Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update many non-major #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update many non-major #9

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 21, 2021
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
browser-sync (source) ^2.26.14 -> ^2.29.3 age adoption passing confidence devDependencies minor
firebase-admin (source) ^9.9.0 -> ^9.12.0 age adoption passing confidence dependencies minor
firebase-functions ^3.14.1 -> ^3.24.1 age adoption passing confidence dependencies minor
firebase-tools ^9.12.1 -> ^9.23.3 age adoption passing confidence dependencies minor
lots0logs/gh-action-get-changed-files 2.1.4 -> 2.2.2 age adoption passing confidence action minor
node (source) 12 -> 12.22.12 age adoption passing confidence engines minor

Release Notes

BrowserSync/browser-sync (browser-sync)

v2.29.3: The one that fixes snippetOptions

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.2...v2.29.3

v2.29.2

Compare Source

v2.29.1

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.0...v2.29.1

v2.29.0: The one that restores IE11 support 💪

Compare Source

What's Changed

esbuild does not support down-level transpiling as far as IE11 - so when I switched to it, it accidentally broke IE11 support 😢

This is an important issue for me - many devs that support old browsers like IE11 are doing so because their projects are used in public services, or internal applications. Not every developer out there has the luxury of supporting evergreen-only browsers.

So, IE11 will work once again 🎉. Please use the issues thread to make me aware of any problem that's preventing you from using Browsersync in your day job 💪 (and be sure to thumbs-up the issues you want to see resolved)

### IE11 works, again
npm install browser-sync@latest

Full Changelog: BrowserSync/browser-sync@v2.28.3...v2.29.0

v2.28.3

Compare Source

v2.28.2

Compare Source

v2.28.1

Compare Source

v2.28.0: the one that finally removes document.write

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.27.12...v2.28.0

v2.27.12

Compare Source

v2.27.11

Compare Source

v2.27.10

Compare Source

v2.27.9: 2.27.9

Compare Source

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: BrowserSync/browser-sync@v2.27.8...v2.27.9

v2.27.8: 2.27.8

Compare Source

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

v2.27.7

Compare Source

v2.27.6

Compare Source

v2.27.5

Compare Source

v2.27.4

Compare Source

v2.27.3

Compare Source

v2.27.1: added snippet: boolean option

Compare Source

This release adds a feature to address https://github.com/BrowserSync/browser-sync/issues/1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});
firebase/firebase-admin-node (firebase-admin)

v9.12.0: Firebase Admin Node.js SDK v9.12.0

Compare Source

New Features
  • feat(rc): Add Remote Config Parameter Value Type Support (#​1424)
Bug Fixes
  • fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours (#​1439)
  • fix(rtdb): Changed admin.database to use database-compat package (#​1437)
Miscellaneous

v9.11.1: Firebase Admin Node.js SDK v9.11.1

Compare Source

Bug Fixes
  • fix: Update comments in index files (#​1414)
  • fix: Throw error on user disabled and check revoked set true (#​1401)
Miscellaneous

v9.11.0: Firebase Admin Node.js SDK v9.11.0

Compare Source

New Features
  • feat(fac): Add custom TTL options for App Check (#​1363)
Miscellaneous

v9.10.0: Firebase Admin Node.js SDK v9.10.0

Compare Source

New Features
  • feat(fis): Adding the admin.installations() API for deleting Firebase installation IDs (#​1187)
Bug Fixes
  • fix: Updated TOC for new Auth type aliases (#​1342)
  • fix(docs): replace all global.html -> admin.html (#​1341)
  • fix(auth): Better type hierarchies for Auth API (#​1294)
Miscellaneous
firebase/firebase-functions (firebase-functions)

v3.24.1

Compare Source

  • Fix reference docs for performance monitoring.
  • Fix bug where function configuration wil null values couldn't be deployed. (#​1246)

v3.24.0

Compare Source

  • Add performance monitoring triggers to v2 alerts (#​1223).

