Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump debug, needle, @angular-devkit/build-angular, @angular/cli, karma and karma-coverage-istanbul-reporter in /samples/client/petstore/typescript-angular-v6-provided-in-root #56

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Bump debug, needle, @angular-devkit/build-angular, @angular/cli, karma and karma-coverage-istanbul-reporter in /samples/client/petstore/typescript-angular-v6-provided-in-root #56

wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 11, 2023

Bumps debug to 4.3.4 and updates ancestor dependencies debug, needle, @angular-devkit/build-angular, @angular/cli, karma and karma-coverage-istanbul-reporter. These dependencies need to be updated together.

Updates debug from 2.2.0 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

New Contributors

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits
  • da66c86 4.3.4
  • 9b33412 replace deprecated String.prototype.substr() (#876)
  • c0805cc add section about configuring JS console to show debug messages (#866)
  • 043d3cd 4.3.3
  • 4079aae update license and more maintainership information
  • 19b36c0 update repository location + maintainership information
  • f851b00 adds README section regarding usage in child procs (#850)
  • d177f2b Remove accidental epizeuxis
  • e47f96d 4.3.2
  • 1e9d38c cache enabled status per-logger (#799)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.


Updates needle from 2.2.0 to 3.2.0

Release notes

Sourced from needle's releases.

v3.2.0

What's Changed

New Contributors

Full Changelog: tomas/needle@v3.1.0...v3.2.0

v3.1.0

What's Changed

New Contributors

Full Changelog: tomas/needle@v3.0.0...v3.1.0

v3.0.0

What's Changed

New Contributors

... (truncated)

Commits
  • 3f8a7e3 3.2.0
  • aa49d75 Handle colons in Digest auth header. Fixes #415
  • 8ad861a Merge pull request #416 from tomas/fix-no-proxy
  • c566dc2 Add utils module and refactor should_proxy_to() based on PR #411. Fixes #383
  • e5dee92 Merge pull request #402 from iChenLei/patch-1
  • e173397 Merge pull request #401 from tomas/remove-on-socket-end
  • a839e65 ci: add node18 test
  • 8353cdb 3.1.0
  • f92aee8 Remove on_socket_end callback, looks like we don't need it anymore
  • e963098 Fix header tests for newer node versions
  • Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 0.6.8 to 15.0.5

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v15.0.5

15.0.5 (2023-01-06)

@​angular-devkit/build-angular

Commit Description
fix - c2030dec7 format esbuild error messages to include more information

Special Thanks

Alan Agius, Kristiyan Kostadinov, Paul Gschwendtner and aanchal

v15.0.4

15.0.4 (2022-12-14)

@​angular-devkit/build-angular

Commit Description
fix - ccc8e0350 display actionable error when a style does not exist in Karma builder
fix - 507f756c3 downlevel class private methods when targeting Safari <=v15
fix - a0da91dba include sources in generated Sass source maps
fix - 9fd356234 only set ngDevMode when script optimizations are enabled
fix - 8e85f4728 update css-loader to 6.7.3
fix - b2d4415ca update locale setting snippet to use globalThis.

Special Thanks

Alan Agius and Charles Lyding

v15.0.3

15.0.3 (2022-12-07)

@​angular-devkit/build-angular

Commit Description
fix - 3d9971edb default preserve symlinks to Node.js value for esbuild
fix - 24f4b51d2 downlevel class fields with Safari <= v15 for esbuild
fix - 45afc42db downlevel class properties when targeting Safari <=v15
fix - e6461badf prevent optimization adding unsupported ECMASCript features

Special Thanks

Charles Lyding, Dominic Elm and Paul Gschwendtner

v15.0.2

15.0.2 (2022-11-30)

@​angular-devkit/build-angular

Commit Description
fix - 2891d5bc9 correctly set Sass quietDeps and verbose options

@​ngtools/webpack

Commit Description
fix - d9cc4b028 elide unused type references

Special Thanks

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

15.0.5 (2023-01-06)

@​angular-devkit/build-angular

Commit Type Description
c2030dec7 fix format esbuild error messages to include more information

Special Thanks

Alan Agius, Kristiyan Kostadinov, Paul Gschwendtner and aanchal

15.1.0-next.3 (2022-12-14)

Deprecations

@​angular-devkit/schematics

  • The Observable based SchematicTestRunner.runSchematicAsync and SchematicTestRunner.runExternalSchematicAsync methods have been deprecated in favor of the Promise based SchematicTestRunner.runSchematic and SchematicTestRunner.runExternalSchematic.

@​schematics/angular

Commit Type Description
8d000d156 feat add environments generation schematic

@​angular-devkit/build-angular

Commit Type Description
216991b9d feat support inline component Sass styles with esbuild builder
8fd08491a fix display actionable error when a style does not exist in Karma builder
97373016c fix downlevel class private methods when targeting Safari <=v15
27b22b02d fix include sources in generated
310144d32 fix only set ngDevMode when script optimizations are enabled
20376649c fix transform async generator class methods for Zone.js support
afe9feaa4 fix update locale setting snippet to use globalThis.

@​angular-devkit/schematics

Commit Type Description
207358afb feat add runSchematic and runExternalSchematic methods

Special Thanks

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular-devkit/build-angular since your current version.


Updates @angular/cli from 6.0.8 to 6.2.9

Commits

Updates karma from 1.7.1 to 6.4.1

Release notes

Sourced from karma's releases.

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

v6.4.0

6.4.0 (2022-06-14)

Features

  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

  • prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

  • client: error out when opening a new tab fails (099b85e)

v6.3.18

6.3.18 (2022-04-13)

Bug Fixes

  • deps: upgrade socket.io to v4.4.1 (52a30bb)

v6.3.17

6.3.17 (2022-02-28)

Bug Fixes

  • deps: update colors to maintained version (#3763) (fca1884)

v6.3.16

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.1 (2022-09-19)

Bug Fixes

6.4.0 (2022-06-14)

Features

  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

  • prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

  • deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

... (truncated)

Commits
  • 0013121 chore(release): 6.4.1 [skip ci]
  • 63d86be fix: pass integrity value
  • 84f7cc3 chore(release): 6.4.0 [skip ci]
  • f2d0663 docs: add integrity parameter
  • dc51a2e feat: support SRI verification of link tags
  • 6a54b1c feat: support SRI verification of script tags
  • 5e71cf5 chore(release): 6.3.20 [skip ci]
  • e17698f fix: prefer IPv4 addresses when resolving domains
  • 60f4f79 build: add Node 16 and 18 to the CI matrix
  • 6ff5aaf chore(release): 6.3.19 [skip ci]
  • Additional commits viewable in compare view

Updates karma-coverage-istanbul-reporter from 2.0.1 to 2.0.6

Changelog

Sourced from karma-coverage-istanbul-reporter's changelog.

2.0.6 (2019-07-20)

Bug Fixes

  • get source code from sourceMapStore on write report (619d90d), closes #72

2.0.5 (2019-02-17)

Bug Fixes

  • correctly strip source file prefixes when no webpack.context is defined (3c48bf8)
  • don't double-report files with mixed slashes in their names on windows (38087c2)

2.0.4 (2018-09-08)

Bug Fixes

  • handle source roots being undefined on windows (8eba911), closes #55

2.0.3 (2018-09-01)

Bug Fixes

  • update istanbuljs to 2.x (a835e22), closes #52
  • use correct source file path separators on windows (938e93c), closes #47

2.0.2 (2018-08-24)

Bug Fixes

  • files with no coverage should be preserved by default (#54) (e5a5545), closes #53

... (truncated)

Commits
  • 8fee4a9 chore(release): 2.0.6
  • 7a34b47 Merge branch 'master' of github.com:mattlewis92/karma-coverage-istanbul-reporter
  • ca17ed1 build: fix code coverage
  • 619d90d fix: get source code from sourceMapStore on write report
  • 5496d47 style: reformat code with prettier
  • 0261f70 build: upgrade dependencies
  • a2c359b docs: format readme
  • df3d5df chore: share probot config
  • b55478f build: add issue template enforcer
  • 65e0b5d docs: add patreon
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

sirwolfgang and others added 2 commits February 22, 2022 15:49
@sirwolfgang
Expose proxy settings for Ruby Faraday
7f8fd46
@dependabot
Bump debug, needle, @angular-devkit/build-angular, @angular/cli, karm…
844cae6 
…a and karma-coverage-istanbul-reporter

Bumps [debug](https://github.com/debug-js/debug) to 4.3.4 and updates ancestor dependencies [debug](https://github.com/debug-js/debug), [needle](https://github.com/tomas/needle), [@angular-devkit/build-angular](https://github.com/angular/angular-cli), [@angular/cli](https://github.com/angular/angular-cli), [karma](https://github.com/karma-runner/karma) and [karma-coverage-istanbul-reporter](https://github.com/mattlewis92/karma-coverage-istanbul-reporter). These dependencies need to be updated together.


Updates `debug` from 2.2.0 to 4.3.4
- [Release notes](https://github.com/debug-js/debug/releases)
- [Commits](debug-js/debug@2.2.0...4.3.4)

Updates `needle` from 2.2.0 to 3.2.0
- [Release notes](https://github.com/tomas/needle/releases)
- [Commits](tomas/needle@v2.2.0...v3.2.0)

Updates `@angular-devkit/build-angular` from 0.6.8 to 15.0.5
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular-cli/commits/15.0.5)

Updates `@angular/cli` from 6.0.8 to 6.2.9
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/angular-cli/commits/v6.2.9)

Updates `karma` from 1.7.1 to 6.4.1
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](karma-runner/karma@1.7.1...v6.4.1)

Updates `karma-coverage-istanbul-reporter` from 2.0.1 to 2.0.6
- [Release notes](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/releases)
- [Changelog](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/blob/master/CHANGELOG.md)
- [Commits](mattlewis92/karma-coverage-istanbul-reporter@v2.0.1...v2.0.6)

---
updated-dependencies:
- dependency-name: debug
  dependency-type: indirect
- dependency-name: needle
  dependency-type: indirect
- dependency-name: "@angular-devkit/build-angular"
  dependency-type: direct:development
- dependency-name: "@angular/cli"
  dependency-type: direct:development
- dependency-name: karma
  dependency-type: direct:development
- dependency-name: karma-coverage-istanbul-reporter
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 11, 2023
@sirwolfgang sirwolfgang force-pushed the master branch 2 times, most recently from 1560293 to 04907a7 Compare July 10, 2024 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sirwolfgang