search

shardeum / validator-gui

MIT License
17 stars 7 forks source link

build(deps): bump the npm_and_yarn group across 1 directory with 14 updates #46

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package From To
express 4.18.2 4.21.0
next 13.4.7 14.2.10
postcss 8.4.26 8.4.47
@solana/web3.js 1.78.0 1.95.3
ws 7.4.6 8.17.1
@rainbow-me/rainbowkit 1.0.7 2.1.6
ethers 5.7.2 6.13.2
viem 1.3.0 2.21.10
wagmi 1.3.9 2.12.12
braces 3.0.2 3.0.3
micromatch 4.0.5 4.0.8

Updates express from 4.18.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.20.0...4.21.0

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

  • Deprecate res.location("back") and res.redirect("back") magic string
  • deps: serve-static@1.16.2
    • includes send@0.19.0
  • deps: finalhandler@1.3.1
  • deps: qs@6.13.0

4.20.0 / 2024-09-10

  • deps: serve-static@0.16.0
    • Remove link renderization in html while redirecting
  • deps: send@0.19.0
    • Remove link renderization in html while redirecting
  • deps: body-parser@0.6.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: path-to-regexp@0.1.10
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates next from 13.4.7 to 14.2.10

Release notes

Sourced from next's releases.

v14.2.10

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Credits

Huge thanks to @​huozhi and @​ijjk for helping!

v14.2.9

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • Revert "Fix esm property def in flight loader (#66990)" (#69749)
  • Disable experimental.optimizeServer by default to fix failed server action (#69788)
  • Fix middleware fallback: false case (#69799)
  • Fix status code for /_not-found route (#64058) (#69808)
  • Fix metadata prop merging (#69807)
  • create-next-app: fix font file corruption when using import alias (#69806)

Credits

Huge thanks to @​huozhi, @​ztanner, @​ijjk, and @​lubieowoce for helping!

v14.2.8

What's Changed

[!NOTE]
This release is backporting bug fixes and minor improvements. It does not include all pending features/changes on canary.

Support esmExternals in app directory

  • Support esm externals in app router (#65041)
  • Turbopack: Allow client components from foreign code in app routes (#64751)
  • Turbopack: add support for esm externals in app dir (#64918)
  • other related PRs: #66990 #66727 #66286 #65519

Reading cookies set in middleware in components and actions

  • initialize ALS with cookies in middleware (#65008)
  • fix middleware cookie initialization (#65820)
  • ensure cookies set in middleware can be read in a server action (#67924)
  • fix: merged middleware cookies should preserve options (#67956)

... (truncated)

Commits


Updates postcss from 8.4.26 to 8.4.47

Release notes

Sourced from postcss's releases.

8.4.47

  • Removed debug code.

8.4.46

  • Fixed Cannot read properties of undefined (reading 'before').

8.4.45

  • Removed unnecessary fix which could lead to infinite loop.

8.4.44

  • Another way to fix markClean is not a function error.

8.4.43

  • Fixed markClean is not a function error.

8.4.42

  • Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

8.4.40

  • Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

8.4.38

8.4.37

  • Fixed original.column are not numbers error in another case.

8.4.36

  • Fixed original.column are not numbers error on broken previous source map.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

8.4.33

8.4.32

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.47

  • Removed debug code.

8.4.46

  • Fixed Cannot read properties of undefined (reading 'before').

8.4.45

  • Removed unnecessary fix which could lead to infinite loop.

8.4.44

  • Another way to fix markClean is not a function error.

8.4.43

  • Fixed markClean is not a function error.

8.4.42

  • Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

8.4.40

  • Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

8.4.38

8.4.37

  • Fixed original.column are not numbers error in another case.

8.4.36

  • Fixed original.column are not numbers error on broken previous source map.

8.4.35

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

8.4.34

  • Fixed AtRule#nodes type (by Tim Weißenfels).
  • Cleaned up code (by Dmitry Kirillov).

8.4.33

  • Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
  • Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

... (truncated)

Commits


Updates @solana/web3.js from 1.78.0 to 1.95.3

Release notes

Sourced from @​solana/web3.js's releases.

v1.95.3

1.95.3 (2024-08-21)

Bug Fixes

v1.95.2

1.95.2 (2024-07-26)

Bug Fixes

  • correct import for getSetComputeUnitLimitInstruction helper (#2992) (a61a732)

v1.95.1

1.95.1 (2024-07-17)

Bug Fixes

  • apply default memcmp encoding (base58) when not supplied (#2945) (8ea5794)

v1.95.0

1.95.0 (2024-07-08)

Features

v1.94.0

1.94.0 (2024-06-29)

Features

  • simulated_transaction: Add Inner Instructions (#2756) (0936673)

v1.93.4

1.93.4 (2024-06-28)

Bug Fixes

  • add deprecation notice for getConfirmedSignatureForAddress2 and update other deprecation notices' validator versions (#2871) (1df9acb), closes #2859
  • deprecate the getStakeActivation RPC method (#2864) (8bd58de)

v1.93.3

1.93.3 (2024-06-27)

Bug Fixes

  • onProgramAccountChange() and onAccountChange() now accept an encoding (#2861) (f9b0d6d), closes #2725

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by lorisleiva, a new releaser for @​solana/web3.js since your current version.


Updates ws from 7.4.6 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});


request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view


Updates @rainbow-me/rainbowkit from 1.0.7 to 2.1.6

Release notes

Sourced from @​rainbow-me/rainbowkit's releases.

@​rainbow-me/rainbowkit@​2.1.6

Patch Changes

  • 63d8386: Added Valora support with valoraWallet wallet connector
  • d46637a: Added safeWallet wallet connector to getDefaultConfig by default to improve the Safe Wallet app browser connection flow with a Safe button included by default in the wallet list
  • 8d9a4e6: Fixed an issue where some options in the "Get Wallet" flow would appear as a blank page, or lack a back button to return to the Connect flow.

@​rainbow-me/rainbowkit@​2.1.5

Patch Changes

  • c08f620: Added zh-HK and zh-TW locales for Traditional Chinese language support. You can also specify zh-Hans and zh-Hant locales to refer to the writing systems directly.

    Reference our guide to learn more about Localization.

  • 675f9dd: Added icon for Gnosis Chain

  • f65b5c4: Added icon for Celo chain

  • 9c36bfd: Added Kaia Wallet support with kaiaWallet wallet connector

@​rainbow-me/rainbowkit@​2.1.4

Patch Changes

  • 72fe07d: Added Binance Web3 Wallet support with binanceWallet wallet connector
  • b530c80: Added mobile support for zealWallet wallet connector
  • 7f6e36e: Added missing rdns property for some wallets. This allows them to be discoverable as an EIP-6963 connector.
  • 2eeb7b9: Improved the Safe Wallet app browser connection flow with a Safe button included by default in the wallet list
  • d02d73f: Resolved an issue where the Phantom wallet did not appear as an EIP-6963 connector.

@​rainbow-me/rainbowkit@​2.1.3

Patch Changes

  • 7b00be5: Added Seif Wallet support with seifWallet wallet connector
  • 23e33b9: Added mantle and mantleTestnet network support
  • 001a0a9: Resolved an issue in development where browser detection would throw an error if navigator.userAgent was unavailable in the browser.

@​rainbow-me/rainbowkit@​2.1.2

Patch Changes

  • 2180ddd: Added Nest Wallet support with nestWallet wallet connector

  • fea278a: The coinbaseWallet wallet connector now has a preference argument to control whether Smart Wallet is enabled and available for users. Preference based behavior is documented here.

    Smart Wallet will be enabled by default with all in early June, without a further upgrade.

    Developers can test Smart Wallet with sepolia and baseSepolia chains today by setting smartWalletOnly like so:

    import { coinbaseWallet } from "@rainbow-me/rainbowkit/wallets";

    // Enable Coinbase Smart Wallet for testing
    
coinbaseWallet.preference = "smartWalletOnly";

... (truncated)

Changelog

Sourced from @​rainbow-me/rainbowkit's changelog.

2.1.6

Patch Changes

  • 63d8386: Added Valora support with valoraWallet wallet connector
  • 8d9a4e6: Fixed an issue where some options in the "Get Wallet" flow would appear as a blank page, or lack a back button to return to the Connect flow.
  • d46637a: Added safeWallet wallet connector to getDefaultConfig by default to improve the Safe Wallet app browser connection flow with a Safe button included by default in the wallet list

2.1.5

Patch Changes

  • c08f620: Added zh-HK and zh-TW locales for Traditional Chinese language support. You can also specify zh-Hans and zh-Hant locales to refer to the writing systems directly.

    Reference our guide to learn more about Localization.

  • 675f9dd: Add icon for Gnosis Chain

  • f65b5c4: Add icon for Celo chain

  • 9c36bfd: Added Kaia Wallet support with kaiaWallet wallet connector

2.1.4

Patch Changes

  • b530c80: Added mobile support for zealWallet wallet connector
  • 7f6e36e: Added missing rdns property to some wallets. This helps them work with EIP-6963 connectors.
  • 2eeb7b9: Improved the Safe Wallet app browser connection flow with a Safe button included by default in the wallet list
  • 72fe07d: Added Binance Web3 Wallet support with binanceWallet wallet connector
  • d02d73f: Resolved an issue where the Phantom wallet did not appear as an EIP-6963 connector.

2.1.3

Patch Changes

  • 23e33b9: Added mantle and mantleTestnet network support
  • 7b00be5: Added Seif Wallet support with seifWallet wallet connector
  • 001a0a9: Resolved an issue in development where browser detection would throw an error if navigator.userAgent was unavailable in the browser.

2.1.2

Patch Changes

  • 2180ddd: Added Nest Wallet support with nestWallet wallet connector

  • fea278a: The coinbaseWallet wallet connector now has a preference argument to control whether Smart Wallet is enabled and available for users. Preference based behavior is documented here.

    Smart Wallet will be enabled by default with all in early June, without a further upgrade.

    Developers can test Smart Wallet with sepolia and baseSepolia chains today by setting smartWalletOnly like so:

... (truncated)

Commits


Updates ethers from 5.7.2 to 6.13.2

Release notes

Sourced from ethers's releases.

ethers/v6.13.2 (2024-07-25 18:20)

  • Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:37)

  • Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:38)

  • Added Options for BrowserProvider (#4707; 33bb0bf).
  • Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
  • Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).

ethers/v6.12.2 (2024-05-30 17:24)

  • Copy EIP-4844 properties during estimateGas and call (#4728; cebe5ee).
  • Use non-capturing regex for data to prevent memory exhaustion for long strings (#4741; 5463aa0).
  • Added Base endpointsto EtherscanProvider (#4729; 7e1dc95).

ethers/v6.12.1 (2024-04-30 23:23)

  • Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
  • Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
  • Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
  • Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 02:09)

  • Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
  • Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
  • Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
  • Better error messages for transaction field mismatch (#4659; 9230aa0).
  • Added prevRandao to block (#3372; ec6a754).
  • Added Polygon Amoy testnet (#4645; 1717abb).
  • Added Chainstack provider (#2741; 014004d).
  • Added deep convertion to Result for toObject and toArray (#4681; 03bfe2a).
  • Added EIP-4844 broadcast support (92bad88).
  • Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.12.0-beta.1 (2024-03-27 14:47)

  • Added EIP-4844 broadcast support.
  • Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.11.1 (2024-02-14 13:47)

  • Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).
  • Allow ENS wildcards with labels up to 255 bytes wide; discussed with ENS and deemed safe (#4543; 7f14bde).
  • Enforce string is passed to toUtf8Bytes (#4583; f45bb87).
  • Fix transaction.index not being populated on some backends (#4591; 7f0e140).

ethers/v6.11.0 (2024-02-08 22:02)

  • Allow transaction encoding for inferred type transactions (f02211d).
  • Added EIP-4788, receipts root and state root fields to Block (#4570; c5f126f).
  • Added EIP-4844 fields to Provider classes and formatter (#4570; 7b4f2c1).
  • Assert BrowserProvider receives an EIP-1193 provider to fail early when passing undefined ethereum object (b69f43b).
  • Add timeout to ContractTransactionResponse wait (#4497; 095de51).

... (truncated)

Changelog

Sourced from ethers's changelog.

ethers/v6.13.2 (2024-07-25 17:54)

  • Prevent mutating transactions when signing (#4789; 1a51af8).

ethers/v6.13.1 (2024-06-18 02:09)

  • Update ws package to address possible DoS vulnerability (a4b1d1f).

ethers/v6.13.0 (2024-06-04 01:01)

  • Added Options for BrowserProvider (#4707; 33bb0bf).
  • Fix Result deep toObject when a parent is an Array (#4681; d8cb849).
  • Added consistent timeout and cancel behaviour to FetchRequest (#4122; a12a739).

ethers/v6.12.2 (2024-05-30 17:24)

  • Copy EIP-4844 properties during estimateGas and call (#4728; cebe5ee).
  • Use non-capturing regex for data to prevent memory exhaustion for long strings (#4741; 5463aa0).
  • Added Base endpointsto EtherscanProvider (#4729; 7e1dc95).

ethers/v6.12.1 (2024-04-30 22:46)

  • Prevent bad Interface clone when using two different versions of v6 (#4689; 4d2d90f).
  • Fixed typo in error message for invalid quorum weight (#4149; 45b9b9c).
  • Added matic-amoy to EtherescanProvider (#4711; 5c8d17a).
  • Fix JsonRpcProvider ignoring pollingInterval in options (#4644; 7b7be0d).

ethers/v6.12.0 (2024-04-17 01:09)

  • Added Linea Sepolia network and Infura endpoint (#4655; b4aaab8).
  • Do not send unsubscribe messages to destroyed Providers (#4678; c45935e).
  • Get definitive network from InfuraProvider when using InfuraWebSocketProvider (38e32d8).
  • Better error messages for transaction field mismatch (#4659; 9230aa0).
  • Added prevRandao to block (#3372; ec6a754).
  • Added Polygon Amoy testnet (#4645; 1717abb).
  • Added Chainstack provider (#2741; 014004d).
  • Added deep convertion to Result for toObject and toArray (#4681; 03bfe2a).
  • Added EIP-4844 broadcast support (92bad88).
  • Fix ignored throttle parameters (#4663; 12772e9).

ethers/v6.11.1 (2024-02-14 13:13)

  • Throw an error when attempting to derive from a master path from a non-master node (#4551; 556fdd9).

... (truncated)

Commits
  • 1a51af8 Prevent mutating transactions when signing (#4789).
  • fc66b8a admin: updated dist files
  • c0b364b admin: minor change to force build to pickup nil change for ws upgrade
  • a4b1d1f Update ws package to address possible DoS vulnerability.
  • 16b8e18 docs: fixed paragraph leaking into code in migration docs
  • 9276187 admin: updated dist files
  • 90c196a Fix missing return for Result proxy (#4681).
  • 5b8781d admin: updated dist files
  • e97ca3b Merge branch 'wip-6.13'
  • c2d5346 tests: added gasless testcase for RicMoo-controlled domain
  • Additional commits viewable in compare view


Updates viem from 1.3....

Description has been truncated

dependabot[bot] commented 2 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml