Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group group with 25 updates #54

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the npm_and_yarn group group with 25 updates #54

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 6, 2024

Bumps the npm_and_yarn group group with 25 updates:

Package From To
jsonwebtoken 8.5.1 9.0.0
moment 2.25.3 2.29.4
mongoose 5.9.13 5.13.20
passport 0.4.1 0.6.0
@babel/traverse 7.9.6 7.24.0
async 2.6.3 2.6.4
debug 3.2.6 4.3.4
qs 6.5.2 6.5.3
decode-uri-component 0.2.0 0.2.2
eventsource 1.0.7 1.1.2
minimatch 3.0.4 3.1.2
minimist 1.2.5 1.2.8
got 9.6.0 ``
nodemon 2.0.3 2.0.22
json5 1.0.1 2.2.3
@vue/cli-plugin-babel 4.3.1 5.0.8
@vue/cli-plugin-eslint 4.3.1 5.0.8
@vue/cli-service 4.3.1 5.0.8
loader-utils 0.2.17 1.4.0
lodash 4.17.15 4.17.21
postcss 7.0.27 7.0.39
shell-quote 1.7.2 1.8.1
thenify 3.3.0 3.3.1
xml2js 0.4.19 0.6.2
aws-sdk 2.961.0 2.1571.0

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

  • Removed support for Node versions 11 and below.
  • The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
  • RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
  • Key types must be valid for the signing / verification algorithm

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates moment from 2.25.3 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

... (truncated)

Commits

Updates mongoose from 5.9.13 to 5.13.20

Changelog

Sourced from mongoose's changelog.

8.2.1 / 2024-03-04

  • fix(document): make $clone avoid converting subdocs into POJOs #14395 #14353
  • fix(connection): avoid unhandled error on createConnection() if on('error') handler registered #14390 #14377
  • fix(schema): avoid applying default write concern to operations that are in a transaction #14391 #11382
  • types(querycursor): correct cursor async iterator type with populate() support #14384 #14374
  • types: missing typescript details on options params of updateMany, updateOne, etc. #14382 #14379 #14378 FaizBShah sderrow
  • types: allow Record as valid query select argument #14371 sderrow

7.6.9 / 2024-02-26

  • fix(document): handle embedded recursive discriminators on nested path defined using Schema.prototype.discriminator #14256 #14245
  • types(model): correct return type for findByIdAndDelete() #14233 #14190
  • docs(connections): add note about using asPromise() with createConnection() for error handling #14364 #14266
  • docs(model+query+findoneandupdate): add more details about overwriteDiscriminatorKey option to docs #14264 #14246

8.2.0 / 2024-02-22

  • feat(model): add recompileSchema() function to models to allow applying schema changes after compiling #14306 #14296
  • feat: add middleware for bulkWrite() and createCollection() #14358 #14263 #7893
  • feat(model): add hydratedPopulatedDocs option to make hydrate recursively hydrate populated docs #14352 #4727
  • feat(connection): add withSession helper #14339 #14330

8.1.3 / 2024-02-16

  • fix: avoid corrupting $set-ed arrays when transaction error occurs #14346 #14340
  • fix(populate): handle ref() functions that return a model instance #14343 #14249
  • fix: insert version key when using insertMany even if toObject.versionKey set to false #14344
  • fix(cursor): make aggregation cursor support transform option to match query cursor #14348 #14331
  • docs(document): clarify that transform function option applies to subdocs #13757

8.1.2 / 2024-02-08

  • fix: include virtuals in document array toString() output if toObject.virtuals set #14335 #14315
  • fix(document): handle setting nested path to spread doc with extra properties #14287 #14269
  • fix(populate): call setter on virtual populated path with populated doc instead of undefined #14314
  • fix(QueryCursor): remove callback parameter of AggregationCursor and QueryCursor #14299 DevooKim
  • types: add typescript support for arbitrary fields for the options parameter of Model functions which are of type MongooseQueryOptions #14342 #14341 FaizBShah
  • types(model): correct return type for findOneAndUpdate with includeResultMetadata and lean set #14336 #14303
  • types(connection): add type definition for createCollections() #14295 #14279
  • docs(timestamps): clarify that replaceOne() and findOneAndReplace() overwrite timestamps #14337 #14309

8.1.1 / 2024-01-24

  • fix(model): throw readable error when calling Model() with a string instead of model() #14288 #14281
  • fix(document): handle setting nested path to spread doc with extra properties #14287 #14269
  • types(query): add back context and setDefaultsOnInsert as Mongoose-specific query options #14284 #14282
  • types(query): add missing runValidators back to MongooseQueryOptions #14278 #14275

8.1.0 / 2024-01-16

... (truncated)

Commits
  • 0f3997a chore: release 5.13.20
  • f1efabf fix: avoid prototype pollution on init
  • 98e0762 chore: release 5.13.19
  • 7e36d21 chore: release 5.13.18
  • 6759c60 undo accidental changes and actually pin @​types/json-schema
  • 4ed4a89 chore: pin version of @​types/json-schema because of install issues on node v4...
  • 9a9536d Merge pull request #13535 from lorand-horvath/patch-12
  • 26424d5 5.x - bump mongodb driver to 3.7.4
  • 4b8b0a9 add versionNumber to 5.x
  • 1bc07ec chore: release 5.13.17
  • Additional commits viewable in compare view

Updates passport from 0.4.1 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

  • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

  • req#login() and req#logout() regenerate the the session and clear session information by default.
  • req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

  • Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

  • Introduced a compatibility layer for strategies that depend directly on [email protected] or earlier (such as passport-azure-ad), which were broken by the removal of private variables in [email protected].

[0.5.1] - 2021-12-15

Added

  • Informative error message in session strategy if session support is not available.

Changed

  • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

  • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits

Updates @babel/traverse from 7.9.6 to 7.24.0

Release notes

Sourced from @​babel/traverse's releases.

v7.24.0 (2024-02-28)

Thanks @​ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

  • babel-standalone
  • babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-preset-flow
  • babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-standalone
  • babel-plugin-transform-runtime
  • babel-parser, babel-types

🐛 Bug Fix

  • babel-plugin-proposal-do-expressions, babel-traverse
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-preset-env
  • babel-helpers
  • babel-helpers, babel-plugin-proposal-decorators

💅 Polish

  • babel-core, babel-helper-create-class-features-plugin, babel-preset-env

🏠 Internal

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.0 (2024-02-28)

🚀 New Feature

  • babel-standalone
  • babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-preset-flow
  • babel-helper-import-to-platform-api, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-standalone
  • babel-plugin-transform-runtime
  • babel-parser, babel-types

🐛 Bug Fix

  • babel-plugin-proposal-do-expressions, babel-traverse
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object
  • babel-helper-create-class-features-plugin, babel-plugin-transform-private-methods
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-preset-env
  • babel-helpers
  • babel-helpers, babel-plugin-proposal-decorators

💅 Polish

  • babel-core, babel-helper-create-class-features-plugin, babel-preset-env

🏠 Internal

  • babel-helper-transform-fixture-test-runner

🔬 Output optimization

... (truncated)

Commits

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

  • Fix potential prototype pollution exploit (#1828)
Commits
Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.


Updates debug from 3.2.6 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

New Contributors

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits
  • da66c86 4.3.4
  • 9b33412 replace deprecated String.prototype.substr() (#876)
  • c0805cc add section about configuring JS console to show debug messages (#866)
  • 043d3cd 4.3.3
  • 4079aae update license and more maintainership information
  • 19b36c0 update repository location + maintainership information
  • f851b00 adds README section regarding usage in child procs (#850)
  • d177f2b Remove accidental epizeuxis
  • e47f96d 4.3.2
  • 1e9d38c cache enabled status per-logger (#799)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.


Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
  • [Refactor] parse: only need to reassign the var once
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] always use String(x) over x.toString()
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
Commits
  • 298bfa5 v6.5.3
  • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
  • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
  • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
  • 12ac1c4 [meta] fix README.md (#399)
  • 0338716 [actions] backport actions from main
  • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
  • 51b8a0b add FUNDING.yml
  • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
  • f814a7f [Dev Deps] backport from main
  • Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates eventsource from 1.0.7 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2

  • Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

  • Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0

  • Improve performance for large messages across many chunks (#130 Trent Willis)
  • Add createConnection option for http or https requests (#120 Vasily Lavrov)
  • Support HTTP 302 redirects (#116 Ryan Bonte)
  • Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
  • Add new to correct test (#111 Stéphane Alnet)
  • Fix reconnections attempts now happen more than once (#136 Icy Fish)
Commits

Updates minimatch from 3.0.4 to 3.1.2

Commits

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

@dependabot
Bump the npm_and_yarn group group with 25 updates
7446844 
Bumps the npm_and_yarn group group with 25 updates:

| Package | From | To |
| --- | --- | --- |
| [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `8.5.1` | `9.0.0` |
| [moment](https://github.com/moment/moment) | `2.25.3` | `2.29.4` |
| [mongoose](https://github.com/Automattic/mongoose) | `5.9.13` | `5.13.20` |
| [passport](https://github.com/jaredhanson/passport) | `0.4.1` | `0.6.0` |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.9.6` | `7.24.0` |
| [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` |
| [debug](https://github.com/debug-js/debug) | `3.2.6` | `4.3.4` |
| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [eventsource](https://github.com/EventSource/eventsource) | `1.0.7` | `1.1.2` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |
| [got](https://github.com/sindresorhus/got) | `9.6.0` | `` |
| [nodemon](https://github.com/remy/nodemon) | `2.0.3` | `2.0.22` |
| [json5](https://github.com/json5/json5) | `1.0.1` | `2.2.3` |
| [@vue/cli-plugin-babel](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-babel) | `4.3.1` | `5.0.8` |
| [@vue/cli-plugin-eslint](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-plugin-eslint) | `4.3.1` | `5.0.8` |
| [@vue/cli-service](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-service) | `4.3.1` | `5.0.8` |
| [loader-utils](https://github.com/webpack/loader-utils) | `0.2.17` | `1.4.0` |
| [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` |
| [postcss](https://github.com/postcss/postcss) | `7.0.27` | `7.0.39` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.7.2` | `1.8.1` |
| [thenify](https://github.com/thenables/thenify) | `3.3.0` | `3.3.1` |
| [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) | `0.4.19` | `0.6.2` |
| [aws-sdk](https://github.com/aws/aws-sdk-js) | `2.961.0` | `2.1571.0` |


Updates `jsonwebtoken` from 8.5.1 to 9.0.0
- [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jsonwebtoken@v8.5.1...v9.0.0)

Updates `moment` from 2.25.3 to 2.29.4
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.25.3...2.29.4)

Updates `mongoose` from 5.9.13 to 5.13.20
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@5.9.13...5.13.20)

Updates `passport` from 0.4.1 to 0.6.0
- [Changelog](https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md)
- [Commits](jaredhanson/passport@v0.4.1...v0.6.0)

Updates `@babel/traverse` from 7.9.6 to 7.24.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.24.0/packages/babel-traverse)

Updates `async` from 2.6.3 to 2.6.4
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](caolan/async@v2.6.3...v2.6.4)

Updates `debug` from 3.2.6 to 4.3.4
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@3.2.6...4.3.4)

Updates `qs` from 6.5.2 to 6.5.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `eventsource` from 1.0.7 to 1.1.2
- [Changelog](https://github.com/EventSource/eventsource/blob/master/HISTORY.md)
- [Commits](EventSource/eventsource@v1.0.7...v1.1.2)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `minimist` from 1.2.5 to 1.2.8
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v1.2.5...v1.2.8)

Removes `got`

Updates `nodemon` from 2.0.3 to 2.0.22
- [Release notes](https://github.com/remy/nodemon/releases)
- [Commits](remy/nodemon@v2.0.3...v2.0.22)

Updates `json5` from 1.0.1 to 2.2.3
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v2.2.3)

Updates `@vue/cli-plugin-babel` from 4.3.1 to 5.0.8
- [Release notes](https://github.com/vuejs/vue-cli/releases)
- [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-plugin-babel)

Updates `@vue/cli-plugin-eslint` from 4.3.1 to 5.0.8
- [Release notes](https://github.com/vuejs/vue-cli/releases)
- [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-plugin-eslint)

Updates `@vue/cli-service` from 4.3.1 to 5.0.8
- [Release notes](https://github.com/vuejs/vue-cli/releases)
- [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-service)

Updates `loader-utils` from 0.2.17 to 1.4.0
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/master/CHANGELOG.md)
- [Commits](webpack/loader-utils@v0.2.17...v1.4.0)

Updates `lodash` from 4.17.15 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Updates `postcss` from 7.0.27 to 7.0.39
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/7.0.39/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.27...7.0.39)

Updates `shell-quote` from 1.7.2 to 1.8.1
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.7.2...v1.8.1)

Updates `thenify` from 3.3.0 to 3.3.1
- [Changelog](https://github.com/thenables/thenify/blob/master/History.md)
- [Commits](thenables/thenify@3.3.0...3.3.1)

Updates `xml2js` from 0.4.19 to 0.6.2
- [Commits](Leonidas-from-XIV/node-xml2js@0.4.19...0.6.2)

Updates `aws-sdk` from 2.961.0 to 2.1571.0
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Commits](aws/aws-sdk-js@v2.961.0...v2.1571.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: moment
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: mongoose
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: passport
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: async
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: debug
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: qs
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: decode-uri-component
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: eventsource
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimatch
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: minimist
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: got
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: nodemon
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: json5
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@vue/cli-plugin-babel"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@vue/cli-plugin-eslint"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@vue/cli-service"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: loader-utils
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: lodash
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: shell-quote
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: thenify
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: xml2js
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
- dependency-name: aws-sdk
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 6, 2024
@litty-tt litty-tt temporarily deployed to tt-healthyreentry-pr-54 March 6, 2024 16:04 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@litty-tt