search

wulfland / AccelerateDevOps

This is the companion repository for my book Accelerate DevOps with GitHub (2022). You can find all hands-on labs and other examples from the book here. Please reach out to me if something is broken.
https://www.amazon.com/dp/B0B4DW7NSL/ref=cm_sw_r_tw_dp_B4DR80D2BBERYNSQ5V9C
MIT License
42 stars 79 forks source link

Bump the npm_and_yarn group across 2 directories with 12 updates #919

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps the npm_and_yarn group with 10 updates in the /ch14/TailwindTradersBotComposer/scripts directory:

Package From To
minimist 1.2.5 1.2.6
ansi-regex 5.0.0 5.0.1
async 3.2.0 3.2.5
follow-redirects 1.14.0 1.15.5
node-fetch 2.6.1 2.7.0
qs 6.5.2 6.5.3
xml2js 0.4.23 0.5.0
@azure/arm-appinsights 2.1.0 4.0.0
@azure/arm-botservice 1.0.0 4.0.0
@azure/ms-rest-js 2.4.1 2.7.0

Bumps the npm_and_yarn group with 3 updates in the /ch9_release/src/Tailwind.Traders.Web/ClientApp directory: axios, lodash and qs.

Updates minimist from 1.2.5 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93
Commits


Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits


Updates async from 3.2.0 to 3.2.5

Changelog

Sourced from async's changelog.

v3.2.5

  • Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

  • Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
  • Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

  • Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

  • Fix potential prototype pollution exploit

v3.2.1

Commits


Updates follow-redirects from 1.14.0 to 1.15.5

Commits
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • 192dbe7 Release version 1.15.3 of the npm package.
  • Additional commits viewable in compare view


Updates node-fetch from 2.6.1 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

v2.6.11

2.6.11 (2023-05-09)

Reverts

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.


Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view


Updates xml2js from 0.4.23 to 0.5.0

Commits


Updates @azure/arm-appinsights from 2.1.0 to 4.0.0

Release notes

Sourced from @​azure/arm-appinsights's releases.

@​azure/arm-mobilenetwork_4.0.0

4.0.0 (2023-10-31)

Features

  • Added Interface EventHubConfiguration
  • Added Interface NASRerouteConfiguration
  • Added Interface SignalingConfiguration
  • Interface PacketCapture has a new optional parameter outputFiles
  • Interface PacketCoreControlPlane has a new optional parameter controlPlaneAccessVirtualIpv4Addresses
  • Interface PacketCoreControlPlane has a new optional parameter eventHub
  • Interface PacketCoreControlPlane has a new optional parameter signaling
  • Interface PacketCoreDataPlane has a new optional parameter userPlaneAccessVirtualIpv4Addresses
  • Enum KnownInstallationReason has a new value ControlPlaneAccessInterfaceHasChanged
  • Enum KnownInstallationReason has a new value ControlPlaneAccessVirtualIpv4AddressesHasChanged
  • Enum KnownInstallationReason has a new value PublicLandMobileNetworkIdentifierHasChanged
  • Enum KnownInstallationReason has a new value UserPlaneAccessInterfaceHasChanged
  • Enum KnownInstallationReason has a new value UserPlaneAccessVirtualIpv4AddressesHasChanged
  • Enum KnownInstallationReason has a new value UserPlaneDataInterfaceHasChanged

Breaking Changes

  • Parameter totalBytesPerSession has a more constraining minimum value

@​azure/arm-imagebuilder_4.0.0

4.0.0 (2023-12-21)

Features

  • Added Interface ErrorAdditionalInfo
  • Added Interface ImageTemplatePropertiesErrorHandling
  • Added Interface ImageTemplateUpdateParametersProperties
  • Added Type Alias OnBuildError
  • Added Type Alias TriggersDeleteResponse
  • Added Type Alias VirtualMachineImageTemplatesDeleteResponse
  • Interface ImageTemplate has a new optional parameter errorHandling
  • Interface ImageTemplateUpdateParameters has a new optional parameter properties
  • Added Enum KnownOnBuildError

Breaking Changes

  • Changed interface CloudError to ErrorResponse
  • Changed interface CloudErrorBody ErrorDetail

@​azure/identity_3.4.2

No release notes provided.

... (truncated)

Commits


Updates @azure/arm-botservice from 1.0.0 to 4.0.0

Release notes

Sourced from @​azure/arm-botservice's releases.

@​azure/arm-mobilenetwork_4.0.0

4.0.0 (2023-10-31)

Features

  • Added Interface EventHubConfiguration
  • Added Interface NASRerouteConfiguration
  • Added Interface SignalingConfiguration
  • Interface PacketCapture has a new optional parameter outputFiles
  • Interface PacketCoreControlPlane has a new optional parameter controlPlaneAccessVirtualIpv4Addresses
  • Interface PacketCoreControlPlane has a new optional parameter eventHub
  • Interface PacketCoreControlPlane has a new optional parameter signaling
  • Interface PacketCoreDataPlane has a new optional parameter userPlaneAccessVirtualIpv4Addresses
  • Enum KnownInstallationReason has a new value ControlPlaneAccessInterfaceHasChanged
  • Enum KnownInstallationReason has a new value ControlPlaneAccessVirtualIpv4AddressesHasChanged
  • Enum KnownInstallationReason has a new value PublicLandMobileNetworkIdentifierHasChanged
  • Enum KnownInstallationReason has a new value UserPlaneAccessInterfaceHasChanged
  • Enum KnownInstallationReason has a new value UserPlaneAccessVirtualIpv4AddressesHasChanged
  • Enum KnownInstallationReason has a new value UserPlaneDataInterfaceHasChanged

Breaking Changes

  • Parameter totalBytesPerSession has a more constraining minimum value

@​azure/arm-imagebuilder_4.0.0

4.0.0 (2023-12-21)

Features

  • Added Interface ErrorAdditionalInfo
  • Added Interface ImageTemplatePropertiesErrorHandling
  • Added Interface ImageTemplateUpdateParametersProperties
  • Added Type Alias OnBuildError
  • Added Type Alias TriggersDeleteResponse
  • Added Type Alias VirtualMachineImageTemplatesDeleteResponse
  • Interface ImageTemplate has a new optional parameter errorHandling
  • Interface ImageTemplateUpdateParameters has a new optional parameter properties
  • Added Enum KnownOnBuildError

Breaking Changes

  • Changed interface CloudError to ErrorResponse
  • Changed interface CloudErrorBody ErrorDetail

@​azure/identity_3.4.2

No release notes provided.

... (truncated)

Commits
  • 64c10b8 botservice release (#24485)
  • 70e762c mediaservice release (#24484)
  • 5951a8b Post release automated changes for azure-arm-containerinstance (#24489)
  • 9498a73 Post release automated changes for azure-arm-locks-profile-2020-09-01-hybrid ...
  • 098b1d3 Post release automated changes for azure-arm-iothub-profile-2020-09-01-hybrid...
  • 8d13811 Post release automated changes for azure-arm-eventhub-profile-2020-09-01-hybr...
  • 73fd790 Post release automated changes for azure-arm-dns-profile-2020-09-01-hybrid (#...
  • ca79b29 Post release automated changes for databoxedge releases (#24308)
  • 182bad5 Post release automated changes for azure-arm-authorization-profile-2020-09-01...
  • 6650d43 Post release automated changes for azure-arm-commerce-profile-2020-09-01-hybr...
  • Additional commits viewable in compare view


Updates @azure/ms-rest-js from 2.4.1 to 2.7.0

Changelog

Sourced from @​azure/ms-rest-js's changelog.

2.7.0 - (2023-07-06)

  • Remove cookie support from nodeFetchHttpClient to address a security issue with the tough-cookie package.

2.6.6 - (2023-04-10)

  • Update dependency xml2js version to ^0.5.0.

2.6.5 - (2023-02-09)

  • Add Microsoft SECURITY.md

2.6.4 - (2022-11-15)

  • Wrap Trusted Types policy-creation in a try/catch.

2.6.2 - (2022-07-28)

  • Address Trusted Types compliance issue.

2.6.1 - (2022-01-25)

2.6.0 - (2021-08-18)

  • Added a new property baseUri on the ServiceClientOptions that is then used to initialize the corresponding baseUri protected property on the ServiceClient.
    • For baseUri that happen to be known Azure resource manager endpoints, this allows the instantiating of the AzureIdentityCredentialAdapter class with the right scope when a user constructs a ServiceClient with a TokenCredential. Resolves Azure/azure-sdk-for-js#15945

2.5.3 - (2021-07-12)

  • Updated the dependency on the uuid package to v8 (PR 456)

2.5.2 - (2021-06-15)

  • Fixed an issue where proxySettings does not work when there is username but no password (PR 453)

2.5.1 - (2021-06-07)

  • [BugFix] Array flattening in deserializer loses previously de-serialized attributes (PR #451)

2.5.0 - (2021-05-10)

  • Add WebResource.redirectLimit: Limit the number of redirects followed for this request. If set to 0, redirects will not be followed.
  • Port changes to redirect policy from [azure-sdk-for-js](Azure/azure-sdk-for-js#11863
Commits


Updates axios from 0.21.1 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

  • Fixed FormData posting in browser environment by reverting #3785 (#4640)
  • Enhanced protocol parsing implementation (#4639)
  • Fixed bundle size

v0.27.1

Fixes and Functionality:

  • Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
  • Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

  • fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

  • Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • Fixing content-type header repeated #4745
  • Fixed timeout error message for HTTP 4738
  • Added axios.formToJSON method (#4735)
  • URL params serializer (#4734)
  • Fixed toFormData Blob issue on node>v17 #4728
  • Adding types for progress event callbacks #4675
  • Fixed max body length defaults #4731
  • Added data URL support for node.js (#4725)
  • Added isCancel type assert (#4293)
  • Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
  • Add string[] to AxiosRequestHeaders type (#4322)
  • Allow type definition for axios instance methods (#4224)
  • Fixed AxiosError stack capturing; (#4718)
  • Fixed AxiosError status code type; (#4717)
  • Adding Canceler parameters config and request (#4711)
  • fix(types): allow to specify partial default headers for instance creation (#4185)
  • Added blob to the list of protocols supported by the browser (#4678)
  • Fixing Z_BUF_ERROR when no content (#4701)
  • Fixed race condition on immediate requests cancellation (#4261)
  • Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
  • Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
  • Fix TS definition for AxiosRequestTransformer (#4201)
  • Use type alias instead of interface for AxiosPromise (#4505)
  • Include request and config when creating a CanceledError instance (#4659)
  • Added generic TS types for the exposed toFormData helper (#4668)
  • Optimized the code that checks cancellation (#4587)
  • Replaced webpack with rollup (#4596)
  • Added stack trace to AxiosError (#4624)
  • Updated AxiosError.config to be optional in the type definition (#4665)
  • Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

  • Fixed FormData posting in browser environment by reverting #3785 (#4640)
  • Enhanced protocol parsing implementation (#4639)
  • Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits
  • 3b7635a [Release] v0.28.0 (#6211)
  • 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
  • 80c3d74 chore(ci): backported publish action; (#6224)
  • 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
  • 880b42e docs: Fix a typo in README
  • c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
  • 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
  • 80b546c fix: loosing request header (#4858) (#4871)
  • 6acb5ef feat: brower platform add data protocol. (#4814)
  • bbb2264 fix(typing): axios response headers can be undefined (#4813)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.


Updates follow-redirects from 1.14.1 to 1.15.5

Commits
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • 192dbe7 Release version 1.15.3 of the npm package.
  • Additional commits viewable in compare view


Updates lodash from 4.17.20 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • See full diff in compare view


Updates qs from 6.10.1 to 6.10.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/wulfland/AccelerateDevOps/network/alerts).
dependabot[bot] commented 8 months ago

Superseded by #921.