search

google / grr

GRR Rapid Response: remote live forensics for incident response
https://grr-doc.readthedocs.io/
Apache License 2.0
4.69k stars 760 forks source link

Bump the npm_and_yarn group across 2 directories with 36 updates #1097

Open dependabot[bot] opened 4 weeks ago

dependabot[bot] commented 4 weeks ago

Bumps the npm_and_yarn group with 16 updates in the /grr/server/grr_response_server/gui/static directory:

Package From To
angular 1.8.2 1.8.3
marked 0.7.0 4.0.10
moment 2.29.1 2.29.4
karma 4.3.0 6.3.16
@firebase/util 0.2.50 1.9.6
firebase 7.15.5 10.12.2
semver 5.7.0 5.7.2
semver 5.7.1 5.7.2
ajv 6.10.2 6.12.6
qs 6.5.2 6.5.3
braces 3.0.2 3.0.3
gulp 4.0.2 5.0.0
decode-uri-component 0.2.0 0.2.2
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
request 2.88.0 removed
less 3.10.3 3.13.1

Bumps the npm_and_yarn group with 13 updates in the /grr/server/grr_response_server/gui/ui directory:

Package From To
marked 0.7.0 4.0.10
karma 6.3.20 6.4.3
semver 5.7.1 5.7.2
braces 3.0.2 3.0.3
follow-redirects 1.15.2 1.15.6
fsevents 2.3.2 2.3.3
tar 6.1.13 6.2.1
@angular/core 15.2.5 15.2.6
@babel/traverse 7.21.4 7.24.7
d3-color 1.4.1 3.1.0
d3 5.16.0 7.9.0
express 4.18.2 4.19.2
webpack-dev-middleware 5.3.3 5.3.4

Updates angular from 1.8.2 to 1.8.3

Changelog

Sourced from angular's changelog.

1.8.3 ultimate-farewell (2022-04-07)

One final release of AngularJS in order to update package README files on npm.

Commits
  • cf16b24 docs(changelog): add release notes for 1.8.3
  • 757d56e docs(*): update end-of-life messages (#17177)
  • f362437 docs(eol): add EOL options text and link to template header used in every page
  • fb04e42 test(Angular): fix angularInit() tests on Safari v15+
  • 6a52c4f test(input): fix tests on Firefox v93+
  • ed30c4d docs(README.md): add wiki link to MVC
  • 4032655 chore(deps): bump js-yaml from 3.5.5 to 3.14.1
  • 47f8c65 chore(deps): bump normalize-url from 4.5.0 to 4.5.1
  • 56b0ee3 chore(e2e): run tests against Chrome 91 on macOS Catalina
  • 58cd897 chore(e2e): run tests against Firefox 85 on macOS Catalina
  • Additional commits viewable in compare view


Updates marked from 0.7.0 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

  • security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

  • table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 🗜️ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @​babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • Additional commits viewable in compare view


Updates moment from 2.29.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

Commits


Updates karma from 4.3.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

  • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

  • remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

  • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

  • logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits
  • ab4b328 chore(release): 6.3.16 [skip ci]
  • ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
  • c1befa0 chore(release): 6.3.15 [skip ci]
  • d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
  • 653c762 ci: prevent duplicate CI tasks on creating a PR
  • c97e562 chore(release): 6.3.14 [skip ci]
  • 91d5acd fix: remove string template from client code
  • 69cfc76 fix: warn when singleRun and autoWatch are false
  • 839578c fix(security): remove XSS vulnerability in returnUrl query param
  • db53785 chore(release): 6.3.13 [skip ci]
  • Additional commits viewable in compare view


Updates @firebase/util from 0.2.50 to 1.9.6

Changelog

Sourced from @​firebase/util's changelog.

1.9.6

Patch Changes

1.9.5

Patch Changes

  • 0c5150106 #8079 - Update repository.url field in all package.json files to NPM's preferred format.

1.9.4

Patch Changes

1.9.3

Patch Changes

  • c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

  • d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

  • 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

  • 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

  • d4114a4f7 #6874 (fixes #6838) - Reformat a comment that causes compile errors in some build toolchains.

1.8.0

Minor Changes

... (truncated)

Commits


Updates firebase from 7.15.5 to 10.12.2

Release notes

Sourced from firebase's releases.

firebase@10.12.2

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/app@​0.10.5

Patch Changes

  • Update SDK_VERSION.

