pagarme / superbowleto

:football: A microservice to issue, register and manage boletos
MIT License
5 stars 0 forks source link

chore(deps): bump the npm_and_yarn group across 1 directory with 36 updates #409

Open dependabot[bot] opened 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 26 updates in the / directory:

Package From To
aws-sdk 2.368.0 2.814.0
axios 0.16.0 0.28.0
express 4.16.2 4.19.2
log4js 3.0.6 6.4.0
moment-timezone 0.5.26 0.5.35
sequelize 4.41.2 6.29.0
sequelize-cli 4.0.0 5.5.0
@babel/traverse 7.1.6 7.24.7
semver 5.3.0 5.7.2
semver 5.6.0 5.7.2
semver 5.7.1 5.7.2
semver 5.5.0 5.7.2
pg 7.7.1 8.12.0
async 2.6.1 2.6.4
braces 1.8.5 3.0.3
ava 0.25.0 6.1.3
ajv 5.5.2 6.12.6
eslint 4.14.0 9.4.0
ini 1.3.4 1.3.8
hoek 6.1.2 removed
joi 14.3.0 17.13.1
https-proxy-agent 2.2.1 2.2.4
lodash 4.17.11 4.17.21
handlebars 4.0.11 4.7.8
y18n 3.2.1 3.2.2
path-parse 1.0.5 1.0.7
qs 6.5.1 6.11.0
body-parser 1.18.2 1.20.2
xml2js 0.4.19 0.6.2
aws-sdk 2.814.0 2.1638.0

Updates aws-sdk from 2.368.0 to 2.814.0

Changelog

Sourced from aws-sdk's changelog.

2.814.0

  • bugfix: Credentials: SDK will throw if shared ini file's profile name can be resolved to proto
  • feature: EC2: EBS io2 volumes now supports Multi-Attach
  • feature: PersonalizeRuntime: Updated FilterValues regex pattern to align with Filter Expression.
  • feature: RDS: Adds IAM DB authentication information to the PendingModifiedValues output of the DescribeDBInstances API. Adds ClusterPendingModifiedValues information to the output of the DescribeDBClusters API.

2.813.0

  • feature: ConfigService: Adding PutExternalEvaluation API which grants permission to deliver evaluation result to AWS Config
  • feature: DLM: Provide Cross-account copy event based policy support in DataLifecycleManager (DLM)
  • feature: EC2: C6gn instances are powered by AWS Graviton2 processors and offer 100 Gbps networking bandwidth. These instances deliver up to 40% better price-performance benefit versus comparable x86-based instances
  • feature: Imagebuilder: This release adds support for building and distributing container images within EC2 Image Builder.
  • feature: KMS: Added CreationDate and LastUpdatedDate timestamps to ListAliases API response
  • feature: Route53: This release adds support for DNSSEC signing in Amazon Route 53.
  • feature: Route53Resolver: Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC).
  • feature: SQS: Amazon SQS adds queue attributes to enable high throughput FIFO.
  • feature: ServiceCatalog: Support TagOptions sharing with Service Catalog portfolio sharing.

2.812.0

  • feature: CostExplorer: This release updates the "MonitorArnList" from a list of String to be a list of Arn for both CreateAnomalySubscription and UpdateAnomalySubscription APIs
  • feature: Location: Initial release of Amazon Location Service. A new geospatial service providing capabilities to render maps, geocode/reverse geocode, track device locations, and detect geofence entry/exit events.
  • feature: QuickSight: QuickSight now supports connecting to federated data sources of Athena
  • feature: WellArchitected: This is the first release of AWS Well-Architected Tool API support, use to review your workload and compare against the latest AWS architectural best practices.

2.811.0

  • feature: Amp: (New Service) Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor containerized applications securely and at scale.
  • feature: GreengrassV2: AWS IoT Greengrass V2 is a new major version of AWS IoT Greengrass. This release adds several updates such as modular components, continuous deployments, and improved ease of use.
  • feature: IoTAnalytics: FileFormatConfiguration enables data store to save data in JSON or Parquet format. S3Paths enables you to specify the S3 objects that save your channel messages when you reprocess the pipeline.
  • feature: IoTFleetHub: AWS IoT Fleet Hub, a new feature of AWS IoT Device Management that provides a web application for monitoring and managing device fleets connected to AWS IoT at scale.
  • feature: IoTWireless: AWS IoT for LoRaWAN enables customers to setup a private LoRaWAN network by connecting their LoRaWAN devices and gateways to the AWS cloud without managing a LoRaWAN Network Server.
  • feature: Iot: AWS IoT Rules Engine adds Kafka Action that allows sending data to Apache Kafka clusters inside a VPC. AWS IoT Device Defender adds custom metrics and machine-learning based anomaly detection.
  • feature: IotDeviceAdvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
  • feature: Lambda: Added support for Apache Kafka as a event source. Added support for TumblingWindowInSeconds for streams event source mappings. Added support for FunctionResponseTypes for streams event source mappings
  • feature: SSM: Adding support for Change Manager API content

2.810.0

  • feature: DevOpsGuru: Documentation updates for DevOps Guru.
  • feature: EC2: Add c5n.metal to ec2 instance types list
  • feature: GlobalAccelerator: This release adds support for custom routing accelerators

2.809.0

  • feature: AutoScaling: Documentation updates and corrections for Amazon EC2 Auto Scaling API Reference and SDKs.
  • feature: CloudTrail: CloudTrailInvalidClientTokenIdException is now thrown when a call results in the InvalidClientTokenId error code. The Name parameter of the AdvancedEventSelector data type is now optional.
  • feature: IoTSiteWise: Added the ListAssetRelationships operation and support for composite asset models, which represent structured sets of properties within asset models.

2.808.0

  • feature: EC2: TGW connect simplifies connectivity of SD-WAN appliances; IGMP support for TGW multicast; VPC Reachability Analyzer for VPC resources connectivity analysis.
  • feature: Kendra: Amazon Kendra now supports adding synonyms to an index through the new Thesaurus resource.
  • feature: NetworkManager: This release adds API support for Transit Gateway Connect integration into AWS Network Manager.

2.807.0

... (truncated)

Commits
  • 8875a35 Updates SDK to v2.814.0
  • dd83d67 throw at invalid profile name in shared ini file (#3585)
  • ee0c5a3 Updates SDK to v2.813.0
  • 468d15b Updates SDK to v2.812.0
  • c50132f Update README.md with references to JS SDK V3 (#3582)
  • 3e19b08 Updates SDK to v2.811.0
  • f26c00d Updates SDK to v2.810.0
  • b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackups...
  • fa57967 Updates SDK to v2.809.0
  • 9a52018 Updates SDK to v2.808.0
  • Additional commits viewable in compare view


Updates axios from 0.16.0 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

  • Fixed FormData posting in browser environment by reverting #3785 (#4640)
  • Enhanced protocol parsing implementation (#4639)
  • Fixed bundle size

v0.27.1

Fixes and Functionality:

  • Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
  • Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

  • Fixed FormData posting in browser environment by reverting #3785 (#4640)
  • Enhanced protocol parsing implementation (#4639)
  • Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits
  • 3b7635a [Release] v0.28.0 (#6211)
  • 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
  • 80c3d74 chore(ci): backported publish action; (#6224)
  • 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
  • 880b42e docs: Fix a typo in README
  • c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
  • 80b546c fix: loosing request header (#4858) (#4871)
  • 6acb5ef feat: brower platform add data protocol. (#4814)
  • bbb2264 fix(typing): axios response headers can be undefined (#4813)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.


Updates express from 4.16.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0

4.18.1 / 2022-04-29

  • Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

  • Add "root" option to res.download
  • Allow options without filename in res.download
  • Deprecate string and non-integer arguments to res.status
  • Fix behavior of null/undefined as maxAge in res.cookie
  • Fix handling very large stacks of sync middleware
  • Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates log4js from 3.0.6 to 6.4.0

Changelog

Sourced from log4js's changelog.

6.4.0 - BREAKING CHANGE 💥

New default file permissions may cause external applications unable to read logs. A manual code/configuration change is required.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.


Updates moment-timezone from 0.5.26 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

  • Updated data to IANA TZDB 2021e

Release 0.5.33

  • Updated data to IANA TZDB 2021a

Release 0.5.32

  • Updated data to IANA TZDB 2020d

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

  • Updated data to IANA TZDB 2020a
  • Fixed typescript definitions

NOTE: You might need to un-install @types/moment-timezone. Check moment/moment-timezone#858 for more info.

Release 0.5.29

Release 0.5.28

Merged pull request #410 from @​adgrace:

  • Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
  • Added a method moment.tz(timezone_id).countries() to get countries for some time zone
  • Added a method moment.tz.countries() to get all country codes
  • And as you know moment.tz.names() already exists

Release 0.5.27

0.5.27 2019-10-14

  • Updated data to IANA TZDB `2019c
Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

  • Updated data to IANA TZDB 2021e

0.5.33 2021-02-06

  • Updated data to IANA TZDB 2021a

0.5.32 2020-11-14

  • Updated data to IANA TZDB 2020d

0.5.31 2020-05-16

  • Fixed Travis builds for Node.js 4 and 6

0.5.30 2020-05-16

  • Updated data to IANA TZDB 2020a
  • Fixed typescript definitions

NOTE: You might need to un-install @​types/moment-timezone. Check moment/moment-timezone#858 for more info

0.5.29 2020-05-16

0.5.28 2020-02-21

Merged pull request #410 from @​adgrace:

  • Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
  • Added a method moment.tz(timezone_id).countries() to get countries for some time zone
  • Added a method moment.tz.countries() to get all country codes
  • And as you know moment.tz.zones() already exists

0.5.27 2019-10-14

  • Updated data to IANA TZDB 2019c
Commits
  • b8fb1ba Build moment-timezone 0.5.35
  • f1b5e5a Add changelog for 0.5.35
  • 8b0eb0c Bump version to 0.5.35
  • 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
  • ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
  • 9430b4c Merge remote-tracking branch 'origin/master' into develop
  • feaf900 Updated contributing.md + added 2021e files
  • 704cfac updated contributing.md
  • 877c863 Updated contributing.md + added 2021e files
  • 5a3015c updated contributing.md
  • Additional commits viewable in compare view


Updates sequelize from 4.41.2 to 6.29.0

Release notes

Sourced from sequelize's releases.

v6.29.0

6.29.0 (2023-02-23)

Features

  • throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710) (d3f5b5a)

v6.28.2

6.28.2 (2023-02-22)

Bug Fixes

v6.28.1

6.28.1 (2023-02-21)

Bug Fixes

v6.28.0

6.28.0 (2022-12-20)

Features

  • types: use retry-as-promised types for retry options to match documentation (#15484) (fd4afa6)

v6.27.0

6.27.0 (2022-12-12)

Features

v6.26.0

6.26.0 (2022-11-29)

Features

v6.25.8

... (truncated)

Commits
  • d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578)...
  • 53bd9b7 meta: fix null test getWhereConditions (#15705)
  • 13f2e89 fix: accept undefined in where (#15703)
  • d9e0728 fix: throw if where receives an invalid value (#15699)
  • 48d6193 fix: update moment-timezone version (#15685)
  • fd4afa6 feat(types): use retry-as-promised types for retry options to match documenta...
  • 1247c01 feat: add support for bigints (backport of #14485) (#15413)
  • 94beace feat(postgres): add support for lock_timeout #15345 (#15355)
  • 7885000 fix(oracle): remove hardcoded maxRows value (#15323)
  • bc39fd6 fix: fix parameters not being replaced when after $$ strings (#15307)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.


Updates sequelize-cli from 4.0.0 to 5.5.0

Changelog

Sourced from sequelize-cli's changelog.

v5.5.0 - 11th, June 2019

Fixed

  • fix: special characters in password are not escaped #722
  • change: default config for operator aliases #743

v5.4.0 - 1st, Dec 2018

Fixed

  • fix: show commands with --help #719

v5.3.0 - 4th, Nov 2018

Fixed

  • fix(db:create): syntax errors with mssql create statement #711
  • style: grammar mistake in seeder skeleton #705

Feature

  • feat(mode:generate) add enum support #704

v5.2.0 - 20th, Oct 2018

Feature

  • feat(db:create): support options on db:create with sequelize@4 #700

v5.1.0 - 14th, Oct 2018

Feature

  • feat(postgres): migrationStorageTableSchema #635

v5.0.0 - 13th, Oct 2018

Fixed

  • fix(init): relative config path for windows #648
  • fix(mode:generate): use force arg correctly #691
  • updated dependencies

Breaking

  • Node 6 or up is supported

v4.1.0 - 19th, Aug 2018

... (truncated)

Commits


Updates @babel/traverse from 7.1.6 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

:bug: Bug Fix

:house: Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3
backstage-catalog-validator[bot] commented 4 months ago

:warning: Este repositório ainda não está catalogado no Backstage. :warning:

Por favor, catalogue-o seguindo as instruções nesta documentação. [Via VPN].

:information_desk_person: Qualquer problema ou dúvida, estamos no Slack, basta abrir um ticket no canal #help-foundation-platform.

devsec-app-pagarme[bot] commented 4 months ago

Gandalf - Continuous AppSec

:pushpin: Lembrete

Este repositório está sendo monitorando de forma automática e contínua em busca de achados que possam comprometer a segurança da aplicação. Para maiores detalhes, acesse aqui à plataforma.

:clipboard: Resumo de achados no repositório superbowleto

Criticade Achados
Critical 8
High 14
Medium 0
Low 0