search

sarvex / Ghost

Just a blogging platform
https://ghost.org
MIT License
0 stars 0 forks source link

Bump the npm_and_yarn group across 1 directories with 11 updates #14

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the npm_and_yarn group with 11 updates in the /. directory:

Package From To
express-hbs 0.8.4 2.4.1
lodash 2.4.1 4.17.21
moment 2.8.3 2.29.4
morgan 1.5.0 1.9.1
node-uuid 1.4.2 1.4.8
passport 0.2.1 0.6.0
request 2.51.0 2.88.2
semver 4.1.0 5.7.2
validator 13.7.0 13.11.0
bower 1.3.12 1.8.14
grunt 0.4.5 1.6.1

Updates express-hbs from 0.8.4 to 2.4.1

Release notes

Sourced from express-hbs's releases.

2.1.2

2.1.1

Fixes:

2.1.0

Features:

  • Adds support for local template options
  • Adds updateLocalTemplateOptions(locals, options) method
  • Adds getLocalTemplateOptions(locals) method
  • Adds getTemplateOptions() method

2.0.2

Security:

Deps:

  • Update handlebars@4.0.13

2.0.1

Bug Fixes:

  • Fixed #153 Block content array must be concated with newline, not stringified

2.0.0

Bug Fixes

  • Fixed #144 registerAsyncHelper using the wrong replace call
  • Fixes #143 Update handlebars to 4.0.8 (did latest handlebars 4.0.12)
  • Fixed #101 Cached blocks should be stored per request
  • Fixed #100 Conflict between content blocks
  • Fixed #99 Blocks prone to memory leaks
  • Fixed #115 fix multi-dotted extension name usage for partials
  • Fixed #140 readme markdown syntax highlighting

Addition:

  • Update TravisCI to test node versions 11 and dropped testing node 4, 0.12, and 0.10 (Will still run on those versions if using express 3)

Deps:

  • Add bluebird@3.5.3
  • Update handlebars@4.0.12 -Update js-beautify@1.8.8
  • Add lodash@4.17.11
  • Update readdirp@2.2.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by allouis, a new releaser for express-hbs since your current version.


Updates lodash from 2.4.1 to 4.17.21

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table>

... (truncated)

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates moment from 2.8.3 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits


Updates morgan from 1.5.0 to 1.9.1

Release notes

Sourced from morgan's releases.

1.9.1

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: debug@2.6.9
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2

  • deps: debug@2.6.8
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@2.0.0

1.8.1

  • deps: debug@2.6.1
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2

1.8.0

  • Fix sending unnecessary undefined argument to token functions
  • deps: basic-auth@~1.1.0
  • deps: debug@2.6.0
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: ms@0.7.2
  • perf: enable strict mode in compiled functions

1.7.0

  • Add digits argument to response-time token
  • deps: depd@~1.1.0
    • Enable strict mode in more places
    • Support web browser loading
  • deps: on-headers@~1.0.1
    • perf: enable strict mode

1.6.1

  • deps: basic-auth@~1.0.3

1.6.0

  • Add morgan.compile(format) export
  • Do not color 1xx status codes in dev format
  • Fix response-time token to not include response latency
  • Fix status token incorrectly displaying before response in dev format

... (truncated)

Changelog

Sourced from morgan's changelog.

1.9.1 / 2018-09-10

  • Fix using special characters in format
  • deps: depd@~1.1.2
    • perf: remove argument reassignment

1.9.0 / 2017-09-26

  • Use res.headersSent when available
  • deps: basic-auth@~2.0.0
    • Use safe-buffer for improved Buffer API
  • deps: debug@2.6.9
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

  • deps: debug@2.6.8
    • Fix DEBUG_MAX_ARRAY_LENGTH
    • deps: ms@2.0.0

1.8.1 / 2017-02-04

  • deps: debug@2.6.1
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2

1.8.0 / 2017-02-04

  • Fix sending unnecessary undefined argument to token functions
  • deps: basic-auth@~1.1.0
  • deps: debug@2.6.0
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: ms@0.7.2
  • perf: enable strict mode in compiled functions

1.7.0 / 2016-02-18

  • Add digits argument to response-time token
  • deps: depd@~1.1.0
    • Enable strict mode in more places

... (truncated)

Commits
  • 572dd93 1.9.1
  • e02de38 lint: apply standard 12 style
  • e329663 Fix using special characters in format
  • eb1968a tests: use strict equality checks
  • 310b206 build: use yaml eslint configuration
  • 5810937 build: Node.js@9.11
  • f60afd5 build: Node.js@8.11
  • 5295b0c build: eslint-plugin-standard@3.1.0
  • 178daaf build: eslint-plugin-promise@3.8.0
  • 7b08641 build: eslint-plugin-import@2.12.0
  • Additional commits viewable in compare view


Updates node-uuid from 1.4.2 to 1.4.8

Commits


Updates passport from 0.2.1 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

  • Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

[0.5.1] - 2021-12-15

Added

  • Informative error message in session strategy if session support is not available.

Changed

  • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits


Updates request from 2.51.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

v2.87.0 (2018/05/21)

v2.86.0 (2018/05/15)

v2.85.0 (2018/03/12)

v2.84.0 (2018/03/12)

v2.83.0 (2017/09/27)

v2.82.0 (2017/09/19)

v2.81.0 (2017/03/09)

v2.80.0 (2017/03/04)

... (truncated)

Commits


Updates semver from 4.1.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates validator from 13.7.0 to 13.11.0

Release notes

Sourced from validator's releases.

13.11.0

New Features / Validators

Fixes, New Locales and Enhancements

New Contributors 🎉

Full Changelog: https://github.com/validatorjs/validator.js/compare/13.9.0...13.11.0

13.9.0

13.9.0

... (truncated)

Changelog

Sourced from validator's changelog.

13.11.0

New Features / Validators

Fixes, New Locales and Enhancements

13.9.0

New Features / Validators

Fixes and Enhancements

... (truncated)

Commits
  • f074abd 13.11.0
  • 6be9634 feat(isEmail) extend to enable allow_underscores in domain (#2229)
  • 2f551c6 fix(isMobilePhone): fixed pl-PL matching numbers that start with 45 (#2202)
  • ad41eba feat(IsFQDN): Add a test that asserts numeric chars in tld are rejected by de...
  • f303d39 feat(isIBAN): add white and blacklist options to the isIBAN validator (#2235)
  • 2ef9a83 feat(isMobilePhone): Added regex for Sudan ar-SD (#2246)
  • 2440c39 feat(isIBAN): add Morocco (MA) IBAN format (#2025)
  • 4c25f26 refactor(isCreditCard): create allCards dynamically (#2117)
  • 3507d27 fix(isJWT): fix validation issue in isJWT function (#2217)
  • 63b1e4d fix(isEmail) do not allow non-breaking space in user part (#2237)
  • Additional commits viewable in compare view


Updates bower from 1.3.12 to 1.8.14

Release notes

Sourced from bower's releases.

v1.8.12

  • Properly bundle all dependencies of Bower within package

v1.8.10

v1.8.8

Fix security issue connected to extracting .tar.gz archives

This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

Needlessly to say, please upgrade

v1.8.7

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

bower/bower#2532

v1.8.6

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

v1.8.4

  • Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)

v1.8.3

  • 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
  • 50ee729 Allow to disable shorthand resolver (#2507)
  • bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
  • 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
  • 74af42c Only replace last @ after (if any) last / with # (#2395)
  • 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
  • 💅Format source code with prettier

v1.8.2

Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

It is so we leverage CDN and offload Heroku instance reducing costs.

v1.8.0

  • Download tar archives from GitHub when possible (#2263)
    • Change default shorthand resolver for github from git:// to https://
  • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
  • Allow for removing components with url instead of name (#2368)
  • Show in warning message location of malformed bower.json (#2357)
  • Improve handling of non-semver versions in git resolver (#2316)
  • Fix handling of cached releases pluginResolverFactory (#2356)

... (truncated)

Changelog

Sourced from bower's changelog.

Changelog

Newer releases

Please see: https://github.com/bower/bower/releases

1.8.0 - 2016-11-07

  • Download tar archives from GitHub when possible (#2263)
    • Change default shorthand resolver for github from git:// to https://
  • Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
  • Allow for removing components with url instead of name (#2368)
  • Show in warning message location of malformed bower.json (#2357)
  • Improve handling of non-semver versions in git resolver (#2316)
  • Fix handling of cached releases pluginResolverFactory (#2356)
  • Allow to type the entire version when conflict occured (#2243)
  • Allow owner/reponame shorthand for registering components (#2248)
  • Allow single-char repo names and package names (#2249)
  • Make bower version no longer honor version in bower.json (#2232)
  • Add postinstall hook (#2252)
  • Allow for @ instead of # for install and info commands (#2322)
  • Upgrade all bundled modules

1.7.9 - 2016-04-05

  • Show warnings for invalid bower.json fields
  • Update bower-json
    • Less strict validation on package name (allow spaces, slashes, and "@")

1.7.8 - 2016-04-04

  • Don't ask for git credentials in non-interactive session, fixes #956 #1009
  • Prevent swallowing exceptions with programmatic api, fixes #2187
  • Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
  • Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
  • Upgrade handlebars to 4.0.5, closes #2195
  • Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
  • Update opn package to fix issues with "bower open" command on Windows
  • Update bower-config
    • Do not interpolate environment variables in script hooks, fixes bower/config#47
  • Update bower-json
    • Validate package name more strictly and allow only latin letters, dots, dashes and underscores
  • Add support for "save" and "save-exact" in .bowerrc, #2161

1.7.7 - 2016-01-27

Revert locations of all files while still packaging nod... _Description has been truncated_

dependabot[bot] commented 4 months ago

Superseded by #18.