search

apollo-server-integrations / apollo-server-integration-cloudflare-workers

An integration to use Cloudflare Workers as a hosting service with Apollo Server
https://github.com/kimyvgy/worker-apollo-server-template
MIT License
13 stars 0 forks source link

chore(deps): update all non-major dependencies #43

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
node volta patch 18.16.0 -> 18.16.1 age adoption passing confidence
npm (source) volta patch 9.7.1 -> 9.7.2 age adoption passing confidence

Release Notes

nodejs/node ### [`v18.16.1`](https://togithub.com/nodejs/node/releases/tag/v18.16.1): 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @​RafaelGSS [Compare Source](https://togithub.com/nodejs/node/compare/v18.16.0...v18.16.1) This is a security release. ##### Notable Changes The following CVEs are fixed in this release: - [CVE-2023-30581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30581): `mainModule.__proto__` Bypass Experimental Policy Mechanism (High) - [CVE-2023-30585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30585): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) - [CVE-2023-30588](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30588): Process interuption due to invalid Public Key information in x509 certificates (Medium) - [CVE-2023-30589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30589): HTTP Request Smuggling via Empty headers separated by CR (Medium) - [CVE-2023-30590](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30590): DiffieHellman does not generate keys after setting a private key (Medium) - OpenSSL Security Releases - [OpenSSL security advisory 28th March](https://www.openssl.org/news/secadv/20230328.txt). - [OpenSSL security advisory 20th April](https://www.openssl.org/news/secadv/20230420.txt). - [OpenSSL security advisory 30th May](https://www.openssl.org/news/secadv/20230530.txt) - c-ares vulnerabilities: - [GHSA-9g78-jv2r-p7vc](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc) - [GHSA-8r8p-23f3-64c2](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2) - [GHSA-54xr-f67r-4pc4](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4) - [GHSA-x6mf-cxr9-8q6v](https://togithub.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v) More detailed information on each of the vulnerabilities can be found in [June 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/june-2023-security-releases/) blog post. ##### Commits - \[[`bf3e2c8928`](https://togithub.com/nodejs/node/commit/bf3e2c8928)] - **crypto**: handle cert with invalid SPKI gracefully (Tobias Nießen) [nodejs-private/node-private#​393](https://togithub.com/nodejs-private/node-private/pull/393) - \[[`70f9449072`](https://togithub.com/nodejs/node/commit/70f9449072)] - **deps**: set `CARES_RANDOM_FILE` for c-ares (Richard Lau) [#​48156](https://togithub.com/nodejs/node/pull/48156) - \[[`35d4efb57b`](https://togithub.com/nodejs/node/commit/35d4efb57b)] - **deps**: update c-ares to 1.19.1 (RafaelGSS) [#​48115](https://togithub.com/nodejs/node/pull/48115) - \[[`392dfedc77`](https://togithub.com/nodejs/node/commit/392dfedc77)] - **deps**: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) [#​48402](https://togithub.com/nodejs/node/pull/48402) - \[[`46cd5fe38b`](https://togithub.com/nodejs/node/commit/46cd5fe38b)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) [#​48402](https://togithub.com/nodejs/node/pull/48402) - \[[`7e3d2d85c2`](https://togithub.com/nodejs/node/commit/7e3d2d85c2)] - **doc,test**: clarify behavior of DH generateKeys (Tobias Nießen) [nodejs-private/node-private#​426](https://togithub.com/nodejs-private/node-private/pull/426) - \[[`4ff6ba050a`](https://togithub.com/nodejs/node/commit/4ff6ba050a)] - **http**: disable request smuggling via rempty headers (Paolo Insogna) [nodejs-private/node-private#​428](https://togithub.com/nodejs-private/node-private/pull/428) - \[[`ab269129a6`](https://togithub.com/nodejs/node/commit/ab269129a6)] - **msi**: do not create AppData\Roaming\npm (Tobias Nießen) [nodejs-private/node-private#​408](https://togithub.com/nodejs-private/node-private/pull/408) - \[[`925e8f5619`](https://togithub.com/nodejs/node/commit/925e8f5619)] - **policy**: handle mainModule.\__proto\_\_ bypass (RafaelGSS) [nodejs-private/node-private#​416](https://togithub.com/nodejs-private/node-private/pull/416) - \[[`d6fae8e47e`](https://togithub.com/nodejs/node/commit/d6fae8e47e)] - **test**: allow SIGBUS in signal-handler abort test (Michaël Zasso) [#​47851](https://togithub.com/nodejs/node/pull/47851)
npm/cli ### [`v9.7.2`](https://togithub.com/npm/cli/blob/HEAD/CHANGELOG.md#​972-httpsgithubcomnpmclicomparev971v972-2023-06-21) [Compare Source](https://togithub.com/npm/cli/compare/v9.7.1...v9.7.2) ##### Bug Fixes - [`939a188`](https://togithub.com/npm/cli/commit/939a188bc3ab9c2bfa49ccb4837fe4ad844131ed) [#​6574](https://togithub.com/npm/cli/pull/6574) ignore node prereleases in npm engines check ([#​6574](https://togithub.com/npm/cli/issues/6574)) ([@​wraithgar](https://togithub.com/wraithgar)) - [`d980405`](https://togithub.com/npm/cli/commit/d980405ffcbc80ad63fbea680ee40a57ffc4a210) [#​6556](https://togithub.com/npm/cli/pull/6556) better color support detection ([#​6556](https://togithub.com/npm/cli/issues/6556)) ([@​lukekarrys](https://togithub.com/lukekarrys)) - [`40d7e09`](https://togithub.com/npm/cli/commit/40d7e09aa9c038bc20e37c4fbd21d02dc82b93a7) [#​6555](https://togithub.com/npm/cli/pull/6555) remove unnecessary package.json values ([#​6555](https://togithub.com/npm/cli/issues/6555)) ([@​lukekarrys](https://togithub.com/lukekarrys)) - [`3a7378d`](https://togithub.com/npm/cli/commit/3a7378d889707d2a4c1f8a6397dda87825e9f5a3) [#​6554](https://togithub.com/npm/cli/pull/6554) cleanup bin contents ([@​lukekarrys](https://togithub.com/lukekarrys)) - [`e722439`](https://togithub.com/npm/cli/commit/e722439b05bb4da691975359db58eac794f1f5d9) [#​6497](https://togithub.com/npm/cli/pull/6497) move all definitions to [@​npmcli/config](https://togithub.com/npmcli/config) package ([@​lukekarrys](https://togithub.com/lukekarrys)) ##### Documentation - [`405ffbf`](https://togithub.com/npm/cli/commit/405ffbfa2758ec388c06120fdf5fde2a07835779) [#​6557](https://togithub.com/npm/cli/pull/6557) remove redundant statement about files attribute ([#​6557](https://togithub.com/npm/cli/issues/6557)) ([@​DaviDevMod](https://togithub.com/DaviDevMod)) - [`cd1e6aa`](https://togithub.com/npm/cli/commit/cd1e6aa320ccc264f5027de5976bb7acc32f1ded) [#​6551](https://togithub.com/npm/cli/pull/6551) add flag `package-lock-only` for `npm install` ([#​6551](https://togithub.com/npm/cli/issues/6551)) ([@​m4rch3n1ng](https://togithub.com/m4rch3n1ng)) ##### Dependencies - [`aebc523`](https://togithub.com/npm/cli/commit/aebc523c46f6e37c943a750e4cb6ec4b8f12ae01) [#​6585](https://togithub.com/npm/cli/pull/6585) `safe-buffer@5.2.1` `string_decoder@1.3.0` ([#​6585](https://togithub.com/npm/cli/issues/6585)) - [`bb6054b`](https://togithub.com/npm/cli/commit/bb6054b9558efd859e32ba9227453b3c84ef647d) [#​6573](https://togithub.com/npm/cli/pull/6573) `tuf-js@1.1.7` - [`aee4a30`](https://togithub.com/npm/cli/commit/aee4a30bfb88ac147f5f8ac9bdb28cfc0be16e7f) [#​6573](https://togithub.com/npm/cli/pull/6573) `strip-ansi@7.1.0` - [`6105dbc`](https://togithub.com/npm/cli/commit/6105dbcc1c1647c66759e73ad8699a539e8a70c3) [#​6573](https://togithub.com/npm/cli/pull/6573) `path-scurry@1.9.2` - [`22d44e8`](https://togithub.com/npm/cli/commit/22d44e81d6bced4c9d5960b74023ee017df6606b) [#​6573](https://togithub.com/npm/cli/pull/6573) `read-package-json@6.0.4` - [`fdd02fd`](https://togithub.com/npm/cli/commit/fdd02fde1c53ce66a3b15b55907fd7e80680b89b) [#​6573](https://togithub.com/npm/cli/pull/6573) `jackspeak@2.2.1` - [`7797075`](https://togithub.com/npm/cli/commit/77970756cb2a18257a50e765617f2237abe245d6) [#​6573](https://togithub.com/npm/cli/pull/6573) `is-core-module@2.12.1` - [`f9780cc`](https://togithub.com/npm/cli/commit/f9780ccbde62feb59691b5c2f19ed5f3688b1e7e) [#​6573](https://togithub.com/npm/cli/pull/6573) `sigstore@1.6.0` - [`72d6a79`](https://togithub.com/npm/cli/commit/72d6a79fa28aec50dab576e93ef06a89694770a5) [#​6573](https://togithub.com/npm/cli/pull/6573) `semver@7.5.2` - [`98f1f5f`](https://togithub.com/npm/cli/commit/98f1f5fd2d6890c207c77452739053a674d83990) [#​6573](https://togithub.com/npm/cli/pull/6573) `nopt@7.2.0` - [`8710ff8`](https://togithub.com/npm/cli/commit/8710ff88afffb573b4f65c4a19303924935fecd2) [#​6573](https://togithub.com/npm/cli/pull/6573) `pacote@15.2.0` - [`0cb539d`](https://togithub.com/npm/cli/commit/0cb539dae1311ef0f60ccf5bd47def1763c38852) [#​6573](https://togithub.com/npm/cli/pull/6573) `node-gyp@9.4.0` - [`39ad586`](https://togithub.com/npm/cli/commit/39ad5862ffc99b3da365ab3dd8538b68a4352ea5) [#​6573](https://togithub.com/npm/cli/pull/6573) `ini@4.1.1` - [`5e0070c`](https://togithub.com/npm/cli/commit/5e0070cf28353e94458e0d8190833595aa143314) [#​6573](https://togithub.com/npm/cli/pull/6573) `glob@10.2.7` `minimatch@9.0.1` - [`26cf235`](https://togithub.com/npm/cli/commit/26cf235aa45d0d4100f061f009c1ffdf0a1fdf16) [#​6573](https://togithub.com/npm/cli/pull/6573) `cacache@17.1.3` - [Workspace](https://togithub.com/npm/cli/releases/tag/arborist-v6.2.10): `@npmcli/arborist@6.2.10` - [Workspace](https://togithub.com/npm/cli/releases/tag/config-v6.2.1): `@npmcli/config@6.2.1` - [Workspace](https://togithub.com/npm/cli/releases/tag/libnpmdiff-v5.0.18): `libnpmdiff@5.0.18` - [Workspace](https://togithub.com/npm/cli/releases/tag/libnpmexec-v6.0.1): `libnpmexec@6.0.1` - [Workspace](https://togithub.com/npm/cli/releases/tag/libnpmfund-v4.0.18): `libnpmfund@4.0.18` - [Workspace](https://togithub.com/npm/cli/releases/tag/libnpmpack-v5.0.18): `libnpmpack@5.0.18` - [Workspace](https://togithub.com/npm/cli/releases/tag/libnpmpublish-v7.4.0): `libnpmpublish@7.4.0`

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Mend Renovate. View repository job log here.