search

RocketChat / Rocket.Chat.PWA

Bandwidth efficient, simplified client built with Angular.
78 stars 38 forks source link

Bump express and browser-sync #53

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps express and browser-sync. These dependencies needed to be updated together. Updates express from 4.15.4 to 4.18.2

Release notes

Sourced from express's releases.

4.18.2

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1

  • Fix hanging on large stack of sync routes

4.18.0

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get
  • Invoke default with same arguments as types in res.format
  • Support proper 205 responses using res.send
  • Use http-errors for res.format error
  • deps: body-parser@1.20.0
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: depd@2.0.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: qs@6.10.3
    • deps: raw-body@2.5.1
  • deps: cookie@0.5.0
    • Add priority option
    • Fix expires option to reject invalid dates
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: finalhandler@1.2.0
    • Remove set content headers that break response
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
    • Prevent loss of async hooks context
  • deps: qs@6.10.3
  • deps: send@0.18.0
    • Fix emitted 416 error missing headers property
    • Limit the headers removed for 304 response
    • deps: depd@2.0.0
    • deps: destroy@1.2.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get
  • Invoke default with same arguments as types in res.format
  • Support proper 205 responses using res.send
  • Use http-errors for res.format error
  • deps: body-parser@1.20.0
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: depd@2.0.0
    • deps: http-errors@2.0.0
    • deps: on-finished@2.4.1
    • deps: qs@6.10.3
    • deps: raw-body@2.5.1
  • deps: cookie@0.5.0
    • Add priority option
    • Fix expires option to reject invalid dates
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: finalhandler@1.2.0
    • Remove set content headers that break response
    • deps: on-finished@2.4.1
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
    • Prevent loss of async hooks context
  • deps: qs@6.10.3
  • deps: send@0.18.0

... (truncated)

Commits


Updates browser-sync from 2.18.13 to 2.27.10

Release notes

Sourced from browser-sync's releases.

2.27.9

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

2.27.8

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

added snippet: boolean option

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

... (truncated)

Changelog

Sourced from browser-sync's changelog.

2.23.1 (2018-01-01)

2.8.2 (2015-07-31)

Bug Fixes

  • https: add newly generated ssl self-signed certs that will expire for 10 years - fixes (45104a7), closes #750

2.8.1 (2015-07-28)

Bug Fixes

  • web-sockets: Use separate server for web sockets in proxy mode - fixes #625 (40017b4), closes #625

Features

  • serve-static: Added option serveStatic to allow proxy/snippet mode to easily serve local fil (384ef67)

2.7.13 (2015-06-28)

Bug Fixes

  • snippet: Allow async attribute to be removed from snippet with snippetOptions.async = fal (c32bec6), closes #670
  • socket-options: allow socket.domain string|fn for setting domain only on socket path - fixes #69 (5157432), closes #690

Features

  • api: expose sockets to public api (985682c)

2.7.12 (2015-06-17)

Bug Fixes

  • client-script: allow proxy to also use client script middleware (c5fdbbf)
  • client-script: serve cached/gzipped client JS file - fixes #657 (dbe9ffe), closes #657

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RocketChat/Rocket.Chat.PWA/network/alerts).