search

google / zazu

Apache License 2.0
20 stars 11 forks source link

Bump the npm_and_yarn group across 2 directories with 44 updates #104

Open dependabot[bot] opened 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package From To
async 2.6.1 2.6.4
express 4.16.3 4.19.2
mongoose 5.3.7 5.13.20
passport 0.4.0 0.6.0
ajv 5.5.2 8.13.0
har-validator 5.1.0 5.1.5
@angular/cli 7.0.3 18.0.2
follow-redirects 1.5.9 1.15.6
ini 1.3.5 4.1.2
minimatch 3.0.4 9.0.4
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
moment 2.22.2 2.30.1
moment-timezone 0.5.23 0.5.45
node-fetch 2.3.0 2.7.0
passport-oauth2 1.4.0 1.8.0
request 2.88.0 removed
@google-cloud/bigquery 1.3.0 7.7.1
y18n 3.2.1 3.2.2

Bumps the npm_and_yarn group with 23 updates in the /front-end directory:

Package From To
express 4.16.3 4.19.2
ajv 5.5.2 8.13.0
@angular-devkit/build-angular 0.7.5 18.0.2
@angular/cli 6.1.5 18.0.2
har-validator 5.1.0 5.1.5
qs 6.5.2 6.5.3
body-parser 1.18.2 1.20.2
decode-uri-component 0.2.0 0.2.2
follow-redirects 1.5.8 1.15.6
fsevents 1.2.4 1.2.13
ini 1.3.5 1.3.8
minimatch 3.0.4 3.1.2
semver 5.5.1 5.7.2
karma 1.7.1 6.4.3
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
lodash 4.17.11 4.17.21
set-value 2.0.0 2.0.1
union-value 1.0.0 1.0.1
@angular/core 6.1.8 10.2.5
@babel/traverse 7.1.0 7.24.6
handlebars 4.0.12 4.7.8
jszip 3.1.5 3.10.1

Updates async from 2.6.1 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

  • Fix potential prototype pollution exploit (#1828)

v2.6.3

  • Updated lodash to squelch a security warning (#1675)

v2.6.2

  • Updated lodash to squelch a security warning (#1620)
Commits
Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.


Updates express from 4.16.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates mongoose from 5.3.7 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.4.1 / 2024-05-31

  • fix: pass options to clone instead of get in applyVirtuals #14606 #14543 andrews05
  • fix(document): fire pre validate hooks on 5 level deep single nested subdoc when modifying after save() #14604 #14591
  • fix: ensure buildBulkWriteOperations target shard if shardKey is set #14622 #14621 matlpriceshape
  • types: pass DocType down to subdocuments so HydratedSingleSubdocument and HydratedArraySubdocument toObject() returns correct type #14612 #14601

7.6.12 / 2024-05-21

  • fix(array): avoid converting to $set when calling pull() on an element in the middle of the array #14531 #14502
  • fix: bump mongodb driver to 5.9.2 #14561 lorand-horvath
  • fix(update): cast array of strings underneath doc array with array filters #14605 #14595

8.4.0 / 2024-05-17

  • feat: upgrade mongodb -> 6.6.2 #14584
  • feat: add transactionAsyncLocalStorage option to opt in to automatically setting session on all transactions #14583 #13889
  • feat: handle initially null driver when instantiating Mongoose for Rollup support #14577 #12335
  • feat(mongoose): export omitUndefined() helper #14582 #14569
  • feat: add Model.listSearchIndexes() #14519 #14450
  • feat(connection): add listDatabases() function #14506 #9048
  • feat(schema): add schema-level readConcern option to apply default readConcern for all queries #14579 #14511
  • fix(error): remove model property from CastError to avoid printing all model properties to console #14568 #14529
  • fix(model): make bulkWrite() and insertMany() throw if throwOnValidationError set and all ops invalid #14587 #14572
  • fix(document): ensure transform function passed to toObject() options applies to subdocs #14600 #14589
  • types: add inferRawDocType helper #13900 #13772
  • types(document): make document _id type default to unknown instead of any #14541

8.3.5 / 2024-05-15

  • fix(query): shallow clone $or, $and if merging onto empty query filter #14580 #14567
  • types(model+query): pass TInstanceMethods to QueryWithHelpers so populated docs have methods #14581 #14574
  • docs(typescript): clarify that setting THydratedDocumentType on schemas is necessary for correct method context #14575 #14573

8.3.4 / 2024-05-06

  • perf(document): avoid cloning options using spread operator for perf reasons #14565 #14394
  • fix(query): apply translateAliases before casting to avoid strictMode error when using aliases #14562 #14521
  • fix(model): consistent top-level timestamps option for bulkWrite operations #14546 #14536
  • docs(connections): improve description of connection creation patterns #14564 #14528

8.3.3 / 2024-04-29

  • perf(document): add fast path for applying non-nested virtuals to JSON #14543
  • fix: make hydrate() recursively hydrate virtual populate docs if hydratedPopulatedDocs is set #14533 #14503
  • fix: improve timestamps option handling in bulkWrite #14546 #14536 sderrow
  • fix(model): make recompileSchema() overwrite existing document array discriminators #14527
  • types(schema): correctly infer Array #14534 #14367
  • types(query+populate): apply populate overrides to doc toObject() result #14525 #14441

... (truncated)

Commits
  • 0f3997a chore: release 5.13.20
  • f1efabf fix: avoid prototype pollution on init
  • 98e0762 chore: release 5.13.19
  • 7e36d21 chore: release 5.13.18
  • 6759c60 undo accidental changes and actually pin @​types/json-schema
  • 4ed4a89 chore: pin version of @​types/json-schema because of install issues on node v4...
  • 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
  • 26424d5 5.x - bump mongodb driver to 3.7.4
  • 4b8b0a9 add versionNumber to 5.x
  • 1bc07ec chore: release 5.13.17
  • Additional commits viewable in compare view


Updates passport from 0.4.0 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

  • Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

[0.5.1] - 2021-12-15

Added

  • Informative error message in session strategy if session support is not available.

Changed

  • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits


Updates ajv from 5.5.2 to 8.13.0

Release notes

Sourced from ajv's releases.

v8.13.0

  • add named exports
  • update dependencies
  • update node.js

v8.12.0

  • fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @​piliugin-anton)
  • empty JTD "values" schema (#2191)
  • empty object to work with JTD utility type (#2158, @​erikbrinkman)
  • fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
  • correctly narrow "number" type to "integer" (#2192, @​JacobLey)
  • update Node.js versions in CI to 14, 16, 18 and 19

v8.11.2

Update dependencies

Export ValidationError and MissingRefError (ajv-validator/ajv#1840, @​dannyb648)

v8.11.1

Update dependencies

Export ValidationError and MissingRefError (#1840, @​dannyb648)

v8.11.0

Use root schemaEnv when resolving references in oneOf (#1901, @​asprouse)

Only use equal function in generated code when it is used (#1922, @​bhvngt)

v8.10.0

uriResolver option (@​zekth, #1862)

v8.9.0

Option code.esm to generate ESM exports for standalone validation functions (@​rehanvdm, #1861) Support discriminator keyword with $ref in oneOf subschemas (@​dfeufel, #1815)

v8.8.2

Use full RegExp string (with flags) as cache key, related to ajv-validator/ajv-keywords#220

v8.8.1

Fix minContains: 0 (#1819)

v8.8.0

Fix browser bundles in cdnjs regExp option allowing to specify alternative RegExp engine, e.g. re2 (@​efebarlas)

v8.7.1

Publish Ajv bundle for JSON Schema 2020-12 to cdnjs.com

v8.7.0

Update JSON Schema Test Suite.

... (truncated)

Commits


Updates har-validator from 5.1.0 to 5.1.5

Release notes

Sourced from har-validator's releases.

v5.1.5

5.1.5 (2020-07-30)

v5.1.4

5.1.4 (2020-07-30)

v5.1.2

5.1.2 (2018-11-07)

Bug Fixes

  • docs: update badge links (1764b7c)

v5.1.1

5.1.1 (2018-11-07)

Bug Fixes

  • scaffold: update project scaffold template (fd01aff)
Commits
  • b77cdcb build(semantic-release): should release when docs are updated
  • 3a4d4f3 docs(readme): correct badge
  • 01c5f2a style(lint): correct lint errors
  • ab43db4 build(semantic-release): correct .releaserc file name
  • bab9612 build(deps): update dependencies
  • 6742cb5 test(docker-compose): docker-compose for unified testing
  • fd48174 ci(actions): replace old ci setup with new github actions workflows
  • 5c53c92 build(deps): [security] bump handlebars from 4.0.11 to 4.7.1 (#160)
  • ea53334 chore(deps): lock file maintenance (#114)
  • a38c067 5.1.3
  • Additional commits viewable in compare view


Updates @angular/cli from 7.0.3 to 18.0.2

Release notes

Sourced from @​angular/cli's releases.

v18.0.2

18.0.2 (2024-05-29)

@​schematics/angular

Commit Description
fix - 9967c04b8 check both application builder packages in SSR schematic
fix - 92b48ab14 set builders assets option correctly for new applications

@​angular/build

Commit Description
fix - 3bb06c37d disable Worker wait loop for Sass compilations in web containers
fix - c4cf35923 print Sass @warn location
fix - 352879804 support valid self-closing MathML tags in HTML index file
fix - 476f3084a support valid self-closing SVG tags in HTML index file

@​angular/pwa

Commit Description
fix - acbffd236 set manifest icons location to match assets builder option

v18.0.1

18.0.1 (2024-05-23)

@​schematics/angular

Commit Description
fix - 01842f515 use angular.dev in readme

@​angular/build

Commit Description
fix - 7d253e9cd avoid rebasing URLs with function calls
fix - 6b6a76a99 disable persistent disk caching inside webcontainers by default
fix - ba70a50b6 handle esbuild-browser polyfills option as string during ng serve
fix - 706423aca only import persistent cache store with active caching

v18.0.0

18.0.0 (2024-05-22)

@​schematics/angular

Commit Description
feat - b2ac5fac7 allow application migration to use new build package in projects where possible
feat - 6530aa11b replace assets with public directory
feat - 725883713 use eventCoalescing option by default (standalone bootstrap)
feat - 508d97da7 use ngZoneEventCoalescing option by default (module bootstrap)
feat - f452589e2 use TypeScript bundler module resolution for new projects
fix - 95a4d6ee5 add less dependency in application migration if needed
fix - c46aa084f add postcss dependency in application migration if needed
fix - 157329384 add spaces around eventCoalescing option
fix - 23cc337aa keep deployUrl option when migrating to application builder

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

18.0.2 (2024-05-29)

@​schematics/angular

Commit Type Description
9967c04b8 fix check both application builder packages in SSR schematic
92b48ab14 fix set builders assets option correctly for new applications

@​angular/build

Commit Type Description
3bb06c37d fix disable Worker wait loop for Sass compilations in web containers
c4cf35923 fix print Sass @warn location
352879804 fix support valid self-closing MathML tags in HTML index file
476f3084a fix support valid self-closing SVG tags in HTML index file

@​angular/pwa

Commit Type Description
acbffd236 fix set manifest icons location to match assets builder option

18.0.1 (2024-05-23)

@​schematics/angular

Commit Type Description
01842f515 fix use angular.dev in readme

@​angular/build

Commit Type Description
7d253e9cd fix avoid rebasing URLs with function calls
6b6a76a99 fix disable persistent disk caching inside webcontainers by default
ba70a50b6 fix handle esbuild-browser polyfills option as string during ng serve
706423aca fix only import persistent cache store with active caching

18.0.0 (2024-05-22)

... (truncated)

Commits
  • a6a3c6e release: cut the v18.0.2 release
  • c4cf359 fix(@​angular/build): print Sass @warn location
  • acbffd2 fix(@​angular/pwa): set manifest icons location to match assets builder op...
  • 92b48ab fix(@​schematics/angular): set builders assets option correctly for new appl...
  • 3bb06c3 fix(@​angular/build): disable Worker wait loop for Sass compilations in web co...
  • de8d703 docs: update blog, analytics, hydration links aio->adev
  • e506a75 docs: update build guide links aio->adev
  • fcdb75c docs: update i18n, deploy links aio->dev
  • 422f032 docs: update browser support links aio->adev
  • f006a80 docs: update workspace config links aio->adev
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/cli since your current version.


Updates qs from 6.5.1 to 6.5.2

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view


Updates follow-redirects from 1.5.9 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view


Updates chownr from 1.0.1 to 1.1.1

Commits
  • 7a5c3d5 1.1.1
  • 03eb97e Fix bug working on network-path files on windows
  • 76c21fa 1.1.0
  • e8f0dc7 auto-publish scripts
  • b196e0e add tests for old readdir support
  • e06dd8a Avoid unnecessary stats on node v10.10 and above
  • 36a93e3 use lchown to address part 1 of TOCTOU issue
  • a631d84 use lchown instead of chown, if available
  • cdd4ce7 use modern JavaScript
  • d548650 update tap
  • Additional commits viewable in compare view


Updates ini from 1.3.5 to 4.1.2

Release notes

Sourced from ini's releases.

v4.1.2

4.1.2 (2024-03-04)

Bug Fixes

Documentation

Chores

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.