Bump the npm_and_yarn group in /js with 15 updates

[dependabot[bot]]

Bumps the npm_and_yarn group in /js with 15 updates:

Package	From	To
axios	1.4.0	1.6.0
@babel/traverse	7.21.5	7.24.8
@firebase/util	0.3.2	1.9.7
firebase	7.24.0	10.12.3
@grpc/grpc-js	1.8.14	1.9.15
protobufjs	6.11.3	7.3.2
semver	6.3.0	6.3.1
braces	3.0.2	3.0.3
ejs	3.1.9	3.1.10
express	4.18.2	4.19.2
follow-redirects	1.15.2	1.15.6
tough-cookie	4.1.2	4.1.4
webpack-dev-middleware	5.3.3	5.3.4
ws	7.5.9	7.5.10
word-wrap	1.2.3	1.2.5

Updates axios from 1.4.0 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates @babel/traverse from 7.21.5 to 7.24.8

Release notes

Sourced from @​babel/traverse's releases.

v7.24.8 (2024-07-11)

Thanks @​H0onnn, @​jkup and @​SreeXD for your first pull requests!

:eyeglasses: Spec Compliance

• babel-parser
  • #16567 Do not use strict mode in TS declare (@​liuxingbaoyu)

:bug: Bug Fix

• babel-generator
  • #16630 Correctly print parens around in in for heads (@​nicolo-ribaudo)
  • #16626 Fix printing of comments in await using (@​nicolo-ribaudo)
  • #16591 fix typescript code generation for yield expression inside type expre… (@​SreeXD)
• babel-parser
  • #16613 Disallow destructuring assignment in using declarations (@​H0onnn)
  • #16490 fix: do not add .value: undefined to regexp literals (@​liuxingbaoyu)
• babel-types
  • #16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #16566 fix: Correctly handle export import x = (@​liuxingbaoyu)

:nail_care: Polish

• babel-generator
  • #16625 Avoid unnecessary parens around async in for await (@​nicolo-ribaudo)
• babel-traverse
  • #16619 Avoid checking Scope.globals multiple times (@​liuxingbaoyu)

Committers: 9

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jon Kuperman (@​jkup)
• Nagendran N (@​SreeXD)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​H0onnn
• @​liuxingbaoyu

v7.24.7 (2024-06-05)

:bug: Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

:house: Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.8 (2024-07-11)

:eyeglasses: Spec Compliance

• babel-parser
  • #16567 Do not use strict mode in TS declare (@​liuxingbaoyu)

:bug: Bug Fix

• babel-generator
  • #16630 Correctly print parens around in in for heads (@​nicolo-ribaudo)
  • #16626 Fix printing of comments in await using (@​nicolo-ribaudo)
  • #16591 fix typescript code generation for yield expression inside type expre… (@​SreeXD)
• babel-parser
  • #16613 Disallow destructuring assignment in using declarations (@​H0onnn)
  • #16490 fix: do not add .value: undefined to regexp literals (@​liuxingbaoyu)
• babel-types
  • #16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #16566 fix: Correctly handle export import x = (@​liuxingbaoyu)

:nail_care: Polish

• babel-generator
  • #16625 Avoid unnecessary parens around async in for await (@​nicolo-ribaudo)
• babel-traverse
  • #16619 Avoid checking Scope.globals multiple times (@​liuxingbaoyu)

v7.24.7 (2024-06-05)

:bug: Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

:house: Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

:bug: Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript

... (truncated)

Commits

• 1f5af44 v7.24.8
• c90bb0c [babel 8] Remove methods starting with _ in @babel/traverse (#16504)
• e0368a8 Avoid checking Scope.globals multiple times (#16619)
• 683c654 Enable some lint rules (#16605)
• cfe13c2 [babel 8] Update globals dependency (#16600)
• c36fa6a Update typescript-eslint v8 (#16557)
• 12619ff improve getBindingIdentifiers.keys typing (#16570)
• 424fc90 Update to TypeScript 5.5 (#16536)
• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• Additional commits viewable in compare view

Updates @firebase/util from 0.3.2 to 1.9.7

Changelog

Sourced from @​firebase/util's changelog.

1.9.7

Patch Changes

• 192561b15 #8315 (fixes #8299) - fix: browser detection (detect either window or web worker)

1.9.6

Patch Changes

• ab883d016 #8237 - Bump all packages so staging works.

1.9.5

Patch Changes

• 0c5150106 #8079 - Update repository.url field in all package.json files to NPM's preferred format.

1.9.4

Patch Changes

• 434f8418c #7963 (fixes #7962) - Fix isSafari() throwing on React Native

1.9.3

Patch Changes

• c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

• d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

• 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

• 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

... (truncated)

Commits

• 52f8deb Version Packages (#8345)
• 192561b fix: browser detection (#8315)
• 436331a Add tsec script to all packages (#8285)
• 8fb372a Version Packages (#8236)
• 13762a4 Version Packages (#8101)
• 0c51501 Run npm pkg fix on all packages (#8079)
• 9fa0e9f Version Packages (#7995)
• 434f841 Fix isSafari() throwing on React Native (fixes #7962) (#7963)
• ebc694a Comment changes for OSS (#7778)
• 2be12d7 [CI] update chrome install steps for Auth builds. (#7602)
• Additional commits viewable in compare view

Updates firebase from 7.24.0 to 10.12.3

Release notes

Sourced from firebase's releases.

firebase@10.12.3

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/analytics@​0.10.5

Patch Changes

• Updated dependencies [192561b15]:
• @​firebase/util@​1.9.7
• @​firebase/component@​0.6.8
• @​firebase/installations@​0.6.8

@​firebase/analytics-compat@​0.2.11

Patch Changes

• Updated dependencies [192561b15]:
• @​firebase/util@​1.9.7
• @​firebase/analytics@​0.10.5
• @​firebase/component@​0.6.8

@​firebase/app@​0.10.6

Patch Changes

• ed1c99379 #8335 - Guard the use of FinalizationRegistry in FirebaseServerApp initialization based on the availability of FinalizationRegistry in the runtime.

• 192561b15 #8315 (fixes #8299) - fix: server app should initialize in web workers

• f01806221 #8341 - The FirebaseServerAppSettings.name field inherited from FirebaseAppSettings is now omitted instead of overloading the value as undefined. This fixes a TypeScript compilation error. For more information, see [GitHub Issue #8336](firebase/firebase-js-sdk#8336).

• Updated dependencies [192561b15]:

• @​firebase/util@​1.9.7

• @​firebase/component@​0.6.8

@​firebase/app-check@​0.8.5

Patch Changes

• Updated dependencies [192561b15]:
• @​firebase/util@​1.9.7
• @​firebase/component@​0.6.8

@​firebase/app-check-compat@​0.3.12

Patch Changes

... (truncated)

Commits

• 52f8deb Version Packages (#8345)
• 6d2775b Merge master into release
• 766a53e Fix typos in VertexAI errors docs (#8346)
• c60aac1 VertexAI: add test script to run unit tests without updating mock responses (...
• b73a0cc Merge master into release
• f018062 Fix FirebaseServerApp Typescript exactOptionalPropertyTypes error (#8341)
• 5c75bec Update the URL for the Metric Service (#8261)
• ed1c993 FirebaseServerAppImpl: guard use of FinalizationRegistry based on its availab...
• 192561b fix: browser detection (#8315)
• ecadbe3 Fix multi-tab snapshot listener metadata sync issue (#8339)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.8.14 to 1.9.15

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.9.15

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.9.14

• Fix a bug that could rarely cause connection leaks (#2644)
• Fix a bug that could cause clients to go IDLE incorrectly some time after calling waitForReady (#2643)

@​grpc/grpc-js 1.9.13

• Fix a bug that could cause the Node process to close early when establishing a connection while a request is pending (#2626)

@​grpc/grpc-js 1.9.12

• Fix a bug that could cause connectivity state information to become stale in some circumstances (#2623)

@​grpc/grpc-js 1.9.11

• Fix a busy loop when recovering from a failure to establish a connection to a unix domain socket address target (#2618)
• Fix a bug that caused clients to stop trying to connect to a fixed IP address target after a working connection drops (#2619)

@​grpc/grpc-js 1.9.10

• Provide the correct port to the proxy when connecting to a target without an explicitly specified port (#2608 contributed by @​segevfiner)
• Properly handle goaway events with no additional data attached (#2611)

@​grpc/grpc-js 1.9.9

• Fix a busy loop when recovering from a failure to establish a connection to a fixed IP address target (#2609)

@​grpc/grpc-js 1.9.8

• Fix a memory leak caused by creating and closing multiple clients (#2606)

@​grpc/grpc-js 1.9.7

• Fix a bug that could cause a client to not update name resolution after multiple failed connection attempts (#2602)

@​grpc/grpc-js 1.9.6

• Include more information in most "No connection established" errors (#2598)
• Remove the index tracer, and add more information to other trace logs (#2599)

@​grpc/grpc-js 1.9.5

• Fix a type inconsistency in server-call.ts (#2589 contributed by @​rsnullptr)
• Close ports if the server is shut down while the bind operation is ongoing (#2590)

@​grpc/grpc-js 1.9.4

• Fix a bug that could cause a client to sometimes incorrectly hold the process open when no longer in use (#2586)

@​grpc/grpc-js 1.9.3

• Make a few improvements to DNS resolving timing (#2571)

Experimental changes:

• Added grpc.experimental.BackoffTimeout#getEndTime

@​grpc/grpc-js 1.9.2

• Handle error when sending keepalive pings (#2563)

... (truncated)

Commits

• 08b0422 Merge pull request from GHSA-7v5v-9h63-cj86
• c75e048 grpc-js: Bump to 1.9.15
• d5d62b4 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
• 02d0344 Merge pull request #2741 from sergiitk/backport-1.9-psm-interop-common-prod-t...
• cf14020 Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
• da44229 Merge pull request #2738 from murgatroid99/backport-1.9-grpc-js_linkify-it_fix
• 5ae7c8c Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
• eed21ba Merge pull request #2714 from sergiitk/backport-1.9-psm-interop-pkg-dev
• 63763a4 Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
• 5be83dd Merge pull request #2643 from murgatroid99/grpc-js_idle_timer_fix
• Additional commits viewable in compare view

Updates protobufjs from 6.11.3 to 7.3.2

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.3.2

7.3.2 (2024-06-12)

Bug Fixes

• docs: Update readme to correct command for creating types (#1939) (0f9d477)
• Also fixes an issue with 7.3.1, where the dist/ folder containing the build artifacts was missing on npm.

protobufjs: v7.3.1

7.3.1 (2024-06-05)

Bug Fixes

• types: reserved field in IType can contain reserved names (#2001) (d1d2c0c)

protobufjs: v7.3.0

7.3.0 (2024-05-10)

Features

• add handling for extension range options (#1990) (2d58011)

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

protobufjs: v7.2.4

7.2.4 (2023-06-23)

Bug Fixes

• do not let setProperty change the prototype (#1899) (e66379f)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.3.2 (2024-06-12)

Bug Fixes

• docs: Update readme to correct command for creating types (#1939) (0f9d477)

7.3.1 (2024-06-05)

Bug Fixes

• types: reserved field in IType can contain reserved names (#2001) (d1d2c0c)

7.3.0 (2024-05-10)

Features

• add handling for extension range options (#1990) (2d58011)

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

7.2.4 (2023-06-23)

Bug Fixes

• do not let setProperty change the prototype (#1899) (e66379f)

7.2.3 (2023-03-27)

Bug Fixes

• type names can be split into multiple tokens (#1877) (8817ee6)

... (truncated)

Commits

• 0a0cdb6 chore: release master (#2005)
• 0f9d477 fix(docs): Update readme to correct command for creating types (#1939)
• a71ef76 chore: release master (#2002)
• d1d2c0c fix(types): reserved field in IType can contain reserved names (#2001)
• 11393ea chore: Renovate README.md (#1995)
• 722b635 chore: release master (#1991)
• 2d58011 feat: add handling for extension range options (#1990)
• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• 4436cc7 chore: release master (#1925)
• Additional commits viewable in compare view

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

6.2.0

• Coerce numbers to strings when passed to semver.coerce()
• Add rtl option to coerce from right to left

6.1.3

• Handle X-ranges properly in includePrerelease mode

6.1.2

• Do not throw when testing invalid version strings

6.1.1

• Add options support for semver.coerce()
• Handle undefined version passed to Range.test

6.1.0

• Add semver.compareBuild function
• Support * in semver.intersects

6.0

• Fix intersects logic.

  This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

• 44d27bc chore: release 6.3.1
• 928e56d fix: better handling of whitespace (#591)
• 39f6326 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header