search

bcgov / embc-ess-mod

Streamline processes so evacuated individuals can access services easily and efficiently.
Apache License 2.0
6 stars 27 forks source link

build(deps): bump the npm_and_yarn group across 3 directories with 13 updates #2529

Open dependabot[bot] opened 1 week ago

dependabot[bot] commented 1 week ago

Bumps the npm_and_yarn group with 10 updates in the /registrants/src/UI/embc-registrant directory:

Package From To
axios 1.6.8 1.7.7
body-parser 1.20.2 1.20.3
express 4.19.2 4.21.1
cookie 0.4.2 0.7.2
socket.io 4.7.5 4.8.1
cross-spawn 7.0.3 7.0.6
dompurify 3.1.0 3.2.0
mermaid 10.9.0 10.9.3
micromatch 4.0.5 4.0.8
rollup 4.14.3 4.27.3

Bumps the npm_and_yarn group with 11 updates in the /responders/src/UI/embc-responder directory:

Package From To
bootstrap 5.1.3 5.3.3
axios 1.6.8 1.7.7
body-parser 1.20.2 1.20.3
express 4.19.2 4.21.1
cookie 0.4.2 0.7.2
socket.io 4.7.5 4.8.1
cross-spawn 7.0.3 7.0.6
dompurify 3.1.3 3.2.0
mermaid 10.9.0 10.9.3
micromatch 4.0.5 4.0.8
rollup 4.17.2 4.27.3

Bumps the npm_and_yarn group with 9 updates in the /suppliers/src/UI/embc-supplier directory:

Package From To
bootstrap 4.6.2 5.0.0
axios 1.7.2 1.7.7
body-parser 1.20.2 1.20.3
express 4.19.2 4.21.1
cookie 0.4.2 0.7.2
socket.io 4.7.5 4.8.1
cross-spawn 7.0.3 7.0.6
micromatch 4.0.5 4.0.8
rollup 4.17.2 4.27.3

Updates axios from 1.6.8 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Release v1.7.6

Release notes:

Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Release v1.7.5

Release notes:

Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Release v1.7.4

Release notes:

Bug Fixes

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes

  • fetch: fix content length calculation for FormData payload; (#6524) (085f568)
  • fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes

  • adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

... (truncated)

Commits
  • 5b8a826 chore(release): v1.7.7 (#6585)
  • 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
  • d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
  • d584fcf chore(release): v1.7.6 (#6583)
  • bc03c6c chore(examples): fix module import (#6575)
  • df9889b fix(fetch): optimize signals composing logic; (#6582)
  • ee208cf chore(sponsor): update sponsor block (#6576)
  • 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
  • 59cd6b0 chore(release): v1.7.5 (#6574)
  • 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
  • Additional commits viewable in compare view


Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits


Updates cookie from 0.4.2 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

  • Fix object assignment of hasOwnProperty (#177) bc38ffd

https://github.com/jshttp/cookie/compare/v0.7.1...v0.7.2

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

https://github.com/jshttp/cookie/compare/v0.7.0...v0.7.1

0.7.0

https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.0

0.6.0

  • Add partitioned option

0.5.0

  • Add priority option
  • Fix expires option to reject invalid dates
  • pref: improve default decode speed
  • pref: remove slow string split in parse
Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates socket.io from 4.7.5 to 4.8.1

Release notes

Sourced from socket.io's releases.

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

socket.io-client@4.8.1

Bug Fixes

  • bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";

const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport Description
Fetch HTTP long-polling based on the built-in fetch() method.
NodeXHR HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket WebSocket transport based on the built-in WebSocket object.
WebTransport WebTransport transport based on the built-in WebTransport object.

Usage:

Transport browser Node.js Deno Bun

... (truncated)

Commits
  • 91e1c8b chore(release): socket.io@4.8.1
  • 8d5528a chore(release): socket.io-client@4.8.1
  • 71387e5 refactor(sio-client): reexport transports from the engine
  • aead835 refactor(sio): make Namespace._fns private (#5196)
  • 029e010 chore(release): engine.io-client@6.6.2
  • 4ca6ddb docs(nuxt): update example with latest version
  • ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
  • 4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
  • d4b3dde ci: use Node.js 22
  • 3b68658 chore: bump @​fails-components/webtransport to version 1.1.4 (dev)
  • Additional commits viewable in compare view


Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

  • update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

  • fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

Commits
  • 77cd97f chore(release): 7.0.6
  • 6717de4 chore: upgrade standard-version
  • f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
  • 9a7e3b2 chore: fix build status badge
  • 0852683 chore(release): 7.0.5
  • 640d391 fix: fix escaping bug introduced by backtracking
  • bff0c87 chore: remove codecov
  • a7c6abc chore: replace travis with github workflows
  • 9b9246e chore(release): 7.0.4
  • 5ff3a07 fix: disable regexp backtracking (#160)
  • Additional commits viewable in compare view


Updates dompurify from 3.1.0 to 3.2.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.0

DOMPurify 3.1.7

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
  • Bumped several dependencies to be more up to date

DOMPurify 3.1.6

  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
  • Updated several development dependencies

DOMPurify 3.1.5

  • Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
  • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

DOMPurify 3.1.4

  • Fixed an issue with the recently implemented isNaN checks, thanks @​tulach
  • Added several new popover attributes to allow-list, thanks @​Gigabyte5671
  • Fixed the tests and adjusted the test runner to cover all branches

DOMPurify 3.1.3

  • Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
  • Added better configurability for comment scrubbing default behavior
  • Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
  • Added better handling and readability of the nodeType property, thanks @​ssi02014
  • Fixed some smaller issues in README and other documentation

DOMPurify 3.1.2

  • Addressed and fixed a mXSS variation found by @​kevin-mizu
  • Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
  • Updated tests for older Safari and Chrome versions

DOMPurify 3.1.1

  • Fixed an mXSS sanitiser bypass reported by @​icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

Commits


Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.21.0...4.21.1

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits


Updates mermaid from 10.9.0 to 10.9.3

Commits
  • 85ec96a chore: bump mermaid version to v10.9.3
  • 9301a57 style: prettify src/diagrams/block/blockDB.ts
  • 2bedd0e chore(deps): update katex to 0.16.11
  • 92a07ff chore(deps): update bundled DOMPurify to 3.1.6
  • 4dd4997 chore: Bump version
  • fc61512 [10] ci: upgrade to pnpm/action-setup@v4 to avoid CI failures
  • 402abdf [10] fix: ban version v3.1.7 of DOMPurify