Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates #8

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 29, 2024

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
express 4.18.2 4.19.2
@grpc/grpc-js 1.9.2 1.11.1
braces 3.0.2 3.0.3
fast-xml-parser 4.3.4 4.4.1
follow-redirects 1.15.5 1.15.6

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

New Contributors

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Other Changes

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

  • Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

  • Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

Commits
  • 04bc627 4.19.2
  • da4d763 Improved fix for open redirect allow list bypass
  • 4f0f6cc 4.19.1
  • a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
  • a1fa90f fixed un-edited version in history.md for 4.19.0
  • 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
  • 084e365 4.19.0
  • 0867302 Prevent open redirect allow list bypass due to encodeurl
  • 567c9c6 Add note on how to update docs for new release (#5541)
  • 69a4cf2 deps: [email protected]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.


Updates @grpc/grpc-js from 1.9.2 to 1.11.1

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.1

  • Revert a change that used APIs that were not available in early minor versions of Node 14 (#2799 contributed by @​xqin)

@​grpc/grpc-js-xds 1.11.0

  • Add xDS Servers (#2783)
    • Note: this is primarily a foundation for future features. It doesn't actually do much right now.
  • Add support for dualstack socket support in xDS clients (#2665)

@​grpc/grpc-js 1.11.0

Changelog

  • Add Server connection injection API as described in gRFC L114 (#2675)
  • Implement support for an alternate DNS resolver that supports custom authorities (#2776 contributed by @​gkampitakis)
  • Add a channel option to configure retry attempt limits (#2795)
  • Add a getHost method to server call objects (#2783, #2793)
  • Fix typos and omissions in service config validation errors (#2782 contributed by @​matthewbinshtok)

Experimental API changes

Added:

  • splitHostPort
  • HostPort
  • createServerCredentialsWithInterceptors

@​grpc/grpc-js 1.10.11

  • Fix a bug that caused clients to reconnect unnecessarily while no requests are pending. (#2784)
  • Fix a bug that caused clients to fail to re-establish existing connections while waiting for DNS results (#2784)
  • Fix a bug that caused servers to sometimes not close idle connections depending on timing (#2790)
  • Fix a bug that caused calls to be pending indefinitely while unable to start after a channel is closed (#2791)

@​grpc/grpc-js 1.10.10

  • Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
  • Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
  • Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
  • Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
  • Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

  • Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

  • Improve reporting of HTTP error codes (#2723)
  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

  • Fix a bug that could cause a server to sometimes send the status early (#2708)

... (truncated)

Commits
  • 43032b1 Merge pull request #2800 from murgatroid99/grpc-js_1.11.1
  • 2ecd53d grpc-js: Bump to 1.11.1
  • 4da4fdc Merge pull request #2799 from xqin/master
  • 996a637 support node v14 again
  • 87ea7ce Merge pull request #2797 from murgatroid99/grpc-js_1.11.0_real
  • 2ee8911 grpc-js: Bump packages to 1.11.0, and update documentation
  • 7e4c8f0 Merge pull request #2796 from murgatroid99/grpc-js_1.11.0
  • bf8e071 grpc-js: Bump packages to 1.11.0, and update documentation
  • e13d5e7 Merge pull request #2793 from murgatroid99/grpc-js_server_call_get_host
  • d60f516 Merge pull request #2795 from murgatroid99/grpc-js_retry_limit_option
  • Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

Updates fast-xml-parser from 4.3.4 to 4.4.1

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.1 / 2024-07-28

  • v5 fix: maximum length limit to currency value
  • fix #634: build attributes with oneListGroup and attributesGroupName (#653)(By Andreas Naziris)
  • fix: get oneListGroup to work as expected for array of strings (#662)(By Andreas Naziris)

4.4.0 / 2024-05-18

  • fix #654: parse attribute list correctly for self closing stop node.
  • fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
  • fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

4.3.5 / 2024-02-24

  • code for v5 is added for experimental use

4.3.4 / 2024-01-10

  • fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

  • Remove unnecessary regex

4.3.2 / 2023-10-02

4.3.1 / 2023-09-24

  • revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

4.2.7 / 2023-07-30

  • Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
  • Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

4.2.5 / 2023-06-22

  • change code implementation

4.2.4 / 2023-06-06

  • fix security bug

4.2.3 / 2023-06-05

  • fix security bug

... (truncated)

Commits
  • d40e29c update package detail and browser bundles
  • d0bfe8a fix maxlength for currency value
  • 2c14fcf Update bug-report-or-unexpected-output.md
  • acf610f fix #634: build attributes with oneListGroup and attributesGroupName (#653)
  • 931e910 fix: get oneListGroup to work as expected for array of strings (#662)
  • b8e40c8 Update ISSUE_TEMPLATE.md
  • a6265ba chore: add trend image (#658)
  • db1c548 redesign README.md
  • 338a2c6 Rename 1.Getting Started.md to 1.GettingStarted.md
  • c762537 Rename v5 docs filenames (#659)
  • Additional commits viewable in compare view

Updates follow-redirects from 1.15.5 to 1.15.6

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 5 up…
e5922b9 
…dates

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [express](https://github.com/expressjs/express) | `4.18.2` | `4.19.2` |
| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.9.2` | `1.11.1` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.3.4` | `4.4.1` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.5` | `1.15.6` |



Updates `express` from 4.18.2 to 4.19.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

Updates `@grpc/grpc-js` from 1.9.2 to 1.11.1
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected])

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `fast-xml-parser` from 4.3.4 to 4.4.1
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](NaturalIntelligence/fast-xml-parser@v4.3.4...v4.4.1)

Updates `follow-redirects` from 1.15.5 to 1.15.6
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.5...v1.15.6)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fast-xml-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant