search

Shopify / graphql-js-schema

Transforms the JSON representation of a GraphQL schema into a set of ES6 type modules
MIT License
35 stars 12 forks source link

Bump the npm_and_yarn group across 1 directory with 14 updates #51

Open dependabot[bot] opened 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
minimist 1.2.0 1.2.6
brace-expansion 1.1.6 1.1.11
es5-ext 0.10.12 0.10.64
extend 3.0.0 3.0.2
fsevents 1.0.17 1.2.13
hosted-git-info 2.1.5 2.8.9
is-my-json-valid 2.15.0 2.20.6
js-yaml 3.7.0 3.14.1
lodash 4.17.4 4.17.21
minimatch 3.0.3 3.1.2
qs 6.3.0 6.3.3
sshpk 1.10.2 1.18.0
stringstream 0.0.5 0.0.6

Updates minimist from 1.2.0 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

  • security notice 4cf1354
  • additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

  • more failing proto pollution tests 13c01a5
  • even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

v1.2.1 - 2020-03-10

Merged

Commits

Commits


Updates brace-expansion from 1.1.6 to 1.1.11

Release notes

Sourced from brace-expansion's releases.

v1.1.11

brace-expansion

Brace expansion, as known from sh/bash, in JavaScript.

build status downloads Greenkeeper badge

testling badge

Example

var expand = require('brace-expansion');

expand('file-{a,b,c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']


expand('-v{,,}')
// => ['-v', '-v', '-v']


expand('file{0..2}.jpg')
// => ['file0.jpg', 'file1.jpg', 'file2.jpg']


expand('file-{a..c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']


expand('file{2..0}.jpg')
// => ['file2.jpg', 'file1.jpg', 'file0.jpg']


expand('file{0..4..2}.jpg')
// => ['file0.jpg', 'file2.jpg', 'file4.jpg']


expand('file-{a..e..2}.jpg')
// => ['file-a.jpg', 'file-c.jpg', 'file-e.jpg']


expand('file{00..10..5}.jpg')
// => ['file00.jpg', 'file05.jpg', 'file10.jpg']


expand('{{A..C},{a..c}}')
// => ['A', 'B', 'C', 'a', 'b', 'c']


expand('ppp{,config,oe{,conf}}')
// => ['ppp', 'pppconfig', 'pppoe', 'pppoeconf']

API

... (truncated)

Commits


Updates es5-ext from 0.10.12 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

  • Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

  • Do not rely on problematic regex (3551cdd), addresses #201
  • Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
  • Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

  • Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

0.10.61 (2022-04-20)

Bug Fixes

  • Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

0.10.60 (2022-04-07)

Maintenance Improvements

  • Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

0.10.58 (2022-03-11)

... (truncated)

Commits
  • f76b03d chore: Release v0.10.64
  • 2881acd chore: Bump dependencies
  • c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
  • 16f2b72 docs: Fix date in the changelog
  • de4e03c chore: Release v0.10.63
  • 3fd53b7 chore: Upgrade lint-staged to v13
  • bf8ed79 chore: Ensure postinstall script does not crash on Windows
  • 2cbbb07 chore: Bump dependencies
  • 22d0416 chore: Bump LICENSE year
  • a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
  • Additional commits viewable in compare view


Updates extend from 3.0.0 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

  • [Fix] Prevent merging __proto__ property (#48)
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

3.0.1 / 2017-04-27

  • [Fix] deep extending should work with a non-object (#46)
  • [Dev Deps] update tape, eslint, @ljharb/eslint-config
  • [Tests] up to node v7.9, v6.10, v4.8; improve matrix
  • [Docs] Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
  • [Docs] Add example to readme (#34)
Commits
  • 8d106d2 v3.0.2
  • e97091f [Dev Deps] update tape
  • e841aac [Tests] up to node v10.7
  • 0e68e71 [Fix] Prevent merging proto property
  • a689700 Only apps should have lockfiles
  • f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
  • 138b515 v3.0.1
  • 7e19a6f [Tests] up to node v7.9, v6.10, v4.8; improve matrix
  • 0191e27 [Dev Deps] update tape, eslint, @ljharb/eslint-config
  • Additional commits viewable in compare view


Updates fsevents from 1.0.17 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

  • Added node v10 for pre-built binaries
  • C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

  • BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
    • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
  • Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
  • Compatibility updates for nan v2.9.0

v1.1.3

  • Added node v9 for pre-built binaries
  • Fixed bug related to using --no-bin-links option on install
  • Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

  • Added Node.js v8 to the prebuild binary assets.
  • Stopped prebuilding for io.js (can still be built locally)
  • Updated node-pre-gyp to latest version (0.6.36)

v1.1.1

... (truncated)

Commits


Updates hosted-git-info from 2.1.5 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

2.8.8 (2020-02-29)

Bug Fixes

  • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

  • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
  • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

  • updated pathmatch for gitlab (e8325b5), closes #51
  • updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits
  • 8d4b369 chore(release): 2.8.9
  • 29adfe5 fix: backport regex fix from #76
  • afeaefd chore(release): 2.8.8
  • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
  • 7440afa chore(release): 2.8.7
  • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
  • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
  • e1b83df chore(release): 2.8.6
  • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
  • 624fd6f chore(release): 2.8.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


Updates is-my-json-valid from 2.15.0 to 2.20.6

Commits
Maintainer changes

This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.


Updates js-yaml from 3.7.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits
  • 37caaad 3.14.1 released
  • 094c0f7 dist rebuild
  • 9586ebe Avoid calling hasOwnProperty of user-controlled objects
  • 34e5072 3.14.0 released
  • 7b25c83 Browser files rebuild
  • 6f73473 Dev deps bump
  • 0c29349 Travis-CI: drop old nodejs versions
  • 10be97e fix(loader): Add support for safe/loadAll(input, options)
  • d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
  • 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
  • Additional commits viewable in compare view


Updates jsonpointer from 4.0.1 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

  • Fix prototype pollution (#51)

    • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
    // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
    • When passing non-string arrays to a .set operation, an error is thrown:
    // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')

v4.1.0

4.1.0 (2020-07-03)

Bug Fixes

Features

Commits
  • 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
  • bad4983 Fix null values throwing exception when traversing over while getting
  • a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
  • b8e1e6a fix incorrect typings for compile get/set methods
  • c4de620 Merge pull request #53 from janl/release/5.0.0
  • 8dbf304 feat: v5
  • 84cf173 Merge pull request #52 from janl/fix/test
  • f716e5c chore: more rip travis
  • e2ae355 chore: remove comment
  • d23693b chore: update primary branch
  • Additional commits viewable in compare view


Updates lodash from 4.17.4 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates minimatch from 3.0.3 to 3.1.2

Commits


Updates qs from 6.3.0 to 6.3.3

Changelog

Sourced from qs's changelog.

6.3.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] use safer-buffer instead of Buffer constructor
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main

6.3.2

  • [Fix] follow allowPrototypes option during merge (#201, #200)
  • [Dev Deps] update eslint
  • [Fix] chmod a-x
  • [Fix] support keys starting with brackets (#202, #200)
  • [Tests] up to node v7.7, v6.10, v4.8; disable osx builds since they block linux builds

6.3.1

  • [Fix] ensure that allowPrototypes: false does not ever shadow Object.prototype properties (thanks, @​snyk!)
  • [Dev Deps] update eslint, @ljharb/eslint-config, browserify, iconv-lite, qs-iconv, tape
  • [Tests] on all node minors; improve test matrix
  • [Docs] document stringify option allowDots (#195)
  • [Docs] add empty object and array values example (#195)
  • [Docs] Fix minor inconsistency/typo (#192)
  • [Docs] document stringify option sort (#191)
  • [Refactor] stringify: throw faster with an invalid encoder
  • [Refactor] remove unnecessary escapes (#184)
  • Remove contributing.md, since qs is no longer part of hapi (#183)
Commits
  • ff235b4 v6.3.3
  • 4310742 [Fix] parse: ignore __proto__ keys (#428)
  • da1eee0 [Dev Deps] backport from main
  • 2c103b6 [actions] backport actions from main
  • aa4580e [Robustness] stringify: avoid relying on a global undefined (#427)
  • f8510a1 [meta] fix README.md (#399)
  • 4c036ce [Fix] fix for an impossible situation: when the formatter is called with a no...
  • 180bfa5 [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • e0b2c4b [Tests] use safer-buffer instead of Buffer constructor
  • f7139bf [Fix] utils.merge: avoid a crash with a null target and an array source
  • Additional commits viewable in compare view


Updates sshpk from 1.10.2 to 1.18.0

Release notes

Sourced from sshpk's releases.

v1.16.1

  • Fixes for #60 (correctly encoding certificates with expiry dates >=2050), #62 (accepting PKCS#8 EC private keys with missing public key parts)

v1.16.0

  • Add support for SPKI fingerprints, PuTTY PPK format (public-key only for now), PKCS#8 PBKDF2 encrypted private keys
  • Fix for #48

v1.15.2

  • New API for accessing x509 extensions in certificates
  • Fixes for #52, #50

v1.14.1

  • Remove all remaining usage of jodid25519 (abandoned dep)
  • Add support for DNSSEC key format
  • Add support for Ed25519 keys in PEM format (according to draft-curdle-pkix)
  • Fixes for X.509 encoding issues (asn.1 NULLs in RSA certs, cert string type mangling)
  • Performance issues parsing long SSH public keys

v1.13.0

  • Support SSH-format rsa-sha2-256 signatures (e.g. so the SSH agent can sign using RSA-SHA256)

v1.12.0

  • Support for generating ECDSA keys using generatePrivateKey()
  • Minimum for sshpk-agent to be able to sign new certificates using an agent key

v1.11.0

  • Added support for X.509 extKeyUsage
Commits
Maintainer changes

This version was pushed to npm by bahamat, a new releaser for sshpk since your current version.


Updates stringstream from 0.0.5 to 0.0.6

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Shopify/graphql-js-schema/network/alerts).