Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: , , , , , dayjs, firebase-admin, mongoose, newrelic, next, stripe #1160

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade: , , , , , dayjs, firebase-admin, mongoose, newrelic, next, stripe #1160

wants to merge 1 commit into from

Conversation

k2xl
Copy link
Collaborator

@k2xl k2xl commented Sep 21, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@aws-sdk/credential-provider-node
from 3.632.0 to 3.637.0 | 2 versions ahead of your current version | a month ago
on 2024-08-22
@aws-sdk/client-ses
from 3.632.0 to 3.637.0 | 3 versions ahead of your current version | a month ago
on 2024-08-22
@headlessui/react
from 2.1.2 to 2.1.3 | 1 version ahead of your current version | a month ago
on 2024-08-23
@next/third-parties
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 25 days ago
on 2024-08-27
@openreplay/tracker
from 14.0.4 to 14.0.5 | 1 version ahead of your current version | 23 days ago
on 2024-08-29
dayjs
from 1.11.12 to 1.11.13 | 1 version ahead of your current version | a month ago
on 2024-08-20
firebase-admin
from 12.3.1 to 12.4.0 | 1 version ahead of your current version | a month ago
on 2024-08-22
mongoose
from 8.5.3 to 8.6.0 | 3 versions ahead of your current version | 24 days ago
on 2024-08-28
newrelic
from 12.1.1 to 12.3.0 | 2 versions ahead of your current version | 25 days ago
on 2024-08-27
next
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 25 days ago
on 2024-08-27
stripe
from 16.8.0 to 16.9.0 | 3 versions ahead of your current version | 23 days ago
on 2024-08-29

Release notes
Package name: @aws-sdk/credential-provider-node
  • 3.637.0 - 2024-08-22

    3.637.0(2024-08-22)

    Chores
    • util-endpoints: update aws partitions.json (9d2511b8)
    • endpoints: update endpoints model (f7ad4c17)
    • models: update API models (842bde9e)
    • client-codestar: deprecate CodeStar (#6402) (5327273d)
    Documentation Changes
    • client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)
    New Features
    • client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
    • client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
    • client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
    • client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
    • client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)

    For list of updated packages, view updated-packages.md in assets-3.637.0.zip

  • 3.635.0 - 2024-08-20

    3.635.0(2024-08-20)

    Documentation Changes
    • client-ecs: Documentation only release to address various tickets (a4a0836a)
    New Features
    • client-opensearchserverless: Added FailureCode and FailureMessage to BatchGetCollectionResponse for BatchGetVPCEResponse for non-Active Collection and VPCE. (7daa541c)
    • client-s3: Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. (b474584f)
    • codegen: add Smithy RPCv2 CBOR to list of protocols (#6096) (5154d4f1)

    For list of updated packages, view updated-packages.md in assets-3.635.0.zip

  • 3.632.0 - 2024-08-15
from @aws-sdk/credential-provider-node GitHub release notes
Package name: @aws-sdk/client-ses
  • 3.637.0 - 2024-08-22

    3.637.0(2024-08-22)

    Chores
    • util-endpoints: update aws partitions.json (9d2511b8)
    • endpoints: update endpoints model (f7ad4c17)
    • models: update API models (842bde9e)
    • client-codestar: deprecate CodeStar (#6402) (5327273d)
    Documentation Changes
    • client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)
    New Features
    • client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
    • client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
    • client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
    • client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
    • client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)

    For list of updated packages, view updated-packages.md in assets-3.637.0.zip

  • 3.636.0 - 2024-08-21

    3.636.0(2024-08-21)

    Chores
    • turbo: simplify build scripts in package.json (#6366) (614d98e1)
    Documentation Changes
    • link to smithy/middleware-retry in Notable Changes (#6397) (31263194)
    New Features
    • clients: update client endpoints as of 2024-08-21 (f8aaf1df)
    • client-ses: Enable email receiving customers to provide SES with access to their S3 buckets via an IAM role for "Deliver to S3 Action" (aafc6ebd)
    • client-entityresolution: Increase the mapping attributes in Schema to 35. (d038be36)
    • client-glue: Add optional field JobRunQueuingEnabled to CreateJob and UpdateJob APIs. (b3bbf579)
    • client-securityhub: Security Hub documentation and definition updates (17db5f7e)
    • client-lambda: Release FilterCriteria encryption for Lambda EventSourceMapping, enabling customers to encrypt their filter criteria using a customer-owned KMS key. (6fff3639)
    • client-ec2: DescribeInstanceStatus now returns health information on EBS volumes attached to Nitro instances (1baa7ea8)

    For list of updated packages, view updated-packages.md in assets-3.636.0.zip

  • 3.635.0 - 2024-08-20

    3.635.0(2024-08-20)

    Documentation Changes
    • client-ecs: Documentation only release to address various tickets (a4a0836a)
    New Features
    • client-opensearchserverless: Added FailureCode and FailureMessage to BatchGetCollectionResponse for BatchGetVPCEResponse for non-Active Collection and VPCE. (7daa541c)
    • client-s3: Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. (b474584f)
    • codegen: add Smithy RPCv2 CBOR to list of protocols (#6096) (5154d4f1)

    For list of updated packages, view updated-packages.md in assets-3.635.0.zip

  • 3.632.0 - 2024-08-15
from @aws-sdk/client-ses GitHub release notes
Package name: @headlessui/react
  • 2.1.3 - 2024-08-23

    Fixed

    • Ensure Transition component state doesn't change when it becomes hidden (#3372)
    • Fix closing components using the transition prop, and after scrolling the page (#3407)
    • Ensure all client components are marked correctly to avoid a crash with React 19 and Turbopack (#3429)
  • 2.1.2 - 2024-07-05

    Fixed

    • Fix prematurely added anchoring styles on ListboxOptions (#3337)
    • Ensure unmount on Dialog works in combination with the transition prop on DialogBackdrop and DialogPanel components (#3352)
    • Fix crash in Combobox component when in virtual mode when options are empty (#3356)
    • Fix hanging tests when using anchor prop (#3357)
    • Fix transition and focus prop combination for PopoverPanel component (#3361)
    • Fix outside click in nested portalled Popover components (#3362)
    • Fix restoring focus to correct element when closing Dialog component (#3365)
    • Fix flushSync warning for Combobox component with immediate prop enabled (#3366)
from @headlessui/react GitHub release notes
Package name: @next/third-parties
  • 14.2.7 - 2024-08-27

    Note

    This release is backporting bug fixes. It does not include all pending features/changes on canary.

    Core Changes

    • Revert "chore: externalize undici for bundling" (#65727)
    • Refactor internal routing headers to use request meta (#66987)
    • fix(next): add cross origin in react dom preload (#67423)
    • build: upgrade edge-runtime (#67565)
    • GTM dataLayer parameter should take an object, not an array of strings (#66339)
    • fix: properly patch lockfile against swc bindings (#66515)
    • Add deployment id header for rsc payload if present (#67255)
    • Update font data (#68639)
    • fix i18n data pathname resolving (#68947)
    • pages router: ensure x-middleware-cache is respected (#67734)
    • Fix bad modRequest in flight entry manifest #68888
    • Reject next image urls in image optimizer #68628
    • Fix hmr assetPrefix escaping and reuse logic from other files #67983

    Credits

    Huge thanks to @ kjugi, @ huozhi, @ ztanner, @ SukkaW, @ marlier, @ Kikobeats, @ syi0808, @ ijjk, and @ samcx for helping!

  • 14.2.6 - 2024-08-21
  • 14.2.5 - 2024-07-10
from @next/third-parties GitHub release notes
Package name: dayjs from dayjs GitHub release notes
Package name: firebase-admin
  • 12.4.0 - 2024-08-22

    Miscellaneous

    • [chore] Release 12.4.0 (#2674)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.38 to 0.2.39 (#2677)
    • chore: Deprecate sendToTopic and Condition (#2683)
    • build(deps): bump @ types/node from 22.1.0 to 22.3.0 (#2675)
    • build(deps-dev): bump mocha from 10.7.0 to 10.7.3 (#2670)
    • build(deps): bump @ google-cloud/storage from 7.12.0 to 7.12.1 (#2669)
    • build(deps): bump axios in /.github/actions/send-email (#2673)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.47.5 to 7.47.6 (#2671)
    • Reroute Cloud Tasks to emulator when it is running (#2649)
  • 12.3.1 - 2024-08-08

    Bug Fixes

    • fix: getToken() returns existing promise to a token if one exists instead of a new token. (#2648)

    Miscellaneous

    • [chore] Release 12.3.1 (#2667)
    • chore: Skip sendToDeviceGroup integration test (#2666)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.47.2 to 7.47.5 (#2661)
    • build(deps): bump @ types/node from 22.0.1 to 22.1.0 (#2663)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.37 to 0.2.38 (#2664)
    • build(deps): bump @ types/node from 20.14.11 to 22.0.1 (#2657)
    • build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#2650)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.35 to 0.2.37 (#2653)
    • build(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 (#2654)
from firebase-admin GitHub release notes
Package name: mongoose
  • 8.6.0 - 2024-08-28

    8.6.0 / 2024-08-28

    • feat: upgrade mongodb -> 6.8.0, handle throwing error on closed cursor in Mongoose with MongooseError instead of MongoCursorExhaustedError #14813
    • feat(model+query): support options parameter for distinct() #14772 #8006
    • feat(QueryCursor): add getDriverCursor() function that returns the raw driver cursor #14745
    • types: change query selector to disallow unknown top-level keys by default #14764 alex-statsig
    • types: make toObject() and toJSON() not generic by default to avoid type widening #14819 #12883
    • types: avoid automatically inferring lean result type when assigning to explicitly typed variable #14734
  • 8.5.5 - 2024-08-28

    8.5.5 / 2024-08-28

    • fix(populate): fix a couple of other places where Mongoose gets the document's _id with getters #14833 #14827 #14759
    • fix(discriminator): shallow clone Schema.prototype.obj before merging schemas to avoid modifying original obj #14821
    • types: fix schema type based on timestamps schema options value #14829 #14825 ark23CIS
  • 8.5.4 - 2024-08-23

    8.5.4 / 2024-08-23

    • fix: add empty string check for collection name passed #14806 Shubham2552
    • docs(model): add 'throw' as valid strict value for bulkWrite() and add some more clarification on throwOnValidationError #14809
  • 8.5.3 - 2024-08-13

    8.5.3 / 2024-08-13

    • fix(document): call required functions on subdocuments underneath nested paths with correct context #14801 #14788
    • fix(populate): avoid throwing error when no result and lean() set #14799 #14794 #14759 MohOraby
    • fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility #14774 #14771 #14623 #14394
    • types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & #14800 #14793
    • types: support schema type inference based on schema options timestamps as well #14773 #13215 ark23CIS
    • types(cursor): indicate that cursor.next() can return null #14798 #14787
    • types: allow mongoose.connection.db to be undefined #14797 #14789
    • docs: add schema type widening advice #14790 JstnMcBrd
from mongoose GitHub release notes
Package name: newrelic from newrelic GitHub release notes
Package name: next

@snyk-bot
fix: upgrade multiple dependencies with Snyk
a06a6d1 
Snyk has created this PR to upgrade:
  - @aws-sdk/credential-provider-node from 3.632.0 to 3.637.0.
    See this package in npm: https://www.npmjs.com/package/@aws-sdk/credential-provider-node
  - @aws-sdk/client-ses from 3.632.0 to 3.637.0.
    See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-ses
  - @headlessui/react from 2.1.2 to 2.1.3.
    See this package in npm: https://www.npmjs.com/package/@headlessui/react
  - @next/third-parties from 14.2.5 to 14.2.7.
    See this package in npm: https://www.npmjs.com/package/@next/third-parties
  - @openreplay/tracker from 14.0.4 to 14.0.5.
    See this package in npm: https://www.npmjs.com/package/@openreplay/tracker
  - dayjs from 1.11.12 to 1.11.13.
    See this package in npm: https://www.npmjs.com/package/dayjs
  - firebase-admin from 12.3.1 to 12.4.0.
    See this package in npm: https://www.npmjs.com/package/firebase-admin
  - mongoose from 8.5.3 to 8.6.0.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - newrelic from 12.1.1 to 12.3.0.
    See this package in npm: https://www.npmjs.com/package/newrelic
  - next from 14.2.5 to 14.2.7.
    See this package in npm: https://www.npmjs.com/package/next
  - stripe from 16.8.0 to 16.9.0.
    See this package in npm: https://www.npmjs.com/package/stripe

See this project in Snyk:
https://app.snyk.io/org/k2xl/project/cf09253a-8e4c-4f7f-b75f-a1763e5c78eb?utm_source=github&utm_medium=referral&page=upgrade-pr
@sspenst sspenst closed this Oct 13, 2024
@sspenst sspenst deleted the snyk-upgrade-f97f46a6fda054fcc7bca69eda77b5a3 branch January 27, 2025 07:38
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@k2xl @sspenst @snyk-bot