search

hex7c0 / transfer-rate

calculate transfer-rate of request/response for Nodejs
https://github.com/hex7c0/transfer-rate
Apache License 2.0
6 stars 4 forks source link

build(deps): bump the npm_and_yarn group across 1 directory with 14 updates #9

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 7 months ago

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package From To
express 4.16.2 4.19.2
grunt 1.0.1 1.5.3
growl 1.9.2 ``
mocha 3.5.3 10.3.0
lodash 3.7.0 4.17.21
jshint 2.9.5 2.9.7
handlebars 4.0.11 4.7.8
js-yaml 3.5.5 3.14.1
minimist 1.2.0 1.2.8
handlebars 4.0.11 4.7.8
mkdirp 0.5.1 0.5.6
qs 6.5.1 6.12.0
shelljs 0.3.0 ``
grunt-contrib-jshint 1.1.0 3.2.0

Updates express from 4.16.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates grunt from 1.0.1 to 1.5.3

Release notes

Sourced from grunt's releases.

v1.5.3

  • Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
  • Patch up race condition in symlink copying. 58016ff
  • Merge pull request #1746 from JamieSlome/patch-1 0749e1d
  • Create SECURITY.md 69b7c50

https://github.com/gruntjs/grunt/compare/v1.5.2...v1.5.3

v1.5.2

  • Update Changelog 7f15fd5
  • Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
  • Clean up link handling 433f91b

https://github.com/gruntjs/grunt/compare/v1.5.1...v1.5.2

v1.5.1

  • Merge pull request #1742 from gruntjs/update-symlink-test ad22608
  • Fix symlink test 0652305

https://github.com/gruntjs/grunt/compare/v1.5.0...v1.5.1

v1.5.0

  • Updated changelog b2b2c2b
  • Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
  • Update testing matrix 47d32de
  • More updates 2e9161c
  • Remove console log 04b960e
  • Update dependencies, tests... aad3d45
  • Merge pull request #1736 from justlep/main fdc7056
  • support .cjs extension e35fe54

https://github.com/gruntjs/grunt/compare/v1.4.1...v1.5.0

v1.4.1

  • Update Changelog e7625e5
  • Merge pull request #1731 from gruntjs/update-options 5d67e34
  • Fix ci install d13bf88
  • Switch to Actions 08896ae
  • Update grunt-known-options eee0673
  • Add note about a breaking change 1b6e288

https://github.com/gruntjs/grunt/compare/v1.4.0...v1.4.1

v1.4.0

  • Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
  • Update changelog and util dep 106ed17
  • Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
  • Update CLI and nodeunit 47cf8b6
  • Merge pull request #1722 from gruntjs/update-through e86db1c
  • Update deps 4952368

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: https://github.com/js-cli/js-liftoff/commit/e7a969d6706e730d90abb4e24d3cb4d3bce06ddb. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt since your current version.


Updates getobject from 0.1.0 to 1.0.2

Release notes

Sourced from getobject's releases.

v1.0.2

  • Merge pull request #8 from cowboy/dependabot/npm_and_yarn/path-parse-1.0.7 6f86cf7
  • Bump path-parse from 1.0.6 to 1.0.7 6e79841

https://github.com/cowboy/node-getobject/compare/v1.0.1...v1.0.2

v1.0.1

  • Update deps 141e3a5
  • Merge pull request #7 from cowboy/dependabot/npm_and_yarn/hosted-git-info-2.8.9 c97cf3e
  • Bump hosted-git-info from 2.8.8 to 2.8.9 201e91b
  • Update dev deps 5ffb873

https://github.com/cowboy/node-getobject/compare/v1.0.0...v1.0.1

v1.0.0

No release notes provided.

Commits
Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for getobject since your current version.


Removes growl

Updates mocha from 3.5.3 to 10.3.0

Release notes

Sourced from mocha's releases.

v10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

New Contributors

Full Changelog: https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0

v10.3.0-preminor.0

A test release tagged with next on npm, to test that we can do releases at all. See #5081 for context.

