search

Ogadai / zwift-mobile-api

MIT License
120 stars 25 forks source link

Bump protobufjs from 6.8.0 to 6.8.6 #26

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 5 years ago

Bumps protobufjs from 6.8.0 to 6.8.6.

Release notes *Sourced from [protobufjs's releases](https://github.com/dcodeIO/protobuf.js/releases).* > ## 6.8.6 > This is a security patch: > > * Fixes `typeRefRe` used in the parser (1.X-6.8.5) being vulnerable to [ReDoS](https://en.wikipedia.org/wiki/ReDoS) as reported by James Davis. Relevant where a user is allowed to provide .proto sources for parsing. Applications using trusted .proto definitions, JSON descriptors or static code exclusively are not affected.
Changelog *Sourced from [protobufjs's changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md).* > # [6.8.6](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.6) > > ## Fixed > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/2ee1028d631a328e152d7e09f2a0e0c5c83dc2aa) Fix typeRefRe being vulnerable to ReDoS
> > # [6.8.5](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.6) > > ## New > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/462132f222d8febb8211d839635aad5b82dc6315) Preserve comments when serializing/deserializing with toJSON and fromJSON. ([#983](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/983))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/d29c0caa715a14214fc755b3cf10ac119cdaf199) Add more details to some frequent error messages ([#962](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/962))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/8400f87ad8ed2b47e659bc8bb6c3cf2467802425) Add IParseOptions#alternateCommentMode ([#968](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/968))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/d6e3b9e218896ec1910e02448b5ee87e4d96ede6) Added field_mask to built-in common wrappers ([#982](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/982))
> > ## Other > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/635fef013fbb3523536d92c690ffd7d84829db35) Remove code climate config in order to use 'in-app' config instead
> > # [6.8.4](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.4) > > ## Other > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/69440c023e6962c644715a0c95363ddf19db648f) Update jsdoc dependency (pinned vulnerable marked)
> > # [6.8.3](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.3) > > ## CLI > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/cc991a058b0636f3454166c76de7b664cf23a8f4) Use correct safeProp in json-module target, see [#956](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/956)
> > # [6.8.2](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.2) > > ## Other > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/6fc6481d790648e9e2169a961ad31a732398c911) Include dist files in npm package, see [#955](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/955)
> > # [6.8.1](https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.1) > > ## Fixed > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/db2dd49f6aab6ecd606eee334b95cc0969e483c2) Prevent invalid JSDoc names when generating service methods, see [#870](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/870)
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/62297998d681357ada70fb370b99bac5573e5054) Prevent parse errors when generating service method names, see [#870](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/870)
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/478f332e0fc1d0c318a70b1514b1d59c8c200c37) Support parsing nested option-values with or without ':' ([#951](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/951), fixes [#946](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/946))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/83477ca8e0e1f814ac79a642ea656f047563613a) Add support for reserved keyword in enums ([#950](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/950), fixes [#949](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/949))
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/c482a5b76fd57769eae4308793e3ff8725264664) Unified safe property escapes and added a test for [#834](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/834)
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/1724581c36ecc4fc166ea14a9dd57af5e093a467) Fix codegen if type name starts with "Object"
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/adecd544c5fcbeba28d502645f895024e3552970) Fixed dependency for json-module to use "light".
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/2a8dd74fca70d4e6fb41328a7cee81d1d50ad7ad) Basic support for URL prefixes in google.protobuf.Any types.
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/be78a3d9bc8d9618950c77f9e261b422670042ce) fixed 'error is not defined linter warning when using static/static-module and es6
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/c712447b309ae81134c7afd60f8dfa5ecd3be230) Fixed wrong type_url for any type (no leading '.' allowed).
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/145bda25ee1de2c0678ce7b8a093669ec2526b1d) Fixed fromObject() for google.protobuf.Any types.
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/7dec43d9d847481ad93fca498fd970b3a4a14b11) Handle case where 'extendee' is undefined in ext/descriptor
> > ## CLI > [:hash:](https://github.com/dcodeIO/protobuf.js/commit/20a26271423319085d321878edc5166a5449e68a) Sanitize CR-only line endings (coming from jsdoc?)
> [:hash:](https://github.com/dcodeIO/protobuf.js/commit/19d2af12b5db5a0f668f50b0cae3ee0f8a7affc2) Make sure enum typings become generated ([#884](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/884) didn't solve this)
> ... (truncated)
Commits - [`918ff01`](https://github.com/protobufjs/protobuf.js/commit/918ff014efe19f3eb43195ae3d71f7aeb3fcdd73) Update dist files for 6.8.6 - [`2ee1028`](https://github.com/protobufjs/protobuf.js/commit/2ee1028d631a328e152d7e09f2a0e0c5c83dc2aa) Security: Fix typeRefRe being vulnerable to ReDoS - [`b912005`](https://github.com/protobufjs/protobuf.js/commit/b912005cae64176a296baa20b1f56de8a10105b1) Update dist files for 6.8.5 - [`462132f`](https://github.com/protobufjs/protobuf.js/commit/462132f222d8febb8211d839635aad5b82dc6315) New: Preserve comments when serializing/deserializing with toJSON and fromJSO... - [`635fef0`](https://github.com/protobufjs/protobuf.js/commit/635fef013fbb3523536d92c690ffd7d84829db35) Other: Remove code climate config in order to use 'in-app' config instead - [`8d0209d`](https://github.com/protobufjs/protobuf.js/commit/8d0209d43a3d053aa12fee2467f53aa2098d3a5a) Other: Update dependencies and dist files - [`d29c0ca`](https://github.com/protobufjs/protobuf.js/commit/d29c0caa715a14214fc755b3cf10ac119cdaf199) New: Add more details to some frequent error messages ([#962](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/962)) - [`8400f87`](https://github.com/protobufjs/protobuf.js/commit/8400f87ad8ed2b47e659bc8bb6c3cf2467802425) New: Add IParseOptions#alternateCommentMode ([#968](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/968)) - [`d6e3b9e`](https://github.com/protobufjs/protobuf.js/commit/d6e3b9e218896ec1910e02448b5ee87e4d96ede6) New: Added field_mask to built-in common wrappers ([#982](https://github-redirect.dependabot.com/dcodeIO/protobuf.js/issues/982)) - [`057325d`](https://github.com/protobufjs/protobuf.js/commit/057325dac97869acc4d2e3c69e9ecb2a76ec1977) Update changelog - Additional commits viewable in [compare view](https://github.com/dcodeIO/protobuf.js/compare/6.8.0...6.8.6)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Ogadai/zwift-mobile-api/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #31.