chore(deps-dev): bump the npm_and_yarn group in /frontend with 2 updates

dependabot[bot] commented 2 weeks ago

Bumps the npm_and_yarn group in /frontend with 2 updates: express and socket.io.

Updates express from 4.18.2 to 4.19.2

Release notes

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates socket.io from 4.6.0 to 4.7.5

Release notes

Sourced from socket.io's releases.

4.7.5

Bug Fixes

close the adapters when the server is closed (bf64870)

remove duplicate pipeline when serving bundle (e426f3e)

Links

Diff: https://github.com/socketio/socket.io/compare/4.7.4...4.7.5

Client release: 4.7.5

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4

Bug Fixes

typings: calling io.emit with no arguments incorrectly errored (cb6d2e0), closes #4914

Links

Diff: https://github.com/socketio/socket.io/compare/4.7.3...4.7.4

Client release: 4.7.4

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3

Bug Fixes

return the first response when broadcasting to a single socket (#4878) (df8e70f)

typings: allow to bind to a non-secure Http2Server (#4853) (8c9ebc3)

Links

Diff: https://github.com/socketio/socket.io/compare/4.7.2...4.7.3

Client release: 4.7.3

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2

Bug Fixes

clean up child namespace when client is rejected in middleware (#4773) (0731c0d)

webtransport: properly handle WebTransport-only connections (3468a19)

webtransport: add proper framing (a306db0)

Links

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.7.5 (2024-03-14)

Bug Fixes

close the adapters when the server is closed (bf64870)

remove duplicate pipeline when serving bundle (e426f3e)

Dependencies

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.4 (2024-01-12)

Bug Fixes

typings: calling io.emit with no arguments incorrectly errored (cb6d2e0), closes #4914

Dependencies

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.3 (2024-01-03)

Bug Fixes

return the first response when broadcasting to a single socket (#4878) (df8e70f)

typings: allow to bind to a non-secure Http2Server (#4853) (8c9ebc3)

Dependencies

engine.io@~6.5.2 (no change)

ws@~8.11.0 (no change)

4.7.2 (2023-08-02)

... (truncated)

Commits

5017681 chore(release): 4.7.5
bf64870 fix: close the adapters when the server is closed
748e18c ci: test with older TypeScript version
b9ce6a2 refactor: create specific adapter for parent namespaces (#4950)
54dabe5 ci: upgrade to actions/checkout@4 and actions/setup-node@4
e426f3e fix: remove duplicate pipeline when serving bundle
e36062c docs: update the webtransport example
0bbe8ae docs: only execute the passport middleware once
914a8bd docs: add example with JWT
d943c3e docs: update the Passport.js example
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/adfinis/timed/network/alerts).