Bump the npm_and_yarn group across 2 directories with 44 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
async	2.6.1	2.6.4
express	4.16.3	4.19.2
mongoose	5.3.7	5.13.20
passport	0.4.0	0.6.0
ajv	5.5.2	8.12.0
har-validator	5.1.0	5.1.5
@angular/cli	7.0.3	17.3.5
follow-redirects	1.5.9	1.15.6
ini	1.3.5	4.1.2
minimatch	3.0.4	9.0.4
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
moment	2.22.2	2.30.1
moment-timezone	0.5.23	0.5.45
node-fetch	2.3.0	2.7.0
passport-oauth2	1.4.0	1.8.0
request	2.88.0	removed
@google-cloud/bigquery	1.3.0	7.6.0
y18n	3.2.1	3.2.2

Bumps the npm_and_yarn group with 23 updates in the /front-end directory:

Package	From	To
express	4.16.3	4.19.2
ajv	5.5.2	8.12.0
@angular-devkit/build-angular	0.7.5	17.3.5
@angular/cli	6.1.5	17.3.5
har-validator	5.1.0	5.1.5
qs	6.5.2	6.5.3
body-parser	1.18.2	1.20.2
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.5.8	1.15.6
fsevents	1.2.4	1.2.13
ini	1.3.5	1.3.8
minimatch	3.0.4	3.1.2
semver	5.5.1	5.7.2
karma	1.7.1	6.4.3
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
lodash	4.17.11	4.17.21
set-value	2.0.0	2.0.1
union-value	1.0.0	1.0.1
@angular/core	6.1.8	10.2.5
@babel/traverse	7.1.0	7.24.1
handlebars	4.0.12	4.7.8
jszip	3.1.5	3.10.1

Updates async from 2.6.1 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

v2.6.3

• Updated lodash to squelch a security warning (#1675)

v2.6.2

• Updated lodash to squelch a security warning (#1620)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• f1d8383 Version 2.6.3
• 2b674c1 update changelog
• eab740f fix: udpate lodash. closes #1675
• eaf32be Version 2.6.2
• 684b42e Update built files
• e1bd3da update changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates express from 4.16.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates mongoose from 5.3.7 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.3.2 / 2024-04-16

• fix(populate): avoid match function filtering out null values in populate result #14518 #14494
• types(query): make FilterQuery props resolve to any for generics support #14510 #14473 #14459
• types(DocumentArray): pass DocType generic to Document for correct toJSON() and toObject() return types #14526 #14469
• types(models): fix incorrect bulk write options #14513 emiljanitzek
• docs: add documentation for calling schema.post() with async function #14514 #14305

7.6.11 / 2024-04-11

• fix(populate): avoid match function filtering out null values in populate result #14518
• fix(schema): support setting discriminator options in Schema.prototype.discriminator() #14493 #14448
• fix(schema): deduplicate idGetter so creating multiple models with same schema doesn't result in multiple id getters #14492 #14457

6.12.8 / 2024-04-10

• fix(document): handle virtuals that are stored as objects but getter returns string with toJSON #14468 #14446
• fix(schematype): consistently set wasPopulated to object with value property rather than boolean #14418
• docs(model): add extra note about lean option for insertMany() skipping casting #14415 #14376

8.3.1 / 2024-04-08

• fix(document): make update minimization unset property rather than setting to null #14504 #14445
• fix(model): make Model.recompileSchema() also re-apply discriminators #14500 #14444
• fix(schema): deduplicate idGetter so creating multiple models with same schema doesn't result in multiple id getters #14492
• fix: update kareem -> 2.6.3 for index.d.ts #14508 #14497
• fix(mongoose): make setDriver() update mongoose.model() connections and collections #14505
• types(validation): support function for validator message property, and add support for accessing validator reason #14499 #14496
• docs: remove typo #14501 epmartini

8.3.0 / 2024-04-03

• feat: use mongodb@6.5.0
• feat(document): add validateAllPaths option to validate() and validateSync() #14467 #14414
• feat: pathsToSave option to save() function #14385 #9583
• feat(query): add options parameter to Query.prototype.sort() #14375 #14365
• feat: add function SchemaType.prototype.validateAll #14434 #6910
• fix: handle array schema definitions with of keyword #14447 #14416
• types: add overwriteMiddlewareResult and skipMiddlewareFunction to types #14328 #14829

8.2.4 / 2024-03-28

• types(query): bring "getFilter" and "getQuery" in-line with "find" and other types #14463 hasezoey
• types(schema): re-export the defintion for SearchIndexDescription #14464 noseworthy
• docs: removed unused hook from docs #14461 bernardarhia

8.2.3 / 2024-03-21

• fix(schema): avoid returning string 'nested' as schematype #14453 #14443 #14435
• types(schema): add missing search index types #14449 noseworthy

... (truncated)

Commits

• 0f3997a chore: release 5.13.20
• f1efabf fix: avoid prototype pollution on init
• 98e0762 chore: release 5.13.19
• 7e36d21 chore: release 5.13.18
• 6759c60 undo accidental changes and actually pin @​types/json-schema
• 4ed4a89 chore: pin version of @​types/json-schema because of install issues on node v4...
• 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
• 26424d5 5.x - bump mongodb driver to 3.7.4
• 4b8b0a9 add versionNumber to 5.x
• 1bc07ec chore: release 5.13.17
• Additional commits viewable in compare view

Updates passport from 0.4.0 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

• authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

• req#login() and req#logout() regenerate the the session and clear session information by default.
• req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

• Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

• initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

• Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

[0.5.1] - 2021-12-15

Added

• Informative error message in session strategy if session support is not available.

Changed

• authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

• initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• Additional commits viewable in compare view

Updates ajv from 5.5.2 to 8.12.0

Release notes

Sourced from ajv's releases.

v8.12.0

• fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @​piliugin-anton)
• empty JTD "values" schema (#2191)
• empty object to work with JTD utility type (#2158, @​erikbrinkman)
• fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
• correctly narrow "number" type to "integer" (#2192, @​JacobLey)
• update Node.js versions in CI to 14, 16, 18 and 19

v8.11.2

Update dependencies

Export ValidationError and MissingRefError (ajv-validator/ajv#1840, @​dannyb648)

v8.11.1

Update dependencies

Export ValidationError and MissingRefError (#1840, @​dannyb648)

v8.11.0

Use root schemaEnv when resolving references in oneOf (#1901, @​asprouse)

Only use equal function in generated code when it is used (#1922, @​bhvngt)

v8.10.0

uriResolver option (@​zekth, #1862)

v8.9.0

Option code.esm to generate ESM exports for standalone validation functions (@​rehanvdm, #1861) Support discriminator keyword with $ref in oneOf subschemas (@​dfeufel, #1815)

v8.8.2

Use full RegExp string (with flags) as cache key, related to ajv-validator/ajv-keywords#220

v8.8.1

Fix minContains: 0 (#1819)

v8.8.0

Fix browser bundles in cdnjs regExp option allowing to specify alternative RegExp engine, e.g. re2 (@​efebarlas)

v8.7.1

Publish Ajv bundle for JSON Schema 2020-12 to cdnjs.com

v8.7.0

Update JSON Schema Test Suite. Change minContains: 0 now correctly allows empty array.

v8.6.3

Fix $ref resolution for schemas without $id (@​rbuckton, #1725) Support standalone module import from ESM modules without using .default property (@​bhvngt, #1757)

... (truncated)

Commits

• bf1266a 8.12.0
• 321fad6 update node versions (#2195)
• c5c195b fix JTD discriminator with more than 8 properties, fixes #1971 (#2194)
• 527d43a build(deps-dev): bump @​rollup/plugin-commonjs from 23.0.7 to 24.0.0 (#2184)
• 2e5884b build(deps-dev): bump @​rollup/plugin-typescript from 9.0.2 to 10.0.1 (#2193)
• a697668 build(deps-dev): bump @​rollup/plugin-json from 5.0.2 to 6.0.0 (#2183)
• dab8504 special case empty object for jtd (#2158)
• d2c57d9 build(deps-dev): bump @​rollup/plugin-typescript from 8.5.0 to 9.0.2 (#2160)
• a489265 correctly narrow "number" type to "integer", fixes #1935 (#2192)
• a211e8d JTD empty values schema, fixes #1949 (#2191)
• Additional commits viewable in compare view

Updates har-validator from 5.1.0 to 5.1.5

Release notes

Sourced from har-validator's releases.

v5.1.5

5.1.5 (2020-07-30)

v5.1.4

5.1.4 (2020-07-30)

v5.1.2

5.1.2 (2018-11-07)

Bug Fixes

• docs: update badge links (1764b7c)

v5.1.1

5.1.1 (2018-11-07)

Bug Fixes

• scaffold: update project scaffold template (fd01aff)

Commits

• b77cdcb build(semantic-release): should release when docs are updated
• 3a4d4f3 docs(readme): correct badge
• 01c5f2a style(lint): correct lint errors
• ab43db4 build(semantic-release): correct .releaserc file name
• bab9612 build(deps): update dependencies
• 6742cb5 test(docker-compose): docker-compose for unified testing
• fd48174 ci(actions): replace old ci setup with new github actions workflows
• 5c53c92 build(deps): [security] bump handlebars from 4.0.11 to 4.7.1 (#160)
• ea53334 chore(deps): lock file maintenance (#114)
• a38c067 5.1.3
• Additional commits viewable in compare view

Updates @angular/cli from 7.0.3 to 17.3.5

Release notes

Sourced from @​angular/cli's releases.

v17.3.5

17.3.5 (2024-04-17)

@​angular-devkit/build-angular

Commit	Description
	address Unable to deserialize cloned data issue with Yarn PnP
	remove type="text/css" from style tag

v17.3.4

17.3.4 (2024-04-11)

@​angular-devkit/build-angular

Commit	Description
	ensure esbuild-based builders exclusively produce ESM output

v17.3.3

@​schematics/angular

Commit	Description
	Revert "fix(@​schematics/angular): rename SSR port env variable"

v17.3.2

17.3.2 (2024-03-25)

@​schematics/angular

Commit	Description
	rename SSR port env variable

@​angular-devkit/build-angular

Commit	Description
	Internal server error: Invalid URL when using a non localhost IP
	ensure proper resolution of linked SCSS files
	service-worker references non-existent named index output
	update webpack-dev-middleware to 6.1.2

v17.3.1

17.3.1 (2024-03-20)

@​schematics/angular

Commit	Description
	improve Sass format clarity for application style option

@​angular-devkit/build-angular

Commit	Description
	only generate server directory when SSR is enabled

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

17.3.5 (2024-04-17)

@​angular-devkit/build-angular

Commit	Type	Description
6191d06ca	fix	address Unable to deserialize cloned data issue with Yarn PnP
0335d6a5d	fix	remove type="text/css" from style tag

17.3.4 (2024-04-11)

@​angular-devkit/build-angular

Commit	Type	Description
1128bdd64	fix	ensure esbuild-based builders exclusively produce ESM output

16.2.14 (2024-04-11)

@​angular-devkit/build-angular

Commit	Type	Description
1068c3c73	fix	update vite to 4.5.3

18.0.0-next.2 (2024-04-03)

@​schematics/angular

Commit	Type	Description
725883713	feat	use eventCoalescing option by default (standalone bootstrap)
508d97da7	feat	use ngZoneEventCoalescing option by default (module bootstrap)
157329384	fix	add spaces around eventCoalescing option

... (truncated)

Commits

• c5f20a3 release: cut the v17.3.5 release
• 6191d06 fix(@​angular-devkit/build-angular): address `Unable to deserialize cloned dat...
• 0335d6a fix(@​angular-devkit/build-angular): remove type="text/css" from style tag
• d0bff79 release: cut the v17.3.4 release
• 84ee482 docs: replace links links to aio with links to adev
• 1128bdd fix(@​angular-devkit/build-angular): ensure esbuild-based builders exclusively...
• 1f47a10 build: update vite and undici
• 97acaff release: cut the v17.3.3 release
• 6061a0b Revert "fix(@​schematics/angular): rename SSR port env variable"
• 97da8ba build: add missing dep in test to fix CI
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/cli since your current version.

Updates qs from 6.5.1 to 6.5.2

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates follow-redirects from 1.5.9 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates chownr from 1.0.1 to 1.1.1

Commits

• 7a5c3d5 1.1.1
• 03eb97e Fix bug working on network-path files on windows
• 76c21fa 1.1.0
• e8f0dc7 auto-publish scripts
• b196e0e add tests for old readdir support
• e06dd8a Avoid unnecessary stats on node v10.10 and above
• 36a93e3 use lchown to address part 1 of TOCTOU issue
• a631d84 use lchown instead of chown, if available
• cdd4ce7 use modern JavaScript
• d548650 update tap
• Additional commits viewable in compare view

Updates ini from 1.3.5 to 4.1.2

Release notes

Sourced from ini's releases.

v4.1.2

4.1.2 (2024-03-04)

Bug Fixes

• e237377 #243 Removed the unused doUnesc param in the unsafe function (#243) (@​LoicE5)

Documentation

• 31b3209 #239 Fix typo in bracketedArray option name in README.md (#239) (@​futpib)
• 24eb9a0 Reworked README (#235) (@​PhoneDroid)
• fc6ce28 #212 Fix typo in bracketedArray option name in README.md (#212) (@​futpib)

Chores

• 29caa7c #240 postinstall for dependabot template-oss PR (@​lukekarrys)
• eafd8f7 #240 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• 5cb0c9f #238 postinstall for dependabot template-oss PR (@​lukekarrys)
• 4ad194e #238 bump @​npmcli/template-oss from 4.21.0 to 4.21.1 (@​dependabot[bot])
• a138d1f #233 postinstall for dependabot template-oss PR (@​lukekarrys)
• e37a22e #233 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 2f57997 #215 postinstall for dependabot template-oss PR (@​lukekarrys)
• 526d5fe #215 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 98de8c2 #214 postinstall for dependabot template-oss PR (@​lukekarrys)
• fd33f54 #214 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• 21abe16 #211 postinstall for dependabot template-oss PR (@​lukekarrys)
• f52bed5 #211 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])
• da3b717 #210 postinstall for dependabot template-oss PR (@​lukekarrys)
• 9e9adf4 #210 bump @​npmcli/template-oss from 4.15.1 to 4.17.0 (@​dependabot[bot])

v4.1.1

4.1.1 (2023-05-16)

Bug Fixes

• 090f64e #208 check process on browser (#208) (@​Creskendoll)

v4.1.0

4.1.0 (2023-04-13)

Features

• 622106a
  dependabot[bot] commented 2 months ago

  Superseded by #103.