build(deps-dev): Bump the npm_and_yarn group across 1 directory with 2 updates #4

dependabot · 2024-10-15T14:18:59Z

Bumps the npm_and_yarn group with 2 updates in the / directory: axios and class-validator.

Updates axios from 0.21.4 to 1.7.7

Release notes

Release v1.7.7

Release notes:

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)

http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Rishi556

Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)

fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Dmitriy Mozgovoy

Jacques Germishuys

kuroino721

Release v1.7.5

Release notes:

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)

core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)

core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)

fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Dmitriy Mozgovoy

Antonin Bas

Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)

http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

Rishi556

Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

fetch: fix content length calculation for FormData payload; (#6524) (085f568)

fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

Dmitriy Mozgovoy

Jacques Germishuys

kuroino721

1.7.5 (2024-08-23)

Bug Fixes

adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)

core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)

core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)

fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

Dmitriy Mozgovoy

Antonin Bas

Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)

sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

5b8a826 chore(release): v1.7.7 (#6585)
364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
d584fcf chore(release): v1.7.6 (#6583)
bc03c6c chore(examples): fix module import (#6575)
df9889b fix(fetch): optimize signals composing logic; (#6582)
ee208cf chore(sponsor): update sponsor block (#6576)
085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
59cd6b0 chore(release): v1.7.5 (#6574)
6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
Additional commits viewable in compare view

Updates class-validator from 0.13.2 to 0.14.1

Release notes

Sourced from class-validator's releases.

v0.14.1

What's Changed

fix: fail for non-array constraint in @IsIn decorator by @NoNameProvided in typestack/class-validator#1844

feat: allow specifying options for @IsBase64 decorator by @NoNameProvided in typestack/class-validator#1845

feat: use official type for version in @IsUUID decorator by @NoNameProvided in typestack/class-validator#1846

build(deps-dev): bump @types/node from 18.11.12 to 18.11.13 by @dependabot in typestack/class-validator#1847

build(deps): bump libphonenumber-js from 1.10.14 to 1.10.15 by @dependabot in typestack/class-validator#1848

build(deps-dev): bump @typescript-eslint/eslint-plugin from 5.46.0 to 5.46.1 by @dependabot in typestack/class-validator#1850

build(deps-dev): bump @types/node from 18.11.13 to 18.11.14 by @dependabot in typestack/class-validator#1851

build(deps-dev): bump @typescript-eslint/parser from 5.46.0 to 5.46.1 by @dependabot in typestack/class-validator#1852

build(deps-dev): bump @types/node from 18.11.14 to 18.11.15 by @dependabot in typestack/class-validator#1854

build(deps-dev): bump @rollup/plugin-commonjs from 23.0.4 to 23.0.5 by @dependabot in typestack/class-validator#1855

docs: fix typos and reformat decorators table by @carlocorradini in typestack/class-validator#1849

fix: allow number and boolean values in validation message "$value" tokens by @kffl in typestack/class-validator#1467

feat: update @IsPhoneNumber decorator to use max dataset by @NoNameProvided in typestack/class-validator#1857

fix: read nullable option in @IsNotEmptyObject decorator correctly by @arkist in typestack/class-validator#1555

build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.1.7 by @dependabot in typestack/class-validator#1859

build(deps-dev): bump eslint from 8.29.0 to 8.30.0 by @dependabot in typestack/class-validator#1860

build(deps-dev): bump @rollup/plugin-commonjs from 23.0.5 to 24.0.0 by @dependabot in typestack/class-validator#1862

build(deps-dev): bump @types/node from 18.11.15 to 18.11.17 by @dependabot in typestack/class-validator#1861

build(deps-dev): bump @typescript-eslint/eslint-plugin from 5.46.1 to 5.47.0 by @dependabot in typestack/class-validator#1864

build(deps-dev): bump @typescript-eslint/parser from 5.46.1 to 5.47.0 by @dependabot in typestack/class-validator#1865

build(deps-dev): bump @typescript-eslint/parser from 5.47.0 to 5.47.1 by @dependabot in typestack/class-validator#1870

build(deps-dev): bump @typescript-eslint/eslint-plugin from 5.47.0 to 5.47.1 by @dependabot in typestack/class-validator#1872

build(deps-dev): bump @types/node from 18.11.17 to 18.11.18 by @dependabot in typestack/class-validator#1871

build(deps-dev): bump @types/jest from 29.2.4 to 29.2.5 by @dependabot in typestack/class-validator#1875

build(deps): bump json5 from 2.2.1 to 2.2.3 by @dependabot in typestack/class-validator#1878

build(deps-dev): bump eslint from 8.30.0 to 8.31.0 by @dependabot in typestack/class-validator#1876

build(deps-dev): bump eslint-plugin-jest from 27.1.7 to 27.2.0 by @dependabot in typestack/class-validator#1877

build(deps-dev): bump @typescript-eslint/parser from 5.47.1 to 5.48.0 by @dependabot in typestack/class-validator#1879

build(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0 by @dependabot in typestack/class-validator#1881

build(deps-dev): bump @typescript-eslint/eslint-plugin from 5.47.1 to 5.48.0 by @dependabot in typestack/class-validator#1880

build(deps): bump libphonenumber-js from 1.10.15 to 1.10.16 by @dependabot in typestack/class-validator#1886

build(deps-dev): bump eslint-plugin-jest from 27.2.0 to 27.2.1 by @dependabot in typestack/class-validator#1890

build(deps): bump libphonenumber-js from 1.10.16 to 1.10.17 by @dependabot in typestack/class-validator#1892

build(deps-dev): bump prettier from 2.8.1 to 2.8.2 by @dependabot in typestack/class-validator#1891

build(deps-dev): bump @typescript-eslint/eslint-plugin from 5.48.0 to 5.48.1 by @dependabot in typestack/class-validator#1894

build(deps-dev): bump @typescript-eslint/parser from 5.48.0 to 5.48.1 by @dependabot in typestack/class-validator#1893

build(deps): bump libphonenumber-js from 1.10.17 to 1.10.18 by @dependabot in typestack/class-validator#1895

build(deps-dev): bump ts-jest from 29.0.3 to 29.0.4 by @dependabot in typestack/class-validator#1898

build(deps-dev): bump rimraf from 3.0.2 to 4.0.4 by @dependabot in typestack/class-validator#1900

build(deps-dev): bump eslint from 8.31.0 to 8.32.0 by @dependabot in typestack/class-validator#1902

build(deps-dev): bump prettier from 2.8.2 to 2.8.3 by @dependabot in typestack/class-validator#1905

build(deps-dev): bump ts-jest from 29.0.4 to 29.0.5 by @dependabot in typestack/class-validator#1904

build(deps-dev): bump rimraf from 4.0.4 to 4.0.7 by @dependabot in typestack/class-validator#1903

build(deps-dev): bump @typescript-eslint/parser from 5.48.1 to 5.48.2 by @dependabot in typestack/class-validator#1908

build(deps-dev): bump @typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2 by @dependabot in typestack/class-validator#1910

build(deps-dev): bump rimraf from 4.0.7 to 4.1.0 by @dependabot in typestack/class-validator#1909

build(deps-dev): bump rimraf from 4.1.0 to 4.1.1 by @dependabot in typestack/class-validator#1911

build(deps-dev): bump @types/jest from 29.2.5 to 29.2.6 by @dependabot in typestack/class-validator#1912

... (truncated)

Changelog

Sourced from class-validator's changelog.

Changelog

This changelog follows the [keep a changelog][keep-a-changelog] format to maintain a human readable changelog.

0.14.0 (2022-12-09)

Added

add @IsTimeZone decorator to check if given string is valid IANA time zone

add @IsISO4217CurrencyCode decorator to check if the string is an ISO 4217 currency code

add @IsStrongPassword decorator to check if given password matches specific complexity criteria

add @IsBase58 decorator to check if a string is base58 encoded

add @IsTaxId decorator to check if a given string is a valid tax ID in a given locale

add support for passing function as date generator in @MinDate and @MaxDate decorators

add option to print constraint error message instead of constraint type in validation error

improve decorator metadata lookup performance

return possible values in error message for @IsEnum decorator

Fixed

re-added @types/validator as dependency

fix error generation when using @NestedValidation

pass validation options correctly to validator in @IsDateString decorator

support passing Symbol as parameter in error message generation

specify supported locales for @IsAlphanumeric decorator

correctly assign decorator name in metadata instead of loosing it

fix various spelling errors in documentation

fix various spelling errors and inconsistencies in JSDoc for decorators

Changed

enable forbidUnknownValues option by default

remove documentation about deprecated schema based validation and added warning

update warning message logged about missing decorator metadata

update libphonenumber-js to ^1.10.14 from ^1.9.43

update various dev-dependencies

BREAKING CHANGES

forbidUnknownValues option is enabled by default

From this release the forbidUnknownValues is enabled by default. This is the desired behavior for majority of use-cases, but this change may break validation for some. The two scenarios that results in failed validation:

when attempting to validate a class instance without metadata for it

when using group validation and the specified validation group results in zero validation applied

The old behavior can be restored via specifying forbidUnknownValues: false option when calling the validate functions.

For more details see [PR #1798](typestack/class-validator#1798) and #1422 (comment).

... (truncated)

Commits

adffae3 bump package-lock version from 0.14.0 to 0.14.1 (#2375)
0a18ea2 [UPDATE] bump repo version (#2372)
19f290f build(deps-dev): bump @types/node from 20.10.8 to 20.11.0 (#2369)
0042559 Fix validator imports (#2360)
611f833 build(deps-dev): bump @types/node from 20.10.7 to 20.10.8 (#2359)
b76fab3 build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.2 (#2358)
e8f3c8a build(deps-dev): bump @types/node from 20.10.6 to 20.10.7 (#2355)
6d176e2 build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 (#2353)
d16211c build(deps-dev): bump @types/node from 20.10.5 to 20.10.6 (#2351)
3ab54c4 build(deps): bump libphonenumber-js from 1.10.52 to 1.10.53 (#2348)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

…2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [axios](https://github.com/axios/axios) and [class-validator](https://github.com/typestack/class-validator). Updates `axios` from 0.21.4 to 1.7.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.21.4...v1.7.7) Updates `class-validator` from 0.13.2 to 0.14.1 - [Release notes](https://github.com/typestack/class-validator/releases) - [Changelog](https://github.com/typestack/class-validator/blob/develop/CHANGELOG.md) - [Commits](typestack/class-validator@v0.13.2...v0.14.1) --- updated-dependencies: - dependency-name: axios dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: class-validator dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

socket-security · 2024-10-15T14:19:26Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	network Transitive: environment, filesystem	`+8`	2.5 MB	jasonsaayman
npm/[email protected]	None	`+3`	14.3 MB	typestack-release-bot
npm/[email protected]	None	`0`	15.5 kB	turbopope
npm/[email protected]	environment	`+4`	145 kB	ljharb
npm/[email protected]	None	`0`	295 kB	rbuckton
npm/[email protected]	None	`0`	27.8 kB	benjamn
npm/[email protected]	filesystem	`+2`	895 kB	linusu
npm/[email protected]	filesystem, network	`0`	226 kB	eemeli
npm/[email protected]	Transitive: eval	`+7`	341 kB	stefanpenner
npm/[email protected]	None	`0`	6.41 MB	kwonoj
npm/[email protected]	Transitive: filesystem, shell	`+7`	2.88 MB	fabiosantoscode
npm/[email protected]	None	`0`	681 kB	eemeli
npm/[email protected]	environment, filesystem, network, shell, unsafe	`+2`	893 kB	google-wombot

🚮 Removed packages: npm/[email protected], npm/[email protected]

View full report↗︎

dependabot · 2024-10-16T00:09:01Z