Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 11 updates #157

Closed
wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group across 1 directory with 11 updates #157

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 1, 2024
edited
Loading

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package From To
express 4.19.2 4.20.0
webpack 5.92.1 5.95.0
ws 7.5.10 8.17.1
@wdio/browserstack-service 8.39.1 9.1.2
@wdio/cli 8.39.1 9.1.2
@wdio/local-runner 8.39.1 9.1.2
braces 2.3.2 3.0.3
gulp 4.0.2 5.0.0

Updates express from 4.19.2 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect

Other Changes

New Contributors

Full Changelog: expressjs/express@4.19.1...4.20.0

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • Remove link renderization in html while redirecting
  • deps: [email protected]
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
  • Remove link renderization in html while using res.redirect
  • deps: [email protected]
    • Adds support for named matching groups in the routes using a regex
    • Adds backtracking protection to parameters without regexes defined
  • deps: encodeurl@~2.0.0
    • Removes encoding of \, |, and ^ to align better with URL spec
  • Deprecate passing options.maxAge and options.expires to res.clearCookie
    • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
Commits

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

New Contributors

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

  • deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Updates webpack from 5.92.1 to 5.95.0

Release notes

Sourced from webpack's releases.

v5.95.0

Bug Fixes

  • Fixed hanging when attempting to read a symlink-like file that it can't read
  • Handle default for import context element dependency
  • Merge duplicate chunks call after split chunks
  • Generate correctly code for dynamically importing the same file twice and destructuring
  • Use content hash as [base] and [name] for extracted DataURI's
  • Distinguish module and import in module-import for externals import's
  • [Types] Make EnvironmentPlugin default values types less strict
  • [Types] Typescript 5.6 compatibility

New Features

  • Add new optimization.avoidEntryIife option (true by default for the production mode)
  • Pass output.hash* options to loader context

Performance

  • Avoid unneeded re-visit in build chunk graph

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import

... (truncated)

Commits
  • e20fd63 chore(release): 5.95.0
  • 4866b0d feat: added new optimization.entryIife option
  • d90f692 fix: merge duplicate chunks after split chunks
  • 90dec30 fix(externals): distinguish “module” and “import” in “module-import”
  • c1a0a46 fix(externals): distinguish “module” and “import” in “module-import”
  • 14d8fa8 fix: all tests cases
  • dae16ad feat: pass output.hash* options to loader context
  • 75d185d feat: pass output.hash* options to loader context
  • 46e0b9c test: update
  • 8e62f9f test
  • Additional commits viewable in compare view

Updates ws from 7.5.10 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view

Updates @wdio/browserstack-service from 8.39.1 to 9.1.2

Release notes

Sourced from @​wdio/browserstack-service's releases.

v9.1.2 (2024-09-28)

🐛 Bug Fix

💅 Polish

  • wdio-types, webdriver
  • wdio-cli, wdio-sauce-service, wdio-spec-reporter, wdio-types, webdriverio

Committers: 3

v9.1.1 (2024-09-26)

🐛 Bug Fix

💅 Polish

📝 Documentation

Committers: 4

v9.1.0 (2024-09-24)

🚀 New Feature

  • wdio-cucumber-framework
  • wdio-junit-reporter

... (truncated)

Changelog

Sourced from @​wdio/browserstack-service's changelog.

v9.1.2 (2024-09-28)

🐛 Bug Fix

💅 Polish

  • wdio-types, webdriver
  • wdio-cli, wdio-sauce-service, wdio-spec-reporter, wdio-types, webdriverio

Committers: 3

v9.1.1 (2024-09-26)

🐛 Bug Fix

💅 Polish

📝 Documentation

Committers: 4

v9.1.0 (2024-09-24)

🚀 New Feature

  • wdio-cucumber-framework

... (truncated)

Commits

Updates @wdio/cli from 8.39.1 to 9.1.2

Release notes

Sourced from @​wdio/cli's releases.

v9.1.2 (2024-09-28)

🐛 Bug Fix

💅 Polish

  • wdio-types, webdriver
  • wdio-cli, wdio-sauce-service, wdio-spec-reporter, wdio-types, webdriverio

Committers: 3

v9.1.1 (2024-09-26)

🐛 Bug Fix

💅 Polish

📝 Documentation

Committers: 4

v9.1.0 (2024-09-24)

🚀 New Feature

  • wdio-cucumber-framework
  • wdio-junit-reporter

... (truncated)

Changelog

Sourced from @​wdio/cli's changelog.

v9.1.2 (2024-09-28)

🐛 Bug Fix

💅 Polish

  • wdio-types, webdriver
  • wdio-cli, wdio-sauce-service, wdio-spec-reporter, wdio-types, webdriverio

Committers: 3

v9.1.1 (2024-09-26)

🐛 Bug Fix

💅 Polish

📝 Documentation

Committers: 4

v9.1.0 (2024-09-24)

🚀 New Feature

  • wdio-cucumber-framework

... (truncated)

Commits

Updates @wdio/local-runner from 8.39.1 to 9.1.2

Release notes

Sourced from @​wdio/local-runner's releases.

v9.1.2 (2024-09-28)

🐛 Bug Fix

💅 Polish

  • wdio-types, webdriver
  • wdio-cli, wdio-sauce-service, wdio-spec-reporter, wdio-types, webdriverio

Committers: 3

v9.1.1 (2024-09-26)

🐛 Bug Fix

💅 Polish

📝 Documentation

Committers: 4

v9.1.0 (2024-09-24)

🚀 New Feature

  • wdio-cucumber-framework
  • wdio-junit-reporter

... (truncated)

Changelog

Sourced from @​wdio/local-runner's changelog.

v9.1.2 (2024-09-28)

🐛 Bug Fix

💅 Polish

  • wdio-types, webdriver
  • wdio-cli, wdio-sauce-service, wdio-spec-reporter, wdio-types, webdriverio

Committers: 3

v9.1.1 (2024-09-26)

🐛 Bug Fix

💅 Polish

📝 Documentation

Committers: 4

v9.1.0 (2024-09-24)

🚀 New Feature

  • wdio-cucumber-framework

... (truncated)

Commits

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed

Non-breaking changes

  • Caching was removed
Commits

Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

  • Drop support for Node.js <10.13
  • Default stream encoding to UTF-8
  • Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
  • Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
  • All globs and paths are normalized to unix-like filepaths
  • Only allow JS variants for .gulp.* config files
  • Removed support for alpha releases of v4 from gulp-cli
  • Removed the --verify flag
  • Renamed the --require flag to --preload to avoid conflicting with Node.js flags
  • Removed many legacy and deprecated loaders
  • Upgrade to chokidar v3
  • Clone Vinyl objects with stream contents using teex, but no lon...

    Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 11 updates
b610503 
Bumps the npm_and_yarn group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [express](https://github.com/expressjs/express) | `4.19.2` | `4.20.0` |
| [webpack](https://github.com/webpack/webpack) | `5.92.1` | `5.95.0` |
| [ws](https://github.com/websockets/ws) | `7.5.10` | `8.17.1` |
| [@wdio/browserstack-service](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-browserstack-service) | `8.39.1` | `9.1.2` |
| [@wdio/cli](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-cli) | `8.39.1` | `9.1.2` |
| [@wdio/local-runner](https://github.com/webdriverio/webdriverio/tree/HEAD/packages/wdio-local-runner) | `8.39.1` | `9.1.2` |
| [braces](https://github.com/micromatch/braces) | `2.3.2` | `3.0.3` |
| [gulp](https://github.com/gulpjs/gulp) | `4.0.2` | `5.0.0` |



Updates `express` from 4.19.2 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.19.2...4.20.0)

Updates `body-parser` from 1.20.2 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.2...1.20.3)

Updates `webpack` from 5.92.1 to 5.95.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.92.1...v5.95.0)

Updates `ws` from 7.5.10 to 8.17.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.5.10...8.17.1)

Updates `@wdio/browserstack-service` from 8.39.1 to 9.1.2
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.1.2/packages/wdio-browserstack-service)

Updates `@wdio/cli` from 8.39.1 to 9.1.2
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.1.2/packages/wdio-cli)

Updates `@wdio/local-runner` from 8.39.1 to 9.1.2
- [Release notes](https://github.com/webdriverio/webdriverio/releases)
- [Changelog](https://github.com/webdriverio/webdriverio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webdriverio/webdriverio/commits/v9.1.2/packages/wdio-local-runner)

Updates `braces` from 2.3.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.3)

Updates `gulp` from 4.0.2 to 5.0.0
- [Release notes](https://github.com/gulpjs/gulp/releases)
- [Changelog](https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md)
- [Commits](gulpjs/gulp@v4.0.2...v5.0.0)

Updates `path-to-regexp` from 0.1.7 to 0.1.10
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10)

Updates `serve-static` from 1.15.0 to 1.16.0
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...1.16.0)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@wdio/browserstack-service"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@wdio/cli"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@wdio/local-runner"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: gulp
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: path-to-regexp
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner October 1, 2024 11:52
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 1, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Oct 1, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Oct 1, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-0cfd5ad063 branch October 1, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants