search

serverx-org / SERVER-X-101

Unite developers, create impactful products together
https://serverx.org.in
1 stars 1 forks source link

Bump the npm_and_yarn group with 7 updates #26

Open dependabot[bot] opened 2 months ago

dependabot[bot] commented 2 months ago

Bumps the npm_and_yarn group with 8 updates:

Package From To
svelte 3.49.0 4.2.19
@sveltejs/vite-plugin-svelte 1.0.1 3.1.2
svelte-check 2.8.0 3.8.6
svelte-preprocess 4.10.7 6.0.2
@grpc/grpc-js 1.6.10 1.8.22
google-gax 3.0.3 3.6.1
ws 8.8.1 8.18.0
ws 7.4.6 8.18.0

Updates svelte from 3.49.0 to 4.2.19

Release notes

Sourced from svelte's releases.

svelte@4.2.19

Patch Changes

  • fix: ensure typings for <svelte:options> are picked up (#12902)

  • fix: escape < in attribute strings (#12989)

svelte@4.2.18

Patch Changes

  • chore: speed up regex (#11922)
Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

  • fix: ensure typings for <svelte:options> are picked up (#12902)

  • fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

  • chore: speed up regex (#11922)

4.2.17

Patch Changes

  • fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

  • fix: check if svelte component exists on custom element destroy (#11489)

4.2.15

Patch Changes

  • support attribute selector inside :global() (#11135)

4.2.14

Patch Changes

  • fix parsing camelcase container query name (#11131)

4.2.13

Patch Changes

  • fix: applying :global for +,~ sibling combinator when slots are present (#9282)

4.2.12

Patch Changes

  • fix: properly update svelte:component props when there are spread props (#10604)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by svelte-admin, a new releaser for svelte since your current version.


Updates @sveltejs/vite-plugin-svelte from 1.0.1 to 3.1.2

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​3.1.2

Patch Changes

  • add warning for svelte5 users to update to vite-plugin-svelte@4 (#964)

@​sveltejs/vite-plugin-svelte@​3.1.1

Patch Changes

  • fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#917)

  • fix: disable hmr when vite config server.hmr is false (#917)

@​sveltejs/vite-plugin-svelte@​3.1.0

Minor Changes

  • feat(svelte5): enable hmr option in dev (#836)

Patch Changes

@​sveltejs/vite-plugin-svelte@​3.0.2

Patch Changes

  • fix(compile): correctly determine script lang in files where a comment precedes the script tag (#844)

@​sveltejs/vite-plugin-svelte@​3.0.1

Patch Changes

  • fix: improve checking of script and style in .svelte code to work with new generic= attribute (#799)

  • Fix optional parameter types (#797)

  • Update log level for HMR updates where the output is functionally equivalent to the previous version to "debug" (#806)

@​sveltejs/vite-plugin-svelte@​3.0.0

Major Changes

  • breaking: update minimum supported node version to node18 (#744)

  • breaking: update supported vite version to vite 5 (#743)

  • breaking: remove support for svelte 3 (#746)

  • Preprocess style tags by default with vitePreprocess (#756)

  • breaking: remove package.json export (#751)

... (truncated)

Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

3.1.2

Patch Changes

  • add warning for svelte5 users to update to vite-plugin-svelte@4 (#964)

3.1.1

Patch Changes

  • fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#917)

  • fix: disable hmr when vite config server.hmr is false (#917)

3.1.0

Minor Changes

  • feat(svelte5): enable hmr option in dev (#836)

Patch Changes

3.0.2

Patch Changes

  • fix(compile): correctly determine script lang in files where a comment precedes the script tag (#844)

3.0.1

Patch Changes

  • fix: improve checking of script and style in .svelte code to work with new generic= attribute (#799)

  • Fix optional parameter types (#797)

  • Update log level for HMR updates where the output is functionally equivalent to the previous version to "debug" (#806)

3.0.0

Major Changes

  • breaking: update minimum supported node version to node18 (#744)

  • breaking: update supported vite version to vite 5 (#743)

... (truncated)

Commits


Updates svelte-check from 2.8.0 to 3.8.6

Release notes

Sourced from svelte-check's releases.

svelte-check-3.8.6

  • fix: support Svelte 5 module script attribute (#2473)

svelte-check-3.8.5

  • chore: bump html/css language service (#2424)
  • chore: better "cannot use bind:" error message (#2429)
  • fix: no implicit children prop when using slot (#2427)
  • fix: correctly handle HTML between implicit snippet props (#2450)
  • fix: correctly scope snippet declarations (#2449)
  • fix: make it possible to type snippet parameters using JSDoc (#2449)
  • fix: add legacy methods to own component shape (#2451)

svelte-check-3.8.4

  • fix: ensure bindings and exports work properly for Svelte 5 + TS5.5

svelte-check-3.8.3

  • fix: detect root snippets correctly
  • fix: prevent false positive store declarations (#2422)

svelte-check-3.8.2

  • chore: reduce dependencies (#2413) (#2400)
  • fix: handle snippets with typed arguments (#2412)
  • fix: handle optional arguments in snippets (#2414)

svelte-check-3.8.1

  • fix: adjust ambient module snipping logic
  • chore: speed up regex

svelte-check-3.8.0

  • fix: allow for whitespace in snippets declaration (#2366)
  • fix: allow as expressions for bindable props (#2372)
  • fix: force correct semantic tokens for $props types (#2379)
  • feat: Svelte 5 component class/function interop (#2380)

svelte-check-3.7.1

  • fix: rework bindable types strategy (#2361)

svelte-check-3.7.0

  • feat: mark only properties as bindable that were declared using $bindable() in Svelte 5 runes mode (#2336)
  • chore: better Svelte 5 interop (#2336)
  • fix: preserve event attribute casing in Svelte 5 (#2347)
  • fix: handle #await inside #snippet (#2348)
  • fix: better bind:group transformation (#2349)
  • fix: handle boolean css var (#2350)

svelte-check-3.6.9

  • fix: ensure type widening for bind:group
  • perf: improve perf in deleteUnresolvedResolutionsFromCache (#2320)
  • fix: adjust for moved compiler file in Svelte 5 (#2327)

... (truncated)

Commits


Updates svelte-preprocess from 4.10.7 to 6.0.2

Changelog

Sourced from svelte-preprocess's changelog.

6.0.2 (2024-07-09)

Bug Fixes

6.0.1 (2024-06-14)

Bug Fixes

  • deprecate default export in favor of named export (#641) (a43de10), closes #591

6.0.0 (2024-06-12)

BREAKING CHANGES

  • remove TS mixed imports support, require TS 5.0 or higher
  • remove preserve option as it's unnecessary
  • require Svelte 4+, Node 18+
  • add exports map

Bug Fixes

  • adjust globalifySelector to not split selectors with parentheses. (#632) (c435ebd), closes #501
  • fix: allow TS filename to be undefined, fixes #488
  • fix: adjust Svelte compiler type import
  • fix: remove pug types and magic-string from dependencies
  • chore: bump peer deps, fixes #553

5.1.4 (2024-04-16)

Bug Fixes

5.1.3 (2023-12-18)

Bug Fixes

  • sass dependency list referencing source file in win32 (#621) (209312f)

5.1.2 (2023-12-12)

  • chore: mark postcss-load-config 5 as supported (3b5b1f0)

5.1.1 (2023-11-21)

... (truncated)

Commits


Updates @grpc/grpc-js from 1.6.10 to 1.8.22

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.8.22

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js@​1.8.21

  • Fix propagation of UNIMPLEMENTED error messages (#2528)

@​grpc/grpc-js 1.8.20

  • Fix a crash when the channel option grpc.keepalive_permit_without_calls is set (#2519)

@​grpc/grpc-js 1.8.19

  • Update keepalive behavior to more correctly handle short calls and long periods of inactivity (#2513)

@​grpc/grpc-js 1.8.18

  • Fix reporting of call stacks in unary request errors (#2503)
  • Fix reporting of proxy info in channelz socket responses (#2503)

@​grpc/grpc-js 1.8.17

  • Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@​grpc/grpc-js 1.8.16

  • Fix missing transport trace logs (#2470)

@​grpc/grpc-js 1.8.15

  • Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)
  • Ensure status and error events are consistently emitted asynchronously (#2456)

@​grpc/grpc-js 1.8.14

  • Fix sequencing of some events related to connectivity state changes (#2421)

@​grpc/grpc-js 1.8.13

  • Fix memory leak in channelz socket tracking (#2394)

@​grpc/grpc-js@​1.8.12

  • Fix an occasional type error when receiving DNS updates (#2380)
  • Fix ordering of events when handing requests on the server (#2376 contributed by @​phoenix741)

@​grpc/grpc-js 1.8.11

  • Avoid accumulating placeholder objects when sending many messages on a long-running stream (#2372)

@​grpc/grpc-js 1.8.10

  • Fix bugs in "pick first" load balancing policy that caused incorrect reconnection behavior (#2369)

@​grpc/grpc-js 1.8.9

  • Fix a bug where clients would continue to send pings at the original configured rate after receiving a backoff request from the server (#2363)

@​grpc/grpc-js 1.8.8

  • Remove progress field in returned status object (#2350)
  • Export InterceptingListener and NextCall types (#2351)
  • Fix a bug that could cause a crash when sending messages that exceed the outgoing message buffer size while a retry is in progress (#2349)

... (truncated)

Commits
  • a8a0203 Merge pull request from GHSA-7v5v-9h63-cj86
  • 3b110cd grpc-js: Bump to 1.8.22
  • 8e62222 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
  • 9d83947 Merge pull request #2742 from sergiitk/backport-1.8-psm-interop-common-prod-t...
  • 00f348c Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
  • 36d105b Merge pull request #2737 from murgatroid99/backport-1.8-grpc-js_linkify-it_fix
  • 969e305 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
  • d78216f Merge pull request #2715 from sergiitk/backport-1.8-psm-interop-pkg-dev
  • f38966a Merge pull request #2712 from sergiitk/psm-interop-pkg-dev
  • ffefff2 Merge pull request #2640 from XuanWang-Amos/backport-1.8-psm-interop-shared-b...
  • Additional commits viewable in compare view


Updates google-gax from 3.0.3 to 3.6.1

Changelog

Sourced from google-gax's changelog.

Changelog

npm history

4.4.0 (2024-08-27)

Features

Bug Fixes

  • deps: update dependency protobufjs-cli to v1.1.3 (#1645) (1b2ffdf)

4.3.9 (2024-08-06)

Bug Fixes

  • reduce duplicate code in streaming retries and add a test (#1636) (83b52e1)
  • test application cleanup (#1639) (76ac496)

4.3.8 (2024-07-08)

Bug Fixes

  • deps: remove rimraf in favor of native node rm function (#1626) (dd87646)

4.3.7 (2024-06-19)

Bug Fixes

4.3.6 (2024-06-06)

Bug Fixes

4.3.5 (2024-05-28)

... (truncated)

Commits


Updates ws from 8.8.1 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

  • Added support for Blob (#2229).

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});


request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits
  • 976c53c [dist] 8.18.0
  • 59b9629 [feature] Add support for Blob (#2229)
  • 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
  • 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • Additional commits viewable in compare view


Updates ws from 7.4.6 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

  • Added support for Blob (#2229).

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});


request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits
  • 976c53c [dist] 8.18.0
  • 59b9629 [feature] Add support for Blob (#2229)
  • 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
  • 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/serverx-org/SERVER-X-101/network/alerts).
github-actions[bot] commented 3 weeks ago

Stale pull request message