search

wellcomecollection / catalogue-api

:crystal_ball: The API for searching the Wellcome Collection catalogue.
https://developers.wellcomecollection.org
MIT License
4 stars 0 forks source link

Bump the npm_and_yarn group across 3 directories with 15 updates #761

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
@babel/traverse 7.18.2 7.24.0
cookiejar 2.1.3 2.1.4
json5 2.2.1 2.2.3
semver 5.7.1 5.7.2
undici 5.12.0 5.28.3

Bumps the npm_and_yarn group with 2 updates in the /search_profiling directory: ansi-regex and axios. Bumps the npm_and_yarn group with 8 updates in the /smoke_tests directory:

Package From To
qs 6.5.2 6.5.3
semver 5.7.1 5.7.2
minimist 1.2.5 1.2.8
moment 2.29.1 2.30.1
nth-check 2.0.0 2.1.1
socket.io-parser 3.3.2 3.3.3
word-wrap 1.2.3 1.2.5
ws 5.2.2 5.2.3

Updates @babel/traverse from 7.18.2 to 7.24.0

Release notes

Sourced from @​babel/traverse's releases.

v7.24.0 (2024-02-28)

Thanks @​ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

:rocket: New Feature

  • babel-standalone
  • babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-preset-flow
  • babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-standalone
  • babel-plugin-transform-runtime
  • babel-parser, babel-types

:bug: Bug Fix

  • babel-plugin-proposal-do-expressions, babel-traverse
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-preset-env
  • babel-helpers
  • babel-helpers, babel-plugin-proposal-decorators

:nail_care: Polish

  • babel-core, babel-helper-create-class-features-plugin, babel-preset-env

:house: Internal

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.0 (2024-02-28)

:rocket: New Feature

  • babel-standalone
  • babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-preset-flow
  • babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-standalone
  • babel-plugin-transform-runtime
  • babel-parser, babel-types

:bug: Bug Fix

  • babel-plugin-proposal-do-expressions, babel-traverse
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-preset-env
  • babel-helpers
  • babel-helpers, babel-plugin-proposal-decorators

:nail_care: Polish

  • babel-core, babel-helper-create-class-features-plugin, babel-preset-env

:house: Internal

  • babel-helper-transform-fixture-test-runner

:microscope: Output optimization

... (truncated)

Commits


Updates cookiejar from 2.1.3 to 2.1.4

Commits


Updates json5 from 2.2.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view


Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates undici from 5.12.0 to 5.28.3

Release notes

Sourced from undici's releases.

v5.28.3

⚠️ Security Release ⚠️

Fixes:

Full Changelog: https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3

v5.28.2

What's Changed

New Contributors

Full Changelog: https://github.com/nodejs/undici/compare/v5.28.1...v5.28.2

v5.28.1

What's Changed

Full Changelog: https://github.com/nodejs/undici/compare/v5.28.0...v5.28.1

v5.28.0

What's Changed

... (truncated)

Commits
  • e71cb4c Bumped v5.28.3
  • 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
  • 8ec52cd Fix tests for Node.js v21 (#2609)
  • d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
  • 9a14e5f Bumped v5.28.2
  • fcdfe87 build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2302)
  • 169c157 build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)
  • 9788177 build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 (#2392)
  • 1f6d159 build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#2395)
  • a393a86 build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#2396)
  • Additional commits viewable in compare view


Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits


Updates axios from 0.21.1 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

  • Fixed FormData posting in browser environment by reverting #3785 (#4640)
  • Enhanced protocol parsing implementation (#4639)
  • Fixed bundle size

v0.27.1

Fixes and Functionality:

  • Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
  • Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

  • Fixed FormData posting in browser environment by reverting #3785 (#4640)
  • Enhanced protocol parsing implementation (#4639)
  • Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits
  • 3b7635a [Release] v0.28.0 (#6211)
  • 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
  • 80c3d74 chore(ci): backported publish action; (#6224)
  • 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
  • 880b42e docs: Fix a typo in README
  • c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
  • 80b546c fix: loosing request header (#4858) (#4871)
  • 6acb5ef feat: brower platform add data protocol. (#4814)
  • bbb2264 fix(typing): axios response headers can be undefined (#4813)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.


Updates follow-redirects from 1.14.1 to 1.15.6

Commits
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • Additional commits viewable in compare view


Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view


Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

Fixed

Commits

  • Merge tag 'v0.2.3' a026794
  • [eslint] fix indentation and whitespace 5368ca4
  • [eslint] fix indentation and whitespace e5f5067
  • [eslint] more cleanup 62fde7d
  • [eslint] more cleanup 36ac5d0
  • [meta] add auto-changelog 73923d2
  • [actions] add reusable workflows d80727d
  • [eslint] add eslint; rules to enable later are warnings 48bc06a
  • [eslint] fix indentation 34b0f1c
  • [readme] rename and add badges 5df0fe4
  • [Dev Deps]... _Description has been truncated_