenitschni).

4.21.5

  • Fixed running Browserslist in browser environment.

4.21.4

  • Updated Firefox ESR.

4.21.3

  • Improved unknown region and unknown feature error (by Alexander Chabin).

4.21.2

... (truncated)

Commits


Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits


Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option
Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates follow-redirects from 1.15.3 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view


Updates glob-parent from 3.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

v5.1.1

Bug Fixes

v5.1.0

Features

  • add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

v5.0.0

⚠ BREAKING CHANGES

  • Drop support for node <6 & bump dependencies

Miscellaneous Chores

  • Drop support for node <6 & bump dependencies (896c0c0)

v4.0.0

⚠ BREAKING CHANGES

  • question marks are valid path characters on Windows so avoid flagging as a glob when alone
  • Update is-glob dependency

Features

  • hoist regexps and strings for performance gains (4a80667)
  • question marks are valid path characters on Windows so avoid flagging as a glob when alone (2a551dd)
  • Update is-glob dependency (e41fcd8)
Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

6.0.2 (2021-09-29)

Bug Fixes

6.0.1 (2021-07-20)

Bug Fixes

  • Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

  • Correct mishandled escaped path separators (#34)
  • upgrade scaffold, dropping node <10 support

Bug Fixes

  • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

  • upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

5.1.0 (2021-01-27)

Features

  • add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

5.0.0 (2021-01-27)

⚠ BREAKING CHANGES

  • Drop support for node <6 & bump dependencies

... (truncated)

Commits
  • eb2c439 chore: update changelog
  • 12bcb6c chore: release 5.1.2
  • f923116 fix: eliminate ReDoS (#36)
  • 0b014a7 chore: add JSDoc returns information (#33)
  • 2b24ebd chore: generate initial changelog
  • 9b6e874 chore: release 5.1.1
  • 749c35e ci: try wrapping the JOB_ID in a string
  • 5d39def ci: attempt to switch to published coveralls
  • 0b5b37f ci: put the npm step back in for only Windows
  • 473f5d8 ci: update azure build images
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by phated, a new releaser for glob-parent since your current version.


Updates immer from 8.0.1 to 9.0.21

Release notes

Sourced from immer's releases.

v9.0.21

9.0.21 (2023-03-23)

Bug Fixes

  • ensure type exports is first in package.json export declaration (#1018) (b6ccd0f)

v9.0.20

9.0.20 (2023-03-23)

Bug Fixes

  • patching maps failed when using number keys (#1025) (dd83e2e)

v9.0.19

9.0.19 (2023-01-27)

Bug Fixes

  • don't freeze drafts returned from produce if they were passed in as draft (#917) (46867f8)
  • produce results should never be frozen when returned from nested produces, to prevent 'hiding' drafts. Fixes #935 (a810960)
  • release and publish from 'main' rather than 'master' branch (82acc40)
  • revert earlier fix (#990) for recursive types (#1014) (3eeb331)
  • Upgrade Github actions to Node 16 attempt 1 (9d4ea93)
  • Upgrade Github actions to Node 16 attempt 2 (082eecd)

v9.0.18

9.0.18 (2023-01-15)

Bug Fixes

v9.0.17

9.0.17 (2023-01-02)

Bug Fixes

v9.0.16

9.0.16 (2022-10-22)

... (truncated)

Commits
  • 7c15339 chore(deps): bump loader-utils from 2.0.0 to 2.0.4 in /website (#1026)
  • f07ec9d chore(deps): bump @​sideway/formula from 3.0.0 to 3.0.1 in /website (#1027)
  • b6ccd0f fix: ensure type exports is first in package.json export declaration (#1018)
  • 385837d chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#1017)
  • e1696b7 chore(deps): bump webpack from 5.75.0 to 5.76.1 in /website (#1024)
  • dd83e2e fix: patching maps failed when using number keys (#1025)
  • 082eecd fix: Upgrade Github actions to Node 16 attempt 2
  • 9d4ea93 fix: Upgrade Github actions to Node 16 attempt 1
  • 82acc40 fix: release and publish from 'main' rather than 'master' branch
  • 3eeb331 fix: revert earlier fix (#990) for recursive types (#1014)
  • Additional commits viewable in compare view


Updates minimatch from 3.0.4 to 3.1.2

Commits


Updates node-forge from 0.10.0 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

  • RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

  • Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
  • HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • MEDIUM: Leniency in checking type octet.
    • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
    • CVE ID: CVE-2022-24773
    • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

  • [asn1] Add fallback to pretty print invalid UTF8 data.
  • [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
    • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
  • [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

Commits


Updates postcss from 7.0.36 to 7.0.39

Release notes

Sourced from postcss's releases.

7.0.39

  • Reduce package size.
  • Backport nanocolors to picocolors migration.

7.0.38

  • Update Processor#version.

7.0.37

  • Backport chalk to nanocolors migration.
Changelog

Sourced from postcss's changelog.

7.0.39

  • Reduce package size.
  • Backport nanocolors to picocolors migration.

7.0.38

  • Update Processor#version.

7.0.37

  • Backport chalk to nanocolors migration.
Commits


Updates shell-quote from 1.7.2 to 1.8.1

Changelog

Sourced from shell-quote's changelog.

v1.8.1 - 2023-04-07

Fixed

Commits

  • [Refactor] parse: hoist getVar to module level b42ac73
  • [Refactor] hoist some vars to module level 8f0c5c3
  • [Refactor] parse: use slice over substr, cache some values fcb2e1a
  • [Refactor] parse: a bit of cleanup 6780ec5
  • [Refactor] parse: tweak the regex to not match nothing 227d474
  • [Tests] increase coverage a66de94
  • [Refactor] parse: avoid shadowing a function arg 1d58679

v1.8.0 - 2023-01-30

Commits

  • [New] extract parse and quote to their own deep imports 553fdfc
  • [Tests] add nyc coverage fd7ddcd
  • [New] Add support for here strings (&lt;&lt;&lt;) 9802fb3
  • [New] parse: Add syntax support for duplicating input file descriptors 216b198
  • [Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31
  • [Tests] add evalmd c5549fc
  • [actions] update checkout action 62e9b49

v1.7.4 - 2022-10-12

Merged

Commits

  • [eslint] fix indentation and whitespace aaa9d1f
  • [eslint] additional cleanup 397cb62
  • [meta] add auto-changelog 497fca5
  • [actions] add reusable workflows
    dependabot[bot] commented 4 months ago

    Superseded by #245.