Bump the npm_and_yarn group group with 27 updates #51

dependabot · 2024-03-06T16:01:32Z

Bumps the npm_and_yarn group group with 27 updates:

Package	From	To
jsonwebtoken	`8.5.1`	`9.0.0`
moment	`2.25.3`	`2.29.4`
mongoose	`5.9.13`	`5.13.20`
passport	`0.4.1`	`0.6.0`
@babel/traverse	`7.9.6`	`7.24.0`
debug	`3.2.6`	`4.3.4`
follow-redirects	`1.11.0`	`1.15.5`
@sendgrid/client	`7.1.1`	`7.7.0`
axios	`0.19.2`	`1.6.7`
jwks-rsa	`1.8.0`	`1.12.3`
qs	`6.5.2`	`6.5.3`
browserify-sign	`4.0.4`	`4.2.3`
decode-uri-component	`0.2.0`	`0.2.2`
minimatch	`3.0.4`	`3.1.2`
minimist	`1.2.5`	`1.2.8`
json5	`1.0.1`	`2.2.3`
@vue/cli-plugin-babel	`4.3.1`	`5.0.8`
@vue/cli-plugin-eslint	`4.3.1`	`5.0.8`
@vue/cli-service	`4.3.1`	`5.0.8`
loader-utils	`0.2.17`	`1.4.0`
http-cache-semantics	`4.1.0`	`4.1.1`
lodash	`4.17.15`	`4.17.21`
postcss	`7.0.27`	`7.0.39`
shell-quote	`1.7.2`	`1.8.1`
thenify	`3.3.0`	`3.3.1`
xml2js	`0.4.19`	`0.6.2`
aws-sdk	`2.961.0`	`2.1571.0`

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.

The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)

RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)

Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529

security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540

security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541

security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
5eaedbf chore(ci): remove github test actions job (#861)
cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
7e6a86b Upload OpsLevel YAML (#849)
74d5719 docs: update references vercel/ms references (#770)
d71e383 docs: document "invalid token" error
3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
a46097e docs: make decode impossible to discover before verify
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates moment from 2.25.3 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

Release Jul 6, 2022

#6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

Release Apr 17, 2022

#5995 [bugfix] Remove const usage

#5990 misc: fix advisory link

2.29.2 See full changelog

Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

Release May 19, 2020

... (truncated)

Commits

000ac18 Build 2.24.4
f2006b6 Bump version to 2.24.4
536ad0c Update changelog for 2.29.4
9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
6374fd8 Merge branch 'master' into develop
b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
57c9062 Build 2.29.3
aaf50b6 Fixup release complaints
26f4aef Bump version to 2.29.3
Additional commits viewable in compare view

Updates mongoose from 5.9.13 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.2.1 / 2024-03-04

fix(document): make $clone avoid converting subdocs into POJOs #14395 #14353

fix(connection): avoid unhandled error on createConnection() if on('error') handler registered #14390 #14377

fix(schema): avoid applying default write concern to operations that are in a transaction #14391 #11382

types(querycursor): correct cursor async iterator type with populate() support #14384 #14374

types: missing typescript details on options params of updateMany, updateOne, etc. #14382 #14379 #14378 FaizBShah sderrow

types: allow Record as valid query select argument #14371 sderrow

7.6.9 / 2024-02-26

fix(document): handle embedded recursive discriminators on nested path defined using Schema.prototype.discriminator #14256 #14245

types(model): correct return type for findByIdAndDelete() #14233 #14190

docs(connections): add note about using asPromise() with createConnection() for error handling #14364 #14266

docs(model+query+findoneandupdate): add more details about overwriteDiscriminatorKey option to docs #14264 #14246

8.2.0 / 2024-02-22

feat(model): add recompileSchema() function to models to allow applying schema changes after compiling #14306 #14296

feat: add middleware for bulkWrite() and createCollection() #14358 #14263 #7893

feat(model): add hydratedPopulatedDocs option to make hydrate recursively hydrate populated docs #14352 #4727

feat(connection): add withSession helper #14339 #14330

8.1.3 / 2024-02-16

fix: avoid corrupting $set-ed arrays when transaction error occurs #14346 #14340

fix(populate): handle ref() functions that return a model instance #14343 #14249

fix: insert version key when using insertMany even if toObject.versionKey set to false #14344

fix(cursor): make aggregation cursor support transform option to match query cursor #14348 #14331

docs(document): clarify that transform function option applies to subdocs #13757

8.1.2 / 2024-02-08

fix: include virtuals in document array toString() output if toObject.virtuals set #14335 #14315

fix(document): handle setting nested path to spread doc with extra properties #14287 #14269

fix(populate): call setter on virtual populated path with populated doc instead of undefined #14314

fix(QueryCursor): remove callback parameter of AggregationCursor and QueryCursor #14299 DevooKim

types: add typescript support for arbitrary fields for the options parameter of Model functions which are of type MongooseQueryOptions #14342 #14341 FaizBShah

types(model): correct return type for findOneAndUpdate with includeResultMetadata and lean set #14336 #14303

types(connection): add type definition for createCollections() #14295 #14279

docs(timestamps): clarify that replaceOne() and findOneAndReplace() overwrite timestamps #14337 #14309

8.1.1 / 2024-01-24

fix(model): throw readable error when calling Model() with a string instead of model() #14288 #14281

fix(document): handle setting nested path to spread doc with extra properties #14287 #14269

types(query): add back context and setDefaultsOnInsert as Mongoose-specific query options #14284 #14282

types(query): add missing runValidators back to MongooseQueryOptions #14278 #14275

8.1.0 / 2024-01-16

... (truncated)

Commits

0f3997a chore: release 5.13.20
f1efabf fix: avoid prototype pollution on init
98e0762 chore: release 5.13.19
7e36d21 chore: release 5.13.18
6759c60 undo accidental changes and actually pin @types/json-schema
4ed4a89 chore: pin version of @types/json-schema because of install issues on node v4...
9a9536d Merge pull request #13535 from lorand-horvath/patch-12
26424d5 5.x - bump mongodb driver to 3.7.4
4b8b0a9 add versionNumber to 5.x
1bc07ec chore: release 5.13.17
Additional commits viewable in compare view

Updates passport from 0.4.1 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

req#login() and req#logout() regenerate the the session and clear session information by default.

req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

[0.5.1] - 2021-12-15

Added

Informative error message in session strategy if session support is not available.

Changed

authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits

c33067b 0.6.0
3052bb4 Update changelog.
42630cb Merge pull request #900 from jaredhanson/fix-fixation
8dd79fe Use utils-merge rather than Object.assign for compatibility.
4f6bd5b Change keepSessionData to keepSessionData.
46756e5 Silence verbose logging.
987b191 Add tests.
f8a175f Add tests.
29a90d6 No need to guard callback existence.
bfba8a1 Add tests.
Additional commits viewable in compare view

Updates @babel/traverse from 7.9.6 to 7.24.0

Release notes

Sourced from @babel/traverse's releases.

v7.24.0 (2024-02-28)

Thanks @ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

babel-standalone

#11696 Export babel tooling packages in @babel/standalone (@ajihyf)

babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties

#16267 Implement noUninitializedPrivateFieldAccess assumption (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16242 Support decorator 2023-11 normative updates (@JLHwung)

babel-preset-flow

#16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@nicolo-ribaudo)

#16284 Add experimental_useHermesParser option in preset-flow (@liuxingbaoyu)

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-standalone

#16172 Add transform support for JSON modules imports (@nicolo-ribaudo)

babel-plugin-transform-runtime

#16241 Add back moduleName option to @babel/plugin-transform-runtime (@nicolo-ribaudo)

babel-parser, babel-types

#16277 Allow import attributes for TSImportType (@sosukesuzuki)

🐛 Bug Fix

babel-plugin-proposal-do-expressions, babel-traverse

#16305 fix: avoid popContext on unvisited node paths (@JLHwung)

babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object

#16312 Fix class private properties when privateFieldsAsSymbols (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods

#16307 Fix the support of arguments in private get/set method (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators

#16287 Reduce decorator static property size (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16281 Fix evaluation order of decorators with cached receiver (@nicolo-ribaudo)

#16279 Fix decorator this memoization (@JLHwung)

#16266 Preserve static on decorated private accessor (@nicolo-ribaudo)

#16258 fix: handle decorated async private method and generator (@JLHwung)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-preset-env

#16275 Fix class private properties when privateFieldsAsProperties (@liuxingbaoyu)

babel-helpers

#16268 Do not consider arguments in a helper as a global reference (@nicolo-ribaudo)

babel-helpers, babel-plugin-proposal-decorators

#16270 Handle symbol key class elements decoration (@JLHwung)

#16265 Do not define access.get for public setter decorators (@nicolo-ribaudo)

💅 Polish

babel-core, babel-helper-create-class-features-plugin, babel-preset-env

#12428 Suggest using BABEL_SHOW_CONFIG_FOR for config problems (@nicolo-ribaudo)

🏠 Internal

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.0 (2024-02-28)

🚀 New Feature

babel-standalone

#11696 Export babel tooling packages in @babel/standalone (@ajihyf)

babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties

#16267 Implement noUninitializedPrivateFieldAccess assumption (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16242 Support decorator 2023-11 normative updates (@JLHwung)

babel-preset-flow

#16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@nicolo-ribaudo)

#16284 Add experimental_useHermesParser option in preset-flow (@liuxingbaoyu)

babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-standalone

#16172 Add transform support for JSON modules imports (@nicolo-ribaudo)

babel-plugin-transform-runtime

#16241 Add back moduleName option to @babel/plugin-transform-runtime (@nicolo-ribaudo)

babel-parser, babel-types

#16277 Allow import attributes for TSImportType (@sosukesuzuki)

🐛 Bug Fix

babel-plugin-proposal-do-expressions, babel-traverse

#16305 fix: avoid popContext on unvisited node paths (@JLHwung)

babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object

#16312 Fix class private properties when privateFieldsAsSymbols (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods

#16307 Fix the support of arguments in private get/set method (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators

#16287 Reduce decorator static property size (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16281 Fix evaluation order of decorators with cached receiver (@nicolo-ribaudo)

#16279 Fix decorator this memoization (@JLHwung)

#16266 Preserve static on decorated private accessor (@nicolo-ribaudo)

#16258 fix: handle decorated async private method and generator (@JLHwung)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-preset-env

#16275 Fix class private properties when privateFieldsAsProperties (@liuxingbaoyu)

babel-helpers

#16268 Do not consider arguments in a helper as a global reference (@nicolo-ribaudo)

babel-helpers, babel-plugin-proposal-decorators

#16270 Handle symbol key class elements decoration (@JLHwung)

#16265 Do not define access.get for public setter decorators (@nicolo-ribaudo)

💅 Polish

babel-core, babel-helper-create-class-features-plugin, babel-preset-env

#12428 Suggest using BABEL_SHOW_CONFIG_FOR for config problems (@nicolo-ribaudo)

🏠 Internal

babel-helper-transform-fixture-test-runner

#16278 Continue writing output.js when exec.js throws (@liuxingbaoyu)

🔬 Output optimization

... (truncated)

Commits

ce59160 v7.24.0
bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
08a057c Use Object.hasOwn when available (#16248)
a0dd614 v7.23.9
1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
e428a6d v7.23.7
d292822 fix: Crash when removing without Program (#16191)
d02c1f7 v7.23.6
cce807f Bump debug to ^4.3.1 (#16164)
8479012 v7.23.5
Additional commits viewable in compare view

Updates debug from 3.2.6 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

Add section about configuring JS console to show debug messages by @gitname in debug-js/debug#866

Replace deprecated String.prototype.substr() by @CommanderRoot in debug-js/debug#876

New Contributors

@gitname made their first contribution in debug-js/debug#866

@CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.

Updates repository maintainership information

Updates the copyright (no license terms change has been made)

Removes accidental epizeuxis (#828)

Adds README section regarding usage in child procs (#850)

Thank you to @taylor1791 and @kristofkalocsai for their contributions.

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits

da66c86 4.3.4
9b33412 replace deprecated String.prototype.substr() (#876)
c0805cc add section about configuring JS console to show debug messages (#866)
043d3cd 4.3.3
4079aae update license and more maintainership information
19b36c0 update repository location + maintainership information
f851b00 adds README section regarding usage in child procs (#850)
d177f2b Remove accidental epizeuxis
e47f96d 4.3.2
1e9d38c cache enabled status per-logger (#799)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates follow-redirects from 1.11.0 to 1.15.5

Commits

b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
3d42aec Add bracket tests.
bcbb096 Do not directly set Error properties.
192dbe7 Release version 1.15.3 of the npm package.
Additional commits viewable in compare view

Updates @sendgrid/client from 7.1.1 to 7.7.0

Release notes

Sourced from @sendgrid/client's releases.

7.7.0

Release Notes

Library - Docs

[PR #1360](sendgrid/sendgrid-nodejs#1360): Modify README.md in alignment with SendGrid Support. Thanks to @garethpaul!

[PR #1359](sendgrid/sendgrid-nodejs#1359): Fix troubleshooting in readme. Thanks to @MarcusHSmith!

Library - Feature

[PR #1352](sendgrid/sendgrid-nodejs#1352): allow use of bypass options. Thanks to @acanimal!

Library - Fix

[PR #1351](sendgrid/sendgrid-nodejs#1351): Fix typings for eventwebhook.d.ts PublicKey. Thanks to @Cellule!

7.6.2

Release Notes

Library - Chore

[PR #1347](sendgrid/sendgrid-nodejs#1347): update Axios dependency. Thanks to @JenniferMah!

[PR #1341](sendgrid/sendgrid-nodejs#1341): push Datadog Release Metric upon deploy success. Thanks to @eshanholtz!

Library - Docs

[PR #1342](sendgrid/sendgrid-nodejs#1342): fix broken image links on npm. Thanks to @IObert!

[PR #1340](sendgrid/sendgrid-nodejs#1340): Update docs with bodyParser exclusion for webhook signature verification. Thanks to @danmana!

7.6.1

Release Notes

Library - Chore

[PR #1334](sendgrid/sendgrid-nodejs#1334): upgrade supported language versions. Thanks to @childish-sambino!

[PR #1329](sendgrid/sendgrid-nodejs#1329): migrate to gh actions. Thanks to @shwetha-manvinkurke!

[PR #1320](sendgrid/sendgrid-nodejs#1320): adjust 'packages/mail/src/mail.d.ts'. Thanks to @collierrgbsitisfise!

[PR #1325](sendgrid/sendgrid-nodejs#1325): update license year. Thanks to @JenniferMah!

Library - Test

[PR #1330](sendgrid/sendgrid-nodejs#1330): set the right version for tests. Thanks to @shwetha-manvinkurke!

[PR #1327](sendgrid/sendgrid-nodejs#1327): get the integration tests running again. Thanks to @shwetha-manvinkurke!

Library - Fix

[PR #1326](sendgrid/sendgrid-nodejs#1326): Revert "chore: adjust 'packages/mail/src/mail.d.ts' (#1320)". Thanks to @eshanholtz!

Library - Docs

[PR #1324](sendgrid/sendgrid-nodejs#1324): fix npm docs link. Thanks to @arvindell!

7.6.0

Release Notes

Library - Docs

[PR #1314](sendgrid/sendgrid-nodejs#1314): Fix example of creating a transactional template in usage.md. Thanks to @robbieaverill!

Library - Feature

... (truncated)

Changelog

Sourced from @sendgrid/client's changelog.

[2022-05-18] Version 7.7.0

Library - Docs

[PR #1360](sendgrid/sendgrid-nodejs#1360): Modify README.md in alignment with SendGrid Support. Thanks to @garethpaul!

[PR #1359](sendgrid/sendgrid-nodejs#1359): Fix troubleshooting in readme. Thanks to @MarcusHSmith!

Library - Feature

[PR #1352](sendgrid/sendgrid-nodejs#1352): allow use of bypass options. Thanks to @acanimal!

Library - Fix

[PR #1351](sendgrid/sendgrid-nodejs#1351): Fix typings for eventwebhook.d.ts PublicKey. Thanks to @Cellule!

[2022-03-09] Version 7.6.2

Library - Chore

[PR #1347](sendgrid/sendgrid-nodejs#1347): update Axios dependency. Thanks to @JenniferMah!

[PR #1341](sendgrid/sendgrid-nodejs#1341): push Datadog Release Metric upon deploy success. Thanks to @eshanholtz!

Library - Docs

[PR #1342](sendgrid/sendgrid-nodejs#1342): fix broken image links on npm. Thanks to @IObert!

[PR #1340](sendgrid/sendgrid-nodejs#1340): Update docs with bodyParser exclusion for webhook signature verification. Thanks to @danmana!

[2022-02-09] Version 7.6.1

Library - Chore

[PR #1334](sendgrid/sendgrid-nodejs#1334): upgrade supported language versions. Thanks to @childish-sambino!

[PR #1329](sendgrid/sendgrid-nodejs#1329): migrate to gh actions. Thanks to @shwetha-manvinkurke!

[PR #1320](sendgrid/sendgrid-nodejs#1320): adjust 'packages/mail/src/mail.d.ts'. Thanks to @collierrgbsitisfise!

[PR #1325](sendgrid/sendgrid-nodejs#1325): update license year. Thanks to @JenniferMah!

Library - Test

[PR #1330](sendgrid/sendgrid-nodejs#1330): set the right version for tests. Thanks to @shwetha-manvinkurke!

[PR #1327](sendgrid/sendgrid-nodejs#1327): get the integration tests running again. Thanks to @shwetha-manvinkurke!

Library - Fix

[PR #1326](sendgrid/sendgrid-nodejs#1326): Revert "chore: adjust 'packages/mail/src/mail.d.ts' (#1320)". Thanks to @eshanholtz!

Library - Docs
...
Description has been truncated

Bumps the npm_and_yarn group group with 27 updates: | Package | From | To | | --- | --- | --- | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` | | [moment](https://github.com/moment/moment) | `2.25.3` | `2.29.4` | | [mongoose](https://github.com/Automattic/mongoose) | `5.9.13` | `5.13.20` | | [passport](https://github.com/jaredhanson/passport) | `0.4.1` | `0.6.0` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.9.6` | `7.24.0` | | [debug](https://github.com/debug-js/debug) | `3.2.6` | `4.3.4` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.11.0` | `1.15.5` | | [@sendgrid/client](https://github.com/sendgrid/sendgrid-nodejs) | `7.1.1` | `7.7.0` | | [axios](https://github.com/axios/axios) | `0.19.2` | `1.6.7` | | [jwks-rsa](https://github.com/auth0/node-jwks-rsa) | `1.8.0` | `1.12.3` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` | | [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` | | [@vue/cli-plugin-babel](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-babel) | `4.3.1` | `5.0.8` | | [@vue/cli-plugin-eslint](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-eslint) | `4.3.1` | `5.0.8` | | [@vue/cli-service](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-service) | `4.3.1` | `5.0.8` | | [loader-utils](https://github.com/webpack/loader-utils) | `0.2.17` | `1.4.0` | | [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) | `4.1.0` | `4.1.1` | | [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` | | [postcss](https://github.com/postcss/postcss) | `7.0.27` | `7.0.39` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.2` | `1.8.1` | | [thenify](https://github.com/thenables/thenify) | `3.3.0` | `3.3.1` | | [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) | `0.4.19` | `0.6.2` | | [aws-sdk](https://github.com/aws/aws-sdk-js) | `2.961.0` | `2.1571.0` | Updates `jsonwebtoken` from 8.5.1 to 9.0.0 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0) Updates `moment` from 2.25.3 to 2.29.4 - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.25.3...2.29.4) Updates `mongoose` from 5.9.13 to 5.13.20 - [Release notes](https://github.com/Automattic/mongoose/releases) - [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md) - [Commits](Automattic/mongoose@5.9.13...5.13.20) Updates `passport` from 0.4.1 to 0.6.0 - [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md) - [Commits](jaredhanson/passport@v0.4.1...v0.6.0) Updates `@babel/traverse` from 7.9.6 to 7.24.0 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.0/packages/babel-traverse) Updates `debug` from 3.2.6 to 4.3.4 - [Release notes](https://github.com/debug-js/debug/releases) - [Commits](debug-js/debug@3.2.6...4.3.4) Updates `follow-redirects` from 1.11.0 to 1.15.5 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.11.0...v1.15.5) Updates `@sendgrid/client` from 7.1.1 to 7.7.0 - [Release notes](https://github.com/sendgrid/sendgrid-nodejs/releases) - [Changelog](https://github.com/sendgrid/sendgrid-nodejs/blob/main/CHANGELOG.md) - [Commits](sendgrid/sendgrid-nodejs@7.1.1...7.7.0) Updates `axios` from 0.19.2 to 1.6.7 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v0.19.2...v1.6.7) Updates `jwks-rsa` from 1.8.0 to 1.12.3 - [Release notes](https://github.com/auth0/node-jwks-rsa/releases) - [Changelog](https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md) - [Commits](auth0/node-jwks-rsa@v1.8.0...v1.12.3) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `minimist` from 1.2.5 to 1.2.8 - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.8) Updates `json5` from 1.0.1 to 2.2.3 - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v2.2.3) Updates `@vue/cli-plugin-babel` from 4.3.1 to 5.0.8 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-plugin-babel) Updates `@vue/cli-plugin-eslint` from 4.3.1 to 5.0.8 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-plugin-eslint) Updates `@vue/cli-service` from 4.3.1 to 5.0.8 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-service) Updates `loader-utils` from 0.2.17 to 1.4.0 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md) - [Commits](webpack/loader-utils@v0.2.17...v1.4.0) Updates `http-cache-semantics` from 4.1.0 to 4.1.1 - [Commits](kornelski/http-cache-semantics@v4.1.0...v4.1.1) Updates `lodash` from 4.17.15 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Updates `postcss` from 7.0.27 to 7.0.39 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md) - [Commits](postcss/postcss@7.0.27...7.0.39) Updates `shell-quote` from 1.7.2 to 1.8.1 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...v1.8.1) Updates `thenify` from 3.3.0 to 3.3.1 - [Changelog](https://github.com/thenables/thenify/blob/master/History.md) - [Commits](thenables/thenify@3.3.0...3.3.1) Updates `xml2js` from 0.4.19 to 0.6.2 - [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.6.2) Updates `aws-sdk` from 2.961.0 to 2.1571.0 - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Commits](aws/aws-sdk-js@v2.961.0...v2.1571.0) --- updated-dependencies: - dependency-name: jsonwebtoken dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: moment dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: mongoose dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: passport dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: debug dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@sendgrid/client" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: axios dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: jwks-rsa dependency-type: direct:production dependency-group: npm_and_yarn-security-group - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: minimist dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: json5 dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@vue/cli-plugin-babel" dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: "@vue/cli-plugin-eslint" dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: "@vue/cli-service" dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: loader-utils dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: http-cache-semantics dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: shell-quote dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: thenify dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: xml2js dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: aws-sdk dependency-type: direct:production dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 6, 2024

This was referenced Mar 6, 2024

Bump axios from 0.19.2 to 0.28.0 #46

Closed

Bump moment from 2.25.3 to 2.29.4 #45

Closed

litty-tt temporarily deployed to tt-healthyreentry-pr-51 March 6, 2024 16:01 Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group group with 27 updates #51

Bump the npm_and_yarn group group with 27 updates #51

Uh oh!

dependabot bot commented on behalf of github Mar 6, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the npm_and_yarn group group with 27 updates #51

Are you sure you want to change the base?

Bump the npm_and_yarn group group with 27 updates #51

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 6, 2024

9.0.0 - 2022-12-21

Breaking changes

Security fixes

2.29.4

2.29.3 Full changelog

2.29.2 See full changelog

2.29.1 See full changelog

2.29.0 See full changelog

2.28.0 See full changelog

2.27.0 See full changelog

2.26.0 See full changelog

8.2.1 / 2024-03-04

7.6.9 / 2024-02-26

8.2.0 / 2024-02-22

8.1.3 / 2024-02-16

8.1.2 / 2024-02-08

8.1.1 / 2024-01-24

[0.6.0] - 2022-05-20

Added

Changed

Security

[0.5.3] - 2022-05-16

Fixed

[0.5.2] - 2021-12-16

Fixed

[0.5.1] - 2021-12-15

Added

Changed

[0.5.0] - 2021-09-23

Changed

v7.24.0 (2024-02-28)

🚀 New Feature

🐛 Bug Fix

💅 Polish

🏠 Internal

v7.24.0 (2024-02-28)

🚀 New Feature

🐛 Bug Fix

💅 Polish

🏠 Internal

🔬 Output optimization

4.3.4

What's Changed

New Contributors

4.3.3

Patch Release 4.3.3

Repository Migration Information

Q: What impact will this have on me?

Q: What are the security implications of this change?

Q: What should I do if I encounter an issue related to the migration?

Q: Why was this done as a 'patch' release? Isn't this breaking?

7.7.0

Release Notes

7.6.2

Release Notes

7.6.1

Release Notes

7.6.0

Release Notes

[2022-05-18] Version 7.7.0

[2022-03-09] Version 7.6.2

[2022-02-09] Version 7.6.1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants