Bump the npm_and_yarn group across 10 directories with 10 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
next	12.3.1	14.1.4
axios	1.2.1	1.6.0
@nestjs/core	8.4.7	10.3.7
protobufjs	7.2.5	7.2.6
follow-redirects	1.15.2	1.15.6
ip	2.0.0	2.0.1
json5	1.0.1	1.0.2

Bumps the npm_and_yarn group with 1 update in the /activities-examples directory: axios. Bumps the npm_and_yarn group with 1 update in the /expense directory: axios. Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/driver directory: next and sharp. Bumps the npm_and_yarn group with 2 updates in the /food-delivery/apps/menu directory: next and sharp. Bumps the npm_and_yarn group with 1 update in the /monorepo-folders/packages/backend-apis directory: express. Bumps the npm_and_yarn group with 1 update in the /nestjs-exchange-rates directory: @nestjs/core. Bumps the npm_and_yarn group with 1 update in the /patching-api directory: axios. Bumps the npm_and_yarn group with 1 update in the /protobufs directory: protobufjs. Bumps the npm_and_yarn group with 1 update in the /timer-examples directory: axios.

Updates next from 12.3.1 to 14.1.4

Release notes

Sourced from next's releases.

v14.1.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Update React from 60a927d04 to 4b84f11 (#63476) @​ztanner
• fix revalidation issue with route handlers (#63213) @​ztanner
• ensure mpa navigations to the same URL work after restoring from bfcache (#63155) @​ztanner
• Ensure PromiseLikeOfReactNode is not included in .d.ts files (#63185) @​timneutkens
• Fix metadata url cases should not append with trailing slash (#63050) @​huozhi
• feat: add deploymentId config (#63198) @​styfle
• fix: bump @​vercel/nft@​0.26.3 (#61538) @​styfle
• fix x-forwarded-port header (#63303) @​Ethan-Arrowood
• fix: x-forwarded-port header is 'undefined' when no port in url (#60484) @​yuvalotem

Test Changes

• test: switch order of tests to avoid flakniess (#63482) @​huozhi
• fix broken create-next-app tests (#63019) @​ztanner

v14.1.3

Core Changes

• Upgrade to latest @​edge-runtime packages: #62955
• Fix output: export with custom distDir: #62064
• Migrate locale redirect handling to router-server: #62606

Credits

Huge thanks to @​ijjk

v14.1.2

Note: this is a backport release for critical bug fixes -- this does not include all pending features/changes on canary

Core Changes

• Fix sitemap generateSitemaps support for string id (#61088)
• Fix: generateSitemaps in production giving 404 (#62212)
• Fix redirect under suspense boundary with basePath (#62597)
• Fix: Add stricter check for "use server" exports (#62821)
• ensure server action errors notify rejection handlers (#61588)
• make router restore action resilient to a missing tree (#62098)
• build: remove sentry from the externals list #61194
• Reduce memory/cache overhead from over loader processing #62005

Credits

Huge thanks to @​huozhi, @​shuding, @​Ethan-Arrowood, @​styfle, @​ijjk, @​ztanner, @​balazsorban44, @​kdy1, and @​williamli for helping!

... (truncated)

Commits

• f1fc357 v14.1.4
• e6a117b (backport) Update React from 60a927d04 to 4b84f1161 (#63476)
• c227315 update assertion due to stack trace change
• 3aae252 test: switch order of tests to avoid flakniess (#63482)
• 4804982 fix broken create-next-app tests (#63019)
• 81114f3 fix revalidation issue with route handlers (#63213)
• 944a84c ensure mpa navigations to the same URL work after restoring from bfcache (#63...
• 21e11f1 Ensure PromiseLikeOfReactNode is not included in .d.ts files (#63185)
• 531cdb5 Fix metadata url cases should not append with trailing slash (#63050)
• a3707f5 feat: add deploymentId config (#63198)
• Additional commits viewable in compare view

Updates axios from 1.2.1 to 1.6.0

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates @nestjs/core from 8.4.7 to 10.3.7

Release notes

Sourced from @​nestjs/core's releases.

v10.3.6 (2024-03-27)

Bug fixes

• microservices
  • #13367 Revert "fix(microservices): fix redundant code to emit error" (@​kamilmysliwiec)
• core
  • #13366 fix(core): break reference chain to instance object (@​breeeew)

Dependencies

• Other
  • #13362 chore(deps-dev): bump @​grpc/proto-loader from 0.7.10 to 0.7.11 (@​dependabot[bot])
  • #13358 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.3.1 to 7.4.0 (@​dependabot[bot])
  • #13361 chore(deps-dev): bump mocha from 10.3.0 to 10.4.0 (@​dependabot[bot])
  • #13363 chore(deps-dev): bump @​grpc/grpc-js from 1.10.3 to 1.10.4 (@​dependabot[bot])
  • #13364 chore(deps-dev): bump mysql2 from 3.9.2 to 3.9.3 (@​dependabot[bot])
  • #13355 chore(deps-dev): bump @​apollo/server from 4.10.1 to 4.10.2 (@​dependabot[bot])
  • #13359 chore(deps-dev): bump @​typescript-eslint/parser from 7.3.1 to 7.4.0 (@​dependabot[bot])
  • #13343 chore(deps-dev): bump core-js from 3.36.0 to 3.36.1 (@​dependabot[bot])
  • #13344 chore(deps-dev): bump @​commitlint/cli from 19.2.0 to 19.2.1 (@​dependabot[bot])
  • #13347 chore(deps-dev): bump typescript from 5.4.2 to 5.4.3 (@​dependabot[bot])
  • #13345 chore(deps-dev): bump @​types/node from 20.11.29 to 20.11.30 (@​dependabot[bot])
  • #13348 chore(deps-dev): bump @​fastify/multipart from 8.1.0 to 8.2.0 (@​dependabot[bot])
  • #13352 chore(deps-dev): bump mongoose from 8.2.2 to 8.2.3 (@​dependabot[bot])
• platform-express
  • #13357 chore(deps): bump express from 4.19.1 to 4.19.2 (@​dependabot[bot])
  • #13349 chore(deps): bump express from 4.18.3 to 4.19.1 (@​dependabot[bot])

Committers: 2

• Abdulla Bayramov (@​breeeew)
• Kamil Mysliwiec (@​kamilmysliwiec)

v10.3.4 (2024-03-18)

Bug fixes

• core, platform-fastify
  • #13337 fix(core): middleware is not executed for root route when global prefix is set (@​kamilmysliwiec)
• microservices
  • #13285 fix(microservices): fix rabbitmq no-assert not being applied correctly (@​sorooshme)
• common
  • #13317 fix(common): fix stacktrace regex (@​hokaccha)

Enhancements

• common, core
  • #13225 feat(core,common): Add @RawBody() decorator (@​tolgap)

Docs

• common
  • #13221 docs(common): remove incorrect constructor signature of HttpException (@​kalmanbendeguz)

Dependencies

... (truncated)

Commits

• 8b4dbb3 chore(@​nestjs) publish v10.3.7 release
• 1f2fae7 chore(@​nestjs) publish v10.3.6 release
• 6a7f74f fix(core): break reference chain to instance object
• 8bf0015 chore: update readme
• 28bf1f0 chore(@​nestjs) publish v10.3.5 release
• c13c6b1 chore: update package.json and readme
• 2d6583a chore(@​nestjs) publish v10.3.4 release
• 3321f6c fix(core): middleware is not executed for root route with prefix
• 7d8822c Merge branch 'fix-global-prefix-middleware' of https://github.com/CodyTseng/n...
• 6752144 chore: resolve conflicts
• Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates protobufjs from 7.2.5 to 7.2.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Changelog

Sourced from protobufjs's changelog.

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

Commits

• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• See full diff in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.5.0 (2023-08-26)

... (truncated)

Commits

• f7adacd chore(release): v1.6.0 (#6031)
• 9917e67 chore(ci): fix release-it arg; (#6032)
• 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
• 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with keep-alive enabl...
• 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
• a48a63a chore(docs): added AxiosHeaders docs; (#5932)
• a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
• 2ac731d chore(docs): update readme.md (#5889)
• 88fb52b chore(release): v1.5.1 (#5920)
• e410779 fix(adapters): improved adapters loading logic to have clear error messages; ...
• Additional commits viewable in compare view

Updates axios from 0.26.1 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.0

Release notes:

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

Release v1.5.1

Release notes:

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779)
• formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#5917) (bc9af51)
• headers: allow content-encoding header to handle case-insensitive values (#5890) (#5892) (4c89f25)
• types: removed duplicated code (9e62056)

Contributors to this release

• Dmitriy Mozgovoy
• David Dallas
• Sean Sattler
• Mustafa Ateş Uzun
• Przemyslaw Motacki
• Michael Di Prisco

Release v1.5.0

Release notes:

Bug Fixes

• adapter: make adapter loading error more clear by using platform-specific adapters explicitly (#5837) (9a414bb)
• dns: fixed cacheable-lookup integration; (#5836) (b3e327d)
• headers: added support for setting header names that overlap with class methods; (#5831) (d8b4ca0)
• headers: fixed common Content-Type header merging; (#5832) (8fda276)

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.0 (2023-10-26)

Bug Fixes

• CSRF: fixed CSRF vulnerability CVE-2023-45857 (#6028) (96ee232)
• dns: fixed lookup function decorator to work properly in node v20; (#6011) (5aaff53)
• types: fix AxiosHeaders types; (#5931) (a1c8ad0)

PRs

• CVE 2023 45857 ( #6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

Contributors to this release

• Dmitriy Mozgovoy
• Valentin Panov
• Rinku Chaudhari

1.5.1 (2023-09-26)

Bug Fixes

• adapters: improved adapters loading logic to have clear error messages; (#5919) (e410779... _Description has been truncated_

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[dependabot[bot]]

Superseded by #362.