Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , minimatch, jsonwebtoken, , lru-cache, gcf-utils, , , , , c8, gts, mocha, nock, sinon, smee-client, typescript #505

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

@types/node
from 18.11.18 to 22.5.1 | 288 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 22 days ago
on 2024-08-28
minimatch
from 5.1.2 to 10.0.1 | 50 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
jsonwebtoken
from 9.0.0 to 9.0.2 | 2 versions ahead of your current version | a year ago
on 2023-08-30
@types/js-yaml
from 4.0.5 to 4.0.9 | 4 versions ahead of your current version | 10 months ago
on 2023-11-07
lru-cache
from 7.14.1 to 11.0.0 | 39 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
gcf-utils
from 14.4.6 to 15.0.1 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-26
@google-automations/bot-config-utils
from 6.1.3 to 7.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-18
@types/jsonpath
from 0.2.0 to 0.2.4 | 4 versions ahead of your current version | 10 months ago
on 2023-11-21
@types/mocha
from 10.0.1 to 10.0.7 | 6 versions ahead of your current version | 3 months ago
on 2024-06-22
@types/sinon
from 10.0.13 to 17.0.3 | 11 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 8 months ago
on 2024-01-10
c8
from 7.14.0 to 10.1.2 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-13
gts
from 4.0.1 to 5.3.1 | 10 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-11
mocha
from 10.2.0 to 10.7.3 | 10 versions ahead of your current version | a month ago
on 2024-08-09
nock
from 13.3.0 to 13.5.5 | 15 versions ahead of your current version | a month ago
on 2024-08-20
sinon
from 15.0.1 to 18.0.0 | 16 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-15
smee-client
from 1.2.3 to 2.0.3 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-15
typescript
from 4.9.4 to 5.5.4 | 596 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-22

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860
112 No Known Exploit
high severity Improper Handling of Exceptional Conditions
SNYK-JS-PROBOT-6129524
112 No Known Exploit
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
112 Proof of Concept
high severity Infinite loop
SNYK-JS-MARKDOWNIT-6483324
112 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
112 No Known Exploit
high severity Improper Handling of Exceptional Conditions
SNYK-JS-OCTOKITWEBHOOKS-6129527
112 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
112 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106
112 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
112 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509
112 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867
112 No Known Exploit
medium severity Uncontrolled Resource Consumption
SNYK-JS-GRPCGRPCJS-7242922
112 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SEND-7926862
112 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865
112 No Known Exploit
Release notes
Package name: @types/node
  • 22.5.1 - 2024-08-28
  • 22.5.0 - 2024-08-21
  • 22.4.2 - 2024-08-21
  • 22.4.1 - 2024-08-19
  • 22.4.0 - 2024-08-16
  • 22.3.0 - 2024-08-14
  • 22.2.0 - 2024-08-09
  • 22.1.0 - 2024-08-02
  • 22.0.3 - 2024-08-02
  • 22.0.2 - 2024-07-31
  • 22.0.1 - 2024-07-31
  • 22.0.0 - 2024-07-28
  • 20.16.5 - 2024-09-04
  • 20.16.4 - 2024-09-04
  • 20.16.3 - 2024-09-01
  • 20.16.2 - 2024-08-28
  • 20.16.1 - 2024-08-19
  • 20.16.0 - 2024-08-18
  • 20.15.0 - 2024-08-16
  • 20.14.15 - 2024-08-09
  • 20.14.14 - 2024-08-02
  • 20.14.13 - 2024-07-28
  • 20.14.12 - 2024-07-23
  • 20.14.11 - 2024-07-16
  • 20.14.10 - 2024-07-05
  • 20.14.9 - 2024-06-25
  • 20.14.8 - 2024-06-22
  • 20.14.7 - 2024-06-20
  • 20.14.6 - 2024-06-19
  • 20.14.5 - 2024-06-18
  • 20.14.4 - 2024-06-17
  • 20.14.3 - 2024-06-17
  • 20.14.2 - 2024-06-05
  • 20.14.1 - 2024-06-03
  • 20.14.0 - 2024-06-02
  • 20.13.0 - 2024-05-31
  • 20.12.14 - 2024-05-31
  • 20.12.13 - 2024-05-29
  • 20.12.12 - 2024-05-14
  • 20.12.11 - 2024-05-08
  • 20.12.10 - 2024-05-06
  • 20.12.9 - 2024-05-06
  • 20.12.8 - 2024-05-01
  • 20.12.7 - 2024-04-09
  • 20.12.6 - 2024-04-09
  • 20.12.5 - 2024-04-05
  • 20.12.4 - 2024-04-03
  • 20.12.3 - 2024-04-02
  • 20.12.2 - 2024-03-30
  • 20.12.1 - 2024-03-30
  • 20.12.0 - 2024-03-30
  • 20.11.30 - 2024-03-19
  • 20.11.29 - 2024-03-18
  • 20.11.28 - 2024-03-15
  • 20.11.27 - 2024-03-13
  • 20.11.26 - 2024-03-11
  • 20.11.25 - 2024-03-06
  • 20.11.24 - 2024-02-29
  • 20.11.23 - 2024-02-29
  • 20.11.22 - 2024-02-28
  • 20.11.21 - 2024-02-27
  • 20.11.20 - 2024-02-22
  • 20.11.19 - 2024-02-15
  • 20.11.18 - 2024-02-15
  • 20.11.17 - 2024-02-08
  • 20.11.16 - 2024-02-01
  • 20.11.15 - 2024-02-01
  • 20.11.14 - 2024-01-31
  • 20.11.13 - 2024-01-30
