1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
Commit Graph

35 Commits

Author SHA1 Message Date
Gastón Fournier
34204334df
chore: Update docker yarnlock (#8174)
After building Unleash updating docker yarn.lock file
2024-09-18 16:30:19 +02:00
dependabot[bot]
cb6d45d29a
chore(deps): bump dompurify from 3.1.2 to 3.1.6 in /docker (#8154) 2024-09-18 11:27:39 +02:00
dependabot[bot]
0336cc1787
chore(deps): bump micromatch from 4.0.5 to 4.0.8 in /docker (#8003) 2024-08-29 12:22:42 +02:00
dependabot[bot]
89f3f09b6e
chore(deps): bump axios from 1.6.8 to 1.7.4 in /docker (#7878)
Bumps [axios](https://github.com/axios/axios) from 1.6.8 to 1.7.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.7.4</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>sec:</strong> CVE-2024-39338 (<a
href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/6543">#6543</a>)
(<a
href="6b6b605eaf">6b6b605</a>)</li>
<li><strong>sec:</strong> disregard protocol-relative URL to remediate
SSRF (<a
href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)
(<a
href="07a661a2a6">07a661a</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/levpachmanov"
title="+47/-11 ([#6543](https://github.com/axios/axios/issues/6543)
)">Lev Pachmanov</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/hainenber"
title="+49/-4 ([#6539](https://github.com/axios/axios/issues/6539) )">Đỗ
Trọng Hải</a></li>
</ul>
<h2>Release v1.7.3</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>adapter:</strong> fix progress event emitting; (<a
href="https://redirect.github.com/axios/axios/issues/6518">#6518</a>)
(<a
href="e3c76fc9bd">e3c76fc</a>)</li>
<li><strong>fetch:</strong> fix withCredentials request config (<a
href="https://redirect.github.com/axios/axios/issues/6505">#6505</a>)
(<a
href="85d4d0ea0a">85d4d0e</a>)</li>
<li><strong>xhr:</strong> return original config on errors from XHR
adapter (<a
href="https://redirect.github.com/axios/axios/issues/6515">#6515</a>)
(<a
href="8966ee7ea6">8966ee7</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+211/-159
([#6518](https://github.com/axios/axios/issues/6518)
[#6519](https://github.com/axios/axios/issues/6519) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/ValeraS"
title="+3/-3 ([#6515](https://github.com/axios/axios/issues/6515)
)">Valerii Sidorenko</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/prianyu"
title="+2/-2 ([#6505](https://github.com/axios/axios/issues/6505)
)">prianYu</a></li>
</ul>
<h2>Release v1.7.2</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fetch:</strong> enhance fetch API detection; (<a
href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>)
(<a
href="4f79aef81b">4f79aef</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+3/-3
([#6413](https://github.com/axios/axios/issues/6413) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h2>Release v1.7.1</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fetch:</strong> fixed ReferenceError issue when TextEncoder
is not available in the environment; (<a
href="https://redirect.github.com/axios/axios/issues/6410">#6410</a>)
(<a
href="733f15fe5b">733f15f</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+14/-9
([#6410](https://github.com/axios/axios/issues/6410) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h2>Release v1.7.0</h2>
<h2>Release notes:</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.7.3...v1.7.4">1.7.4</a>
(2024-08-13)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>sec:</strong> CVE-2024-39338 (<a
href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/6543">#6543</a>)
(<a
href="6b6b605eaf">6b6b605</a>)</li>
<li><strong>sec:</strong> disregard protocol-relative URL to remediate
SSRF (<a
href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)
(<a
href="07a661a2a6">07a661a</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/levpachmanov"
title="+47/-11 ([#6543](https://github.com/axios/axios/issues/6543)
)">Lev Pachmanov</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/hainenber"
title="+49/-4 ([#6539](https://github.com/axios/axios/issues/6539) )">Đỗ
Trọng Hải</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.7.2...v1.7.3">1.7.3</a>
(2024-08-01)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>adapter:</strong> fix progress event emitting; (<a
href="https://redirect.github.com/axios/axios/issues/6518">#6518</a>)
(<a
href="e3c76fc9bd">e3c76fc</a>)</li>
<li><strong>fetch:</strong> fix withCredentials request config (<a
href="https://redirect.github.com/axios/axios/issues/6505">#6505</a>)
(<a
href="85d4d0ea0a">85d4d0e</a>)</li>
<li><strong>xhr:</strong> return original config on errors from XHR
adapter (<a
href="https://redirect.github.com/axios/axios/issues/6515">#6515</a>)
(<a
href="8966ee7ea6">8966ee7</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+211/-159
([#6518](https://github.com/axios/axios/issues/6518)
[#6519](https://github.com/axios/axios/issues/6519) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/ValeraS"
title="+3/-3 ([#6515](https://github.com/axios/axios/issues/6515)
)">Valerii Sidorenko</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/prianyu"
title="+2/-2 ([#6505](https://github.com/axios/axios/issues/6505)
)">prianYu</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.7.1...v1.7.2">1.7.2</a>
(2024-05-21)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fetch:</strong> enhance fetch API detection; (<a
href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>)
(<a
href="4f79aef81b">4f79aef</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+3/-3
([#6413](https://github.com/axios/axios/issues/6413) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.7.0...v1.7.1">1.7.1</a>
(2024-05-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fetch:</strong> fixed ReferenceError issue when TextEncoder
is not available in the environment; (<a
href="https://redirect.github.com/axios/axios/issues/6410">#6410</a>)
(<a
href="733f15fe5b">733f15f</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+14/-9
([#6410](https://github.com/axios/axios/issues/6410) )">Dmitriy
Mozgovoy</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="abd24a7367"><code>abd24a7</code></a>
chore(release): v1.7.4 (<a
href="https://redirect.github.com/axios/axios/issues/6544">#6544</a>)</li>
<li><a
href="6b6b605eaf"><code>6b6b605</code></a>
fix(sec): CVE-2024-39338 (<a
href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/6543">#6543</a>)</li>
<li><a
href="07a661a2a6"><code>07a661a</code></a>
fix(sec): disregard protocol-relative URL to remediate SSRF (<a
href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)</li>
<li><a
href="c6cce43cd9"><code>c6cce43</code></a>
chore(release): v1.7.3 (<a
href="https://redirect.github.com/axios/axios/issues/6521">#6521</a>)</li>
<li><a
href="e3c76fc9bd"><code>e3c76fc</code></a>
fix(adapter): fix progress event emitting; (<a
href="https://redirect.github.com/axios/axios/issues/6518">#6518</a>)</li>
<li><a
href="85d4d0ea0a"><code>85d4d0e</code></a>
fix(fetch): fix withCredentials request config (<a
href="https://redirect.github.com/axios/axios/issues/6505">#6505</a>)</li>
<li><a
href="92cd8ed943"><code>92cd8ed</code></a>
chore(github): update ISSUE_TEMPLATE.md (<a
href="https://redirect.github.com/axios/axios/issues/6519">#6519</a>)</li>
<li><a
href="8966ee7ea6"><code>8966ee7</code></a>
fix(xhr): return original config on errors from XHR adapter (<a
href="https://redirect.github.com/axios/axios/issues/6515">#6515</a>)</li>
<li><a
href="0e4f9fa290"><code>0e4f9fa</code></a>
chore(release): v1.7.2 (<a
href="https://redirect.github.com/axios/axios/issues/6414">#6414</a>)</li>
<li><a
href="4f79aef81b"><code>4f79aef</code></a>
fix(fetch): enhance fetch API detection; (<a
href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.6.8...v1.7.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.6.8&new-version=1.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-21 09:59:30 +02:00
Christopher Kolstad
f4e3388606
task: Yarn v4 (#7457)
Moves to Yarn v4

---------

Co-authored-by: Alvin Bryan <107407814+alvinometric@users.noreply.github.com>
2024-06-27 12:52:43 +02:00
dependabot[bot]
f80726ddb6
chore(deps): bump ws from 8.17.0 to 8.17.1 in /docker (#7410)
Bumps [ws](https://github.com/websockets/ws) from 8.17.0 to 8.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/websockets/ws/releases">ws's
releases</a>.</em></p>
<blockquote>
<h2>8.17.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a DoS vulnerability (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>).</li>
</ul>
<p>A request with a number of headers exceeding
the[<code>server.maxHeadersCount</code>][]
threshold could be used to crash a ws server.</p>
<pre lang="js"><code>const http = require('http');
const WebSocket = require('ws');
<p>const wss = new WebSocket.Server({ port: 0 }, function () {
const chars =
&quot;!#$%&amp;'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~&quot;.split('');
const headers = {};
let count = 0;</p>
<p>for (let i = 0; i &lt; chars.length; i++) {
if (count === 2000) break;</p>
<pre><code>for (let j = 0; j &amp;lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}
</code></pre>
<p>}</p>
<p>headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';</p>
<p>const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});</p>
<p>request.end();
});
</code></pre></p>
<p>The vulnerability was reported by <a
href="https://github.com/rrlapointe">Ryan LaPointe</a> in <a
href="https://redirect.github.com/websockets/ws/issues/2230">websockets/ws#2230</a>.</p>
<p>In vulnerable versions of ws, the issue can be mitigated in the
following ways:</p>
<ol>
<li>Reduce the maximum allowed length of the request headers using the
[<code>--max-http-header-size=size</code>][] and/or the
[<code>maxHeaderSize</code>][] options so
that no more headers than the <code>server.maxHeadersCount</code> limit
can be sent.</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c56601092"><code>3c56601</code></a>
[dist] 8.17.1</li>
<li><a
href="e55e5106f1"><code>e55e510</code></a>
[security] Fix crash when the Upgrade header cannot be read (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li>
<li><a
href="6a00029edd"><code>6a00029</code></a>
[test] Increase code coverage</li>
<li><a
href="ddfe4a804d"><code>ddfe4a8</code></a>
[perf] Reduce the amount of <code>crypto.randomFillSync()</code>
calls</li>
<li>See full diff in <a
href="https://github.com/websockets/ws/compare/8.17.0...8.17.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.17.0&new-version=8.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-24 09:03:11 +02:00
dependabot[bot]
2657637b72
chore(deps): bump braces from 3.0.2 to 3.0.3 in /docker (#7370)
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to
3.0.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db2938"><code>74b2db2</code></a>
3.0.3</li>
<li><a
href="88f1429a0f"><code>88f1429</code></a>
update eslint. lint, fix unit tests.</li>
<li><a
href="415d660c30"><code>415d660</code></a>
Snyk js braces 6838727 (<a
href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a
href="190510f79d"><code>190510f</code></a>
fix tests, skip 1 test in test/braces.expand</li>
<li><a
href="716eb9f12d"><code>716eb9f</code></a>
readme bump</li>
<li><a
href="a5851e57f4"><code>a5851e5</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/braces/issues/37">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1"><code>2092bd1</code></a>
feature: braces: add maxSymbols (<a
href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a
href="9f5b4cf473"><code>9f5b4cf</code></a>
fix: vulnerability (<a
href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a
href="98414f9f1f"><code>98414f9</code></a>
remove funding file</li>
<li><a
href="665ab5d561"><code>665ab5d</code></a>
update keepEscaping doc (<a
href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=braces&package-manager=npm_and_yarn&previous-version=3.0.2&new-version=3.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-13 19:51:17 +02:00
Gastón Fournier
a0fce0ec12
Revert "fix: yarn v4 requires prepack instead of prepare script when building…" (#7373)
Reverts Unleash/unleash#7371
2024-06-12 13:25:51 +02:00
Christopher Kolstad
a971c770e9
task: Yarn v4 (#7345)
Trying again, this time with correct .gitignore already setup, and a
workflow configured to try what was failing prior to our revert.
2024-06-12 11:18:21 +02:00
Jaanus Sellin
f0f339ead3
fix: revert yarn4 (#7334)
Reverting yarn4, because we are stuck on broker build for couple of days
now.
2024-06-10 14:35:18 +03:00
Christopher Kolstad
15726cc8ac
chore: upgrade to yarn v4 (#7230)
![Outdated as of
2020](https://github.com/Unleash/unleash/assets/177402/689a1bcc-441d-4b87-88a6-125e68a17f26)

This has been on our TODO list for a long time.

We're moving to latest released at the time of commit (v4.2.2)
2024-06-07 14:00:19 +02:00
Christopher Kolstad
0db5bc193f
task: upgraded semver dependency (and biome) (#7272)
Sorry for the extra noise here, but this seems to be the biome upgrade
altering formatting slightly.
2024-06-04 15:01:43 +02:00
Christopher Kolstad
d6b158b8b0
chore: readded resolutions for our docker package file (#7253)
Since this isn't inherited from our mother package, we needed to readd
resolutions and overrides. I've just copied what we used to have here
for now.
2024-06-04 09:34:41 +02:00
Ivar Conradi Østhus
f1addd9ea1
fix: update dependencies in OSS docker file 2024-05-07 23:50:25 +02:00
dependabot[bot]
69d06c421f
chore(deps): bump tar from 6.2.0 to 6.2.1 in /docker (#6816) 2024-04-10 11:59:54 +02:00
dependabot[bot]
1b6354d42d
chore(deps): bump follow-redirects from 1.15.5 to 1.15.6 in /docker (#6570)
Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.5 to 1.15.6.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35a517c586"><code>35a517c</code></a>
Release version 1.15.6 of the npm package.</li>
<li><a
href="c4f847f851"><code>c4f847f</code></a>
Drop Proxy-Authorization across hosts.</li>
<li><a
href="8526b4a1b2"><code>8526b4a</code></a>
Use GitHub for disclosure.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 10:19:29 +01:00
dependabot[bot]
3704956a06
chore(deps): bump es5-ext from 0.10.62 to 0.10.63 in /docker (#6350)
Bumps [es5-ext](https://github.com/medikoo/es5-ext) from 0.10.62 to
0.10.63.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/releases">es5-ext's
releases</a>.</em></p>
<blockquote>
<h2>0.10.63 (2024-02-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
<hr />
<p><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">Comparison
since last release</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md">es5-ext's
changelog</a>.</em></p>
<blockquote>
<h3><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">0.10.63</a>
(2024-02-23)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de4e03c477"><code>de4e03c</code></a>
chore: Release v0.10.63</li>
<li><a
href="3fd53b755e"><code>3fd53b7</code></a>
chore: Upgrade<code> lint-staged</code> to v13</li>
<li><a
href="bf8ed799d5"><code>bf8ed79</code></a>
chore: Ensure postinstall script does not crash on Windows</li>
<li><a
href="2cbbb0717b"><code>2cbbb07</code></a>
chore: Bump dependencies</li>
<li><a
href="22d0416ea1"><code>22d0416</code></a>
chore: Bump LICENSE year</li>
<li><a
href="a52e957366"><code>a52e957</code></a>
fix: Support ES2015+ function definitions in
<code>function#toStringTokens()</code></li>
<li><a
href="3551cdd7b2"><code>3551cdd</code></a>
fix: Do not rely on problematic regex</li>
<li><a
href="7855319f41"><code>7855319</code></a>
chore: Simplify the manifest message</li>
<li>See full diff in <a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=es5-ext&package-manager=npm_and_yarn&previous-version=0.10.62&new-version=0.10.63)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-27 08:33:38 +01:00
Gastón Fournier
7b8c1f0d04
chore: regenerate yarn.lock of docker folder (#6280)
## About the changes
Regenerate yarn.lock from docker folder: `rm cloud/yarn.lock && cd cloud
&& yarn install`

Resolves: https://github.com/Unleash/unleash/security/dependabot/120
2024-02-20 12:33:41 +01:00
Gastón Fournier
a9cd81a61c
chore: pin ip library (#6276)
## About the changes
Add resolution to IP library so transitive dependencies also use the
latest library
2024-02-20 10:37:27 +01:00
dependabot[bot]
77f6978103
chore(deps): bump follow-redirects from 1.15.3 to 1.15.4 in /docker (#5794)
Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.3 to 1.15.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65858205e5"><code>6585820</code></a>
Release version 1.15.4 of the npm package.</li>
<li><a
href="7a6567e16d"><code>7a6567e</code></a>
Disallow bracketed hostnames.</li>
<li><a
href="05629af696"><code>05629af</code></a>
Prefer native URL instead of deprecated url.parse.</li>
<li><a
href="1cba8e85fa"><code>1cba8e8</code></a>
Prefer native URL instead of legacy url.resolve.</li>
<li><a
href="72bc2a4229"><code>72bc2a4</code></a>
Simplify _processResponse error handling.</li>
<li><a
href="3d42aecdca"><code>3d42aec</code></a>
Add bracket tests.</li>
<li><a
href="bcbb096b32"><code>bcbb096</code></a>
Do not directly set Error properties.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.3...v1.15.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=follow-redirects&package-manager=npm_and_yarn&previous-version=1.15.3&new-version=1.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 15:05:02 +01:00
Gastón Fournier
607e01b6d3
fix: docker deploy failing (#5546)
#5537 updated package.json but not yarn.lock
2023-12-05 10:41:23 +00:00
Mateusz Kwasniewski
fc8ddbd6ff
fix: string-width issue when running docker container (#4808) 2023-09-21 15:48:17 +02:00
Ivar Conradi Østhus
a9d1750a4e
fix: resolution for semver in docker as well (#4168) 2023-07-06 18:47:14 +02:00
Gastón Fournier
51ffe02cfd
fix: update yarn.lock (#4160)
## About the changes
Update yarn.lock
2023-07-06 08:53:43 +00:00
Ivar Conradi Østhus
9249f7459c
fix: add resolution for semver 2023-07-06 09:22:51 +02:00
Jaanus Sellin
6fe3d0ae5a
fix: fix path-scurry resolution (#3488) 2023-04-10 16:17:16 +03:00
renovate[bot]
2e559e1716
chore(deps): update dependency minimist to v1.2.8 (#3446)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [minimist](https://togithub.com/minimistjs/minimist) | [`1.2.7` ->
`1.2.8`](https://renovatebot.com/diffs/npm/minimist/1.2.7/1.2.8) |
[![age](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/compatibility-slim/1.2.7)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/confidence-slim/1.2.7)](https://docs.renovatebot.com/merge-confidence/)
|
| [minimist](https://togithub.com/minimistjs/minimist) | [`1.2.6` ->
`1.2.8`](https://renovatebot.com/diffs/npm/minimist/1.2.6/1.2.8) |
[![age](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/compatibility-slim/1.2.6)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/minimist/1.2.8/confidence-slim/1.2.6)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>minimistjs/minimist</summary>

###
[`v1.2.8`](https://togithub.com/minimistjs/minimist/blob/HEAD/CHANGELOG.md#v128-httpsgithubcomminimistjsminimistcomparev127v128---2023-02-09)

[Compare
Source](https://togithub.com/minimistjs/minimist/compare/v1.2.7...v1.2.8)

##### Merged

- \[Fix] Fix long option followed by single dash
[`#17`](https://togithub.com/minimistjs/minimist/pull/17)
- \[Tests] Remove duplicate test
[`#12`](https://togithub.com/minimistjs/minimist/pull/12)
- \[Fix] opt.string works with multiple aliases
[`#10`](https://togithub.com/minimistjs/minimist/pull/10)

##### Fixed

- \[Fix] Fix long option followed by single dash
([#&#8203;17](https://togithub.com/minimistjs/minimist/issues/17))
[`#15`](https://togithub.com/minimistjs/minimist/issues/15)
- \[Tests] Remove duplicate test
([#&#8203;12](https://togithub.com/minimistjs/minimist/issues/12))
[`#8`](https://togithub.com/minimistjs/minimist/issues/8)
- \[Fix] Fix long option followed by single dash
[`#15`](https://togithub.com/minimistjs/minimist/issues/15)
- \[Fix] opt.string works with multiple aliases
([#&#8203;10](https://togithub.com/minimistjs/minimist/issues/10))
[`#9`](https://togithub.com/minimistjs/minimist/issues/9)
- \[Fix] Fix handling of short option with non-trivial equals
[`#5`](https://togithub.com/minimistjs/minimist/issues/5)
- \[Tests] Remove duplicate test
[`#8`](https://togithub.com/minimistjs/minimist/issues/8)
- \[Fix] opt.string works with multiple aliases
[`#9`](https://togithub.com/minimistjs/minimist/issues/9)

##### Commits

- Merge tag 'v0.2.3'
[`a026794`](a0267947c7)
- \[eslint] fix indentation and whitespace
[`5368ca4`](5368ca4147)
- \[eslint] fix indentation and whitespace
[`e5f5067`](e5f5067259)
- \[eslint] more cleanup
[`62fde7d`](62fde7d935)
- \[eslint] more cleanup
[`36ac5d0`](36ac5d0d95)
- \[meta] add `auto-changelog`
[`73923d2`](73923d2235)
- \[actions] add reusable workflows
[`d80727d`](d80727df77)
- \[eslint] add eslint; rules to enable later are warnings
[`48bc06a`](48bc06a1b4)
- \[eslint] fix indentation
[`34b0f1c`](34b0f1ccaa)
- \[readme] rename and add badges
[`5df0fe4`](5df0fe4921)
- \[Dev Deps] switch from `covert` to `nyc`
[`a48b128`](a48b128fdb)
- \[Dev Deps] update `covert`, `tape`; remove unnecessary `tap`
[`f0fb958`](f0fb958e9a)
- \[meta] create FUNDING.yml; add `funding` in package.json
[`3639e0c`](3639e0c819)
- \[meta] use `npmignore` to autogenerate an npmignore file
[`be2e038`](be2e038c34)
- Only apps should have lockfiles
[`282b570`](282b570e74)
- isConstructorOrProto adapted from PR
[`ef9153f`](ef9153fc52)
- \[Dev Deps] update `@ljharb/eslint-config`, `aud`
[`098873c`](098873c213)
- \[Dev Deps] update `@ljharb/eslint-config`, `aud`
[`3124ed3`](3124ed3e46)
- \[meta] add `safe-publish-latest`
[`4b927de`](4b927de696)
- \[Tests] add `aud` in `posttest`
[`b32d9bd`](b32d9bd0ab)
- \[meta] update repo URLs
[`f9fdfc0`](f9fdfc032c)
- \[actions] Avoid 0.6 tests due to build failures
[`ba92fe6`](ba92fe6ebb)
- \[Dev Deps] update `tape`
[`950eaa7`](950eaa74f1)
- \[Dev Deps] add missing `npmignore` dev dep
[`3226afa`](3226afaf09)
- Merge tag 'v0.2.2'
[`980d7ac`](980d7ac61a)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zMS40IiwidXBkYXRlZEluVmVyIjoiMzUuMzEuNCJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-04-04 23:25:14 +00:00
dependabot[bot]
5e43eb1880
chore(deps): bump @sideway/formula from 3.0.0 to 3.0.1 in /docker (#3303) 2023-03-13 11:36:19 +01:00
dependabot[bot]
80d95b42a7
chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /docker (#3045)
Bumps
[http-cache-semantics](https://github.com/kornelski/http-cache-semantics)
from 4.1.0 to 4.1.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2449650435"><code>2449650</code></a>
Update mocha</li>
<li><a
href="560b2d8ef4"><code>560b2d8</code></a>
Don't use regex to trim whitespace</li>
<li><a
href="b1bdb92638"><code>b1bdb92</code></a>
Remove linting package zoo</li>
<li><a
href="c20dc7eeca"><code>c20dc7e</code></a>
Cache 308</li>
<li>See full diff in <a
href="https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=http-cache-semantics&package-manager=npm_and_yarn&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-10 10:58:43 +01:00
dependabot[bot]
e9809c0ff0
chore(deps): bump knex from 2.2.0 to 2.4.0 in /docker (#2869)
Bumps [knex](https://github.com/knex/knex) from 2.2.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/knex/knex/releases">knex's
releases</a>.</em></p>
<blockquote>
<h2>2.4.0</h2>
<h3>New features:</h3>
<ul>
<li>Support partial unique indexes <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5316">#5316</a></li>
<li>Make compiling SQL in error message optional <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5282">#5282</a></li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Insert array into json column <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5321">#5321</a></li>
<li>Fix unexpected max acquire-timeout <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5377">#5377</a></li>
<li>Fix: orWhereJson <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5361">#5361</a></li>
<li>MySQL: Add assertion for basic where clause not to be object or
array <a
href="https://github-redirect.dependabot.com/knex/knex/issues/1227">#1227</a></li>
<li>SQLite: Fix changing the default value of a boolean column in SQLite
<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5319">#5319</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>add missing type for 'expirationChecker' on PgConnectionConfig <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5334">#5334</a></li>
</ul>
<h2>2.3.0</h2>
<h3>New features:</h3>
<ul>
<li>PostgreSQL: Explicit jsonb support for custom pg clients <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5201">#5201</a></li>
<li>SQLite: Support returning with sqlite3 and better-sqlite3 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5285">#5285</a></li>
<li>MSSQL: Implement mapBinding mssql dialect option <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5292">#5292</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>Update types for TS 4.8 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5279">#5279</a></li>
<li>Fix typo <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5267">#5267</a></li>
<li>Fix WhereJsonObject withCompositeTableType <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5306">#5306</a></li>
<li>Fix AnalyticFunction type <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5304">#5304</a></li>
<li>Infer specific column value type in aggregations <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5297">#5297</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/knex/knex/blob/master/CHANGELOG.md">knex's
changelog</a>.</em></p>
<blockquote>
<h1>2.4.0 - 06 January, 2022</h1>
<h3>New features:</h3>
<ul>
<li>Support partial unique indexes <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5316">#5316</a></li>
<li>Make compiling SQL in error message optional <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5282">#5282</a></li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Insert array into json column <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5321">#5321</a></li>
<li>Fix unexpected max acquire-timeout <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5377">#5377</a></li>
<li>Fix: orWhereJson <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5361">#5361</a></li>
<li>MySQL: Add assertion for basic where clause not to be object or
array <a
href="https://github-redirect.dependabot.com/knex/knex/issues/1227">#1227</a></li>
<li>SQLite: Fix changing the default value of a boolean column in SQLite
<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5319">#5319</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>add missing type for 'expirationChecker' on PgConnectionConfig <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5334">#5334</a></li>
</ul>
<h1>2.3.0 - 31 August, 2022</h1>
<h3>New features:</h3>
<ul>
<li>PostgreSQL: Explicit jsonb support for custom pg clients <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5201">#5201</a></li>
<li>SQLite: Support returning with sqlite3 and better-sqlite3 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5285">#5285</a></li>
<li>MSSQL: Implement mapBinding mssql dialect option <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5292">#5292</a></li>
</ul>
<h3>Typings:</h3>
<ul>
<li>Update types for TS 4.8 <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5279">#5279</a></li>
<li>Fix typo <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5267">#5267</a></li>
<li>Fix WhereJsonObject withCompositeTableType <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5306">#5306</a></li>
<li>Fix AnalyticFunction type <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5304">#5304</a></li>
<li>Infer specific column value type in aggregations <a
href="https://github-redirect.dependabot.com/knex/knex/issues/5297">#5297</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3475d81668"><code>3475d81</code></a>
Prepare to release 2.4.0</li>
<li><a
href="e97f92201a"><code>e97f922</code></a>
Bump tsd from 0.24.1 to 0.25.0 (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5396">#5396</a>)</li>
<li><a
href="e145322da9"><code>e145322</code></a>
1227: add assertion for basic where clause values (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5417">#5417</a>)</li>
<li><a
href="962bb0a635"><code>962bb0a</code></a>
Bump sinon from 14.0.2 to 15.0.1 (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5413">#5413</a>)</li>
<li><a
href="ab45314e70"><code>ab45314</code></a>
Add JSDoc (TS Flavour) to mjs stub file (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5390">#5390</a>)</li>
<li><a
href="72bd1f7396"><code>72bd1f7</code></a>
Fix: orWhereJson (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5361">#5361</a>)</li>
<li><a
href="4fc939a176"><code>4fc939a</code></a>
Fixes unexpected max acquire-timeout (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5377">#5377</a>)</li>
<li><a
href="5c4837cd4f"><code>5c4837c</code></a>
Fix lib/.gitignore path separator on Windows. (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5325">#5325</a>)</li>
<li><a
href="7dbbd00701"><code>7dbbd00</code></a>
Bump actions/setup-node from 3.4.1 to 3.5.1 (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5356">#5356</a>)</li>
<li><a
href="d39051f4a5"><code>d39051f</code></a>
fix: add missing type for 'expirationChecker' on PgConnectionConfig (<a
href="https://github-redirect.dependabot.com/knex/knex/issues/5334">#5334</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/knex/knex/compare/2.2.0...2.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=knex&package-manager=npm_and_yarn&previous-version=2.2.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Unleash/unleash/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-11 14:29:01 +01:00
Simon Hornby
3d0146cca7
Fix docker build (#2326)
* fix: patch stale docker lockfile
* fix: patch docker build to respect the fact that frontend now depends on some constants defined in unleash
2022-11-03 15:02:20 +01:00
sjaanus
a1ce89bedc
Merge frontend with backend (#1962)
* fix: use the frontend dir from the backend

* Build is now working

* Fix workflows

* Fix workflows

* Fix build PRs

* Test coverage workflow

* Test coverage

* Test coverage run

* Fix jest report

* refactor: add missing frontend build

* refactor: ignore frontend dir for coverage

* refactor: run frontend build in PRs

* refactor: run backend tests in PRs

* Revert "refactor: run backend tests in PRs"

This reverts commit 22cabddfd1.

* refactor: remove unused frontend build file

* refactor: test workflows in PR

* refactor: use a prepare script for the frontend

* refactor: simplify yarn build scripts

* refactor: fix check-release script

* Revert "refactor: test workflows in PR"

This reverts commit 496ae19404.

* refactor: remove unused gitignore lines

* refactor: remove renovate config from the frontend repo

* refactor: remove frontend repo license

* refactor: remove frontend repo changelog

* refactor: update frontend repo readme

* refactor: add frontend node_modules to dockerignore

* refactor: update the docker yarn.lock snapshot

Co-authored-by: olav <mail@olav.io>
2022-08-26 07:25:31 +00:00
Gard Rimestad
e2082b4493
feat: slim down docker container (#1790)
* feat: slim down docker container

This changes the unleash-server node module to be as little as it can,
resulting in a much smaller docker container. From 383M -> 11M.
2022-07-05 16:08:06 +02:00
renovate[bot]
14392ee975 fix(deps): update dependency passport to ^0.6.0 2022-06-28 20:16:55 +00:00
Gard Rimestad
5d5fc37dfd
Feat/docker container on main builds (#1762)
* feat: build docker containers when pushing to main

The intent here is to publish a docker container for every build of
main. This will make it easier to run the tip of main.
2022-06-28 16:13:00 +02:00