[Security] update outdated dependencies #347
Merged
Commits on Sep 27, 2024
-
Bump the npm_and_yarn group with 6 updates (#67)
Bumps the npm_and_yarn group with 6 updates: | Package | From | To | | --- | --- | --- | | [express](https://github.com/expressjs/express) | `4.18.3` | `4.19.2` | | [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.9.8` | `1.10.9` | | [ws](https://github.com/websockets/ws) | `8.16.0` | `8.17.1` | | [engine.io](https://github.com/socketio/engine.io) | `6.5.4` | `6.5.5` | | [engine.io-client](https://github.com/socketio/engine.io-client) | `6.5.3` | `6.5.4` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | Updates `express` from 4.18.3 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.3...4.19.2) Updates `@grpc/grpc-js` from 1.9.8 to 1.10.9 - [Release notes](https://github.com/grpc/grpc-node/releases) - [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected]) Updates `ws` from 8.16.0 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.16.0...8.17.1) Updates `engine.io` from 6.5.4 to 6.5.5 - [Release notes](https://github.com/socketio/engine.io/releases) - [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md) - [Commits](socketio/engine.io@6.5.4...6.5.5) Updates `engine.io-client` from 6.5.3 to 6.5.4 - [Release notes](https://github.com/socketio/engine.io-client/releases) - [Changelog](https://github.com/socketio/engine.io-client/blob/main/CHANGELOG.md) - [Commits](socketio/engine.io-client@6.5.3...6.5.4) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@grpc/grpc-js" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: engine.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: engine.io-client dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump the npm_and_yarn group with 6 updates (#68)
Bumps the npm_and_yarn group with 6 updates: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.20.2` | `1.20.3` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.0` | | [axios](https://github.com/axios/axios) | `1.6.8` | `1.7.7` | | [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.10` | | [send](https://github.com/pillarjs/send) | `0.18.0` | `0.19.0` | | [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` | `1.16.2` | Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.19.2...4.21.0) Updates `express` from 4.19.2 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](expressjs/express@4.19.2...4.21.0) Updates `axios` from 1.6.8 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.8...v1.7.7) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) --- updated-dependencies: - dependency-name: body-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump express-rate-limit from 7.2.0 to 7.3.1 (#64)
Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 7.2.0 to 7.3.1. - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v7.2.0...v7.3.1) --- updated-dependencies: - dependency-name: express-rate-limit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump uglify-js from 3.17.4 to 3.18.0 (#62)
Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.17.4 to 3.18.0. - [Release notes](https://github.com/mishoo/UglifyJS/releases) - [Commits](mishoo/UglifyJS@v3.17.4...v3.18.0) --- updated-dependencies: - dependency-name: uglify-js dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump redis from 4.6.13 to 4.6.14 (#54)
Bumps [redis](https://github.com/redis/node-redis) from 4.6.13 to 4.6.14. - [Release notes](https://github.com/redis/node-redis/releases) - [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/node-redis/compare/[email protected]@4.6.14) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump mocha from 10.3.0 to 10.4.0 (#41)
Bumps [mocha](https://github.com/mochajs/mocha) from 10.3.0 to 10.4.0. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](mochajs/mocha@v10.3.0...v10.4.0) --- updated-dependencies: - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump docker/build-push-action from 5 to 6 (#70)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump newrelic from 11.14.0 to 12.5.1 (#69)
Bumps [newrelic](https://github.com/newrelic/node-newrelic) from 11.14.0 to 12.5.1. - [Release notes](https://github.com/newrelic/node-newrelic/releases) - [Changelog](https://github.com/newrelic/node-newrelic/blob/main/changelog.json) - [Commits](newrelic/node-newrelic@v11.14.0...v12.5.1) --- updated-dependencies: - dependency-name: newrelic dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump engine.io-client from 6.5.4 to 6.6.1 (#71)
Bumps [engine.io-client](https://github.com/socketio/socket.io) from 6.5.4 to 6.6.1. - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/commits/[email protected]) --- updated-dependencies: - dependency-name: engine.io-client dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump express-rate-limit from 7.3.1 to 7.4.0 (#77)
Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 7.3.1 to 7.4.0. - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v7.3.1...v7.4.0) --- updated-dependencies: - dependency-name: express-rate-limit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump mocha from 10.4.0 to 10.7.3 (#76)
Bumps [mocha](https://github.com/mochajs/mocha) from 10.4.0 to 10.7.3. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.4.0...v10.7.3) --- updated-dependencies: - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump engine.io from 6.5.5 to 6.6.1 (#72)
Bumps [engine.io](https://github.com/socketio/socket.io) from 6.5.5 to 6.6.1. - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/commits/[email protected]) --- updated-dependencies: - dependency-name: engine.io dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump uglify-js from 3.18.0 to 3.19.3 (#73)
Bumps [uglify-js](https://github.com/mishoo/UglifyJS) from 3.18.0 to 3.19.3. - [Release notes](https://github.com/mishoo/UglifyJS/releases) - [Commits](mishoo/UglifyJS@v3.18.0...v3.19.3) --- updated-dependencies: - dependency-name: uglify-js dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump redis from 4.6.14 to 4.7.0 (#74)
Bumps [redis](https://github.com/redis/node-redis) from 4.6.14 to 4.7.0. - [Release notes](https://github.com/redis/node-redis/releases) - [Changelog](https://github.com/redis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/redis/node-redis/compare/[email protected]@4.7.0) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Convert all the tests to ESM (`.mjs`) in preparation for Chai 5, which drops support for CommonJS. - replace `require` with `import` throughout. - create a global `chai` object to replace the old `chai = require('chai')`. - rename tests from '.js' to '.mjs'. -
-
-
-
-
-
Commits on Oct 14, 2024
-
Bump express-rate-limit from 7.4.0 to 7.4.1 (#80)
Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 7.4.0 to 7.4.1. - [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases) - [Commits](express-rate-limit/express-rate-limit@v7.4.0...v7.4.1) --- updated-dependencies: - dependency-name: express-rate-limit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump the npm_and_yarn group across 1 directory with 3 updates (#86)
Bumps the npm_and_yarn group with 2 updates in the / directory: [engine.io](https://github.com/socketio/socket.io) and [express](https://github.com/expressjs/express). Updates `engine.io` from 6.6.1 to 6.6.2 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io/compare/[email protected]@6.6.2) Updates `express` from 4.21.0 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](expressjs/express@4.21.0...4.21.1) Updates `cookie` from 0.4.2 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.4.2...v0.7.1) --- updated-dependencies: - dependency-name: engine.io dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Oct 17, 2024
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.