Bump the npm_and_yarn group across 1 directory with 31 updates #313

dependabot · 2024-03-28T01:20:46Z

Bumps the npm_and_yarn group with 28 updates in the / directory:

Package	From	To
@nestjs/core	`8.4.4`	`9.0.5`
class-validator	`0.13.2`	`0.14.0`
got	`11.8.3`	`11.8.5`
jsonwebtoken	`8.5.1`	`9.0.0`
mongoose	`5.13.14`	`5.13.20`
@babel/traverse	`7.17.10`	`7.24.1`
json5	`1.0.1`	`1.0.2`
axios	`0.26.0`	`1.6.8`
@nestjs/axios	`0.0.7`	`3.0.2`
@nestjs/common	`8.4.4`	`10.3.6`
@nestjs/config	`2.0.0`	`2.3.4`
@nestjs/platform-express	`8.4.4`	`10.3.6`
@nestjs/jwt	`8.0.0`	`10.2.0`
@nestjs/mongoose	`8.0.1`	`10.0.4`
@nestjs/passport	`8.2.1`	`10.0.3`
@nestjs/schedule	`1.1.0`	`4.0.1`
@nestjs/swagger	`5.2.1`	`7.3.0`
@nestjs/terminus	`8.0.6`	`10.2.3`
@nestjs/throttler	`2.0.1`	`5.1.2`
@ntegral/nestjs-sentry	`3.0.7`	`4.0.1`
@nestjs/testing	`8.4.5`	`10.3.6`
qs	`6.9.3`	`6.11.0`
formidable	`2.0.1`	`2.1.2`
http-cache-semantics	`4.1.0`	`4.1.1`
node-fetch	`2.6.6`	`2.7.0`
passport	`0.4.1`	`0.7.0`
webpack	`5.71.0`	`5.90.1`
@nestjs/cli	`8.2.5`	`10.3.2`

Updates @nestjs/core from 8.4.4 to 9.0.5

Release notes

Sourced from @nestjs/core's releases.

v9.0.5 (2022-07-20)

Bug fixes

common, platform-express

#9819 fix: use pipeline over stream.pipe (@jmcdo29)

Enhancements

microservices

#9798 feat(microservices): add noAssert option for RMQ connection (@frankmangone)

#9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@kosh-b)

platform-express, platform-fastify

#9926 fix(express,fastify): raw body for urlencoded requests (@tolgap)

Dependencies

Other

#9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@dependabot[bot])

#9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])

#9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@dependabot[bot])

#9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@dependabot[bot])

#9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@dependabot[bot])

#9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot])

#9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@dependabot[bot])

#9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@dependabot[bot])

#9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])

#9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@dependabot[bot])

#9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@dependabot[bot])

platform-fastify

#9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@dependabot[bot])

Committers: 4

Franco Mangone (@frankmangone)

Jay McDoniel (@jmcdo29)

Tolga Paksoy (@tolgap)

@kosh-b

v9.0.2

Bug fixes

common

#9904 fix(common): Fix CacheModule registerAsync (@tugascript)

Enhancements

core

#9902 refactor(core): replace our own 1-level flatten by the native one (@micalevisk)

Dependencies

#9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@dependabot[bot])

#9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@dependabot[bot])

#9910 chore(deps-dev): bump @nestjs/graphql from 10.0.16 to 10.0.18 (@dependabot[bot])

#9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@dependabot[bot])

... (truncated)

Commits

ad08626 chore(@nestjs) publish v9.0.5 release
df4d99d chore(@nestjs) publish v9.0.4 release
8cd150d Merge pull request #9915 from thiagomini/refactor/instance-wrapper
4c16d20 refactor(core): remove providers type assertions
f4b3c7f chore(@nestjs) publish v9.0.3 release
1ff1389 fix(core): scoped factories should not fail with optional deps
a2f4b34 test(core): add instance wrapper test
b0d735d test(core): add instance wrapper test
7696f43 test(core): add instance wrapper test
2a7fc84 test(core): add instance wrapper test
Additional commits viewable in compare view

Updates class-validator from 0.13.2 to 0.14.0

Changelog

Sourced from class-validator's changelog.

0.14.0 (2022-12-09)

Added

add @IsTimeZone decorator to check if given string is valid IANA time zone

add @IsISO4217CurrencyCode decorator to check if the string is an ISO 4217 currency code

add @IsStrongPassword decorator to check if given password matches specific complexity criteria

add @IsBase58 decorator to check if a string is base58 encoded

add @IsTaxId decorator to check if a given string is a valid tax ID in a given locale

add support for passing function as date generator in @MinDate and @MaxDate decorators

add option to print constraint error message instead of constraint type in validation error

improve decorator metadata lookup performance

return possible values in error message for @IsEnum decorator

Fixed

re-added @types/validator as dependency

fix error generation when using @NestedValidation

pass validation options correctly to validator in @IsDateString decorator

support passing Symbol as parameter in error message generation

specify supported locales for @IsAlphanumeric decorator

correctly assign decorator name in metadata instead of loosing it

fix various spelling errors in documentation

fix various spelling errors and inconsistencies in JSDoc for decorators

Changed

enable forbidUnknownValues option by default

remove documentation about deprecated schema based validation and added warning

update warning message logged about missing decorator metadata

update libphonenumber-js to ^1.10.14 from ^1.9.43

update various dev-dependencies

BREAKING CHANGES

forbidUnknownValues option is enabled by default

From this release the forbidUnknownValues is enabled by default. This is the desired behavior for majority of use-cases, but this change may break validation for some. The two scenarios that results in failed validation:

when attempting to validate a class instance without metadata for it

when using group validation and the specified validation group results in zero validation applied

The old behavior can be restored via specifying forbidUnknownValues: false option when calling the validate functions.

For more details see [PR #1798](typestack/class-validator#1798) and #1422 (comment).

@NestedValidation decorator correctly assigns validation errors

Until now the errors from a nested validation in some cases were incorrectly assigned

... (truncated)

Commits

5f0d424 merge: release 0.14.0 (#1841)
e3d0708 build: bump version to 0.14.0
ad76890 docs: add changelog for 0.14.0
9a775c5 build(deps-dev): bump @types/node from 18.11.11 to 18.11.12 (#1840)
53bc9f6 build(deps-dev): bump @typescript-eslint/eslint-plugin (#1837)
d9b4072 build(deps-dev): bump @typescript-eslint/parser from 5.45.1 to 5.46.0 (#1838)
f993e9e build(deps-dev): bump typescript from 4.9.3 to 4.9.4 (#1835)
ad1a41d build(deps-dev): bump @rollup/plugin-commonjs from 23.0.3 to 23.0.4 (#1836)
42b4f7f build(deps-dev): bump prettier from 2.8.0 to 2.8.1 (#1834)
0c986d4 build(deps-dev): bump @types/node from 18.11.10 to 18.11.11 (#1833)
Additional commits viewable in compare view

Updates got from 11.8.3 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

Backport security fix sindresorhus/got@861ccd9

CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

Commits

5e17bb7 11.8.5
bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
8ced192 Fix build
670eb04 11.8.4
20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
See full diff in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
7e6a86b Upload OpsLevel YAML (#849)
74d5719 docs: update references vercel/ms references (#770)
d71e383 docs: document "invalid token" error
3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
a46097e docs: make decode impossible to discover before verify
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates mongoose from 5.13.14 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.2.3 / 2024-03-21

fix(schema): avoid returning string 'nested' as schematype #14453 #14443 #14435

types(schema): add missing search index types #14449 noseworthy

types: improve the typing of FilterQuery type to prevent it from only getting typed to any #14436 #14398 #14397

8.2.2 / 2024-03-15

fix(model): improve update minimizing to only minimize top-level properties in the update #14437 #14420 #13782

fix: add Null check in case schema.options['type'][0] is undefined #14431 Atharv-Bobde

types: consistently infer array of objects in schema as a DocumentArray #14430 #14367

types: add TypeScript interface for the new PipelineStage - Vector Search - solving issue #14428 #14429 jkorach

types: add pre and post function types on Query class #14433 #14432 IICarst

types(model): make bulkWrite() types more flexible to account for casting #14423

docs: update version support documentation for mongoose 5 & 6 #14427 hasezoey

7.6.10 / 2024-03-13

docs(model): add extra note about lean option for insertMany() skipping casting #14415

docs(mongoose): add options.overwriteModel details to mongoose.model() docs #14422

8.2.1 / 2024-03-04

fix(document): make $clone avoid converting subdocs into POJOs #14395 #14353

fix(connection): avoid unhandled error on createConnection() if on('error') handler registered #14390 #14377

fix(schema): avoid applying default write concern to operations that are in a transaction #14391 #11382

types(querycursor): correct cursor async iterator type with populate() support #14384 #14374

types: missing typescript details on options params of updateMany, updateOne, etc. #14382 #14379 #14378 FaizBShah sderrow

types: allow Record as valid query select argument #14371 sderrow

6.12.7 / 2024-03-01

perf(model): make insertMany() lean option skip hydrating Mongoose docs #14376 #14372

perf(document+schema): small optimizations to make init() faster #14383 #14113

fix(connection): don't modify passed options object to openUri() #14370 #13376 #13335

fix(ChangeStream): bubble up resumeTokenChanged changeStream event #14355 #14349 3150

7.6.9 / 2024-02-26

fix(document): handle embedded recursive discriminators on nested path defined using Schema.prototype.discriminator #14256 #14245

types(model): correct return type for findByIdAndDelete() #14233 #14190

docs(connections): add note about using asPromise() with createConnection() for error handling #14364 #14266

docs(model+query+findoneandupdate): add more details about overwriteDiscriminatorKey option to docs #14264 #14246

<<<<<<< HEAD 8.2.0 / 2024-02-22

feat(model): add recompileSchema() function to models to allow applying schema changes after compiling #14306 #14296

feat: add middleware for bulkWrite() and createCollection() #14358 #14263 #7893

feat(model): add hydratedPopulatedDocs option to make hydrate recursively hydrate populated docs #14352 #4727

... (truncated)

Commits

0f3997a chore: release 5.13.20
f1efabf fix: avoid prototype pollution on init
98e0762 chore: release 5.13.19
7e36d21 chore: release 5.13.18
6759c60 undo accidental changes and actually pin @types/json-schema
4ed4a89 chore: pin version of @types/json-schema because of install issues on node v4...
9a9536d Merge pull request #13535 from lorand-horvath/patch-12
26424d5 5.x - bump mongodb driver to 3.7.4
4b8b0a9 add versionNumber to 5.x
1bc07ec chore: release 5.13.17
Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/traverse from 7.17.10 to 7.24.1

Release notes

Sourced from @babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

Other

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

babel-standalone

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone

#16323 Allow separate helpers to be excluded in Babel 8 (@liuxingbaoyu)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env

#16318 [babel 8] Fix @babel/compat-data package.json (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

babel-standalone

#11696 Export babel tooling packages in @babel/standalone (@ajihyf)

babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties

#16267 Implement noUninitializedPrivateFieldAccess assumption (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16242 Support decorator 2023-11 normative updates (@JLHwung)

babel-preset-flow

#16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@nicolo-ribaudo)

... (truncated)

Commits

822b025 v7.24.1
fc0d5ad Update typescript and lint tools (#16351)
69e7928 Consider well-known and registered symbols as literals (#16342)
40110e9 Update source map deps (#16327)
ce59160 v7.24.0
bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
08a057c Use Object.hasOwn when available (#16248)
a0dd614 v7.23.9
1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
e428a6d v7.23.7
Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Description has been truncated

Bumps the npm_and_yarn group with 28 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `8.4.4` | `9.0.5` | | [class-validator](https://github.com/typestack/class-validator) | `0.13.2` | `0.14.0` | | [got](https://github.com/sindresorhus/got) | `11.8.3` | `11.8.5` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` | | [mongoose](https://github.com/Automattic/mongoose) | `5.13.14` | `5.13.20` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.17.10` | `7.24.1` | | [json5](https://github.com/json5/json5) | `1.0.1` | `1.0.2` | | [axios](https://github.com/axios/axios) | `0.26.0` | `1.6.8` | | [@nestjs/axios](https://github.com/nestjs/axios) | `0.0.7` | `3.0.2` | | [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `8.4.4` | `10.3.6` | | [@nestjs/config](https://github.com/nestjs/config) | `2.0.0` | `2.3.4` | | [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) | `8.4.4` | `10.3.6` | | [@nestjs/jwt](https://github.com/nestjs/jwt) | `8.0.0` | `10.2.0` | | [@nestjs/mongoose](https://github.com/nestjs/mongoose) | `8.0.1` | `10.0.4` | | [@nestjs/passport](https://github.com/nestjs/passport) | `8.2.1` | `10.0.3` | | [@nestjs/schedule](https://github.com/nestjs/schedule) | `1.1.0` | `4.0.1` | | [@nestjs/swagger](https://github.com/nestjs/swagger) | `5.2.1` | `7.3.0` | | [@nestjs/terminus](https://github.com/nestjs/terminus) | `8.0.6` | `10.2.3` | | [@nestjs/throttler](https://github.com/nestjs/throttler) | `2.0.1` | `5.1.2` | | [@ntegral/nestjs-sentry](https://github.com/ntegral/nestjs-sentry) | `3.0.7` | `4.0.1` | | [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing) | `8.4.5` | `10.3.6` | | [qs](https://github.com/ljharb/qs) | `6.9.3` | `6.11.0` | | [formidable](https://github.com/node-formidable/formidable) | `2.0.1` | `2.1.2` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.7.0` | | [passport](https://github.com/jaredhanson/passport) | `0.4.1` | `0.7.0` | | [webpack](https://github.com/webpack/webpack) | `5.71.0` | `5.90.1` | | [@nestjs/cli](https://github.com/nestjs/nest-cli) | `8.2.5` | `10.3.2` | Updates `@nestjs/core` from 8.4.4 to 9.0.5 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v9.0.5/packages/core) Updates `class-validator` from 0.13.2 to 0.14.0 - [Release notes](https://github.com/typestack/class-validator/releases) - [Changelog](https://github.com/typestack/class-validator/blob/develop/CHANGELOG.md) - [Commits](typestack/class-validator@v0.13.2...v0.14.0) Updates `got` from 11.8.3 to 11.8.5 - [Release notes](https://github.com/sindresorhus/got/releases) - [Commits](sindresorhus/got@v11.8.3...v11.8.5) Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `mongoose` from 5.13.14 to 5.13.20 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@5.13.14...5.13.20) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `@babel/traverse` from 7.17.10 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `json5` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) Updates `axios` from 0.26.0 to 1.6.8 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.26.0...v1.6.8) Updates `@nestjs/axios` from 0.0.7 to 3.0.2 - [Release notes](https://github.com/nestjs/axios/releases) - [Changelog](https://github.com/nestjs/axios/blob/master/.release-it.json) - [Commits](nestjs/axios@0.0.7...3.0.2) Updates `@nestjs/common` from 8.4.4 to 10.3.6 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.6/packages/common) Updates `@nestjs/config` from 2.0.0 to 2.3.4 - [Release notes](https://github.com/nestjs/config/releases) - [Changelog](https://github.com/nestjs/config/blob/master/.release-it.json) - [Commits](nestjs/config@2.0.0...2.3.4) Updates `@nestjs/platform-express` from 8.4.4 to 10.3.6 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.6/packages/platform-express) Updates `@nestjs/jwt` from 8.0.0 to 10.2.0 - [Release notes](https://github.com/nestjs/jwt/releases) - [Changelog](https://github.com/nestjs/jwt/blob/master/.release-it.json) - [Commits](nestjs/jwt@8.0.0...10.2.0) Updates `@nestjs/mongoose` from 8.0.1 to 10.0.4 - [Release notes](https://github.com/nestjs/mongoose/releases) - [Changelog](https://github.com/nestjs/mongoose/blob/master/.release-it.json) - [Commits](nestjs/mongoose@8.0.1...10.0.4) Updates `@nestjs/passport` from 8.2.1 to 10.0.3 - [Release notes](https://github.com/nestjs/passport/releases) - [Changelog](https://github.com/nestjs/passport/blob/master/.release-it.json) - [Commits](nestjs/passport@8.2.1...10.0.3) Updates `@nestjs/schedule` from 1.1.0 to 4.0.1 - [Release notes](https://github.com/nestjs/schedule/releases) - [Changelog](https://github.com/nestjs/schedule/blob/master/.release-it.json) - [Commits](nestjs/schedule@1.1.0...4.0.1) Updates `@nestjs/swagger` from 5.2.1 to 7.3.0 - [Release notes](https://github.com/nestjs/swagger/releases) - [Changelog](https://github.com/nestjs/swagger/blob/master/.release-it.json) - [Commits](nestjs/swagger@5.2.1...7.3.0) Updates `@nestjs/terminus` from 8.0.6 to 10.2.3 - [Release notes](https://github.com/nestjs/terminus/releases) - [Changelog](https://github.com/nestjs/terminus/blob/master/CHANGELOG.md) - [Commits](nestjs/terminus@8.0.6...10.2.3) Updates `@nestjs/throttler` from 2.0.1 to 5.1.2 - [Release notes](https://github.com/nestjs/throttler/releases) - [Changelog](https://github.com/nestjs/throttler/blob/master/CHANGELOG.md) - [Commits](nestjs/throttler@v2.0.1...v5.1.2) Updates `@ntegral/nestjs-sentry` from 3.0.7 to 4.0.1 - [Commits](https://github.com/ntegral/nestjs-sentry/commits) Updates `@nestjs/testing` from 8.4.5 to 10.3.6 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.6/packages/testing) Updates `qs` from 6.9.3 to 6.11.0 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.9.3...v6.11.0) Updates `formidable` from 2.0.1 to 2.1.2 - [Release notes](https://github.com/node-formidable/formidable/releases) - [Changelog](https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md) - [Commits](https://github.com/node-formidable/formidable/commits) Updates `express` from 4.17.3 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.3...4.19.2) Updates `follow-redirects` from 1.15.0 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.0...v1.15.6) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `node-fetch` from 2.6.6 to 2.7.0 - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.6...v2.7.0) Updates `passport` from 0.4.1 to 0.7.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.4.1...v0.7.0) Updates `webpack` from 5.71.0 to 5.90.1 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.71.0...v5.90.1) Updates `@nestjs/cli` from 8.2.5 to 10.3.2 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](nestjs/nest-cli@8.2.5...10.3.2) --- updated-dependencies: - dependency-name: "@nestjs/core" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: class-validator dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: got dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: mongoose dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/axios" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/common" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/config" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/platform-express" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/jwt" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/mongoose" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/passport" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/schedule" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/swagger" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/terminus" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/throttler" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@ntegral/nestjs-sentry" dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/testing" dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: formidable dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: express dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: node-fetch dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: passport dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: webpack dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@nestjs/cli" dependency-type: direct:development dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2024-03-28T01:21:21Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

dependabot · 2024-04-23T02:36:15Z

Superseded by #319.

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 28, 2024

dependabot bot mentioned this pull request Mar 28, 2024

Bump the npm_and_yarn group across 1 directory with 30 updates #310

Closed

dependabot bot closed this Apr 23, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-8f45487727 branch April 23, 2024 02:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 1 directory with 31 updates #313

Bump the npm_and_yarn group across 1 directory with 31 updates #313

dependabot bot commented on behalf of github Mar 28, 2024

sonarqubecloud bot commented Mar 28, 2024

dependabot bot commented on behalf of github Apr 23, 2024

Bump the npm_and_yarn group across 1 directory with 31 updates #313

Bump the npm_and_yarn group across 1 directory with 31 updates #313

Conversation

dependabot bot commented on behalf of github Mar 28, 2024

v9.0.5 (2022-07-20)

Bug fixes

Enhancements

Dependencies

Committers: 4

v9.0.2

Bug fixes

Enhancements

Dependencies

0.14.0 (2022-12-09)

Added

Fixed

Changed

BREAKING CHANGES

v11.8.5

9.0.0 - 2022-12-21

Breaking changes

Security fixes

8.2.3 / 2024-03-21

8.2.2 / 2024-03-15

7.6.10 / 2024-03-13

8.2.1 / 2024-03-04

6.12.7 / 2024-03-01

7.6.9 / 2024-02-26

<<<<<<< HEAD 8.2.0 / 2024-02-22

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

5.7.2 (2023-07-10)

Bug Fixes

5.7

5.6

5.5

5.4

5.3

5.2

5.1

5.0

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 4

v7.24.0 (2024-02-28)

🚀 New Feature

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.24.0 (2024-02-28)

🚀 New Feature

v1.0.2

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

v2.2.1 [code, diff]

v2.2.0 [code, diff]

v2.1.3 [code, diff]

v2.1.2 [code, diff]

sonarqubecloud bot commented Mar 28, 2024

Quality Gate passed

dependabot bot commented on behalf of github Apr 23, 2024