SyneticNL / Hyral

Hypermedia oriented Resource API Layer
MIT License
34 stars 2 forks source link

chore(deps): bump qs from 6.7.0 to 6.7.3 #156

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps qs from 6.7.0 to 6.7.3.

Changelog

Sourced from qs's changelog.

6.7.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [meta] fix README.md (#399)
  • [meta] do not publish workflow files
  • [actions] backport actions from main
  • [Dev Deps] backport updates from main
  • [Tests] use nyc for coverage
  • [Tests] clean up stringify tests slightly

6.7.2

  • [Fix] proper comma parsing of URL-encoded commas (#361)
  • [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)

6.7.1

  • [Fix] parse: Fix parsing array from object with comma true (#359)
  • [Fix] parse: with comma true, handle field that holds an array of arrays (#335)
  • [fix] parse: with comma true, do not split non-string values (#334)
  • [Fix] parse: throw a TypeError instead of an Error for bad charset (#349)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Refactor] formats: tiny bit of cleanup.
  • readme: add security note
  • [meta] add tidelift marketing copy
  • [meta] add funding field
  • [meta] add FUNDING.yml
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape, safe-publish-latest, evalmd, iconv-lite, mkdirp, object-inspect, browserify
  • [Tests] parse: add passing arrayFormat tests
  • [Tests] use shared travis-ci configs
  • [Tests] Buffer.from in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
  • [Tests] add tests for depth=0 and depth=false behavior, both current and intuitive/intended
  • [Tests] use eclint instead of editorconfig-tools
  • [actions] add automatic rebasing / merge commit blocking
Commits
  • 834389a v6.7.3
  • 45143b6 [Tests] use nyc for coverage
  • 5d55ddc [meta] do not publish workflow files
  • f945393 [Fix] parse: ignore __proto__ keys (#428)
  • a8d5286 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 04eac8d [Fix] stringify: avoid encoding arrayformat comma when `encodeValuesOnly = ...
  • 9dab77e [readme] remove travis badge; add github actions/codecov badges; update URLs
  • b9a039d [Tests] clean up stringify tests slightly
  • 29c8f3c [Docs] add note and links for coercing primitive values (#408)
  • c87c8c9 [meta] fix README.md (#399)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SyneticNL/Hyral/network/alerts).
guardrails[bot] commented 1 year ago

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity | Details ----- | -------- High | [follow-redirects@1.13.1](https://github.com/SyneticNL/Hyral/blob/9973e0c629445e4ff8c9d9114b42619c31ed726a/packages/json-api/package-lock.json#L143) (t) upgrade to: *>1.14.7* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.