Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 5 updates #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 5 updates #4

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 30, 2024

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
crypto-js 3.3.0 4.2.0
jsonwebtoken 8.5.1 9.0.2
mysql2 1.7.0 3.10.0
sequelize 4.44.4 6.37.3
validator 8.2.0 13.12.0

Updates crypto-js from 3.3.0 to 4.2.0

Commits

Updates jsonwebtoken from 8.5.1 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

  • security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
  • refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

  • fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.


Updates mysql2 from 1.7.0 to 3.10.0

Release notes

Sourced from mysql2's releases.

v3.10.0

3.10.0 (2024-05-30)

Features

Bug Fixes

  • stream: reads should emit the dataset number for each dataset (#2496, #2628) (4dab4ca)

v3.9.9

3.9.9 (2024-05-29)

Bug Fixes

  • connection config: remove keepAliveInitialDelay default value (#2712) (688ebab)

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.10.0 (2024-05-30)

Features

Bug Fixes

  • stream: reads should emit the dataset number for each dataset (#2628) (4dab4ca)

3.9.9 (2024-05-29)

Bug Fixes

  • connection config: remove keepAliveInitialDelay default value (#2712) (688ebab)

3.9.8 (2024-05-26)

Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

3.9.7 (2024-04-21)

Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

... (truncated)

Commits

Updates sequelize from 4.44.4 to 6.37.3

Release notes

Sourced from sequelize's releases.

v6.37.3

6.37.3 (2024-04-13)

Bug Fixes

  • postgres: use schema for foreign key constrains of a table (#17099) (6aba382)

v6.37.2

6.37.2 (2024-03-29)

Bug Fixes

  • add readOnly to the transaction options types and docs (#17226) (7c8972f)

v6.37.1

6.37.1 (2024-02-18)

Bug Fixes

  • types: Add definition of returning in SaveOptions. (#16954) (505467b)

v6.37.0

6.37.0 (2024-02-11)

Features

  • postgres: support connectionTimeoutMillis dialectOption (#14119) (e81200e)

v6.36.0

6.36.0 (2024-02-02)

Features

  • postgres: backport stream dialectOption to v6 (#16868) (a250058)

v6.35.2

6.35.2 (2023-12-11)

Bug Fixes

v6.35.1

6.35.1 (2023-11-19)

... (truncated)

Commits
  • 6aba382 fix(postgres): use schema for foreign key constrains of a table (#17099)
  • 7c8972f fix: add readOnly to the transaction options types and docs (#17226)
  • 505467b fix(types): Add definition of returning in SaveOptions. (#16954)
  • e81200e feat(postgres): support connectionTimeoutMillis dialectOption (#14119)
  • a250058 feat(postgres): backport stream dialectOption to v6 (#16868)
  • cb8ea88 fix: sort keys by depth in groupJoinData (#16823)
  • 47cba67 fix(mssql): allow calling describeTable a table with a dot in its name (#16769)
  • 5bfbb99 feat: backport findModel to v6 (#16705)
  • 6c03176 fix(oracle): clean constraints (#16694)
  • b204b5f fix(oracle): add missing default and not null condition to addColumn (#16619)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by sdepold, a new releaser for sequelize since your current version.


Updates validator from 8.2.0 to 13.12.0

Release notes

Sourced from validator's releases.

13.12.0

What's Changed

New Features / Validators

Fixes, New Locales and Enhancements

New Contributors

... (truncated)

Changelog

Sourced from validator's changelog.

13.12.0

New Features / Validators

Fixes, New Locales and Enhancements

13.11.0

New Features / Validators

Fixes, New Locales and Enhancements

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by profnandaa, a new releaser for validator since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the npm_and_yarn group across 1 directory with 5 updates
148f2f7 
Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [crypto-js](https://github.com/brix/crypto-js) | `3.3.0` | `4.2.0` |
| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.2` |
| [mysql2](https://github.com/sidorares/node-mysql2) | `1.7.0` | `3.10.0` |
| [sequelize](https://github.com/sequelize/sequelize) | `4.44.4` | `6.37.3` |
| [validator](https://github.com/validatorjs/validator.js) | `8.2.0` | `13.12.0` |



Updates `crypto-js` from 3.3.0 to 4.2.0
- [Commits](brix/crypto-js@3.3.0...4.2.0)

Updates `jsonwebtoken` from 8.5.1 to 9.0.2
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.2)

Updates `mysql2` from 1.7.0 to 3.10.0
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](https://github.com/sidorares/node-mysql2/commits/v3.10.0)

Updates `sequelize` from 4.44.4 to 6.37.3
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Changelog](https://github.com/sequelize/sequelize/blob/main/CHANGELOG.md)
- [Commits](sequelize/sequelize@v4.44.4...v6.37.3)

Updates `validator` from 8.2.0 to 13.12.0
- [Release notes](https://github.com/validatorjs/validator.js/releases)
- [Changelog](https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md)
- [Commits](validatorjs/validator.js@8.2.0...13.12.0)

---
updated-dependencies:
- dependency-name: crypto-js
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: jsonwebtoken
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: mysql2
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: sequelize
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: validator
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 30, 2024
@dependabot dependabot bot mentioned this pull request May 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants