search

nextcloud / backup

Backup now. Restore later.
GNU Affero General Public License v3.0
241 stars 33 forks source link

Build(deps): Bump axios, @nextcloud/axios and @nextcloud/vue #575

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Bumps axios to 1.6.1 and updates ancestor dependencies axios, @nextcloud/axios and @nextcloud/vue. These dependencies need to be updated together.

Updates axios from 0.27.2 to 1.6.1

Release notes

Sourced from axios's releases.

Release v1.6.1

Release notes:

Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

Contributors to this release

Release v1.6.0

Release notes:

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

Release v1.5.1

Release notes:

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.1 (2023-11-08)

Bug Fixes

  • formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)

Contributors to this release

1.6.0 (2023-10-26)

Bug Fixes

  • CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
  • dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
  • types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

  • CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes

  • adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
  • types: removed duplicated code (9e62056)

Contributors to this release

... (truncated)

Commits
  • f6d2cf9 chore(ci): fix publish action content permission; (#6061)
  • a22f4b9 chore(release): v1.6.1 (#6060)
  • cb8bb2b chore(ci): Publish to NPM with provenance (#5835)
  • 37cbf92 chore(ci): added labeling and notification for published PRs; (#6059)
  • dd465ab fix(formdata): fixed content-type header normalization for non-standard brows...
  • 3dc8369 fix(platform): fixed emulated browser detection in node.js environment; (#6055)
  • f7adacd chore(release): v1.6.0 (#6031)
  • 9917e67 chore(ci): fix release-it arg; (#6032)
  • 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
  • 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
  • Additional commits viewable in compare view


Updates @nextcloud/axios from 2.3.0 to 2.4.0

Release notes

Sourced from @​nextcloud/axios's releases.

v2.4.0

2.4.0 – 2023-06-28

Fixed

  • Fix package exports to allow Typescript projects with module resolution of Node16 or NodeNext to import the package

Changed

  • Axios upgrade from v0.27 to v1.4
  • Update node engines to next LTS (node 20 / npm 9)
  • Dependency updates
Changelog

Sourced from @​nextcloud/axios's changelog.

2.4.0 – 2023-06-28

Fixed

  • Fix package exports to allow Typescript projects with module resolution of Node16 or NodeNext to import the package

Changed

  • Axios upgrade from v0.27 to v1.4
  • Update node engines to next LTS (node 20 / npm 9)
  • Dependency updates
Commits
  • 27e2158 chore(deps): update dependency @​rollup/plugin-typescript to ^11.1.2
  • e73e84f chore(deps): update babel monorepo to ^7.22.5
  • 028e5d6 Merge pull request #634 from nextcloud/fix/readme-badges
  • 2c1c298 fix(docs): Fix "build status" aka tests badge in README
  • 865af43 Merge pull request #631 from nextcloud/feat/add-eslint
  • cc2b0f9 Merge pull request #630 from nextcloud/chore/npmignore
  • 9498817 chore: Add eslint and fix linter issues
  • 407abfd Merge pull request #632 from nextcloud/fix/drop-tslib
  • 36686f2 Merge pull request #633 from nextcloud/chore/update-ci
  • aef0573 chore: Update CI workflows from organization templates
  • Additional commits viewable in compare view


Updates @nextcloud/vue from 5.4.0 to 8.0.1

Release notes

Sourced from @​nextcloud/vue's releases.

v8.0.1

What's Changed

🐛 Fixed bugs

Other Changes

Full Changelog: https://github.com/nextcloud-libraries/nextcloud-vue/compare/v8.0.0...v8.0.1

v8.0.0

What's Changed

More information could be found on this tracking issue: nextcloud-libraries/nextcloud-vue#4223

💥 Breaking Changes

🚀 Enhancements

... (truncated)

Changelog

Sourced from @​nextcloud/vue's changelog.

v8.0.1 (2023-11-09)

Full Changelog

:bug: Fixed bugs

Other Changes

v8.0.0 (2023-11-08)

Full Changelog

:boom: Breaking changes

  • Update node engines to next LTS (node 20 / npm 9)
  • The deprecated NcMultiselect and NcMultiselectTags components were removed #4281 (susnux)
    • Migration: Use the NcSelect and NcSelectTags components instead
  • The deprecated NcPopoverMenu component was removed #4081 (raimund-schluessler)
    • Migration: Use the NcActions component instead
  • The deprecated NcAppNavigationCounter component was removed #4096 (raimund-schluessler)
    • Migration: Use the NcCounterBubble component instead
  • The deprecated excludeClickOutsideClasses property was removed from clickOutsideOptions #4088 (raimund-schluessler)
    • Migration: Use the excludeClickOutsideSelectors property, which takes an array of css selectors, instead
  • The label property of NcAutoCompleteResult was renamed to title #4222 (susnux)
  • The deprecated title property was removed, every occurrence of title was renamed to name #4106 (raimund-schluessler), #4052 (raimund-schluessler)
    • label property was renamed to name for NcMentionBubble
    • name propery is now required for NcActions*, NcAppNavigationItem and NcBreadcrumb*
    • See linked pull request for full migration guide
  • chore: Drop install entry point and replace it with an Vue Plugin #4349 (susnux)
  • NcInputField: The labelVisible property was removed for accessibility it is required to always show a label. You can still use the labelOutside property to remove the inner label from the component.
  • feat(NcEmptyContent)!: make empty content centered by default instead of 20vh margin #4506 (ShGKme)
  • chore!: Rename Datetime to DateTime in component names #4560 (susnux)
  • feat(NcIconSvgWrapper)!: remove ID from svg #4607 (ShGKme)

:rocket: Enhancements

  • feat(NcAppSettingsDialog): Allow to add icons to the navigation sections #4745 (susnux)
  • feat(NcButton): Allow to format text of button #4367 (susnux)
  • enh(NcDatetime): New component for displaying timestamps as time relative from now #4219 (susnux)
  • feat(NcInputField): Append custom aria-describedby to input field #4225 (Pytal)
  • feat(NcNoteCard): Add new 'info' version to display informational messaged #4063 (moan0s)
  • feat(NcEmptyContent): Add slot for description #3895 (susnux)
  • feat(NcActions): Improve readability of action menu entries #4049 (Pytal)
  • feat(NcReferencePickerModal): Allow setting modal size when registering a custom picker component #3866 (julien-nc)
  • feat: Migrate NcAvatar to use NcActions #4017 (raimund-schluessler)
  • feat(a11y): Export a11y activation util #4166 (Pytal)
  • NcButton: Add alignment property to change icon and text ordering #4366 (susnux)

... (truncated)

Commits
  • 0cb72d7 Merge pull request #4792 from nextcloud-libraries/v8.0.1
  • 13d9b49 Release v8.0.1
  • 9a7aa31 Merge pull request #4791 from nextcloud-libraries/bugfix/4785/tab-headers-and...
  • 83e17ff Merge pull request #4783 from nextcloud-libraries/bugfix/noid/outlined-counte...
  • f261b94 fix(NcCheckboxRadioSwitch): Fix contrast of Radio switches using button-variant
  • bc6f8b9 Merge pull request #4784 from nextcloud-libraries/translations_ef429a9836fb49...
  • adc9a0e Merge pull request #4790 from nextcloud-libraries/fix/timezone-picker--missed-t
  • 8e7ed4a fix(NcTimezonePicker): add missing t method
  • effe055 Translate l10n/messages.pot in gl
  • 484d8d0 Merge pull request #4789 from nextcloud-libraries/dependabot/npm_and_yarn/lin...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nextcloud/backup/network/alerts).
dependabot[bot] commented 9 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.