Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.3.0 #87

Merged
merged 10 commits into from
Jan 7, 2025
Merged

v2.3.0 #87

merged 10 commits into from
Jan 7, 2025

Conversation

PrawiraGenestonlia
Copy link
Contributor

Updating vulnerable packages

kwajiehao and others added 10 commits October 16, 2023 17:17
@kwajiehao
Merge pull request #71 from opengovsg/release-v2.2.0
7d8f686 
Release v2.2.0
@dependabot
chore(deps): bump next in /test/conformance/demo-rp
30df878 
Bumps [next](https://github.com/vercel/next.js) from 13.4.2 to 14.2.15.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.4.2...v14.2.15)

---
updated-dependencies:
- dependency-name: next
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@spaceraccoon
Merge pull request #80 from opengovsg/dependabot/npm_and_yarn/test/co…
9723975 
…nformance/demo-rp/next-14.2.15

chore(deps): bump next from 13.4.2 to 14.2.15 in /test/conformance/demo-rp
@dependabot
chore(deps): bump the npm_and_yarn group across 5 directories with 13…
5add539 
… updates

Bumps the npm_and_yarn group with 3 updates in the / directory: [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse), [cookie](https://github.com/jshttp/cookie) and [msw](https://github.com/mswjs/msw).
Bumps the npm_and_yarn group with 3 updates in the /examples/express directory: [cookie](https://github.com/jshttp/cookie), [cookie-parser](https://github.com/expressjs/cookie-parser) and [express](https://github.com/expressjs/express).
Bumps the npm_and_yarn group with 4 updates in the /examples/nextjs-csr directory: [cookie](https://github.com/jshttp/cookie), [cookies-next](https://github.com/andreizanik/cookies-next), [next](https://github.com/vercel/next.js) and [postcss](https://github.com/postcss/postcss).
Bumps the npm_and_yarn group with 2 updates in the /examples/nextjs-ssr directory: [next](https://github.com/vercel/next.js) and [postcss](https://github.com/postcss/postcss).
Bumps the npm_and_yarn group with 5 updates in the /test/conformance/demo-rp directory:

| Package | From | To |
| --- | --- | --- |
| [cookie](https://github.com/jshttp/cookie) | `0.4.2` | `1.0.2` |
| [cookies-next](https://github.com/andreizanik/cookies-next) | `2.1.1` | `5.0.2` |
| [next](https://github.com/vercel/next.js) | `14.2.15` | `15.1.2` |
| [postcss](https://github.com/postcss/postcss) | `8.4.23` | `8.4.49` |
| [webpack](https://github.com/webpack/webpack) | `5.84.1` | `5.97.1` |



Updates `@babel/traverse` from 7.21.3 to 7.26.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.4/packages/babel-traverse)

Updates `cookie` from 0.4.2 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.2)

Updates `msw` from 1.2.1 to 2.7.0
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v1.2.1...v2.7.0)

Updates `cookie` from 0.4.1 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.2)

Updates `cookie-parser` from 1.4.6 to 1.4.7
- [Release notes](https://github.com/expressjs/cookie-parser/releases)
- [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md)
- [Commits](expressjs/cookie-parser@1.4.6...1.4.7)

Updates `express` from 4.18.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.2...4.21.2)

Updates `express` from 4.18.2 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.18.2...4.21.2)

Updates `body-parser` from 1.20.1 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.1...1.20.3)

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `cookie` from 0.4.2 to 1.0.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.2)

Updates `cookies-next` from 2.1.1 to 5.0.2
- [Release notes](https://github.com/andreizanik/cookies-next/releases)
- [Commits](andreizanik/cookies-next@v2.1.1...v5.0.2)

Updates `next` from 13.4.2 to 15.1.2
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.4.2...v15.1.2)

Updates `postcss` from 8.4.23 to 8.4.49
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.23...8.4.49)

Updates `nanoid` from 3.3.6 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.6...3.3.8)

Updates `next` from 13.4.1 to 14.2.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.4.2...v15.1.2)

Updates `postcss` from 8.4.23 to 8.4.49
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.23...8.4.49)

Updates `nanoid` from 3.3.6 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.6...3.3.8)

Updates `cookie` from 0.4.2 to 1.0.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.2...v0.7.2)

Updates `cookies-next` from 2.1.1 to 5.0.2
- [Release notes](https://github.com/andreizanik/cookies-next/releases)
- [Commits](andreizanik/cookies-next@v2.1.1...v5.0.2)

Updates `next` from 14.2.15 to 15.1.2
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.4.2...v15.1.2)

Updates `postcss` from 8.4.23 to 8.4.49
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.23...8.4.49)

Updates `nanoid` from 3.3.6 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.6...3.3.8)

Updates `webpack` from 5.84.1 to 5.97.1
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](webpack/webpack@v5.84.1...v5.97.1)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: msw
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie-parser
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: body-parser
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: send
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: serve-static
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookies-next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookies-next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: webpack
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps-dev): bump braces
7655415 
Bumps the npm_and_yarn group with 1 update in the / directory: [braces](https://github.com/micromatch/braces).


Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@spaceraccoon
Merge pull request #83 from opengovsg/dependabot/npm_and_yarn/npm_and…
c059e91 
…_yarn-5134b82be1

chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory
@spaceraccoon
Merge pull request #82 from opengovsg/dependabot/npm_and_yarn/npm_and…
d744e46 
…_yarn-7fa1940595

chore(deps): bump the npm_and_yarn group across 5 directories with 13 updates
@PrawiraGenestonlia
fix: msw and jose version
24ca2b1
@PrawiraGenestonlia
Merge pull request #84 from opengovsg/fix/package-vul
24ea1f2 
fix: msw and jose version
@PrawiraGenestonlia
2.3.0
5ad5344
mantariksh
mantariksh approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@mantariksh mantariksh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

checked breaking changes in jose v5 as well, we shouldn't be affected: https://github.com/panva/jose/blob/main/CHANGELOG.md

@PrawiraGenestonlia PrawiraGenestonlia merged commit b9e60ec into release Jan 7, 2025
9 checks passed
@PrawiraGenestonlia PrawiraGenestonlia deleted the rel/2.3.0 branch January 7, 2025 04:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mantariksh mantariksh mantariksh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PrawiraGenestonlia @mantariksh @kwajiehao @spaceraccoon