v3.23.0

Compare Source

  • Fixes a bug that disallowed setting customClaims and/or sessionClaims in blocking functions (#​1199).
  • Add v2 Schedule Triggers (#​1177).

v3.22.0

Compare Source

  • Adds RTDB Triggers for v2 functions (#​1127)
  • Adds support for Firebase Admin SDK v11 (#​1151)
  • Fixes bug where emulated task queue function required auth header (#​1154)

v3.21.2

Compare Source

  • Fixes bug where toJSON was not defined in UserRecord (#​1125).

v3.21.1

Compare Source

  • Add debug feature to enable cors option for v2 onRequest and onCall handlers. (#​1099)

v3.21.0

Compare Source

  • Adds CPU option and enhances internal data structures (#​1077)
  • Add auth blocking handlers (#​1080)
  • Add support for secrets in v2 (#​1079)
  • Update types for AlertPayloads (#​1087)
  • Update AppDistribution [@type] (#​1088)
  • Update CloudEvent types (#​1089)
  • Generate documentation with api-extractor (#​1071)
  • Change type info to be inheritance friendly. (#​1091)
  • Changes the memory options from MB to MiB and GB to GiB for greater clarity (#​1090)

v3.20.1

Compare Source

  • Improve authorization for tasks. (#​1073)

v3.20.0

Compare Source

  • Changes internal structure to be more flexible (#​1070).

v3.19.0

Compare Source

  • Add support for more regions and memory for v2 functions (#​1037).
  • Fixes bug where some RTDB instance names were incorrectly parsed (#​1056).

v3.18.1

Compare Source

  • Expose stack YAML via __/functions.yaml endpoint instead (#​1036).

v3.18.0

Compare Source

  • Add new runtime option for setting secrets.

v3.17.2

Compare Source

  • Fix issue where v2 TS users couldn't compile their code because of unexported types. (#​1033)

v3.17.1

Compare Source

  • Fix issue where TS users couldn't compile their code because of unexported types. (#​1032)

v3.17.0

Compare Source

  • Parallelizes network calls that occur when validating authorization for onCall handlers.
  • Adds new regions to V2 API
  • Fixes bug where the emulator crashed when given app without an options property.
  • Adds new alerting providers

v3.16.0

Compare Source

  • GCS Enhancement
  • Add option to allow callable functions to ignore invalid App Check tokens
  • Add firebase-admin v10 as an allowed peer dependency
  • Fix bug where onCall handler failed to encode returned value with functions

v3.15.7

Compare Source

  • Adjust acceptable runtime options values

v3.15.6

Compare Source

  • Add missing type annotations

v3.15.5

Compare Source

  • Make the minInstances feature public.

v3.15.4

Compare Source

  • Fix bug where the arg of https onCall functions sometimes deviates from the documented format.

v3.15.3

Compare Source

  • (temporarly) adds the previously accessible "lib/providers" files as exports. These will be yanked in the next major release.
  • Fixes a bug where functions.https.HttpsError could not be constructed

v3.15.2

Compare Source

  • Fix an error that broke firebase emulators:start on older CLIs

v3.15.1

Compare Source

  • Fix bug that broke the functions emulator

v3.15.0

Compare Source

  • Adds options to set access control on HTTP triggered functions.
  • Adds new regions to support list (asia-east1, asia-southeast1).
  • Adds support for setting user labels on functions via runWith().
  • Adds support for FIREBASE_CONFIG env as the name of a JSON file
  • Fixes an issue where objects that define toJSON could not be logged successfully (#​907).
  • Formalize module exports. Loggers can now be accessed at 'firebase-functions/logger' and 'firebase-functions/logger/compat'
  • Fixes an issue where Remote Config could not be emulated in Windows machines on the classic Command Prompt.
firebase/firebase-tools (firebase-tools)

v9.23.3

Compare Source

  • Upgrades Database Emulator to v4.7.3, removing log4j dependency.

v9.23.2

Compare Source

  • Fixes issue when installing a Firebase Extension where secrets would be created before validation.
  • Fixes issue with filtering on a specific storage bucket using functions in the emulator. (#​3893)
  • Fixes check in Cloud Functions for Firebase initialization to check for API enablement before trying to enable them. (#​2574)
  • No longer tries to clean up function build images from Artifact Registry when Artifact Registry is not enabled. (#​3943)
  • Show error message when running firebase init hosting:github with no Hosting config in firebase.json. (#​3113)
  • Fixes issue where remoteconfig:get was not fetching the latest version by default. (#​3559)
  • Fixes issue where empty variables in .env files would instead read as multi-line values. (#​3934)

v9.23.1

Compare Source

  • Corrects a bug where containers in Artifact Registry would not be deleted if a function has an upper case character in its name (#​3918)
  • Fixes issue where providing the --project flag during init would not be recognized with a default project already set. (#​3870)
  • Fixes issue with setting memory limits for some functions (#​3924)
  • New HTTPS functions only allow secure traffic. (#​3923)
  • No longer default-enable AR and don't send builds to AR unless an experiment is enabled (#​3935)

v9.23.0

Compare Source

  • firebase deploy --only extensions now supports project specifc .env files. When deploying to multiple projects, param values that are different between projects can be put in extensions/${extensionInstanceId}.env.${projectIdOrAlias} and common param values can be put in extensions/${extensionInstanceId}.env.

v9.22.0

Compare Source

  • Adds firebase ext:export command, and adds extensions to firebase deploy. See https://firebase.google.com/docs/extensions/reuse-project-config for more infomation on how to manage your extensions with these commands.
  • Fixes issue where init would crash with multiple Hosting items selected (#​3742).
  • Adds a command (crashlytics:symbols:upload) to upload native symbol files, used in Android NDK crash symbolication.

v9.21.0

Compare Source

  • Fix Auth Emulator deleteTenant not working with Node Admin (#​3817).
  • Fix Crashlytics Android Native Symbols not working on Windows due to ":" in the path (#​3842)
  • Fixes Firestore emulator UI showing requests out of order

v9.20.0

Compare Source

  • ext:install, ext:update and ext:configure now support param type secret.

v9.19.0

Compare Source

  • ext:dev:publish and ext:update now support --force and --non-interactive flags.
  • Fixes issue where account specified by login:use was not being correctly loaded (#​3759).
  • Fixes minor layout issues in Auth Emulator IDP sign-in page (#​3774).

v9.18.0

Compare Source

  • ext:install now supports --force and --non-interactive flags.
  • Fixes a crash when customers deploy an empty Cloud Functions project (#​3705)
  • Fixes (and implements) --no-authorized-domains, skipping syncing with Firebase Auth, when deploying to a Firebase Hosting channel (#​3740).
  • Adds a command (functions:list) for listing all functions in the Firebase project.
  • Uses public v1 AppDistribution API.
  • Adds appdistribution:testers:add and appdistribution:testers:remove commands.

v9.17.0

Compare Source

  • Adds support for the nodejs16 runtime for Cloud Functions.
  • ext:update now displays release notes for the versions you are updating to.
  • ext:dev:publish now checks for a CHANGELOG.md file before publishing.
  • firebase ext:dev:init now creates a placeholder CHANGELOG.md file.
  • Fixes error when using a project number as the --project flag.
  • firebase init hosting now supports the version 9 compatibility SDK (#​3711).
  • Fixes layout issues when editing fields in Firestore Emulator UI.

v9.16.6

Compare Source

  • Fixes bug where functions packaged as ES module failed to load on Windows. (#​3692)
  • Fixes bug parsing dotenv files with multiple quoted values (#​3703)
  • Tracks use of runtime config and environment variables on function deploys. (#​3704)

v9.16.5

Compare Source

  • Fix Auth Emulator not updating lastLoginAt with signInWithPassword, causing some "token revoked" errors.
  • Fix firebase emulator:exec throwing errors when run without project ID. (#​3681)

v9.16.4

Compare Source

  • Fixes Auth Emulator tokens having invalid auth_time field. (#​3674)

v9.16.3

Compare Source

  • Fixes bug where function deploys failed due to bad FIREBASE_CONFIG value (#​3668).

v9.16.2

Compare Source

  • Fixes issue deploying Cloud Functions for Firebase. (#​3664)

v9.16.1

Compare Source

  • Makes auth_time emulator behavior match production (auth_time is now set to user's last sign in time). (#​3608)
  • Fixes Auth Emulator errors when importing many users. (#​3577)
  • Fixes support for --except flag when used for deploying Hosting. (#​3397)
  • Improves handling of project number identifiers.
  • Fixes Emulator UI editing timestamp values in Firestore tab. (#​3653)
  • Fixes page layout issues on Emulator UI Database tab. (#​3653)
  • Stops Emulator UI triggering functions on importing JSON to Database by default. (#​3653)

v9.16.0

Compare Source

  • Supports inspecting Firestore Emulator requests and rules in Emulator UI (#​3564).

v9.15.1

Compare Source

  • Fixes issue where firebase.json schema was not packaged in the module. (#​3561)

v9.15.0

Compare Source

  • Fixes a number of issues where ext:dev:emulator:* was not providing the correct parameter values to the emulated extension (#​2928)
  • Support loading Firebase Functions packaged as an ES module. (#​3485)
  • Fixes Cloud Storage emulator missing classes. (#​3541)
  • Add missing properties to Authentication functions context in the Functions emulator. (#​3536)
  • Firestore Emulator UI now supports deleting documents and collections recursively.
  • Fixes some Storage Emulator UI errors.
  • Fixes some issues when using Emulator UI on a different device.
  • Fixes issues where functions:log command did not showing some log entries. (#​3539)
  • Fixes Emulator issue when function definition changes (#​2533).

v9.14.0

Compare Source

  • Fix crash when deploying zero functions (#​3520)
  • Increase maximum function ID length to 63 (#​3521)
  • Delete Container Registry images left after Functions deployment (#​3439)
  • Avoid emulator data loss when there an error during export (#​3504)
  • Ask before overwriting storage.rules during firebase init (#​1833)
  • Release Cloud Firestore Emulator v1.13.0.

v9.13.1

Compare Source

  • Fixes an issue with ext:update where local extension is incorrectly inferred as published (#​3499)
  • Fixes firebase init hosting:github (#​3498)

v9.13.0

Compare Source

  • Adds Warsaw (europe-central2) Cloud Function Location to Firebase Extension template.
  • Add sSingapore (asia-southeast1) as a valid Firebase Realtime Database location.
  • Fixes firebase init database failure when no project is selected (#​2981)
  • Fixes issue where firebase init database overwrites entire firebase.json (#​3299)
  • Fixes import/export bug with Storage emulator download tokens (#​3414)
  • Improves errors when failing to start Storage emulator (#​3443)
  • Fixes missing download tokens in Storage Emulator (#​3451)
  • Fixes functions:shell error with background functions (#​3490)
lots0logs/gh-action-get-changed-files (lots0logs/gh-action-get-changed-files)

v2.2.2: [FIX]: v2.2.2

Compare Source

v2.2.1: [MAINTENANCE] v2.2.1

Compare Source

v2.2.0: [MAINTENANCE] v2.2.0

Compare Source

nodejs/node (node)

v12.22.12: 2022-04-05, Version 12.22.12 'Erbium' (LTS), @​richardlau

Compare Source

Notable Changes

This is planned to be the final Node.js 12 release. Node.js 12 will
reach End-of-Life status on 30 April 2022, after which it will no
receive updates. You are strongly advised to migrate your applications
to Node.js 16 or 14 (both of which are Long Term Support (LTS) releases)
to continue to receive future security updates beyond 30 April 2022.

This release fixes a shutdown crash in Node-API (formerly N-API) and a
potential stack overflow when using vm.runInNewContext().

The list of GPG keys used to sign releases and instructions on how to
fetch the keys for verifying binaries has been synchronized with the
main branch.

Commits

v12.22.11: 2022-03-17, Version 12.22.11 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

Commits

v12.22.10: 2022-02-01, Version 12.22.10 'Erbium' (LTS), @​ruyadorno

Compare Source

Notable changes
  • Upgrade npm to 6.14.16
  • Updated ICU time zone data
Commits

v12.22.9: 2022-01-10, Version 12.22.9 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable changes
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.

Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44531 after publication.

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)

Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.

Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44532 after publication.

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)

Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.

Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

More details will be available at CVE-2021-44533 after publication.

Prototype pollution via console.table properties (Low)(CVE-2022-21824)

Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.

Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.

More details will be available at CVE-2022-21824 after publication.

Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.

Commits

Configuration

📅 Schedule: Branch creation - "after 6am and before 10am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added automerge PR that should be merged automatically dependencies Pull requests that update a dependency file labels Jun 21, 2021
@renovate renovate bot force-pushed the renovate/many-non-major branch from dd28599 to d92fd98 Compare June 21, 2021 23:48
@renovate renovate bot changed the title fix(deps): update dependency firebase-tools to ^9.13.1 fix(deps): update dependency firebase-tools to ^9.14.0 Jun 21, 2021
@renovate renovate bot force-pushed the renovate/many-non-major branch from d92fd98 to ce46800 Compare June 24, 2021 17:26
@renovate renovate bot changed the title fix(deps): update dependency firebase-tools to ^9.14.0 chore(deps): update many non-major Jun 24, 2021
@renovate renovate bot force-pushed the renovate/many-non-major branch 3 times, most recently from de59699 to c02cc53 Compare July 1, 2021 07:47
@renovate renovate bot force-pushed the renovate/many-non-major branch 3 times, most recently from a519b18 to b1b44b4 Compare July 8, 2021 22:38
@renovate renovate bot force-pushed the renovate/many-non-major branch from b1b44b4 to 039d8c9 Compare July 15, 2021 22:36
@renovate renovate bot force-pushed the renovate/many-non-major branch from 039d8c9 to 0f9fada Compare July 27, 2021 07:56
@renovate renovate bot force-pushed the renovate/many-non-major branch 9 times, most recently from cb4e002 to 1edb79d Compare August 16, 2021 23:27
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from abc38f6 to 777093d Compare August 26, 2021 01:04
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from f03ad04 to 362b56b Compare September 15, 2021 21:16
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 91ce230 to 2e7ae71 Compare December 16, 2021 22:37
@renovate renovate bot force-pushed the renovate/many-non-major branch 3 times, most recently from ca70420 to 7b5b2ba Compare February 7, 2022 20:11
@renovate renovate bot force-pushed the renovate/many-non-major branch 3 times, most recently from e3386a3 to 57609a1 Compare March 16, 2022 20:33
@renovate renovate bot force-pushed the renovate/many-non-major branch from 57609a1 to 195a354 Compare April 4, 2022 22:43
@renovate renovate bot force-pushed the renovate/many-non-major branch from 195a354 to 7be5801 Compare April 14, 2022 20:36
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 1f04e8e to c426e06 Compare May 11, 2022 22:16
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 30a879d to 2bd779b Compare May 17, 2022 20:26
@renovate renovate bot changed the title chore(deps): update many non-major chore(deps): update Many non-major Jun 27, 2022
@renovate renovate bot changed the title chore(deps): update Many non-major chore(deps): update many non-major Jun 28, 2022
@renovate renovate bot force-pushed the renovate/many-non-major branch from 2bd779b to 02e29a0 Compare June 29, 2022 21:58
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 96c9536 to a70ca6a Compare March 23, 2023 15:25
@renovate renovate bot force-pushed the renovate/many-non-major branch from a70ca6a to 7148b30 Compare May 28, 2023 11:20
@renovate renovate bot force-pushed the renovate/many-non-major branch from 684bd6c to 6869ec1 Compare April 14, 2024 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge PR that should be merged automatically dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants