search

staadecker / utoc-membership-system

The University of Toronto Outing Club membership system
MIT License
3 stars 0 forks source link

Bump the npm_and_yarn group across 1 directory with 4 updates #114

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the npm_and_yarn group with 1 update in the / directory: firebase-tools.

Updates firebase-tools from 10.9.2 to 13.6.0

Release notes

Sourced from firebase-tools's releases.

v13.6.0

  • Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
  • Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
  • Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#6895)
  • Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#6917)

v13.5.2

  • Fix hosting rewrite deployment bug for skipped functions (#6658).

v13.5.1

  • Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#6874)

v13.5.0

  • Enable dynamic debugger port for functions + support for inspecting multiple codebases (#6854)
  • Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#6860)
  • Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
  • v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#6858)
  • v2 event functions with explicit service accounts trigger eventarc to use that service account (#6859)

v13.4.1

  • Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
  • Fix demo projects + web frameworks with emulators (#6737)
  • Fix Next.js static routes with server actions (#6664)
  • Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#6801)
  • Make VPC egress settings in functions parameterizeable (#6843)

v13.4.0

  • Added new commands for managing Firestore backups and restoring databases. (#6778)
  • Fixed quota attribution for Firebase Auth API calls. (#6819)

v13.3.1

  • Release Cloud Firestore emulator v1.19.1:
    • Adds support for Datastore Mode to the Firstore Emulator. Adds --database-mode flag to gcloud emulator firestore start command. Note that this is a preview feature and if you find any bugs, please file them here: https://github.com/firebase/firebase-tools/issues.
  • Improve FAH onboarding flow to connect backends with SCMs (#6764).
  • Fixed issue where GitHub actions would fail due to lack of permission. (#6791)

v13.3.0

  • Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
  • Added support for Python 3.12. (#6679)
  • Fixed issues with internal utilities. (#6754)
  • Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

  • Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

  • Added rudimentary email enumeration protection for auth emulator. (#6702)

... (truncated)

Commits


Updates jsonwebtoken from 8.5.1 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

  • security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
  • refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

  • fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • bc28861 Release 9.0.2 (#935)
  • 96b8906 refactor: use specific lodash packages (#933)
  • ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
  • 84539b2 Updating package version to 9.0.1 (#920)
  • a99fd4b fix(stubs): allow decode method to be stubbed (#876)
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.


Updates protobufjs from 6.11.2 to 7.2.4

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.4

7.2.4 (2023-06-23)

Bug Fixes

  • do not let setProperty change the prototype (#1899) (e66379f)

protobufjs: v7.2.3

7.2.3 (2023-03-27)

Bug Fixes

  • type names can be split into multiple tokens (#1877) (8817ee6)

protobufjs: v7.2.2

7.2.2 (2023-02-07)

Bug Fixes

  • do not allow to extend same field twice to prevent the error (#1784) (14f0536)

protobufjs: v7.2.1

7.2.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
  • Revert "fix: error should be thrown" (4489fa7)
  • use bundled filename to fix common pb includes (#1860) (dce9a2e)
  • use ES5 style function syntax (#1830) (64e8936)

protobufjs: v7.2.0

7.2.0 (2023-01-24)

Features

  • cli: generate static files at the granularity of proto messages (#1840) (32f2d6a)

Bug Fixes

protobufjs: v7.1.2

7.1.2 (2022-09-22)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.2.4 (2023-06-23)

Bug Fixes

  • do not let setProperty change the prototype (#1899) (e66379f)

7.2.3 (2023-03-27)

Bug Fixes

  • type names can be split into multiple tokens (#1877) (8817ee6)

7.2.2 (2023-02-07)

Bug Fixes

  • do not allow to extend same field twice to prevent the error (#1784) (14f0536)

7.2.1 (2023-02-02)

Bug Fixes

  • cli: fix relative path to Google pb files (#1859) (e42eea4)
  • Revert "fix: error should be thrown" (4489fa7)
  • use bundled filename to fix common pb includes (#1860) (dce9a2e)
  • use ES5 style function syntax (#1830) (64e8936)

7.2.0 (2023-01-24)

Features

  • cli: generate static files at the granularity of proto messages (#1840) (32f2d6a)

Bug Fixes

7.1.2 (2022-09-22)

Bug Fixes

... (truncated)

Commits


Updates tough-cookie from 2.5.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

New Contributors

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

... (truncated)

Commits
  • cacbc37 Bump version to 4.1.4
  • a48fb3a Add tests for url validation
  • 50e69bf Merge pull request #261 from postmanlabs/fix/url-string-validation
  • 1253d58 Merge pull request #409 from corvidism/validators-to-string
  • 238367e Add local alias for toString
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • cf6debd Fix incorrect string validation for URL
  • b1a8898 fix: allow set cookies with localhost (#253)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/staadecker/utoc-membership-system/network/alerts).
staadecker commented 6 months ago

@dependabot rebase

dependabot[bot] commented 6 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml