search

google / making_with_ml

Apache License 2.0
343 stars 189 forks source link

Bump the npm_and_yarn group across 5 directories with 41 updates #202

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 10 updates in the /discord_moderator directory:

Package From To
ansi-regex 4.1.0 4.1.1
semver 5.7.1 5.7.2
debug 4.1.1 4.3.5
lodash 4.17.19 4.17.21
minimatch 3.0.4 3.1.2
minimist 1.2.5 1.2.8
node-fetch 2.6.1 2.7.0
qs 6.9.3 6.12.1
word-wrap 1.2.3 1.2.5
ws 7.2.3 7.5.9

Bumps the npm_and_yarn group with 9 updates in the /petcam/admin directory:

Package From To
ansi-regex 5.0.0 5.0.1
ansi-regex 4.1.0 5.0.1
semver 5.7.1 5.7.2
minimatch 3.0.4 3.1.2
react-scripts 4.0.3 5.0.1
node-forge 0.10.0 1.3.1
google-p12-pem 3.0.3 3.1.4
@grpc/grpc-js 1.2.9 1.8.22
decode-uri-component 0.2.0 0.2.2
protobufjs 6.10.2 6.11.4

Bumps the npm_and_yarn group with 4 updates in the /petcam/functions directory: follow-redirects, node-forge, firebase-admin and axios. Bumps the npm_and_yarn group with 4 updates in the /semantic_ml directory: semver, debug, minimatch and minimist. Bumps the npm_and_yarn group with 19 updates in the /video_archive/functions directory:

Package From To
ansi-regex 3.0.0 3.0.1
semver 5.7.1 5.7.2
debug 4.1.1 4.3.5
mocha 7.2.0 10.4.0
lodash 4.17.19 4.17.21
minimatch 3.0.4 3.1.2
minimist 1.2.5 1.2.8
node-fetch 2.6.1 2.7.0
node-forge 0.7.4 1.3.1
google-p12-pem 3.0.3 3.1.4
google-p12-pem 2.0.4 3.1.4
firebase-admin 8.12.1 12.1.1
qs 6.7.0 6.11.0
express 4.17.1 4.19.2
word-wrap 1.2.3 1.2.5
@grpc/grpc-js 1.0.3 1.10.9
@google-cloud/pubsub 2.0.0 4.4.1
google-gax 1.15.3 4.3.6
async 3.2.0 3.2.5
protobufjs 6.9.0 6.11.4

Updates ansi-regex from 4.1.0 to 4.1.1

Commits


Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates debug from 4.1.1 to 4.3.5

Release notes

Sourced from debug's releases.

4.3.5

Patch

  • cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

New Contributors

Full Changelog: https://github.com/debug-js/debug/compare/4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.


Updates lodash from 4.17.19 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates minimatch from 3.0.4 to 3.1.2

Commits


Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits
  • 6901ee2 v1.2.8
  • a026794 Merge tag 'v0.2.3'
  • c0b2661 v0.2.3
  • 63b8fee [Fix] Fix long option followed by single dash (#17)
  • 72239e6 [Tests] Remove duplicate test (#12)
  • 34b0f1c [eslint] fix indentation
  • 3226afa [Dev Deps] add missing npmignore dev dep
  • 098873c [Dev Deps] update @ljharb/eslint-config, aud
  • 9ec4d27 [Fix] Fix long option followed by single dash
  • ba92fe6 [actions] Avoid 0.6 tests due to build failures
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates node-fetch from 2.6.1 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

v2.6.11

2.6.11 (2023-05-09)

Reverts

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.


Updates qs from 6.9.3 to 6.12.1

Changelog

Sourced from qs's changelog.

6.12.1

  • [Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)
  • [Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)
  • [Refactor] utils: use +=
  • [Tests] increase coverage

6.12.0

  • [New] parse/stringify: add decodeDotInKeys/encodeDotKeys options (#488)
  • [New] parse: add duplicates option
  • [New] parse/stringify: add allowEmptyArrays option to allow [] in object values (#487)
  • [Refactor] parse/stringify: move allowDots config logic to its own variable
  • [Refactor] stringify: move option-handling code into normalizeStringifyOptions
  • [readme] update readme, add logos (#484)
  • [readme] stringify: clarify default arrayFormat behavior
  • [readme] fix line wrapping
  • [readme] remove dead badges
  • [Deps] update side-channel
  • [meta] make the dist build 50% smaller
  • [meta] add sideEffects flag
  • [meta] run build in prepack, not prepublish
  • [Tests] parse: remove useless tests; add coverage
  • [Tests] stringify: increase coverage
  • [Tests] use mock-property
  • [Tests] stringify: improve coverage
  • [Dev Deps] update @ljharb/eslint-config , aud, has-override-mistake, has-property-descriptors, mock-property, npmignore, object-inspect, tape
  • [Dev Deps] pin glob, since v10.3.8+ requires a broken jackspeak
  • [Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6

6.11.2

  • [Fix] parse: Fix parsing when the global Object prototype is frozen (#473)
  • [Tests] add passing test cases with empty keys (#473)

6.11.1

  • [Fix] stringify: encode comma values more consistently (#463)
  • [readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#447)
  • [meta] remove extraneous code backticks (#457)
  • [meta] fix changelog markdown
  • [actions] update checkout action
  • [actions] restrict action permissions
  • [Dev Deps] update @ljharb/eslint-config, aud, object-inspect, tape

6.11.0

  • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
  • [readme] fix version badge

6.10.5

  • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

... (truncated)

Commits
  • 29dda21 v6.12.1
  • 7e18298 [Fix] parse: Disable decodeDotInKeys by default to restore previous behavior
  • fd3cd7a [Tests] increase coverage
  • 6d7df02 [Performance] utils: Optimize performance under large data volumes, reduce ...
  • 572533c [Refactor] utils: use +=
  • c4d29f3 [meta] add tea.yaml
  • 062334a v6.12.0
  • f09cffc [meta] make the dist build 50% smaller
  • 934dfe8 [meta] run build in prepack, not prepublish
  • c8a269f [Tests] parse: remove useless tests; add coverage
  • Additional commits viewable in compare view


Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5

1.2.4

What's Changed

New Contributors

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4

Commits
  • 207044e 1.2.5
  • 9894315 revert default indent
  • f64b188 run verb to generate README
  • 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
  • 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
  • bfa694e Update .github/workflows/publish.yml
  • ace0b3c chore: bump version to 1.2.4
  • 6fd7275 chore: add publish workflow
  • 30d6daf chore: fix test
  • 655929c chore: remove package-lock
  • Additional commits viewable in compare view


Updates ws from 7.2.3 to 7.5.9

Release notes

Sourced from ws's releases.

7.5.9

Bug fixes

  • Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

  • Backported 0fdcc0af to the 7.x release line (2758ed35).
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

  • Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

  • Backported b8186dd1 to the 7.x release line (73dec34b).
  • Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

  • Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

  • Backported 6a72da3e to the 7.x release line (76087fbf).
  • Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

  • The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
  • Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
  • Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

  • The opening handshake is now aborted if the client receives a Sec-WebSocket-Extensions header but no extension was requested or if the server indicates an extension not requested by the client (aca94c86).

... (truncated)

Commits
  • 8a78f87 [dist] 7.5.9
  • 0435e6e [security] Fix same host check for ws+unix: redirects
  • 4271f07 [dist] 7.5.8
  • dc1781b [security] Drop sensitive headers when following insecure redirects
  • 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
  • a370613 [dist] 7.5.7
  • 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
  • 8ecd890 [dist] 7.5.6
  • 22a26af [fix] Resume the socket in the CLOSING state
  • 73dec34 [fix] Do not throw if the redirect URL is invalid
  • Additional commits viewable in compare view


Updates ansi-regex from 5.0.0 to 5.0.1

Commits


Updates ansi-regex from 4.1.0 to 5.0.1

Commits


Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates minimatch from 3.0.4 to 3.1.2

Commits


Updates react-scripts from 4.0.3 to 5.0.1

Commits


Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps] switch from covert to nyc a48b128
  • [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
  • [meta] create FUNDING.yml; add funding in package.json 3639e0c
  • [meta] use npmignore to autogenerate an npmignore file be2e038
  • Only apps should have lockfiles 282b570
  • isConstructorOrProto adapted from PR ef9153f
  • [Dev Deps] update @ljharb/eslint-config, aud 098873c
  • [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
  • [meta] add safe-publish-latest 4b927de
  • [Tests] add aud in posttest b32d9bd
  • [meta] update repo URLs f9fdfc0
  • [actions] Avoid 0.6 tests due to build failures ba92fe6
  • [Dev Deps] update tape 950eaa7
  • [Dev Deps] add missing npmignore dev dep 3226afa
  • Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits