search

lake-afton-public-observatory / lapo-api

This API returns a collection of various types of interesting data ranging from our hours of operation, to upcoming passes of the International Space Station.
https://lapo-api.herokuapp.com
GNU General Public License v3.0
0 stars 1 forks source link

Bump qs and express #34

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps qs to 6.9.7 and updates ancestor dependency express. These dependencies need to be updated together.

Updates qs from 6.7.0 to 6.9.7

Changelog

Sourced from qs's changelog.

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"
  • [actions] backport actions from main
  • [Dev Deps] backport updates from main

6.9.6

  • [Fix] restore dist dir; mistakenly removed in d4f6c32

6.9.5

  • [Fix] stringify: do not encode parens for RFC1738
  • [Fix] stringify: fix arrayFormat comma with empty array/objects (#350)
  • [Refactor] format: remove util.assign call
  • [meta] add "Allow Edits" workflow; update rebase workflow
  • [actions] switch Automatic Rebase workflow to pull_request_target event
  • [Tests] stringify: add tests for #378
  • [Tests] migrate tests to Github Actions
  • [Tests] run nyc on all tests; use tape runner
  • [Dev Deps] update eslint, @ljharb/eslint-config, browserify, mkdirp, object-inspect, tape; add aud

6.9.4

  • [Fix] stringify: when arrayFormat is comma, respect serializeDate (#364)
  • [Refactor] stringify: reduce branching (part of #350)
  • [Refactor] move maybeMap to utils
  • [Dev Deps] update browserify, tape

6.9.3

  • [Fix] proper comma parsing of URL-encoded commas (#361)
  • [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#336)

6.9.2

  • [Fix] parse: Fix parsing array from object with comma true (#359)
  • [Fix] parse: throw a TypeError instead of an Error for bad charset (#349)
  • [meta] ignore eclint transitive audit warning
  • [meta] fix indentation in package.json
  • [meta] add tidelift marketing copy
  • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, has-symbols, tape, mkdirp, iconv-lite
  • [actions] add automatic rebasing / merge commit blocking

6.9.1

  • [Fix] parse: with comma true, handle field that holds an array of arrays (#335)
  • [Fix] parse: with comma true, do not split non-string values (#334)
  • [meta] add funding field
  • [Dev Deps] update eslint, @ljharb/eslint-config

... (truncated)

Commits
  • 4cd0032 v6.9.7
  • e799ba5 [Fix] parse: ignore __proto__ keys (#428)
  • 02ca358 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 4a17709 [Fix] stringify: avoid encoding arrayformat comma when `encodeValuesOnly = ...
  • c0e13e9 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 4113a5f [Tests] clean up stringify tests slightly
  • 749a584 [Docs] add note and links for coercing primitive values (#408)
  • cce2082 [meta] fix README.md (#399)
  • c44f0c5 Revert "[meta] ignore eclint transitive audit warning"
  • e6cfd8b [actions] backport actions from main
  • Additional commits viewable in compare view


Updates express from 4.17.1 to 4.17.3

Release notes

Sourced from express's releases.

4.17.3

  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: negotiator@0.6.3
  • deps: body-parser@1.19.2
    • deps: bytes@3.1.2
    • deps: qs@6.9.7
    • deps: raw-body@2.4.3
  • deps: cookie@0.4.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy

4.17.2

  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: body-parser@1.19.1
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
    • deps: qs@6.9.6
    • deps: raw-body@2.4.2
    • deps: safe-buffer@5.2.1
    • deps: type-is@~1.6.18
  • deps: content-disposition@0.5.4
    • deps: safe-buffer@5.2.1
  • deps: cookie@0.4.1
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: forwarded@0.2.0
    • deps: ipaddr.js@1.9.1
  • deps: qs@6.9.6
  • deps: safe-buffer@5.2.1
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
  • deps: serve-static@1.14.2
    • deps: send@0.17.2
  • deps: setprototypeof@1.2.0
Changelog

Sourced from express's changelog.

4.17.3 / 2022-02-16

  • deps: accepts@~1.3.8
    • deps: mime-types@~2.1.34
    • deps: negotiator@0.6.3
  • deps: body-parser@1.19.2
    • deps: bytes@3.1.2
    • deps: qs@6.9.7
    • deps: raw-body@2.4.3
  • deps: cookie@0.4.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • pref: remove unnecessary regexp for trust proxy

4.17.2 / 2021-12-16

  • Fix handling of undefined in res.jsonp
  • Fix handling of undefined when "json escape" is enabled
  • Fix incorrect middleware execution with unanchored RegExps
  • Fix res.jsonp(obj, status) deprecation message
  • Fix typo in res.is JSDoc
  • deps: body-parser@1.19.1
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
    • deps: qs@6.9.6
    • deps: raw-body@2.4.2
    • deps: safe-buffer@5.2.1
    • deps: type-is@~1.6.18
  • deps: content-disposition@0.5.4
    • deps: safe-buffer@5.2.1
  • deps: cookie@0.4.1
    • Fix maxAge option to reject invalid values
  • deps: proxy-addr@~2.0.7
    • Use req.socket over deprecated req.connection
    • deps: forwarded@0.2.0
    • deps: ipaddr.js@1.9.1
  • deps: qs@6.9.6
  • deps: safe-buffer@5.2.1
  • deps: send@0.17.2
    • deps: http-errors@1.8.1
    • deps: ms@2.1.3
    • pref: ignore empty http tokens
  • deps: serve-static@1.14.2
    • deps: send@0.17.2
  • deps: setprototypeof@1.2.0
Commits
  • 3d7fce5 4.17.3
  • f906371 build: update example dependencies
  • 6381bc6 deps: qs@6.9.7
  • a007863 deps: body-parser@1.19.2
  • e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
  • a659137 tests: use strict mode
  • a39e409 tests: prevent leaking changes to NODE_ENV
  • 82de4de examples: fix path traversal in downloads example
  • 12310c5 build: use nyc for test coverage
  • 884657d examples: remove bitwise syntax for includes check
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/lake-afton-public-observatory/lapo-api/network/alerts).
dependabot[bot] commented 1 year ago

Looks like these dependencies are updatable in another way, so this is no longer needed.