Bump the npm_and_yarn group across 9 directories with 9 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
next	12.3.1	14.1.3
axios	1.2.1	1.6.0
@nestjs/core	8.4.7	10.3.3
protobufjs	7.2.5	7.2.6
follow-redirects	1.15.2	1.15.6
ip	2.0.0	2.0.1
json5	1.0.1	1.0.2

Bumps the npm_and_yarn group with 1 update in the /activities-examples directory: axios. Bumps the npm_and_yarn group with 1 update in the /expense directory: axios. Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/driver directory: next and sharp. Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/menu directory: next and sharp. Bumps the npm_and_yarn group with 1 update in the /nestjs-exchange-rates directory: @nestjs/core. Bumps the npm_and_yarn group with 1 update in the /patching-api directory: axios. Bumps the npm_and_yarn group with 1 update in the /protobufs directory: protobufjs. Bumps the npm_and_yarn group with 1 update in the /timer-examples directory: axios.

Updates next from 12.3.1 to 14.1.3

Release notes

Sourced from next's releases.

v14.1.3

Core Changes

• Upgrade to latest @​edge-runtime packages: #62955
• Fix output: export with custom distDir: #62064
• Migrate locale redirect handling to router-server: #62606

Credits

Huge thanks to @​ijjk

v14.1.2

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes

• Fix sitemap generateSitemaps support for string id (#61088)
• Fix: generateSitemaps in production giving 404 (#62212)
• Fix redirect under suspense boundary with basePath (#62597)
• Fix: Add stricter check for "use server" exports (#62821)
• ensure server action errors notify rejection handlers (#61588)
• make router restore action resilient to a missing tree (#62098)
• build: remove sentry from the externals list #61194
• Reduce memory/cache overhead from over loader processing #62005

Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

v14.1.2-canary.7

Core Changes

• remove reducer unit tests: #62766

Documentation Changes

• Update sitemap.mdx: #62809

Credits

Huge thanks to @​ztanner and @​devr77 for helping!

v14.1.2-canary.6

Core Changes

• fix: Add stricter check for "use server" exports: #62821
• fix(next-core): throw on invalid metadata handler: #62829
• Revert "Add experimental config for navigation raf test (#62668)": #62834
• Revert "refactor(analysis): rust based page-static-info, deprecate js parse interface in next-swc": #62838

... (truncated)

Commits

• fc38ee1 v14.1.3
• 85a5c4d fix type
• 4b059bc Upgrade to latest @​edge-runtime packages (#62955)
• b10a610 Fix output: export with custom distDir (#62064)
• 960b738 Migrate locale redirect handling to router-server (#62606)
• 2f210d4 update release workflow
• f564dee v14.1.2
• a85519e Fix sitemap generateSitemaps support for string id (#61088)
• 0a2d775 Fix: generateSitemaps in production giving 404 (#62212)
• 400b57c Fix redirect under suspense boundary with basePath (#62597)
• Additional commits viewable in compare view

Updates axios from 1.2.1 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates @nestjs/core from 8.4.7 to 10.3.3

Release notes

Sourced from @​nestjs/core's releases.

v10.3.2 (2024-02-07)

Bug fixes

• microservices
  • #12974 fix(microservices): send rmq nack without matching message handler (@​toxol)
  • #13084 fix: #13077 KafkaJs typing consistency (@​edeesis)
  • #13151 fix(packages/microservices): pass inboxPrefix as argument to createInbox (@​leandrogenas)
• common, core
  • #13000 fix(core,common): 🐛 missing registration handling of SEARCH http verb (@​doronguttman)

Enhancements

• core, platform-express, platform-fastify
  • #12955 feat: Implement getHeader and appendHeader methods in adapters (@​josesilveiraa07)
• microservices
  • #13105 feat(microservices): add type for rmq connection options (@​Deniks)
• platform-fastify
  • #13152 fix: allow @​fastify/static v7 (@​alexfriesen)

Dependencies

• common, core, microservices, websockets
  • #12943 fix(deps): update dependency reflect-metadata to v0.2.1 (@​renovate[bot])
• Other
  • #13101 chore(deps-dev): bump @​commitlint/config-angular from 18.5.0 to 18.6.0 (@​dependabot[bot])
  • #13173 chore(deps-dev): bump @​grpc/grpc-js from 1.9.14 to 1.10.0 (@​dependabot[bot])
  • #13162 chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 (@​dependabot[bot])
  • #13166 chore(deps): bump fast-json-stringify from 5.11.1 to 5.12.0 (@​dependabot[bot])
  • #13170 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 (@​dependabot[bot])
  • #13167 chore(deps-dev): bump redis from 4.6.12 to 4.6.13 (@​dependabot[bot])
  • #13168 chore(deps-dev): bump artillery from 2.0.4 to 2.0.5 (@​dependabot[bot])
  • #13171 chore(deps-dev): bump lint-staged from 15.2.1 to 15.2.2 (@​dependabot[bot])
  • #13172 chore(deps-dev): bump @​typescript-eslint/parser from 6.20.0 to 6.21.0 (@​dependabot[bot])
  • #13129 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.19.1 to 6.20.0 (@​dependabot[bot])
  • #13134 chore(deps): update mysql docker tag to v8.3.0 (@​renovate[bot])
  • #13142 fix(deps): update dependency mysql2 to v3.9.1 (@​renovate[bot])
  • #13149 chore(deps-dev): bump lint-staged from 15.2.0 to 15.2.1 (@​dependabot[bot])
  • #13154 chore(deps-dev): bump @​fastify/static from 6.12.0 to 7.0.0 (@​dependabot[bot])
  • #13155 chore(deps-dev): bump husky from 9.0.7 to 9.0.10 (@​dependabot[bot])
  • #13156 chore(deps-dev): bump @​types/node from 20.11.13 to 20.11.16 (@​dependabot[bot])
  • #13157 chore(deps): bump fast-json-stringify from 5.10.0 to 5.11.1 (@​dependabot[bot])
  • #13114 chore(deps): update dependency eslint-plugin-prettier to v5.1.3 (@​renovate[bot])
  • #13117 chore(deps): update dependency ts-jest to v29.1.2 (@​renovate[bot])
  • #13118 fix(deps): update dependency @​graphql-tools/utils to v10.0.13 (@​renovate[bot])
  • #13120 fix(deps): update dependency class-validator to v0.14.1 (@​renovate[bot])
  • #13127 chore(deps-dev): bump mysql2 from 3.9.0 to 3.9.1 (@​dependabot[bot])
  • #13130 chore(deps-dev): bump @​typescript-eslint/parser from 6.19.1 to 6.20.0 (@​dependabot[bot])
  • #13131 chore(deps-dev): bump husky from 9.0.6 to 9.0.7 (@​dependabot[bot])
  • #13137 chore(deps-dev): bump @​types/node from 20.11.10 to 20.11.13 (@​dependabot[bot])
  • #13138 fix(deps): update dependency @​nestjs/cache-manager to v2.2.0 (@​renovate[bot])
  • #13139 fix(deps): update dependency @​nestjs/swagger to v7.2.0 (@​renovate[bot])
  • #13140 fix(deps): update dependency cache-manager to v5.4.0 (@​renovate[bot])

... (truncated)

Commits

• d658942 chore(@​nestjs) publish v10.3.3 release
• 985c5e1 style(common,core): fix formatting
• 441715a fix(core): when having multiple versions on middleware builder
• a35938a chore(@​nestjs) publish v10.3.2 release
• 6c6bc29 Merge pull request #12943 from nestjs/renovate/reflect-metadata-0.x
• 8f4e945 Merge pull request #12955 from josesilveiraa07/master
• 32b0aa8 fix(deps): update dependency reflect-metadata to v0.2.1
• 33aae84 refactor(common): ♻️ PR #13000 comments
• cb6664c fix(core,common): 🐛 missing registration handling of SEARCH http verb
• c91e21c chore(@​nestjs) publish v10.3.1 release
• Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates protobufjs from 7.2.5 to 7.2.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Changelog

Sourced from protobufjs's changelog.

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Commits

• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• See full diff in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (
  CLAassistant commented 8 months ago

  
  Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
  _{You have signed the CLA already but the status is still pending? Let us recheck it.}

[mjameswh]

@dependabot rebase

[dependabot[bot]]

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

[dependabot[bot]]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml