build(deps): bump the npm_and_yarn group across 2 directories with 14 updates by dependabot[bot] · Pull Request #2 · Limitinit/code-coverage

dependabot · 2024-03-28T22:27:20Z

Bumps the npm_and_yarn group with 6 updates in the /addon directory:

Package	From	To
webpack	`5.75.0`	`5.76.0`
semver	`5.7.1`	`5.7.2`
@babel/traverse	`7.15.4`	`7.24.1`
fast-json-patch	`2.2.1`	`3.1.1`
web-ext	`7.4.0`	`7.11.0`
json5	`2.2.0`	`2.2.3`
Bumps the npm_and_yarn group with 10 updates in the /frontend directory:

Package	From	To
webpack	`5.75.0`	`5.76.0`
semver	`5.7.1`	`5.7.2`
@babel/traverse	`7.20.5`	`7.24.1`
json5	`1.0.1`	`1.0.2`
postcss	`8.4.19`	`8.4.38`
word-wrap	`1.2.3`	`1.2.5`
express	`4.18.2`	`4.19.2`
follow-redirects	`1.15.2`	`1.15.6`
ip	`2.0.0`	`2.0.1`
webpack-dev-middleware	`5.3.3`	`5.3.4`

Updates webpack from 5.75.0 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

Avoid cross-realm object access by @Jack-Works in webpack/webpack#16500

Improve hash performance via conditional initialization by @lvivski in webpack/webpack#16491

Serialize generatedCode info to fix bug in asset module cache restoration by @ryanwilsonperkin in webpack/webpack#16703

Improve performance of hashRegExp lookup by @ryanwilsonperkin in webpack/webpack#16759

Features

add target to LoaderContext type by @askoufis in webpack/webpack#16781

Security

CVE-2022-37603 fixed by @akhilgkrishnan in webpack/webpack#16446

Repo Changes

Fix HTML5 logo in README by @jakebailey in webpack/webpack#16614

Replace TypeScript logo in README by @jakebailey in webpack/webpack#16613

Update actions/cache dependencies by @piwysocki in webpack/webpack#16493

New Contributors

@Jack-Works made their first contribution in webpack/webpack#16500

@lvivski made their first contribution in webpack/webpack#16491

@jakebailey made their first contribution in webpack/webpack#16614

@akhilgkrishnan made their first contribution in webpack/webpack#16446

@ryanwilsonperkin made their first contribution in webpack/webpack#16703

@piwysocki made their first contribution in webpack/webpack#16493

@askoufis made their first contribution in webpack/webpack#16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

Commits

97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
c98e9e0 Merge pull request #16493 from piwysocki/patch-1
5f34acf feat: Add target to LoaderContext type
b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
63ea82d Merge branch 'webpack:main' into patch-1
4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
1acd635 Merge pull request #16613 from jakebailey/ts-logo
302eb37 Merge pull request #16614 from jakebailey/html5-logo
cfdb1df Improve performance of hashRegExp lookup
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/traverse from 7.15.4 to 7.24.1

Release notes

Sourced from @babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

Other

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

babel-standalone

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone

#16323 Allow separate helpers to be excluded in Babel 8 (@liuxingbaoyu)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env

#16318 [babel 8] Fix @babel/compat-data package.json (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

babel-standalone

#11696 Export babel tooling packages in @babel/standalone (@ajihyf)

babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties

#16267 Implement noUninitializedPrivateFieldAccess assumption (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16242 Support decorator 2023-11 normative updates (@JLHwung)

babel-preset-flow

#16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@nicolo-ribaudo)

... (truncated)

Commits

822b025 v7.24.1
fc0d5ad Update typescript and lint tools (#16351)
69e7928 Consider well-known and registered symbols as literals (#16342)
40110e9 Update source map deps (#16327)
ce59160 v7.24.0
bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
08a057c Use Object.hasOwn when available (#16248)
a0dd614 v7.23.9
1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
e428a6d v7.23.7
Additional commits viewable in compare view

Updates fast-json-patch from 2.2.1 to 3.1.1

Release notes

Sourced from fast-json-patch's releases.

3.1.1

Security Fix for Prototype Pollution - huntr.dev #262

Bug fixes and ES6 modules

Use ES6 Modules

package now exports non-bundled ES module Starcounter-Jack/JSON-Patch#232

main still points to CommonJS module for backward compatibility

README recommends use of named ES imports

List of changes Starcounter-Jack/JSON-Patch@v2.2.1...3.0.0-0

Use ES6 Modules

package now exports non-bundled ES module Starcounter-Jack/JSON-Patch#232

main still points to CommonJS module for backward compatibility

README recommends use of named ES imports

Full list of changes Starcounter-Jack/JSON-Patch@v2.2.1...3.0.0-0

Commits

9d313ac fix(tests): Updated tests to reflect new error message
e4f4eb3 3.1.1
d7903fb fix: typescript codegen changes
5f04488 Bumping version number
7e9fe13 Typescript provided
097864a Documentation updated
51964ed feat: Cleaned up vars vs consts
8a6a360 New build
adeb422 Update .gitignore
59336fe Merge pull request #292 from Starcounter-Jack/dependabot/npm_and_yarn/ajv-6.12.6
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mountain-jack, a new releaser for fast-json-patch since your current version.

Updates web-ext from 7.4.0 to 7.11.0

Release notes

Sourced from web-ext's releases.

7.11.0

📣 We're finalizing web-ext v8 (the next major release), which will use a new AMO API to sign add-ons. Please try it out now by passing the --use-submission-api flag to the sign command in web-ext v7. More information at: https://extensionworkshop.com/documentation/develop/web-ext-command-reference/#use-submission-api

Features

web-ext lint: updated to use addons-linter to 6.21.0

web-ext run: remove READ_EXTERNAL_STORAGE permission requirement (backport #3018)

See all changes: mozilla/web-ext@7.10.0...7.11.0

7.10.0

📣 We're finalizing web-ext v8 (the next major release), which will use a new AMO API to sign add-ons. Please try it out now by passing the --use-submission-api flag to the sign command in web-ext v7. More information at: https://extensionworkshop.com/documentation/develop/web-ext-command-reference/#use-submission-api

Features

web-ext lint: updated to use addons-linter to 6.20.0

web-ext run: fixed an issue with Firefox on macOS (#2975) by updating fx-runner to 1.4.0

See all changes: mozilla/web-ext@7.9.0...7.10.0

7.9.0

Features

web-ext lint: updated to use addons-linter 6.19.0 (it was 6.13.0 before)

See all changes: mozilla/web-ext@7.8.0...7.9.0

7.8.0

main changes

Warn web-ext v7 users about upcoming changes to the sign command: as of v8, the submission API will be used (instead of the signing API) and users will likely need to take some actions. Users of v7 can already test this upcoming change by using web-ext sign --use-submission-api.

7.7.0

main changes

Updated: dependency addons-linter to 6.13.0 (#2870)

Updated: dependency eslint to 8.48.0 (#2853)

See all changes: mozilla/web-ext@7.6.2...7.7.0

7.6.2

main changes

... (truncated)

Commits

fbf01f1 7.11.0
e97b5e3 chore(deps): bump addons-linter from 6.20.0 to 6.21.0 (#3027) (#3028)
7c2d260 fix: Remove READ_EXTERNAL_STORAGE permission requirement (backport #3018) (#3...
2c90009 7.10.0
65f4457 chore(deps): bump fx-runner from 1.3.0 to 1.4.0 (#3012)
b69a134 chore(deps): bump addons-linter from 6.19.0 to 6.20.0 (#3011)
5480525 7.9.0
4a4a596 chore(deps): bump addons-linter to 6.19.0 (#2976) (#2978)
1857fc9 chore(deps-dev): bump eslint from 8.54.0 to 8.55.0 (#2974) (#2977)
7929247 7.8.0
Additional commits viewable in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

c3a7524 2.2.3
94fd06d docs: update CHANGELOG for v2.2.3
3b8cebf docs(security): use GitHub security advisories
f0fd9e1 docs: publish a security policy
6a91a05 docs(template): bug -> bug report
14f8cb1 2.2.2
10cc7ca docs: update CHANGELOG for v2.2.2
7774c10 fix: add proto to objects and arrays
edde30a Readme: slight tweak to intro
97286f8 Improve example in readme
Additional commits viewable in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
7e6a86b Upload OpsLevel YAML (#849)
74d5719 docs: update references vercel/ms references (#770)
d71e383 docs: document "invalid token" error
3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
a46097e docs: make decode impossible to discover before verify
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates postcss from 8.4.19 to 8.4.33

Release notes

Sourced from postcss's releases.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

... (truncated)

Commits

a69d45e Release 8.4.38 version
64e35d9 Update dependencies
c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
b45e7e9 fix endIndex
1bea246 failing test: for endIndex 0 in rangeBy
0fd1d86 Add changelog auto release on Github
49c906e Release 8.4.37 version
b5bd92c Fix another broken prev source map issue
2882039 Update dependencies
e5ad939 Release 8.4.36 version
Additional commits viewable in compare view

Updates xml2js from 0.4.23 to 0.5.0

Commits

See full diff in compare view

Updates webpack from 5.75.0 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

Avoid cross-realm object access by @Jack-Works in webpack/webpack#16500

Improve hash performance via conditional initialization by @lvivski in webpack/webpack#16491

Serialize generatedCode info to fix bug in asset module cache restoration by @ryanwilsonperkin in webpack/webpack#16703

Improve performance of hashRegExp lookup by @ryanwilsonperkin in webpack/webpack#16759

Features

add target to LoaderContext type by @askoufis in webpack/webpack#16781

Security

CVE-2022-37603 fixed by @akhilgkrishnan in webpack/webpack#16446

Repo Changes

Fix HTML5 logo in README by @jakebailey in webpack/webpack#16614

Replace TypeScript logo in README by @jakebailey in webpack/webpack#16613

Update actions/cache dependencies by @piwysocki in webpack/webpack#16493

New Contributors

@Jack-Works made their first contribution in webpack/webpack#16500

@lvivski made their first contribution in webpack/webpack#16491

@jakebailey made their first contribution in webpack/webpack#16614

@akhilgkrishnan made their first contribution in webpack/webpack#16446

@ryanwilsonperkin made their first contribution in

… updates Bumps the npm_and_yarn group with 6 updates in the /addon directory: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.75.0` | `5.76.0` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.15.4` | `7.24.1` | | [fast-json-patch](https://github.com/Starcounter-Jack/JSON-Patch) | `2.2.1` | `3.1.1` | | [web-ext](https://github.com/mozilla/web-ext) | `7.4.0` | `7.11.0` | | [json5](https://github.com/json5/json5) | `2.2.0` | `2.2.3` | Bumps the npm_and_yarn group with 10 updates in the /frontend directory: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.75.0` | `5.76.0` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.5` | `7.24.1` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [postcss](https://github.com/postcss/postcss) | `8.4.19` | `8.4.38` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.15.6` | | [ip](https://github.com/indutny/node-ip) | `2.0.0` | `2.0.1` | | [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) | `5.3.3` | `5.3.4` | Updates `webpack` from 5.75.0 to 5.76.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.75.0...v5.76.0) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `@babel/traverse` from 7.15.4 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `fast-json-patch` from 2.2.1 to 3.1.1 - [Release notes](https://github.com/Starcounter-Jack/JSON-Patch/releases) - [Commits](Starcounter-Jack/JSON-Patch@v2.2.1...3.1.1) Updates `web-ext` from 7.4.0 to 7.11.0 - [Release notes](https://github.com/mozilla/web-ext/releases) - [Commits](mozilla/web-ext@7.4.0...7.11.0) Updates `json5` from 2.2.0 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `postcss` from 8.4.19 to 8.4.33 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.19...8.4.38) Updates `xml2js` from 0.4.23 to 0.5.0 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits/0.5.0) Updates `webpack` from 5.75.0 to 5.76.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.75.0...v5.76.0) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `@babel/traverse` from 7.20.5 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v2.2.0...v2.2.3) Updates `postcss` from 8.4.19 to 8.4.38 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.19...8.4.38) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `express` from 4.18.2 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `ip` from 2.0.0 to 2.0.1 - [Commits](indutny/node-ip@v2.0.0...v2.0.1) Updates `webpack-dev-middleware` from 5.3.3 to 5.3.4 - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: fast-json-patch dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: web-ext dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: jsonwebtoken dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: xml2js dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack-dev-middleware dependency-type: indirect dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm_and_yarn group across 2 directories with 14 updates#2

build(deps): bump the npm_and_yarn group across 2 directories with 14 updates#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/addon/npm_and_yarn-security-group-90a62bb99b

dependabot bot commented on behalf of github Mar 28, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 28, 2024

v5.76.0

Bugfixes

Features

Security

Repo Changes

New Contributors

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 4

v7.24.0 (2024-02-28)

🚀 New Feature

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.24.0 (2024-02-28)

🚀 New Feature

3.1.1

Bug fixes and ES6 modules

Use ES6 Modules

7.11.0

Features

7.10.0

Features

7.9.0

Features

7.8.0

main changes

7.7.0

main changes

7.6.2

main changes

v2.2.3

v2.2.2

v2.2.1

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

9.0.0 - 2022-12-21

Breaking changes

Security fixes

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34