Bump the npm_and_yarn group across 3 directories with 22 updates #1

dependabot · 2024-11-07T17:47:21Z

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
axios	`0.27.2`	`0.28.0`
cookie	`0.5.0`	`0.7.0`
dompurify	`2.3.8`	`2.5.4`
express	`4.19.2`	`4.20.0`
jsonwebtoken	`8.5.1`	`9.0.0`
langchain	`0.1.23`	`0.2.19`
nanoid	`3.3.3`	`3.3.4`
nodemailer	`6.7.3`	`6.9.9`
webpack	`5.70.0`	`5.94.0`
pdfjs-dist	`2.9.359`	`4.2.67`
next	`13.5.6`	`14.2.10`
dset	`3.1.2`	`3.1.4`
ejs	`3.1.9`	`3.1.10`
elliptic	`6.5.7`	`6.6.0`
http-proxy-middleware	`2.0.4`	`2.0.7`
markdown-to-jsx	`7.1.7`	`7.5.0`
tmpl	`1.0.4`	`1.0.5`

Bumps the npm_and_yarn group with 3 updates in the /pkg/bull-queue-admin directory: express, ejs and semver.
Bumps the npm_and_yarn group with 3 updates in the /pkg/extension directory: nanoid, webpack and terser.

Updates axios from 0.27.2 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated #4745

Fixed timeout error message for HTTP 4738

Added axios.formToJSON method (#4735)

URL params serializer (#4734)

Fixed toFormData Blob issue on node>v17 #4728

Adding types for progress event callbacks #4675

Fixed max body length defaults #4731

Added data URL support for node.js (#4725)

Added isCancel type assert (#4293)

Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)

Add string[] to AxiosRequestHeaders type (#4322)

Allow type definition for axios instance methods (#4224)

Fixed AxiosError stack capturing; (#4718)

Fixed AxiosError status code type; (#4717)

Adding Canceler parameters config and request (#4711)

fix(types): allow to specify partial default headers for instance creation (#4185)

Added blob to the list of protocols supported by the browser (#4678)

Fixing Z_BUF_ERROR when no content (#4701)

Fixed race condition on immediate requests cancellation (#4261)

Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248

Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)

Fix TS definition for AxiosRequestTransformer (#4201)

Use type alias instead of interface for AxiosPromise (#4505)

Include request and config when creating a CanceledError instance (#4659)

Added generic TS types for the exposed toFormData helper (#4668)

Optimized the code that checks cancellation (#4587)

Replaced webpack with rollup (#4596)

Added stack trace to AxiosError (#4624)

Updated AxiosError.config to be optional in the type definition (#4665)

Removed incorrect argument for NetworkError constructor (#4656)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)

Fixing content-type header repeated #4745

Fixed timeout error message for HTTP 4738

Added axios.formToJSON method (#4735)

URL params serializer (#4734)

Fixed toFormData Blob issue on node>v17 #4728

Adding types for progress event callbacks #4675

Fixed max body length defaults #4731

Added data URL support for node.js (#4725)

Added isCancel type assert (#4293)

Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)

Add string[] to AxiosRequestHeaders type (#4322)

Allow type definition for axios instance methods (#4224)

Fixed AxiosError stack capturing; (#4718)

Fixed AxiosError status code type; (#4717)

Adding Canceler parameters config and request (#4711)

fix(types): allow to specify partial default headers for instance creation (#4185)

Added blob to the list of protocols supported by the browser (#4678)

Fixing Z_BUF_ERROR when no content (#4701)

Fixed race condition on immediate requests cancellation (#4261)

Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248

Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)

Fix TS definition for AxiosRequestTransformer (#4201)

Use type alias instead of interface for AxiosPromise (#4505)

Include request and config when creating a CanceledError instance (#4659)

Added generic TS types for the exposed toFormData helper (#4668)

Optimized the code that checks cancellation (#4587)

Replaced webpack with rollup (#4596)

Added stack trace to AxiosError (#4624)

Updated AxiosError.config to be optional in the type definition (#4665)

Removed incorrect argument for NetworkError constructor (#4656)

Commits

3b7635a [Release] v0.28.0 (#6211)
27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
80c3d74 chore(ci): backported publish action; (#6224)
2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
880b42e docs: Fix a typo in README
c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
80b546c fix: loosing request header (#4858) (#4871)
6acb5ef feat: brower platform add data protocol. (#4814)
bbb2264 fix(typing): axios response headers can be undefined (#4813)
Additional commits viewable in compare view

Updates cookie from 0.5.0 to 0.7.0

Release notes

Sourced from cookie's releases.

0.7.0

perf: parse cookies ~10% faster (#144 by @kurtextrem and #170)

fix: narrow the validation of cookies to match RFC6265 (#167 by @bewinsnw)

fix: add main to package.json for rspack (#166 by @proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

Add partitioned option

Commits

ab057d6 0.7.0
5f02ca8 Migrate history to GitHub releases
a5d591c Migrate history to GitHub releases
51968f9 Skip isNaN
9e7ca51 perf(parse): cache length, return early (#144)
d6f39b0 Fix tests for old node
6bb701f Remove failing scorecard
ca70da4 test(serialize): additional tests for name, domain and path RFC validations (...
47917c9 Iterate whitespace for perf (#170)
927d48a Add main to package.json (#166)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates dompurify from 2.3.8 to 2.5.4

Release notes

Sourced from dompurify's releases.

DOMPurify 2.5.4

Fixed a bug with latest isNaN checks affecting MSIE, thanks @tulach

Fixed the tests for MSIE and fixed related test-runner

DOMPurify 2.5.3

Fixed several mXSS variations found by and thanks to @kevin-mizu & @Ry0taK

Added better configurability for comment scrubbing default behavior

Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu

Fixed some smaller issues in README and other documentation

DOMPurify 2.5.2

Addressed and fixed a mXSS variation found by @kevin-mizu

Addressed and fixed a mXSS variation found by Adam Kues of Assetnote

Updated tests for older Safari and Chrome versions

DOMPurify 2.5.1

Fixed an mXSS sanitizer bypass reported by @icesfont

Added new code to track element nesting depth

Added new code to enforce a maximum nesting depth of 255

Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

DOMPurify 2.5.0

Added new setting SAFE_FOR_XML to enable better control over comment scrubbing

Updated the LICENSE file to show the accurate year number

Updated several build and test dependencies

DOMPurify 2.4.9

Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK

Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T

DOMPurify 2.4.8

Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser

DOMPurify 2.4.7

Fixed a licensing issue spotted and reported by @george-thomas-hill

DOMPurify 2.4.6

Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @leeN

DOMPurify 2.4.5

Fixed a problem with improper reset of custom HTML options, thanks @ammaraskar

DOMPurify 2.4.4

Added support for ALLOW_SELF_CLOSE_IN_ATTR flag, thanks @edg2s @AndreVirtimo

Added better support for shadowrootmode, thanks @mfreed7

DOMPurify 2.4.3

Final release that is compatible with MSIE10 & MSIE 11

... (truncated)

Commits

10c1261 docs: Updated README ever so slightly
1c92880 test: Fixed two more tests for MSIE11 and Edge 18
1401208 test: Fixed more tests for MSIE and Edge 18
2c6410a test: Fixed several new tests for MSIE11 and Edge 18
2c9bca9 test: Changed github config to include MSIE tests for 2.x
b188787 chore: Preparing 2.5.4 release
707b3d6 fix: Added a better for for the MSIE iNaN issue
62fe3be test: Attempting to get MSIE 11 back into the browser test array
f3a9710 fix: Fixed an issue with MSIE and no support for Number.isNaN
e1ddfc7 Merge branch '2.x' of github.com:cure53/DOMPurify into 2.x
Additional commits viewable in compare view

Updates express from 4.19.2 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

Other Changes

4.19.2 Staging by @wesleytodd in expressjs/express#5561

remove duplicate location test for data uri by @wesleytodd in expressjs/express#5562

feat: document beta releases expectations by @marco-ippolito in expressjs/express#5565

Cut down on duplicated CI runs by @jonchurch in expressjs/express#5564

Add a Threat Model by @UlisesGascon in expressjs/express#5526

Assign captain of encodeurl by @blakeembrey in expressjs/express#5579

Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @jonchurch in expressjs/express#5587

docs: update Security.md by @inigomarquinez in expressjs/express#5590

docs: update triage nomination policy by @UlisesGascon in expressjs/express#5600

Add CodeQL (SAST) by @UlisesGascon in expressjs/express#5433

docs: add UlisesGascon as triage initiative captain by @UlisesGascon in expressjs/express#5605

deps: encodeurl@~2.0.0 by @blakeembrey in expressjs/express#5569

skip QUERY method test by @jonchurch in expressjs/express#5628

ignore ETAG query test on 21 and 22, reuse skip util by @jonchurch in expressjs/express#5639

add support Node.js@22 in the CI by @mertcanaltin in expressjs/express#5627

doc: add table of contents, tc/triager lists to readme by @mertcanaltin in expressjs/express#5619

List and sort all projects, add captains by @blakeembrey in expressjs/express#5653

docs: add @UlisesGascon as captain for cookie-parser by @UlisesGascon in expressjs/express#5666

✨ bring back query tests for node 21 by @ctcpip in expressjs/express#5690

[v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @jonchurch in expressjs/express#5672

skip QUERY tests for Node 21 only, still not supported by @jonchurch in expressjs/express#5695

📝 update people, add ctcpip to TC by @ctcpip in expressjs/express#5683

remove minor version pinning from ci by @jonchurch in expressjs/express#5722

Fix link variable use in attribution section of CODE OF CONDUCT by @IamLizu in expressjs/express#5762

Replace Appveyor windows testing with GHA by @jonchurch in expressjs/express#5599

Add OSSF Scorecard badge by @UlisesGascon in expressjs/express#5436

update scorecard link by @bjohansebas in expressjs/express#5814

Nominate @IamLizu to the triage team by @UlisesGascon in expressjs/express#5836

deps: [email protected] by @blakeembrey in expressjs/express#5603

docs: specify new instructions for question and discuss by @IamLizu in expressjs/express#5835

4.x: Upgrade merge-descriptors dependency by @RobinTail in expressjs/express#5781

[email protected] by @blakeembrey in expressjs/express#5902

New Contributors

@marco-ippolito made their first contribution in expressjs/express#5565

@inigomarquinez made their first contribution in expressjs/express#5590

@mertcanaltin made their first contribution in expressjs/express#5627

@ctcpip made their first contribution in expressjs/express#5690

@bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

Remove link renderization in html while redirecting

deps: [email protected]

add depth option to customize the depth level in the parser

IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Remove link renderization in html while using res.redirect

deps: [email protected]

Adds support for named matching groups in the routes using a regex

Adds backtracking protection to parameters without regexes defined

deps: encodeurl@~2.0.0

Removes encoding of \, |, and ^ to align better with URL spec

Deprecate passing options.maxAge and options.expires to res.clearCookie

Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

21df421 4.20.0
4c9ddc1 feat: upgrade to [email protected]
9ebe5d5 feat: upgrade to [email protected] (#5928)
ec4a01b feat: upgrade to [email protected] (#5926)
54271f6 fix: don't render redirect values in anchor href
125bb74 [email protected] (#5902)
2a980ad [email protected] (#5781)
a3e7e05 docs: specify new instructions for question and discuss
c5addb9 deps: [email protected] (#5603)
e35380a docs: add @IamLizu to the triage team (#5836)
Additional commits viewable in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
7e6a86b Upload OpsLevel YAML (#849)
74d5719 docs: update references vercel/ms references (#770)
d71e383 docs: document "invalid token" error
3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
a46097e docs: make decode impossible to discover before verify
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates langchain from 0.1.23 to 0.2.19

Release notes

Sourced from langchain's releases.

0.2.19

What's Changed

fix(mongodb): mongodb storage mget must return undefined when key not exist by @rtyshyk in langchain-ai/langchainjs#6445

chore(mongodb): Release 0.0.6 by @jacoblee93 in langchain-ai/langchainjs#6694

fix(openai): Fix type import issue by @jacoblee93 in langchain-ai/langchainjs#6695

feat(openai): baseUrl for DallEAPIWrapper by @wanoo21 in langchain-ai/langchainjs#6685

chore(openai): Release 0.2.10 by @jacoblee93 in langchain-ai/langchainjs#6697

community[patch]: Relax webllm peer dep by @bracesproul in langchain-ai/langchainjs#6696

langchain[patch]: Take all required fields into account for OpenAPI chain by @ikalachy in langchain-ai/langchainjs#6700

docs[minor]: Add state of agents survey to docs announcement bar by @bracesproul in langchain-ai/langchainjs#6710

anthropic[patch]: Fix passing cache control through in messages by @bracesproul in langchain-ai/langchainjs#6711

anthropic[minor]: Allow different tool types to be bound by @bracesproul in langchain-ai/langchainjs#6712

anthropic[patch]: Release 0.2.17 by @bracesproul in langchain-ai/langchainjs#6713

docs[patch]: fix chroma distance function reference link by @spielhoelle in langchain-ai/langchainjs#6714

fix(core): Pin TypeScript version for now for export test failures, add asyncDispose by @jacoblee93 in langchain-ai/langchainjs#6723

feat(core,openai): Adds streaming support for OpenAI withStructuredOutput by @jacoblee93 in langchain-ai/langchainjs#6721

baidu-qianfan[patch]: Fix streaming mode of Qianfan by @stanoswald in langchain-ai/langchainjs#6661

fix(anthropic): Do not check for apiKey existence when createClient parameters are present by @rxliuli in langchain-ai/langchainjs#6716

feat(community): Add arcjet integration by @jacoblee93 in langchain-ai/langchainjs#6725

feat(community): BM25 Keyword Search Retriever by @Mraj23 in langchain-ai/langchainjs#6719

chore(baidu-qianfan): Release 0.0.4 by @jacoblee93 in langchain-ai/langchainjs#6726

chore(anthropic): Release 0.2.18 by @jacoblee93 in langchain-ai/langchainjs#6727

chore(core): Release 0.2.32 by @jacoblee93 in langchain-ai/langchainjs#6728

chore(community): Release 0.2.33 by @jacoblee93 in langchain-ai/langchainjs#6729

cloudflare[minor]: use native Cloudflare Workers AI binding by @Cherry in langchain-ai/langchainjs#5287

docs: Fix typo in chatbot tutorial by @jacoblee93 in langchain-ai/langchainjs#6730

docs: Update wording in tool choice guide by @jacoblee93 in langchain-ai/langchainjs#6732

google-common[major]: Media manager by @afirstenberg in langchain-ai/langchainjs#5835

fix(langchain): Fix local file store traversal issue by @jacoblee93 in langchain-ai/langchainjs#6736

fix(ci): Fix cf exports test by @jacoblee93 in langchain-ai/langchainjs#6737

fix(ci): Fix cf-workers export test by @jacoblee93 in langchain-ai/langchainjs#6738

fix(ci): Fix esbuild tests by @jacoblee93 in langchain-ai/langchainjs#6739

fix(ci): Fix ci by @jacoblee93 in langchain-ai/langchainjs#6741

chore(langchain): Release 0.2.19 by @jacoblee93 in langchain-ai/langchainjs#6742

New Contributors

@rtyshyk made their first contribution in langchain-ai/langchainjs#6445

@wanoo21 made their first contribution in langchain-ai/langchainjs#6685

@ikalachy made their first contribution in langchain-ai/langchainjs#6700

@spielhoelle made their first contribution in langchain-ai/langchainjs#6714

@stanoswald made their first contribution in langchain-ai/langchainjs#6661

@Mraj23 made their first contribution in langchain-ai/langchainjs#6719

@Cherry made their first contribution in langchain-ai/langchainjs#5287

Full Changelog: langchain-ai/langchainjs@0.2.18...0.2.19

Release 0.2.18

What's Changed

Release 0.2.17 by @bracesproul in langchain-ai/langchainjs#6611

langchain[patch]: Bump vertex dep by @bracesproul in langchain-ai/langchainjs#6613

... (truncated)

Commits

d5ba68d chore(langchain): Release 0.2.19 (#6742)
26f75b6 chore(langchain): Release 0.2.19
7fbae88 fix(ci): Fix ci (#6741)
87ce560 fix(ci): Fix esbuild tests (#6739)
a8ff65d fix(ci): Fix cf-workers export test (#6738)
1010d1c fix(ci): Fix cf exports test (#6737)
a0fad77 fix(langchain): Fix local file store traversal issue (#6736)
08092cd google-common[major]: Media manager (#5835)
6a723fa docs: Update wording in tool choice guide (#6732)
630283b docs: Fix typo in chatbot tutorial (#6730)
Additional commits viewable in compare view

Updates nanoid from 3.3.3 to 3.3.4

Changelog

Sourced from nanoid's changelog.

3.3.4

Fixed --help in CLI (by @Lete114).

Commits

fc5bd0d Release 3.3.4 version
5ae2628 Update dependencies
2f48e9c Try to fix CI
85991e3 fix: CLI help examples (#361)
89d994c Update dependencies
00547e7 Fix benchmark order
a8f4099 bench: add back @napi-rs/uuid (#360)
acd897f Added postgres extension to various README files (#359)
772a613 Update CI and dependencies
e7aeb0f Added zig-nanoid to readme. (#357)
See full diff in compare view

Updates nodemailer from 6.7.3 to 6.9.9

Release notes

Sourced from nodemailer's releases.

v6.9.9

6.9.9 (2024-02-01)

Bug Fixes

security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)

tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

v6.9.8

6.9.8 (2023-12-30)

Bug Fixes

punycode: do not use native punycode module (b4d0e0c)

v6.9.7

6.9.7 (2023-10-22)

Bug Fixes

customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

v6.9.6

6.9.6 (2023-10-09)

Bug Fixes

inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)

tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

v6.9.5

6.9.5 (2023-09-06)

Bug Fixes

license: Updated license year (da4744e)

Changelog

Sourced from nodemailer's changelog.

6.9.9 (2024-02-01)

Bug Fixes

security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)

tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

6.9.8 (2023-12-30)

Bug Fixes

punycode: do not use native punycode module (b4d0e0c)

6.9.7 (2023-10-22)

Bug Fixes

customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

6.9.6 (2023-10-09)

Bug Fixes

inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)

tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

6.9.5 (2023-09-06)

Bug Fixes

license: Updated license year (da4744e)

6.9.4 2023-07-19

Renamed SendinBlue to Brevo

6.9.3 2023-05-29

Specified license identifier (was defined as MIT, actual value MIT-0)

If SMTP server disconnects with a message, process it and include as part of the response error

6.9.2 2023-05-11

Fix uncaught exception on invalid attachment content payload

... (truncated)

Commits

5a2e10f chore(master): release 6.9.9 [skip-ci] (#1606)
dd8f5e8 fix(security): Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eterna...
2c2b46a chore: do not use caret in version specifier
be45c1b fix(tests): Use native node test runner, added code coverage support, removed...
4233f6f chore(master): release 6.9.8 [skip-ci] (#1605)
09d502f chore: removed double file
b4d0e0c fix(punycode): do not use native punycode module
8376c02 Test new github notice syntax for README
bc46a3b Updated stale github action
78bdaf8 chore: remove redundant AWS SDK for JavaScript v2 (#1593)
Additional commits viewable in compare view

Updates webpack from 5.70.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

Fixed consumption of eager shared modules for module federation

Strip slash for pretty regexp

Calculate correct contenthash for CSS generator options

New Features

Added the binary generator option for asset modules to explicitly keep source maps produced by loaders

Added the modern-module library value for tree shakable output

Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

Doesn't crash with an error when the css e...
Description has been truncated

Bumps the npm_and_yarn group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `0.27.2` | `0.28.0` | | [cookie](https://github.com/jshttp/cookie) | `0.5.0` | `0.7.0` | | [dompurify](https://github.com/cure53/DOMPurify) | `2.3.8` | `2.5.4` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.20.0` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` | | [langchain](https://github.com/langchain-ai/langchainjs) | `0.1.23` | `0.2.19` | | [nanoid](https://github.com/ai/nanoid) | `3.3.3` | `3.3.4` | | [nodemailer](https://github.com/nodemailer/nodemailer) | `6.7.3` | `6.9.9` | | [webpack](https://github.com/webpack/webpack) | `5.70.0` | `5.94.0` | | [pdfjs-dist](https://github.com/mozilla/pdf.js) | `2.9.359` | `4.2.67` | | [next](https://github.com/vercel/next.js) | `13.5.6` | `14.2.10` | | [dset](https://github.com/lukeed/dset) | `3.1.2` | `3.1.4` | | [ejs](https://github.com/mde/ejs) | `3.1.9` | `3.1.10` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.7` | `6.6.0` | | [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.4` | `2.0.7` | | [markdown-to-jsx](https://github.com/quantizor/markdown-to-jsx) | `7.1.7` | `7.5.0` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | Bumps the npm_and_yarn group with 3 updates in the /pkg/bull-queue-admin directory: [express](https://github.com/expressjs/express), [ejs](https://github.com/mde/ejs) and [semver](https://github.com/npm/node-semver). Bumps the npm_and_yarn group with 3 updates in the /pkg/extension directory: [nanoid](https://github.com/ai/nanoid), [webpack](https://github.com/webpack/webpack) and [terser](https://github.com/terser/terser). Updates `axios` from 0.27.2 to 0.28.0 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v0.28.0/CHANGELOG.md) - [Commits](axios/axios@v0.27.2...v0.28.0) Updates `cookie` from 0.5.0 to 0.7.0 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](jshttp/cookie@v0.5.0...v0.7.0) Updates `dompurify` from 2.3.8 to 2.5.4 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@2.3.8...2.5.4) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `langchain` from 0.1.23 to 0.2.19 - [Release notes](https://github.com/langchain-ai/langchainjs/releases) - [Changelog](https://github.com/langchain-ai/langchainjs/blob/main/release_workspace.js) - [Commits](langchain-ai/langchainjs@0.1.23...0.2.19) Updates `nanoid` from 3.3.3 to 3.3.4 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.3...3.3.4) Updates `nodemailer` from 6.7.3 to 6.9.9 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v6.7.3...v6.9.9) Updates `webpack` from 5.70.0 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.70.0...v5.94.0) Updates `pdfjs-dist` from 2.9.359 to 4.2.67 - [Release notes](https://github.com/mozilla/pdf.js/releases) - [Commits](mozilla/pdf.js@v2.9.359...v4.2.67) Updates `next` from 13.5.6 to 14.2.10 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v13.5.6...v14.2.10) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `dset` from 3.1.2 to 3.1.4 - [Release notes](https://github.com/lukeed/dset/releases) - [Commits](lukeed/dset@v3.1.2...v3.1.4) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `elliptic` from 6.5.7 to 6.6.0 - [Commits](indutny/elliptic@v6.5.7...v6.6.0) Updates `http-proxy-middleware` from 2.0.4 to 2.0.7 - [Release notes](https://github.com/chimurai/http-proxy-middleware/releases) - [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.7/CHANGELOG.md) - [Commits](chimurai/http-proxy-middleware@v2.0.4...v2.0.7) Updates `markdown-to-jsx` from 7.1.7 to 7.5.0 - [Release notes](https://github.com/quantizor/markdown-to-jsx/releases) - [Changelog](https://github.com/quantizor/markdown-to-jsx/blob/main/CHANGELOG.md) - [Commits](quantizor/markdown-to-jsx@v7.1.7...v7.5.0) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `serve-static` from 1.15.0 to 1.16.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...1.16.0) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `ejs` from 3.1.9 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.9...v3.1.10) Updates `path-to-regexp` from 0.1.7 to 0.1.10 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v0.1.10) Updates `semver` from 7.5.4 to 7.6.3 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.5.4...v7.6.3) Updates `serve-static` from 1.15.0 to 1.16.0 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...1.16.0) Updates `nanoid` from 4.0.2 to 5.0.8 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.3.3...3.3.4) Updates `webpack` from 5.94.0 to 5.96.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.70.0...v5.94.0) Updates `terser` from 5.31.6 to 5.36.0 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v5.31.6...v5.36.0) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: cookie dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: dompurify dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: langchain dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: nodemailer dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: pdfjs-dist dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: dset dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy-middleware dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: markdown-to-jsx dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: body-parser dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: nanoid dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: webpack dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: terser dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Nov 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 3 directories with 22 updates #1

Bump the npm_and_yarn group across 3 directories with 22 updates #1

dependabot bot commented on behalf of github Nov 7, 2024

Bump the npm_and_yarn group across 3 directories with 22 updates #1

Are you sure you want to change the base?

Bump the npm_and_yarn group across 3 directories with 22 updates #1

Conversation

dependabot bot commented on behalf of github Nov 7, 2024

Release v0.28.0

Release notes:

Bug Fixes

Backports from v1.x:

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

Backports from v1.x:

0.7.0

0.6.0

DOMPurify 2.5.4

DOMPurify 2.5.3

DOMPurify 2.5.2

DOMPurify 2.5.1

DOMPurify 2.5.0

DOMPurify 2.4.9

DOMPurify 2.4.8

DOMPurify 2.4.7

DOMPurify 2.4.6

DOMPurify 2.4.5

DOMPurify 2.4.4

DOMPurify 2.4.3

4.20.0

What's Changed

Important

Other Changes

New Contributors

4.20.0 / 2024-09-10

9.0.0 - 2022-12-21

Breaking changes

Security fixes

0.2.19

What's Changed

New Contributors

Release 0.2.18

What's Changed

3.3.4

v6.9.9

6.9.9 (2024-02-01)

Bug Fixes

v6.9.8

6.9.8 (2023-12-30)

Bug Fixes

v6.9.7

6.9.7 (2023-10-22)

Bug Fixes

v6.9.6

6.9.6 (2023-10-09)

Bug Fixes

v6.9.5

6.9.5 (2023-09-06)

Bug Fixes

6.9.9 (2024-02-01)

Bug Fixes

6.9.8 (2023-12-30)

Bug Fixes

6.9.7 (2023-10-22)

Bug Fixes

6.9.6 (2023-10-09)

Bug Fixes

6.9.5 (2023-09-06)

Bug Fixes

6.9.4 2023-07-19

6.9.3 2023-05-29

6.9.2 2023-05-11

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes

New Features

v5.92.1

Bug Fixes