What's Changed

... (truncated)

Changelog

Sourced from mocha's changelog.

10.3.0 / 2024-02-08

This is a stable release equivalent to 10.30.0-prerelease.

10.3.0-prerelease / 2024-01-18

This is a prerelease version to test our ability to release. Other than removing or updating dependencies, it contains no intended user-facing changes.

:nut_and_bolt: Other

10.2.0 / 2022-12-11

:tada: Enhancements

  • #4945: API: add possibility to decorate ESM name before import (@​j0tunn)

:bug: Fixes

:book: Documentation

10.1.0 / 2022-10-16

:tada: Enhancements

:nut_and_bolt: Other

... (truncated)

Commits
  • a886829 chore: fix link in pull request template (#5091)
  • 53a4baf chore: remove unnecessary canvas dependency (#5069)
  • 1ebff45 chore: inline nyan reporter's write function (#5056)
  • 8812413 fix: add alt text to Built with Netlify badge (#5068)
  • 645469e docs: touchups to labels and a template title post-revamp (#5050)
  • 9f99178 docs: overhaul contributing and maintenance docs for end-of-year 2023 (#5038)
  • eca4fec docs: fix return jsdoc type of titlePath (#4886)
  • 060f77d docs: use mocha.js instead of mocha in the example run (#4927)
  • 4b60c1a docs: fix fragment ID for yargs.js extends docs (#4918)
  • b41e985 chore: remove stale workflow (#5029)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by joshuakgoldberg, a new releaser for mocha since your current version.


Updates lodash from 3.7.0 to 4.17.21

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table>

... (truncated)

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates jshint from 2.9.5 to 2.9.7

Release notes

Sourced from jshint's releases.

JSHint 2.9.7

2.9.7 (2018-12-07)

This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

JSHint 2.9.6

2.9.6 (2018-07-30)

Bug Fixes

  • Add missing global objects for browser env (badc7a4)
  • Add other Fetch spec globals (07bb596), closes #2582
  • Allow closing over immutable bindings (7091685)
  • Allow computed method names in obj literal (a5ff715)
  • Allow empty export and trailing comma (631327e), closes #2567
  • Avoid infinite loop on invalid for stmt (56a4379)
  • Consistently ignore dot-prefixed dirs (8d4317e)
  • Correct impl of built-in bindings (a11d631)
  • Correct interpretation of whitespace (dd06eea)
  • Correct location of reported error (1c434a3)
  • Correct location reported for W043 (1d04868)
  • Correct reporting of var name in list comprehensions (0ff6644)
  • Correct restriction on function name (55aa54e)
  • Correct spelling of Uint8ClampedArray (8df4a32)
  • Create block scope for switch statements (aa2be10)
  • Disallow default values in rest parameters (b420aed)
  • Do not create binding for illegal syntax (9fe8c94)
  • Do not warn about non-ambiguous linebreaks (ab3ab85)
  • Fix "is is" message typos (7993101)
  • Preserve functionality in "legacy" Node.js (2f6ac13)
  • recognize Jasmine global spyOnProperty (827237f), closes #3183
  • Relax restriction on asgnmnt to arguments (0a66710)
  • Remove warning W100 (ff71d3c)
  • Report error for duplicate arrow params (506c7d5)
  • Report error for redeclared generator fns (8896fa3)
  • Restrict "name" of strict mode functions (a554c89)
  • Restrict super usage to valid forms (8f3f880)
  • Restrict IdentifierNames in ES5 code (5995a9f)
  • Tolerate division following closing brace (3aa02db)
  • Tolerate RegExp as void operand (3f920b5)
  • Tolerate whitespace in inline directives (efeb0f8)

Features

  • List outer scoped variables of W083 (d03662c), closes #3211
Changelog

Sourced from jshint's changelog.

2.9.7 (2018-12-07)

This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

2.9.6 (2018-07-30)

Bug Fixes

  • Add missing global objects for browser env (badc7a4)
  • Add other Fetch spec globals (07bb596), closes #2582
  • Allow closing over immutable bindings (7091685)
  • Allow computed method names in obj literal (a5ff715)
  • Allow empty export and trailing comma (631327e), closes #2567
  • Avoid infinite loop on invalid for stmt (56a4379)
  • Consistently ignore dot-prefixed dirs (8d4317e)
  • Correct impl of built-in bindings (a11d631)
  • Correct interpretation of whitespace (dd06eea)
  • Correct location of reported error (1c434a3)
  • Correct location reported for W043 (1d04868)
  • Correct reporting of var name in list comprehensions (0ff6644)
  • Correct restriction on function name (55aa54e)
  • Correct spelling of Uint8ClampedArray (8df4a32)
  • Create block scope for switch statements (aa2be10)
  • Disallow default values in rest parameters (b420aed)
  • Do not create binding for illegal syntax (9fe8c94)
  • Do not warn about non-ambiguous linebreaks (ab3ab85)
  • Fix "is is" message typos (7993101)
  • Preserve functionality in "legacy" Node.js (2f6ac13)
  • recognize Jasmine global spyOnProperty (827237f), closes #3183
  • Relax restriction on asgnmnt to arguments (0a66710)
  • Remove warning W100 (ff71d3c)
  • Report error for duplicate arrow params (506c7d5)
  • Report error for redeclared generator fns (8896fa3)
  • Restrict "name" of strict mode functions (a554c89)
  • Restrict super usage to valid forms (8f3f880)
  • Restrict IdentifierNames in ES5 code (5995a9f)
  • Tolerate division following closing brace (3aa02db)
  • Tolerate RegExp as void operand (3f920b5)
  • Tolerate whitespace in inline directives (efeb0f8)

Features

  • List outer scoped variables of W083 (d03662c), closes #3211

Commits
  • 01bf8c6 v2.9.7
  • 71f2f1f [[TEST]] Assert CLI behavior: stdin w/o filename
  • 3a8ef8b Added Spotify to companies who use JSHint (#3333)
  • 80c7fda [[CHORE]] Relocate development dependency
  • f70250b [[CHORE]] Relocate development dependencies
  • d5c1a00 v2.9.6
  • ab3ab85 [[FIX]] Do not warn about non-ambiguous linebreaks
  • eaca85b [[CHORE]] Improve test coverage for ASI warning
  • 0a66710 [[FIX]] Relax restriction on asgnmnt to arguments
  • 3aa02db [[FIX]] Tolerate division following closing brace
  • Additional commits viewable in compare view


Updates handlebars from 4.0.11 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

  • Make library compatible with workers (#1894) - 3d3796c
  • Don't rely on Node.js global object (#1776) - 2954e7e
  • Fix compiling of each block params in strict mode (#1855) - 30dbf04
  • Fix rollup warning when importing Handlebars as ESM - 03d387b
  • Fix bundler issue with webpack 5 (#1862) - c6c6bbb
  • Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits
  • 8dc3d25 v4.7.8
  • 668c4fb Fix browser tests in CI pipeline
  • c65c6cc Test on Node 18
  • 3d3796c Make library compatible with workers
  • 075b354 Fix sync issue with npm lock-file
  • 30dbf04 Fix compiling of each block params in strict mode
  • e3a5448 Fix bundler issue with webpack 5
  • 8e23642 Fix integration-tests issue with npm >= 7
  • 88ac068 use https instead of git for mustache submodule
  • c68bc08 Fix typo
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.


Updates js-yaml from 3.5.5 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

  • Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

  • Support safe/loadAll(input, options) variant of call.
  • CI: drop outdated nodejs versions.
  • Dev deps bump.

Fixed

  • Quote = in plain scalars #519.
  • Check the node type for !<?> tag in case user manually specifies it.
  • Verify that there are no null-bytes in input.
  • Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

  • Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

  • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

  • Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

  • Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

  • Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

  • Add arrow functions suport for !!js/function.

Fixed

  • Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits
dependabot[bot] commented 6 months ago

Superseded by #10.