search

dogu-team / dogu

Dogu is unified test automation platform for cross platform game and app
https://docs.dogutech.io
GNU Affero General Public License v3.0
5 stars 0 forks source link

chore(deps): bump the npm_and_yarn group across 20 directories with 18 updates #567

Open dependabot[bot] opened 2 months ago

dependabot[bot] commented 2 months ago

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package From To
tar 6.1.15 6.2.1
ws 8.9.0 8.17.1
axios 1.3.5 1.6.0
yaml 2.2.1 2.2.2
zod 3.21.4 3.22.3
octokit 2.0.7 3.1.2
protobufjs 7.1.2 7.2.5
minimatch 7.4.3 7.4.4
semver 7.5.0 7.5.2
express 4.18.2 4.19.2
@grpc/grpc-js 1.7.3 1.8.22
@sentry/nextjs 7.50.0 7.77.0
next 13.4.4 14.1.1
nodemailer 6.9.7 6.9.9
webpack 5.89.0 5.90.0
sharp 0.32.4 0.32.6
fast-xml-parser 4.2.2 4.2.5

Bumps the npm_and_yarn group with 1 update in the /packages/typescript-dev-private/publish-package directory: semver. Bumps the npm_and_yarn group with 1 update in the /packages/typescript-private/console-open-api directory: express. Bumps the npm_and_yarn group with 1 update in the /packages/typescript-private/nestjs-common directory: ws. Bumps the npm_and_yarn group with 2 updates in the /packages/typescript-private/types directory: protobufjs and @grpc/grpc-js. Bumps the npm_and_yarn group with 2 updates in the /packages/typescript/action-kit directory: axios and yaml. Bumps the npm_and_yarn group with 1 update in the /packages/typescript/common directory: axios. Bumps the npm_and_yarn group with 1 update in the /packages/typescript/dest directory: axios. Bumps the npm_and_yarn group with 2 updates in the /packages/typescript/device-client directory: ws and axios. Bumps the npm_and_yarn group with 1 update in the /packages/typescript/device-client-common directory: axios. Bumps the npm_and_yarn group with 2 updates in the /packages/typescript/jest-environment directory: axios and zod. Bumps the npm_and_yarn group with 4 updates in the /packages/typescript/node directory: ws, axios, yaml and octokit. Bumps the npm_and_yarn group with 1 update in the /packages/typescript/toolkit directory: axios. Bumps the npm_and_yarn group with 1 update in the /packages/typescript/types directory: protobufjs. Bumps the npm_and_yarn group with 2 updates in the /prebuilds/protocol-exporter directory: protobufjs and @grpc/grpc-js. Bumps the npm_and_yarn group with 3 updates in the /projects/console-web-front directory: axios, @sentry/nextjs and next. Bumps the npm_and_yarn group with 5 updates in the /projects/console-web-server directory:

Package From To
ws 8.14.2 8.17.1
axios 1.5.1 1.6.0
express 4.18.2 4.19.2
nodemailer 6.9.7 6.9.9
webpack 5.89.0 5.92.1

Bumps the npm_and_yarn group with 1 update in the /projects/nexus-initializer directory: axios. Bumps the npm_and_yarn group with 1 update in the /projects/test-executor directory: sharp. Bumps the npm_and_yarn group with 1 update in the /validators directory: axios.

Updates tar from 6.1.15 to 6.2.1

Changelog

Sourced from tar's changelog.

Changelog

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

  • Add support for brotli compression
  • Add maxDepth option to prevent extraction into excessively deep folders.

6.1

  • remove dead link to benchmarks (#313) (@​yetzt)
  • add examples/explanation of using tar.t (@​isaacs)
  • ensure close event is emited after stream has ended (@​webark)

... (truncated)

Commits


Updates ws from 8.9.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});


request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view


Updates axios from 1.3.5 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

Release v1.5.1

Release notes:

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

Release v1.5.0

Release notes:

Bug Fixes

  • adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
  • dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
  • headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
  • headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits
  • f7adacd chore(release): v1.6.0 (#6031)
  • 9917e67 chore(ci): fix release-it arg; (#6032)
  • 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
  • 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
  • 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
  • a48a63a chore(docs): added AxiosHeaders docs; (#5932)
  • a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
  • 2ac731d chore(docs): update readme.md (#5889)
  • 88fb52b chore(release): v1.5.1 (#5920)
  • e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
  • Additional commits viewable in compare view


Updates yaml from 2.2.1 to 2.2.2

Release notes

Sourced from yaml's releases.

v2.2.2

This patch release includes a fix for an error that could be thrown in parseDocument for degenerate input. Otherwise, it's a patch release uplifting a few fixes from the ongoing v2.3 work to v2.2:

  • Corner case failure in error pretty-printer (CVE-2023-2251)
  • Use correct argument order when stringifying flow collection comments (#443)
  • First-line folding for block scalars (#422)
Commits
  • f21fa45 2.2.2
  • 984f578 fix: Corner case failure in error pretty-printer
  • 443e3aa fix: First-line folding for block scalars (fixes #422)
  • 5af5d3d fix: Use correct argument order when stringifying flow collection comments (f...
  • See full diff in compare view


Updates zod from 3.21.4 to 3.22.3

Release notes

Sourced from zod's releases.

v3.22.3

Commits:

  • 1e23990bcdd33d1e81b31e40e77a031fcfd87ce1 Commit
  • 9bd3879b482f139fd03d5025813ee66a04195cdd docs: remove obsolete text about readonly types (#2676)
  • f59be093ec21430d9f32bbcb628d7e39116adf34 clarify datetime ISO 8601 (#2673)
  • 64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3 Update sponsors
  • 18115a8f128680b4526df58ce96deab7dce93b93 Formatting
  • 28c19273658b164c53c149785fa7a8187c428ad4 Update sponsors
  • ad2ee9ccf723c4388158ff6b8669c2a6cdc85643 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
  • ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551 docs: update ref to discriminated-unions docs (#2485)
  • 2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4 [2609] fix ReDoS vulnerability in email regex (#2824)
  • 1e61d76cdec05de9271fc0df58798ddf9ce94923 3.22.3

v3.22.2

Commits:

  • 13d9e6bda286cbd4c1b177171273695d8309e5de Fix lint
  • 0d49f10b3c25a8e4cbb6534cc0773b195c56d06d docs: add typeschema to ecosystem (#2626)
  • 8e4af7b56df6f2e3daf0dd825b986f1d963025ce X to Zod: add app.quicktype.io (#2668)
  • 792b3ef0d41c144cd10641c6966b98dae1222d82 Fix superrefine types

v3.22.1

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.

const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)
  • 932cc472d2e66430d368a409b8d251909d7d8d21 Initial prototype fix for issue #2651 (#2652)
  • 0a055e726ac210ef6efc69aa70cd2491767f6060 3.22.1

v3.22.0

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

... (truncated)

Commits


Updates octokit from 2.0.7 to 3.1.2

Release notes

Sourced from octokit's releases.

v3.1.2

3.1.2 (2023-11-15)

Bug Fixes

  • updates app.js for the handling of an error being thrown by the verify method in webhooks.js (#2576) (b59da80)

v3.1.1

3.1.1 (2023-09-25)

Bug Fixes

v3.1.0

3.1.0 (2023-07-26)

Features

v3.0.0

3.0.0 (2023-07-11)

Features

BREAKING CHANGES

  • Drop support for NodeJS v14, v16
  • Remove previews support for the REST API
  • remove agent option from octokit.request()
  • Replace support for Node.js http(s) Agents with documentation on using fetch dispatchers instead (via @octokit/request)
  • Remove ability to pass custom request options, except for method, headers, body, signal (via @​octokit/request)

v3.0.0-beta.5

3.0.0-beta.5 (2023-07-11)

Bug Fixes

v3.0.0-beta.4

... (truncated)

Commits
  • b59da80 fix: updates app.js for the handling of an error being thrown by the verify m...
  • f514e4b build(deps): lock file maintenance (#2574)
  • fdc9bba chore(deps): update dependency prettier to v3.1.0
  • d3a9984 build(deps): lock file maintenance
  • 870d89d build(deps): lock file maintenance (#2565)
  • 78735dd build(deps): lock file maintenance (#2562)
  • 72ea679 chore(deps): update dependency @​types/node to v20
  • 692f7db ci(action): update actions/setup-node action to v4 (#2560)
  • 5b47b84 build(deps): lock file maintenance (#2558)
  • 941c584 docs: fixing typos in README (#2557)
  • Additional commits viewable in compare view


Updates protobufjs from 7.1.2 to 7.2.5

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

protobufjs: v7.2.4

7.2.4 (2023-06-23)

Bug Fixes

  • do not let setProperty change the prototype (#1899) (e66379f)

protobufjs: v7.2.3

7.2.3 (2023-03-27)

Bug Fixes

  • type names can be split into multiple tokens (#1877) (8817ee6)

protobufjs: v7.2.2

7.2.2 (2023-02-07)

Bug Fixes

  • do not allow to extend same field twice to prevent the error (#1784) (14f0536)

protobufjs: v7.2.1

7.2.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
  • Revert "fix: error should be thrown" (4489fa7)
  • use bundled filename to fix common pb includes (#1860) (dce9a2e)
  • use ES5 style function syntax (#1830) (64e8936)

protobufjs: v7.2.0

7.2.0 (2023-01-24)

Features

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.2.5 (2023-08-21)

Bug Fixes

7.2.4 (2023-06-23)

Bug Fixes

  • do not let setProperty change the prototype (#1899) (e66379f)

7.2.3 (2023-03-27)

Bug Fixes

  • type names can be split into multiple tokens (#1877) (8817ee6)

7.2.2 (2023-02-07)

Bug Fixes

  • do not allow to extend same field twice to prevent the error (#1784) (14f0536)

7.2.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
  • Revert "fix: error should be thrown" (4489fa7)
  • use bundled filename to fix common pb includes (#1860) (dce9a2e)
  • use ES5 style function syntax (#1830) (64e8936)

7.2.0 (2023-01-24)

Features

  • cli: generate static files at the granularity of proto messages (#1840) (32f2d6a)

Bug Fixes

... (truncated)

Commits


Updates minimatch from 7.4.3 to 7.4.4

Commits


Updates semver from 7.5.0 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

Commits
  • e7b78de chore: release 7.5.2
  • 58c791f fix: diff when detecting major change from prerelease (#566)
  • 5c8efbc fix: preserve build in raw after inc (#565)
  • 717534e fix: better handling of whitespace (#564)
  • 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
  • aa016a6 chore: release 7.5.1
  • d30d25a fix: show type on invalid semver error (#559)
  • 09c69e2 chore: bump @​npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
  • See full diff in compare view


Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option
Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates @grpc/grpc-js from 1.7.3 to 1.8.22

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.8.22

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js@​1.8.21

  • Fix propagation of UNIMPLEMENTED error messages (#2528)

@​grpc/grpc-js 1.8.20

  • Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@​grpc/grpc-js 1.8.19

  • Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@​grpc/grpc-js 1.8.18

  • Fix reporting of call stacks in unary request errors (#2503)
  • Fix reporting of proxy info in channelz socket responses (#2503)

@​grpc/grpc-js 1.8.17

  • Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@​grpc/grpc-js 1.8.16

  • Fix missing transport trace logs (#2470)

@​grpc/grpc-js 1.8.15

  • Fix a memory leak that could result from a specific pattern of recursive function calls (
  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.