  • 20.11.12 - 2024-01-30
  • 20.11.11 - 2024-01-30
  • 20.11.10 - 2024-01-28
  • 20.11.9 - 2024-01-28
  • 20.11.8 - 2024-01-27
  • 20.11.7 - 2024-01-26
  • 20.11.6 - 2024-01-24
  • 20.11.5 - 2024-01-17
  • 20.11.4 - 2024-01-16
  • 20.11.3 - 2024-01-15
  • 20.11.2 - 2024-01-15
  • 20.11.1 - 2024-01-15
  • 20.11.0 - 2024-01-11
  • 20.10.8 - 2024-01-09
  • 20.10.7 - 2024-01-07
  • 20.10.6 - 2023-12-30
  • 20.10.5 - 2023-12-17
  • 20.10.4 - 2023-12-07
  • 20.10.3 - 2023-12-03
  • 20.10.2 - 2023-12-01
  • 20.10.1 - 2023-11-29
  • 20.10.0 - 2023-11-24
  • 20.9.5 - 2023-11-23
  • 20.9.4 - 2023-11-22
  • 20.9.3 - 2023-11-21
  • 20.9.2 - 2023-11-18
  • 20.9.1 - 2023-11-16
  • 20.9.0 - 2023-11-07
  • 20.8.10 - 2023-10-31
  • 20.8.9 - 2023-10-25
  • 20.8.8 - 2023-10-24
  • 20.8.7 - 2023-10-18
  • 20.8.6 - 2023-10-13
  • 20.8.5 - 2023-10-12
  • 20.8.4 - 2023-10-09
  • 20.8.3 - 2023-10-06
  • 20.8.2 - 2023-10-02
  • 20.8.1 - 2023-10-02
  • 20.8.0 - 2023-09-30
  • 20.7.2 - 2023-09-29
  • 20.7.1 - 2023-09-27
  • 20.7.0 - 2023-09-25
  • 20.6.5 - 2023-09-24
  • 20.6.4 - 2023-09-23
  • 20.6.3 - 2023-09-20
  • 20.6.2 - 2023-09-16
  • 20.6.1 - 2023-09-15
  • 20.6.0 - 2023-09-08
  • 20.5.9 - 2023-09-02
  • 20.5.8 - 2023-09-01
  • 20.5.7 - 2023-08-28
  • 20.5.6 - 2023-08-24
  • 20.5.5 - 2023-08-24
  • 20.5.4 - 2023-08-23
  • 20.5.3 - 2023-08-22
  • 20.5.2 - 2023-08-22
  • 20.5.1 - 2023-08-18
  • 20.5.0 - 2023-08-13
  • 20.4.10 - 2023-08-11
  • 20.4.9 - 2023-08-08
  • 20.4.8 - 2023-08-05
  • 20.4.7 - 2023-08-04
  • 20.4.6 - 2023-08-02
  • 20.4.5 - 2023-07-25
  • 20.4.4 - 2023-07-22
  • 20.4.3 - 2023-07-21
  • 20.4.2 - 2023-07-12
  • 20.4.1 - 2023-07-07
  • 20.4.0 - 2023-07-05
  • 20.3.3 - 2023-06-30
  • 20.3.2 - 2023-06-26
  • 20.3.1 - 2023-06-13
  • 20.3.0 - 2023-06-10
  • 20.2.6 - 2023-06-10
  • 20.2.5 - 2023-05-26
  • 20.2.4 - 2023-05-25
  • 20.2.3 - 2023-05-21
  • 20.2.2 - 2023-05-21
  • 20.2.1 - 2023-05-18
  • 20.2.0 - 2023-05-17
  • 20.1.7 - 2023-05-16
  • 20.1.6 - 2023-05-16
  • 20.1.5 - 2023-05-16
  • 20.1.4 - 2023-05-13
  • 20.1.3 - 2023-05-11
  • 20.1.2 - 2023-05-10
  • 20.1.1 - 2023-05-08
  • 20.1.0 - 2023-05-05
  • 20.0.0 - 2023-05-05
  • 18.19.50 - 2024-09-04
  • 18.19.49 - 2024-09-04
  • 18.19.48 - 2024-09-01
  • 18.19.47 - 2024-08-28
  • 18.19.46 - 2024-08-26
  • 18.19.45 - 2024-08-19
  • 18.19.44 - 2024-08-09
  • 18.19.43 - 2024-08-02
  • 18.19.42 - 2024-07-23
  • 18.19.41 - 2024-07-18
  • 18.19.40 - 2024-07-16
  • 18.19.39 - 2024-06-22
  • 18.19.38 - 2024-06-20
  • 18.19.37 - 2024-06-19
  • 18.19.36 - 2024-06-17
  • 18.19.35 - 2024-06-17
  • 18.19.34 - 2024-06-03
  • 18.19.33 - 2024-05-08
  • 18.19.32 - 2024-05-06
  • 18.19.31 - 2024-04-09
  • 18.19.30 - 2024-04-05
  • 18.19.29 - 2024-04-02
  • 18.19.28 - 2024-03-30
  • 18.19.27 - 2024-03-30
  • 18.19.26 - 2024-03-19
  • 18.19.25 - 2024-03-18
  • 18.19.24 - 2024-03-13
  • 18.19.23 - 2024-03-11
  • 18.19.22 - 2024-03-06
  • 18.19.21 - 2024-02-29
  • 18.19.20 - 2024-02-28
  • 18.19.19 - 2024-02-27
  • 18.19.18 - 2024-02-22
  • 18.19.17 - 2024-02-15
  • 18.19.16 - 2024-02-15
  • 18.19.15 - 2024-02-08
  • 18.19.14 - 2024-02-01
  • 18.19.13 - 2024-02-01
  • 18.19.12 - 2024-01-31
  • 18.19.11 - 2024-01-30
  • 18.19.10 - 2024-01-26
  • 18.19.9 - 2024-01-24
  • 18.19.8 - 2024-01-17
  • 18.19.7 - 2024-01-15
  • 18.19.6 - 2024-01-09
  • 18.19.5 - 2024-01-07
  • 18.19.4 - 2023-12-30
  • 18.19.3 - 2023-12-07
  • 18.19.2 - 2023-12-03
  • 18.19.1 - 2023-12-01
  • 18.19.0 - 2023-11-30
  • 18.18.14 - 2023-11-29
  • 18.18.13 - 2023-11-23
  • 18.18.12 - 2023-11-22
  • 18.18.11 - 2023-11-21
  • 18.18.10 - 2023-11-18
  • 18.18.9 - 2023-11-07
  • 18.18.8 - 2023-10-31
  • 18.18.7 - 2023-10-25
  • 18.18.6 - 2023-10-18
  • 18.18.5 - 2023-10-12
  • 18.18.4 - 2023-10-06
  • 18.18.3 - 2023-10-02
  • 18.18.2 - 2023-10-02
  • 18.18.1 - 2023-09-29
  • 18.18.0 - 2023-09-25
  • 18.17.19 - 2023-09-23
  • 18.17.18 - 2023-09-20
  • 18.17.17 - 2023-09-16
  • 18.17.16 - 2023-09-15
  • 18.17.15 - 2023-09-08
  • 18.17.14 - 2023-09-02
  • 18.17.13 - 2023-09-01
  • 18.17.12 - 2023-08-28
  • 18.17.11 - 2023-08-24
  • 18.17.10 - 2023-08-24
  • 18.17.9 - 2023-08-23
  • 18.17.8 - 2023-08-22
  • 18.17.7 - 2023-08-22
  • 18.17.6 - 2023-08-18
  • 18.17.5 - 2023-08-11
  • 18.17.4 - 2023-08-08
  • 18.17.3 - 2023-08-05
  • 18.17.2 - 2023-08-04
  • 18.17.1 - 2023-07-25
  • 18.17.0 - 2023-07-22
  • 18.16.20 - 2023-07-21
  • 18.16.19 - 2023-06-30
  • 18.16.18 - 2023-06-13
  • 18.16.17 - 2023-06-10
  • 18.16.16 - 2023-05-26
  • 18.16.15 - 2023-05-25
  • 18.16.14 - 2023-05-21
  • 18.16.13 - 2023-05-18
  • 18.16.12 - 2023-05-16
  • 18.16.11 - 2023-05-16
  • 18.16.10 - 2023-05-16
  • 18.16.9 - 2023-05-13
  • 18.16.8 - 2023-05-11
  • 18.16.7 - 2023-05-10
  • 18.16.6 - 2023-05-08
  • 18.16.5 - 2023-05-05
  • 18.16.4 - 2023-05-05
  • 18.16.3 - 2023-04-29
  • 18.16.2 - 2023-04-27
  • 18.16.1 - 2023-04-25
  • 18.16.0 - 2023-04-23
  • 18.15.13 - 2023-04-21
  • 18.15.12 - 2023-04-19
  • 18.15.11 - 2023-03-28
  • 18.15.10 - 2023-03-25
  • 18.15.9 - 2023-03-25
  • 18.15.8 - 2023-03-24
  • 18.15.7 - 2023-03-24
  • 18.15.6 - 2023-03-23
  • 18.15.5 - 2023-03-20
  • 18.15.4 - 2023-03-20
  • 18.15.3 - 2023-03-14
  • 18.15.2 - 2023-03-13
  • 18.15.1 - 2023-03-13
  • 18.15.0 - 2023-03-09
  • 18.14.6 - 2023-03-03
  • 18.14.5 - 2023-03-03
  • 18.14.4 - 2023-03-02
  • 18.14.3 - 2023-03-02
  • 18.14.2 - 2023-02-26
  • 18.14.1 - 2023-02-23
  • 18.14.0 - 2023-02-17
  • 18.13.0 - 2023-02-07
  • 18.11.19 - 2023-02-04
  • 18.11.18 - 2022-12-26
from @types/node GitHub release notes
Package name: minimatch
  • 10.0.1 - 2024-07-08

    10.0.1

  • 10.0.0 - 2024-07-08

    10.0.0

  • 9.0.5 - 2024-06-25

    9.0.5

  • 9.0.4 - 2024-03-28

    9.0.4

  • 9.0.3 - 2023-07-06

    9.0.3

  • 9.0.2 - 2023-06-23

    9.0.2

  • 9.0.1 - 2023-05-20

    9.0.1

  • 9.0.0 - 2023-04-09

    9.0.0

  • 8.0.4 - 2023-04-09

    8.0.4

  • 8.0.3 - 2023-04-03
  • 8.0.2 - 2023-04-02
  • 8.0.1 - 2023-04-02
  • 8.0.0 - 2023-04-02
  • 7.4.6 - 2023-04-09

    7.4.6

  • 7.4.5 - 2023-04-03
  • 7.4.4 - 2023-04-01
  • 7.4.3 - 2023-03-22
  • 7.4.2 - 2023-03-01
  • 7.4.1 - 2023-03-01
  • 7.4.0 - 2023-03-01
  • 7.3.0 - 2023-02-27
  • 7.2.0 - 2023-02-26
  • 7.1.4 - 2023-02-26
  • 7.1.3 - 2023-02-25
  • 7.1.2 - 2023-02-24
  • 7.1.1 - 2023-02-24
  • 7.1.0 - 2023-02-22
  • 7.0.1 - 2023-02-22
  • 7.0.0 - 2023-02-20
  • 6.2.0 - 2023-02-13
  • 6.1.10 - 2023-02-13
  • 6.1.9 - 2023-02-13
  • 6.1.8 - 2023-02-11
  • 6.1.7 - 2023-02-11
  • 6.1.6 - 2023-01-22
  • 6.1.5 - 2023-01-17
  • 6.1.4 - 2023-01-17
  • 6.1.3 - 2023-01-17
  • 6.1.2 - 2023-01-17
  • 6.1.1 - 2023-01-17
  • 6.1.0 - 2023-01-17
  • 6.0.4 - 2023-01-16
  • 6.0.3 - 2023-01-15
  • 6.0.2 - 2023-01-15
  • 6.0.1 - 2023-01-15
  • 6.0.0 - 2023-01-14
  • 5.1.6 - 2023-01-17
  • 5.1.5 - 2023-01-17
  • 5.1.4 - 2023-01-14
  • 5.1.3 - 2023-01-14
  • 5.1.2 - 2022-12-20
from minimatch GitHub release notes
Package name: jsonwebtoken
  • 9.0.2 - 2023-08-30

    Release 9.0.2 (#935)

  • 9.0.1 - 2023-07-05

    Updating package version to 9.0.1 (#920)

  • 9.0.0 - 2022-12-21
    • Check if node version supports asymmetricKeyDetails

    • Validate algorithms for ec key type

    • Rename variable

    • Rename function

    • Add early return for symmetric keys

    • Validate algorithm for RSA key type

    • Validate algorithm for RSA-PSS key type

    • Check key types for EdDSA algorithm

    • Rename function

    • Move validateKey function to module

    • Convert arrow to function notation

    • Validate key in verify function

    • Simplify if

    • Convert if to switch..case

    • Guard against empty key in validation

    • Remove empty line

    • Add lib to check modulus length

    • Add modulus length checks

    • Validate mgf1HashAlgorithm and saltLength

    • Check node version before using key details API

    • Use built-in modulus length getter

    • Fix Node version validations

    • Remove duplicate validateKey

    • Add periods to error messages

    • Fix validation in verify function

    • Make asymmetric key validation the latest validation step

    • Change key curve validation

    • Remove support for ES256K

    • Fix old test that was using wrong key types to sign tokens

    • Enable RSA-PSS for old Node versions

    • Add specific RSA-PSS validations on Node 16 LTS+

    • Improve error message

    • Simplify key validation code

    • Fix typo

    • Improve error message

    • Change var to const in test

    • Change const to let to avoid reassigning problem

    • Improve error message

    • Test incorrect private key type

    • Rename invalid to unsupported

    • Test verifying of jwt token with unsupported key

    • Test invalid private key type

    • Change order of object parameters

    • Move validation test to separate file

    • Move all validation tests to separate file

    • Add prime256v1 ec key

    • Remove modulus length check

    • WIP: Add EC key validation tests

    • Fix node version checks

    • Fix error message check on test

    • Add successful tests for EC curve check

    • Remove only from describe

    • Remove only

    • Remove duplicate block of code

    • Move variable to a different scope and make it const

    • Convert allowed curves to object for faster lookup

    • Rename variable

    • Change variable assignment order

    • Remove unused object properties

    • Test RSA-PSS happy path and wrong length

    • Add missing tests

    • Pass validation if no algorithm has been provided

    • Test validation of invalid salt length

    • Test error when signing token with invalid key

    • Change var to const/let in verify tests

    • Test verifying token with invalid key

    • Improve test error messages

    • Add parameter to skip private key validation

    • Replace DSA key with a 4096 bit long key

    • Test allowInvalidPrivateKeys in key signing

    • Improve test message

    • Rename variable

    • Add key validation flag tests

    • Fix variable name in Readme

    • Change private to public dsa key in verify

    • Rename flag

    • Run EC validation tests conditionally

    • Fix tests in old node versions

    • Ignore block of code from test coverage

    • Separate EC validations tests into two different ones

    • Add comment

    • Wrap switch in if instead of having an early return

    • Remove unsupported algorithms from asymmetric key validation

    • Rename option to allowInvalidAsymmetricKeyTypes and improve Readme

    • 9.0.0

    • adding migration notes to readme

    • adding changelog for version 9.0.0

    Co-authored-by: julienwoll julien.wollscheid@auth0.com

from jsonwebtoken GitHub release notes
Package name: @types/js-yaml
  • 4.0.9 - 2023-11-07
  • 4.0.8 - 2023-10-18
  • 4.0.7 - 2023-10-10
  • 4.0.6 - 2023-09-15
  • 4.0.5 - 2021-11-19
from @types/js-yaml GitHub release notes
Package name: lru-cache
  • 11.0.0 - 2024-07-08

    11.0.0

  • 10.4.3 - 2024-07-09
  • 10.4.2 - 2024-07-09
  • 10.4.1 - 2024-07-08

    10.4.1

  • 10.4.0 - 2024-07-08

    10.4.0

  • 10.3.1 - 2024-07-06

    10.3.1

  • 10.3.0 - 2024-06-28

    10.3.0

  • 10.2.2 - 2024-04-28

    10.2.2

  • 10.2.1 - 2024-04-25

    10.2.1

  • 10.2.0 - 2024-01-25

    10.2.0

  • 10.1.0 - 2023-11-22

    10.1.0

  • 10.0.3 - 2023-11-19

    10.0.3

  • 10.0.2 - 2023-11-10
  • 10.0.1 - 2023-08-10
  • 10.0.0 - 2023-06-15
  • 9.1.2 - 2023-06-01
  • 9.1.1 - 2023-04-23
  • 9.1.0 - 2023-04-18
  • 9.0.3 - 2023-04-14
  • 9.0.2 - 2023-04-13
  • 9.0.1 - 2023-04-10
  • 9.0.0 - 2023-04-09
  • 8.0.5 - 2023-04-05
  • 8.0.4 - 2023-03-17
  • 8.0.3 - 2023-03-15
  • 8.0.2 - 2023-03-15
  • 8.0.1 - 2023-03-15
  • 8.0.0 - 2023-03-12
  • 7.18.3 - 2023-03-05
  • 7.18.2 - 2023-03-05
  • 7.18.1 - 2023-03-01
  • 7.18.0 - 2023-03-01
  • 7.17.2 - 2023-03-01
  • 7.17.1 - 2023-03-01
  • 7.17.0 - 2023-02-22
  • 7.16.2 - 2023-02-21
  • 7.16.1 - 2023-02-17
  • 7.16.0 - 2023-02-16
  • 7.15.0 - 2023-02-16
  • 7.14.1 - 2022-11-02
from lru-cache GitHub release notes
Package name: gcf-utils
  • 15.0.1 - 2023-09-26

    15.0.1 (2023-09-26)

    Bug Fixes

    • getAuthenticatedOctokit is a standalone method (#5235) (0f95e5a)
  • 15.0.0 - 2023-09-15
  • 14.4.6 - 2023-01-12
from gcf-utils GitHub release notes
Package name: @google-automations/bot-config-utils
  • 7.0.0 - 2023-09-18
  • 6.1.3 - 2023-01-10
from @google-automations/bot-config-utils GitHub release notes
Package name: @types/jsonpath
  • 0.2.4 - 2023-11-21
  • 0.2.3 - 2023-11-07
  • 0.2.2 - 2023-10-18
  • 0.2.1 - 2023-09-15
  • 0.2.0 - 2017-07-06
from @types/jsonpath GitHub release notes
Package name: @types/mocha
  • 10.0.7 - 2024-06-22
  • 10.0.6 - 2023-11-22
  • 10.0.5 - 2023-11-21
  • 10.0.4 - 2023-11-07
  • 10.0.3 - 2023-10-18
  • 10.0.2 - 2023-09-27
  • 10.0.1 - 2022-11-28
from @types/mocha GitHub release notes
Package name: @types/sinon
  • 17.0.3 - 2024-01-10
  • 17.0.2 - 2023-11-21
  • 17.0.1 - 2023-11-07
  • 17.0.0 - 2023-11-03
  • 10.0.20 - 2023-10-18
  • 10.0.19 - 2023-10-06
  • 10.0.18 - 2023-10-02
  • 10.0.17 - 2023-09-25
  • 10.0.16 - 2023-08-01
  • 10.0.15 - 2023-05-14
  • 10.0.14 - 2023-04-17
  • 10.0.13 - 2022-07-20
from @types/sinon GitHub release notes
Package name: c8
  • 10.1.2 - 2024-06-13

    10.1.2 (2024-06-13)

    Bug Fixes

    • deps: make monocart-coverage-reports an optional with meta defined (3b91fda)
  • 10.1.1 - 2024-06-11

    10.1.1 (2024-06-11)

    Bug Fixes

    • stop installing monocart-coverage-reports (#535) (13979a7)
  • 10.1.0 - 2024-06-11

    10.1.0 (2024-06-11)

    Features

  • 10.0.0 - 2024-06-10

    10.0.0 (2024-06-10)

    ⚠ BREAKING CHANGES

    • deps: Node 18 is now the minimum supported Node.js version

    Bug Fixes

    • deps: update test-exclude with new glob / minimatch (#531) (e33cf30)
  • 9.1.0 - 2024-01-12

    9.1.0 (2024-01-11)

    Features

    • support passing reporter options from config (#459) (88db5db)

    Bug Fixes

    • refactor: remove stale check for createDynamicModule (5e18365)
  • 9.0.0 - 2024-01-03

    9.0.0 (2024-01-03)

    ⚠ BREAKING CHANGES

    • build: minimum Node.js version is now 14.14.0

    Features

    • build: minimum Node.js version is now 14.14.0 (2cdc86b)
    • deps: update foreground-child to promise API (#512) (b46b640)
    • deps: use Node.js built in rm (2cdc86b)
  • 8.0.1 - 2023-07-25

    8.0.1 (2023-07-25)

    Bug Fixes

  • 8.0.0 - 2023-06-13

    8.0.0 (2023-06-05)

    ⚠ BREAKING CHANGES

    • dropped Node 10 support (#475)

    Miscellaneous Chores

  • 7.14.0 - 2023-05-28

    7.14.0 (2023-05-26)

    Features

    • added a new CLI arg --merge-async to asynchronously and incrementally merge process coverage files to avoid OOM due to heap exhaustion (#469) (45f2f84)
from c8 GitHub release notes
Package name: gts
  • 5.3.1 - 2024-06-11

    5.3.1 (2024-04-10)

    Bug Fixes

    • deps: replace dependency eslint-plugin-node with eslint-plugin-n (#865) (efbe3a8)
    • deps: update dependency eslint to v8.57.0 (#833) (0c0a45c)
    • deps: update dependency prettier to v3.2.5 (#846) (7e60e38)

    Performance Improvements

    • Supercharge Performance & Efficiency: Leveraging Promise.all for Resource-Friendly Tasks 🚤 (#838) (7424fe1)
  • 5.3.0 - 2024-03-22

    5.3.0 (2024-03-21)

    Features

    Bug Fixes

    • deps: update dependency eslint to v8.51.0 (#812) (ae913c1)
    • deps: update dependency eslint to v8.52.0 (#821) (50b3ce5)
    • deps: update dependency eslint to v8.53.0 (#829) (7d9ffed)
    • deps: update dependency eslint-config-prettier to v9.1.0 (#836) (9105ebb)
    • deps: update dependency eslint-plugin-prettier to v5.0.1 (#817) (89b8955)
    • deps: update dependency eslint-plugin-prettier to v5.1.2 (#839) (b5ab5c4)
    • deps: update dependency eslint-plugin-prettier to v5.1.3 (#845) (6e13e12)
    • deps: update dependency prettier to v3.1.0 (#832) (faf6d7e)
    • deps: update dependency prettier to v3.1.1 (#837) (6de3e3b)
  • 5.2.0 - 2023-10-05

    5.2.0 (2023-10-04)

    Features

  • 5.1.1 - 2023-10-04

    5.1.1 (2023-10-04)

    Bug Fixes

    • revert feat: no-floating-promises (44de7f7)
  • 5.1.0 - 2023-10-03

    5.1.0 (2023-09-29)

    Features

    Bug Fixes

    • deps: update dependency eslint to v8.49.0 (#784) (5e2a05c)
    • deps: update dependency eslint to v8.50.0 (#802) (794abf3)
    • deps: update dependency eslint-config-prettier to v8.10.0 (#785) (5391d89)
    • deps: update dependency eslint-config-prettier to v9 (#777) (470977a)
    • deps: update dependency prettier to v3.0.3 (#782) (5a04e76)
    • run eslint from PATH (#654) (5dc2a76)
  • 5.0.2-debug - 2023-08-18
  • 5.0.1 - 2023-08-21

    5.0.1 (2023-08-21)

    Bug Fixes

    • line up linting with owlbot post-processing linting (#778) (a731fe9)
  • 5.0.1-debug - 2023-08-18
  • 5.0.0 - 2023-07-27

    5.0.0 (2023-07-26)

    ⚠ BREAKING CHANGES

    • Upgrade to node 14 as the minimum version (#771)

    Bug Fixes

    • deps: update dependency prettier to ~2.8.0 (#743) (7582516)
    • update eslint-prettier (43d4a06)

    Miscellaneous Chores

    • Upgrade to node 14 as the minimum version (#771) (6301178)
  • 5.0.0-debug - 2023-08-03
  • 4.0.1 - 2023-03-30

    4.0.1 (2023-01-09)

    Bug Fixes

from gts GitHub release notes
Package name: mocha

Snyk has created this PR to upgrade:
  - @types/node from 18.11.18 to 22.5.1.
    See this package in npm: https://www.npmjs.com/package/@types/node
  - minimatch from 5.1.2 to 10.0.1.
    See this package in npm: https://www.npmjs.com/package/minimatch
  - jsonwebtoken from 9.0.0 to 9.0.2.
    See this package in npm: https://www.npmjs.com/package/jsonwebtoken
  - @types/js-yaml from 4.0.5 to 4.0.9.
    See this package in npm: https://www.npmjs.com/package/@types/js-yaml
  - lru-cache from 7.14.1 to 11.0.0.
    See this package in npm: https://www.npmjs.com/package/lru-cache
  - gcf-utils from 14.4.6 to 15.0.1.
    See this package in npm: https://www.npmjs.com/package/gcf-utils
  - @google-automations/bot-config-utils from 6.1.3 to 7.0.0.
    See this package in npm: https://www.npmjs.com/package/@google-automations/bot-config-utils
  - @types/jsonpath from 0.2.0 to 0.2.4.
    See this package in npm: https://www.npmjs.com/package/@types/jsonpath
  - @types/mocha from 10.0.1 to 10.0.7.
    See this package in npm: https://www.npmjs.com/package/@types/mocha
  - @types/sinon from 10.0.13 to 17.0.3.
    See this package in npm: https://www.npmjs.com/package/@types/sinon
  - c8 from 7.14.0 to 10.1.2.
    See this package in npm: https://www.npmjs.com/package/c8
  - gts from 4.0.1 to 5.3.1.
    See this package in npm: https://www.npmjs.com/package/gts
  - mocha from 10.2.0 to 10.7.3.
    See this package in npm: https://www.npmjs.com/package/mocha
  - nock from 13.3.0 to 13.5.5.
    See this package in npm: https://www.npmjs.com/package/nock
  - sinon from 15.0.1 to 18.0.0.
    See this package in npm: https://www.npmjs.com/package/sinon
  - smee-client from 1.2.3 to 2.0.3.
    See this package in npm: https://www.npmjs.com/package/smee-client
  - typescript from 4.9.4 to 5.5.4.
    See this package in npm: https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/83d22860-4ec5-4e2a-bc2e-a9f2a973d614?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

google-cla bot commented Sep 18, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security finding in c8 versions 6, 7, and 8
2 participants