Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 7 updates #261

Closed
wants to merge 1 commit into from
Closed

Bump the npm_and_yarn group across 1 directory with 7 updates #261

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 16, 2024

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package From To
jsonwebtoken 8.5.1 9.0.0
systeminformation 5.12.1 5.21.7
ua-parser-js 1.0.2 1.0.33
@babel/traverse 7.18.8 7.24.7
braces 3.0.2 3.0.3
http-cache-semantics 4.1.0 4.1.1

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates semver from 7.3.7 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

v7.6.0

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.2 (2024-05-09)

Bug Fixes

7.6.1 (2024-05-04)

Bug Fixes

Dependencies

Chores

7.6.0 (2024-01-31)

Features

Chores

... (truncated)

Commits
  • eb1380b chore: release 7.6.2 (#714)
  • 6466ba9 fix(lru): use map.delete() directly (#713)
  • d777418 chore: release 7.6.1 (#706)
  • 988a8de deps: uninstall lru-cache (#709)
  • 5feeb7f chore: postinstall for dependabot template-oss PR
  • dd09b60 chore: bump @​npmcli/template-oss to 4.22.0
  • c570a34 fix(linting): no-unused-vars
  • ad8ff11 fix: use internal cache implementation
  • 3fabe4d deps: remove lru-cache
  • ec49cdc chore: chore: chore: postinstall for dependabot template-oss PR
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.


Updates systeminformation from 5.12.1 to 5.21.7

Changelog

Sourced from systeminformation's changelog.

Changelog

Major Changes - Version 5

New Functions

  • audio() detailed audio information
  • bluetoothDevices() detailed information detected bluetooth devices
  • dockerImages() detailed information docker images
  • dockerVolumes() detailed information docker volumes
  • printers() detailed printer information
  • usb() detailed USB information
  • wifiInterfaces() detected Wi-Fi interfaces
  • wifiConnections() active Wi-Fi connections

Breaking Changes

Be aware, that the new version 5.x is NOT fully backward compatible to version 4.x ...

We had to make several interface changes to keep systeminformation as consistent as possible. We highly recommend to go through the complete list and adapt your own code to be again compatible to the new version 5.

Function Old New (V5) Comments
unsupported values -1 null values which are unknown orunsupported on platform
battery() hasbatterycyclecountischargingdesignedcapacitymaxcapacityacconnectedtimeremaining hasBatterycycleCountisChargingdesignedCapacitymaxCapacityacConnectedtimeRemaining pascalCase conformity
blockDevices() fstype fsType pascalCase conformity
cpu() speedminspeedmax speedMinspeedMax pascalCase conformity
cpu().speedcpu().speedMincpu().speedMax string values now returningnumerical values better value handling
cpuCurrentspeed() cpuCurrentSpeed() function name changedpascalCase conformity
currentLoad() avgloadcurrentloadcurrentload_usercurrentload_systemcurrentload_nicecurrentload_idlecurrentload_irqraw_currentload avgLoadcurrentLoadcurrentLoadUsercurrentLoadSystemcurrentLoadNicecurrentLoadIdlecurrentLoadIrqrawCurrentLoad pascalCase conformity
dockerContainerStats() mem_usagemem_limitmem_percentcpu_percentcpu_statsprecpu_statsmemory_stats memUsagememLimitmemPercentcpuPercentcpuStatsprecpuStatsmemoryStats pascalCase conformity
dockerContainerProcesses() pid_host pidHost pascalCase conformity
graphics().display pixeldepthresolutionxresolutionysizexsizey pixelDepthresolutionXresolutionYsizeXsizeY pascalCase conformity
networkConnections() localaddresslocalportpeeraddresspeerport localAddresslocalPortpeerAddresspeerPort pascalCase conformity
networkInterfaces() carrier_changes carrierChanges pascalCase conformity
processes() mem_vszmem_rsspcpupcpuupcpuspmem memVszmemRsscpucpuucpusmem pascalCase conformityrenamed attributes
processLoad() result as object result as array of objects function now allows to provide more thanone process (as a comma separated list)
services() pcpupmem cpumem renamed attributes
vbox() HPETPAEAPICX2APICACPIIOAPICbiosAPICmodeTRC hpetpaeapicx2ApicacpiioApicbiosApicModertc pascalCase conformity

Other Improvements and Changes

  • baseboard(): added memMax, memSlots
  • bios(): added language and features (linux)
  • blockDevices() added raid group member (linux)
  • cpu(): extended AMD processor list
  • cpu(): extended socket list (win)
  • cpu(): added virtualization if cpu supports virtualization
  • cpu(): now flags are part of this function
  • cpuTemperature() added socket and chipset temp (linux)

... (truncated)

Commits

Updates ua-parser-js from 1.0.2 to 1.0.33

Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.33 / 1.0.33

  • Add new browser : Cobalt
  • Identify Macintosh as an Apple device
  • Fix ReDoS vulnerability

Version 0.7.32 / 1.0.32

  • Add new browser : DuckDuckGo, Huawei Browser, LinkedIn
  • Add new OS : HarmonyOS
  • Add some Huawei models
  • Add Sharp Aquos TV
  • Improve detection Xiaomi Mi CC9
  • Fix Sony Xperia 1 III misidentified as Acer tablet
  • Fix Detect Sony BRAVIA as SmartTV
  • Fix Detect Xiaomi Mi TV as SmartTV
  • Fix Detect Galaxy Tab S8 as tablet
  • Fix WeGame mistakenly identified as WeChat
  • Fix included commas in Safari / Mobile Safari version
  • Increase UA_MAX_LENGTH to 350
Commits
  • 67005e3 Update patch version to 1.0.33 as a mirror of 0.7.33
  • f2d0db0 Bump version 0.7.33
  • a6140a1 Remove unsafe regex in trim() function
  • a886604 Fix #605 - Identify Macintosh as Apple device
  • b814bcd Merge pull request #606 from rileyjshaw/patch-1
  • 7f71024 Fix documentation
  • c239ac5 Merge pull request #604 from obecerra3/master
  • 8d3c2d3 Add new browser: Cobalt
  • a2b2e80 Update patch version to 1.0.32 as a mirror of 0.7.32
  • d11fc47 Bump version 0.7.32
  • Additional commits viewable in compare view

Updates @babel/traverse from 7.18.8 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

🏠 Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

Committers: 7

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

🏠 Internal

  • babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers
  • babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-parser, babel-traverse
  • Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

🏠 Internal

  • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

v7.24.6 (2024-05-24)

🐛 Bug Fix

  • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
    • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
  • babel-parser, babel-plugin-transform-typescript

🏠 Internal

  • babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-helpers
  • babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-parser, babel-traverse
  • Other

v7.24.5 (2024-04-29)

🐛 Bug Fix

  • babel-plugin-transform-classes, babel-traverse
  • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

💅 Polish

  • babel-parser

... (truncated)

Commits

Updates braces from 3.0.2 to 3.0.3

Commits

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 7 updates
b0f8ce8 
Bumps the npm_and_yarn group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` |
| [systeminformation](https://github.com/sebhildebrandt/systeminformation) | `5.12.1` | `5.21.7` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `1.0.2` | `1.0.33` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.18.8` | `7.24.7` |
| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |
| [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` |



Updates `jsonwebtoken` from 8.5.1 to 9.0.0
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

Updates `semver` from 7.3.7 to 7.6.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.3.7...v7.6.2)

Updates `systeminformation` from 5.12.1 to 5.21.7
- [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
- [Commits](sebhildebrandt/systeminformation@v5.12.1...v5.21.7)

Updates `ua-parser-js` from 1.0.2 to 1.0.33
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@1.0.2...1.0.33)

Updates `@babel/traverse` from 7.18.8 to 7.24.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-traverse)

Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

Updates `http-cache-semantics` from 4.1.0 to 4.1.1
- [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: semver
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: systeminformation
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: ua-parser-js
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 16, 2024
This was referenced Jun 16, 2024
Closed
Closed
Closed
Closed
Closed
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 19, 2024

Superseded by #262.

@dependabot dependabot bot closed this Jun 19, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-161cbf7f71 branch June 19, 2024 15:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants