feabc63d4d
chore(deps): bump path-to-regexp and express in /functions ( #511 )
...
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp ) and
[express](https://github.com/expressjs/express ). These dependencies
needed to be updated together.
Updates `path-to-regexp` from 0.1.10 to 0.1.12
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pillarjs/path-to-regexp/releases ">path-to-regexp's
releases</a>.</em></p>
<blockquote>
<h2>Fix backtracking (again)</h2>
<p><strong>Fixed</strong></p>
<ul>
<li>Improved backtracking protection for 0.1.x, will break some
previously valid paths (see previous advisory: <a
href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j ">https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j </a>)</li>
</ul>
<p><a
href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12 ">https://github.com/pillarjs/path-to-regexp/compare/v0.1.11...v0.1.12 </a></p>
<h2>Error on bad input</h2>
<p><strong>Changed</strong></p>
<ul>
<li>Add error on bad input values 8f09549</li>
</ul>
<p><a
href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11 ">https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.11 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="640e694c6ff01c26a0130c7119248b8f095497d6https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `express` from 4.21.0 to 4.21.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases ">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065 ">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956 ">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209 ">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094 ">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2 ">https://github.com/expressjs/express/compare/4.21.1...4.21.2 </a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker "><code>@joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029 ">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031 ">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1 ">https://github.com/expressjs/express/compare/4.21.0...4.21.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.2/History.md ">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764 ">CVE-2024-47764</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1faf2289352e0fb646d0https://redirect.github.com/expressjs/express/issues/6209 ">#6209</a>)</li>
<li><a
href="59fc27028ehttps://redirect.github.com/expressjs/express/issues/5956 ">#5956</a>)</li>
<li><a
href="51fc39ccf8https://redirect.github.com/expressjs/express/issues/6065 ">#6065</a>)</li>
<li><a
href="8e229f9275a024c8a7b6https://github.com/expressjs/express/compare/4.21.0...4.21.2 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~jonchurch ">jonchurch</a>, a new releaser
for express since your current version.</p>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
10 months ago
479868284a
chore(deps): bump body-parser and express in /functions ( #509 )
...
Bumps [body-parser](https://github.com/expressjs/body-parser ) and
[express](https://github.com/expressjs/express ). These dependencies
needed to be updated together.
Updates `body-parser` from 1.20.2 to 1.20.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases ">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>1.20.3</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li><strong>IMPORTANT:</strong> The default <code>depth</code> level for
parsing URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>). <a
href="1752951367/README.md (depth)https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522 ">expressjs/body-parser#522</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/523 ">expressjs/body-parser#523</a></li>
<li>fix: pin to node@22.4.1 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/527 ">expressjs/body-parser#527</a></li>
<li>deps: qs@6.12.3 by <a
href="https://github.com/melikhov-dev "><code>@melikhov-dev</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521 ">expressjs/body-parser#521</a></li>
<li>Add OSSF Scorecard badge by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/531 ">expressjs/body-parser#531</a></li>
<li>Linter by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534 ">expressjs/body-parser#534</a></li>
<li>Release: 1.20.3 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/535 ">expressjs/body-parser#535</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/522 ">expressjs/body-parser#522</a></li>
<li><a
href="https://github.com/melikhov-dev "><code>@melikhov-dev</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/521 ">expressjs/body-parser#521</a></li>
<li><a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/531 ">expressjs/body-parser#531</a></li>
<li><a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/body-parser/pull/534 ">expressjs/body-parser#534</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 ">https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md ">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>1.20.3 / 2024-09-10</h1>
<ul>
<li>deps: qs@6.13.0</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="175295136739744cfe2ahttps://redirect.github.com/expressjs/body-parser/issues/534 ">#534</a>)</li>
<li><a
href="b2695c4450ade0f3f82fhttps://redirect.github.com/expressjs/body-parser/issues/531 ">#531</a>)</li>
<li><a
href="99a1bd6245https://redirect.github.com/expressjs/body-parser/issues/521 ">#521</a>)</li>
<li><a
href="947859160583db46a1e5https://redirect.github.com/expressjs/body-parser/issues/523 ">#523</a>)</li>
<li><a
href="9d4e2125b5https://redirect.github.com/expressjs/body-parser/issues/522 ">#522</a>)</li>
<li>See full diff in <a
href="https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon ">ulisesgascon</a>, a new
releaser for body-parser since your current version.</p>
</details>
<br />
Updates `express` from 4.19.2 to 4.21.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases ">express's
releases</a>.</em></p>
<blockquote>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>"back"</code> magic string in redirects by
<a href="https://github.com/blakeembrey "><code>@blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935 ">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954 ">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951 ">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93 "><code>@agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946 ">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93 "><code>@agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946 ">expressjs/express#5946</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.20.0...4.21.0 ">https://github.com/expressjs/express/compare/4.20.0...4.21.0 </a></p>
<h2>4.20.0</h2>
<h2>What's Changed</h2>
<h3>Important</h3>
<ul>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561 ">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562 ">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito "><code>@marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565 ">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564 ">expressjs/express#5564</a></li>
<li>Add a Threat Model by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5526 ">expressjs/express#5526</a></li>
<li>Assign captain of encodeurl by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5579 ">expressjs/express#5579</a></li>
<li>Nominate jonchurch as repo captain for <code>http-errors</code>,
<code>expressjs.com</code>, <code>morgan</code>, <code>cors</code>,
<code>body-parser</code> by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5587 ">expressjs/express#5587</a></li>
<li>docs: update Security.md by <a
href="https://github.com/inigomarquinez "><code>@inigomarquinez</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5590 ">expressjs/express#5590</a></li>
<li>docs: update triage nomination policy by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5600 ">expressjs/express#5600</a></li>
<li>Add CodeQL (SAST) by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5433 ">expressjs/express#5433</a></li>
<li>docs: add UlisesGascon as triage initiative captain by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5605 ">expressjs/express#5605</a></li>
<li>deps: encodeurl@~2.0.0 by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5569 ">expressjs/express#5569</a></li>
<li>skip QUERY method test by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5628 ">expressjs/express#5628</a></li>
<li>ignore ETAG query test on 21 and 22, reuse skip util by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5639 ">expressjs/express#5639</a></li>
<li>add support Node.js@22 in the CI by <a
href="https://github.com/mertcanaltin "><code>@mertcanaltin</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5627 ">expressjs/express#5627</a></li>
<li>doc: add table of contents, tc/triager lists to readme by <a
href="https://github.com/mertcanaltin "><code>@mertcanaltin</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5619 ">expressjs/express#5619</a></li>
<li>List and sort all projects, add captains by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5653 ">expressjs/express#5653</a></li>
<li>docs: add <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
as captain for cookie-parser by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5666 ">expressjs/express#5666</a></li>
<li>✨ bring back query tests for node 21 by <a
href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5690 ">expressjs/express#5690</a></li>
<li>[v4] Deprecate <code>res.clearCookie</code> accepting
<code>options.maxAge</code> and <code>options.expires</code> by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5672 ">expressjs/express#5672</a></li>
<li>skip QUERY tests for Node 21 only, still not supported by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5695 ">expressjs/express#5695</a></li>
<li>📝 update people, add ctcpip to TC by <a
href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5683 ">expressjs/express#5683</a></li>
<li>remove minor version pinning from ci by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5722 ">expressjs/express#5722</a></li>
<li>Fix link variable use in attribution section of CODE OF CONDUCT by
<a href="https://github.com/IamLizu "><code>@IamLizu</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5762 ">expressjs/express#5762</a></li>
<li>Replace Appveyor windows testing with GHA by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5599 ">expressjs/express#5599</a></li>
<li>Add OSSF Scorecard badge by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5436 ">expressjs/express#5436</a></li>
<li>update scorecard link by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5814 ">expressjs/express#5814</a></li>
<li>Nominate <a
href="https://github.com/IamLizu "><code>@IamLizu</code></a> to the
triage team by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5836 ">expressjs/express#5836</a></li>
<li>deps: path-to-regexp@0.1.8 by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5603 ">expressjs/express#5603</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.21.0/History.md ">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location("back")</code> and
<code>res.redirect("back")</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7e562c6d8d1bcde96bc8https://redirect.github.com/expressjs/express/issues/5946 ">#5946</a>)</li>
<li><a
href="7d36477568https://redirect.github.com/expressjs/express/issues/5951 ">#5951</a>)</li>
<li><a
href="40d2d8f2c877ada906dbhttps://redirect.github.com/expressjs/express/issues/5935 ">#5935</a>)</li>
<li><a
href="21df421ebc4c9ddc1c479ebe5d500dhttps://redirect.github.com/expressjs/express/issues/5928 ">#5928</a>)</li>
<li><a
href="ec4a01b6b8https://redirect.github.com/expressjs/express/issues/5926 ">#5926</a>)</li>
<li><a
href="54271f69b5https://github.com/expressjs/express/compare/4.19.2...4.21.0 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
24e00b4816
chore(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 in /functions ( #506 )
1 year ago
fa2df01d6d
chore(deps): bump jsonwebtoken, firebase-admin and firebase-functions in /functions ( #502 )
...
Bumps [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken ) to
9.0.2 and updates ancestor dependencies
[jsonwebtoken](https://github.com/auth0/node-jsonwebtoken ),
[firebase-admin](https://github.com/firebase/firebase-admin-node ) and
[firebase-functions](https://github.com/firebase/firebase-functions ).
These dependencies need to be updated together.
Updates `jsonwebtoken` from 8.5.1 to 9.0.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md ">jsonwebtoken's
changelog</a>.</em></p>
<blockquote>
<h2>9.0.2 - 2023-08-30</h2>
<ul>
<li>security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes
<a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/921 ">#921</a>.</li>
<li>refactor: reduce library size by using lodash specific dependencies,
closes <a
href="https://redirect.github.com/auth0/node-jsonwebtoken/issues/878 ">#878</a>.</li>
</ul>
<h2>9.0.1 - 2023-07-05</h2>
<ul>
<li>fix(stubs): allow decode method to be stubbed</li>
</ul>
<h2>9.0.0 - 2022-12-21</h2>
<p><strong>Breaking changes: See <a
href="https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9 ">Migration
from v8 to v9</a></strong></p>
<h3>Breaking changes</h3>
<ul>
<li>Removed support for Node versions 11 and below.</li>
<li>The verify() function no longer accepts unsigned tokens by default.
([834503079514b72264fd13023a3b8d648afd6a16]<a
href="8345030795ecdf6cc607bc28861f1fhttps://redirect.github.com/auth0/node-jsonwebtoken/issues/935 ">#935</a>)</li>
<li><a
href="96b89060cfhttps://redirect.github.com/auth0/node-jsonwebtoken/issues/933 ">#933</a>)</li>
<li><a
href="ed35062239https://redirect.github.com/auth0/node-jsonwebtoken/issues/932 ">#932</a>)</li>
<li><a
href="84539b29e1https://redirect.github.com/auth0/node-jsonwebtoken/issues/920 ">#920</a>)</li>
<li><a
href="a99fd4b473https://redirect.github.com/auth0/node-jsonwebtoken/issues/876 ">#876</a>)</li>
<li><a
href="e1fa9dcc125eaedbf2b0https://redirect.github.com/auth0/node-jsonwebtoken/issues/861 ">#861</a>)</li>
<li><a
href="cd4163eb14https://redirect.github.com/auth0/node-jsonwebtoken/issues/856 ">#856</a>)</li>
<li><a
href="ecdf6cc6078345030795https://github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.2 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~charlesrea ">charlesrea</a>, a new releaser
for jsonwebtoken since your current version.</p>
</details>
<br />
Updates `firebase-admin` from 10.2.0 to 12.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/firebase/firebase-admin-node/releases ">firebase-admin's
releases</a>.</em></p>
<blockquote>
<h2>Firebase Admin Node.js SDK v12.2.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li>change: Deprecate Node.js 16 support (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2574 ">#2574</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>fix: Replace <code>farmhash</code> with <code>farmhash-modern</code>
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2603 ">#2603</a>)</li>
<li>fix: Make ADC + human account work with firebase-admin (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2553 ">#2553</a>)</li>
<li>fix: Use optional chaining in FirebaseError (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2581 ">#2581</a>)</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>[chore] Release 12.2.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2605 ">#2605</a>)</li>
<li>build(deps): bump uuid from 9.0.1 to 10.0.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2599 ">#2599</a>)</li>
<li>build(deps-dev): bump chai-exclude from 2.1.0 to 2.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2593 ">#2593</a>)</li>
<li>build(deps-dev): bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2595 ">#2595</a>)</li>
<li>build(deps): bump <code>@grpc/grpc-js</code> from 1.10.8 to 1.10.9
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2592 ">#2592</a>)</li>
<li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.4 to
4.17.5 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2594 ">#2594</a>)</li>
<li>build(deps): bump <code>@google-cloud/firestore</code> from 7.7.0
to 7.8.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2583 ">#2583</a>)</li>
<li>build(deps): bump <code>@types/node</code> from 20.12.12 to 20.14.0
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2585 ">#2585</a>)</li>
<li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.34
to 0.2.35 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2575 ">#2575</a>)</li>
<li>build(deps-dev): bump chai-as-promised from 7.1.1 to 7.1.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2578 ">#2578</a>)</li>
<li>build(deps): bump <code>@google-cloud/storage</code> from 7.11.0 to
7.11.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2579 ">#2579</a>)</li>
</ul>
<h2>Firebase Admin Node.js SDK v12.1.1</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: Export error classes (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2151 ">#2151</a>)</li>
</ul>
<h3>Miscellaneous</h3>
<ul>
<li>[chore] Release 12.1.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2561 ">#2561</a>)</li>
<li>build(deps): updgrade jwks-rsa (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2570 ">#2570</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2568 ">#2568</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2566 ">#2566</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2567 ">#2567</a>)</li>
<li>--- (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2569 ">#2569</a>)</li>
<li>build(deps-dev): bump <code>@firebase/auth-types</code> from 0.12.1
to 0.12.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2556 ">#2556</a>)</li>
<li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from
7.43.2 to 7.43.7 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2559 ">#2559</a>)</li>
<li>chore: upgrade firestore to 7.7.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2560 ">#2560</a>)</li>
<li>build(deps-dev): bump <code>@firebase/app-compat</code> from 0.2.32
to 0.2.33 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2555 ">#2555</a>)</li>
<li>build(deps): bump <code>@google-cloud/firestore</code> from 7.6.0
to 7.7.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2558 ">#2558</a>)</li>
<li>Fix api extractor issues to expose error types (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2549 ">#2549</a>)</li>
<li>build(deps-dev): bump <code>@types/lodash</code> from 4.17.0 to
4.17.1 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2546 ">#2546</a>)</li>
<li>build(deps): bump <code>@google-cloud/storage</code> from 7.10.2 to
7.11.0 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2547 ">#2547</a>)</li>
<li>build(deps-dev): bump <code>@microsoft/api-extractor</code> from
7.43.1 to 7.43.2 (<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2545 ">#2545</a>)</li>
<li>build(deps): bump <code>@types/node</code> from 20.12.7 to 20.12.10
(<a
href="https://redirect.github.com/firebase/firebase-admin-node/issues/2544 ">#2544</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5620e9c6bdhttps://redirect.github.com/firebase/firebase-admin-node/issues/2605 ">#2605</a>)</li>
<li><a
href="f6f7cb9650https://redirect.github.com/firebase/firebase-admin-node/issues/2599 ">#2599</a>)</li>
<li><a
href="b890182e73https://redirect.github.com/firebase/firebase-admin-node/issues/2603 ">#2603</a>)</li>
<li><a
href="5f0f253301https://redirect.github.com/firebase/firebase-admin-node/issues/2553 ">#2553</a>)</li>
<li><a
href="fdde8c3a6fhttps://redirect.github.com/firebase/firebase-admin-node/issues/2593 ">#2593</a>)</li>
<li><a
href="07855bfd77https://redirect.github.com/firebase/firebase-admin-node/issues/2595 ">#2595</a>)</li>
<li><a
href="54405804a8https://redirect.github.com/firebase/firebase-admin-node/issues/2592 ">#2592</a>)</li>
<li><a
href="5f01f63da5https://redirect.github.com/firebase/firebase-admin-node/issues/2594 ">#2594</a>)</li>
<li><a
href="4070f5bf41https://redirect.github.com/firebase/firebase-admin-node/issues/2583 ">#2583</a>)</li>
<li><a
href="07cfca83d8https://redirect.github.com/firebase/firebase-admin-node/issues/2585 ">#2585</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/firebase/firebase-admin-node/compare/v10.2.0...v12.2.0 ">compare
view</a></li>
</ul>
</details>
<br />
Updates `firebase-functions` from 3.21.0 to 3.24.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/firebase/firebase-functions/releases ">firebase-functions's
releases</a>.</em></p>
<blockquote>
<h2>v3.24.1</h2>
<ul>
<li>Fix reference docs for performance monitoring.</li>
<li>Fix bug where function configuration wil null values couldn't be
deployed. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1246 ">#1246</a>)</li>
</ul>
<h2>v3.24.0</h2>
<ul>
<li>Add performance monitoring triggers to v2 alerts (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1223 ">#1223</a>).</li>
</ul>
<h2>v3.23.0</h2>
<ul>
<li>Fixes a bug that disallowed setting customClaims and/or
sessionClaims in blocking functions (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1199 ">#1199</a>).</li>
<li>Add v2 Schedule Triggers (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1177 ">#1177</a>).</li>
</ul>
<h2>v3.22.0</h2>
<ul>
<li>Adds RTDB Triggers for v2 functions (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1127 ">#1127</a>)</li>
<li>Adds support for Firebase Admin SDK v11 (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1151 ">#1151</a>)</li>
<li>Fixes bug where emulated task queue function required auth header
(<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1154 ">#1154</a>)</li>
</ul>
<h2>v3.21.2</h2>
<ul>
<li>Fixes bug where <code>toJSON</code> was not defined in
<code>UserRecord</code> (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1125 ">#1125</a>).</li>
</ul>
<h2>v3.21.1</h2>
<ul>
<li>Add debug feature to enable cors option for v2 onRequest and onCall
handlers. (<a
href="https://redirect.github.com/firebase/firebase-functions/issues/1099 ">#1099</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e4bda7d6833c5392dfeehttps://redirect.github.com/firebase/firebase-functions/issues/1245 ">#1245</a>)</li>
<li><a
href="cc6e28e6edhttps://redirect.github.com/firebase/firebase-functions/issues/1246 ">#1246</a>)</li>
<li><a
href="cf27ac6b0bhttps://redirect.github.com/firebase/firebase-functions/issues/1239 ">#1239</a>)</li>
<li><a
href="1ac04adba9https://redirect.github.com/firebase/firebase-functions/issues/1240 ">#1240</a>)</li>
<li><a
href="bd0fcbc595e191af7148b93e397b32https://redirect.github.com/firebase/firebase-functions/issues/1238 ">#1238</a>)</li>
<li><a
href="65e66a2138https://redirect.github.com/firebase/firebase-functions/issues/1236 ">#1236</a>)</li>
<li><a
href="c18e832d92https://redirect.github.com/firebase/firebase-functions/issues/1223 ">#1223</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/firebase/firebase-functions/compare/v3.21.0...v3.24.1 ">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
7137067a15
chore(deps): bump express from 4.18.1 to 4.19.2 in /functions ( #501 )
...
Bumps [express](https://github.com/expressjs/express ) from 4.18.1 to
4.19.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases ">express's
releases</a>.</em></p>
<blockquote>
<h2>4.19.2</h2>
<h2>What's Changed</h2>
<ul>
<li><a
href="0b746953c4https://github.com/expressjs/express/compare/4.19.1...4.19.2 ">https://github.com/expressjs/express/compare/4.19.1...4.19.2 </a></p>
<h2>4.19.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix ci after location patch by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5552 ">expressjs/express#5552</a></li>
<li>fixed un-edited version in history.md for 4.19.0 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5556 ">expressjs/express#5556</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.19.0...4.19.1 ">https://github.com/expressjs/express/compare/4.19.0...4.19.1 </a></p>
<h2>4.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix typo in release date by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5527 ">expressjs/express#5527</a></li>
<li>docs: nominating <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> to be
project captian by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5511 ">expressjs/express#5511</a></li>
<li>docs: loosen TC activity rules by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5510 ">expressjs/express#5510</a></li>
<li>Add note on how to update docs for new release by <a
href="https://github.com/crandmck "><code>@crandmck</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5541 ">expressjs/express#5541</a></li>
<li><a
href="660ccf5fa3https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5551 ">expressjs/express#5551</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/crandmck "><code>@crandmck</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5541 ">expressjs/express#5541</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.18.3...4.19.0 ">https://github.com/expressjs/express/compare/4.18.3...4.19.0 </a></p>
<h2>4.18.3</h2>
<h2>Main Changes</h2>
<ul>
<li>Fix routing requests without method</li>
<li>deps: body-parser@1.20.2
<ul>
<li>Fix strict json error message on Node.js 19+</li>
<li>deps: content-type@~1.0.5</li>
<li>deps: raw-body@2.5.2</li>
</ul>
</li>
</ul>
<h2>Other Changes</h2>
<ul>
<li>Use https: protocol instead of deprecated git: protocol by <a
href="https://github.com/vcsjones "><code>@vcsjones</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5032 ">expressjs/express#5032</a></li>
<li>build: Node.js@16.18 and Node.js@18.12 by <a
href="https://github.com/abenhamdine "><code>@abenhamdine</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5034 ">expressjs/express#5034</a></li>
<li>ci: update actions/checkout to v3 by <a
href="https://github.com/armujahid "><code>@armujahid</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5027 ">expressjs/express#5027</a></li>
<li>test: remove unused function arguments in params by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5124 ">expressjs/express#5124</a></li>
<li>Remove unused originalIndex from acceptParams by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5119 ">expressjs/express#5119</a></li>
<li>Fixed typos by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5117 ">expressjs/express#5117</a></li>
<li>examples: remove unused params by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5113 ">expressjs/express#5113</a></li>
<li>fix: parameter str is not described in JSDoc by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5130 ">expressjs/express#5130</a></li>
<li>fix: typos in History.md by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5131 ">expressjs/express#5131</a></li>
<li>build : add Node.js@19.7 by <a
href="https://github.com/abenhamdine "><code>@abenhamdine</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5028 ">expressjs/express#5028</a></li>
<li>test: remove unused function arguments in params by <a
href="https://github.com/raksbisht "><code>@raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5137 ">expressjs/express#5137</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/master/History.md ">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.19.2 / 2024-03-25</h1>
<ul>
<li>Improved fix for open redirect allow list bypass</li>
</ul>
<h1>4.19.1 / 2024-03-20</h1>
<ul>
<li>Allow passing non-strings to res.location with new encoding handling
checks</li>
</ul>
<h1>4.19.0 / 2024-03-20</h1>
<ul>
<li>Prevent open redirect allow list bypass due to encodeurl</li>
<li>deps: cookie@0.6.0</li>
</ul>
<h1>4.18.3 / 2024-02-29</h1>
<ul>
<li>Fix routing requests without method</li>
<li>deps: body-parser@1.20.2
<ul>
<li>Fix strict json error message on Node.js 19+</li>
<li>deps: content-type@~1.0.5</li>
<li>deps: raw-body@2.5.2</li>
</ul>
</li>
<li>deps: cookie@0.6.0
<ul>
<li>Add <code>partitioned</code> option</li>
</ul>
</li>
</ul>
<h1>4.18.2 / 2022-10-08</h1>
<ul>
<li>Fix regression routing a large stack in a single route</li>
<li>deps: body-parser@1.20.1
<ul>
<li>deps: qs@6.11.0</li>
<li>perf: remove unnecessary object clone</li>
</ul>
</li>
<li>deps: qs@6.11.0</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="04bc62787bda4d763ff64f0f6cc67da003cfab03a1fa90fcea11f2b1db22084e36506a0867302ddb567c9c665dhttps://redirect.github.com/expressjs/express/issues/5541 ">#5541</a>)</li>
<li><a
href="69a4cf2819https://github.com/expressjs/express/compare/4.18.1...4.19.2 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~wesleytodd ">wesleytodd</a>, a new releaser
for express since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>
1 year ago
ca4a79d462
chore(deps): bump jose from 2.0.5 to 2.0.7 in /functions ( #500 )
...
Bumps [jose](https://github.com/panva/jose ) from 2.0.5 to 2.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/releases ">jose's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.7</h2>
<h3>Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="02a65794f7https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q ">CVE-2024-28176</a></li>
</ul>
<h2>v2.0.6</h2>
<h3>Fixes</h3>
<ul>
<li>limit default PBES2 alg's computational expense (<a
href="c1512be660https://github.com/panva/jose/blob/v2.0.7/CHANGELOG.md ">jose's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/panva/jose/compare/v2.0.6...v2.0.7 ">2.0.7</a>
(2024-03-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="02a65794f7https://github.com/panva/jose/compare/v2.0.5...v2.0.6 ">2.0.6</a>
(2022-09-01)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>limit default PBES2 alg's computational expense (<a
href="c1512be6600fbe2e68c702a65794f7d1be83faa6c1512be660https://github.com/panva/jose/compare/v2.0.5...v2.0.7 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/flutter/pinball/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Álvaro Stivi <astivi@users.noreply.github.com>
1 year ago
6454d166e9
feat(functions): add leaderboard cleanup function ( #376 )
3 years ago
dependabot[bot]
Felix Angelov