1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-10-28 19:06:12 +01:00
Commit Graph

41 Commits

Author SHA1 Message Date
Christopher Kolstad
f4e3388606
task: Yarn v4 (#7457)
Moves to Yarn v4

---------

Co-authored-by: Alvin Bryan <107407814+alvinometric@users.noreply.github.com>
2024-06-27 12:52:43 +02:00
dependabot[bot]
f80726ddb6
chore(deps): bump ws from 8.17.0 to 8.17.1 in /docker (#7410)
Bumps [ws](https://github.com/websockets/ws) from 8.17.0 to 8.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/websockets/ws/releases">ws's
releases</a>.</em></p>
<blockquote>
<h2>8.17.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a DoS vulnerability (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>).</li>
</ul>
<p>A request with a number of headers exceeding
the[<code>server.maxHeadersCount</code>][]
threshold could be used to crash a ws server.</p>
<pre lang="js"><code>const http = require('http');
const WebSocket = require('ws');
<p>const wss = new WebSocket.Server({ port: 0 }, function () {
const chars =
&quot;!#$%&amp;'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~&quot;.split('');
const headers = {};
let count = 0;</p>
<p>for (let i = 0; i &lt; chars.length; i++) {
if (count === 2000) break;</p>
<pre><code>for (let j = 0; j &amp;lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}
</code></pre>
<p>}</p>
<p>headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';</p>
<p>const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});</p>
<p>request.end();
});
</code></pre></p>
<p>The vulnerability was reported by <a
href="https://github.com/rrlapointe">Ryan LaPointe</a> in <a
href="https://redirect.github.com/websockets/ws/issues/2230">websockets/ws#2230</a>.</p>
<p>In vulnerable versions of ws, the issue can be mitigated in the
following ways:</p>
<ol>
<li>Reduce the maximum allowed length of the request headers using the
[<code>--max-http-header-size=size</code>][] and/or the
[<code>maxHeaderSize</code>][] options so
that no more headers than the <code>server.maxHeadersCount</code> limit
can be sent.</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c56601092"><code>3c56601</code></a>
[dist] 8.17.1</li>
<li><a
href="e55e5106f1"><code>e55e510</code></a>
[security] Fix crash when the Upgrade header cannot be read (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li>
<li><a
href="6a00029edd"><code>6a00029</code></a>
[test] Increase code coverage</li>
<li><a
href="ddfe4a804d"><code>ddfe4a8</code></a>
[perf] Reduce the amount of <code>crypto.randomFillSync()</code>
calls</li>
<li>See full diff in <a
href="https://github.com/websockets/ws/compare/8.17.0...8.17.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.17.0&new-version=8.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 09:03:11 +02:00
dependabot[bot]
2657637b72
chore(deps): bump braces from 3.0.2 to 3.0.3 in /docker (#7370)
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to
3.0.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db2938"><code>74b2db2</code></a>
3.0.3</li>
<li><a
href="88f1429a0f"><code>88f1429</code></a>
update eslint. lint, fix unit tests.</li>
<li><a
href="415d660c30"><code>415d660</code></a>
Snyk js braces 6838727 (<a
href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a
href="190510f79d"><code>190510f</code></a>
fix tests, skip 1 test in test/braces.expand</li>
<li><a
href="716eb9f12d"><code>716eb9f</code></a>
readme bump</li>
<li><a
href="a5851e57f4"><code>a5851e5</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/braces/issues/37">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1"><code>2092bd1</code></a>
feature: braces: add maxSymbols (<a
href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a
href="9f5b4cf473"><code>9f5b4cf</code></a>
fix: vulnerability (<a
href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a
href="98414f9f1f"><code>98414f9</code></a>
remove funding file</li>
<li><a
href="665ab5d561"><code>665ab5d</code></a>
update keepEscaping doc (<a
href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=braces&package-manager=npm_and_yarn&previous-version=3.0.2&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-13 19:51:17 +02:00
Gastón Fournier
a0fce0ec12
Revert "fix: yarn v4 requires prepack instead of prepare script when building…" (#7373)
Reverts Unleash/unleash#7371
2024-06-12 13:25:51 +02:00
Christopher Kolstad
a971c770e9
task: Yarn v4 (#7345)
Trying again, this time with correct .gitignore already setup, and a
workflow configured to try what was failing prior to our revert.
2024-06-12 11:18:21 +02:00
Jaanus Sellin
f0f339ead3
fix: revert yarn4 (#7334)
Reverting yarn4, because we are stuck on broker build for couple of days
now.
2024-06-10 14:35:18 +03:00
Christopher Kolstad
15726cc8ac
chore: upgrade to yarn v4 (#7230)
![Outdated as of
2020](https://github.com/Unleash/unleash/assets/177402/689a1bcc-441d-4b87-88a6-125e68a17f26)

This has been on our TODO list for a long time.

We're moving to latest released at the time of commit (v4.2.2)
2024-06-07 14:00:19 +02:00
renovate[bot]
29de7c2dec
chore(deps): update dependency path-scurry to v1.11.1 (#7278)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [path-scurry](https://togithub.com/isaacs/path-scurry) | [`1.10.2` ->
`1.11.1`](https://renovatebot.com/diffs/npm/path-scurry/1.10.2/1.11.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/path-scurry/1.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/path-scurry/1.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/path-scurry/1.10.2/1.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/path-scurry/1.10.2/1.11.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>isaacs/path-scurry (path-scurry)</summary>

###
[`v1.11.1`](https://togithub.com/isaacs/path-scurry/compare/v1.11.0...v1.11.1)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.11.0...v1.11.1)

###
[`v1.11.0`](https://togithub.com/isaacs/path-scurry/compare/v1.10.4...v1.11.0)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.10.4...v1.11.0)

###
[`v1.10.4`](https://togithub.com/isaacs/path-scurry/compare/v1.10.3...v1.10.4)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.10.3...v1.10.4)

###
[`v1.10.3`](https://togithub.com/isaacs/path-scurry/compare/v1.10.2...v1.10.3)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.10.2...v1.10.3)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zODguMSIsInVwZGF0ZWRJblZlciI6IjM3LjM4OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-04 21:06:49 +00:00
Christopher Kolstad
0db5bc193f
task: upgraded semver dependency (and biome) (#7272)
Sorry for the extra noise here, but this seems to be the biome upgrade
altering formatting slightly.
2024-06-04 15:01:43 +02:00
Christopher Kolstad
d6b158b8b0
chore: readded resolutions for our docker package file (#7253)
Since this isn't inherited from our mother package, we needed to readd
resolutions and overrides. I've just copied what we used to have here
for now.
2024-06-04 09:34:41 +02:00
Christopher Kolstad
3daa731ed6
chore: removed passport from docker package.json file (#7159)
If you still need passport/custom auth, you should use the community
image https://github.com/Unleash/unleash-docker-community
2024-05-29 11:30:45 +02:00
Christopher Kolstad
7e38d6bae1
Node20 (#7095)
Upgrades workflows, nvmrc and package.json to use Node 20.
2024-05-23 14:14:09 +02:00
Ivar Conradi Østhus
f1addd9ea1
fix: update dependencies in OSS docker file 2024-05-07 23:50:25 +02:00
renovate[bot]
92d881b96f
chore(deps): update dependency path-scurry to v1.10.2 (#6850)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [path-scurry](https://togithub.com/isaacs/path-scurry) | [`1.6.3` ->
`1.10.2`](https://renovatebot.com/diffs/npm/path-scurry/1.6.3/1.10.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/path-scurry/1.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/path-scurry/1.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/path-scurry/1.6.3/1.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/path-scurry/1.6.3/1.10.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>isaacs/path-scurry (path-scurry)</summary>

###
[`v1.10.2`](https://togithub.com/isaacs/path-scurry/compare/v1.10.1...v1.10.2)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.10.1...v1.10.2)

###
[`v1.10.1`](https://togithub.com/isaacs/path-scurry/compare/v1.10.0...v1.10.1)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.10.0...v1.10.1)

###
[`v1.10.0`](https://togithub.com/isaacs/path-scurry/compare/v1.9.2...v1.10.0)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.9.2...v1.10.0)

###
[`v1.9.2`](https://togithub.com/isaacs/path-scurry/compare/v1.9.1...v1.9.2)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.9.1...v1.9.2)

###
[`v1.9.1`](https://togithub.com/isaacs/path-scurry/compare/v1.9.0...v1.9.1)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.9.0...v1.9.1)

###
[`v1.9.0`](https://togithub.com/isaacs/path-scurry/compare/v1.8.0...v1.9.0)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.8.0...v1.9.0)

###
[`v1.8.0`](https://togithub.com/isaacs/path-scurry/compare/v1.7.1...v1.8.0)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.7.1...v1.8.0)

###
[`v1.7.1`](https://togithub.com/isaacs/path-scurry/compare/v1.7.0...v1.7.1)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.7.0...v1.7.1)

###
[`v1.7.0`](https://togithub.com/isaacs/path-scurry/compare/v1.6.4...v1.7.0)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.6.4...v1.7.0)

###
[`v1.6.4`](https://togithub.com/isaacs/path-scurry/compare/v1.6.3...v1.6.4)

[Compare
Source](https://togithub.com/isaacs/path-scurry/compare/v1.6.3...v1.6.4)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-12 17:38:49 +00:00
dependabot[bot]
69d06c421f
chore(deps): bump tar from 6.2.0 to 6.2.1 in /docker (#6816) 2024-04-10 11:59:54 +02:00
dependabot[bot]
1b6354d42d
chore(deps): bump follow-redirects from 1.15.5 to 1.15.6 in /docker (#6570)
Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.5 to 1.15.6.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35a517c586"><code>35a517c</code></a>
Release version 1.15.6 of the npm package.</li>
<li><a
href="c4f847f851"><code>c4f847f</code></a>
Drop Proxy-Authorization across hosts.</li>
<li><a
href="8526b4a1b2"><code>8526b4a</code></a>
Use GitHub for disclosure.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 10:19:29 +01:00
renovate[bot]
4a8faacbd8
chore(deps): update dependency es5-ext to v0.10.64 (#6458)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [es5-ext](https://togithub.com/medikoo/es5-ext) | [`0.10.63` ->
`0.10.64`](https://renovatebot.com/diffs/npm/es5-ext/0.10.63/0.10.64) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/es5-ext/0.10.64?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/es5-ext/0.10.64?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/es5-ext/0.10.63/0.10.64?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/es5-ext/0.10.63/0.10.64?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>medikoo/es5-ext (es5-ext)</summary>

###
[`v0.10.64`](https://togithub.com/medikoo/es5-ext/blob/HEAD/CHANGELOG.md#01064-2024-02-27)

[Compare
Source](https://togithub.com/medikoo/es5-ext/compare/v0.10.63...v0.10.64)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMjcuMiIsInVwZGF0ZWRJblZlciI6IjM3LjIyNy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-07 00:54:55 +00:00
dependabot[bot]
3704956a06
chore(deps): bump es5-ext from 0.10.62 to 0.10.63 in /docker (#6350)
Bumps [es5-ext](https://github.com/medikoo/es5-ext) from 0.10.62 to
0.10.63.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/releases">es5-ext's
releases</a>.</em></p>
<blockquote>
<h2>0.10.63 (2024-02-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
<hr />
<p><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">Comparison
since last release</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md">es5-ext's
changelog</a>.</em></p>
<blockquote>
<h3><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">0.10.63</a>
(2024-02-23)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de4e03c477"><code>de4e03c</code></a>
chore: Release v0.10.63</li>
<li><a
href="3fd53b755e"><code>3fd53b7</code></a>
chore: Upgrade<code> lint-staged</code> to v13</li>
<li><a
href="bf8ed799d5"><code>bf8ed79</code></a>
chore: Ensure postinstall script does not crash on Windows</li>
<li><a
href="2cbbb0717b"><code>2cbbb07</code></a>
chore: Bump dependencies</li>
<li><a
href="22d0416ea1"><code>22d0416</code></a>
chore: Bump LICENSE year</li>
<li><a
href="a52e957366"><code>a52e957</code></a>
fix: Support ES2015+ function definitions in
<code>function#toStringTokens()</code></li>
<li><a
href="3551cdd7b2"><code>3551cdd</code></a>
fix: Do not rely on problematic regex</li>
<li><a
href="7855319f41"><code>7855319</code></a>
chore: Simplify the manifest message</li>
<li>See full diff in <a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=es5-ext&package-manager=npm_and_yarn&previous-version=0.10.62&new-version=0.10.63)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-27 08:33:38 +01:00
renovate[bot]
43b4343263
chore(deps): update dependency es5-ext to v0.10.63 [security] (#6349)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [es5-ext](https://togithub.com/medikoo/es5-ext) | [`0.10.62` ->
`0.10.63`](https://renovatebot.com/diffs/npm/es5-ext/0.10.62/0.10.63) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/es5-ext/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/es5-ext/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/es5-ext/0.10.62/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/es5-ext/0.10.62/0.10.63?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-27088](https://togithub.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h)

### Impact

Passing functions with very long names or complex default argument names
into `function#copy` or`function#toStringTokens` may put script to stall

### Patches
Fixed with
3551cdd7b2
and
a52e957366
Published with v0.10.63

### Workarounds
No real workaround aside of refraining from using above utilities.

### References

[https://github.com/medikoo/es5-ext/issues/201](https://togithub.com/medikoo/es5-ext/issues/201)

---

### Release Notes

<details>
<summary>medikoo/es5-ext (es5-ext)</summary>

###
[`v0.10.63`](https://togithub.com/medikoo/es5-ext/blob/HEAD/CHANGELOG.md#01063-2024-02-23)

[Compare
Source](https://togithub.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIxMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-27 00:58:17 +00:00
Gastón Fournier
7b8c1f0d04
chore: regenerate yarn.lock of docker folder (#6280)
## About the changes
Regenerate yarn.lock from docker folder: `rm cloud/yarn.lock && cd cloud
&& yarn install`

Resolves: https://github.com/Unleash/unleash/security/dependabot/120
2024-02-20 12:33:41 +01:00
Gastón Fournier
a9cd81a61c
chore: pin ip library (#6276)
## About the changes
Add resolution to IP library so transitive dependencies also use the
latest library
2024-02-20 10:37:27 +01:00
dependabot[bot]
77f6978103
chore(deps): bump follow-redirects from 1.15.3 to 1.15.4 in /docker (#5794)
Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.3 to 1.15.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65858205e5"><code>6585820</code></a>
Release version 1.15.4 of the npm package.</li>
<li><a
href="7a6567e16d"><code>7a6567e</code></a>
Disallow bracketed hostnames.</li>
<li><a
href="05629af696"><code>05629af</code></a>
Prefer native URL instead of deprecated url.parse.</li>
<li><a
href="1cba8e85fa"><code>1cba8e8</code></a>
Prefer native URL instead of legacy url.resolve.</li>
<li><a
href="72bc2a4229"><code>72bc2a4</code></a>
Simplify _processResponse error handling.</li>
<li><a
href="3d42aecdca"><code>3d42aec</code></a>
Add bracket tests.</li>
<li><a
href="bcbb096b32"><code>bcbb096</code></a>
Do not directly set Error properties.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.3...v1.15.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.3&new-version=1.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 15:05:02 +01:00
Gastón Fournier
607e01b6d3
fix: docker deploy failing (#5546)
#5537 updated package.json but not yarn.lock
2023-12-05 10:41:23 +00:00
renovate[bot]
d21a276b4f
fix(deps): update dependency passport to ^0.7.0 (#5537)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [passport](https://www.passportjs.org/)
([source](https://togithub.com/jaredhanson/passport)) | [`^0.6.0` ->
`^0.7.0`](https://renovatebot.com/diffs/npm/passport/0.6.0/0.7.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/passport/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/passport/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/passport/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/passport/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>jaredhanson/passport (passport)</summary>

###
[`v0.7.0`](https://togithub.com/jaredhanson/passport/blob/HEAD/CHANGELOG.md#070---2023-11-27)

[Compare
Source](https://togithub.com/jaredhanson/passport/compare/v0.6.0...v0.7.0)

##### Changed

- Set `req.authInfo` by default when using the `assignProperty` option
to
`authenticate()` middleware. This makes the behavior the same as when
not using
the option, and can be disabled by setting `authInfo` option to `false`.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 02:18:20 +00:00
Mateusz Kwasniewski
fc8ddbd6ff
fix: string-width issue when running docker container (#4808) 2023-09-21 15:48:17 +02:00
Ivar Conradi Østhus
a9d1750a4e
fix: resolution for semver in docker as well (#4168) 2023-07-06 18:47:14 +02:00
Gastón Fournier
51ffe02cfd
fix: update yarn.lock (#4160)
## About the changes
Update yarn.lock
2023-07-06 08:53:43 +00:00
Ivar Conradi Østhus
9249f7459c
fix: add resolution for semver 2023-07-06 09:22:51 +02:00
Gastón Fournier
0426dd505d
chore: update to node 18 (#3527)
## About the changes
This upgrades our main branch to use node 18 which is the active LTS
version and stops using node 14 which reaches the end of life in a few
weeks: https://nodejs.dev/en/about/releases/

This PR also adds `--no-experimental-fetch` for frontend tests and other
frontend commands. Related to:
https://github.com/node-fetch/node-fetch/issues/1566

More about the experimental fetch release:
https://nodejs.org/en/blog/announcements/v18-release-announce#fetch-experimental
2023-04-18 10:35:32 +02:00
Jaanus Sellin
6fe3d0ae5a
fix: fix path-scurry resolution (#3488) 2023-04-10 16:17:16 +03:00
renovate[bot]
2e559e1716
chore(deps): update dependency minimist to v1.2.8 (#3446)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [minimist](https://togithub.com/minimistjs/minimist) | [`1.2.7` ->
`1.2.8`](https://renovatebot.com/diffs/npm/minimist/1.2.7/1.2.8) |
[![age](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/compatibility-slim/1.2.7)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/confidence-slim/1.2.7)](https://docs.renovatebot.com/merge-confidence/)
|
| [minimist](https://togithub.com/minimistjs/minimist) | [`1.2.6` ->
`1.2.8`](https://renovatebot.com/diffs/npm/minimist/1.2.6/1.2.8) |
[![age](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/compatibility-slim/1.2.6)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/confidence-slim/1.2.6)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>minimistjs/minimist</summary>

###
[`v1.2.8`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v128-httpsgithubcomminimistjsminimistcomparev127v128---2023-02-09)

[Compare
Source](https://togithub.com/minimistjs/minimist/compare/v1.2.7...v1.2.8)

##### Merged

- \[Fix] Fix long option followed by single dash
[`#17`](https://togithub.com/minimistjs/minimist/pull/17)
- \[Tests] Remove duplicate test
[`#12`](https://togithub.com/minimistjs/minimist/pull/12)
- \[Fix] opt.string works with multiple aliases
[`#10`](https://togithub.com/minimistjs/minimist/pull/10)

##### Fixed

- \[Fix] Fix long option followed by single dash
([#&#8203;17](https://togithub.com/minimistjs/minimist/issues/17))
[`#15`](https://togithub.com/minimistjs/minimist/issues/15)
- \[Tests] Remove duplicate test
([#&#8203;12](https://togithub.com/minimistjs/minimist/issues/12))
[`#8`](https://togithub.com/minimistjs/minimist/issues/8)
- \[Fix] Fix long option followed by single dash
[`#15`](https://togithub.com/minimistjs/minimist/issues/15)
- \[Fix] opt.string works with multiple aliases
([#&#8203;10](https://togithub.com/minimistjs/minimist/issues/10))
[`#9`](https://togithub.com/minimistjs/minimist/issues/9)
- \[Fix] Fix handling of short option with non-trivial equals
[`#5`](https://togithub.com/minimistjs/minimist/issues/5)
- \[Tests] Remove duplicate test
[`#8`](https://togithub.com/minimistjs/minimist/issues/8)
- \[Fix] opt.string works with multiple aliases
[`#9`](https://togithub.com/minimistjs/minimist/issues/9)

##### Commits

- Merge tag 'v0.2.3'
[`a026794`](a0267947c7)
- \[eslint] fix indentation and whitespace
[`5368ca4`](5368ca4147)
- \[eslint] fix indentation and whitespace
[`e5f5067`](e5f5067259)
- \[eslint] more cleanup
[`62fde7d`](62fde7d935)
- \[eslint] more cleanup
[`36ac5d0`](36ac5d0d95)
- \[meta] add `auto-changelog`
[`73923d2`](73923d2235)
- \[actions] add reusable workflows
[`d80727d`](d80727df77)
- \[eslint] add eslint; rules to enable later are warnings
[`48bc06a`](48bc06a1b4)
- \[eslint] fix indentation
[`34b0f1c`](34b0f1ccaa)
- \[readme] rename and add badges
[`5df0fe4`](5df0fe4921)
- \[Dev Deps] switch from `covert` to `nyc`
[`a48b128`](a48b128fdb)
- \[Dev Deps] update `covert`, `tape`; remove unnecessary `tap`
[`f0fb958`](f0fb958e9a)
- \[meta] create FUNDING.yml; add `funding` in package.json
[`3639e0c`](3639e0c819)
- \[meta] use `npmignore` to autogenerate an npmignore file
[`be2e038`](be2e038c34)
- Only apps should have lockfiles
[`282b570`](282b570e74)
- isConstructorOrProto adapted from PR
[`ef9153f`](ef9153fc52)
- \[Dev Deps] update `@ljharb/eslint-config`, `aud`
[`098873c`](098873c213)
- \[Dev Deps] update `@ljharb/eslint-config`, `aud`
[`3124ed3`](3124ed3e46)
- \[meta] add `safe-publish-latest`
[`4b927de`](4b927de696)
- \[Tests] add `aud` in `posttest`
[`b32d9bd`](b32d9bd0ab)
- \[meta] update repo URLs
[`f9fdfc0`](f9fdfc032c)
- \[actions] Avoid 0.6 tests due to build failures
[`ba92fe6`](ba92fe6ebb)
- \[Dev Deps] update `tape`
[`950eaa7`](950eaa74f1)
- \[Dev Deps] add missing `npmignore` dev dep
[`3226afa`](3226afaf09)
- Merge tag 'v0.2.2'
[`980d7ac`](980d7ac61a)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zMS40IiwidXBkYXRlZEluVmVyIjoiMzUuMzEuNCJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-04 23:25:14 +00:00
dependabot[bot]
5e43eb1880
chore(deps): bump @sideway/formula from 3.0.0 to 3.0.1 in /docker (#3303) 2023-03-13 11:36:19 +01:00
dependabot[bot]
80d95b42a7
chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /docker (#3045)
Bumps
[http-cache-semantics](https://github.com/kornelski/http-cache-semantics)
from 4.1.0 to 4.1.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2449650435"><code>2449650</code></a>
Update mocha</li>
<li><a
href="560b2d8ef4"><code>560b2d8</code></a>
Don't use regex to trim whitespace</li>
<li><a
href="b1bdb92638"><code>b1bdb92</code></a>
Remove linting package zoo</li>
<li><a
href="c20dc7eeca"><code>c20dc7e</code></a>
Cache 308</li>
<li>See full diff in <a
href="https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=http-cache-semantics&package-manager=npm_and_yarn&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-10 10:58:43 +01:00
dependabot[bot]
e9809c0ff0
chore(deps): bump knex from 2.2.0 to 2.4.0 in /docker (#2869)
Bumps [knex](https://github.com/knex/knex) from 2.2.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/knex/knex/releases">knex's
releases</a>.</em></p>
<blockquote>
<h2>2.4.0</h2>
<h3>New features:</h3>
<ul>
<li>Support partial unique indexes <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5316">#5316</a></li>
<li>Make compiling SQL in error message optional <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5282">#5282</a></li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Insert array into json column <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5321">#5321</a></li>
<li>Fix unexpected max acquire-timeout <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5377">#5377</a></li>
<li>Fix: orWhereJson <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5361">#5361</a></li>
<li>MySQL: Add assertion for basic where clause not to be object or
array <a
href="https://github-redirect.dependabot.com/knex/knex/issues/1227">#1227</a></li>
<li>SQLite: Fix changing the default value of a boolean column in SQLite
<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5319">#5319</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>add missing type for 'expirationChecker' on PgConnectionConfig <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5334">#5334</a></li>
</ul>
<h2>2.3.0</h2>
<h3>New features:</h3>
<ul>
<li>PostgreSQL: Explicit jsonb support for custom pg clients <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5201">#5201</a></li>
<li>SQLite: Support returning with sqlite3 and better-sqlite3 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5285">#5285</a></li>
<li>MSSQL: Implement mapBinding mssql dialect option <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5292">#5292</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>Update types for TS 4.8 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5279">#5279</a></li>
<li>Fix typo <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5267">#5267</a></li>
<li>Fix WhereJsonObject withCompositeTableType <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5306">#5306</a></li>
<li>Fix AnalyticFunction type <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5304">#5304</a></li>
<li>Infer specific column value type in aggregations <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5297">#5297</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/knex/knex/blob/master/CHANGELOG.md">knex's
changelog</a>.</em></p>
<blockquote>
<h1>2.4.0 - 06 January, 2022</h1>
<h3>New features:</h3>
<ul>
<li>Support partial unique indexes <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5316">#5316</a></li>
<li>Make compiling SQL in error message optional <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5282">#5282</a></li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Insert array into json column <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5321">#5321</a></li>
<li>Fix unexpected max acquire-timeout <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5377">#5377</a></li>
<li>Fix: orWhereJson <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5361">#5361</a></li>
<li>MySQL: Add assertion for basic where clause not to be object or
array <a
href="https://github-redirect.dependabot.com/knex/knex/issues/1227">#1227</a></li>
<li>SQLite: Fix changing the default value of a boolean column in SQLite
<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5319">#5319</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>add missing type for 'expirationChecker' on PgConnectionConfig <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5334">#5334</a></li>
</ul>
<h1>2.3.0 - 31 August, 2022</h1>
<h3>New features:</h3>
<ul>
<li>PostgreSQL: Explicit jsonb support for custom pg clients <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5201">#5201</a></li>
<li>SQLite: Support returning with sqlite3 and better-sqlite3 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5285">#5285</a></li>
<li>MSSQL: Implement mapBinding mssql dialect option <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5292">#5292</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>Update types for TS 4.8 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5279">#5279</a></li>
<li>Fix typo <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5267">#5267</a></li>
<li>Fix WhereJsonObject withCompositeTableType <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5306">#5306</a></li>
<li>Fix AnalyticFunction type <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5304">#5304</a></li>
<li>Infer specific column value type in aggregations <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5297">#5297</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3475d81668"><code>3475d81</code></a>
Prepare to release 2.4.0</li>
<li><a
href="e97f92201a"><code>e97f922</code></a>
Bump tsd from 0.24.1 to 0.25.0 (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5396">#5396</a>)</li>
<li><a
href="e145322da9"><code>e145322</code></a>
1227: add assertion for basic where clause values (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5417">#5417</a>)</li>
<li><a
href="962bb0a635"><code>962bb0a</code></a>
Bump sinon from 14.0.2 to 15.0.1 (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5413">#5413</a>)</li>
<li><a
href="ab45314e70"><code>ab45314</code></a>
Add JSDoc (TS Flavour) to mjs stub file (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5390">#5390</a>)</li>
<li><a
href="72bd1f7396"><code>72bd1f7</code></a>
Fix: orWhereJson (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5361">#5361</a>)</li>
<li><a
href="4fc939a176"><code>4fc939a</code></a>
Fixes unexpected max acquire-timeout (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5377">#5377</a>)</li>
<li><a
href="5c4837cd4f"><code>5c4837c</code></a>
Fix lib/.gitignore path separator on Windows. (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5325">#5325</a>)</li>
<li><a
href="7dbbd00701"><code>7dbbd00</code></a>
Bump actions/setup-node from 3.4.1 to 3.5.1 (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5356">#5356</a>)</li>
<li><a
href="d39051f4a5"><code>d39051f</code></a>
fix: add missing type for 'expirationChecker' on PgConnectionConfig (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5334">#5334</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/knex/knex/compare/2.2.0...2.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=knex&package-manager=npm_and_yarn&previous-version=2.2.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:29:01 +01:00
renovate[bot]
7207f1b572
chore(deps): update dependency minimatch to v5 (#2400)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [minimatch](https://togithub.com/isaacs/minimatch) | [`^3.0.5` ->
`^5.0.0`](https://renovatebot.com/diffs/npm/minimatch/3.1.2/5.1.0) |
[![age](https://badges.renovateapi.com/packages/npm/minimatch/5.1.0/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/minimatch/5.1.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/minimatch/5.1.0/compatibility-slim/3.1.2)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/minimatch/5.1.0/confidence-slim/3.1.2)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>isaacs/minimatch</summary>

###
[`v5.1.0`](https://togithub.com/isaacs/minimatch/compare/v5.0.1...v5.1.0)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v5.0.1...v5.1.0)

###
[`v5.0.1`](https://togithub.com/isaacs/minimatch/compare/v5.0.0...v5.0.1)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v5.0.0...v5.0.1)

###
[`v5.0.0`](https://togithub.com/isaacs/minimatch/compare/v4.2.1...v5.0.0)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v4.2.1...v5.0.0)

###
[`v4.2.1`](https://togithub.com/isaacs/minimatch/compare/v4.2.0...v4.2.1)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v4.2.0...v4.2.1)

###
[`v4.2.0`](https://togithub.com/isaacs/minimatch/compare/v4.1.1...v4.2.0)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v4.1.1...v4.2.0)

###
[`v4.1.1`](https://togithub.com/isaacs/minimatch/compare/v4.1.0...v4.1.1)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v4.1.0...v4.1.1)

###
[`v4.1.0`](https://togithub.com/isaacs/minimatch/compare/v4.0.0...v4.1.0)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v4.0.0...v4.1.0)

###
[`v4.0.0`](https://togithub.com/isaacs/minimatch/compare/v3.1.2...v4.0.0)

[Compare
Source](https://togithub.com/isaacs/minimatch/compare/v3.1.2...v4.0.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yMS42IiwidXBkYXRlZEluVmVyIjoiMzQuMjEuNiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-10 21:36:46 +00:00
Ivar Conradi Østhus
0717b281fa
fix: update resolutions 2022-11-03 15:38:51 +01:00
Simon Hornby
3d0146cca7
Fix docker build (#2326)
* fix: patch stale docker lockfile
* fix: patch docker build to respect the fact that frontend now depends on some constants defined in unleash
2022-11-03 15:02:20 +01:00
sjaanus
a1ce89bedc
Merge frontend with backend (#1962)
* fix: use the frontend dir from the backend

* Build is now working

* Fix workflows

* Fix workflows

* Fix build PRs

* Test coverage workflow

* Test coverage

* Test coverage run

* Fix jest report

* refactor: add missing frontend build

* refactor: ignore frontend dir for coverage

* refactor: run frontend build in PRs

* refactor: run backend tests in PRs

* Revert "refactor: run backend tests in PRs"

This reverts commit 22cabddfd1.

* refactor: remove unused frontend build file

* refactor: test workflows in PR

* refactor: use a prepare script for the frontend

* refactor: simplify yarn build scripts

* refactor: fix check-release script

* Revert "refactor: test workflows in PR"

This reverts commit 496ae19404.

* refactor: remove unused gitignore lines

* refactor: remove renovate config from the frontend repo

* refactor: remove frontend repo license

* refactor: remove frontend repo changelog

* refactor: update frontend repo readme

* refactor: add frontend node_modules to dockerignore

* refactor: update the docker yarn.lock snapshot

Co-authored-by: olav <mail@olav.io>
2022-08-26 07:25:31 +00:00
Gard Rimestad
e2082b4493
feat: slim down docker container (#1790)
* feat: slim down docker container

This changes the unleash-server node module to be as little as it can,
resulting in a much smaller docker container. From 383M -> 11M.
2022-07-05 16:08:06 +02:00
renovate[bot]
14392ee975 fix(deps): update dependency passport to ^0.6.0 2022-06-28 20:16:55 +00:00
Gard Rimestad
5d5fc37dfd
Feat/docker container on main builds (#1762)
* feat: build docker containers when pushing to main

The intent here is to publish a docker container for every build of
main. This will make it easier to run the tip of main.
2022-06-28 16:13:00 +02:00