search

bigbluebutton / bigbluebutton-html-plugin-sdk

BigBlueButton Plugin SDK
GNU Lesser General Public License v3.0
6 stars 5 forks source link

Bump the npm_and_yarn group across 14 directories with 7 updates #104

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-data-channel-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-dom-element-manipulation directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-floating-window-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 3 updates in the /samples/sample-generic-content-sidekick-plugin directory: @babel/traverse, postcss and ws. Bumps the npm_and_yarn group with 7 updates in the /samples/sample-nav-bar-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-options-dropdown-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-presentation-dropdown-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-presentation-toolbar-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-ui-commands-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-ui-events-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-use-meeting directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-user-camera-dropdown-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-user-list-dropdown-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Bumps the npm_and_yarn group with 7 updates in the /samples/sample-user-list-item-additional-information-plugin directory:

Package From To
@babel/traverse 7.21.5 7.24.8
braces 3.0.2 3.0.3
express 4.18.2 4.19.2
follow-redirects 1.15.2 1.15.6
postcss 8.4.23 8.4.39
webpack-dev-middleware 5.3.3 5.3.4
ws 8.13.0 8.18.0

Updates @babel/traverse from 7.21.5 to 7.24.8

Release notes

Sourced from @​babel/traverse's releases.

v7.24.8 (2024-07-11)

Thanks @​H0onnn, @​jkup and @​SreeXD for your first pull requests!

:eyeglasses: Spec Compliance

:bug: Bug Fix

:nail_care: Polish

Committers: 9

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.8 (2024-07-11)

:eyeglasses: Spec Compliance

:bug: Bug Fix

:nail_care: Polish

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

v7.24.6 (2024-05-24)

:bug: Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

... (truncated)

Commits


Updates braces from 3.0.2 to 3.0.3

Commits


Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option
Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates follow-redirects from 1.15.2 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view


Updates postcss from 8.4.23 to 8.4.39

Release notes

Sourced from postcss's releases.

8.4.39

8.4.38

8.4.37

  • Fixed original.column are not numbers error in another case.

8.4.36

  • Fixed original.column are not numbers error on broken previous source map.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

8.4.33

8.4.32

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.39

8.4.38

8.4.37

  • Fixed original.column are not numbers error in another case.

8.4.36

  • Fixed original.column are not numbers error on broken previous source map.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

  • Fixed AtRule#nodes type (by Tim Weißenfels).
  • Cleaned up code (by Dmitry Kirillov).

8.4.33

  • Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
  • Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

  • Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

... (truncated)

Commits


Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)
Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)
Commits


Updates ws from 8.13.0 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

  • Added support for Blob (#2229).

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});


request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits
  • 976c53c [dist] 8.18.0
  • 59b9629 [feature] Add support for Blob (#2229)
  • 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
  • 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • Additional commits viewable in compare view


Updates @babel/traverse from 7.21.5 to 7.24.8

Release notes

Sourced from @​babel/traverse's releases.

v7.24.8 (2024-07-11)

Thanks @​H0onnn, @​jkup and @​SreeXD for your first pull requests!

:eyeglasses: Spec Compliance

:bug: Bug Fix

:nail_care: Polish

Committers: 9

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.8 (2024-07-11)

:eyeglasses: Spec Compliance

:bug: Bug Fix

:nail_care: Polish

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

v7.24.6 (2024-05-24)

:bug: Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

... (truncated)

Commits


Updates braces from 3.0.2 to 3.0.3

Commits