search

kartverket / kartverket.dev

Kartverket's internal developer portal
https://kartverket.dev
MIT License
1 stars 3 forks source link

Bump the npm_and_yarn group across 1 directory with 4 updates #38

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the npm_and_yarn group with 3 updates in the / directory: @backstage/backend-common, follow-redirects and webpack-dev-middleware.

Updates @backstage/backend-common from 0.21.3 to 0.21.4

Changelog

Sourced from @​backstage/backend-common's changelog.

0.21.4

Patch Changes

  • 7422430: Resolve the basePath before constructing the target path

  • 999224f: Bump dependency minimatch to v9

  • e0b997c: Fix issue where resolveSafeChildPath path would incorrectly resolve when operating on a symlink

  • 9802004: Added the UserInfoApi as both an optional input and as an output for createLegacyAuthAdapters

  • 2af5354: Bump dependency jose to v5

  • ff40ada: Updated dependency mysql2 to ^3.0.0.

  • 0fb419b: Updated dependency uuid to ^9.0.0. Updated dependency @types/uuid to ^9.0.0.

  • 568881f: Updated dependency yauzl to ^3.0.0.

  • 4a3d434: Added a createLegacyAuthAdapters function that can be used as a compatibility adapter for backend plugins who want to start using the new auth and httpAuth services that were created as part of BEP-0003.

    See the Auth Service Migration tutorial for more information on the usage of this adapter.

  • Updated dependencies

    • @​backstage/integration@​1.9.1
    • @​backstage/plugin-auth-node@​0.4.9
    • @​backstage/config@​1.2.0
    • @​backstage/errors@​1.2.4
    • @​backstage/backend-plugin-api@​0.6.14
    • @​backstage/backend-app-api@​0.6.0
    • @​backstage/config-loader@​1.7.0
    • @​backstage/backend-dev-utils@​0.1.4
    • @​backstage/cli-common@​0.1.13
    • @​backstage/integration-aws-node@​0.1.10
    • @​backstage/types@​1.1.1

0.21.4-next.2

Patch Changes

  • Updated dependencies
    • @​backstage/integration@​1.9.1-next.2
    • @​backstage/backend-app-api@​0.6.0-next.2
    • @​backstage/plugin-auth-node@​0.4.9-next.2
    • @​backstage/backend-dev-utils@​0.1.4
    • @​backstage/backend-plugin-api@​0.6.14-next.2
    • @​backstage/cli-common@​0.1.13
    • @​backstage/config@​1.2.0-next.1
    • @​backstage/config-loader@​1.7.0-next.1
    • @​backstage/errors@​1.2.4-next.0
    • @​backstage/integration-aws-node@​0.1.10-next.1
    • @​backstage/types@​1.1.1

0.21.4-next.1

Patch Changes

... (truncated)

Commits


Updates follow-redirects from 1.15.4 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • See full diff in compare view


Updates jose from 4.15.4 to 4.15.5

Release notes

Sourced from jose's releases.

v4.15.5

Fixes

Changelog

Sourced from jose's changelog.

4.15.5 (2024-03-07)

Fixes

  • add a maxOutputLength option to zlib inflate (1b91d88)
Commits
  • 765aafd chore(release): 4.15.5
  • b36e45e test: add export check to x509 pem import tests
  • e839ecb test: stop testing JWE RSA1_5 Algorithm
  • 1b91d88 fix: add a maxOutputLength option to zlib inflate
  • 9ca2b24 build: remove release action
  • f3035d8 chore: cleanup after release
  • See full diff in compare view


Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)
Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

  • security: do not allow to read files above (#1779) (189c4ac)
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kartverket/kartverket.dev/network/alerts).