search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.01k stars 337 forks source link

chore(deps): Bump the npm_and_yarn group across 1 directory with 35 updates #1038

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 2 weeks ago

Bumps the npm_and_yarn group with 30 updates in the /internal/remediation/fixtures/santatracker directory:

Package From To
dat.gui 0.7.3 0.7.8
google-closure-library v20190909.0.0 20200315.0.0
jsdom 12.2.0 16.5.0
json5 2.1.0 2.2.2
terser 3.10.11 4.8.1
semver 5.5.1 5.7.2
@babel/traverse 7.6.0 7.24.7
@grpc/grpc-js 1.4.2 1.10.9
@google-cloud/cloudbuild 2.6.0 4.5.0
y18n 4.0.0 4.0.3
yargs-parser 10.1.0 21.1.1
yargs 12.0.2 17.7.2
acorn 5.7.3 8.11.3
acorn 7.1.0 8.11.3
acorn 6.0.2 8.11.3
braces 3.0.2 3.0.3
node-fetch 2.6.6 2.6.7
firebase 8.10.0 8.10.1
get-func-name 2.0.0 2.0.2
glob-parent 5.0.0 5.1.2
ws 6.2.1 6.2.2
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
lodash 4.17.20 4.17.21
minimatch 3.0.4 3.1.2
mocha 5.2.0 10.4.0
mocha-headless-server 0.1.2 0.1.4
node-forge 0.10.0 1.3.1
google-p12-pem 3.1.2 3.1.4
path-parse 1.0.6 1.0.7
pathval 1.1.0 1.1.1
qs 6.5.2 6.5.3

Updates dat.gui from 0.7.3 to 0.7.8

Release notes

Sourced from dat.gui's releases.

0.7.8

  • Fix ReDos in CSS_RGB and CSS_RGBA #279

0.7.7

No release notes provided.

0.7.6

No release notes provided.

0.7.5

No release notes provided.

0.7.4

No release notes provided.

Commits
  • 6a444cc 0.7.8
  • 103be80 Removed CHANGELOG.md
  • f720c72 Merge pull request #279 from yetingli/master
  • 40f4fc1 Remove link to defunct tutorial.
  • 1e1aecb Fix ReDos in CSS_RGB and CSS_RGBA
  • 51d1a37 Merge pull request #274 from dataarts/dependabot/npm_and_yarn/lodash-4.17.19
  • 28b15c6 Bump lodash from 4.17.15 to 4.17.19
  • 071edeb Use primitive type instead of nullable boxed type
  • 92cebb3 Re-lint.
  • b290bf7 Update lint rules.
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by mrdoob, a new releaser for dat.gui since your current version.


Updates google-closure-library from v20190909.0.0 to 20200315.0.0

Release notes

Sourced from google-closure-library's releases.

Closure Library v20200315

New Additions

  • Add SafeHtml.comment.

Security Fixes

  • Fixes CVE-2020-8910.

Backwards Incompatible Changes

  • Delete inlay css styles, which are not actually used by Closure.
  • Add non-nullable modifier to return type of functions never returning null.
  • Remove forwardDeclares from Closure Events Listenable by reducing the typing of the event key's src property to just Listenable, instead of Listenable|EventTarget. Note that EventTarget is the primary implementation of Listenable.

Other Changes

  • Added SafeUrl.fromMediaSource()
  • Fix authority parsing in Closure URI parser.
  • Document mode is now based on user agent on IE if not present in document
  • Add a define to module manager so that we can control module loading behaviors.
  • Add non-nullable modifier to return type of functions never returning null.
  • goog.isArray in deprecated in favor of Array.isArray
  • Update Thenable.then rejection handler JSDoc to reflect actual functionality.

Closure Library v20200224

New Additions

  • Create goog.debug.deepFreeze.
  • Added goog.async.promises.allMapsValues utility function

Backwards Incompatible Changes

  • AbstractRange.prototype.getTextRange(s) now return AbstractRange instead of the specific TextRange subclass

Other Changes

  • Remove some forwardDeclares from closure labs net.
  • Remove forwardDeclares from closure/graphics.
  • Remove forwardDeclare from closure/fs.
  • Linkify matching {} and () in URL like https://g\.com?res\{x=3\}
  • The functions allowed by the CSS sanitizer are now case insensitive.
  • Replace uses of goog.isArray in preparation for its removal
  • Remove special case for ie6-ie10 in nexttick.
  • Remove some forwardDeclares from closure/net.
  • Remove forwardDeclares from various Closure packages.

Closure Library v20200204

Note: the last two releases were not pushed to npm. To keep a complete changelog these release notes include the last two as well.

New Additions

  • Add TrustedResourceUrl.fromSafeScript().
  • New htmlsanitizer builder API addition.
  • Extract the version from Headless Chrome user-agent strings.

Backwards Incompatible Changes

  • goog.net.WebSocket no longer accepts direct autoReconnect and getNextReconnect arguments; specify these as fields in an options object instead.

... (truncated)

Commits
  • c6e4fe0 Bump version.
  • 2fb2c6d Migrate goog.forwardDeclare to goog.requireType.
  • ade336a Migrate goog.forwardDeclare to goog.requireType.
  • 964e8f3 RELNOTES[NEW]: Add SafeHtml.comment.
  • a93d568 RELNOTES: Add non-nullable modifier to return type of functions never returni...
  • 294fc00 Fix authority parsing in Closure URI parser.
  • 49624ab Add a define to module manager so that we can control module loading behaviors.
  • 5845fb1 Removed the legacy buffering-proxy detection (aka test-channel).
  • f4c4443 Add non-nullable modifier to return type of functions never returning null.
  • 60f4a9c Add non-nullable modifier to return type of functions never returning null.
  • Additional commits viewable in compare view


Updates jsdom from 12.2.0 to 16.5.0

Release notes

Sourced from jsdom's releases.

Version 16.5.0

  • Added window.queueMicrotask().
  • Added window.event.
  • Added inputEvent.inputType. (diegohaz)
  • Removed ondragexit from Window and friends, per a spec update.
  • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
  • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
  • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
  • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
  • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
  • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
  • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
  • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
  • Fixed xhr.response to return null for failures that occur during the middle of the download.
  • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
  • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
  • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

Version 16.4.0

  • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
  • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
  • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
  • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
  • Fixed el.focus() to work on SVG elements. (zjffun)
  • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
  • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
  • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
  • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
  • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
  • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

Version 16.3.0

  • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
  • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
  • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
  • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
  • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
  • Fixed drawing an empty canvas into another canvas. (zjffun)

Version 16.2.2

  • Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
  • Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
  • Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
  • Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
  • Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
  • Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
  • Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
  • Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
  • Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
  • Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

... (truncated)

Changelog

Sourced from jsdom's changelog.

16.5.0

  • Added window.queueMicrotask().
  • Added window.event.
  • Added inputEvent.inputType. (diegohaz)
  • Removed ondragexit from Window and friends, per a spec update.
  • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
  • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
  • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
  • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
  • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
  • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
  • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
  • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
  • Fixed xhr.response to return null for failures that occur during the middle of the download.
  • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
  • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
  • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

16.4.0

  • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
  • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
  • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
  • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
  • Fixed el.focus() to work on SVG elements. (zjffun)
  • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
  • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
  • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
  • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
  • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
  • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

16.3.0

  • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
  • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
  • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
  • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
  • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
  • Fixed drawing an empty canvas into another canvas. (zjffun)

16.2.2

  • Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
  • Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
  • Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
  • Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
  • Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
  • Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

... (truncated)

Commits
  • 2d82763 Version 16.5.0
  • 9741311 Fix loading of subresources with Unicode filenames
  • 5e46553 Use domenic's ESLint config as the base
  • 19b35da Fix the URL of about:blank iframes
  • 017568e Support inputType on InputEvent
  • 29f4fdf Upgrade dependencies
  • e2f7639 Refactor create‑event‑accessor.js to remove code duplication
  • ff69a75 Convert JSDOM to use callback functions
  • 19df6bc Update links in contributing guidelines
  • 1e34ff5 Test triage
  • Additional commits viewable in compare view


Updates json5 from 2.1.0 to 2.2.2

Release notes

Sourced from json5's releases.

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)
Changelog

Sourced from json5's changelog.

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, diff]

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)
Commits
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
  • 910ce25 docs: fix spelling of Aseem
  • 2aab4dd test: require tap as t in cli tests
  • 6d42686 test: remove mocha syntax from tests
  • 4798b9d docs: update installation and usage for modules
  • Additional commits viewable in compare view


Updates terser from 3.10.11 to 4.8.1

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

  • Security fix for RegExps that should not be evaluated (regexp DDOS)

v4.8.0

  • Support for numeric separators (million = 1_000_000) was added.
  • Assigning properties to a class is now assumed to be pure.
  • Fixed bug where yield wasn't considered a valid property key in generators.

v4.7.0

  • A bug was fixed where an arrow function would have the wrong size
  • arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.
  • Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

v4.6.13

  • Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.
  • Fixed parsing of BigInt with lowercase e in them.

v4.6.12

  • Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]
  • Printing of unicode identifiers has been improved

v4.6.11

  • Read unused classes' properties and method keys, to figure out if they use other variables.
  • Prevent inlining into block scopes when there are name collisions
  • Functions are no longer inlined into parameter defaults, because they live in their own special scope.
  • When inlining identity functions, take into account the fact they may be used to drop this in function calls.
  • Nullish coalescing operator (x ?? y), plus basic optimization for it.
  • Template literals in binary expressions such as + have been further optimized

v4.6.10

  • Do not use reduce_vars when classes are present

v4.6.9

  • Check if block scopes actually exist in blocks

v4.6.8

  • Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.

v4.6.7

  • Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.

... (truncated)

Commits


Updates semver from 5.5.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates @babel/traverse from 7.6.0 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

Committers: 7

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

:bug: Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

:house: Internal

  • babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers
  • babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-parser, babel-traverse
  • Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

v7.24.6 (2024-05-24)

:bug: Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

:house: Internal

  • babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers
  • babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-parser, babel-traverse
  • Other

v7.24.5 (2024-04-29)

:bug: Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

:nail_care: Polish

  • babel-parser

... (truncated)

Commits


Updates @grpc/grpc-js from 1.4.2 to 1.10.9

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.9

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

  • Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

  • Improve reporting of HTTP error codes (#2723)
  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

  • Fix a bug that could cause a server to sometimes send the status early (#2708)

@​grpc/grpc-js 1.10.5

  • Resolve exception when Error.stackTraceLimit is undefined (#2701 contributed by @​davidfiala)
  • Call configured checkServerIdentity when grpc.ssl_target_name_override is set (#2704)
  • Add more information to DEADLINE_EXCEEDED error details strings (#2692)

@​grpc/grpc-js 1.10.4

  • Fix a bug that caused server interceptors to crash when using partially-populated ResponderBuilder and ListenerBuilder objects (#2696)
  • Avoid sending RST_STREAM from the client when the server has already finished its side of the stream (#2695)

@​grpc/grpc-js 1.10.3

  • Revert client reconnection changes in #2680 (#2691)

@​grpc/grpc-js 1.10.2

  • Implement server connection idle timeouts and improve channelz performance (#2677 contributed by @​AVVS)
  • Fix a bug that caused clients to automatically reconnect even when there were no active requests (#2680)
  • Modify order of server call events to more closely match pre-1.10.x behavior (#2683)

@​grpc/grpc-js 1.10.1

  • Fix a bug causing channels using the round_robin LB policy to fail to reconnect after a connection drops (#2667)

@​grpc/grpc-js-xds 1.10.1

  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js-xds 1.10.0

@​grpc/grpc-js 1.10.0

Changelog

... (truncated)

Commits
  • 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
  • 7ecaa2d grpc-js: Bump to 1.10.9
  • e64d816 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
  • 45e5fe5 Merge pull request #2750 from murgatroid99/grpc-js_idle_uds_fix
  • 87a3541 grpc-js: Fix UDS channels not reconnecting after going idle
  • 3105791 Merge pull request #2740 from sergiitk/backport-1.10-psm-interop-common-prod-...
  • fec135a Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
  • 76fe802 Merge pull request #2739 from murgatroid99/backport-1.10-grpc-js_linkify-it_fix
  • d5edf49 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
  • 23c05fc Merge pull request #2732 from murgatroid99/grpc-js_proto-loader_update
  • Additional commits viewable in compare view


Updates @google-cloud/cloudbuild from 2.6.0 to 4.5.0

Release notes

Sourced from @​google-cloud/cloudbuild's releases.

gke-hub: v4.4.0

4.4.0 (2024-05-23)

Features

  • [gkehub] Add ServiceMesh feature to gkehub v1beta API (#5368) (0c4c15d)

media-translation: v4.3.0

4.3.0 (2024-05-21)

... _Description has been truncated_
dependabot[bot] commented 1 week ago

Superseded by #1046.