Bump the npm_and_yarn group with 41 updates #13

dependabot · 2024-08-27T22:33:36Z

Bumps the npm_and_yarn group with 45 updates:

Package	From	To
@angular/core	`5.2.9`	`10.2.5`
express	`4.16.3`	`4.19.2`
karma	`2.0.0`	`6.3.16`
ajv	`4.11.8`	`6.12.6`
@angular/cli	`1.7.4`	`1.7.4`
fsevents	`1.1.3`	`1.2.13`
minimist	`1.2.0`	`1.2.8`
mkdirp	`0.5.1`	`0.5.6`
handlebars	`4.0.11`	`4.7.8`
protractor	`5.1.2`	`5.4.4`
adm-zip	`0.4.4`	`0.5.15`
async	`2.6.0`	`2.6.4`
qs	`6.2.3`	`6.4.0`
braces	`0.1.5`	`1.8.5`
browserify-sign	`4.0.4`	`4.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
ejs	`2.5.8`	`2.7.4`
elliptic	`6.4.0`	`6.5.7`
eventsource	`0.1.6`	`removed`
@angular/cli	`1.7.4`	`18.2.1`
follow-redirects	`1.0.0`	`1.15.6`
fsevents	`1.1.3`	`2.3.3`
json-schema	`0.2.3`	`0.4.0`
jsprim	`1.4.0`	`1.4.2`
jsprim	`1.4.1`	`1.4.2`
request	`2.75.0`	`2.81.0`
tar	`2.2.1`	`6.2.1`
tunnel-agent	`0.4.3`	`0.6.0`
loader-utils	`0.2.17`	`1.1.0`
http-proxy	`1.16.2`	`1.18.1`
https-proxy-agent	`1.0.0`	`2.2.4`
js-yaml	`3.11.0`	`3.14.1`
json5	`0.5.1`	`1.0.2`
loader-utils	`1.1.0`	`1.4.2`
lodash	`4.17.5`	`4.17.21`
mixin-deep	`1.3.1`	`1.3.2`
randomatic	`1.1.7`	`3.1.1`
fill-range	`2.2.3`	`2.2.4`
shell-quote	`1.6.1`	`1.8.1`
socket.io	`2.0.4`	`4.7.5`
socket.io-parser	`3.1.3`	`4.2.4`
ws	`1.1.5`	`8.17.1`
xml2js	`0.4.4`	`0.4.23`
y18n	`3.2.1`	`4.0.3`
yargs-parser	`4.2.1`	`11.1.1`

Updates @angular/core from 5.2.9 to 10.2.5

Changelog

Sourced from @angular/core's changelog.

10.2.5 (2021-04-14)

Bug Fixes

compiler-cli: show a more specific error for Ivy NgModules (#41534) (#41598) (f630f33)

core: fix possible XSS attack in development through SSR (#40525) (ba8da74)

10.2.4 (2020-12-17)

Bug Fixes

core: fix possible XSS attack in development through SSR. (#40152) (0b8e3d5)

core: set ngDevMode to false when calling enableProdMode() (#40160) (90570c0)

10.2.3 (2020-11-09)

Bug Fixes

compiler: ensure that i18n message-parts have the correct source-span (#39589) (e67a331)

compiler: skipping leading whitespace should not break placeholder source-spans (#39589) (2b684b7), closes #39195

compiler-cli: avoid duplicate diagnostics about unknown pipes (#39517) (861e4fa)

compiler-cli: do not drop non-Angular decorators when downleveling (#39577) (1c6cf8a), closes #39574

10.2.2 (2020-11-04)

Bug Fixes

compiler-cli: report missing pipes when fullTemplateTypeCheck is disabled (#39320) (71d0063), closes #38195

core: markDirty() should only mark flags when really scheduling tick. (#39316) (8c82106), closes #39296

router: Ensure all outlets are used when commands have a prefix (#39456) (85d5242)

Performance Improvements

core: do not recurse into modules that have already been registered (#39514) (812355c), closes #39487

... (truncated)

Commits

ba8da74 fix(core): fix possible XSS attack in development through SSR (#40525)
90570c0 fix(core): set ngDevMode to false when calling enableProdMode() (#40160)
0b8e3d5 fix(core): fix possible XSS attack in development through SSR. (#40152)
1aee8b3 refactor(compiler): store the fullStart location on ParseSourceSpans (#39...
812355c perf(core): do not recurse into modules that have already been registered (#3...
8f36c21 refactor(router): Small refactor of createUrlTree and extra tests (#39456)
90acb91 docs: tView.preOrderHooks and tView.preOrderCheckHooks docs update (#39497)
8c82106 fix(core): markDirty() should only mark flags when really scheduling tick. (#...
0b37249 docs(core): update a typo in the comment of ngZoneEventCoalescing (#39423)
3b779a1 docs: fix typo in initializeInputAndOutputAliases docstring (#39438)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @angular/core since your current version.

Updates express from 4.16.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: [email protected] and [email protected] by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add [email protected] by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: [email protected]

4.18.3 / 2024-02-29

Fix routing requests without method

deps: [email protected]

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: [email protected]

deps: [email protected]

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: [email protected]
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates karma from 2.0.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)

warn when singleRun and autoWatch are false (69cfc76)

security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)

warn when singleRun and autoWatch are false (69cfc76)

security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

ab4b328 chore(release): 6.3.16 [skip ci]
ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
c1befa0 chore(release): 6.3.15 [skip ci]
d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
653c762 ci: prevent duplicate CI tasks on creating a PR
c97e562 chore(release): 6.3.14 [skip ci]
91d5acd fix: remove string template from client code
69cfc76 fix: warn when singleRun and autoWatch are false
839578c fix(security): remove XSS vulnerability in returnUrl query param
db53785 chore(release): 6.3.13 [skip ci]
Additional commits viewable in compare view

Updates ajv from 4.11.8 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@sambauers, #1143) Option keywords to add custom keywords (@franciscomorais, #1137) Types fixes (@boenrobot, @MattiAstedrone) Docs:

error logging example (@RadiationSickness)

TypeScript usage notes (@thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits

fe59143 6.12.6
d580d3e Merge pull request #1298 from ajv-validator/fix-url
fd36389 fix: regular expression for "url" format
490e34c docs: link to v7-beta branch
9cd93a1 docs: note about v7 in readme
877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
f1c8e45 6.12.5
764035e Merge branch 'ChALkeR-chalker/fix-comma'
3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
Additional commits viewable in compare view

Updates @angular/cli from 1.7.4 to 1.7.4

Commits

See full diff in compare view

Updates fsevents from 1.1.3 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

Added node v10 for pre-built binaries

C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.

Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.

Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0

Compatibility updates for nan v2.9.0

Commits

844a05d Version Bump
f393f2a Only build fsevents on macOS (#322)
6a281a7 [publish binary]
acc2bce [publish binary]
f532b6e [publish binary]
4c6a1c0 Add node 13 to travis matrix.
92e40aa Release 1.2.12.
909af26 Release v1.2.11
7074adb Release v1.2.10
0a052f6 Node.js v12 support for v1.x (#274)
Additional commits viewable in compare view

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

[Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)

[Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)

[Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

[Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)

[Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)

[Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)

[Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)

[Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)

[Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

Merge tag 'v0.2.3' a026794

[eslint] fix indentation and whitespace 5368ca4

[eslint] fix indentation and whitespace e5f5067

[eslint] more cleanup 62fde7d

[eslint] more cleanup 36ac5d0

[meta] add auto-changelog 73923d2

[actions] add reusable workflows d80727d

[eslint] add eslint; rules to enable later are warnings 48bc06a

[eslint] fix indentation 34b0f1c

[readme] rename and add badges 5df0fe4

[Dev Deps] switch from covert to nyc a48b128

[Dev Deps] update covert, tape; remove unnecessary tap f0fb958

[meta] create FUNDING.yml; add funding in package.json 3639e0c

[meta] use npmignore to autogenerate an npmignore file be2e038

Only apps should have lockfiles 282b570

isConstructorOrProto adapted from PR ef9153f

[Dev Deps] update @ljharb/eslint-config, aud 098873c

[Dev Deps] update @ljharb/eslint-config, aud 3124ed3

[meta] add safe-publish-latest 4b927de

[Tests] add aud in posttest b32d9bd

[meta] update repo URLs f9fdfc0

[actions] Avoid 0.6 tests due to build failures ba92fe6

[Dev Deps] update tape 950eaa7

[Dev Deps] add missing npmignore dev dep 3226afa

Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

6901ee2 v1.2.8
a026794 Merge tag 'v0.2.3'
c0b2661 v0.2.3
63b8fee [Fix] Fix long option followed by single dash (#17)
72239e6 [Tests] Remove duplicate test (#12)
34b0f1c [eslint] fix indentation
3226afa [Dev Deps] add missing npmignore dev dep
098873c [Dev Deps] update @ljharb/eslint-config, aud
9ec4d27 [Fix] Fix long option followed by single dash
ba92fe6 [actions] Avoid 0.6 tests due to build failures
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

92f086d 0.5.6
2a28125 clean up tests
c905d65 update minimist
049cf18 0.5.5
bea6382 Remove unnecessary umask calls
42a012c 0.5.4
2867920 fix infinite loop on windows machines
d784e70 0.5.3
d612c5d add files list so this package isn't a monster
b2e7ba0 0.5.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates handlebars from 4.0.11 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning when importing Handlebars as ESM - 03d387b

Fix bundler issue with webpack 5 (#1862) - c6c6bbb

Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning when importing Handlebars as ESM - 03d387b

Fix bundler issue with webpack 5 (#1862) - c6c6bbb

Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

fix weird error in integration tests - eb860c0

fix: check prototype property access in strict-mode (#1736) - b6d3de7

fix: escape property names in compat mode (#1736) - f058970

refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8

chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

#1672 - Switch cmd parser to latest minimist (@dougwilson

Compatibility notes:

Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

~~Node.js version support has been changed to v6+~~ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

8dc3d25 v4.7.8
668c4fb Fix browser tests in CI pipeline
c65c6cc Test on Node 18
3d3796c Make library compatible with workers
075b354 Fix sync issue with npm lock-file
30dbf04 Fix compiling of each block params in strict mode
e3a5448 Fix bundler issue with webpack 5
8e23642 Fix integration-tests issue with npm >= 7
88ac068 use https instead of git for mustache submodule
c68bc08 Fix typo
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates protractor from 5.1.2 to 5.4.4

Release notes

Sourced from protractor's releases.

5.4.3

typescript 3.7 compatibility

Resolves #5348 which was causing incompatibility with TypeScript 3.7

Changelog

Sourced from protractor's changelog.

5.4.4

Fixes

fix: security prototype pollution

5.4.3

Fixes

fix(index.ts): Fix exports to unbreak TypeScript 3.7 build

5.4.2

Features
(db1b638) feat(saucelabs): add sauceRegion support for eu datacenters (#5083)

This change allows user to define the backend region from sauce via the sauceRegion property, e.g.
   sauceUser: process.env.SAUCE_USERNAME,
   sauceKey: process.env.SAUCE_ACCESS_KEY,
   sauceRegion: 'eu',
Will run the test against https://ondemand.eu-central-1.saucelabs.com:443/wd/hub/.
   sauceUser: process.env.SAUCE_USERNAME,
   sauceKey: process.env.SAUCE_ACCESS_KEY,
   sauceRegion: 'us',
// the default
sauceUser: process.env.SAUCE_USERNAME,
sauceKey: process.env.SAUCE_ACCESS_KEY,
Will run the test against https://ondemand.saucelabs.com:443/wd/hub/
Fixes

(f5dbe13) fix(deps): @types/node is now a dev dependency

5.4.1

Features

(7b08083)

... (truncated)

Commits

a0ffa9b release: 5.4.4
8b3ebf8 fix: security prototype pollution
162f9e5 ci: Log sauce connect proxy to stdout, remove travis_wait, upgrade proxy to 4...
eb1d0fc docs(release): Update release docs for 5.4 series.
6c46098 chore(release): Update changelog
faf0895 fix(ci): Don't update webdriver in pretest
d77731c fix(release): Pin CircleCI to Chrome v74
efe7fdd chore(dependencies): Update natives, so we can continue to run Gulp on
0442e51 chore(release): Bugfix release 5.4.3
7999a08 fix(index.ts): Fix exports to unbreak TypeScript 3.7 build
Additional commits viewable in compare view

Updates adm-zip from 0.4.4 to 0.5.15

Release notes

Sourced from adm-zip's releases.

v0.5.15

What's Changed

Fix utils canonical to valid posix by @skoniks in cthackers/adm-zip#499

addFile backslash test by @5saviahv in cthackers/adm-zip#500

added addLocalFolderAsync2 by @5saviahv in cthackers/adm-zip#501

fixed windows paths by @roosipuu in cthackers/adm-zip#503

Add Windows build by @5saviahv in cthackers/adm-zip#504

inital "decoder" functionality by @5saviahv in cthackers/adm-zip#505

Bump braces from 3.0.2 to 3.0.3 by @dependabot in cthackers/adm-zip#506

Write out Electron original-fs auto loading by @5saviahv in cthackers/adm-zip#502

using writeZip() twice throws "Invalid LOC header (bad signature)" error by @5saviahv in cthackers/adm-zip#507

Descriptor check & Main Header locating by @5saviahv in cthackers/adm-zip#508

House keeping by @5saviahv in cthackers/adm-zip#509

typo by @5saviahv in cthackers/adm-zip#510

Allow interoperability files with non-UTF-8 (bit 11 = 0) name by @yfdyh000 in cthackers/adm-zip#450

package lock update by @5saviahv in cthackers/adm-zip#511

small updates by @5saviahv in cthackers/adm-zip#513

CodeQL check by @5saviahv in cthackers/adm-zip#514

Keep local extra data by @5saviahv in cthackers/adm-zip#515

Update old test by @5saviahv in cthackers/adm-zip#516

make all errors a function by @5saviahv in cthackers/adm-zip#517

Update date time functions by @5saviahv in cthackers/adm-zip#518

Add a length check when extra field parsed by @code-sunbo in cthackers/adm-zip#520

del...
Description has been truncated

Bumps the npm_and_yarn group with 45 updates: | Package | From | To | | --- | --- | --- | | [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) | `5.2.9` | `10.2.5` | | [express](https://github.com/expressjs/express) | `4.16.3` | `4.19.2` | | [karma](https://github.com/karma-runner/karma) | `2.0.0` | `6.3.16` | | [ajv](https://github.com/ajv-validator/ajv) | `4.11.8` | `6.12.6` | | [@angular/cli](https://github.com/angular/angular-cli) | `1.7.4` | `1.7.4` | | [fsevents](https://github.com/fsevents/fsevents) | `1.1.3` | `1.2.13` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.0` | `1.2.8` | | [mkdirp](https://github.com/isaacs/node-mkdirp) | `0.5.1` | `0.5.6` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.0.11` | `4.7.8` | | [protractor](https://github.com/angular/protractor) | `5.1.2` | `5.4.4` | | [adm-zip](https://github.com/cthackers/adm-zip) | `0.4.4` | `0.5.15` | | [async](https://github.com/caolan/async) | `2.6.0` | `2.6.4` | | [qs](https://github.com/ljharb/qs) | `6.2.3` | `6.4.0` | | [braces](https://github.com/micromatch/braces) | `0.1.5` | `1.8.5` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [ejs](https://github.com/mde/ejs) | `2.5.8` | `2.7.4` | | [elliptic](https://github.com/indutny/elliptic) | `6.4.0` | `6.5.7` | | [eventsource](https://github.com/EventSource/eventsource) | `0.1.6` | `removed` | | [@angular/cli](https://github.com/angular/angular-cli) | `1.7.4` | `18.2.1` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.0.0` | `1.15.6` | | [fsevents](https://github.com/fsevents/fsevents) | `1.1.3` | `2.3.3` | | [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.0` | `1.4.2` | | [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` | | [request](https://github.com/request/request) | `2.75.0` | `2.81.0` | | [tar](https://github.com/isaacs/node-tar) | `2.2.1` | `6.2.1` | | [tunnel-agent](https://github.com/mikeal/tunnel-agent) | `0.4.3` | `0.6.0` | | [loader-utils](https://github.com/webpack/loader-utils) | `0.2.17` | `1.1.0` | | [http-proxy](https://github.com/http-party/node-http-proxy) | `1.16.2` | `1.18.1` | | [https-proxy-agent](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/https-proxy-agent) | `1.0.0` | `2.2.4` | | [js-yaml](https://github.com/nodeca/js-yaml) | `3.11.0` | `3.14.1` | | [json5](https://github.com/json5/json5) | `0.5.1` | `1.0.2` | | [loader-utils](https://github.com/webpack/loader-utils) | `1.1.0` | `1.4.2` | | [lodash](https://github.com/lodash/lodash) | `4.17.5` | `4.17.21` | | [mixin-deep](https://github.com/jonschlinkert/mixin-deep) | `1.3.1` | `1.3.2` | | [randomatic](https://github.com/jonschlinkert/randomatic) | `1.1.7` | `3.1.1` | | [fill-range](https://github.com/jonschlinkert/fill-range) | `2.2.3` | `2.2.4` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.6.1` | `1.8.1` | | [socket.io](https://github.com/socketio/socket.io) | `2.0.4` | `4.7.5` | | [socket.io-parser](https://github.com/Automattic/socket.io-parser) | `3.1.3` | `4.2.4` | | [ws](https://github.com/websockets/ws) | `1.1.5` | `8.17.1` | | [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) | `0.4.4` | `0.4.23` | | [y18n](https://github.com/yargs/y18n) | `3.2.1` | `4.0.3` | | [yargs-parser](https://github.com/yargs/yargs-parser) | `4.2.1` | `11.1.1` | Updates `@angular/core` from 5.2.9 to 10.2.5 - [Release notes](https://github.com/angular/angular/releases) - [Changelog](https://github.com/angular/angular/blob/10.2.5/CHANGELOG.md) - [Commits](https://github.com/angular/angular/commits/10.2.5/packages/core) Updates `express` from 4.16.3 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.16.3...4.19.2) Updates `karma` from 2.0.0 to 6.3.16 - [Release notes](https://github.com/karma-runner/karma/releases) - [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md) - [Commits](karma-runner/karma@v2.0.0...v6.3.16) Updates `ajv` from 4.11.8 to 6.12.6 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@4.11.8...v6.12.6) Updates `@angular/cli` from 1.7.4 to 1.7.4 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v1.7.4...v1.7.4) Updates `fsevents` from 1.1.3 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.1.3...v1.2.13) Updates `minimist` from 1.2.0 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.0...v1.2.8) Updates `mkdirp` from 0.5.1 to 0.5.6 - [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md) - [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6) Updates `handlebars` from 4.0.11 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.0.11...v4.7.8) Updates `protractor` from 5.1.2 to 5.4.4 - [Release notes](https://github.com/angular/protractor/releases) - [Changelog](https://github.com/angular/protractor/blob/5.4.4/CHANGELOG.md) - [Commits](angular/protractor@5.1.2...5.4.4) Updates `adm-zip` from 0.4.4 to 0.5.15 - [Release notes](https://github.com/cthackers/adm-zip/releases) - [Changelog](https://github.com/cthackers/adm-zip/blob/master/history.md) - [Commits](cthackers/adm-zip@v0.4.4...v0.5.15) Updates `async` from 2.6.0 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.0...v2.6.4) Updates `qs` from 6.2.3 to 6.4.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.2.3...v6.4.0) Updates `braces` from 0.1.5 to 1.8.5 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/commits/1.8.5) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `ejs` from 2.5.8 to 2.7.4 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v2.5.8...v2.7.4) Updates `elliptic` from 6.4.0 to 6.5.7 - [Commits](indutny/elliptic@v6.4.0...v6.5.7) Removes `eventsource` Updates `@angular/cli` from 1.7.4 to 18.2.1 - [Release notes](https://github.com/angular/angular-cli/releases) - [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md) - [Commits](angular/angular-cli@v1.7.4...v1.7.4) Updates `follow-redirects` from 1.0.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.0.0...v1.15.6) Updates `fsevents` from 1.1.3 to 2.3.3 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.1.3...v1.2.13) Updates `json-schema` from 0.2.3 to 0.4.0 - [Commits](kriszyp/json-schema@v0.2.3...v0.4.0) Updates `jsprim` from 1.4.0 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.0...v1.4.2) Updates `jsprim` from 1.4.1 to 1.4.2 - [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md) - [Commits](TritonDataCenter/node-jsprim@v1.4.0...v1.4.2) Updates `request` from 2.75.0 to 2.81.0 - [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md) - [Commits](request/request@v2.75.0...v2.81.0) Updates `tar` from 2.2.1 to 6.2.1 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v2.2.1...v6.2.1) Updates `tunnel-agent` from 0.4.3 to 0.6.0 - [Commits](request/tunnel-agent@v0.4.3...v0.6.0) Updates `handlebars` from 4.0.11 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.0.11...v4.7.8) Updates `loader-utils` from 0.2.17 to 1.1.0 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md) - [Commits](webpack/loader-utils@v0.2.17...v1.1.0) Updates `http-proxy` from 1.16.2 to 1.18.1 - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](http-party/node-http-proxy@1.16.2...1.18.1) Updates `https-proxy-agent` from 1.0.0 to 2.2.4 - [Release notes](https://github.com/TooTallNate/proxy-agents/releases) - [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/https-proxy-agent/CHANGELOG.md) - [Commits](https://github.com/TooTallNate/proxy-agents/commits/2.2.4/packages/https-proxy-agent) Updates `js-yaml` from 3.11.0 to 3.14.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.11.0...3.14.1) Updates `json5` from 0.5.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v0.5.1...v1.0.2) Updates `loader-utils` from 1.1.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md) - [Commits](webpack/loader-utils@v0.2.17...v1.1.0) Updates `lodash` from 4.17.5 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.5...4.17.21) Updates `mixin-deep` from 1.3.1 to 1.3.2 - [Commits](jonschlinkert/mixin-deep@1.3.1...1.3.2) Updates `randomatic` from 1.1.7 to 3.1.1 - [Release notes](https://github.com/jonschlinkert/randomatic/releases) - [Commits](jonschlinkert/randomatic@1.1.7...3.1.1) Updates `fill-range` from 2.2.3 to 2.2.4 - [Release notes](https://github.com/jonschlinkert/fill-range/releases) - [Commits](https://github.com/jonschlinkert/fill-range/commits) Updates `shell-quote` from 1.6.1 to 1.8.1 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.6.1...v1.8.1) Updates `socket.io` from 2.0.4 to 4.7.5 - [Release notes](https://github.com/socketio/socket.io/releases) - [Changelog](https://github.com/socketio/socket.io/blob/4.7.5/CHANGELOG.md) - [Commits](socketio/socket.io@2.0.4...4.7.5) Updates `socket.io-parser` from 3.1.3 to 4.2.4 - [Release notes](https://github.com/Automattic/socket.io-parser/releases) - [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md) - [Commits](socketio/socket.io-parser@3.1.3...4.2.4) Updates `ws` from 1.1.5 to 8.17.1 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@1.1.5...8.17.1) Updates `xml2js` from 0.4.4 to 0.4.23 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits) Updates `y18n` from 3.2.1 to 4.0.3 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v3.2.1...y18n-v4.0.3) Updates `yargs-parser` from 4.2.1 to 11.1.1 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md) - [Commits](yargs/yargs-parser@v4.2.1...v11.1.1) --- updated-dependencies: - dependency-name: "@angular/core" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: karma dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ajv dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/cli" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mkdirp dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: protractor dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: adm-zip dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ejs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: eventsource dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@angular/cli" dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json-schema dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsprim dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: request dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tunnel-agent dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: http-proxy dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: https-proxy-agent dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: mixin-deep dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: randomatic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fill-range dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: shell-quote dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: socket.io-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: xml2js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yargs-parser dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group with 41 updates #13

Bump the npm_and_yarn group with 41 updates #13

dependabot bot commented on behalf of github Aug 27, 2024

Bump the npm_and_yarn group with 41 updates #13

Are you sure you want to change the base?

Bump the npm_and_yarn group with 41 updates #13

Conversation

dependabot bot commented on behalf of github Aug 27, 2024

10.2.5 (2021-04-14)

Bug Fixes

10.2.4 (2020-12-17)

Bug Fixes

10.2.3 (2020-11-09)

Bug Fixes

10.2.2 (2020-11-04)

Bug Fixes

Performance Improvements

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

4.18.1 / 2022-04-29

4.18.0 / 2022-04-25

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes

6.3.11 (2022-01-13)

Bug Fixes

6.3.10 (2022-01-08)

Bug Fixes

v6.12.6

v6.12.5

v6.12.4

v6.12.3

v6.12.2

v6.12.1

v6.12.0

v6.11.0

v6.10.2

v6.10.1

v6.10.0

v6.9.0

Release v1.2.13

Release v1.2.11

Intermediate Release

Release v1.2.9 - Node v12 compatibility

Release Pre-NAPI v1.2.8