Skip to content

chore(deps): bump jszip from 3.7.0 to 3.8.0 in /packages/requirefs #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 151 commits into
base: master
Choose a base branch
from
Open

chore(deps): bump jszip from 3.7.0 to 3.8.0 in /packages/requirefs #34

wants to merge 151 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 2, 2023
edited
Loading

Bumps jszip from 3.7.0 to 3.8.0.

Changelog

Sourced from jszip's changelog.

v3.8.0 2022-03-30

  • Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

  • Fix build of dist files.
    • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.
Commits
  • 3b98cfc 3.8.0
  • 2edab36 Sanitize filenames with loadAsync to prevent zip slip attacks
  • 1f631b0 Update contributing
  • 459ff79 Add tests for utils that remove leading slash
  • d4702a7 Merge pull request #541 from PatricSteffen/patch-1
  • 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
  • 85c4989 Merge pull request #796 from Stuk/ghci
  • 40cc7f4 Add dependency caching
  • 5ee321e Install deps needed for Playwright on Github Actions
  • eeb841e Remove code and dependencies used for Saucelabs
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot bot and others added 30 commits June 15, 2021 19:21
@dependabot
Bump hosted-git-info from 2.7.1 to 2.8.9 in /packages
04728be 
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.7.1...v2.8.9)

---
updated-dependencies:
- dependency-name: hosted-git-info
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump y18n from 3.2.1 to 3.2.2 in /packages
ed0c233 
Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

---
updated-dependencies:
- dependency-name: y18n
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump lodash.merge from 4.6.1 to 4.6.2 in /packages/dns
063dba3 
Bumps [lodash.merge](https://github.com/lodash/lodash) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/commits)

---
updated-dependencies:
- dependency-name: lodash.merge
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump tar from 4.4.8 to 4.4.15 in /packages
e218596 
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.15.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.8...v4.4.15)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump tar from 2.2.1 to 2.2.2
c96f14f 
Bumps [tar](https://github.com/npm/node-tar) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #7 from TinLe/dependabot/npm_and_yarn/packages/tar…
fbdf30c 
…-4.4.15

Bump tar from 4.4.8 to 4.4.15 in /packages
@TinLe
Merge pull request #8 from TinLe/dependabot/npm_and_yarn/tar-2.2.2
0196ba4 
Bump tar from 2.2.1 to 2.2.2
@dependabot
Bump ws from 5.2.2 to 5.2.3 in /packages
f392329 
Bumps [ws](https://github.com/websockets/ws) from 5.2.2 to 5.2.3.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@5.2.2...5.2.3)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump handlebars from 4.0.12 to 4.7.7 in /packages
511872e 
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.12 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.0.12...v4.7.7)

---
updated-dependencies:
- dependency-name: handlebars
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump lodash from 4.17.11 to 4.17.21 in /packages
1a42642 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.17.21)

---
updated-dependencies:
- dependency-name: lodash
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump path-parse from 1.0.6 to 1.0.7 in /packages
e5042eb 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump path-parse from 1.0.6 to 1.0.7
fdeb74d 
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #1 from TinLe/dependabot/npm_and_yarn/packages/lod…
8ce5956 
…ash-4.17.21

Bump lodash from 4.17.11 to 4.17.21 in /packages
@TinLe
Merge pull request #2 from TinLe/dependabot/npm_and_yarn/packages/ws-…
13a90f1 
…5.2.3

Bump ws from 5.2.2 to 5.2.3 in /packages
@TinLe
Merge pull request #3 from TinLe/dependabot/npm_and_yarn/packages/hos…
018ff16 
…ted-git-info-2.8.9

Bump hosted-git-info from 2.7.1 to 2.8.9 in /packages
@TinLe
Merge pull request #4 from TinLe/dependabot/npm_and_yarn/packages/y18…
a3f0d31 
…n-3.2.2

Bump y18n from 3.2.1 to 3.2.2 in /packages
@dependabot
Bump url-parse from 1.4.4 to 1.5.3
d72500e 
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.4 to 1.5.3.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](unshiftio/url-parse@1.4.4...1.5.3)

---
updated-dependencies:
- dependency-name: url-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #5 from TinLe/dependabot/npm_and_yarn/packages/dns…
381f941 
…/lodash.merge-4.6.2

Bump lodash.merge from 4.6.1 to 4.6.2 in /packages/dns
@TinLe
Merge pull request #6 from TinLe/dependabot/npm_and_yarn/packages/han…
38ad8f5 
…dlebars-4.7.7

Bump handlebars from 4.0.12 to 4.7.7 in /packages
@TinLe
Merge pull request #9 from TinLe/dependabot/npm_and_yarn/packages/pat…
7e50fd4 
…h-parse-1.0.7

Bump path-parse from 1.0.6 to 1.0.7 in /packages
@dependabot
Bump tar from 4.4.15 to 4.4.19 in /packages
dd1cb0c 
Bumps [tar](https://github.com/npm/node-tar) from 4.4.15 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.15...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #10 from TinLe/dependabot/npm_and_yarn/path-parse-…
57d8f6b 
…1.0.7

Bump path-parse from 1.0.6 to 1.0.7
@TinLe
Merge pull request #11 from TinLe/dependabot/npm_and_yarn/packages/ta…
1fe7587 
…r-4.4.19

Bump tar from 4.4.15 to 4.4.19 in /packages
@TinLe
Merge pull request #12 from TinLe/dependabot/npm_and_yarn/url-parse-1…
9aa9bb4 
….5.3

Bump url-parse from 1.4.4 to 1.5.3
@dependabot
Bump tmpl from 1.0.4 to 1.0.5 in /packages
7694e85 
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases)
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

---
updated-dependencies:
- dependency-name: tmpl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #13 from TinLe/dependabot/npm_and_yarn/packages/tm…
333c1eb 
…pl-1.0.5

Bump tmpl from 1.0.4 to 1.0.5 in /packages
@dependabot
Bump follow-redirects from 1.6.1 to 1.14.7
4b0e0e3 
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.6.1 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.6.1...v1.14.7)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #14 from TinLe/dependabot/npm_and_yarn/follow-redi…
7280c67 
…rects-1.14.7

Bump follow-redirects from 1.6.1 to 1.14.7
@dependabot
Bump jszip from 2.6.0 to 3.7.0 in /packages/requirefs
32c7b42 
Bumps [jszip](https://github.com/Stuk/jszip) from 2.6.0 to 3.7.0.
- [Release notes](https://github.com/Stuk/jszip/releases)
- [Changelog](https://github.com/Stuk/jszip/blob/master/CHANGES.md)
- [Commits](Stuk/jszip@v2.6.0...v3.7.0)

---
updated-dependencies:
- dependency-name: jszip
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #15 from TinLe/dependabot/npm_and_yarn/packages/re…
5209d61 
…quirefs/jszip-3.7.0

Bump jszip from 2.6.0 to 3.7.0 in /packages/requirefs
renovate bot and others added 26 commits April 23, 2022 17:47
@renovate @renovate-bot
@jsjoeio @TinLe
chore(deps): update minor dependency updates (coder#5060)
dea642b 
Co-authored-by: Renovate Bot <[email protected]>
Co-authored-by: Joe Previte <[email protected]>
@jsjoeio @code-asher @TinLe
feat: add option for disabling file downloads (coder#5055)
d04de3d 
* feat(cli): add disable-file-downloads to cli

* feat(e2e): add download test

* feat(e2e): add downloads disabled test

* refactor(e2e): explain how to debug unexpected close

* feat(patches): add disable file downloads

* wip: update diff

* Update src/node/cli.ts

Co-authored-by: Asher <[email protected]>

* fixup! add missing common/contextkeys file to patch

* fixup!: update patch

* fixup!: default disable-file-downloads undefined

* fixup!: combine e2e tests

* fixup!: use different test names

* feat: add CS_DISABLE_FILE_DOWNLOADS

* fixup!: make explicit and cleanup test

* fixup!: use beforeEach

Co-authored-by: Asher <[email protected]>
@jsjoeio @TinLe
revert(docs): partially revert 326a1d1 (coder#5095)
7f15e19 
We tried to switch from `yarn` to `npm` because `yarn` ignores lockfiles
but learned that we missed a few key things.

For now, we are reverting docs and a few other changes that suggested
using `npm` instead of `yarn` until we fully remove `yarn` from the
codebase.
t Please enter the commit message for your changes. Lines starting
@code-asher @TinLe
fix: webviews failing to load the iframe HTML (coder#5103)
e0d805c 
Code added in 1.65.0 broke webviews when you are hosting them from the
same domain.
@code-asher @TinLe
fix: use current location for web extension resource endpoint (coder#…
4c9878e 
…5104)

This makes it work behind a rewriting proxy as well as make it use the
correct remote authority.
@jsjoeio @code-asher @TinLe
v4.3.0 (coder#5099)
c47c292 
* chore(release): bump version to 4.3.0

* fix(release-prep.sh): ignore lib/vscode

* docs(CHANGELOG): add 4.3.0

* chore: bump chart version

* fixup!: remove change in postinstall

* fixup!: bullets in CHANGELOG

* fixup!: formatting

* fixup! typo in changelog

* fixup!: update date in changelog

Co-authored-by: Asher <[email protected]>
@jsjoeio @code-asher @TinLe
chore: attempt to fix docker (coder#5106)
e81b51f 
* chore: attempt to fix docker

* Update .github/workflows/docker.yaml

Co-authored-by: Asher <[email protected]>

* chore: add publish:docker to scripts

Co-authored-by: Asher <[email protected]>
@renovate @renovate-bot @TinLe
chore(deps): update aquasecurity/trivy-action digest to 2b30463 (code…
196b06a 
…r#5098)

Co-authored-by: Renovate Bot <[email protected]>
@code-asher @TinLe
chore: provide details when update.checked tests fail (coder#5115)
a7e564b 
Using the toBe* functions will let us know what the actual values are
rather than just telling us true does not equal false.
@dependabot
chore(deps-dev): bump node-fetch from 2.6.6 to 2.6.7 in /test
c6f589c 
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.6 to 2.6.7.
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.6...v2.6.7)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge remote-tracking branch 'upstream/main'
ced7587
@dependabot
chore(deps): bump minimist from 1.2.5 to 1.2.6 in /test
97de9b8 
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #27 from TinLe/dependabot/npm_and_yarn/test/node-f…
8edcd4b 
…etch-2.6.7

chore(deps-dev): bump node-fetch from 2.6.6 to 2.6.7 in /test
@TinLe
Merge pull request #26 from TinLe/dependabot/npm_and_yarn/test/minimi…
76ebe15 
…st-1.2.6

chore(deps): bump minimist from 1.2.5 to 1.2.6 in /test
@dependabot
chore(deps): bump cross-fetch from 3.1.4 to 3.1.5 in /test
8a7d20d 
Bumps [cross-fetch](https://github.com/lquixada/cross-fetch) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/lquixada/cross-fetch/releases)
- [Commits](lquixada/cross-fetch@v3.1.4...v3.1.5)

---
updated-dependencies:
- dependency-name: cross-fetch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge pull request #28 from TinLe/dependabot/npm_and_yarn/test/cross-…
7a57d2f 
…fetch-3.1.5

chore(deps): bump cross-fetch from 3.1.4 to 3.1.5 in /test
@dependabot
chore(deps): bump jpeg-js from 0.4.3 to 0.4.4 in /test
29c1f5a 
Bumps [jpeg-js](https://github.com/eugeneware/jpeg-js) from 0.4.3 to 0.4.4.
- [Release notes](https://github.com/eugeneware/jpeg-js/releases)
- [Commits](jpeg-js/jpeg-js@v0.4.3...v0.4.4)

---
updated-dependencies:
- dependency-name: jpeg-js
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /test
dea82fd 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge branch 'coder:main' into master
1b9ffdf
@TinLe
Merge branch 'coder:main' into master
543dcc3
@dependabot
chore(deps): bump json5 from 2.2.0 to 2.2.3 in /test
d442a9a 
Bumps [json5](https://github.com/json5/json5) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.2.0...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@TinLe
Merge branch 'coder:main' into master
3ad7ff5
@TinLe
Merge pull request #29 from TinLe/dependabot/npm_and_yarn/test/jpeg-j…
680e7d6 
…s-0.4.4

chore(deps): bump jpeg-js from 0.4.3 to 0.4.4 in /test
@TinLe
Merge pull request #31 from TinLe/dependabot/npm_and_yarn/test/minima…
c58c581 
…tch-3.1.2

chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /test
@TinLe
Merge pull request #32 from TinLe/dependabot/npm_and_yarn/test/json5-…
3bd44a4 
…2.2.3

chore(deps): bump json5 from 2.2.0 to 2.2.3 in /test
@dependabot
chore(deps): bump jszip from 3.7.0 to 3.8.0 in /packages/requirefs
c4b8e07 
Bumps [jszip](https://github.com/Stuk/jszip) from 3.7.0 to 3.8.0.
- [Release notes](https://github.com/Stuk/jszip/releases)
- [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md)
- [Commits](Stuk/jszip@v3.7.0...v3.8.0)

---
updated-dependencies:
- dependency-name: jszip
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 2, 2023
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 7, 2023

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

1 similar comment
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 10, 2023

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.