Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: , , , , configcat-js-ssr, cookie, emoji-regex, google-spreadsheet, nanoid, node-fetch, validator #44

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: , , , , configcat-js-ssr, cookie, emoji-regex, google-spreadsheet, nanoid, node-fetch, validator #44

wants to merge 1 commit into from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@lottiefiles/lottie-player
from 1.7.1 to 2.0.4 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 months ago
on 2024-03-04
@sendgrid/mail
from 7.7.0 to 8.1.3 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 months ago
on 2024-04-02
@types/rss
from 0.0.30 to 0.0.32 | 2 versions ahead of your current version | 10 months ago
on 2023-11-07
@types/uuid
from 9.0.2 to 10.0.0 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-20
configcat-js-ssr
from 6.0.1 to 8.4.2 | 13 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-22
cookie
from 0.5.0 to 0.6.0 | 1 version ahead of your current version | 10 months ago
on 2023-11-07
emoji-regex
from 10.2.1 to 10.4.0 | 2 versions ahead of your current version | 23 days ago
on 2024-08-26
google-spreadsheet
from 3.3.0 to 4.1.2 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-12
nanoid
from 4.0.2 to 5.0.7 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
on 2024-04-07
node-fetch
from 3.3.1 to 3.3.2 | 1 version ahead of your current version | a year ago
on 2023-07-25
validator
from 13.9.0 to 13.12.0 | 2 versions ahead of your current version | 4 months ago
on 2024-05-09

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 676 Proof of Concept
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 676 Proof of Concept
high severity Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 676 Proof of Concept
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 676 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 676 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 676 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 676 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 676 Proof of Concept
Release notes
Package name: @lottiefiles/lottie-player from @lottiefiles/lottie-player GitHub release notes
Package name: @sendgrid/mail from @sendgrid/mail GitHub release notes
Package name: @types/rss
  • 0.0.32 - 2023-11-07
  • 0.0.31 - 2023-10-18
  • 0.0.30 - 2023-01-17
from @types/rss GitHub release notes
Package name: @types/uuid
  • 10.0.0 - 2024-06-20
  • 9.0.8 - 2024-01-25
  • 9.0.7 - 2023-11-07
  • 9.0.6 - 2023-10-18
  • 9.0.5 - 2023-10-06
  • 9.0.4 - 2023-09-14
  • 9.0.3 - 2023-08-30
  • 9.0.2 - 2023-06-08
from @types/uuid GitHub release notes
Package name: configcat-js-ssr
  • 8.4.2 - 2024-08-22

    Security fixes:

  • 8.4.1 - 2024-04-18

    Security fixes:

    • Upgrade the axios dependency to v1.6.8 as earlier versions use a vulnerable version of the follow-redirects package. (#81)
  • 8.4.0 - 2024-03-21

    Improvements:

    • Make naming of UserComparator members consistent. (configcat/common-js#102)
    • Make line terminator character sequence configurable in log messages.
    • Adjust the terminology used in JSDoc comments to the main documentation.
    • Minor performance improvements.

    Bug fixes:

    • Align evaluation logging and evaluator error reporting in some edge cases where the config JSON contains errors.
    • Correct grammar mistakes in error messages.

    Breaking changes:

    • Change the name of some UserComparator members: Is(Not)OneOf -> TextIs(Not)OneOf, SensitiveIs(Not)OneOf -> SensitiveTextIs(Not)OneOf, (Not)ContainsAnyOf -> Text(Not)ContainsAnyOf. (Low impact expected.)
  • 8.3.0 - 2024-01-16

    New features/improvements:

    • Add an optional parameter named watchChanges to createFlagOverridesFromMap which controls whether the client should detect changes to the flag override map after client initialization. (configcat/common-js#101)

    Bug fixes:

    • Reference a fixed version of configcat-common to avoid issues in case the "pubternal" API of configcat-common changes. (#79)
  • 8.2.0 - 2024-01-09

    Improvements:

    • Upgrade to configcat-common v9.1.0.
    • Send ETag as a query string parameter when running in browser (because browsers don't send it automatically in every case).
    • Upon client initialization test for the availability of the local storage and use LocalStorageCache only if it's available. Otherwise, use the default (in-memory) cache implementation.
    • Don't swallow exceptions which are thrown in the LocalStorageCache.get/set methods so the outer exception handlers can catch and log them.
  • 8.1.0 - 2023-12-20

    Fixed a cache issue with non Latin 1 characters in the config.json.

  • 8.0.0 - 2023-11-24

    New features and improvements:

    • Add support for the new Config JSON v6 format: update the config model and implement new features in setting evaluation logic. (configcat/common-js#96)
    • Overhaul setting evaluation-related logging and make it consistent across SDKs.
    • Performance improvements to setting evaluation (building of evaluation log is expensive, so it is skipped when info level logging is turned off).

    Bug fixes:

    • Hook event handlers which close over the client instance should not prevent the client from being collected by the GC when user has no more references to the client instance. (configcat/common-js#97)
    • Prevent potential issues with weak references when awaiting IConfigCatClient.waitForReady. Also, make observable if the initial cache sync-up fails.

    Breaking changes (listed in the order of expected impact):

    • Rename the matchedEvaluationRule property to matchedTargetingRule and the matchedEvaluationPercentageRule property to matchedPercentageOption in IEvaluationDetails.
    • Throw Error when the SDK key passed to ConfigCatClient.get is in invalid format (unless the client is set up to use local-only flag override behavior).
    • Remove the deprecated ClientReadyState enum (it was renamed to ClientCacheState).
    • Change config model (IConfig and related interfaces/enums).
    • Slightly change the behavior of the ClientReady hook in Auto Poll mode to fire after the completion of the first fetch operation - regardless of success or failure - to make the behavior consistent with other SDKs. (configcat/common-js#94)
  • 7.1.2 - 2023-11-16

    Improvements:

    • Upgrade TypeScript version to 4.8.4

    Security:

    • Upgrade axios library to 1.6.2
  • 7.1.1 - 2023-08-04

    Improvements:

    • For better compatibility, restrict the TypeScript language features used to those which are available in v4.0 by downgrading the TypeScript compiler version.
  • 7.1.0 - 2023-07-26

    New features and improvements:

    • Provide a way to synchronously evaluate of feature flags/settings: consumers can create a snapshot of the client by IConfigCatClient.snapshot(), which captures the client's state (including the latest config fetched), then, using the returned object, they can execute synchronous evaluation operations.
    • Add a state parameter to the clientReady hook, by means of which consumers can get information about the initialization state of the client.
    • Minor performance improvements.

    Bug fixes:

    • Fix error logging of getValueAsync/getValueDetailsAsync calls.
    • Fix JSDoc documentation of Comparator.Contains/NotContains.
  • 7.0.2 - 2023-07-07
  • 7.0.1 - 2023-06-26
  • 7.0.0 - 2023-06-13
  • 6.0.1 - 2023-04-26
from configcat-js-ssr GitHub release notes
Package name: cookie
  • 0.6.0 - 2023-11-07
    • Add partitioned option
  • 0.5.0 - 2022-04-11
    • Add priority option
    • Fix expires option to reject invalid dates
    • pref: improve default decode speed
    • pref: remove slow string split in parse
from cookie GitHub release notes
Package name: emoji-regex from emoji-regex GitHub release notes
Package name: google-spreadsheet
  • 4.1.2 - 2024-05-12
    • add setDataValidation #691
    • fix docs typos
    • move from CircleCI to GH Actions 53fe384
  • 4.1.1 - 2023-11-06
    • Merge pull request #657 from ruscon/master (93711cf)
    • docs: remove outdated reference to doc.useServiceAccountAuth() (a60104b)
    • chore(deps): allow google-auth-library@^9.0.0 (2652f0c)
  • 4.1.0 - 2023-09-14
    • Merge pull request #652 from marcusteh1238/master (8ba5c22)
    • fix: match color style field to that in google api (fce1605)
  • 4.0.3 - 2023-09-07
    • fix: handle trimming null/undefined header values (3ef8fcf)
    • docs(small updates): fixed a few small grammar issues and copied readme to docs index (867bb63)
    • Merge pull request #637 from Kikobeats/patch-1 (af0af4d)
    • docs: get/set are sync methods (233ca2c)
    • docs: docs cleanup and improvements (882bd73)
    • build: call build in release task (c306dc0)
    • Merge pull request #633 from igormartimiano/patch-1 (9646805)
    • docs(readme.md): fix wrong import (0535a26)
  • 4.0.2 - 2023-06-28
    • fix: lodash imports needs explicit .js extension (4cad156)
  • 4.0.1 - 2023-06-27
    • v4.0.1 changelog (a09b1e1)
    • chore: switch back from lodash-es to lodash to avoid ESM issues (c808eed)
  • 4.0.0 - 2023-06-26
    • Typescript rewrite! 903e923
      • no more lagging/outdated types from DefinitelyTyped (@ types/google-spreadsheet)
      • refactor GoogleSpreadsheetRow to be more TS friendly
      • add new typed value getters/setters to GoogleSpreadsheetCell (stringValue, boolValue, numberValue)
      • cell.formulaError -> cell.errorValue
      • refactor authentication to rely directly on google-auth-library as a peer dependency
      • support Application Default Credentials (auto inject credentials in some environments)
      • refactor document creation into static method, similar auth setup
      • support basic sharing / permissions management (drive api)
      • support document delete
      • replaced GoogleSpreadsheetFormulaError with GoogleSpreadsheetCellErrorValue and now handles all possible cell error types
      • fully deprecated sheet.getInfo,
    • chore: set up release tooling (release-it, auto-changelog, commitizen) dc831e3
  • 3.3.0 - 2022-05-14

    3.3.0

from google-spreadsheet GitHub release notes
Package name: nanoid from nanoid GitHub release notes
Package name: node-fetch from node-fetch GitHub release notes
Package name: validator

@snyk-bot
feat: upgrade multiple dependencies with Snyk
70b78ab 
Snyk has created this PR to upgrade:
  - @lottiefiles/lottie-player from 1.7.1 to 2.0.4.
    See this package in npm: https://www.npmjs.com/package/@lottiefiles/lottie-player
  - @sendgrid/mail from 7.7.0 to 8.1.3.
    See this package in npm: https://www.npmjs.com/package/@sendgrid/mail
  - @types/rss from 0.0.30 to 0.0.32.
    See this package in npm: https://www.npmjs.com/package/@types/rss
  - @types/uuid from 9.0.2 to 10.0.0.
    See this package in npm: https://www.npmjs.com/package/@types/uuid
  - configcat-js-ssr from 6.0.1 to 8.4.2.
    See this package in npm: https://www.npmjs.com/package/configcat-js-ssr
  - cookie from 0.5.0 to 0.6.0.
    See this package in npm: https://www.npmjs.com/package/cookie
  - emoji-regex from 10.2.1 to 10.4.0.
    See this package in npm: https://www.npmjs.com/package/emoji-regex
  - google-spreadsheet from 3.3.0 to 4.1.2.
    See this package in npm: https://www.npmjs.com/package/google-spreadsheet
  - nanoid from 4.0.2 to 5.0.7.
    See this package in npm: https://www.npmjs.com/package/nanoid
  - node-fetch from 3.3.1 to 3.3.2.
    See this package in npm: https://www.npmjs.com/package/node-fetch
  - validator from 13.9.0 to 13.12.0.
    See this package in npm: https://www.npmjs.com/package/validator

See this project in Snyk:
https://app.snyk.io/org/cachiman-inc/project/d01ab976-57bb-4b97-be10-ffff740facb8?utm_source=github&utm_medium=referral&page=upgrade-pr
@vercel Vercel
Copy link

vercel bot commented Sep 18, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
cachimanboutique ❌ Failed (Inspect) Sep 18, 2024 3:00am
website ❌ Failed (Inspect) Sep 18, 2024 3:00am

@google-cla Google CLA
Copy link

google-cla bot commented Sep 18, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"socket hang up" / ECONNRESET on consecutive requests with Node.js 19 and Node.js 20
2 participants
@WontonSam @snyk-bot