search

design1online / WTF-Adventure

WTF?! Adventure is a massively online 2D MMORPG with WTF?! twists.
https://design1online.github.io/WTF-Adventure/
Other
96 stars 37 forks source link

Bump socket.io-parser and browser-sync #93

Closed dependabot[bot] closed 11 months ago

dependabot[bot] commented 1 year ago

Bumps socket.io-parser to 3.4.1 and updates ancestor dependency browser-sync. These dependencies need to be updated together.

Updates socket.io-parser from 3.3.1 to 3.4.1

Release notes

Sourced from socket.io-parser's releases.

3.4.1

Bug Fixes

  • prevent DoS (OOM) via massive packets (#95) (dcb942d)

Links

3.4.0

This release mostly contains a bump of the debug package.

Links

3.3.2

Bug Fixes

  • prevent DoS (OOM) via massive packets (#95) (89197a0)

Links

Changelog

Sourced from socket.io-parser's changelog.

3.3.1 (2020-09-30)

4.0.0 (2020-09-28)

This release will be included in Socket.IO v3.

There is a breaking API change (see below), but the exchange protocol is left untouched and thus stays in version 4.

Bug Fixes

  • do not catch encoding errors (aeae87c)
  • throw upon invalid payload format (c327acb)

BREAKING CHANGES

  • the encode method is now synchronous (28d4f03)

3.4.1 (2020-05-13)

Bug Fixes

  • prevent DoS (OOM) via massive packets (#95) (dcb942d)
Commits


Updates browser-sync from 2.26.13 to 2.27.10

Release notes

Sourced from browser-sync's releases.

2.27.9

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

2.27.8

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

added snippet: boolean option

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/design1online/WTF-Adventure/network/alerts).
codecov[bot] commented 1 year ago

Codecov Report

Base: 5.13% // Head: 5.13% // No change to project coverage :thumbsup:

Coverage data is based on head (71d99c8) compared to base (7b79a8b). Patch has no changes to coverable lines.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #93 +/- ## ===================================== Coverage 5.13% 5.13% ===================================== Files 64 64 Lines 5063 5063 ===================================== Hits 260 260 Misses 4803 4803 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

dependabot[bot] commented 11 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.