Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump the npm_and_yarn group with 9 updates (#110)
Bumps the npm_and_yarn group with 9 updates: | Package | From | To | | --- | --- | --- | | [next](https://github.com/vercel/next.js) | `15.0.1` | `15.1.2` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.10` | `5.4.12` | | [@eslint/plugin-kit](https://github.com/eslint/rewrite) | `0.2.1` | `0.2.5` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` | | [elliptic](https://github.com/indutny/elliptic) | `6.6.0` | `6.6.1` | | [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` | | [store2](https://github.com/nbubna/store) | `2.14.2` | `2.14.4` | | [ws](https://github.com/websockets/ws) | `8.14.2` | `8.18.0` | Updates `next` from 15.0.1 to 15.1.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.1.2</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Update React from 7283a213-20241206 to 65e06cb7-20241218: <a href="https://redirect.github.com/vercel/next.js/pull/74117">vercel/next.js#74117</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.1.1</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix(turbo): sassOptions silenceDeprecations was not overwritten with user options: <a href="https://redirect.github.com/vercel/next.js/pull/73937">vercel/next.js#73937</a></li> <li>refactor collectAppPageSegments: <a href="https://redirect.github.com/vercel/next.js/pull/73908">vercel/next.js#73908</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v15.1.1-canary.27</h2> <h3>Core Changes</h3> <ul> <li>Update font data: <a href="https://redirect.github.com/vercel/next.js/issues/74572">#74572</a></li> <li>Upgrade React from <code>3b009b4c-20250102</code> to <code>3ce77d55-20250106</code>: <a href="https://redirect.github.com/vercel/next.js/issues/74557">#74557</a></li> <li>[metadata] Change the array head to single node in flight data: <a href="https://redirect.github.com/vercel/next.js/issues/74299">#74299</a></li> <li>[DevOverlay] Add Toolbar: <a href="https://redirect.github.com/vercel/next.js/issues/74555">#74555</a></li> <li>restore deleted comment in next-app-loader: <a href="https://redirect.github.com/vercel/next.js/issues/74597">#74597</a></li> <li>Turbopack dev: Remove client to server websocket ping event: <a href="https://redirect.github.com/vercel/next.js/issues/74584">#74584</a></li> </ul> <h3>Example Changes</h3> <ul> <li>chore(examples): update React in reproduction templates to stable 19: <a href="https://redirect.github.com/vercel/next.js/issues/74499">#74499</a></li> </ul> <h3>Misc Changes</h3> <ul> <li>chore(github): update issue_stale token to release bot token: <a href="https://redirect.github.com/vercel/next.js/issues/74575">#74575</a></li> <li>chore(ci): Ensure all 6 shards are used equally in deploy tests: <a href="https://redirect.github.com/vercel/next.js/issues/74574">#74574</a></li> <li>fix: force module format for virtual client-proxy file: <a href="https://redirect.github.com/vercel/next.js/issues/74162">#74162</a></li> <li>[Turbopack] fix shadow-rs build caching: <a href="https://redirect.github.com/vercel/next.js/issues/74579">#74579</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/samcx"><code>@samcx</code></a>, <a href="https://github.com/nnnnoel"><code>@nnnnoel</code></a>, <a href="https://github.com/lubieowoce"><code>@lubieowoce</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/sokra"><code>@sokra</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, and <a href="https://github.com/timneutkens"><code>@timneutkens</code></a> for helping!</p> <h2>v15.1.1-canary.26</h2> <h3>Core Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/df392a1b9748d5e88eeffbab6ba9e00c0aa9473a"><code>df392a1</code></a> v15.1.2</li> <li><a href="https://github.com/vercel/next.js/commit/40c9424beba3fae7fac341e73e50db0895326bec"><code>40c9424</code></a> Backport (v15): Update React from 7283a213-20241206 to 65e06cb7-20241218 (<a href="https://redirect.github.com/vercel/next.js/issues/74">#74</a>...</li> <li><a href="https://github.com/vercel/next.js/commit/4384c6834aee842dcd28b28f6aa476b0b86dae60"><code>4384c68</code></a> v15.1.1</li> <li><a href="https://github.com/vercel/next.js/commit/d13786347567c5d52a2209914cc71e48e600d8ce"><code>d137863</code></a> run build_and_test workflow on backport branch</li> <li><a href="https://github.com/vercel/next.js/commit/d27bb14b6880b7bbb27b91da902c87d4686cc515"><code>d27bb14</code></a> backport: fix(turbo): sassOptions silenceDeprecations was not overwritten wit...</li> <li><a href="https://github.com/vercel/next.js/commit/0c8187a312d532d1af3b61f50f7c84cb02fbe9bb"><code>0c8187a</code></a> Add NEXT_PRIVATE_SKIP_CANARY_CHECK env for bench job (<a href="https://redirect.github.com/vercel/next.js/issues/73763">#73763</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e83ab18c4c8d0ea1016ce68e03099d1ca1fa86d1"><code>e83ab18</code></a> backport: refactor collectAppPageSegments (<a href="https://redirect.github.com/vercel/next.js/issues/73996">#73996</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/ada25fc25ee49fef2922d381691c8889893c585e"><code>ada25fc</code></a> Designate as backport branch</li> <li><a href="https://github.com/vercel/next.js/commit/dafcd43fac3ef9d0ffd94f9c94fd61db4449df25"><code>dafcd43</code></a> v15.1.0</li> <li><a href="https://github.com/vercel/next.js/commit/2deb35d487f20d0e0459b29e313b8f2d4e793fde"><code>2deb35d</code></a> v15.0.4-canary.52</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v15.0.1...v15.1.2">compare view</a></li> </ul> </details> <br /> Updates `vite` from 5.4.10 to 5.4.12 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v5.4.12</h2> <p>This version contains a breaking change due to security fixes. See <a href="https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6">https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6</a> for more details.</p> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/ecd2375460edb4ae258fed4abe6c6f6ed7323b23/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->5.4.12 (2025-01-20)<!-- raw HTML omitted --></h2> <ul> <li>fix!: check host header to prevent DNS rebinding attacks and introduce <code>server.allowedHosts</code> (<a href="https://github.com/vitejs/vite/commit/9da4abc8dde7f032ca1f23f425c2060b9b9ebd34">9da4abc</a>)</li> <li>fix!: default <code>server.cors: false</code> to disallow fetching from untrusted origins (<a href="https://github.com/vitejs/vite/commit/dfea38f1ff9f6fc0f0ca57927c527b0b9ffd2210">dfea38f</a>)</li> <li>fix: verify token for HMR WebSocket connection (<a href="https://github.com/vitejs/vite/commit/b71a5c89a1b4b913813ae665e6e04dd9d18c189c">b71a5c8</a>)</li> <li>chore: add deps update changelog (<a href="https://github.com/vitejs/vite/commit/ecd2375460edb4ae258fed4abe6c6f6ed7323b23">ecd2375</a>)</li> </ul> <h2><!-- raw HTML omitted -->5.4.11 (2024-11-11)<!-- raw HTML omitted --></h2> <ul> <li>fix(deps): update dependencies of postcss-modules (<a href="https://github.com/vitejs/vite/commit/ceb15db613d107e29f7cc1d441364f7b5c831ed3">ceb15db</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/18617">#18617</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/f428aa9af8534b214abb09fe4456653eb09913e7"><code>f428aa9</code></a> release: v5.4.12</li> <li><a href="https://github.com/vitejs/vite/commit/9da4abc8dde7f032ca1f23f425c2060b9b9ebd34"><code>9da4abc</code></a> fix!: check host header to prevent DNS rebinding attacks and introduce `serve...</li> <li><a href="https://github.com/vitejs/vite/commit/b71a5c89a1b4b913813ae665e6e04dd9d18c189c"><code>b71a5c8</code></a> fix: verify token for HMR WebSocket connection</li> <li><a href="https://github.com/vitejs/vite/commit/dfea38f1ff9f6fc0f0ca57927c527b0b9ffd2210"><code>dfea38f</code></a> fix!: default <code>server.cors: false</code> to disallow fetching from untrusted origins</li> <li><a href="https://github.com/vitejs/vite/commit/ecd2375460edb4ae258fed4abe6c6f6ed7323b23"><code>ecd2375</code></a> chore: add deps update changelog</li> <li><a href="https://github.com/vitejs/vite/commit/c54c860f9d90e4074e5321648f9c5ee9fbda7038"><code>c54c860</code></a> release: v5.4.11</li> <li>See full diff in <a href="https://github.com/vitejs/vite/commits/v5.4.12/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `@eslint/plugin-kit` from 0.2.1 to 0.2.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eslint/rewrite/releases"><code>@eslint/plugin-kit</code>'s releases</a>.</em></p> <blockquote> <h2>plugin-kit: v0.2.5</h2> <h2><a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.2.4...plugin-kit-v0.2.5">0.2.5</a> (2025-01-09)</h2> <h3>Bug Fixes</h3> <ul> <li>make <code>plugin-kit</code> types usable in CommonJS (<a href="https://redirect.github.com/eslint/rewrite/issues/143">#143</a>) (<a href="https://github.com/eslint/rewrite/commit/f77ba177d4e4c5d2ed828cfd9a5149df2ccb3a7f">f77ba17</a>)</li> </ul> <h3>Dependencies</h3> <ul> <li>The following workspace dependencies were updated <ul> <li>dependencies <ul> <li><code>@eslint/core</code> bumped from ^0.9.1 to ^0.10.0</li> </ul> </li> </ul> </li> </ul> <h2>plugin-kit: v0.2.4</h2> <h2><a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.2.3...plugin-kit-v0.2.4">0.2.4</a> (2024-12-04)</h2> <h3>Bug Fixes</h3> <ul> <li>Update RuleVisitor type (<a href="https://redirect.github.com/eslint/rewrite/issues/135">#135</a>) (<a href="https://github.com/eslint/rewrite/commit/156d601181deb362a2864c4d47d4e3da8609500b">156d601</a>)</li> </ul> <h3>Dependencies</h3> <ul> <li>The following workspace dependencies were updated <ul> <li>devDependencies <ul> <li><code>@eslint/core</code> bumped from ^0.9.0 to ^0.9.1</li> </ul> </li> </ul> </li> </ul> <h2>plugin-kit: v0.2.3</h2> <h2><a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.2.2...plugin-kit-v0.2.3">0.2.3</a> (2024-11-14)</h2> <h3>Dependencies</h3> <ul> <li>The following workspace dependencies were updated <ul> <li>devDependencies <ul> <li><code>@eslint/core</code> bumped from ^0.8.0 to ^0.9.0</li> </ul> </li> </ul> </li> </ul> <h2>plugin-kit: v0.2.2</h2> <h2><a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.2.1...plugin-kit-v0.2.2">0.2.2</a> (2024-10-25)</h2> <h3>Dependencies</h3> <ul> <li>The following workspace dependencies were updated <ul> <li>devDependencies <ul> <li><code>@eslint/core</code> bumped from ^0.7.0 to ^0.8.0</li> </ul> </li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eslint/rewrite/commit/7f291c70eafb050420d86092f7cd03f9c6a96207"><code>7f291c7</code></a> chore: release main (<a href="https://redirect.github.com/eslint/rewrite/issues/139">#139</a>)</li> <li><a href="https://github.com/eslint/rewrite/commit/d9e862830c546dd370814076e0136afb2f033b22"><code>d9e8628</code></a> docs: Update README sponsors</li> <li><a href="https://github.com/eslint/rewrite/commit/f77ba177d4e4c5d2ed828cfd9a5149df2ccb3a7f"><code>f77ba17</code></a> fix: make <code>plugin-kit</code> types usable in CommonJS (<a href="https://redirect.github.com/eslint/rewrite/issues/143">#143</a>)</li> <li><a href="https://github.com/eslint/rewrite/commit/42dd587785e9b05257aee3c77936af06dd5b47a2"><code>42dd587</code></a> docs: Update README sponsors</li> <li><a href="https://github.com/eslint/rewrite/commit/1c9ca4d0a4726218948a92ebc2e8be7a13d224d4"><code>1c9ca4d</code></a> feat: Check messageIds in context.report() (<a href="https://redirect.github.com/eslint/rewrite/issues/140">#140</a>)</li> <li><a href="https://github.com/eslint/rewrite/commit/43416a1d1a083788f6616add283c5bfa89d38d6d"><code>43416a1</code></a> docs: Update README sponsors</li> <li><a href="https://github.com/eslint/rewrite/commit/2489251682726cb166c0cf13d3279eed0e461241"><code>2489251</code></a> ci: Post to Bluesky for releases (<a href="https://redirect.github.com/eslint/rewrite/issues/141">#141</a>)</li> <li><a href="https://github.com/eslint/rewrite/commit/072ed84122b6b33a75174215aff3411b327cb76f"><code>072ed84</code></a> docs: Update README sponsors</li> <li><a href="https://github.com/eslint/rewrite/commit/95749c8e1ba707fa5db8dae135678f536a2444cd"><code>95749c8</code></a> docs: Update README sponsors</li> <li><a href="https://github.com/eslint/rewrite/commit/0e09a420009796ceb4157ebe0dcee1348fdc4b75"><code>0e09a42</code></a> docs: Update README sponsors</li> <li>Additional commits viewable in <a href="https://github.com/eslint/rewrite/compare/plugin-kit-v0.2.1...plugin-kit-v0.2.5">compare view</a></li> </ul> </details> <br /> Updates `braces` from 3.0.2 to 3.0.3 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d"><code>74b2db2</code></a> 3.0.3</li> <li><a href="https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li> <li><a href="https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li> <li><a href="https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856"><code>716eb9f</code></a> readme bump</li> <li><a href="https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li> <li><a href="https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li> <li><a href="https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d"><code>98414f9</code></a> remove funding file</li> <li><a href="https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li> </ul> </details> <br /> Updates `cross-spawn` from 7.0.3 to 7.0.6 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md">cross-spawn's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/moxystudio/node-cross-spawn/compare/v7.0.5...v7.0.6">7.0.6</a> (2024-11-18)</h3> <h3>Bug Fixes</h3> <ul> <li>update cross-spawn version to 7.0.5 in package-lock.json (<a href="https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176">f700743</a>)</li> </ul> <h3><a href="https://github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5">7.0.5</a> (2024-11-07)</h3> <h3>Bug Fixes</h3> <ul> <li>fix escaping bug introduced by backtracking (<a href="https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f">640d391</a>)</li> </ul> <h3><a href="https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4">7.0.4</a> (2024-11-07)</h3> <h3>Bug Fixes</h3> <ul> <li>disable regexp backtracking (<a href="https://redirect.github.com/moxystudio/node-cross-spawn/issues/160">#160</a>) (<a href="https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff">5ff3a07</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/77cd97f3ca7b62c904a63a698fc4a79bf41977d0"><code>77cd97f</code></a> chore(release): 7.0.6</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/6717de49ff1e5de49622488dcb9c33fb25370c85"><code>6717de4</code></a> chore: upgrade standard-version</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176"><code>f700743</code></a> fix: update cross-spawn version to 7.0.5 in package-lock.json</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/9a7e3b2165917367f74b8365faad9873b30d7263"><code>9a7e3b2</code></a> chore: fix build status badge</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/085268352dcbcad8064c64c5efb25268b4023184"><code>0852683</code></a> chore(release): 7.0.5</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"><code>640d391</code></a> fix: fix escaping bug introduced by backtracking</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/bff0c87c8b627c4e6d04ec2449e733048bebb464"><code>bff0c87</code></a> chore: remove codecov</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/a7c6abc6fee79641d45b452fe6217deaa1bd0973"><code>a7c6abc</code></a> chore: replace travis with github workflows</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/9b9246e0969e86656d7ccd527716bc3c18842a19"><code>9b9246e</code></a> chore(release): 7.0.4</li> <li><a href="https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"><code>5ff3a07</code></a> fix: disable regexp backtracking (<a href="https://redirect.github.com/moxystudio/node-cross-spawn/issues/160">#160</a>)</li> <li>Additional commits viewable in <a href="https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6">compare view</a></li> </ul> </details> <br /> Updates `elliptic` from 6.6.0 to 6.6.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/9b77436a59cc35eccf4ffb848259c8762a492ee7"><code>9b77436</code></a> 6.6.1</li> <li><a href="https://github.com/indutny/elliptic/commit/04cb6f54ce552b3ebde6be06d6050419e1c7333e"><code>04cb6f5</code></a> Merge commit from fork</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.6.0...v6.6.1">compare view</a></li> </ul> </details> <br /> Updates `nanoid` from 3.3.7 to 3.3.8 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ai/nanoid/blob/main/CHANGELOG.md">nanoid's changelog</a>.</em></p> <blockquote> <h2>3.3.8</h2> <ul> <li>Fixed a way to break Nano ID by passing non-integer size (by <a href="https://github.com/myndzi"><code>@myndzi</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ai/nanoid/commit/3044cd5e73f4cf31795f61f6e6b961c8c0a5c744"><code>3044cd5</code></a> Release 3.3.8 version</li> <li><a href="https://github.com/ai/nanoid/commit/4fe34959c34e5b3573889ed4f24fe91d1d3e7231"><code>4fe3495</code></a> Update size limit</li> <li><a href="https://github.com/ai/nanoid/commit/d643045f40d6dc8afa000a644d857da1436ed08c"><code>d643045</code></a> Fix pool pollution, infinite loop (<a href="https://redirect.github.com/ai/nanoid/issues/510">#510</a>)</li> <li>See full diff in <a href="https://github.com/ai/nanoid/compare/3.3.7...3.3.8">compare view</a></li> </ul> </details> <br /> Updates `store2` from 2.14.2 to 2.14.4 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nbubna/store/commit/bb2680d482236f7fcae06f416a2d9921b733246d"><code>bb2680d</code></a> 2.14.4</li> <li><a href="https://github.com/nbubna/store/commit/5c4c208c3939fe6dec6e17b2aff18c37999a30e6"><code>5c4c208</code></a> minor version build updates</li> <li><a href="https://github.com/nbubna/store/commit/582a86cc77022e8c5fb5dd6981b96c037fd80f39"><code>582a86c</code></a> fix syntax/lint issue</li> <li><a href="https://github.com/nbubna/store/commit/0ef240575e01c2ab7e687abf952464d56030e640"><code>0ef2405</code></a> Merge pull request <a href="https://redirect.github.com/nbubna/store/issues/128">#128</a> from TasosY2K/master</li> <li><a href="https://github.com/nbubna/store/commit/b5b772325cb4d9394269cb2d7ccdd20b155e9cde"><code>b5b7723</code></a> removed eval use from deep.store.js</li> <li><a href="https://github.com/nbubna/store/commit/0216588bc53505e290c537aaae2c52fa5ad47df8"><code>0216588</code></a> ssh git repo url</li> <li><a href="https://github.com/nbubna/store/commit/cc4444bdf7d7b7ba593a6140ffeaee9a2443b79a"><code>cc4444b</code></a> remove component</li> <li><a href="https://github.com/nbubna/store/commit/29cbc3b8d357d46eed2a9c169867bbe47a86d615"><code>29cbc3b</code></a> 2.14.3</li> <li><a href="https://github.com/nbubna/store/commit/6a1f112e9bd94a6df1b3cf0de7459ed8803b2750"><code>6a1f112</code></a> obsolete long ago</li> <li><a href="https://github.com/nbubna/store/commit/77ca9ead69c252f405645b05f819f9ae8224327a"><code>77ca9ea</code></a> npm update</li> <li>Additional commits viewable in <a href="https://github.com/nbubna/store/compare/2.14.2...2.14.4">compare view</a></li> </ul> </details> <br /> Updates `ws` from 8.14.2 to 8.18.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>8.18.0</h2> <h1>Features</h1> <ul> <li>Added support for <code>Blob</code> (<a href="https://redirect.github.com/websockets/ws/issues/2229">#2229</a>).</li> </ul> <h2>8.17.1</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a DoS vulnerability (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>).</li> </ul> <p>A request with a number of headers exceeding the[<code>server.maxHeadersCount</code>][] threshold could be used to crash a ws server.</p> <pre lang="js"><code>const http = require('http'); const WebSocket = require('ws'); <p>const wss = new WebSocket.Server({ port: 0 }, function () { const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split(''); const headers = {}; let count = 0;</p> <p>for (let i = 0; i < chars.length; i++) { if (count === 2000) break;</p> <pre><code>for (let j = 0; j &lt; chars.length; j++) { const key = chars[i] + chars[j]; headers[key] = 'x'; if (++count === 2000) break; } </code></pre> <p>}</p> <p>headers.Connection = 'Upgrade'; headers.Upgrade = 'websocket'; headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ=='; headers['Sec-WebSocket-Version'] = '13';</p> <p>const request = http.request({ headers: headers, host: '127.0.0.1', port: wss.address().port });</p> <p>request.end(); }); </code></pre></p> <p>The vulnerability was reported by <a href="https://github.com/rrlapointe">Ryan LaPointe</a> in <a href="https://redirect.github.com/websockets/ws/issues/2230">websockets/ws#2230</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/976c53c4065c49ede73bfba824caf5a6e0f290cb"><code>976c53c</code></a> [dist] 8.18.0</li> <li><a href="https://github.com/websockets/ws/commit/59b9629b78aa66bcf9acce20468004cd3751c136"><code>59b9629</code></a> [feature] Add support for <code>Blob</code> (<a href="https://redirect.github.com/websockets/ws/issues/2229">#2229</a>)</li> <li><a href="https://github.com/websockets/ws/commit/0d1b5e6c4acad16a6b1a1904426eb266a5ba2f72"><code>0d1b5e6</code></a> [security] Use more descriptive text for 2017 vulnerability link</li> <li><a href="https://github.com/websockets/ws/commit/15f11a052a231d1f819fffef53bf4b287646d1ca"><code>15f11a0</code></a> [security] Add new DoS vulnerability to SECURITY.md</li> <li><a href="https://github.com/websockets/ws/commit/3c56601092872f7d7566989f0e379271afd0e4a1"><code>3c56601</code></a> [dist] 8.17.1</li> <li><a href="https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c"><code>e55e510</code></a> [security] Fix crash when the Upgrade header cannot be read (<a href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li> <li><a href="https://github.com/websockets/ws/commit/6a00029edd924499f892aed8003cef1fa724cfe5"><code>6a00029</code></a> [test] Increase code coverage</li> <li><a href="https://github.com/websockets/ws/commit/ddfe4a804d79e7788ab136290e609f91cf68423f"><code>ddfe4a8</code></a> [perf] Reduce the amount of <code>crypto.randomFillSync()</code> calls</li> <li><a href="https://github.com/websockets/ws/commit/b73b11828d166e9692a9bffe9c01a7e93bab04a8"><code>b73b118</code></a> [dist] 8.17.0</li> <li><a href="https://github.com/websockets/ws/commit/29694a5905fa703e86667928e6bacac397469471"><code>29694a5</code></a> [test] Use the <code>highWaterMark</code> variable</li> <li>Additional commits viewable in <a href="https://github.com/websockets/ws/compare/8.14.2...8.18.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/WakuwakuP/miyulab-officialsite/network/alerts). </details>
- Loading branch information
