pinball

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	feabc63d4d	chore(deps): bump path-to-regexp and express in /functions (#511 ) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `path-to-regexp` from 0.1.10 to 0.1.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/releases">path-to-regexp's releases</a>.</em></p> <blockquote> <h2>Fix backtracking (again)</h2> <p><strong>Fixed</strong></p> <ul> <li>Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: <a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j">https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j</a>)</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12">https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12</a></p> <h2>Error on bad input</h2> <p><strong>Changed</strong></p> <ul> <li>Add error on bad input values 8f09549</li> </ul> <p><a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11">https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`640e694c6f`"><code>640e694</code></a> 0.1.12</li> <li><a href="`f01c26a013`"><code>f01c26a</code></a> Merge commit from fork</li> <li><a href="`0c7119248b`"><code>0c71192</code></a> 0.1.11</li> <li><a href="`8f095497d6`"><code>8f09549</code></a> Add error on bad input values</li> <li>See full diff in <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12">compare view</a></li> </ul> </details> <br /> Updates `express` from 4.21.0 to 4.21.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> <h2>4.21.1</h2> <h2>What's Changed</h2> <ul> <li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a href="https://github.com/joshbuker"><code>@joshbuker</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li> <li>Release: 4.21.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.21.2/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> <h1>4.21.1 / 2024-10-08</h1> <ul> <li>Backported a fix for <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1faf228935`"><code>1faf228</code></a> 4.21.2</li> <li><a href="`2e0fb646d0`"><code>2e0fb64</code></a> deps: bump path-to-regexp@0.1.12 (<a href="https://redirect.github.com/expressjs/express/issues/6209">#6209</a>)</li> <li><a href="`59fc27028e`"><code>59fc270</code></a> deps: path-to-regexp@0.1.11 (<a href="https://redirect.github.com/expressjs/express/issues/5956">#5956</a>)</li> <li><a href="`51fc39ccf8`"><code>51fc39c</code></a> docs: add funding (<a href="https://redirect.github.com/expressjs/express/issues/6065">#6065</a>)</li> <li><a href="`8e229f9275`"><code>8e229f9</code></a> 4.21.1</li> <li><a href="`a024c8a7b6`"><code>a024c8a</code></a> fix(deps): cookie@0.7.1</li> <li>See full diff in <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~jonchurch">jonchurch</a>, a new releaser for express since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flutter/pinball/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	479868284a	chore(deps): bump body-parser and express in /functions (#509 ) Bumps [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `body-parser` from 1.20.2 to 1.20.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/releases">body-parser's releases</a>.</em></p> <blockquote> <h2>1.20.3</h2> <h2>What's Changed</h2> <h3>Important</h3> <ul> <li>deps: qs@6.13.0</li> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li><strong>IMPORTANT:</strong> The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>). <a href="`1752951367/README.md (depth)`">Documentation</a></li> </ul> <h3>Other changes</h3> <ul> <li>chore: add support for OSSF scorecard reporting by <a href="https://github.com/inigomarquinez"><code>@inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/522">expressjs/body-parser#522</a></li> <li>ci: fix errors in ci github action for node 8 and 9 by <a href="https://github.com/inigomarquinez"><code>@inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/523">expressjs/body-parser#523</a></li> <li>fix: pin to node@22.4.1 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/527">expressjs/body-parser#527</a></li> <li>deps: qs@6.12.3 by <a href="https://github.com/melikhov-dev"><code>@melikhov-dev</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/521">expressjs/body-parser#521</a></li> <li>Add OSSF Scorecard badge by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/531">expressjs/body-parser#531</a></li> <li>Linter by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/534">expressjs/body-parser#534</a></li> <li>Release: 1.20.3 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/535">expressjs/body-parser#535</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/inigomarquinez"><code>@inigomarquinez</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/body-parser/pull/522">expressjs/body-parser#522</a></li> <li><a href="https://github.com/melikhov-dev"><code>@melikhov-dev</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/body-parser/pull/521">expressjs/body-parser#521</a></li> <li><a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/body-parser/pull/531">expressjs/body-parser#531</a></li> <li><a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/body-parser/pull/534">expressjs/body-parser#534</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3">https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's changelog</a>.</em></p> <blockquote> <h1>1.20.3 / 2024-09-10</h1> <ul> <li>deps: qs@6.13.0</li> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1752951367`"><code>1752951</code></a> 1.20.3</li> <li><a href="`39744cfe2a`"><code>39744cf</code></a> chore: linter (<a href="https://redirect.github.com/expressjs/body-parser/issues/534">#534</a>)</li> <li><a href="`b2695c4450`"><code>b2695c4</code></a> Merge commit from fork</li> <li><a href="`ade0f3f82f`"><code>ade0f3f</code></a> add scorecard to readme (<a href="https://redirect.github.com/expressjs/body-parser/issues/531">#531</a>)</li> <li><a href="`99a1bd6245`"><code>99a1bd6</code></a> deps: qs@6.12.3 (<a href="https://redirect.github.com/expressjs/body-parser/issues/521">#521</a>)</li> <li><a href="`9478591605`"><code>9478591</code></a> fix: pin to node@22.4.1</li> <li><a href="`83db46a1e5`"><code>83db46a</code></a> ci: fix errors in ci github action for node 8 and 9 (<a href="https://redirect.github.com/expressjs/body-parser/issues/523">#523</a>)</li> <li><a href="`9d4e2125b5`"><code>9d4e212</code></a> chore: add support for OSSF scorecard reporting (<a href="https://redirect.github.com/expressjs/body-parser/issues/522">#522</a>)</li> <li>See full diff in <a href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new releaser for body-parser since your current version.</p> </details> <br /> Updates `express` from 4.19.2 to 4.21.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.21.0</h2> <h2>What's Changed</h2> <ul> <li>Deprecate <code>"back"</code> magic string in redirects by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li> <li>finalhandler@1.3.1 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li> <li>fix(deps): serve-static@1.16.2 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li> <li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.20.0...4.21.0">https://github.com/expressjs/express/compare/4.20.0...4.21.0</a></p> <h2>4.20.0</h2> <h2>What's Changed</h2> <h3>Important</h3> <ul> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> <li>Remove link renderization in html while using <code>res.redirect</code></li> </ul> <h3>Other Changes</h3> <ul> <li>4.19.2 Staging by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li> <li>remove duplicate location test for data uri by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li> <li>feat: document beta releases expectations by <a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li> <li>Cut down on duplicated CI runs by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li> <li>Add a Threat Model by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5526">expressjs/express#5526</a></li> <li>Assign captain of encodeurl by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5579">expressjs/express#5579</a></li> <li>Nominate jonchurch as repo captain for <code>http-errors</code>, <code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>, <code>body-parser</code> by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5587">expressjs/express#5587</a></li> <li>docs: update Security.md by <a href="https://github.com/inigomarquinez"><code>@inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5590">expressjs/express#5590</a></li> <li>docs: update triage nomination policy by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5600">expressjs/express#5600</a></li> <li>Add CodeQL (SAST) by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5433">expressjs/express#5433</a></li> <li>docs: add UlisesGascon as triage initiative captain by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5605">expressjs/express#5605</a></li> <li>deps: encodeurl@~2.0.0 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5569">expressjs/express#5569</a></li> <li>skip QUERY method test by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5628">expressjs/express#5628</a></li> <li>ignore ETAG query test on 21 and 22, reuse skip util by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5639">expressjs/express#5639</a></li> <li>add support Node.js@22 in the CI by <a href="https://github.com/mertcanaltin"><code>@mertcanaltin</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5627">expressjs/express#5627</a></li> <li>doc: add table of contents, tc/triager lists to readme by <a href="https://github.com/mertcanaltin"><code>@mertcanaltin</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5619">expressjs/express#5619</a></li> <li>List and sort all projects, add captains by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5653">expressjs/express#5653</a></li> <li>docs: add <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> as captain for cookie-parser by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5666">expressjs/express#5666</a></li> <li>✨ bring back query tests for node 21 by <a href="https://github.com/ctcpip"><code>@ctcpip</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5690">expressjs/express#5690</a></li> <li>[v4] Deprecate <code>res.clearCookie</code> accepting <code>options.maxAge</code> and <code>options.expires</code> by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5672">expressjs/express#5672</a></li> <li>skip QUERY tests for Node 21 only, still not supported by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5695">expressjs/express#5695</a></li> <li>📝 update people, add ctcpip to TC by <a href="https://github.com/ctcpip"><code>@ctcpip</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5683">expressjs/express#5683</a></li> <li>remove minor version pinning from ci by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5722">expressjs/express#5722</a></li> <li>Fix link variable use in attribution section of CODE OF CONDUCT by <a href="https://github.com/IamLizu"><code>@IamLizu</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5762">expressjs/express#5762</a></li> <li>Replace Appveyor windows testing with GHA by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5599">expressjs/express#5599</a></li> <li>Add OSSF Scorecard badge by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5436">expressjs/express#5436</a></li> <li>update scorecard link by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5814">expressjs/express#5814</a></li> <li>Nominate <a href="https://github.com/IamLizu"><code>@IamLizu</code></a> to the triage team by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5836">expressjs/express#5836</a></li> <li>deps: path-to-regexp@0.1.8 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5603">expressjs/express#5603</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.21.0/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.21.0 / 2024-09-11</h1> <ul> <li>Deprecate <code>res.location("back")</code> and <code>res.redirect("back")</code> magic string</li> <li>deps: serve-static@1.16.2 <ul> <li>includes send@0.19.0</li> </ul> </li> <li>deps: finalhandler@1.3.1</li> <li>deps: qs@6.13.0</li> </ul> <h1>4.20.0 / 2024-09-10</h1> <ul> <li>deps: serve-static@0.16.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: send@0.19.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: body-parser@0.6.0 <ul> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> </ul> </li> <li>Remove link renderization in html while using <code>res.redirect</code></li> <li>deps: path-to-regexp@0.1.10 <ul> <li>Adds support for named matching groups in the routes using a regex</li> <li>Adds backtracking protection to parameters without regexes defined</li> </ul> </li> <li>deps: encodeurl@~2.0.0 <ul> <li>Removes encoding of <code>\</code>, <code>\|</code>, and <code>^</code> to align better with URL spec</li> </ul> </li> <li>Deprecate passing <code>options.maxAge</code> and <code>options.expires</code> to <code>res.clearCookie</code> <ul> <li>Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`7e562c6d8d`"><code>7e562c6</code></a> 4.21.0</li> <li><a href="`1bcde96bc8`"><code>1bcde96</code></a> fix(deps): qs@6.13.0 (<a href="https://redirect.github.com/expressjs/express/issues/5946">#5946</a>)</li> <li><a href="`7d36477568`"><code>7d36477</code></a> fix(deps): serve-static@1.16.2 (<a href="https://redirect.github.com/expressjs/express/issues/5951">#5951</a>)</li> <li><a href="`40d2d8f2c8`"><code>40d2d8f</code></a> fix(deps): finalhandler@1.3.1</li> <li><a href="`77ada906db`"><code>77ada90</code></a> Deprecate <code>"back"</code> magic string in redirects (<a href="https://redirect.github.com/expressjs/express/issues/5935">#5935</a>)</li> <li><a href="`21df421ebc`"><code>21df421</code></a> 4.20.0</li> <li><a href="`4c9ddc1c47`"><code>4c9ddc1</code></a> feat: upgrade to serve-static@0.16.0</li> <li><a href="`9ebe5d500d`"><code>9ebe5d5</code></a> feat: upgrade to send@0.19.0 (<a href="https://redirect.github.com/expressjs/express/issues/5928">#5928</a>)</li> <li><a href="`ec4a01b6b8`"><code>ec4a01b</code></a> feat: upgrade to body-parser@1.20.3 (<a href="https://redirect.github.com/expressjs/express/issues/5926">#5926</a>)</li> <li><a href="`54271f69b5`"><code>54271f6</code></a> fix: don't render redirect values in anchor href</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/4.19.2...4.21.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flutter/pinball/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	24e00b4816	chore(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 in /functions (#506 )	2 years ago
dependabot[bot]	fa2df01d6d	chore(deps): bump jsonwebtoken, firebase-admin and firebase-functions in /functions (#502 ) Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) to 9.0.2 and updates ancestor dependencies [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken), [firebase-admin](https://github.com/firebase/firebase-admin-node) and [firebase-functions](https://github.com/firebase/firebase-functions). These dependencies need to be updated together. Updates `jsonwebtoken` from 8.5.1 to 9.0.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md">jsonwebtoken's changelog</a>.</em></p> <blockquote> <h2>9.0.2 - 2023-08-30</h2> <ul> <li>security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes <a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/921">#921</a>.</li> <li>refactor: reduce library size by using lodash specific dependencies, closes <a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/878">#878</a>.</li> </ul> <h2>9.0.1 - 2023-07-05</h2> <ul> <li>fix(stubs): allow decode method to be stubbed</li> </ul> <h2>9.0.0 - 2022-12-21</h2> <p><strong>Breaking changes: See <a href="https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9">Migration from v8 to v9</a></strong></p> <h3>Breaking changes</h3> <ul> <li>Removed support for Node versions 11 and below.</li> <li>The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]<a href="`8345030795`</a>)</li> <li>RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]<a href="`ecdf6cc607`</a>)</li> <li>Key types must be valid for the signing / verification algorithm</li> </ul> <h3>Security fixes</h3> <ul> <li>security: fixes <code>Arbitrary File Write via verify function</code> - CVE-2022-23529</li> <li>security: fixes <code>Insecure default algorithm in jwt.verify() could lead to signature validation bypass</code> - CVE-2022-23540</li> <li>security: fixes <code>Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC</code> - CVE-2022-23541</li> <li>security: fixes <code>Unrestricted key type could lead to legacy keys usage</code> - CVE-2022-23539</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`bc28861f1f`"><code>bc28861</code></a> Release 9.0.2 (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/935">#935</a>)</li> <li><a href="`96b89060cf`"><code>96b8906</code></a> refactor: use specific lodash packages (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/933">#933</a>)</li> <li><a href="`ed35062239`"><code>ed35062</code></a> security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/932">#932</a>)</li> <li><a href="`84539b29e1`"><code>84539b2</code></a> Updating package version to 9.0.1 (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/920">#920</a>)</li> <li><a href="`a99fd4b473`"><code>a99fd4b</code></a> fix(stubs): allow decode method to be stubbed (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/876">#876</a>)</li> <li><a href="`e1fa9dcc12`"><code>e1fa9dc</code></a> Merge pull request from GHSA-8cf7-32gw-wr33</li> <li><a href="`5eaedbf2b0`"><code>5eaedbf</code></a> chore(ci): remove github test actions job (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/861">#861</a>)</li> <li><a href="`cd4163eb14`"><code>cd4163e</code></a> chore(ci): configure Github Actions jobs for Tests & Security Scanning (<a href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/856">#856</a>)</li> <li><a href="`ecdf6cc607`"><code>ecdf6cc</code></a> fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...</li> <li><a href="`8345030795`"><code>8345030</code></a> fix(sign&verify)!: Remove default <code>none</code> support from <code>sign</code> and <code>verify</code> met...</li> <li>Additional commits viewable in <a href="https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~charlesrea">charlesrea</a>, a new releaser for jsonwebtoken since your current version.</p> </details> <br /> Updates `firebase-admin` from 10.2.0 to 12.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/firebase/firebase-admin-node/releases">firebase-admin's releases</a>.</em></p> <blockquote> <h2>Firebase Admin Node.js SDK v12.2.0</h2> <h3>Breaking Changes</h3> <ul> <li>change: Deprecate Node.js 16 support (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2574">#2574</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>fix: Replace <code>farmhash</code> with <code>farmhash-modern</code> (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603">#2603</a>)</li> <li>fix: Make ADC + human account work with firebase-admin (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553">#2553</a>)</li> <li>fix: Use optional chaining in FirebaseError (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2581">#2581</a>)</li> </ul> <h3>Miscellaneous</h3> <ul> <li>[chore] Release 12.2.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605">#2605</a>)</li> <li>build(deps): bump uuid from 9.0.1 to 10.0.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599">#2599</a>)</li> <li>build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593">#2593</a>)</li> <li>build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595">#2595</a>)</li> <li>build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592">#2592</a>)</li> <li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to 4.17.5 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594">#2594</a>)</li> <li>build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0 to 7.8.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583">#2583</a>)</li> <li>build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585">#2585</a>)</li> <li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.34 to 0.2.35 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2575">#2575</a>)</li> <li>build(deps-dev): bump chai-as-promised from 7.1.1 to 7.1.2 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2578">#2578</a>)</li> <li>build(deps): bump <code>@google-cloud/storage</code> from 7.11.0 to 7.11.1 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2579">#2579</a>)</li> </ul> <h2>Firebase Admin Node.js SDK v12.1.1</h2> <h3>Bug Fixes</h3> <ul> <li>fix: Export error classes (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2151">#2151</a>)</li> </ul> <h3>Miscellaneous</h3> <ul> <li>[chore] Release 12.1.1 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2561">#2561</a>)</li> <li>build(deps): updgrade jwks-rsa (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2570">#2570</a>)</li> <li>--- (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2568">#2568</a>)</li> <li>--- (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2566">#2566</a>)</li> <li>--- (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2567">#2567</a>)</li> <li>--- (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2569">#2569</a>)</li> <li>build(deps-dev): bump <code>@firebase/auth-types</code> from 0.12.1 to 0.12.2 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2556">#2556</a>)</li> <li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from 7.43.2 to 7.43.7 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2559">#2559</a>)</li> <li>chore: upgrade firestore to 7.7.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2560">#2560</a>)</li> <li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.32 to 0.2.33 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2555">#2555</a>)</li> <li>build(deps): bump <code>@google-cloud/firestore</code> from 7.6.0 to 7.7.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2558">#2558</a>)</li> <li>Fix api extractor issues to expose error types (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2549">#2549</a>)</li> <li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.0 to 4.17.1 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2546">#2546</a>)</li> <li>build(deps): bump <code>@google-cloud/storage</code> from 7.10.2 to 7.11.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2547">#2547</a>)</li> <li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from 7.43.1 to 7.43.2 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2545">#2545</a>)</li> <li>build(deps): bump <code>@types/node</code> from 20.12.7 to 20.12.10 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2544">#2544</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`5620e9c6bd`"><code>5620e9c</code></a> [chore] Release 12.2.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605">#2605</a>)</li> <li><a href="`f6f7cb9650`"><code>f6f7cb9</code></a> build(deps): bump uuid from 9.0.1 to 10.0.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599">#2599</a>)</li> <li><a href="`b890182e73`"><code>b890182</code></a> fix: Replace <code>farmhash</code> with <code>farmhash-modern</code> (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603">#2603</a>)</li> <li><a href="`5f0f253301`"><code>5f0f253</code></a> fix: Make ADC + human account work with firebase-admin (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553">#2553</a>)</li> <li><a href="`fdde8c3a6f`"><code>fdde8c3</code></a> build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593">#2593</a>)</li> <li><a href="`07855bfd77`"><code>07855bf</code></a> build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595">#2595</a>)</li> <li><a href="`54405804a8`"><code>5440580</code></a> build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592">#2592</a>)</li> <li><a href="`5f01f63da5`"><code>5f01f63</code></a> build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to 4.17.5 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594">#2594</a>)</li> <li><a href="`4070f5bf41`"><code>4070f5b</code></a> build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0 to 7.8.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583">#2583</a>)</li> <li><a href="`07cfca83d8`"><code>07cfca8</code></a> build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0 (<a href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585">#2585</a>)</li> <li>Additional commits viewable in <a href="https://github.com/firebase/firebase-admin-node/compare/v10.2.0...v12.2.0">compare view</a></li> </ul> </details> <br /> Updates `firebase-functions` from 3.21.0 to 3.24.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/firebase/firebase-functions/releases">firebase-functions's releases</a>.</em></p> <blockquote> <h2>v3.24.1</h2> <ul> <li>Fix reference docs for performance monitoring.</li> <li>Fix bug where function configuration wil null values couldn't be deployed. (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1246">#1246</a>)</li> </ul> <h2>v3.24.0</h2> <ul> <li>Add performance monitoring triggers to v2 alerts (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1223">#1223</a>).</li> </ul> <h2>v3.23.0</h2> <ul> <li>Fixes a bug that disallowed setting customClaims and/or sessionClaims in blocking functions (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1199">#1199</a>).</li> <li>Add v2 Schedule Triggers (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1177">#1177</a>).</li> </ul> <h2>v3.22.0</h2> <ul> <li>Adds RTDB Triggers for v2 functions (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1127">#1127</a>)</li> <li>Adds support for Firebase Admin SDK v11 (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1151">#1151</a>)</li> <li>Fixes bug where emulated task queue function required auth header (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1154">#1154</a>)</li> </ul> <h2>v3.21.2</h2> <ul> <li>Fixes bug where <code>toJSON</code> was not defined in <code>UserRecord</code> (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1125">#1125</a>).</li> </ul> <h2>v3.21.1</h2> <ul> <li>Add debug feature to enable cors option for v2 onRequest and onCall handlers. (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1099">#1099</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`e4bda7d683`"><code>e4bda7d</code></a> 3.24.1</li> <li><a href="`3c5392dfee`"><code>3c5392d</code></a> Hide documentation for in-app feedback (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1245">#1245</a>)</li> <li><a href="`cc6e28e6ed`"><code>cc6e28e</code></a> Fix bug where function configuration with null couldn't be deployed. (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1246">#1246</a>)</li> <li><a href="`cf27ac6b0b`"><code>cf27ac6</code></a> Adding required --project flag to v2 docgen script. (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1239">#1239</a>)</li> <li><a href="`1ac04adba9`"><code>1ac04ad</code></a> fix tsdoc comments (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1240">#1240</a>)</li> <li><a href="`bd0fcbc595`"><code>bd0fcbc</code></a> [firebase-release] Removed change log and reset repo after 3.24.0 release</li> <li><a href="`e191af7148`"><code>e191af7</code></a> 3.24.0</li> <li><a href="`b93e397b32`"><code>b93e397</code></a> Don't delete fields on a non-breaking change release (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1238">#1238</a>)</li> <li><a href="`65e66a2138`"><code>65e66a2</code></a> Converting alert type and app id to camel case in the CloudEvent (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1236">#1236</a>)</li> <li><a href="`c18e832d92`"><code>c18e832</code></a> Adds performance monitoring triggers to v2 alerts (<a href="https://redirect.github.com/firebase/firebase-functions/issues/1223">#1223</a>)</li> <li>Additional commits viewable in <a href="https://github.com/firebase/firebase-functions/compare/v3.21.0...v3.24.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flutter/pinball/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	7137067a15	chore(deps): bump express from 4.18.1 to 4.19.2 in /functions (#501 ) Bumps [express](https://github.com/expressjs/express) from 4.18.1 to 4.19.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.19.2</h2> <h2>What's Changed</h2> <ul> <li><a href="`0b746953c4`">Improved fix for open redirect allow list bypass</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.19.1...4.19.2">https://github.com/expressjs/express/compare/4.19.1...4.19.2</a></p> <h2>4.19.1</h2> <h2>What's Changed</h2> <ul> <li>Fix ci after location patch by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5552">expressjs/express#5552</a></li> <li>fixed un-edited version in history.md for 4.19.0 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5556">expressjs/express#5556</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.19.0...4.19.1">https://github.com/expressjs/express/compare/4.19.0...4.19.1</a></p> <h2>4.19.0</h2> <h2>What's Changed</h2> <ul> <li>fix typo in release date by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5527">expressjs/express#5527</a></li> <li>docs: nominating <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> to be project captian by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5511">expressjs/express#5511</a></li> <li>docs: loosen TC activity rules by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5510">expressjs/express#5510</a></li> <li>Add note on how to update docs for new release by <a href="https://github.com/crandmck"><code>@crandmck</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5541">expressjs/express#5541</a></li> <li><a href="`660ccf5fa3`">Prevent open redirect allow list bypass due to encodeurl</a></li> <li>Release 4.19.0 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5551">expressjs/express#5551</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/crandmck"><code>@crandmck</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5541">expressjs/express#5541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.18.3...4.19.0">https://github.com/expressjs/express/compare/4.18.3...4.19.0</a></p> <h2>4.18.3</h2> <h2>Main Changes</h2> <ul> <li>Fix routing requests without method</li> <li>deps: body-parser@1.20.2 <ul> <li>Fix strict json error message on Node.js 19+</li> <li>deps: content-type@~1.0.5</li> <li>deps: raw-body@2.5.2</li> </ul> </li> </ul> <h2>Other Changes</h2> <ul> <li>Use https: protocol instead of deprecated git: protocol by <a href="https://github.com/vcsjones"><code>@vcsjones</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5032">expressjs/express#5032</a></li> <li>build: Node.js@16.18 and Node.js@18.12 by <a href="https://github.com/abenhamdine"><code>@abenhamdine</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5034">expressjs/express#5034</a></li> <li>ci: update actions/checkout to v3 by <a href="https://github.com/armujahid"><code>@armujahid</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5027">expressjs/express#5027</a></li> <li>test: remove unused function arguments in params by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5124">expressjs/express#5124</a></li> <li>Remove unused originalIndex from acceptParams by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5119">expressjs/express#5119</a></li> <li>Fixed typos by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5117">expressjs/express#5117</a></li> <li>examples: remove unused params by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5113">expressjs/express#5113</a></li> <li>fix: parameter str is not described in JSDoc by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5130">expressjs/express#5130</a></li> <li>fix: typos in History.md by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5131">expressjs/express#5131</a></li> <li>build : add Node.js@19.7 by <a href="https://github.com/abenhamdine"><code>@abenhamdine</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5028">expressjs/express#5028</a></li> <li>test: remove unused function arguments in params by <a href="https://github.com/raksbisht"><code>@raksbisht</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5137">expressjs/express#5137</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/master/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.19.2 / 2024-03-25</h1> <ul> <li>Improved fix for open redirect allow list bypass</li> </ul> <h1>4.19.1 / 2024-03-20</h1> <ul> <li>Allow passing non-strings to res.location with new encoding handling checks</li> </ul> <h1>4.19.0 / 2024-03-20</h1> <ul> <li>Prevent open redirect allow list bypass due to encodeurl</li> <li>deps: cookie@0.6.0</li> </ul> <h1>4.18.3 / 2024-02-29</h1> <ul> <li>Fix routing requests without method</li> <li>deps: body-parser@1.20.2 <ul> <li>Fix strict json error message on Node.js 19+</li> <li>deps: content-type@~1.0.5</li> <li>deps: raw-body@2.5.2</li> </ul> </li> <li>deps: cookie@0.6.0 <ul> <li>Add <code>partitioned</code> option</li> </ul> </li> </ul> <h1>4.18.2 / 2022-10-08</h1> <ul> <li>Fix regression routing a large stack in a single route</li> <li>deps: body-parser@1.20.1 <ul> <li>deps: qs@6.11.0</li> <li>perf: remove unnecessary object clone</li> </ul> </li> <li>deps: qs@6.11.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`04bc62787b`"><code>04bc627</code></a> 4.19.2</li> <li><a href="`da4d763ff6`"><code>da4d763</code></a> Improved fix for open redirect allow list bypass</li> <li><a href="`4f0f6cc67d`"><code>4f0f6cc</code></a> 4.19.1</li> <li><a href="`a003cfab03`"><code>a003cfa</code></a> Allow passing non-strings to res.location with new encoding handling checks f...</li> <li><a href="`a1fa90fcea`"><code>a1fa90f</code></a> fixed un-edited version in history.md for 4.19.0</li> <li><a href="`11f2b1db22`"><code>11f2b1d</code></a> build: fix build due to inconsistent supertest behavior in older versions</li> <li><a href="`084e36506a`"><code>084e365</code></a> 4.19.0</li> <li><a href="`0867302ddb`"><code>0867302</code></a> Prevent open redirect allow list bypass due to encodeurl</li> <li><a href="`567c9c665d`"><code>567c9c6</code></a> Add note on how to update docs for new release (<a href="https://redirect.github.com/expressjs/express/issues/5541">#5541</a>)</li> <li><a href="`69a4cf2819`"><code>69a4cf2</code></a> deps: cookie@0.6.0</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/4.18.1...4.19.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~wesleytodd">wesleytodd</a>, a new releaser for express since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.18.1&new-version=4.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flutter/pinball/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>	2 years ago
dependabot[bot]	ca4a79d462	chore(deps): bump jose from 2.0.5 to 2.0.7 in /functions (#500 ) Bumps [jose](https://github.com/panva/jose) from 2.0.5 to 2.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/panva/jose/releases">jose's releases</a>.</em></p> <blockquote> <h2>v2.0.7</h2> <h3>Fixes</h3> <ul> <li>add a maxOutputLength option to zlib inflate (<a href="`02a65794f7`">02a6579</a>), fixes <a href="https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q">CVE-2024-28176</a></li> </ul> <h2>v2.0.6</h2> <h3>Fixes</h3> <ul> <li>limit default PBES2 alg's computational expense (<a href="`c1512be660`">c1512be</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/panva/jose/blob/v2.0.7/CHANGELOG.md">jose's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/panva/jose/compare/v2.0.6...v2.0.7">2.0.7</a> (2024-03-07)</h2> <h3>Bug Fixes</h3> <ul> <li>add a maxOutputLength option to zlib inflate (<a href="`02a65794f7`">02a6579</a>)</li> </ul> <h2><a href="https://github.com/panva/jose/compare/v2.0.5...v2.0.6">2.0.6</a> (2022-09-01)</h2> <h3>Bug Fixes</h3> <ul> <li>limit default PBES2 alg's computational expense (<a href="`c1512be660`">c1512be</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0fbe2e68c7`"><code>0fbe2e6</code></a> chore(release): 2.0.7</li> <li><a href="`02a65794f7`"><code>02a6579</code></a> fix: add a maxOutputLength option to zlib inflate</li> <li><a href="`d1be83faa6`"><code>d1be83f</code></a> chore(release): 2.0.6</li> <li><a href="`c1512be660`"><code>c1512be</code></a> fix: limit default PBES2 alg's computational expense</li> <li>See full diff in <a href="https://github.com/panva/jose/compare/v2.0.5...v2.0.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jose&package-manager=npm_and_yarn&previous-version=2.0.5&new-version=2.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flutter/pinball/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>	2 years ago
Felix Angelov	6454d166e9	feat(functions): add leaderboard cleanup function (#376 )	4 years ago

7 Commits (main)