Skip to content

[Snyk] Upgrade: , , , , , dayjs, firebase-admin, mongoose, newrelic, next, stripe #1159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade: , , , , , dayjs, firebase-admin, mongoose, newrelic, next, stripe #1159

wants to merge 1 commit into from

Conversation

@k2xl
Copy link
Collaborator

@k2xl k2xl commented Sep 20, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@aws-sdk/credential-provider-node
from 3.632.0 to 3.637.0 | 2 versions ahead of your current version | a month ago
on 2024-08-22
@aws-sdk/client-ses
from 3.632.0 to 3.637.0 | 3 versions ahead of your current version | a month ago
on 2024-08-22
@headlessui/react
from 2.1.2 to 2.1.3 | 1 version ahead of your current version | a month ago
on 2024-08-23
@next/third-parties
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 24 days ago
on 2024-08-27
@openreplay/tracker
from 14.0.4 to 14.0.5 | 1 version ahead of your current version | 22 days ago
on 2024-08-29
dayjs
from 1.11.12 to 1.11.13 | 1 version ahead of your current version | a month ago
on 2024-08-20
firebase-admin
from 12.3.1 to 12.4.0 | 1 version ahead of your current version | a month ago
on 2024-08-22
mongoose
from 8.5.3 to 8.6.0 | 3 versions ahead of your current version | 23 days ago
on 2024-08-28
newrelic
from 12.1.1 to 12.3.0 | 2 versions ahead of your current version | 24 days ago
on 2024-08-27
next
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 24 days ago
on 2024-08-27
stripe
from 16.8.0 to 16.9.0 | 3 versions ahead of your current version | 21 days ago
on 2024-08-29

Release notes
Package name: @aws-sdk/credential-provider-node
  • 3.637.0 - 2024-08-22

    3.637.0(2024-08-22)

    Chores
    • util-endpoints: update aws partitions.json (9d2511b8)
    • endpoints: update endpoints model (f7ad4c17)
    • models: update API models (842bde9e)
    • client-codestar: deprecate CodeStar (#6402) (5327273d)
    Documentation Changes
    • client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)
    New Features
    • client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
    • client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
    • client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
    • client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
    • client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)

    For list of updated packages, view updated-packages.md in assets-3.637.0.zip

  • 3.635.0 - 2024-08-20

    3.635.0(2024-08-20)

    Documentation Changes
    • client-ecs: Documentation only release to address various tickets (a4a0836a)
    New Features
    • client-opensearchserverless: Added FailureCode and FailureMessage to BatchGetCollectionResponse for BatchGetVPCEResponse for non-Active Collection and VPCE. (7daa541c)
    • client-s3: Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. (b474584f)
    • codegen: add Smithy RPCv2 CBOR to list of protocols (#6096) (5154d4f1)

    For list of updated packages, view updated-packages.md in assets-3.635.0.zip

  • 3.632.0 - 2024-08-15
from @aws-sdk/credential-provider-node GitHub release notes
Package name: @aws-sdk/client-ses
  • 3.637.0 - 2024-08-22

    3.637.0(2024-08-22)

    Chores
    • util-endpoints: update aws partitions.json (9d2511b8)
    • endpoints: update endpoints model (f7ad4c17)
    • models: update API models (842bde9e)
    • client-codestar: deprecate CodeStar (#6402) (5327273d)
    Documentation Changes
    • client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)
    New Features
    • client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
    • client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
    • client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
    • client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
    • client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)

    For list of updated packages, view updated-packages.md in assets-3.637.0.zip

  • 3.636.0 - 2024-08-21

    3.636.0(2024-08-21)

    Chores
    • turbo: simplify build scripts in package.json (#6366) (614d98e1)
    Documentation Changes
    • link to smithy/middleware-retry in Notable Changes (#6397) (31263194)
    New Features
    • clients: update client endpoints as of 2024-08-21 (f8aaf1df)
    • client-ses: Enable email receiving customers to provide SES with access to their S3 buckets via an IAM role for "Deliver to S3 Action" (aafc6ebd)
    • client-entityresolution: Increase the mapping attributes in Schema to 35. (d038be36)
    • client-glue: Add optional field JobRunQueuingEnabled to CreateJob and UpdateJob APIs. (b3bbf579)
    • client-securityhub: Security Hub documentation and definition updates (17db5f7e)
    • client-lambda: Release FilterCriteria encryption for Lambda EventSourceMapping, enabling customers to encrypt their filter criteria using a customer-owned KMS key. (6fff3639)
    • client-ec2: DescribeInstanceStatus now returns health information on EBS volumes attached to Nitro instances (1baa7ea8)

    For list of updated packages, view updated-packages.md in assets-3.636.0.zip

  • 3.635.0 - 2024-08-20

    3.635.0(2024-08-20)

    Documentation Changes
    • client-ecs: Documentation only release to address various tickets (a4a0836a)
    New Features
    • client-opensearchserverless: Added FailureCode and FailureMessage to BatchGetCollectionResponse for BatchGetVPCEResponse for non-Active Collection and VPCE. (7daa541c)
    • client-s3: Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. (b474584f)
    • codegen: add Smithy RPCv2 CBOR to list of protocols (#6096) (5154d4f1)

    For list of updated packages, view updated-packages.md in assets-3.635.0.zip

  • 3.632.0 - 2024-08-15
from @aws-sdk/client-ses GitHub release notes
Package name: @headlessui/react
  • 2.1.3 - 2024-08-23

    Fixed

    • Ensure Transition component state doesn't change when it becomes hidden (#3372)
    • Fix closing components using the transition prop, and after scrolling the page (#3407)
    • Ensure all client components are marked correctly to avoid a crash with React 19 and Turbopack (#3429)
  • 2.1.2 - 2024-07-05

    Fixed

    • Fix prematurely added anchoring styles on ListboxOptions (#3337)
    • Ensure unmount on Dialog works in combination with the transition prop on DialogBackdrop and DialogPanel components (#3352)
    • Fix crash in Combobox component when in virtual mode when options are empty (#3356)
    • Fix hanging tests when using anchor prop (#3357)
    • Fix transition and focus prop combination for PopoverPanel component (#3361)
    • Fix outside click in nested portalled Popover components (#3362)
    • Fix restoring focus to correct element when closing Dialog component (#3365)
    • Fix flushSync warning for Combobox component with immediate prop enabled (#3366)
from @headlessui/react GitHub release notes
Package name: @next/third-parties
  • 14.2.7 - 2024-08-27

    Note

    This release is backporting bug fixes. It does not include all pending features/changes on canary.

    Core Changes

    • Revert "chore: externalize undici for bundling" (#65727)
    • Refactor internal routing headers to use request meta (#66987)
    • fix(next): add cross origin in react dom preload (#67423)
    • build: upgrade edge-runtime (#67565)
    • GTM dataLayer parameter should take an object, not an array of strings (#66339)
    • fix: properly patch lockfile against swc bindings (#66515)
    • Add deployment id header for rsc payload if present (#67255)
    • Update font data (#68639)
    • fix i18n data pathname resolving (#68947)
    • pages router: ensure x-middleware-cache is respected (#67734)
    • Fix bad modRequest in flight entry manifest #68888
    • Reject next image urls in image optimizer #68628
    • Fix hmr assetPrefix escaping and reuse logic from other files #67983

    Credits

    Huge thanks to @ kjugi, @ huozhi, @ ztanner, @ SukkaW, @ marlier, @ Kikobeats, @ syi0808, @ ijjk, and @ samcx for helping!

  • 14.2.6 - 2024-08-21
  • 14.2.5 - 2024-07-10
from @next/third-parties GitHub release notes
Package name: dayjs from dayjs GitHub release notes
Package name: firebase-admin
  • 12.4.0 - 2024-08-22

    Miscellaneous

    • [chore] Release 12.4.0 (#2674)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.38 to 0.2.39 (#2677)
    • chore: Deprecate sendToTopic and Condition (#2683)
    • build(deps): bump @ types/node from 22.1.0 to 22.3.0 (#2675)
    • build(deps-dev): bump mocha from 10.7.0 to 10.7.3 (#2670)
    • build(deps): bump @ google-cloud/storage from 7.12.0 to 7.12.1 (#2669)
    • build(deps): bump axios in /.github/actions/send-email (#2673)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.47.5 to 7.47.6 (#2671)
    • Reroute Cloud Tasks to emulator when it is running (#2649)
  • 12.3.1 - 2024-08-08

    Bug Fixes

    • fix: getToken() returns existing promise to a token if one exists instead of a new token. (#2648)

    Miscellaneous

    • [chore] Release 12.3.1 (#2667)
    • chore: Skip sendToDeviceGroup integration test (#2666)
    • build(deps-dev): bump @ microsoft/api-extractor from 7.47.2 to 7.47.5 (#2661)
    • build(deps): bump @ types/node from 22.0.1 to 22.1.0 (#2663)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.37 to 0.2.38 (#2664)
    • build(deps): bump @ types/node from 20.14.11 to 22.0.1 (#2657)
    • build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#2650)
    • build(deps-dev): bump @ firebase/app-compat from 0.2.35 to 0.2.37 (#2653)
    • build(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 (#2654)
from firebase-admin GitHub release notes
Package name: mongoose
  • 8.6.0 - 2024-08-28

    8.6.0 / 2024-08-28

    • feat: upgrade mongodb -> 6.8.0, handle throwing error on closed cursor in Mongoose with MongooseError instead of MongoCursorExhaustedError #14813
    • feat(model+query): support options parameter for distinct() #14772 #8006
    • feat(QueryCursor): add getDriverCursor() function that returns the raw driver cursor #14745
    • types: change query selector to disallow unknown top-level keys by default #14764 alex-statsig
    • types: make toObject() and toJSON() not generic by default to avoid type widening #14819 #12883
    • types: avoid automatically inferring lean result type when assigning to explicitly typed variable #14734
  • 8.5.5 - 2024-08-28

    8.5.5 / 2024-08-28

    • fix(populate): fix a couple of other places where Mongoose gets the document's _id with getters #14833 #14827 #14759
    • fix(discriminator): shallow clone Schema.prototype.obj before merging schemas to avoid modifying original obj #14821
    • types: fix schema type based on timestamps schema options value #14829 #14825 ark23CIS
  • 8.5.4 - 2024-08-23

    8.5.4 / 2024-08-23

    • fix: add empty string check for collection name passed #14806 Shubham2552
    • docs(model): add 'throw' as valid strict value for bulkWrite() and add some more clarification on throwOnValidationError #14809
  • 8.5.3 - 2024-08-13

    8.5.3 / 2024-08-13

    • fix(document): call required functions on subdocuments underneath nested paths with correct context #14801 #14788
    • fix(populate): avoid throwing error when no result and lean() set #14799 #14794 #14759 MohOraby
    • fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility #14774 #14771 #14623 #14394
    • types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & #14800 #14793
    • types: support schema type inference based on schema options timestamps as well #14773 #13215 ark23CIS
    • types(cursor): indicate that cursor.next() can return null #14798 #14787
    • types: allow mongoose.connection.db to be undefined #14797 #14789
    • docs: add schema type widening advice #14790 JstnMcBrd
from mongoose GitHub release notes
Package name: newrelic from newrelic GitHub release notes
Package name: next

@snyk-bot
fix: upgrade multiple dependencies with Snyk
b39dca4 
Snyk has created this PR to upgrade:
  - @aws-sdk/credential-provider-node from 3.632.0 to 3.637.0.
    See this package in npm: https://www.npmjs.com/package/@aws-sdk/credential-provider-node
  - @aws-sdk/client-ses from 3.632.0 to 3.637.0.
    See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-ses
  - @headlessui/react from 2.1.2 to 2.1.3.
    See this package in npm: https://www.npmjs.com/package/@headlessui/react
  - @next/third-parties from 14.2.5 to 14.2.7.
    See this package in npm: https://www.npmjs.com/package/@next/third-parties
  - @openreplay/tracker from 14.0.4 to 14.0.5.
    See this package in npm: https://www.npmjs.com/package/@openreplay/tracker
  - dayjs from 1.11.12 to 1.11.13.
    See this package in npm: https://www.npmjs.com/package/dayjs
  - firebase-admin from 12.3.1 to 12.4.0.
    See this package in npm: https://www.npmjs.com/package/firebase-admin
  - mongoose from 8.5.3 to 8.6.0.
    See this package in npm: https://www.npmjs.com/package/mongoose
  - newrelic from 12.1.1 to 12.3.0.
    See this package in npm: https://www.npmjs.com/package/newrelic
  - next from 14.2.5 to 14.2.7.
    See this package in npm: https://www.npmjs.com/package/next
  - stripe from 16.8.0 to 16.9.0.
    See this package in npm: https://www.npmjs.com/package/stripe

See this project in Snyk:
https://app.snyk.io/org/k2xl/project/cf09253a-8e4c-4f7f-b75f-a1763e5c78eb?utm_source=github&utm_medium=referral&page=upgrade-pr
@sspenst sspenst closed this Oct 13, 2024
@sspenst sspenst deleted the snyk-upgrade-383a12031719f91717faa46d9030d148 branch January 27, 2025 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@k2xl @sspenst @snyk-bot