search

thxprotocol / monorepo-legacy

Monorepo containing THX Network applications and infrastructure for quest and reward campaigns.
https://dashboard.thx.network
5 stars 5 forks source link

Build(deps): bump the npm_and_yarn group across 1 directory with 25 updates #955

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 5 months ago

Bumps the npm_and_yarn group with 23 updates in the / directory:

Package From To
axios 1.6.2 1.6.3
ejs 3.1.8 3.1.10
express 4.18.1 4.19.2
jose 4.14.4 4.15.5
jsonwebtoken 8.5.1 9.0.0
mongodb 5.7.0 5.8.0
mongoose 7.4.3 7.4.4
webpack 5.74.0 5.76.0
xml2js 0.4.23 0.5.0
@openzeppelin/contracts 3.4.2 4.9.6
@babel/traverse 7.19.3 7.24.5
apollo-server-core 3.10.3 3.13.0
browserify-sign 4.2.1 4.2.3
cookiejar 2.1.3 2.1.4
crypto-js 4.1.1 4.2.0
decode-uri-component 0.2.0 0.2.2
es5-ext 0.10.62 0.10.64
get-func-name 2.0.0 2.0.2
http-cache-semantics 4.1.0 4.1.1
ip 1.1.8 1.1.9
socket.io-parser 4.2.2 4.2.4
undici 5.22.0 5.28.4
word-wrap 1.2.3 1.2.5

Updates axios from 1.6.2 to 1.6.3

Release notes

Sourced from axios's releases.

Release v1.6.3

Release notes:

Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

Contributors to this release

Changelog

Sourced from axios's changelog.

1.6.3 (2023-12-26)

Bug Fixes

  • Regular Expression Denial of Service (ReDoS) (#6132) (5e7ad38)

Contributors to this release

Commits


Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits


Updates express from 4.18.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

  • Prevent open redirect allow list bypass due to encodeurl
  • deps: cookie@0.6.0

4.18.3 / 2024-02-29

  • Fix routing requests without method
  • deps: body-parser@1.20.2
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: raw-body@2.5.2
  • deps: cookie@0.6.0
    • Add partitioned option

4.18.2 / 2022-10-08

  • Fix regression routing a large stack in a single route
  • deps: body-parser@1.20.1
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • deps: qs@6.11.0
Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: cookie@0.6.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates jose from 4.14.4 to 4.15.5

Release notes

Sourced from jose's releases.

v4.15.5

Fixes

v4.15.4

Fixes

v4.15.3

This release contains only Node.js CITGM related test updates.

Fixes nodejs/citgm#1011

v4.15.2

Fixes

  • build: add a node target for jose-browser-runtime releases (abb63d0)

v4.15.1

Fixes

  • resolve missing types for the cryptoRuntime const (1627965)

v4.15.0

Features

  • export the used crypto runtime as a constant (0681dda)

v4.14.6

Fixes

  • build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

v4.14.5

Refactor

  • catch type error when decoding base64url signature (#569) (935e920)
  • catch type errors when decoding various base64url strings (9024e87)
Changelog

Sourced from jose's changelog.

4.15.5 (2024-03-07)

Fixes

  • add a maxOutputLength option to zlib inflate (1b91d88)

4.15.4 (2023-10-14)

Fixes

4.15.3 (2023-10-11)

4.15.2 (2023-10-04)

Fixes

  • build: add a node target for jose-browser-runtime releases (abb63d0)

4.15.1 (2023-10-02)

Fixes

  • resolve missing types for the cryptoRuntime const (1627965)

4.15.0 (2023-10-02)

Features

  • export the used crypto runtime as a constant (0681dda)

4.14.6 (2023-09-04)

Fixes

  • build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

4.14.5 (2023-09-02)

Refactor

  • catch type error when decoding base64url signature (#569) (935e920)

... (truncated)

Commits
  • 765aafd chore(release): 4.15.5
  • b36e45e test: add export check to x509 pem import tests
  • e839ecb test: stop testing JWE RSA1_5 Algorithm
  • 1b91d88 fix: add a maxOutputLength option to zlib inflate
  • 9ca2b24 build: remove release action
  • f3035d8 chore: cleanup after release
  • f0bb220 chore(release): 4.15.4
  • 6f38554 chore: bump dev deps
  • 936c9df fix(types): export GetKeyFunction (#592)
  • 5ac6619 chore: bump dev deps
  • Additional commits viewable in compare view


Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates mongodb from 5.7.0 to 5.8.0

Release notes

Sourced from mongodb's releases.

v5.8.0

5.8.0 (2023-08-21)

The MongoDB Node.js team is pleased to announce version 5.8.0 of the mongodb package!

Release Notes

The AutoEncrypter interface has been deprecated

The AutoEncrypter interface was used internally but accidentally made public in the 4.x version of the driver. It is now deprecated and will be made internal in the next major release.

Kerberos support for 1.x and 2.x

Moves the kerberos dependency back to ^1.0.0 || ^2.0.0 to indicate support for both 1.x and 2.x. Support for 1.x is removed in 6.0.

Fixed accidental deprecation warning

Because of internal options handling, a deprecation was emitted for tlsCertificateFile when using tlsCertificateKeyFile. That has been corrected.

Remove credential availability on ConnectionPoolCreatedEvent

In order to avoid mistakenly printing credentials the ConnectionPoolCreatedEvent will replace the credentials option with an empty object. The credentials are still accessble via MongoClient options: client.options.credentials.

Features

  • NODE-5399: use mongodb-js/saslprep instead of saslprep (#3818) (c0d3927)
  • NODE-5429: deprecate the AutoEncrypter interface (#3764) (9bb0d95)
  • NODE-5465,NODE-5538: lower @aws-sdk/credential-providers version to 3.188.0 and zstd to ^1.0.0 (#3821) (39ff81d)

Bug Fixes

  • NODE-5489: set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803) (c3b35b3)
  • NODE-5495: do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810) (e81d4a2)
  • NODE-5537: remove credentials from ConnectionPoolCreatedEvent options (#3813) (4cf1e96)

Documentation

We invite you to try the mongodb library immediately, and report any issues to the NODE project.

Changelog

Sourced from mongodb's changelog.

5.8.0 (2023-08-21)

Features

  • NODE-5399: use mongodb-js/saslprep instead of saslprep (#3818) (c0d3927)
  • NODE-5429: deprecate the AutoEncrypter interface (#3764) (9bb0d95)
  • NODE-5465,NODE-5538: lower @aws-sdk/credential-providers version to 3.188.0 and zstd to ^1.0.0 (#3821) (39ff81d)
  • NODE-5489: update kerberos dependency (8c25d6d)

Bug Fixes

  • NODE-5489: set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803) (c3b35b3)
  • NODE-5495: do not emit deprecation warning when tlsCertificateKeyFile is specified and tlsCertificateFile is not (#3810) (e81d4a2)
  • NODE-5537: remove credentials from ConnectionPoolCreatedEvent options (#3813) (4cf1e96)
Commits
  • 43673fa chore(5.x): release 5.8.0 [skip-ci] (#3825)
  • 4b2fc79 docs: fix cutoff sentence on CommandStartedEvent (#3828)
  • 39ff81d feat(NODE-5465,NODE-5538): lower @aws-sdk/credential-providers version to 3...
  • e1af343 chore: update release automation scripts 5.x (#3823)
  • c0d3927 feat(NODE-5399): use mongodb-js/saslprep instead of saslprep (#3818)
  • 4cf1e96 fix(NODE-5537): remove credentials from ConnectionPoolCreatedEvent options (#...
  • e81d4a2 fix(NODE-5495): do not emit deprecation warning when tlsCertificateKeyFile is...
  • c3b35b3 fix(NODE-5489): set kerberos compatibility to ^1.0.0 || ^2.0.0 (#3803)
  • cc3069d Revert "feat(NODE-5489): update kerberos dependency"
  • 8c25d6d feat(NODE-5489): update kerberos dependency
  • Additional commits viewable in compare view


Updates mongoose from 7.4.3 to 7.4.4

Release notes

Sourced from mongoose's releases.

7.4.4 / 2023-08-22

  • fix(connection): reset document state in between transaction retries #13726 #13698
  • fix(cursor): bubble up resumeTokenChanged event from change streams #13736 #13607
  • fix(query+populate): add refPath to projection by default, unless explicitly excluded #13758
  • fix(schema): support 'ascending', 'asc', 'descending', 'desc' for index direction #13761 #13725
  • fix(ChangeStream): add _bindEvents to addListener function for observable support #13759 yury-ivaniutsenka
  • types: infer return type when using get(), markModified(), etc. with known property name literal #13739 maybesmurf
  • types: add missing typings for option includeResultMetadata #13747 #13746 Idnan
  • types: export InferSchemaType #13737
  • docs(middleware): clarify that query middleware applies to document by default #13734 #13713
  • docs: add brief note on TypeScript generic usage for embedded discriminator path() calls #13728 #10435
  • docs: link v7 migration guide #13742 Cooldogyum
  • docs(migrating_to_6): add note about incompatible packages #13733
Changelog

Sourced from mongoose's changelog.

7.4.4 / 2023-08-22

  • fix(connection): reset document state in between transaction retries #13726 #13698
  • fix(cursor): bubble up resumeTokenChanged event from change streams #13736 #13607
  • fix(query+populate): add refPath to projection by default, unless explicitly excluded #13758
  • fix(schema): support 'ascending', 'asc', 'descending', 'desc' for index direction #13761 #13725
  • fix(ChangeStream): add _bindEvents to addListener function for observable support #13759 yury-ivaniutsenka
  • types: infer return type when using get(), markModified(), etc. with known property name literal #13739 maybesmurf
  • types: add missing typings for option includeResultMetadata #13747 #13746 Idnan
  • types: export InferSchemaType #13737
  • docs(middleware): clarify that query middleware applies to document by default #13734 #13713
  • docs: add brief note on TypeScript generic usage for embedded discriminator path() calls #13728 #10435
  • docs: link v7 migration guide #13742 Cooldogyum
  • docs(migrating_to_6): add note about incompatible packages #13733

6.11.6 / 2023-08-21

Commits
  • 57b6eab chore: release 7.4.4
  • 244a543 Merge pull request #13739 from maybesmurf/master
  • acbd957 Merge pull request #13747 from Idnan/master
  • 812b014 Merge pull request #13759 from yury-ivaniutsenka/fix_change_stream
  • b0258e1 Merge pull request #13758 from Automattic/vkarpov15/mongoose-autopopulate-96
  • 5fdb89c Merge pull request #13761 from Automattic/vkarpov15/gh-13725
  • 2591f9f fix(schema): support 'ascending', 'asc', 'descending', 'desc' for index direc...
  • b2e7315 Merge branch 'master' of github.com:Automattic/mongoose
  • 6e6e190 Merge branch '6.x'
  • 0604133 chore: release 6.11.6
  • Additional commits viewable in compare view


Updates semver from 7.3.8 to 7.6.0

Release notes

Sourced from semver's releases.

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

Documentation

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.0 (2024-01-31)

Features

Chores

7.5.4 (2023-07-07)

Bug Fixes

7.5.3 (2023-06-22)

Bug Fixes

Documentation

7.5.2 (2023-06-15)

Bug Fixes

7.5.1 (2023-05-12)

Bug Fixes

... (truncated)

Commits
  • 377f709 chore: release 7.6.0 (#661)
  • a7ab13a feat: preserve pre-release and build parts of a version on coerce (#671)
  • 816c7b2 chore: postinstall for dependabot template-oss PR
  • 0bd24d9 chore: bump @​npmcli/template-oss from 4.21.1 to 4.21.3
  • e521932 chore: postinstall for dependabot template-oss PR
  • 8873991 chore: chore: chore: postinstall for dependabot template-oss PR
  • f317dc8 chore: bump @​npmcli/template-oss from 4.19.0 to 4.21.0
  • 7303db1 chore: add clean() test for build metadata (#658)
  • 6240d75 chore: add missing quotes in README.md (#656)
  • 14d263f chore: postinstall for dependabot template-oss PR
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates webpack from 5.74.0 to 5.76.0

Release notes

Sourced from webpack's releases.

... _Description has been truncated_
dependabot[bot] commented 4 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.