search

stellar / freighter-backend

Freighter's indexer integration layer and general backend
1 stars 3 forks source link

Bump the major group with 10 updates #134

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the major group with 10 updates:

Package From To
@fastify/cors 8.5.0 9.0.1
@fastify/rate-limit 8.0.3 9.1.0
@urql/core 4.1.4 5.0.5
dotenv-expand 10.0.0 11.0.6
pino 8.16.1 9.3.2
pino-pretty 10.2.3 11.2.2
@types/node 20.8.7 22.2.0
husky 8.0.3 9.1.4
prettier 2.8.8 3.3.3
pretty-quick 2.0.2 4.0.0

Updates @fastify/cors from 8.5.0 to 9.0.1

Release notes

Sourced from @​fastify/cors's releases.

v9.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/fastify/fastify-cors/compare/v9.0.0...v9.0.1

v9.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/fastify/fastify-cors/compare/v8.5.0...v9.0.0

Commits


Updates @fastify/rate-limit from 8.0.3 to 9.1.0

Release notes

Sourced from @​fastify/rate-limit's releases.

v9.1.0

What's Changed

Full Changelog: https://github.com/fastify/fastify-rate-limit/compare/v9.0.1...v9.1.0

v9.0.1

What's Changed

fix: Bug in LRU cache can cause persistent server failure (#344)

v9.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/fastify/fastify-rate-limit/compare/v8.0.3...v9.0.0

v8.1.1

re-release v8.0.3, avoid 8.1.0 as it was semver-major

Commits
Maintainer changes

This version was pushed to npm by gurgunday, a new releaser for @​fastify/rate-limit since your current version.


Updates @urql/core from 4.1.4 to 5.0.5

Release notes

Sourced from @​urql/core's releases.

@​urql/core@​5.0.5

Patch Changes

  • Removes double serialization of data in ssrExchange Submitted by @​negezor (See #3632)

@​urql/core@​5.0.4

Patch Changes

  • Change how we calculate the OperationKey to take files into account, before we would encode them to null resulting in every mutation with the same variables (excluding the files) to have the same key. This resulted in mutations that upload different files at the same time to share a result in GraphCache Submitted by @​JoviDeCroock (See #3601)

@​urql/core@​5.0.3

Patch Changes

  • Use documentId from persisted documents for document keys, when it's available Submitted by @​kitten (See #3575)

@​urql/core@​5.0.2

Patch Changes

  • ⚠️ Fix issue where a reexecute on an in-flight operation would lead to multiple network-requests. For example, this issue presents itself when Graphcache is concurrently updating multiple, inter-dependent queries with shared entities. One query completing while others are still in-flight may lead to duplicate operations being issued Submitted by @​JoviDeCroock (See #3573)

@​urql/core@​5.0.1

Patch Changes

  • ⚠️ Fix @ts-ignore on TypeScript peer dependency import in typings not being applied due to a leading ! character Submitted by @​kitten (See #3567)

@​urql/core@​5.0.0

Major Changes

Patch Changes

@​urql/core@​4.3.0

Minor Changes

... (truncated)

Changelog

Sourced from @​urql/core's changelog.

5.0.5

Patch Changes

  • Removes double serialization of data in ssrExchange Submitted by @​negezor (See #3632)

5.0.4

Patch Changes

  • Change how we calculate the OperationKey to take files into account, before we would encode them to null resulting in every mutation with the same variables (excluding the files) to have the same key. This resulted in mutations that upload different files at the same time to share a result in GraphCache Submitted by @​JoviDeCroock (See #3601)

5.0.3

Patch Changes

  • Use documentId from persisted documents for document keys, when it's available Submitted by @​kitten (See #3575)

5.0.2

Patch Changes

  • ⚠️ Fix issue where a reexecute on an in-flight operation would lead to multiple network-requests. For example, this issue presents itself when Graphcache is concurrently updating multiple, inter-dependent queries with shared entities. One query completing while others are still in-flight may lead to duplicate operations being issued Submitted by @​JoviDeCroock (See #3573)

5.0.1

Patch Changes

  • ⚠️ Fix @ts-ignore on TypeScript peer dependency import in typings not being applied due to a leading ! character Submitted by @​kitten (See #3567)

5.0.0

Major Changes

Patch Changes

... (truncated)

Commits


Updates dotenv-expand from 10.0.0 to 11.0.6

Changelog

Sourced from dotenv-expand's changelog.

