Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update many non-major #28

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update many non-major #28

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 16, 2021
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
browser-sync (source) ^2.27.5 -> ^2.29.3 age adoption passing confidence devDependencies minor
firebase-admin (source) ^9.11.0 -> ^9.12.0 age adoption passing confidence dependencies minor
firebase-functions ^3.14.1 -> ^3.24.1 age adoption passing confidence dependencies minor
firebase-tools ^9.16.0 -> ^9.23.3 age adoption passing confidence dependencies minor
lots0logs/gh-action-get-changed-files 2.1.4 -> 2.2.2 age adoption passing confidence action minor
node (source) 12 -> 12.22.12 age adoption passing confidence engines minor

Release Notes

BrowserSync/browser-sync (browser-sync)

v2.29.3: The one that fixes snippetOptions

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.2...v2.29.3

v2.29.2

Compare Source

v2.29.1

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.0...v2.29.1

v2.29.0: The one that restores IE11 support 💪

Compare Source

What's Changed

esbuild does not support down-level transpiling as far as IE11 - so when I switched to it, it accidentally broke IE11 support 😢

This is an important issue for me - many devs that support old browsers like IE11 are doing so because their projects are used in public services, or internal applications. Not every developer out there has the luxury of supporting evergreen-only browsers.

So, IE11 will work once again 🎉. Please use the issues thread to make me aware of any problem that's preventing you from using Browsersync in your day job 💪 (and be sure to thumbs-up the issues you want to see resolved)

### IE11 works, again
npm install browser-sync@latest

Full Changelog: BrowserSync/browser-sync@v2.28.3...v2.29.0

v2.28.3

Compare Source

v2.28.2

Compare Source

v2.28.1

Compare Source

v2.28.0: the one that finally removes document.write

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.27.12...v2.28.0

v2.27.12

Compare Source

v2.27.11

Compare Source

v2.27.10

Compare Source

v2.27.9: 2.27.9

Compare Source

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: BrowserSync/browser-sync@v2.27.8...v2.27.9

v2.27.8: 2.27.8

Compare Source

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

v2.27.7

Compare Source

v2.27.6

Compare Source

firebase/firebase-admin-node (firebase-admin)

v9.12.0: Firebase Admin Node.js SDK v9.12.0

Compare Source

New Features
  • feat(rc): Add Remote Config Parameter Value Type Support (#​1424)
Bug Fixes
  • fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours (#​1439)
  • fix(rtdb): Changed admin.database to use database-compat package (#​1437)
Miscellaneous

v9.11.1: Firebase Admin Node.js SDK v9.11.1

Compare Source

Bug Fixes
  • fix: Update comments in index files (#​1414)
  • fix: Throw error on user disabled and check revoked set true (#​1401)
Miscellaneous
firebase/firebase-functions (firebase-functions)

v3.24.1

Compare Source

  • Fix reference docs for performance monitoring.
  • Fix bug where function configuration wil null values couldn't be deployed. (#​1246)

v3.24.0

Compare Source

  • Add performance monitoring triggers to v2 alerts (#​1223).

v3.23.0

Compare Source

  • Fixes a bug that disallowed setting customClaims and/or sessionClaims in blocking functions (#​1199).
  • Add v2 Schedule Triggers (#​1177).

v3.22.0

Compare Source

  • Adds RTDB Triggers for v2 functions (#​1127)
  • Adds support for Firebase Admin SDK v11 (#​1151)
  • Fixes bug where emulated task queue function required auth header (#​1154)

v3.21.2

Compare Source

  • Fixes bug where toJSON was not defined in UserRecord (#​1125).

v3.21.1

Compare Source

  • Add debug feature to enable cors option for v2 onRequest and onCall handlers. (#​1099)

v3.21.0

Compare Source

  • Adds CPU option and enhances internal data structures (#​1077)
  • Add auth blocking handlers (#​1080)
  • Add support for secrets in v2 (#​1079)
  • Update types for AlertPayloads (#​1087)
  • Update AppDistribution [@type] (#​1088)
  • Update CloudEvent types (#​1089)
  • Generate documentation with api-extractor (#​1071)
  • Change type info to be inheritance friendly. (#​1091)
  • Changes the memory options from MB to MiB and GB to GiB for greater clarity (#​1090)

v3.20.1

Compare Source

  • Improve authorization for tasks. (#​1073)

v3.20.0

Compare Source

  • Changes internal structure to be more flexible (#​1070).

v3.19.0

Compare Source

  • Add support for more regions and memory for v2 functions (#​1037).
  • Fixes bug where some RTDB instance names were incorrectly parsed (#​1056).

v3.18.1

Compare Source

  • Expose stack YAML via __/functions.yaml endpoint instead (#​1036).

v3.18.0

Compare Source

  • Add new runtime option for setting secrets.

v3.17.2

Compare Source

  • Fix issue where v2 TS users couldn't compile their code because of unexported types. (#​1033)

v3.17.1

Compare Source

  • Fix issue where TS users couldn't compile their code because of unexported types. (#​1032)

v3.17.0

Compare Source

  • Parallelizes network calls that occur when validating authorization for onCall handlers.
  • Adds new regions to V2 API
  • Fixes bug where the emulator crashed when given app without an options property.
  • Adds new alerting providers

v3.16.0

Compare Source

  • GCS Enhancement
  • Add option to allow callable functions to ignore invalid App Check tokens
  • Add firebase-admin v10 as an allowed peer dependency
  • Fix bug where onCall handler failed to encode returned value with functions

v3.15.7

Compare Source

  • Adjust acceptable runtime options values

v3.15.6

Compare Source

  • Add missing type annotations

v3.15.5

Compare Source

  • Make the minInstances feature public.

v3.15.4

Compare Source

  • Fix bug where the arg of https onCall functions sometimes deviates from the documented format.

v3.15.3

Compare Source

  • (temporarly) adds the previously accessible "lib/providers" files as exports. These will be yanked in the next major release.
  • Fixes a bug where functions.https.HttpsError could not be constructed

v3.15.2

Compare Source

  • Fix an error that broke firebase emulators:start on older CLIs

v3.15.1

Compare Source

  • Fix bug that broke the functions emulator

v3.15.0

Compare Source

  • Adds options to set access control on HTTP triggered functions.
  • Adds new regions to support list (asia-east1, asia-southeast1).
  • Adds support for setting user labels on functions via runWith().
  • Adds support for FIREBASE_CONFIG env as the name of a JSON file
  • Fixes an issue where objects that define toJSON could not be logged successfully (#​907).
  • Formalize module exports. Loggers can now be accessed at 'firebase-functions/logger' and 'firebase-functions/logger/compat'
  • Fixes an issue where Remote Config could not be emulated in Windows machines on the classic Command Prompt.
firebase/firebase-tools (firebase-tools)

v9.23.3

Compare Source

  • Upgrades Database Emulator to v4.7.3, removing log4j dependency.

v9.23.2

Compare Source

  • Fixes issue when installing a Firebase Extension where secrets would be created before validation.
  • Fixes issue with filtering on a specific storage bucket using functions in the emulator. (#​3893)
  • Fixes check in Cloud Functions for Firebase initialization to check for API enablement before trying to enable them. (#​2574)
  • No longer tries to clean up function build images from Artifact Registry when Artifact Registry is not enabled. (#​3943)
  • Show error message when running firebase init hosting:github with no Hosting config in firebase.json. (#​3113)
  • Fixes issue where remoteconfig:get was not fetching the latest version by default. (#​3559)
  • Fixes issue where empty variables in .env files would instead read as multi-line values. (#​3934)

v9.23.1

Compare Source

  • Corrects a bug where containers in Artifact Registry would not be deleted if a function has an upper case character in its name (#​3918)
  • Fixes issue where providing the --project flag during init would not be recognized with a default project already set. (#​3870)
  • Fixes issue with setting memory limits for some functions (#​3924)
  • New HTTPS functions only allow secure traffic. (#​3923)
  • No longer default-enable AR and don't send builds to AR unless an experiment is enabled (#​3935)

v9.23.0

Compare Source

  • firebase deploy --only extensions now supports project specifc .env files. When deploying to multiple projects, param values that are different between projects can be put in extensions/${extensionInstanceId}.env.${projectIdOrAlias} and common param values can be put in extensions/${extensionInstanceId}.env.

v9.22.0

Compare Source

  • Adds firebase ext:export command, and adds extensions to firebase deploy. See https://firebase.google.com/docs/extensions/reuse-project-config for more infomation on how to manage your extensions with these commands.
  • Fixes issue where init would crash with multiple Hosting items selected (#​3742).
  • Adds a command (crashlytics:symbols:upload) to upload native symbol files, used in Android NDK crash symbolication.

v9.21.0

Compare Source

  • Fix Auth Emulator deleteTenant not working with Node Admin (#​3817).
  • Fix Crashlytics Android Native Symbols not working on Windows due to ":" in the path (#​3842)
  • Fixes Firestore emulator UI showing requests out of order

v9.20.0

Compare Source

  • ext:install, ext:update and ext:configure now support param type secret.

v9.19.0

Compare Source

  • ext:dev:publish and ext:update now support --force and --non-interactive flags.
  • Fixes issue where account specified by login:use was not being correctly loaded (#​3759).
  • Fixes minor layout issues in Auth Emulator IDP sign-in page (#​3774).

v9.18.0

Compare Source

  • ext:install now supports --force and --non-interactive flags.
  • Fixes a crash when customers deploy an empty Cloud Functions project (#​3705)
  • Fixes (and implements) --no-authorized-domains, skipping syncing with Firebase Auth, when deploying to a Firebase Hosting channel (#​3740).
  • Adds a command (functions:list) for listing all functions in the Firebase project.
  • Uses public v1 AppDistribution API.
  • Adds appdistribution:testers:add and appdistribution:testers:remove commands.

v9.17.0

Compare Source

  • Adds support for the nodejs16 runtime for Cloud Functions.
  • ext:update now displays release notes for the versions you are updating to.
  • ext:dev:publish now checks for a CHANGELOG.md file before publishing.
  • firebase ext:dev:init now creates a placeholder CHANGELOG.md file.
  • Fixes error when using a project number as the --project flag.
  • firebase init hosting now supports the version 9 compatibility SDK (#​3711).
  • Fixes layout issues when editing fields in Firestore Emulator UI.

v9.16.6

Compare Source

  • Fixes bug where functions packaged as ES module failed to load on Windows. (#​3692)
  • Fixes bug parsing dotenv files with multiple quoted values (#​3703)
  • Tracks use of runtime config and environment variables on function deploys. (#​3704)

v9.16.5

Compare Source

  • Fix Auth Emulator not updating lastLoginAt with signInWithPassword, causing some "token revoked" errors.
  • Fix firebase emulator:exec throwing errors when run without project ID. (#​3681)

v9.16.4

Compare Source

  • Fixes Auth Emulator tokens having invalid auth_time field. (#​3674)

v9.16.3

Compare Source

  • Fixes bug where function deploys failed due to bad FIREBASE_CONFIG value (#​3668).

v9.16.2

Compare Source

  • Fixes issue deploying Cloud Functions for Firebase. (#​3664)

v9.16.1

Compare Source

  • Makes auth_time emulator behavior match production (auth_time is now set to user's last sign in time). (#​3608)
  • Fixes Auth Emulator errors when importing many users. (#​3577)
  • Fixes support for --except flag when used for deploying Hosting. (#​3397)
  • Improves handling of project number identifiers.
  • Fixes Emulator UI editing timestamp values in Firestore tab. (#​3653)
  • Fixes page layout issues on Emulator UI Database tab. (#​3653)
  • Stops Emulator UI triggering functions on importing JSON to Database by default. (#​3653)
lots0logs/gh-action-get-changed-files (lots0logs/gh-action-get-changed-files)

v2.2.2: [FIX]: v2.2.2

Compare Source

v2.2.1: [MAINTENANCE] v2.2.1

Compare Source

v2.2.0: [MAINTENANCE] v2.2.0

Compare Source

nodejs/node (node)

v12.22.12: 2022-04-05, Version 12.22.12 'Erbium' (LTS), @​richardlau

Compare Source

Notable Changes

This is planned to be the final Node.js 12 release. Node.js 12 will
reach End-of-Life status on 30 April 2022, after which it will no
receive updates. You are strongly advised to migrate your applications
to Node.js 16 or 14 (both of which are Long Term Support (LTS) releases)
to continue to receive future security updates beyond 30 April 2022.

This release fixes a shutdown crash in Node-API (formerly N-API) and a
potential stack overflow when using vm.runInNewContext().

The list of GPG keys used to sign releases and instructions on how to
fetch the keys for verifying binaries has been synchronized with the
main branch.

Commits

v12.22.11: 2022-03-17, Version 12.22.11 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

Commits

v12.22.10: 2022-02-01, Version 12.22.10 'Erbium' (LTS), @​ruyadorno

Compare Source

Notable changes
  • Upgrade npm to 6.14.16
  • Updated ICU time zone data
Commits

v12.22.9: 2022-01-10, Version 12.22.9 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable changes
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.

Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44531 after publication.

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)

Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.

Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44532 after publication.

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)

Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.

Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

More details will be available at CVE-2021-44533 after publication.

Prototype pollution via console.table properties (Low)(CVE-2022-21824)

Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.

Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.

More details will be available at CVE-2022-21824 after publication.

Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.

Commits

v12.22.8: 2021-12-16, Version 12.22.8 'Erbium' (LTS), @​richardlau

Compare Source

Notable Changes

This release contains a c-ares update to fix a regression introduced in
Node.js 12.22.5 resolving CNAME records containing underscores
#​39780.

Root certificates have been updated to those from Mozilla's Network
Security Services 3.71 #​40281.

Commits

v12.22.7: 2021-10-12, Version 12.22.7 'Erbium' (LTS), @​danielleadams

Compare Source

This is a security release.

Notable changes
  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
Commits

v12.22.6: 2021-08-31, Version 12.22.6 'Erbium' (LTS), @​MylesBorins

Compare Source

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which
are related to the initial reports and subsequent remediation of node-tar
vulnerabilities CVE-2021-32803
and CVE-2021-32804.
Subsequent internal security review of node-tar and additional external bounty
reports have resulted in another 5 CVE being remediated in core npm CLI
dependencies including node-tar, and npm arborist.

You can read more about it in:

Commits

v12.22.5: 2021-08-11, Version 12.22.5 'Erbium' (LTS), @​BethGriggs

Compare Source

This is a security release.

Notable Changes
  • CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
    • Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
  • CVE-2021-22940: Use after free on close http2 on stream canceling (High)
  • CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
    • If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.
Commits

v12.22.4: 2021-07-29, Version 12.22.4 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable Changes
Commits

Configuration

📅 Schedule: Branch creation - "after 6am and before 10am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added automerge PR that should be merged automatically dependencies Pull requests that update a dependency file labels Aug 16, 2021
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from aa93942 to 2f8a29a Compare August 19, 2021 22:08
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 8d72903 to c49ce9c Compare September 1, 2021 21:08
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 487562e to dd8abb8 Compare September 15, 2021 20:36
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 1d6f896 to 27cbff5 Compare September 29, 2021 18:37
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 130b9e6 to 2e15a0e Compare October 26, 2021 13:48
@renovate renovate bot changed the title fix(deps): update many non-major chore(deps): update many non-major Oct 26, 2021
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from ec7a33e to f64beb5 Compare October 28, 2021 22:16
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 9bc0dd4 to df1fdd0 Compare December 16, 2021 23:35
@renovate renovate bot force-pushed the renovate/many-non-major branch 4 times, most recently from a19def9 to 4c2acee Compare February 11, 2022 00:42
@renovate renovate bot force-pushed the renovate/many-non-major branch 3 times, most recently from d8cf8d3 to 8784858 Compare March 16, 2022 21:30
@renovate renovate bot force-pushed the renovate/many-non-major branch from 8784858 to 5a0e841 Compare April 4, 2022 21:59
@renovate renovate bot force-pushed the renovate/many-non-major branch from 5a0e841 to b371507 Compare April 14, 2022 21:19
@renovate renovate bot force-pushed the renovate/many-non-major branch from b371507 to 3ebd4f4 Compare May 15, 2022 21:22
@renovate renovate bot force-pushed the renovate/many-non-major branch from 3ebd4f4 to 039dee2 Compare June 18, 2022 14:24
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 0514f6b to 3758015 Compare March 23, 2023 15:26
@renovate renovate bot force-pushed the renovate/many-non-major branch from 3758015 to 0b23fac Compare May 28, 2023 10:06
@renovate renovate bot force-pushed the renovate/many-non-major branch from ec4a76c to b3ac207 Compare April 14, 2024 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge PR that should be merged automatically dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants