search

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2
https://auth.nuxtjs.org
MIT License
1.93k stars 924 forks source link

chore(deps): update all non-major dependencies #1657

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@babel/core (source) ^7.16.12 -> ^7.17.8 age adoption passing confidence
@microsoft/api-documenter (source) ^7.15.1 -> ^7.17.0 age adoption passing confidence
@microsoft/api-extractor (source) ^7.19.4 -> ^7.20.0 age adoption passing confidence
@types/jest ^27.4.0 -> ^27.4.1 age adoption passing confidence
@types/node ^16.11.22 -> ^16.11.26 age adoption passing confidence
@types/puppeteer ^5.4.4 -> ^5.4.5 age adoption passing confidence
axios (source) ^0.25.0 -> ^0.26.1 age adoption passing confidence
babel-jest ^27.4.6 -> ^27.5.1 age adoption passing confidence
body-parser ^1.19.1 -> ^1.19.2 age adoption passing confidence
cookie ^0.4.1 -> ^0.4.2 age adoption passing confidence
eslint (source) ^8.8.0 -> ^8.12.0 age adoption passing confidence
eslint-config-prettier ^8.3.0 -> ^8.5.0 age adoption passing confidence
express (source) ^4.17.2 -> ^4.17.3 age adoption passing confidence
express-jwt ^6.1.0 -> ^6.1.1 age adoption passing confidence
jest (source) ^27.4.7 -> ^27.5.1 age adoption passing confidence
jiti ^1.12.15 -> ^1.13.0 age adoption passing confidence
playwright (source) ^1.18.1 -> ^1.20.1 age adoption passing confidence
prettier (source) ^2.5.1 -> ^2.6.1 age adoption passing confidence
ts-jest (source) ^27.1.3 -> ^27.1.4 age adoption passing confidence
typescript (source) ^4.5.5 -> ^4.6.3 age adoption passing confidence

Release Notes

axios/axios ### [`v0.26.1`](https://togithub.com/axios/axios/releases/v0.26.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.26.0...v0.26.1) ##### 0.26.1 (March 9, 2022) Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#​4220](https://togithub.com/axios/axios/pull/4220)) ### [`v0.26.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#​0260-February-13-2022) [Compare Source](https://togithub.com/axios/axios/compare/v0.25.0...v0.26.0) Fixes and Functionality: - Fixed The timeoutErrorMessage property in config not work with Node.js ([#​3581](https://togithub.com/axios/axios/pull/3581)) - Added errors to be displayed when the query parsing process itself fails ([#​3961](https://togithub.com/axios/axios/pull/3961)) - Fix/remove url required ([#​4426](https://togithub.com/axios/axios/pull/4426)) - Update follow-redirects dependency due to Vurnerbility ([#​4462](https://togithub.com/axios/axios/pull/4462)) - Bump karma from 6.3.11 to 6.3.14 ([#​4461](https://togithub.com/axios/axios/pull/4461)) - Bump follow-redirects from 1.14.7 to 1.14.8 ([#​4473](https://togithub.com/axios/axios/pull/4473))
eslint/eslint ### [`v8.12.0`](https://togithub.com/eslint/eslint/releases/v8.12.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.11.0...v8.12.0) #### Features - [`685a67a`](https://togithub.com/eslint/eslint/commit/685a67a62bdea19ca9ce12008a034b8d31162422) feat: fix logic for top-level `this` in no-invalid-this and no-eval ([#​15712](https://togithub.com/eslint/eslint/issues/15712)) (Milos Djermanovic) #### Chores - [`18f5e05`](https://togithub.com/eslint/eslint/commit/18f5e05bce10503186989d81ca484abb185a2c9d) chore: padding-line-between-statements remove useless `additionalItems` ([#​15706](https://togithub.com/eslint/eslint/issues/15706)) (Martin Sadovy)
Microsoft/playwright ### [`v1.20.1`](https://togithub.com/Microsoft/playwright/releases/v1.20.1) [Compare Source](https://togithub.com/Microsoft/playwright/compare/v1.20.0...v1.20.1) #### Highlights This patch includes the following bug fixes: [https://github.com/microsoft/playwright/issues/12711](https://togithub.com/microsoft/playwright/issues/12711) - \[REGRESSION] Page.screenshot hangs on some sites[https://github.com/microsoft/playwright/issues/12807](https://togithub.com/microsoft/playwright/issues/12807)7 - \[BUG] Cookies get assigned before fulfilling a respons[https://github.com/microsoft/playwright/issues/12814](https://togithub.com/microsoft/playwright/issues/12814)14 - \[Question] how to use expect.any in playwrig[https://github.com/microsoft/playwright/issues/12821](https://togithub.com/microsoft/playwright/issues/12821)821 - \[BUG] Chromium: Cannot click, element intercepts pointer eve[https://github.com/microsoft/playwright/issues/12836](https://togithub.com/microsoft/playwright/issues/12836)2836 - \[REGRESSION]: Tests not detected as ES module in v[https://github.com/microsoft/playwright/issues/12862](https://togithub.com/microsoft/playwright/issues/12862)12862 - \[Feature] Allow to use toMatchSnapshot for file formats other than txt (e.g.[https://github.com/microsoft/playwright/issues/12887](https://togithub.com/microsoft/playwright/issues/12887)/12887 - \[BUG] Locator.count() with \_vue selector wit[https://github.com/microsoft/playwright/issues/12940](https://togithub.com/microsoft/playwright/issues/12940)es/12940 - \[BUG] npm audit - High Severity vulnerability in json5 package forcing to install Playwrigh[https://github.com/microsoft/playwright/issues/12974](https://togithub.com/microsoft/playwright/issues/12974)ues/12974 - \[BUG] Regression - chromium browser closes during test or debugging session on macos #### Browser Versions - Chromium 101.0.4921.0 - Mozilla Firefox 97.0.1 - WebKit 15.4 This version was also tested against the following stable channels: - Google Chrome 99 - Microsoft Edge 99
prettier/prettier ### [`v2.6.1`](https://togithub.com/prettier/prettier/blob/HEAD/CHANGELOG.md#​261) [Compare Source](https://togithub.com/prettier/prettier/compare/2.6.0...2.6.1) [diff](https://togithub.com/prettier/prettier/compare/2.6.0...2.6.1) ##### Ignore `loglevel` when printing information ([#​12477](https://togithub.com/prettier/prettier/pull/12477) by [@​fisker](https://togithub.com/fisker)) ```bash ```
kulshekhar/ts-jest ### [`v27.1.4`](https://togithub.com/kulshekhar/ts-jest/blob/HEAD/CHANGELOG.md#​2714-httpsgithubcomkulshekharts-jestcomparev2713v2714-2022-03-24) [Compare Source](https://togithub.com/kulshekhar/ts-jest/compare/v27.1.3...v27.1.4) ##### Bug Fixes - **compiler:** revert [#​3194](https://togithub.com/kulshekhar/ts-jest/issues/3194) ([#​3362](https://togithub.com/kulshekhar/ts-jest/issues/3362)) ([2b7dffe](https://togithub.com/kulshekhar/ts-jest/commit/2b7dffeac940f779922c43cefba3f741a3911b49)), closes [#​3272](https://togithub.com/kulshekhar/ts-jest/issues/3272) - remove `esbuild` from peer dependency ([#​3360](https://togithub.com/kulshekhar/ts-jest/issues/3360)) ([8c8c1ca](https://togithub.com/kulshekhar/ts-jest/commit/8c8c1ca615b1edeedc9f4282557c28e82acee543)), closes [#​3346](https://togithub.com/kulshekhar/ts-jest/issues/3346) - support Babel config file with `.cjs` extension ([#​3361](https://togithub.com/kulshekhar/ts-jest/issues/3361)) ([5e5ac4a](https://togithub.com/kulshekhar/ts-jest/commit/5e5ac4ac286bdcce157d0bdc31f3a57202fdbdfe)), closes [#​3335](https://togithub.com/kulshekhar/ts-jest/issues/3335)
Microsoft/TypeScript ### [`v4.6.3`](https://togithub.com/Microsoft/TypeScript/releases/v4.6.3) [Compare Source](https://togithub.com/Microsoft/TypeScript/compare/v4.6.2...v4.6.3) This release includes fixes for - [an incremental parsing bug caused by faulty error recovery logic](https://togithub.com/microsoft/TypeScript/issues/47895) - [improved results from the TypeScript API's `preProcessFile` function](https://togithub.com/microsoft/TypeScript/pull/47657) For the complete list of fixed issues, check out the - [fixed issues query for Typescript 4.6.0 (Beta)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.0%22+). - [fixed issues query for Typescript 4.6.1 (RC)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.1%22+). - [fixed issues query for Typescript 4.6.2 (Stable)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.2%22+). - [fixed issues query for Typescript 4.6.3 (Stable)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.3%22+). Downloads are available on: - [npm](https://www.npmjs.com/package/typescript)

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by WhiteSource Renovate. View repository job log here.

GuillermoK1 commented 3 months ago

SUBJECT: axios 0.8.1 - 0.27.2 Severity: moderate Axios Cross-Site Request Forgery Vulnerability

Greetings, I will copy and paste below my terminal's message after installing this package directly from the npm page:

C:['my-path']> npm i @nuxtjs/auth-next

added 41 packages, and audited 1000 packages in 8s

182 packages are looking for funding run npm fund for details

3 moderate severity vulnerabilities

To address issues that do not require attention, run: npm audit fix

Some issues need review, and may require choosing a different dependency.

Run npm audit for details.

npm audit

npm audit report

axios 0.8.1 - 0.27.2 Severity: moderate Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx fix available via npm audit fix --force Will install undefined@undefined, which is a breaking change node_modules/@nuxtjs/auth-next/node_modules/axios node_modules/@nuxtjs/axios/node_modules/axios @nuxtjs/auth-next Depends on vulnerable versions of @nuxtjs/axios Depends on vulnerable versions of axios node_modules/@nuxtjs/auth-next @nuxtjs/axios Depends on vulnerable versions of axios node_modules/@nuxtjs/axios

3 moderate severity vulnerabilities

GuillermoK1 commented 3 months ago

Sorry. Didn't see this first: https://github.com/nuxt-community/auth-module/issues/893#issue-756320103