@​firebase/app-compat@​0.2.35

Patch Changes

  • Updated dependencies []:
  • @​firebase/app@​0.10.5

@​firebase/auth@​1.7.4

Patch Changes

@​firebase/auth-compat@​0.5.9

Patch Changes

firebase@10.12.2

Patch Changes

@​firebase/vertexai-preview@​0.0.2

Patch Changes

  • 3883133c3 #8256 - Change types paths to point to rolled-up public d.ts files. This fixes some TypeScript compiler errors users are seeing.

firebase@10.12.1

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

... (truncated)

Commits


Updates @grpc/grpc-js from 1.1.1 to 1.9.15

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.9.15

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.9.14

  • Fix a bug that could rarely cause connection leaks (#2644)
  • Fix a bug that could cause clients to go IDLE incorrectly some time after calling waitForReady (#2643)

@​grpc/grpc-js 1.9.13

  • Fix a bug that could cause the Node process to close early when establishing a connection while a request is pending (#2626)

@​grpc/grpc-js 1.9.12

  • Fix a bug that could cause connectivity state information to become stale in some circumstances (#2623)

@​grpc/grpc-js 1.9.11

  • Fix a busy loop when recovering from a failure to establish a connection to a unix domain socket address target (#2618)
  • Fix a bug that caused clients to stop trying to connect to a fixed IP address target after a working connection drops (#2619)

@​grpc/grpc-js 1.9.10

  • Provide the correct port to the proxy when connecting to a target without an explicitly specified port (#2608 contributed by @​segevfiner)
  • Properly handle goaway events with no additional data attached (#2611)

@​grpc/grpc-js 1.9.9

  • Fix a busy loop when recovering from a failure to establish a connection to a fixed IP address target (#2609)

@​grpc/grpc-js 1.9.8

  • Fix a memory leak caused by creating and closing multiple clients (#2606)

@​grpc/grpc-js 1.9.7

  • Fix a bug that could cause a client to not update name resolution after multiple failed connection attempts (#2602)

@​grpc/grpc-js 1.9.6

  • Include more information in most "No connection established" errors (#2598)
  • Remove the index tracer, and add more information to other trace logs (#2599)

@​grpc/grpc-js 1.9.5

  • Fix a type inconsistency in server-call.ts (#2589 contributed by @​rsnullptr)
  • Close ports if the server is shut down while the bind operation is ongoing (#2590)

@​grpc/grpc-js 1.9.4

  • Fix a bug that could cause a client to sometimes incorrectly hold the process open when no longer in use (#2586)

@​grpc/grpc-js 1.9.3

  • Make a few improvements to DNS resolving timing (#2571)

Experimental changes:

  • Added grpc.experimental.BackoffTimeout#getEndTime

@​grpc/grpc-js 1.9.2

  • Handle error when sending keepalive pings (#2563)

... (truncated)

Commits


Updates semver from 5.7.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates ajv from 6.10.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits
  • fe59143 6.12.6
  • d580d3e Merge pull request #1298 from ajv-validator/fix-url
  • fd36389 fix: regular expression for "url" format
  • 490e34c docs: link to v7-beta branch
  • 9cd93a1 docs: note about v7 in readme
  • 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
  • f1c8e45 6.12.5
  • 764035e Merge branch 'ChALkeR-chalker/fix-comma'
  • 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
  • a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
  • Additional commits viewable in compare view


Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view


Updates braces from 3.0.2 to 3.0.3

Commits


Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

âš  BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

âš  BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
  • Stop using process.umask() to make directories, instead falling back to Node's default mode
  • Throw on non-function, non-string option coercers
  • Drop support of Node.js snake_case flags
  • Use a Symbol for attaching the gulplog namespace to the store
  • Use a Symbol for attaching the gulplog store to the global
  • Use sha256 to hash the v8flags cache into a filename

Features

  • Streamlined the dependency tree
  • Switch all streams implementation to Streamx
  • Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
  • Implement translation support for all CLI messages and all messages passing through gulplog
  • Allow users to customize or remove the timestamp from their logs
  • Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
  • Added support for gulpile.cjs and gulpfile.mjs
  • Add support for swc, esbuild, sucrase, and mdx loaders
  • Provide an ESM export (#2760) (b00de68)
  • Support sourcemap handling on streaming Vinyl contents
  • Support extends syntax for .gulp.* config file
  • Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

  • Resolve bugs related to symlinks on various platforms
  • Resolved some reported ReDoS CVEs and improved performance in glob-parent
  • Rework errors surfaced when encountering files or symlinks when trying to create directories
  • Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Commits
  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.