11.0.6 (2024-02-17)

Changed

  • Fix .nyc_output in .npmignore

11.0.5 (2024-02-17)

Changed

  • 🐞 fix recursive expansion when expansion key is sourced from process.env (#121)

11.0.4 (2024-02-15)

Changed

  • 🐞 fix recursive expansion when expansion keys in reverse order (#118)

11.0.3 (2024-02-11)

Changed

  • 🐞 bug fix when processEnv set to process.env rather than empty object (also test fixes which hid the bug) (#113)

11.0.2 (2024-02-10)

Changed

11.0.1 (2024-02-10)

Added

  • Added funding link in package.json

11.0.0 (2024-02-10)

Added

  • Add typings for import dotenv-expand/config (#99)
  • Support expansion of dot in env variable names like POSTGRESQL.BASE.USER (#93)
  • Add processEnv option (#105)
  • Add support for default format of ${VAR-default} (#109)

Changed

  • Do not expand prior process.env environment variables. NOTE: make sure to see updated README regarding dotenv.config({ processEnv: {} }) (#104)
  • 🐞 handle $var1$var2 (#103, #104)
  • 🐞 fix fatal recursive error when variable defines value with same variable VAR=$VAR #98

... (truncated)

Commits


Updates pino from 8.16.1 to 9.3.2

Release notes

Sourced from pino's releases.

v9.3.2

What's Changed

New Contributors

Full Changelog: https://github.com/pinojs/pino/compare/v9.3.1...v9.3.2

v9.3.1

Full Changelog: https://github.com/pinojs/pino/compare/v9.3.0...v9.3.1

v9.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/pinojs/pino/compare/v9.2.1...v9.3.0

v9.2.1

What's Changed

Full Changelog: https://github.com/pinojs/pino/compare/v9.2.0...v9.2.1

v9.2.0

What's Changed

New Contributors

... (truncated)

Commits


Updates pino-pretty from 10.2.3 to 11.2.2

Release notes

Sourced from pino-pretty's releases.

v11.2.2

What's Changed

New Contributors

Full Changelog: https://github.com/pinojs/pino-pretty/compare/v11.2.1...v11.2.2

v11.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/pinojs/pino-pretty/compare/v11.2.0...v11.2.1

v11.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/pinojs/pino-pretty/compare/v11.1.0...v11.2.0

v11.1.0

What's Changed

New Contributors

Full Changelog: https://github.com/pinojs/pino-pretty/compare/v11.0.0...v11.1.0

v11.0.0

What's Changed

... (truncated)

Commits


Updates @types/node from 20.8.7 to 22.2.0

Commits


Updates husky from 8.0.3 to 9.1.4

Release notes

Sourced from husky's releases.

v9.1.4

  • Improve deprecation notice

v9.1.3

  • fix: better handle space in PATH

v9.1.2

Show a message instead of automatically removing deprecated code.

This only concerns projects that still have the following code in their hooks:

- #!/usr/bin/env sh # <- This is deprecated, remove it
- . "$(dirname -- "$0")/_/husky.sh"  # <- This is deprecated, remove it

Rest of your hook code

Hooks with these lines will fail in v10.0.0

v9.1.1

Super saiyan god dog! It's over 9.0.0!

What's new

You can now run package commands directly, no need for npx or equivalents. It makes writing hooks more intuitive and is also slightly faster 🐺⚡️

# .husky/pre-commit
- npx jest
+ jest # ~0.2s faster

A new recipe has been added to the docs. Lint staged files without external dependencies (inspired by Prettier docs). Feel free to modify it.

# .husky/pre-commit
prettier $(git diff --cached --name-only --diff-filter=ACMR | sed 's| |\\ |g') --write --ignore-unknown
git update-index --again

For more advanced use cases, see lint-staged.

Fixes

... (truncated)

Commits


Updates prettier from 2.8.8 to 3.3.3

Release notes

Sourced from prettier's releases.

3.3.3

🔗 Changelog

3.3.2

🔗 Changelog

3.3.1

🔗 Changelog

3.3.0

diff

🔗 Release note

3.2.5

🔗 Changelog

3.2.4

  • Fix .eslintrc.json format #15947

🔗 Changelog

3.2.3

  • Format tsconfig.json file with jsonc parser #15927

🔗 Changelog

3.2.2

🔗 Changelog

3.2.1

🔗 Changelog

3.2.0

diff

🔗 Release note

3.1.1

🔗 Changelog

3.1.0

diff

🔗 Release note

3.0.3

🔗 Changelog

3.0.2

... (truncated)

Changelog

Sourced from prettier's changelog.

3.3.3

diff

Add parentheses for nullish coalescing in ternary (#16391 by @​cdignam-segment)

This change adds clarity to operator precedence.

// Input
foo ? bar ?? foo : baz;
foo ?? bar ? a : b;
a ? b : foo ?? bar;

// Prettier 3.3.2

foo ? bar ?? foo : baz;

foo ?? bar ? a : b;

a ? b : foo ?? bar;


// Prettier 3.3.3

foo ? (bar ?? foo) : baz;

(foo ?? bar) ? a : b;

a ? b : (foo ?? bar);

Add parentheses for decorator expressions (#16458 by @​y-schneider)

Prevent parentheses around member expressions or tagged template literals from being removed to follow the stricter parsing rules of TypeScript 5.5.

// Input
@(foo`tagged template`)
class X {}

// Prettier 3.3.2

@​footagged template

class X {}


// Prettier 3.3.3

@(footagged template)

class X {}

Support @let declaration syntax (#16474 by @​sosukesuzuki)

Adds support for Angular v18 @let declaration syntax.

Please see the following code example. The @let declaration allows you to define local variables within the template:

... (truncated)

Commits


Updates pretty-quick from 2.0.2 to 4.0.0

Release notes

Sourced from pretty-quick's releases.

v4.0.0

Major Changes

Full Changelog: https://github.com/prettier/pretty-quick/compare/v3.3.1...v4.0.0

v3.3.1

Patch Changes

Full Changelog: https://github.com/prettier/pretty-quick/compare/v3.3.0...v3.3.1

v3.3.0

Minor Changes

  • #180 93924ab Thanks @​SukkaW! - refactor: replace chalk and multimatch with their lightweight and performant alternatives

Patch Changes

New Contributors

Full Changelog: https://github.com/prettier/pretty-quick/compare/v3.2.1...v3.3.0

v3.2.1

Patch Changes

Full Changelog: https://github.com/prettier/pretty-quick/compare/v3.2.0...v3.2.1

v3.2.0

Minor Changes

Full Changelog: https://github.com/prettier/pretty-quick/compare/v3.1.4...v3.2.0

v3.1.4

Patch Changes

Full Changelog: https://github.com/prettier/pretty-quick/compare/v3.1.3...v3.1.4

v3.1.3

... (truncated)

Changelog

Sourced from pretty-quick's changelog.

4.0.0

Major Changes

3.3.1

Patch Changes

3.3.0

Minor Changes

  • #180 93924ab Thanks @​SukkaW! - refactor: replace chalk and multimatch with their lightweight and performant alternatives

Patch Changes

3.2.1

Patch Changes

3.2.0

Minor Changes

3.1.4

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by jounqin, a new releaser for pretty-quick since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot comman... _Description has been truncated_
socket-security[bot] commented 3 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@fastify/cors@9.0.1 None 0 95.9 kB matteo.collina
npm/@fastify/rate-limit@9.1.0 None 0 152 kB gurgunday
npm/@lukeed/ms@2.0.2 None 0 9.39 kB lukeed
npm/@types/node@22.2.0 None 0 2.09 MB types
npm/@urql/core@5.0.5 environment, network 0 921 kB jdecroock
npm/brace-expansion@1.1.11 None 0 11.1 kB juliangruber
npm/concat-map@0.0.1 None 0 4.86 kB substack
npm/dotenv-expand@11.0.6 None 0 18.2 kB motdotla
npm/dotenv@16.4.5 environment, filesystem 0 79.1 kB motdotla
npm/fast-copy@3.0.2 None 0 198 kB planttheidea
npm/glob@7.2.3 filesystem 0 55.1 kB isaacs
npm/help-me@5.0.0 filesystem 0 14.6 kB matteo.collina
npm/husky@9.1.4 environment, filesystem, shell 0 4.01 kB typicode
npm/ignore@5.3.1 None 0 51.5 kB kael
npm/minimatch@3.1.2 None 0 34.9 kB isaacs
npm/path-is-absolute@1.0.1 None 0 3.62 kB sindresorhus
npm/pino-pretty@11.2.2 environment 0 235 kB matteo.collina
npm/pino@9.3.2 environment, unsafe 0 735 kB matteo.collina
npm/prettier@3.3.3 environment, filesystem, unsafe 0 7.7 MB prettier-bot
npm/pretty-quick@4.0.0 filesystem 0 65.6 kB jounqin
npm/toad-cache@3.7.0 None 0 49.6 kB kibertoad
npm/tslib@2.6.3 None 0 84.9 kB typescript-bot

🚮 Removed packages: npm/@fastify/cors@8.5.0, npm/@fastify/rate-limit@8.0.3, npm/@types/minimatch@3.0.5, npm/@types/node@20.8.7, npm/@urql/core@4.1.4, npm/array-differ@3.0.0, npm/array-union@2.1.0, npm/arrify@2.0.1, npm/brace-expansion@2.0.1, npm/dotenv-expand@10.0.0, npm/dotenv@16.3.1, npm/fast-copy@3.0.1, npm/glob@8.1.0, npm/help-me@4.2.0, npm/husky@8.0.3, npm/ignore@5.2.4, npm/minimatch@5.1.6, npm/multimatch@4.0.0, npm/pino-pretty@10.2.3, npm/pino@8.16.1, npm/prettier@2.8.8, npm/pretty-quick@2.0.2, npm/tiny-lru@11.2.3, npm/toad-cache@3.3.0

View full report↗︎

socket-security[bot] commented 3 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Filesystem access npm/pretty-quick@4.0.0 🚫
Mixed license npm/prettier@3.3.3
  • License: ImageMagick AND MIT
 🚫
Filesystem access npm/prettier@3.3.3 🚫
Debug access npm/prettier@3.3.3 🚫
Filesystem access npm/husky@9.1.4 🚫

View full report↗︎

Next steps

What is filesystem access?

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

What is a mixed license?

(Experimental) Package contains multiple licenses.

A new version of the package should be published that includes a single license. Consumers may seek clarification from the package author. Ensure that the license details are consistent across the LICENSE file, package.json license field and license details mentioned in the README.

What is debug access?

Uses debug, reflection and dynamic code execution features.

Removing the use of debug will reduce the risk of any reflection and dynamic code execution.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/pretty-quick@4.0.0
  • @SocketSecurity ignore npm/prettier@3.3.3
  • @SocketSecurity ignore npm/husky@9.1.4
dependabot[bot] commented 3 months ago

Looks like these dependencies are no longer updatable, so this is no longer needed.