Closed dependabot[bot] closed 5 months ago
Bumps the npm_and_yarn group with 15 updates in the / directory:
4.15.5
5.3.0
8.5.1
9.0.0
5.74.0
5.76.0
0.4.23
0.5.0
7.19.3
7.24.5
4.2.1
4.2.3
0.2.0
0.2.2
0.10.62
0.10.64
4.18.1
4.19.2
1.15.2
1.15.6
2.0.0
2.0.2
4.1.0
4.1.1
1.1.8
1.1.9
5.7.1
5.7.2
1.2.3
1.2.5
Updates jose from 4.15.5 to 5.3.0
jose
Sourced from jose's releases.
v5.3.0 Features allow observing remote JWKS resolver state and its manual reload (fa8b639) Refactor if should not be the only statement in else blocks (a6b716b) v5.2.4 Refactor use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c) v5.2.3 Refactor move iv generation and optional outputs around (05c4351) v5.2.2 Fixes types: iv and tag is optional in JSON serializations (53019cd) v5.2.1 Fixes build: refactor export targets for browser, node cjs, and node esm builds (50cbc65) v5.2.0 Features extend JWT NumericDate setter syntax (ae363c3) v5.1.3 Build add errors and base64url submodule exports (564412d) v5.1.2 Fixes do not mutate JWTVerifyOptions.requiredClaims (1bf9cec), closes #610 v5.1.1 Refactor deprecate the RSA1_5 JWE Algorithm (f746da1)
... (truncated)
Sourced from jose's changelog.
5.3.0 (2024-05-10) Features allow observing remote JWKS resolver state and its manual reload (fa8b639) Refactor if should not be the only statement in else blocks (a6b716b) 5.2.4 (2024-04-07) Refactor use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c) 5.2.3 (2024-03-07) Refactor move iv generation and optional outputs around (05c4351) 5.2.2 (2024-02-11) Fixes types: iv and tag is optional in JSON serializations (53019cd) 5.2.1 (2024-02-03) Fixes build: refactor export targets for browser, node cjs, and node esm builds (50cbc65) 5.2.0 (2023-12-24) Features extend JWT NumericDate setter syntax (ae363c3) 5.1.3 (2023-11-30) 5.1.2 (2023-11-27)
f126d36
fa8b639
2595451
fd46e2c
a6b716b
96b15a9
a0fc293
9199481
adc0f69
8fde79f
Updates jsonwebtoken from 8.5.1 to 9.0.0
jsonwebtoken
Sourced from jsonwebtoken's changelog.
9.0.0 - 2022-12-21 Breaking changes: See Migration from v8 to v9 Breaking changes Removed support for Node versions 11 and below. The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16) RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6) Key types must be valid for the signing / verification algorithm Security fixes security: fixes Arbitrary File Write via verify function - CVE-2022-23529 security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540 security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541 security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Breaking changes: See Migration from v8 to v9
Arbitrary File Write via verify function
Insecure default algorithm in jwt.verify() could lead to signature validation bypass
Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Unrestricted key type could lead to legacy keys usage
e1fa9dc
5eaedbf
cd4163e
ecdf6cc
8345030
none
sign
verify
7e6a86b
74d5719
d71e383
3765003
a46097e
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates webpack from 5.74.0 to 5.76.0
webpack
Sourced from webpack's releases.
v5.76.0 Bugfixes Avoid cross-realm object access by @Jack-Works in webpack/webpack#16500 Improve hash performance via conditional initialization by @lvivski in webpack/webpack#16491 Serialize generatedCode info to fix bug in asset module cache restoration by @ryanwilsonperkin in webpack/webpack#16703 Improve performance of hashRegExp lookup by @ryanwilsonperkin in webpack/webpack#16759 Features add target to LoaderContext type by @askoufis in webpack/webpack#16781 Security CVE-2022-37603 fixed by @akhilgkrishnan in webpack/webpack#16446 Repo Changes Fix HTML5 logo in README by @jakebailey in webpack/webpack#16614 Replace TypeScript logo in README by @jakebailey in webpack/webpack#16613 Update actions/cache dependencies by @piwysocki in webpack/webpack#16493 New Contributors @Jack-Works made their first contribution in webpack/webpack#16500 @lvivski made their first contribution in webpack/webpack#16491 @jakebailey made their first contribution in webpack/webpack#16614 @akhilgkrishnan made their first contribution in webpack/webpack#16446 @ryanwilsonperkin made their first contribution in webpack/webpack#16703 @piwysocki made their first contribution in webpack/webpack#16493 @askoufis made their first contribution in webpack/webpack#16781 Full Changelog: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0 v5.75.0 Bugfixes experiments.* normalize to false when opt-out avoid NaN% show the correct error when using a conflicting chunk name in code HMR code tests existance of window before trying to access it fix eval-nosources-* actually exclude sources fix race condition where no module is returned from processing module fix position of standalong semicolon in runtime code Features add support for @import to extenal CSS when using experimental CSS in node add i64 support to the deprecated WASM implementation Developer Experience expose EnableWasmLoadingPlugin add more typings generate getters instead of readonly properties in typings to allow overriding them
@Jack-Works
@lvivski
generatedCode
@ryanwilsonperkin
hashRegExp
target
LoaderContext
@askoufis
@akhilgkrishnan
@jakebailey
@piwysocki
Full Changelog: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0
experiments.*
false
NaN%
window
eval-nosources-*
@import
i64
EnableWasmLoadingPlugin
97b1718
b84efe6
c98e9e0
5f34acf
b7fc4d8
63ea82d
4ba2252
1acd635
302eb37
cfdb1df
This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.
Updates xml2js from 0.4.23 to 0.5.0
xml2js
Updates @babel/traverse from 7.19.3 to 7.24.5
@babel/traverse
Sourced from @babel/traverse's releases.
@babel/traverse
v7.24.5 (2024-04-29) Thanks @romgrk and @sossost for your first PRs! :bug: Bug Fix babel-plugin-transform-classes, babel-traverse #16377 fix: TypeScript annotation affects output (@liuxingbaoyu) babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3 #16440 Fix suppressed error order (@sossost) #16408 Await nullish async disposable (@JLHwung) :nail_care: Polish babel-parser #16407 Recover from exported using declaration (@JLHwung) :house: Internal Other #16414 Relax ESLint peerDependency constraint to allow v9 (@liuxingbaoyu) babel-parser #16425 Improve @babel/parser AST types (@nicolo-ribaudo) #16417 Always pass type argument to .startNode (@nicolo-ribaudo) babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse #16439 Make NodePath<T | U> distributive (@nicolo-ribaudo) babel-plugin-proposal-partial-application, babel-types #16421 Remove JSXNamespacedName from valid CallExpression args (@nicolo-ribaudo) babel-plugin-transform-class-properties, babel-preset-env #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@nicolo-ribaudo) :running_woman: Performance babel-helpers, babel-preset-env, babel-runtime-corejs3 #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@romgrk) Committers: 6 Babel Bot (@babel-bot) Huáng Jùnliàng (@JLHwung) Nicolò Ribaudo (@nicolo-ribaudo) Rom Grk (@romgrk) @liuxingbaoyu ynnsuis (@sossost) v7.24.4 (2024-04-03) Thanks @Dunqing, @luiscubal, and @samualtnorman for your first PRs! :eyeglasses: Spec Compliance babel-parser #16403 Forbid initializerless using (@JLHwung) babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3 #16388 Ensure decorators are callable (@JLHwung)
Thanks @romgrk and @sossost for your first PRs!
@romgrk
@sossost
babel-plugin-transform-classes
babel-traverse
@liuxingbaoyu
babel-helpers
babel-plugin-proposal-explicit-resource-management
babel-runtime-corejs3
@JLHwung
babel-parser
using
@babel/parser
@nicolo-ribaudo
.startNode
babel-helper-create-class-features-plugin
babel-helper-member-expression-to-functions
babel-helper-module-transforms
babel-helper-split-export-declaration
babel-helper-wrap-function
babel-plugin-bugfix-firefox-class-in-computed-class-key
babel-plugin-transform-block-scoping
babel-plugin-transform-destructuring
babel-plugin-transform-object-rest-spread
babel-plugin-transform-optional-chaining
babel-plugin-transform-parameters
babel-plugin-transform-private-property-in-object
babel-plugin-transform-react-jsx-self
babel-plugin-transform-typeof-symbol
babel-plugin-transform-typescript
NodePath<T | U>
babel-plugin-proposal-partial-application
babel-types
JSXNamespacedName
CallExpression
babel-plugin-transform-class-properties
babel-preset-env
objectWithoutPropertiesLoose
@babel-bot
Thanks @Dunqing, @luiscubal, and @samualtnorman for your first PRs!
@Dunqing
@luiscubal
@samualtnorman
babel-plugin-proposal-decorators
Sourced from @babel/traverse's changelog.
v7.24.5 (2024-04-29) :bug: Bug Fix babel-plugin-transform-classes, babel-traverse #16377 fix: TypeScript annotation affects output (@liuxingbaoyu) babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3 #16440 Fix suppressed error order (@sossost) #16408 Await nullish async disposable (@JLHwung) :nail_care: Polish babel-parser #16407 Recover from exported using declaration (@JLHwung) :house: Internal Other #16414 Relax ESLint peerDependency constraint to allow v9 (@liuxingbaoyu) babel-parser #16425 Improve @babel/parser AST types (@nicolo-ribaudo) #16417 Always pass type argument to .startNode (@nicolo-ribaudo) babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse #16439 Make NodePath<T | U> distributive (@nicolo-ribaudo) babel-plugin-proposal-partial-application, babel-types #16421 Remove JSXNamespacedName from valid CallExpression args (@nicolo-ribaudo) babel-plugin-transform-class-properties, babel-preset-env #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@nicolo-ribaudo) :running_woman: Performance babel-helpers, babel-preset-env, babel-runtime-corejs3 #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@romgrk) v7.24.4 (2024-04-03) :eyeglasses: Spec Compliance babel-parser #16403 Forbid initializerless using (@JLHwung) babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3 #16388 Ensure decorators are callable (@JLHwung) :bug: Bug Fix babel-generator #16402 fix: Correctly prints { [key in Bar]? } (@liuxingbaoyu) #16394 fix: Correctly generate TSMappedType (@liuxingbaoyu) babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env #16390 Create bugfix plugin for classes in computed keys in Firefox (@nicolo-ribaudo) babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators #16387 fix: support mutated outer decorated class binding (@JLHwung) #16385 fix: Decorators when super() exists and protoInit is not needed (@liuxingbaoyu) babel-plugin-transform-block-scoping #16384 fix: Transform scoping for for X in loop (@liuxingbaoyu) #16368 fix: Capture let when the for body is not a block (@liuxingbaoyu) babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping
babel-generator
{ [key in Bar]? }
TSMappedType
babel-compat-data
super()
protoInit
for X
let
for
babel-core
babel-plugin-transform-block-scoped-functions
ddbea7d
e779cad
ee48754
4d8b2d0
NodePath\<T | U>
a84ec28
eqeqeq
822b025
fc0d5ad
69e7928
40110e9
ce59160
Updates browserify-sign from 4.2.1 to 4.2.3
browserify-sign
Sourced from browserify-sign's changelog.
v4.2.3 - 2024-03-05 Commits [patch] widen support to 0.12 9247adf [patch] drop minimum node support to v1 4d0ee49 [Dev Deps] update aud, npmignore, tape 87f3a35 [actions] remove redundant finisher 37a4758 [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12 [Deps] update parse-asn1 [f427270`](https://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c) [Deps] update elliptic fb261ce [Deps] pin elliptic due to a breaking change 168e16f v4.2.2 - 2023-10-25 Fixed [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37) Commits Only apps should have lockfiles 09a8995 [eslint] switch to eslint 83fe463 [meta] add npmignore and auto-changelog 4418183 [meta] fix package.json indentation 9ac5a5e [Tests] migrate from travis to github actions d845d85 [Fix] sign: throw on unsupported padding scheme 8767739 [Fix] properly check the upper bound for DSA signatures 85994cd [Tests] handle openSSL not supporting a scheme f5f17c2 [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb [Dev Deps] update nyc, standard, tape cc5350b [Tests] always run coverage; downgrade nyc 75ce1d5 [meta] add safe-publish-latest dcf49ce [Tests] add npm run posttest 75dd8fd [Dev Deps] update tape 3aec038 [Tests] skip unsupported schemes 703c83e [Tests] node < 6 lacks array includes 3aa43cf [Dev Deps] fix eslint range 98d4e0d
9247adf
4d0ee49
aud
npmignore
tape
87f3a35
37a4758
hash-base
9e2bf12
parse-asn1 [
elliptic
fb261ce
168e16f
[#37](https://github.com/crypto-browserify/browserify-sign/issues/37)
09a8995
83fe463
auto-changelog
4418183
9ac5a5e
d845d85
8767739
85994cd
f5f17c2
bn.js
browserify-rsa
parse-asn1
readable-stream
safe-buffer
a67d0eb
nyc
standard
cc5350b
75ce1d5
safe-publish-latest
dcf49ce
npm run posttest
75dd8fd
3aec038
703c83e
includes
3aa43cf
98d4e0d
bf2c3ec
f427270
4af5a90
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates decode-uri-component from 0.2.0 to 0.2.2
decode-uri-component
Sourced from decode-uri-component's releases.
v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode throws - fixes #6 746ca5d Update license (#1) 486d7e2 Tidelift tasks a650457 Meta tweaks 66e1c28 https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1
https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2
https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1
a0eea46
980e0bf
3c8a373
76abc93
746ca5d
486d7e2
a650457
66e1c28
Updates es5-ext from 0.10.62 to 0.10.64
es5-ext
Sourced from es5-ext's releases.
0.10.64 (2024-02-27) Bug Fixes Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9) Comparison since last release 0.10.63 (2024-02-23) Bug Fixes Do not rely on problematic regex (3551cdd), addresses #201 Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021 Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79) Maintenance Improvements Simplify the manifest message (7855319) Comparison since last release
Comparison since last release
function#toStringTokens()
Sourced from es5-ext's changelog.
0.10.64 (2024-02-27) Bug Fixes Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9) 0.10.63 (2024-02-23) Bug Fixes Do not rely on problematic regex (3551cdd), addresses #201 Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021 Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79) Maintenance Improvements Simplify the manifest message (7855319)
f76b03d
2881acd
c2e2bb9
16f2b72
de4e03c
3fd53b7
lint-staged
bf8ed79
2cbbb07
22d0416
a52e957
Updates express from 4.18.1 to 4.19.2
express
Sourced from express's releases.
4.19.2 What's Changed Improved fix for open redirect allow list bypass Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2 4.19.1 What's Changed Fix ci after location patch by @wesleytodd in expressjs/express#5552 fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556 Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1 4.19.0 What's Changed fix typo in release date by @UlisesGascon in expressjs/express#5527 docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511 docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510 Add note on how to update docs for new release by @crandmck in expressjs/express#5541 Prevent open redirect allow list bypass due to encodeurl Release 4.19.0 by @wesleytodd in expressjs/express#5551 New Contributors @crandmck made their first contribution in expressjs/express#5541 Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0 4.18.3 Main Changes Fix routing requests without method deps: body-parser@1.20.2 Fix strict json error message on Node.js 19+ deps: content-type@~1.0.5 deps: raw-body@2.5.2 Other Changes Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032 build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034 ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027 test: remove unused function arguments in params by @raksbisht in expressjs/express#5124 Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119 Fixed typos by @raksbisht in expressjs/express#5117 examples: remove unused params by @raksbisht in expressjs/express#5113 fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130 fix: typos in History.md by @raksbisht in expressjs/express#5131 build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028 test: remove unused function arguments in params by @raksbisht in expressjs/express#5137
Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2
@wesleytodd
Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1
@UlisesGascon
@crandmck
Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0
@vcsjones
@abenhamdine
@armujahid
@raksbisht
Sourced from express's changelog.
4.19.2 / 2024-03-25 Improved fix for open redirect allow list bypass 4.19.1 / 2024-03-20 Allow passing non-strings to res.location with new encoding handling checks 4.19.0 / 2024-03-20 Prevent open redirect allow list bypass due to encodeurl deps: cookie@0.6.0 4.18.3 / 2024-02-29 Fix routing requests without method deps: body-parser@1.20.2 Fix strict json error message on Node.js 19+ deps: content-type@~1.0.5 deps: raw-body@2.5.2 deps: cookie@0.6.0 Add partitioned option 4.18.2 / 2022-10-08 Fix regression routing a large stack in a single route deps: body-parser@1.20.1 deps: qs@6.11.0 perf: remove unnecessary object clone deps: qs@6.11.0
partitioned
04bc627
da4d763
4f0f6cc
a003cfa
a1fa90f
11f2b1d
084e365
0867302
567c9c6
69a4cf2
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates follow-redirects from 1.15.2 to 1.15.6
follow-redirects
35a517c
c4f847f
8526b4a
b1677ce
d8914f7
6585820
7a6567e
05629af
1cba8e8
72bc2a4
Updates get-func-name from 2.0.0 to 2.0.2
get-func-name
Sourced from get-func-name's releases.
v2.0.2 What's Changed Revert previous changes that shipped this as an ES module. Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.2 v2.0.1 What's Changed Fix https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5 Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.1
Revert previous changes that shipped this as an ES module.
Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.2
Fix https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5
Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.1
This version was pushed to npm by keithamus, a new releaser for get-func-name since your current version.
Updates http-cache-semantics from 4.1.0 to 4.1.1
http-cache-semantics
2449650
560b2d8
b1bdb92
c20dc7e
Updates ip from 1.1.8 to 1.1.9
ip
1ecbf2f
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml
Bumps the npm_and_yarn group with 15 updates in the / directory:
4.15.55.3.08.5.19.0.05.74.05.76.00.4.230.5.07.19.37.24.54.2.14.2.30.2.00.2.20.10.620.10.644.18.14.19.21.15.21.15.62.0.02.0.24.1.04.1.11.1.81.1.95.7.15.7.21.2.31.2.5Updates
josefrom 4.15.5 to 5.3.0Release notes
Sourced from jose's releases.
... (truncated)
Changelog
Sourced from jose's changelog.
... (truncated)
Commits
f126d36chore(release): 5.3.0fa8b639feat: allow observing remote JWKS resolver state and its manual reload2595451chore: bump dev depsfd46e2cchore: bump dev depsa6b716brefactor: if should not be the only statement in else blocks96b15a9chore: bump dev depsa0fc293chore: bump dev deps9199481chore: bump dev depsadc0f69chore: cleanup after release8fde79fchore(release): 5.2.4Updates
jsonwebtokenfrom 8.5.1 to 9.0.0Changelog
Sourced from jsonwebtoken's changelog.
Commits
e1fa9dcMerge pull request from GHSA-8cf7-32gw-wr335eaedbfchore(ci): remove github test actions job (#861)cd4163echore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)ecdf6ccfix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...8345030fix(sign&verify)!: Remove defaultnonesupport fromsignandverifymet...7e6a86bUpload OpsLevel YAML (#849)74d5719docs: update references vercel/ms references (#770)d71e383docs: document "invalid token" error3765003docs: fix spelling in README.md: Peak -> Peek (#754)a46097edocs: make decode impossible to discover before verifyMaintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.
Updates
webpackfrom 5.74.0 to 5.76.0Release notes
Sourced from webpack's releases.
Commits
97b1718Merge pull request #16781 from askoufis/loader-context-target-typeb84efe6Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perfc98e9e0Merge pull request #16493 from piwysocki/patch-15f34acffeat: AddtargettoLoaderContexttypeb7fc4d8Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-1616063ea82dMerge branch 'webpack:main' into patch-14ba2252Merge pull request #16446 from akhilgkrishnan/patch-11acd635Merge pull request #16613 from jakebailey/ts-logo302eb37Merge pull request #16614 from jakebailey/html5-logocfdb1dfImprove performance of hashRegExp lookupMaintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.
Updates
xml2jsfrom 0.4.23 to 0.5.0Commits
Updates
@babel/traversefrom 7.19.3 to 7.24.5Release notes
Sourced from
@babel/traverse's releases.... (truncated)
Changelog
Sourced from
@babel/traverse's changelog.... (truncated)
Commits
ddbea7dv7.24.5e779cadfix: TypeScript annotation affects output (#16377)ee48754Use multiple TypeScript projects (#16430)4d8b2d0MakeNodePath\<T | U>distributive (#16439)a84ec28Enableeqeqeqrule (#16404)822b025v7.24.1fc0d5adUpdate typescript and lint tools (#16351)69e7928Consider well-known and registered symbols as literals (#16342)40110e9Update source map deps (#16327)ce59160v7.24.0Updates
browserify-signfrom 4.2.1 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ecv4.2.39247adf[patch] widen support to 0.12f427270[Deps] update `parse-asn187f3a35[Dev Deps] updateaud,npmignore,tapefb261ce[Deps] updateelliptic4d0ee49[patch] drop minimum node support to v19e2bf12[Deps] pinhash-baseto ~3.0, due to a breaking change168e16f[Deps] pinellipticdue to a breaking change37a4758[actions] remove redundant finisher4af5a90v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-componentfrom 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea460.2.2980e0bfPrevent overwriting previously decoded tokens3c8a3730.2.176abc93Switch to GitHub workflows746ca5dFix issue where decode throws - fixes #6486d7e2Update license (#1)a650457Tidelift tasks66e1c28Meta tweaksUpdates
es5-extfrom 0.10.62 to 0.10.64Release notes
Sourced from es5-ext's releases.
Changelog
Sourced from es5-ext's changelog.
Commits
f76b03dchore: Release v0.10.642881acdchore: Bump dependenciesc2e2bb9fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72docs: Fix date in the changelogde4e03cchore: Release v0.10.633fd53b7chore: Upgradelint-stagedto v13bf8ed79chore: Ensure postinstall script does not crash on Windows2cbbb07chore: Bump dependencies22d0416chore: Bump LICENSE yeara52e957fix: Support ES2015+ function definitions infunction#toStringTokens()Updates
expressfrom 4.18.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc6274.19.2da4d763Improved fix for open redirect allow list bypass4f0f6cc4.19.1a003cfaAllow passing non-strings to res.location with new encoding handling checks f...a1fa90ffixed un-edited version in history.md for 4.19.011f2b1dbuild: fix build due to inconsistent supertest behavior in older versions084e3654.19.00867302Prevent open redirect allow list bypass due to encodeurl567c9c6Add note on how to update docs for new release (#5541)69a4cf2deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirectsfrom 1.15.2 to 1.15.6Commits
35a517cRelease version 1.15.6 of the npm package.c4f847fDrop Proxy-Authorization across hosts.8526b4aUse GitHub for disclosure.b1677ceRelease version 1.15.5 of the npm package.d8914f7Preserve fragment in responseUrl.6585820Release version 1.15.4 of the npm package.7a6567eDisallow bracketed hostnames.05629afPrefer native URL instead of deprecated url.parse.1cba8e8Prefer native URL instead of legacy url.resolve.72bc2a4Simplify _processResponse error handling.Updates
get-func-namefrom 2.0.0 to 2.0.2Release notes
Sourced from get-func-name's releases.
Commits
Maintainer changes
This version was pushed to npm by keithamus, a new releaser for get-func-name since your current version.
Updates
http-cache-semanticsfrom 4.1.0 to 4.1.1Commits
2449650Update mocha560b2d8Don't use regex to trim whitespaceb1bdb92Remove linting package zooc20dc7eCache 308Updates
ipfrom 1.1.8 to 1.1.9Commits
1ecbf2f1.1.9This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml