[Snyk] Upgrade configcat-js-ssr from 6.0.1 to 8.4.1

[WontonSam]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade configcat-js-ssr from 6.0.1 to 8.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 12 versions ahead of your current version.

• The recommended version was released on 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	472	Proof of Concept

Release notes

Package name: configcat-js-ssr

• 8.4.1 - 2024-04-18
  

  Security fixes:

  • Upgrade the axios dependency to v1.6.8 as earlier versions use a vulnerable version of the follow-redirects package. (#81)
• 8.4.0 - 2024-03-21
  

  Improvements:

  • Make naming of UserComparator members consistent. (configcat/common-js#102)
  • Make line terminator character sequence configurable in log messages.
  • Adjust the terminology used in JSDoc comments to the main documentation.
  • Minor performance improvements.

  Bug fixes:

  • Align evaluation logging and evaluator error reporting in some edge cases where the config JSON contains errors.
  • Correct grammar mistakes in error messages.

  Breaking changes:

  • Change the name of some UserComparator members: Is(Not)OneOf -> TextIs(Not)OneOf, SensitiveIs(Not)OneOf -> SensitiveTextIs(Not)OneOf, (Not)ContainsAnyOf -> Text(Not)ContainsAnyOf. (Low impact expected.)
• 8.3.0 - 2024-01-16
  

  New features/improvements:

  • Add an optional parameter named watchChanges to createFlagOverridesFromMap which controls whether the client should detect changes to the flag override map after client initialization. (configcat/common-js#101)

  Bug fixes:

  • Reference a fixed version of configcat-common to avoid issues in case the "pubternal" API of configcat-common changes. (#79)
• 8.2.0 - 2024-01-09
  

  Improvements:

  • Upgrade to configcat-common v9.1.0.
  • Send ETag as a query string parameter when running in browser (because browsers don't send it automatically in every case).
  • Upon client initialization test for the availability of the local storage and use LocalStorageCache only if it's available. Otherwise, use the default (in-memory) cache implementation.
  • Don't swallow exceptions which are thrown in the LocalStorageCache.get/set methods so the outer exception handlers can catch and log them.
• 8.1.0 - 2023-12-20
  

  Fixed a cache issue with non Latin 1 characters in the config.json.

• 8.0.0 - 2023-11-24
  

  New features and improvements:

  • Add support for the new Config JSON v6 format: update the config model and implement new features in setting evaluation logic. (configcat/common-js#96)
  • Overhaul setting evaluation-related logging and make it consistent across SDKs.
  • Performance improvements to setting evaluation (building of evaluation log is expensive, so it is skipped when info level logging is turned off).

  Bug fixes:

  • Hook event handlers which close over the client instance should not prevent the client from being collected by the GC when user has no more references to the client instance. (configcat/common-js#97)
  • Prevent potential issues with weak references when awaiting IConfigCatClient.waitForReady. Also, make observable if the initial cache sync-up fails.

  Breaking changes (listed in the order of expected impact):

  • Rename the matchedEvaluationRule property to matchedTargetingRule and the matchedEvaluationPercentageRule property to matchedPercentageOption in IEvaluationDetails.
  • Throw Error when the SDK key passed to ConfigCatClient.get is in invalid format (unless the client is set up to use local-only flag override behavior).
  • Remove the deprecated ClientReadyState enum (it was renamed to ClientCacheState).
  • Change config model (IConfig and related interfaces/enums).
  • Slightly change the behavior of the ClientReady hook in Auto Poll mode to fire after the completion of the first fetch operation - regardless of success or failure - to make the behavior consistent with other SDKs. (configcat/common-js#94)
• 7.1.2 - 2023-11-16
  

  Improvements:

  • Upgrade TypeScript version to 4.8.4

  Security:

  • Upgrade axios library to 1.6.2
• 7.1.1 - 2023-08-04
  

  Improvements:

  • For better compatibility, restrict the TypeScript language features used to those which are available in v4.0 by downgrading the TypeScript compiler version.
• 7.1.0 - 2023-07-26
  

  New features and improvements:

  • Provide a way to synchronously evaluate of feature flags/settings: consumers can create a snapshot of the client by IConfigCatClient.snapshot(), which captures the client's state (including the latest config fetched), then, using the returned object, they can execute synchronous evaluation operations.
  • Add a state parameter to the clientReady hook, by means of which consumers can get information about the initialization state of the client.
  • Minor performance improvements.

  Bug fixes:

  • Fix error logging of getValueAsync/getValueDetailsAsync calls.
  • Fix JSDoc documentation of Comparator.Contains/NotContains.
• 7.0.2 - 2023-07-07
  
  • Update configcat-common dependency to v8.0.2.
    Release notes for configcat-common v8.0.2
• 7.0.1 - 2023-06-26
• 7.0.0 - 2023-06-13
• 6.0.1 - 2023-04-26

from configcat-js-ssr GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
cachimanboutique	❌ Failed (Inspect)			Jul 17, 2024 1:18am
website	❌ Failed (Inspect)			Jul 17, 2024 1:18am

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.