Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group with 13 updates #25

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group with 13 updates #25

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 9, 2024

Bumps the npm_and_yarn group with 14 updates:

Package From To
ajv 4.11.8 6.12.6
request 2.81.0 2.88.2
async 2.5.0 2.6.4
base64url 2.0.0 removed
jws 3.1.4 3.2.2
dot-prop 4.2.0 4.2.1
extend 3.0.1 3.0.2
json-schema 0.2.3 0.4.0
jsprim 1.4.1 1.4.2
node-forge 0.7.1 removed
@google-cloud/storage 1.2.1 7.14.0
qs 6.4.0 6.4.1
request 2.81.0 removed
image-downloader 3.2.2 4.3.0

Updates ajv from 4.11.8 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

  • dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits
  • fe59143 6.12.6
  • d580d3e Merge pull request #1298 from ajv-validator/fix-url
  • fd36389 fix: regular expression for "url" format
  • 490e34c docs: link to v7-beta branch
  • 9cd93a1 docs: note about v7 in readme
  • 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
  • f1c8e45 6.12.5
  • 764035e Merge branch 'ChALkeR-chalker/fix-comma'
  • 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
  • a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
  • Additional commits viewable in compare view

Updates request from 2.81.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

v2.87.0 (2018/05/21)

v2.86.0 (2018/05/15)

v2.85.0 (2018/03/12)

v2.84.0 (2018/03/12)

v2.83.0 (2017/09/27)

v2.82.0 (2017/09/19)

Commits

Updates async from 2.5.0 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

  • Fix potential prototype pollution exploit (#1828)

v2.6.3

  • Updated lodash to squelch a security warning (#1675)

v2.6.2

  • Updated lodash to squelch a security warning (#1620)

v2.6.1

  • Updated lodash to prevent npm audit warnings. (#1532, #1533)
  • Made async-es more optimized for webpack users (#1517)
  • Fixed a stack overflow with large collections and a synchronous iterator (#1514)
  • Various small fixes/chores (#1505, #1511, #1527, #1530)

v2.6.0

  • Added missing aliases for many methods. Previously, you could not (e.g.) require('async/find') or use async.anyLimit. (#1483)
  • Improved queue performance. (#1448, #1454)
  • Add missing sourcemap (#1452, #1453)
  • Various doc updates (#1448, #1471, #1483)
Commits
Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.


Removes base64url

Updates jws from 3.1.4 to 3.2.2

Commits

Updates dot-prop from 4.2.0 to 4.2.1

Release notes

Sourced from dot-prop's releases.

v4.2.1

Commits

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

  • [Fix] Prevent merging __proto__ property (#48)
  • [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm
Commits
  • 8d106d2 v3.0.2
  • e97091f [Dev Deps] update tape
  • e841aac [Tests] up to node v10.7
  • 0e68e71 [Fix] Prevent merging proto property
  • a689700 Only apps should have lockfiles
  • f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
  • f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
  • See full diff in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits
  • f6f6a3b Use a little more robust method of checking instances
  • ef60987 Update version
  • b62f1da Protect against constructor modification, #84
  • fb427cd Link to json-schema-org repository in addition to site, fixes #54
  • 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
  • c52a27c Get basic test to pass
  • b3f42b3 Add security policy
  • 3b0cec3 Update version
  • c28470f Update readme to acknowledge the state of the package
  • 7dff9cd Merge pull request #81 from hodovani/patch-1
  • Additional commits viewable in compare view

Updates jsprim from 1.4.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

  • #35 Backport json-schema 0.4.0 to version 1.4.x
Commits
Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.


Removes node-forge

Updates @google-cloud/storage from 1.2.1 to 7.14.0

Release notes

Sourced from @​google-cloud/storage's releases.

v7.14.0

7.14.0 (2024-10-29)

Features

  • Add support for restore token (#2548) (8241e91)
  • Adds integration tests for Universe Domain configuration (#2538) (53db6ba)
  • Adds integration tests for Universe Domain configuration with (53db6ba)
  • storage: Add support for 'skipIfExists' option for downloadMany (#2526) (729efb2)

v7.13.0

7.13.0 (2024-09-17)

Features

  • storage: Add support for 'fields' query parameter to getFiles (#2521) (f78fe92)

Bug Fixes

v7.12.1

7.12.1 (2024-08-07)

Bug Fixes

  • deps: Update fast-xml-parser to 4.4.1 due to security vulnerability (#2505) (b97d474)

v7.12.0

7.12.0 (2024-07-15)

Features

  • Add function to allow user to set destination in transfer manager (#2497) (dc1e488)

v7.11.3

7.11.3 (2024-07-09)

Bug Fixes

  • Error serialization in resumable-upload.ts (#2493) (c2e555c)
  • Handle unhandled error in startResumableUpload_ (#2495) (d5257ba)
  • Make CreateBucketRequest extend from BucketMetadata to allow all… (#2489) (013a5a4)

... (truncated)

Changelog

Sourced from @​google-cloud/storage's changelog.

7.14.0 (2024-10-29)

Features

  • Add support for restore token (#2548) (8241e91)
  • Adds integration tests for Universe Domain configuration (#2538) (53db6ba)
  • Adds integration tests for Universe Domain configuration with (53db6ba)
  • storage: Add support for 'skipIfExists' option for downloadMany (#2526) (729efb2)

7.13.0 (2024-09-17)

Features

  • storage: Add support for 'fields' query parameter to getFiles (#2521) (f78fe92)

Bug Fixes

7.12.1 (2024-08-07)

Bug Fixes

  • deps: Update fast-xml-parser to 4.4.1 due to security vulnerability (#2505) (b97d474)

7.12.0 (2024-07-15)

Features

  • Add function to allow user to set destination in transfer manager (#2497) (dc1e488)

7.11.3 (2024-07-09)

Bug Fixes

  • Error serialization in resumable-upload.ts (#2493) (c2e555c)
  • Handle unhandled error in startResumableUpload_ (#2495) (d5257ba)
  • Make CreateBucketRequest extend from BucketMetadata to allow all… (#2489) (013a5a4)

7.11.2 (2024-06-07)

Bug Fixes

... (truncated)

Commits
  • cef7011 chore(main): release 7.14.0 (#2527)
  • 8241e91 feat: add support for restore token (#2548)
  • 5cdc4cb docs: fix comment in transfer manager upload sample (#2547)
  • 4853494 chore: remove unused issue templates (#2544)
  • 6007e26 chore: add owlbot ignores so it stops removing universe domain vars (#2543)
  • 53db6ba feat: adds integration tests for Universe Domain configuration (#2538)
  • 9e44593 chore: update links in github issue templates (#2539)
  • 89b4b7a chore: update issue templates and codeowners (#2528)
  • 729efb2 feat(storage): add support for 'skipIfExists' option for downloadMany (#2526)
  • c75513a chore(deps): update dependency path-to-regexp to v6.3.0 (#2525)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​google-cloud/storage since your current version.


Updates qs from 6.4.0 to 6.4.1

Changelog

Sourced from qs's changelog.

6.4.1

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] use safer-buffer instead of Buffer constructor
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 486aa46 v6.4.1
  • 727ef5d [Fix] parse: ignore __proto__ keys (#428)
  • cd1874e [Robustness] stringify: avoid relying on a global undefined (#427)
  • 45e987c [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 90a3bce [meta] fix README.md (#399)
  • 9566d25 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • 74227ef Clean up license text so it’s properly detected as BSD-3-Clause
  • 35dfb22 [actions] backport actions from main
  • 7d4670f [Dev Deps] backport from main
  • 0485440 [Fix] use safer-buffer instead of Buffer constructor
  • Additional commits viewable in compare view

Removes request

Updates image-downloader from 3.2.2 to 4.3.0

Release notes

Sourced from image-downloader's releases.

v4.3.0

This release adds a feature to automatically follow redirects.

Changes:

  • Automatically follow redirects using follow-redirects (87fee49)
  • Use the WHATWG URL API (04d071c)
  • Updates documentation (23fc3f0, 7a90714, 4bd986f)

v4.2.0

This release adds type definition file index.d.ts

v4.1.0

This release add support of relative path with dot char for options.dest #27.

v4.0.3

This release adds a handler streaming writing error (d28425b5)

v4.0.2

This release fixes a bug related to options.timeout.

v4.0.0

This major release removes dependency with request and deprecated usage.

Changes

  • Options followRedirect, followAllRedirects and maxRedirects have been removed.
  • The deprecated usage from 3.x has been removed

v3.5.0

This release introduces a new option options.extractFilename and fix an issue related to the Filename Encoding.

Feature

  • Introduce options.extractFilename to avoid extracting filename from URL.

    This option is useful when trying to save a file without an extension. The default value is true.

    See README file. #16

Bug fixes

  • When saving file, URLs with encoding chars like %20 were not decoded.

    Now the filename is decoded before the saving stage. #22

v3.4.2

This release fix an issue that occur on Windows when generating filename from an URL with complex params.

3.3.0

... (truncated)

Commits
  • 19a53f6 Image Downloader 4.3.0
  • 643be83 Set release version to 4.3.0
  • 6e7fa27 Update dev dependencies
  • 23fc3f0 Update links with new main branch
  • 4bd986f Improve contributing section
  • 7a90714 Improve documentation
  • 87fee49 Automatically follow redirects using follow-redirects
  • 04d071c Use the WHATWG URL API
  • 3c45694 Set release version to 4.2.0
  • 2d1e9ab Disable jest notify option
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group with 13 updates
be003c9 
Bumps the npm_and_yarn group with 14 updates:

| Package | From | To |
| --- | --- | --- |
| [ajv](https://github.com/ajv-validator/ajv) | `4.11.8` | `6.12.6` |
| [request](https://github.com/request/request) | `2.81.0` | `2.88.2` |
| [async](https://github.com/caolan/async) | `2.5.0` | `2.6.4` |
| [base64url](https://github.com/brianloveswords/base64url) | `2.0.0` | `removed` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.1.4` | `3.2.2` |
| [dot-prop](https://github.com/sindresorhus/dot-prop) | `4.2.0` | `4.2.1` |
| [extend](https://github.com/justmoon/node-extend) | `3.0.1` | `3.0.2` |
| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |
| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |
| [node-forge](https://github.com/digitalbazaar/forge) | `0.7.1` | `removed` |
| [@google-cloud/storage](https://github.com/googleapis/nodejs-storage) | `1.2.1` | `7.14.0` |
| [qs](https://github.com/ljharb/qs) | `6.4.0` | `6.4.1` |
| [request](https://github.com/request/request) | `2.81.0` | `removed` |
| [image-downloader](https://gitlab.com/demsking/image-downloader) | `3.2.2` | `4.3.0` |


Updates `ajv` from 4.11.8 to 6.12.6
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@4.11.8...v6.12.6)

Updates `request` from 2.81.0 to 2.88.2
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](https://github.com/request/request/commits)

Updates `async` from 2.5.0 to 2.6.4
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](caolan/async@v2.5.0...v2.6.4)

Removes `base64url`

Updates `jws` from 3.1.4 to 3.2.2
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.1.4...v3.2.2)

Updates `dot-prop` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/sindresorhus/dot-prop/releases)
- [Commits](sindresorhus/dot-prop@v4.2.0...v4.2.1)

Updates `extend` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/justmoon/node-extend/blob/main/CHANGELOG.md)
- [Commits](justmoon/node-extend@v3.0.1...v3.0.2)

Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

Removes `node-forge`

Updates `@google-cloud/storage` from 1.2.1 to 7.14.0
- [Release notes](https://github.com/googleapis/nodejs-storage/releases)
- [Changelog](https://github.com/googleapis/nodejs-storage/blob/main/CHANGELOG.md)
- [Commits](googleapis/nodejs-storage@v1.2.1...v7.14.0)

Updates `qs` from 6.4.0 to 6.4.1
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.4.0...v6.4.1)

Removes `request`

Updates `image-downloader` from 3.2.2 to 4.3.0
- [Release notes](https://gitlab.com/demsking/image-downloader/tags)
- [Commits](https://gitlab.com/demsking/image-downloader/compare/3.2.2...v4.3.0)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: request
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: async
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: base64url
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dot-prop
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: extend
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json-schema
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jsprim
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-forge
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@google-cloud/storage"
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: request
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: image-downloader
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 9, 2024
@dependabot dependabot bot mentioned this pull request Dec 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants