Update Mend: high confidence minor and patch dependency updates #84

mend-for-github-com · 2024-01-26T15:47:32Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/hapi__joi (source)	`17.1.6` -> `17.1.14`
cookie	`^0.4.1` -> `^0.6.0`
cookie-parser	`1.4.5` -> `1.4.6`
cookie-signature	`1.1.0` -> `1.2.1`
eslint (source)	`7.24.0` -> `7.32.0`
eslint-plugin-prettier	`3.4.0` -> `3.4.1`
express (source)	`4.17.1` -> `4.19.0`
github.com/stretchr/testify	`v1.7.0` -> `v1.9.0`
jest-date-mock	`1.0.8` -> `1.0.10`
on-finished	`2.3.0` -> `2.4.1`
prettier (source)	`2.2.1` -> `2.8.8`
react-router-dom (source)	`5.2.0` -> `5.3.4`
source-map-explorer	`2.5.2` -> `2.5.3`
styled-components (source)	`5.3.0` -> `5.3.1`
supertest	`6.1.3` -> `6.3.4`
winston	`3.3.3` -> `3.3.4`

By merging this PR, the issue #73 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Medium	6.1	CVE-2024-29041

By merging this PR, the issue #81 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
High	8.8	CVE-2023-45133

By merging this PR, the issue #72 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.8	CVE-2021-43138
High	7.5	WS-2021-0152
Medium	5.3	CVE-2021-29060

Release Notes

jshttp/cookie (cookie)

`v0.6.0`

Compare Source

==================

Add partitioned option

`v0.5.0`

Compare Source

==================

Add priority option
Fix expires option to reject invalid dates
perf: improve default decode speed
perf: remove slow string split in parse

`v0.4.2`

Compare Source

==================

perf: read value only when assigning in parse
perf: remove unnecessary regexp in parse

expressjs/cookie-parser (cookie-parser)

`v1.4.6`

Compare Source

==================

deps: cookie@0.4.1

visionmedia/node-cookie-signature (cookie-signature)

`v1.2.1`

Compare Source

==================

update annotations for allowed secret key types (#44, thanks @jyasskin!)

`v1.2.0`

Compare Source

==================

allow buffer and other node-supported types as key (#33)
be pickier about extra content after signed portion (#40)
some internal code clarity/cleanup improvements (#26)

eslint/eslint (eslint)

`v7.32.0`

Compare Source

3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin)
faecf56 Update: change reporting location for curly rule (refs #12334) (#14766) (Nitin Kumar)
d7dc07a Fix: ignore lines with empty elements (fixes #12756) (#14837) (Soufiane Boutahlil)
1bfbefd New: Exit on fatal error (fixes #13711) (#14730) (Antonios Katopodis)
ed007c8 Chore: Simplify internal no-invalid-meta rule (#14842) (Bryan Mishkin)
d53d906 Docs: Prepare data for website to indicate rules with suggestions (#14830) (Bryan Mishkin)
d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#14805) (Brett Zamir)
8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#14823) (Bryan Mishkin)
f9c164f Docs: New syntax issue template (#14826) (Nicholas C. Zakas)
eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #12334) (#14809) (Nitin Kumar)
ed945bd Docs: fix multiple broken links (#14833) (Sam Chen)
60df44c Chore: use actions/setup-node@v2 (#14816) (Nitin Kumar)
6641d88 Docs: Update README team and sponsors (ESLint Jenkins)

`v7.31.0`

Compare Source

efdbb12 Upgrade: @eslint/eslintrc to v0.4.3 (#14808) (Brandon Mills)
a96b05f Update: add end location to report in consistent-return (refs #12334) (#14798) (Nitin Kumar)
e0e8e30 Docs: update BUG_REPORT template (#14787) (Nitin Kumar)
39115c8 Docs: provide more context to no-eq-null (#14801) (gfyoung)
9a3c73c Docs: fix a broken link (#14790) (Sam Chen)
ddffa8a Update: Indicating the operator in question (#14764) (Paul Smith)
bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#14765) (Paul Smith)
b0d22e3 Docs: Mention benefit of providing meta.docs.url (#14774) (Bryan Mishkin)
000cc79 Sponsors: Sync README with website (ESLint Jenkins)
a6a7438 Chore: pin fs-teardown@0.1.1 (#14771) (Milos Djermanovic)

`v7.30.0`

Compare Source

5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #14744) (#14748) (Milos Djermanovic)
19a871a Docs: Suggest linting plugins for ESLint plugin developers (#14754) (Bryan Mishkin)
aa87329 Docs: fix broken links (#14756) (Sam Chen)
278813a Docs: fix and add more examples for new-cap rule (fixes #12874) (#14725) (Nitin Kumar)
ed1da5d Update: ecmaVersion allows "latest" (#14720) (薛定谔的猫)
104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #14715) (#14718) (Nitin Kumar)
b08170b Update: Implement FlatConfigArray (refs #13481) (#14321) (Nicholas C. Zakas)
f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#14738) (薛定谔的猫)
1b8997a Docs: Fix getRulesMetaForResults link syntax (#14723) (Brandon Mills)
aada733 Docs: fix two broken links (#14726) (Sam Chen)
8972529 Docs: Update README team and sponsors (ESLint Jenkins)

`v7.29.0`

Compare Source

bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#14677) (Brandon Mills)
c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #13654) (#14716) (Nicholas C. Zakas)
eea7e0d Chore: remove duplicate code (#14719) (Nitin Kumar)
6a1c7a0 Fix: allow fallthrough comment inside block (fixes #14701) (#14702) (Kevin Gibbons)
a47e5e3 Docs: Add Mega-Linter to the list of integrations (#14707) (Nicolas Vuillamy)
353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#14699) (薛定谔的猫)
757c495 Chore: add some rules to eslint-config-eslint (#14692) (薛定谔的猫)
c93a222 Docs: fix a broken link (#14697) (Sam Chen)
655c118 Sponsors: Sync README with website (ESLint Jenkins)
e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
ddbe877 Sponsors: Sync README with website (ESLint Jenkins)

`v7.28.0`

Compare Source

1237705 Upgrade: @eslint/eslintrc to 0.4.2 (#14672) (Milos Djermanovic)
123fb86 Docs: Add Feedback Needed triage description (#14670) (Nicholas C. Zakas)
c545163 Update: support multiline /eslint-env/ directives (fixes #14652) (#14660) (薛定谔的猫)
8d1e75a Upgrade: glob-parent version in package.json (#14658) (Hamza Najeeb)
1f048cb Fix: no-implicit-coercion false positive with String() (fixes #14623) (#14641) (Milos Djermanovic)
d709abf Chore: fix comment location in no-unused-vars (#14648) (Milos Djermanovic)
e44ce0a Fix: no-duplicate-imports allow unmergeable (fixes #12758, fixes #12760) (#14238) (Soufiane Boutahlil)
bb66a3d New: add getPhysicalFilename() method to rule context (fixes #11989) (#14616) (Nitin Kumar)
2e43dac Docs: fix no-sequences example (#14643) (Nitin Kumar)
958ff4e Docs: add note for arrow functions in no-seq rule (#14578) (Nitin Kumar)
e4f111b Fix: arrow-body-style crash with object pattern (fixes #14633) (#14635) (Milos Djermanovic)
ec28b5a Chore: upgrade eslint-plugin-eslint-plugin (#14590) (薛定谔的猫)
85a2725 Docs: Update README team and sponsors (ESLint Jenkins)

`v7.27.0`

Compare Source

2c0868c Chore: merge all html formatter files into html.js (#14612) (Milos Djermanovic)
9e9b5e0 Update: no-unused-vars false negative with comma operator (fixes #14325) (#14354) (Nitin Kumar)
afe9569 Chore: use includes instead of indexOf (#14607) (Mikhail Bodrov)
c0f418e Chore: Remove lodash (#14287) (Stephen Wade)
52655dd Update: no-restricted-imports custom message for patterns (fixes #11843) (#14580) (Alex Holden)
967b1c4 Chore: Fix typo in large.js (#14589) (Ikko Ashimine)
2466a05 Sponsors: Sync README with website (ESLint Jenkins)
fe29f18 Sponsors: Sync README with website (ESLint Jenkins)
086c1d6 Chore: add more test cases for no-sequences (#14579) (Nitin Kumar)
6a2ced8 Docs: Update README team and sponsors (ESLint Jenkins)

`v7.26.0`

Compare Source

aaf65e6 Upgrade: eslintrc for ModuleResolver fix (#14577) (Brandon Mills)
ae6dbd1 Fix: track variables, not names in require-atomic-updates (fixes #14208) (#14282) (Patrick Ahmetovic)
6a86e50 Chore: remove loose-parser tests (fixes #14315) (#14569) (Milos Djermanovic)
ee3a3ea Fix: create .eslintrc.cjs for module type (#14304) (Nitin Kumar)
6791dec Docs: fix example for require-atomic-updates (#14562) (Milos Djermanovic)
388eb7e Sponsors: Sync README with website (ESLint Jenkins)
f071d1e Update: Add automated suggestion to radix rule for parsing decimals (#14291) (Bryan Mishkin)
0b6a3f3 New: Include XO style guide in eslint --init (#14193) (Federico Brigante)

`v7.25.0`

Compare Source

5df5e4a Update: highlight last write reference for no-unused-vars (fixes #14324) (#14335) (Nitin Kumar)
0023872 Docs: Add deprecated note to working-with-rules-deprecated page (#14344) (Michael Novotny)
36fca70 Chore: Upgrade eslump to 3.0.0 (#14350) (Stephen Wade)
59b689a Chore: add node v16 (#14355) (薛定谔的猫)
35a1f5e Sponsors: Sync README with website (ESLint Jenkins)
fb0a92b Chore: rename misspelled identifier in test (#14346) (Tobias Nießen)
f2babb1 Docs: update pull request template (#14336) (Nitin Kumar)
02dde29 Docs: Fix anchor in 'docs/developer-guide/working-with-rules.md' (#14332) (Nate-Wilkins)
07d14c3 Chore: remove extraneous command from lint-staged config (#14314) (James George)
41b3570 Update: lint code block with same extension but different content (#14227) (JounQin)
eb29996 Docs: add more examples with arrow functions for no-sequences rule (#14313) (Nitin Kumar)

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

`v3.4.1`

Compare Source

build(deps): Bump glob-parent from 5.0.0 to 5.1.2 (#420) (b6d075c)
build(deps): Bump path-parse from 1.0.6 to 1.0.7 (#425) (24f957e)
feat: support @graphql-eslint/eslint-plugin out of box (#413) (ec6fbb1)
chore: add tests for Node 16 (#410) (76bd45e)

expressjs/express (express)

`v4.19.0`

Compare Source

==========

Prevent open redirect allow list bypass due to encodeurl
deps: cookie@0.6.0

`v4.18.3`

Compare Source

==========

Fix routing requests without method
deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
deps: cookie@0.6.0
- Add partitioned option

`v4.18.2`

Compare Source

===================

Fix regression routing a large stack in a single route
deps: body-parser@1.20.1
- deps: qs@6.11.0
- perf: remove unnecessary object clone
deps: qs@6.11.0

`v4.18.1`

Compare Source

===================

Fix hanging on large stack of sync routes

`v4.18.0`

Compare Source

===================

Add "root" option to res.download
Allow options without filename in res.download
Deprecate string and non-integer arguments to res.status
Fix behavior of null/undefined as maxAge in res.cookie
Fix handling very large stacks of sync middleware
Ignore Object.prototype values in settings through app.set/app.get
Invoke default with same arguments as types in res.format
Support proper 205 responses using res.send
Use http-errors for res.format error
deps: body-parser@1.20.0
- Fix error message for json parse whitespace in strict
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
deps: cookie@0.5.0
- Add priority option
- Fix expires option to reject invalid dates
deps: depd@2.0.0
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
deps: finalhandler@1.2.0
- Remove set content headers that break response
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
deps: on-finished@2.4.1
- Prevent loss of async hooks context
deps: qs@6.10.3
deps: send@0.18.0
- Fix emitted 416 error missing headers property
- Limit the headers removed for 304 response
- deps: depd@2.0.0
- deps: destroy@1.2.0
- deps: http-errors@2.0.0
- deps: on-finished@2.4.1
- deps: statuses@2.0.1
deps: serve-static@1.15.0
- deps: send@0.18.0
deps: statuses@2.0.1
- Remove code 306
- Rename 425 Unordered Collection to standard 425 Too Early

`v4.17.3`

Compare Source

===================

deps: accepts@~1.3.8
- deps: mime-types@~2.1.34
- deps: negotiator@0.6.3
deps: body-parser@1.19.2
- deps: bytes@3.1.2
- deps: qs@6.9.7
- deps: raw-body@2.4.3
deps: cookie@0.4.2
deps: qs@6.9.7
- Fix handling of __proto__ keys
pref: remove unnecessary regexp for trust proxy

`v4.17.2`

Compare Source

===================

Fix handling of undefined in res.jsonp
Fix handling of undefined when "json escape" is enabled
Fix incorrect middleware execution with unanchored RegExps
Fix res.jsonp(obj, status) deprecation message
Fix typo in res.is JSDoc
deps: body-parser@1.19.1
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
deps: content-disposition@0.5.4
- deps: safe-buffer@5.2.1
deps: cookie@0.4.1
- Fix maxAge option to reject invalid values
deps: proxy-addr@~2.0.7
- Use req.socket over deprecated req.connection
- deps: forwarded@0.2.0
- deps: ipaddr.js@1.9.1
deps: qs@6.9.6
deps: safe-buffer@5.2.1
deps: send@0.17.2
- deps: http-errors@1.8.1
- deps: ms@2.1.3
- pref: ignore empty http tokens
deps: serve-static@1.14.2
- deps: send@0.17.2
deps: setprototypeof@1.2.0

stretchr/testify (github.com/stretchr/testify)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jan 26, 2024

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 0e5e1b9 to 140ea2f Compare February 3, 2024 05:06

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 7 times, most recently from 9244bb2 to c8f0def Compare February 11, 2024 05:34

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 9688468 to bfd66ed Compare February 20, 2024 05:20

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 99982c4 to 752d9fa Compare February 29, 2024 04:58

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 6 times, most recently from 3e62dff to 437a081 Compare March 6, 2024 18:44

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from 437a081 to c1b66c8 Compare March 9, 2024 04:40

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 6 times, most recently from d14fd81 to ace1d39 Compare April 18, 2024 20:25

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 10 times, most recently from 8bf8c31 to dcecabf Compare April 25, 2024 20:35

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 3e6ba1c to 65b9387 Compare May 6, 2024 02:22

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 5 times, most recently from 42ca33d to 9d5a271 Compare May 10, 2024 00:20

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 2 times, most recently from c1e0c5d to fd754e9 Compare May 17, 2024 12:25

Update Mend: high confidence minor and patch dependency updates

d54972a

mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from fd754e9 to d54972a Compare May 18, 2024 00:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Mend: high confidence minor and patch dependency updates #84

Update Mend: high confidence minor and patch dependency updates #84

mend-for-github-com bot commented Jan 26, 2024 •

edited

Update Mend: high confidence minor and patch dependency updates #84

Are you sure you want to change the base?

Update Mend: high confidence minor and patch dependency updates #84

Conversation

mend-for-github-com bot commented Jan 26, 2024 • edited

Release Notes

What's Changed

New Contributors

Configuration

mend-for-github-com bot commented Jan 26, 2024 •

edited