Bump the npm_and_yarn group across 3 directories with 27 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the /app directory:

Package	From	To
firebase-tools	9.23.3	13.6.0
postcss	7.0.39	8.4.31
vue-template-compiler	2.7.14	2.7.16
@babel/traverse	7.22.20	7.25.1
braces	3.0.2	3.0.3
@vue/cli-plugin-babel	4.5.19	5.0.8
@vue/cli-service	4.5.19	5.0.8
@vue/cli-plugin-router	4.5.19	5.0.8
@vue/cli-plugin-typescript	4.5.19	5.0.8
@vue/cli-plugin-vuex	4.5.19	5.0.8
browserify-sign	4.2.1	4.2.3
express	4.18.2	4.19.2

Bumps the npm_and_yarn group with 11 updates in the /functions directory:

Package	From	To
firebase-tools	12.5.4	13.6.0
@grpc/grpc-js	1.8.21	1.11.1
@google-cloud/pubsub	2.19.4	4.5.0
braces	3.0.2	3.0.3
express	4.18.2	4.19.2
follow-redirects	1.15.3	1.15.6
marked	2.1.3	4.0.10
ws	7.5.9	7.5.10
axios	0.21.4	0.28.0
fast-xml-parser	4.3.0	4.4.1
jose	4.14.6	4.15.9

Bumps the npm_and_yarn group with 7 updates in the /shared directory:

Package	From	To
firebase-tools	12.4.8	13.6.0
@grpc/grpc-js	1.8.21	1.11.1
@google-cloud/pubsub	2.9.0	4.5.0
braces	3.0.2	3.0.3
express	4.18.2	4.19.2
jsonwebtoken	9.0.1	9.0.2
ws	7.5.3	7.5.10

Updates firebase-tools from 9.23.3 to 13.6.0

Release notes

Sourced from firebase-tools's releases.

v13.6.0

• Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
• Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
• Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#6895)
• Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#6917)

v13.5.2

• Fix hosting rewrite deployment bug for skipped functions (#6658).

v13.5.1

• Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#6874)

v13.5.0

• Enable dynamic debugger port for functions + support for inspecting multiple codebases (#6854)
• Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#6860)
• Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
• v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#6858)
• v2 event functions with explicit service accounts trigger eventarc to use that service account (#6859)

v13.4.1

• Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
• Fix demo projects + web frameworks with emulators (#6737)
• Fix Next.js static routes with server actions (#6664)
• Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#6801)
• Make VPC egress settings in functions parameterizeable (#6843)

v13.4.0

• Added new commands for managing Firestore backups and restoring databases. (#6778)
• Fixed quota attribution for Firebase Auth API calls. (#6819)

v13.3.1

• Release Cloud Firestore emulator v1.19.1:
  • Adds support for Datastore Mode to the Firstore Emulator. Adds --database-mode flag to gcloud emulator firestore start command. Note that this is a preview feature and if you find any bugs, please file them here: https://github.com/firebase/firebase-tools/issues.
• Improve FAH onboarding flow to connect backends with SCMs (#6764).
• Fixed issue where GitHub actions would fail due to lack of permission. (#6791)

v13.3.0

• Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
• Added support for Python 3.12. (#6679)
• Fixed issues with internal utilities. (#6754)
• Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

• Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

• Added rudimentary email enumeration protection for auth emulator. (#6702)

... (truncated)

Commits

• f6b7d05 13.6.0
• a26c3d0 Ignore quota project in GCF source uploads (#6917)
• 476bd33 Update to PubSub emulator 0.8.2 (#6916)
• ccab9b7 Add Service Usage Consumer role to GitHub Actions service account (#6895)
• 4c1bd42 Switching a few more places to getters (#6914)
• 6950829 Fix "could not assert Secret Manager permissions" Cloud Build error (#6904)
• 4a17ca7 Refactor api.ts file constants to getters (#6913)
• c6d1615 Update Firestore Emulator version (#6912)
• 90b6506 Vector config support (#6900)
• dc13cb9 make fetchLinkableGitRepositories get all linkable git repositories (#6889)
• Additional commits viewable in compare view

Updates postcss from 7.0.39 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates vue-template-compiler from 2.7.14 to 2.7.16

Release notes

Sourced from vue-template-compiler's releases.

v2.7.16 "Swan Song"

This is the final release for Vue 2.

Vue 2 will reach End of Life on December 31st, 2023. For more details, please read this blog post.

Please refer to CHANGELOG.md for details.

v2.7.16-beta.2

Please refer to CHANGELOG.md for details.

v2.7.16-beta.1

Please refer to CHANGELOG.md for details.

v2.7.15

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vue-template-compiler's changelog.

2.7.16 Swan Song (2023-12-24)

Bug Fixes

• lifecycle: esnure component effect scopes are disconnected (56ce7f8), closes #13134

2.7.16-beta.2 (2023-12-14)

Bug Fixes

• account for nested render calls (db9c566), closes #13131
• types: export more types for v3 alignment (jsx / component options) (895669f), closes #13078 #13128

2.7.16-beta.1 (2023-12-08)

Bug Fixes

• compiler-sfc: check template ref usage, (#12985) (83d9535), closes #12984
• compiler-sfc: fix rewriteDefault edge cases (25f97a5), closes #13060 #12892 #12906
• keep-alive: fix keep-alive memory leak (2632249), closes #12827
• keep-alive: fix memory leak without breaking transition tests (e0747f4)
• props: should not unwrap props that are raw refs (08382f0), closes #12930
• shallowReactive: should track value if already reactive when set in shallowReactive (0ad8e8d)
• style: always set new styles (f5ef882), closes #12901 #12946
• types: fix shallowRef's return type (#12979) (a174c29), closes #12978
• types: fix type augmentation and compiler-sfc types w/moduleResolution: bundler (#13107) (de0b97b), closes #13106
• types: provide types for built-in components (3650c12), closes #13002
• types: type VNodeChildren should allow type number (#13067) (24fcf69), closes #12973
• utils: unwrap refs when stringifying values in template (ae3e4b1), closes #12884 #12888
• watch: new property addition should trigger deep watcher with getter (6d857f5), closes #12967 #12972

2.7.15 (2023-10-23)

Bug Fixes

• compiler-sfc: add semicolon after defineProps statement (#12879) (51fef2c)
• compiler-sfc: fix macro usage in multi-variable declaration (#12873) (d27c128)
• compiler-sfc: Optimize the value of emitIdentifier (#12851) (bb59751)
• compiler-sfc: Resolve object expression parsing errors in v-on (#12862) (b8c8b3f)
• lifecycle: scope might changed when call hook (#13070) (74ca5a1)

... (truncated)

Commits

• 13f4e7d release: v2.7.16
• 56ce7f8 fix(lifecycle): esnure component effect scopes are disconnected
• 305e4ae release: v2.7.16-beta.2
• 3e1037e chore: bump vitest to 1.0.4
• db9c566 fix: account for nested render calls
• 895669f fix(types): export more types for v3 alignment (jsx / component options)
• 73bdf14 release: v2.7.16-beta.1
• e0747f4 fix(keep-alive): fix memory leak without breaking transition tests
• 2632249 fix(keep-alive): fix keep-alive memory leak
• 3650c12 fix(types): provide types for built-in components
• Additional commits viewable in compare view

Updates @babel/traverse from 7.22.20 to 7.25.1

Release notes

Sourced from @​babel/traverse's releases.

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

Committers: 4

• Adrian (@​nerodesu017)
• Huáng Jùnliàng (@​JLHwung)
• @​keiseiTi
• @​liuxingbaoyu

v7.25.0 (2024-07-26)

Thanks @​davidtaylorhq and @​slatereax for your first PR!

You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

👓 Spec Compliance

• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16537 await using normative updates (@​JLHwung)
• babel-plugin-transform-typescript
  • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@​liuxingbaoyu)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
  • #16658 Move ensureFunctionName to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
  • #16644 Move hoistVariables to Scope.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
  • #16645 Move splitExportDeclaration to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
  • #16649 Move environment-visitor helper into @babel/traverse (@​nicolo-ribaudo)
• babel-core, babel-parser
  • #16480 Expose wether a module has TLA or not as .extra.async (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
  • #16569 Introduce bugfix-safari-class-field-initializer-scope (@​davidtaylorhq)
• babel-plugin-transform-block-scoping, babel-traverse, babel-types
  • #16551 Add NodePath#getAssignmentIdentifiers (@​JLHwung)
• babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
  • #16579 Add uncheckedRequire option for JSON imports to CJS (@​nicolo-ribaudo)
• babel-helper-transform-fixture-test-runner, babel-node
  • #16642 Allow using custom config in babel-node --eval (@​slatereax)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

v7.25.0 (2024-07-26)

👓 Spec Compliance

• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16537 await using normative updates (@​JLHwung)
• babel-plugin-transform-typescript
  • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@​liuxingbaoyu)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
  • #16658 Move ensureFunctionName to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
  • #16644 Move hoistVariables to Scope.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
  • #16645 Move splitExportDeclaration to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
  • #16649 Move environment-visitor helper into @babel/traverse (@​nicolo-ribaudo)
• babel-core, babel-parser
  • #16480 Expose wether a module has TLA or not as .extra.async (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
  • #16569 Introduce bugfix-safari-class-field-initializer-scope (@​davidtaylorhq)
• babel-plugin-transform-block-scoping, babel-traverse, babel-types
  • #16551 Add NodePath#getAssignmentIdentifiers (@​JLHwung)
• babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
  • #16579 Add uncheckedRequire option for JSON imports to CJS (@​nicolo-ribaudo)
• babel-helper-transform-fixture-test-runner, babel-node
  • #16642 Allow using custom config in babel-node --eval (@​slatereax)
• babel-compat-data, babel-helper-create-regexp-features-plugin, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-preset-env, babel-standalone
  • #16445 Add duplicate-named-capturing-groups-regex to preset-env (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16678 Print parens around as expressions on the LHS (@​nicolo-ribaudo)
• babel-template, babel-types
  • #15286 fix: Props are lost when the template replaces the node (@​liuxingbaoyu)

🏠 Internal

• Other

... (truncated)

Commits

• 6bfc823 v7.25.1
• 801d3cb fix: improve variable declarator removal (#16587)
• d2e3ee2 v7.25.0
• d364545 Move ensureFunctionName to NodePath.prototype (#16658)
• 7c31ad1 Move hoistVariables to Scope.prototype (#16644)
• f3f4685 Move splitExportDeclaration to NodePath.prototype (#16645)
• 4579032 Move environment-visitor helper into @babel/traverse (#16649)
• 47d8259 Add NodePath#getAssignmentIdentifiers (#16551)
• 482008c Simplify helper-function-name logic (#16652)
• ddfd86c Revert "Move environment-visitor helper into @babel/traverse" (#16647)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.6.12 to 1.8.22

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.1

• Revert a change that used APIs that were not available in early minor versions of Node 14 (#2799 contributed by @​xqin)

@​grpc/grpc-js-xds 1.11.0

• Add xDS Servers (#2783)
  • Note: this is primarily a foundation for future features. It doesn't actually do much right now.
• Add support for dualstack socket support in xDS clients (#2665)

@​grpc/grpc-js 1.11.0

Changelog

• Add Server connection injection API as described in gRFC L114 (#2675)
• Implement support for an alternate DNS resolver that supports custom authorities (#2776 contributed by @​gkampitakis)
• Add a channel option to configure retry attempt limits (#2795)
• Add a getHost method to server call objects (#2783, #2793)
• Fix typos and omissions in service config validation errors (#2782 contributed by @​matthewbinshtok)

Experimental API changes

Added:

• splitHostPort
• HostPort
• createServerCredentialsWithInterceptors

@​grpc/grpc-js 1.10.11

• Fix a bug that caused clients to reconnect unnecessarily while no requests are pending. (#2784)
• Fix a bug that caused clients to fail to re-establish existing connections while waiting for DNS results (#2784)
• Fix a bug that caused servers to sometimes not close idle connections depending on timing (#2790)
• Fix a bug that caused calls to be pending indefinitely while unable to start after a channel is closed (#2791)

@​grpc/grpc-js 1.10.10

• Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
• Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
• Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
• Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
• Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

• Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

• Improve reporting of HTTP error codes (#2723)
• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

• Fix a bug that could cause a server to sometimes send the status early (#2708)

... (truncated)

Commits

• 43032b1 Merge pull request #2800 from murgatroid99/grpc-js_1.11.1
• 2ecd53d grpc-js: Bump to 1.11.1
• 4da4fdc Merge pull request #2799 from xqin/master
• 996a637 support node v14 again
• 87ea7ce Merge pull request #2797 from murgatroid99/grpc-js_1.11.0_real
• 2ee8911 grpc-js: Bump packages to 1.11.0, and update documentation
• 7e4c8f0 Merge pull request #2796 from murgatroid99/grpc-js_1.11.0
• bf8e071 grpc-js: Bump packages to 1.11.0, and update documentation
• e13d5e7 Merge pull request #2793 from murgatroid99/grpc-js_server_call_get_host
• d60f516 Merge pull request #2795 from murgatroid99/grpc-js_retry_limit_option
• Additional commits viewable in compare view

Updates protobufjs from 6.11.2 to 6.11.4

Commits

• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates @vue/cli-plugin-babel from 4.5.19 to 5.0.8

Release notes

Sourced from @​vue/cli-plugin-babel's releases.

v5.0.8

🐛 Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

🐛 Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

🐛 Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Changelog

Sourced from @​vue/cli-plugin-babel's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

🐛 Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

🐛 Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

Commits

• b154dbd v5.0.8
• 4a0655f v5.0.7
• ef08a08 v5.0.6
• 98c66c9 v5.0.5
• ca97fc2 v5.0.4
• dd53f26 v5.0.3
• a859b1f v5.0.2
• 92d80a8 v5.0.1
• c913cdc v5.0.0
• 75a6d69 v5.0.0-rc.3
• Additional commits viewable in compare view

Updates @vue/cli-service from 4.5.19 to 5.0.8

Release notes

Sourced from @​vue/cli-service's releases.

v5.0.8

🐛 Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-exp...

    Description has been truncated

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@fortawesome/[email protected]	None	+1	321 kB	robmadole
npm/@fortawesome/[email protected]	None	+1	2.07 MB	robmadole
npm/@fortawesome/[email protected]	None	+1	651 kB	robmadole
npm/@fortawesome/[email protected]	None	+1	3.24 MB	robmadole
npm/@fortawesome/[email protected]	environment	0	64.5 kB	jasonlundien
npm/@material/[email protected]	None	+13	3.79 MB	abhiomkar
npm/@tailwindcss/[email protected]	environment, filesystem	+30	38.9 MB	bradlc
npm/@tailwindcss/[email protected]	None	0	795 kB	adamwathan
npm/@types/[email protected]	None	+1	17.8 kB	types
npm/@types/[email protected]	None	0	5.88 kB	types
npm/@typescript-eslint/[email protected]	Transitive: environment, filesystem	+12	3.32 MB	jameshenry
npm/@typescript-eslint/[email protected]	Transitive: environment, filesystem	+12	1.66 MB	jameshenry
npm/@vue/[email protected]	environment Transitive: eval, filesystem, network, shell, unsafe	+223	37.4 MB	soda
npm/@vue/[email protected]	environment, filesystem Transitive: eval, network, shell, unsafe	+64	18.3 MB	soda
npm/@vue/[email protected]	Transitive: environment, filesystem, network, shell	+13	344 kB	soda
npm/@vue/[email protected]	environment Transitive: filesystem, network, shell, unsafe	+91	17.2 MB	soda
npm/@vue/[email protected]	None	0	3.91 kB	soda
npm/@vue/[email protected]	environment, filesystem Transitive: eval, network, shell, unsafe	+101	13.5 MB	soda
npm/@vue/[email protected]	None	0	5.99 kB	soda
npm/[email protected]	environment Transitive: filesystem	+3	2.58 MB	ai
npm/[email protected]	environment, eval, filesystem	0	1.19 MB	zloirock
npm/[email protected]	None	0	730 kB	cure53
npm/[email protected]	None	0	17 kB	lydell
npm/[email protected]	filesystem	0	52.5 kB	bpscott
npm/[email protected]	filesystem, unsafe	+2	1.43 MB	ota-meshi
npm/[email protected]	filesystem Transitive: environment, shell, unsafe	+42	7.28 MB	eslintbot
npm/[email protected]	environment, filesystem, network Transitive: eval, shell	+110	21.3 MB	google-wombot
npm/[email protected]	Transitive: environment, eval, filesystem, network	+61	122 MB	chholland

🚮 Removed packages: npm/@elastic/[email protected], npm/@google-cloud/[email protected], npm/@google-cloud/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@typescript-eslint/[email protected], npm/@typescript-eslint/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Install scripts	npm/@fortawesome/[email protected]	Install script: postinstall Source: node attribution.js	app/package-lock.json app/package.json	🚫
Install scripts	npm/[email protected]	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	app/package-lock.json app/package.json	🚫
Install scripts	npm/@fortawesome/[email protected]	Install script: postinstall Source: node attribution.js	app/package-lock.json app/package.json	🚫
Install scripts	npm/@fortawesome/[email protected]	Install script: postinstall Source: node attribution.js	app/package-lock.json app/package.json	🚫
Install scripts	npm/@fortawesome/[email protected]	Install script: postinstall Source: node attribution.js	app/package-lock.json app/package.json	🚫
Install scripts	npm/[email protected]	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	app/package-lock.json app/package.json	🚫
Install scripts	npm/@fortawesome/[email protected]	Install script: postinstall Source: node attribution.js	app/package-lock.json app/package.json	🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/@fortawesome/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@fortawesome/[email protected]
• @SocketSecurity ignore npm/@fortawesome/[email protected]
• @SocketSecurity ignore npm/@fortawesome/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@fortawesome/[email protected]