chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #112

dependabot · 2024-06-11T20:28:28Z

Bumps the npm_and_yarn group with 7 updates in the /app/event-handler directory:

Package	From	To
@azure/identity	`2.1.0`	`4.2.1`
braces	`3.0.2`	`3.0.3`
fast-xml-parser	`4.0.9`	`4.4.0`
jsonwebtoken	`9.0.0`	`9.0.2`
word-wrap	`1.2.3`	`1.2.5`
xml2js	`0.4.23`	`0.5.0`
@azure/core-http	`2.2.7`	`2.3.2`

Bumps the npm_and_yarn group with 5 updates in the /app/runner-controller directory:

Package	From	To
@azure/identity	`2.1.0`	`4.2.1`
braces	`3.0.2`	`3.0.3`
fast-xml-parser	`4.0.11`	`4.4.0`
word-wrap	`1.2.4`	`1.2.5`
express	`4.18.1`	`4.19.2`

Updates @azure/identity from 2.1.0 to 4.2.1

Commits

183d301 Upgrade to a version ESRP Release that supports federated auth (#29612)
9a2afdf [identity] Prep for release (#29981)
3caf203 [identity] Prepare identity for May release (#29441)
0a69729 [core] CHANGELOG date for @azure-rest/core-client release (#29440)
88d244a Sync eng/common directory with azure-sdk-tools for PR 8158 (#29423)
7706373 [template-dpg] Suppress build failure (#29437)
769c1b1 [EngSys] Update name of @azure-tools/test-utils NO_CI
8cd5bc2 [core] New multipart/form-data primitive in core-client-rest (#29047)
73b9faa [identity] Add changelog entry for MSALClient migration (#29419)
b8e63a5 Post release automated changes for notificationhubs releases (#29431)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @azure/identity since your current version.

Updates @azure/msal-node from 1.15.0 to 2.9.2

Release notes

Sourced from @azure/msal-node's releases.

@azure/msal-node v2.9.2

2.9.2

Mon, 10 Jun 2024 22:30:36 GMT

Patches

Fixed msal-node unit tests for PoP token support #��7119 (lalimasharda@microsoft.com)

Implementation Based on Feature Request #7151 (rginsburg@microsoft.com)

Bump @azure/msal-common to v14.12.0 (beachball)

Bump eslint-config-msal to v0.0.0 (beachball)

@azure/msal-node v2.9.1

2.9.1

Tue, 04 Jun 2024 00:08:57 GMT

Patches

Bump @azure/msal-common to v14.11.0 (beachball)

Bump eslint-config-msal to v0.0.0 (beachball)

@azure/msal-node v2.9.0

2.9.0

Tue, 28 May 2024 21:37:23 GMT

Minor changes

Added API for Managed Identity to detect the current environment #7093 (rginsburg@microsoft.com)

Bump eslint-config-msal to v0.0.0 (beachball)

@azure/msal-node v2.8.0

2.8.0

Mon, 06 May 2024 23:48:17 GMT

Minor changes

Client Assertion Implementation now accepts a callback instead of a string argument (rginsburg@microsoft.com)

Bump @azure/msal-common to v14.10.0 (beachball)

Bump eslint-config-msal to v0.0.0 (beachball)

Patches

Fixed inconsistencies with cancellationToken (timeout) (rginsburg@microsoft.com)

ClientCredential and OBO acquireToken requests with claims will now skip the cache (rginsburg@microsoft.com)

Managed Identity: ManagedIdentityTokenResponses expires_in is now calculated correctly (rginsburg@microsoft.com)

Removed Managed Identity Resource URI Validation (rginsburg@microsoft.com)

... (truncated)

Commits

1b0fc20 Bump package versions
5685c8c Update lab request scope (#7155)
25aefea Support pop as optional for full framed apps (#7119)
7563498 Update package-lock (#7152)
3893cce Update gatsby and angular samples (#7150)
3ee9c68 Implementation Based on Feature Request (#7151)
cc18b42 Remove outdated TS Sample (#7149)
46f6e8a Bump package versions
8e4b664 Fix MSAL Angular MsalInterceptor bug matching to query string (#7137)
69e58c3 Update regional-authorities.md (#7078)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by azuread, a new releaser for @azure/msal-node since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates fast-xml-parser from 4.0.9 to 4.4.0

Release notes

Sourced from fast-xml-parser's releases.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.0 / 2024-05-18

fix #654: parse attribute list correctly for self closing stop node.

fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)

fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

code for v5 is added for experimental use

4.3.4 / 2024-01-10

fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

Remove unnecessary regex

4.3.2 / 2023-10-02

fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))

Fix #610 ignore properties set to Object.prototype

Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)

Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

change code implementation

4.2.4 / 2023-06-06

fix security bug

4.2.3 / 2023-06-05

fix security bug

4.2.2 / 2023-04-18

fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag

4.2.1 / 2023-04-18

... (truncated)

Commits

96f7501 update package detail
151b8f4 fix #654: parse attribute list correctly for self closing stop node
1a384a5 Run PR tests on node 16
2ae1f62 fix: return type for tagValueProcessor & attributeValueProcessor (#582)
9118736 docs: fix typos in v5 document fast-xml-parse (#650)
a96b968 fix: validator bag when closing tag is not opened. (#647)
3ab1b3b update pcakge detail
4c26aaa fix v5 options, add docs
391f24f Add support for parsing HTML numeric entities (#645)
072b2b0 update dev dependencies
Additional commits viewable in compare view

Updates jsonwebtoken from 9.0.0 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.

refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

fix(stubs): allow decode method to be stubbed

Commits

bc28861 Release 9.0.2 (#935)
96b8906 refactor: use specific lodash packages (#933)
ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
84539b2 Updating package version to 9.0.1 (#920)
a99fd4b fix(stubs): allow decode method to be stubbed (#876)
See full diff in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates xml2js from 0.4.23 to 0.5.0

Commits

See full diff in compare view

Updates @azure/core-http from 2.2.7 to 2.3.2

Commits

863622f set version
de86985 Sync eng/common directory with azure-sdk-tools for PR 5918 (#25467)
5fc37df [core-lro] Remove broken link (#24631)
9b3f06a Port PR #25502 from main
1df8a1c [core-http] undo PR #23660 to fix storage-blob
6684e1c [Language Text] Mitigation for modifiedOn (#23729)
e7b7a32 Added change log for version 3.17.2 (#23689)
9158f92 [Anomaly Detector] Enable CI and add tests (#23725)
526926a Upgrade TypeScript to 4.8 for most packages (#23730)
ceb5483 [engsys] bump api-extractor and typescript versions (#23726)
Additional commits viewable in compare view

Updates @azure/identity from 2.1.0 to 4.2.1

Commits

183d301 Upgrade to a version ESRP Release that supports federated auth (#29612)
9a2afdf [identity] Prep for release (#29981)
3caf203 [identity] Prepare identity for May release (#29441)
0a69729 [core] CHANGELOG date for @azure-rest/core-client release (#29440)
88d244a Sync eng/common directory with azure-sdk-tools for PR 8158 (#29423)
7706373 [template-dpg] Suppress build failure (#29437)
769c1b1 [EngSys] Update name of @azure-tools/test-utils NO_CI
8cd5bc2 [core] New multipart/form-data primitive in core-client-rest (#29047)
73b9faa [identity] Add changelog entry for MSALClient migration (#29419)
b8e63a5 Post release automated changes for notificationhubs releases (#29431)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @azure/identity since your current version.

Updates @azure/msal-node from 1.14.1 to 2.9.2

Release notes

Sourced from @azure/msal-node's releases.

@azure/msal-node v2.9.2

2.9.2

Mon, 10 Jun 2024 22:30:36 GMT

Patches

Fixed msal-node unit tests for PoP token support #��7119 (lalimasharda@microsoft.com)

Implementation Based on Feature Request #7151 (rginsburg@microsoft.com)

Bump @azure/msal-common to v14.12.0 (beachball)

Bump eslint-config-msal to v0.0.0 (beachball)

@azure/msal-node v2.9.1

2.9.1

Tue, 04 Jun 2024 00:08:57 GMT

Patches

Bump @azure/msal-common to v14.11.0 (beachball)

Bump eslint-config-msal to v0.0.0 (beachball)

@azure/msal-node v2.9.0

2.9.0

Tue, 28 May 2024 21:37:23 GMT

Minor changes

Added API for Managed Identity to detect the current environment #7093 (rginsburg@microsoft.com)

Bump eslint-config-msal to v0.0.0 (beachball)

@azure/msal-node v2.8.0

2.8.0

Mon, 06 May 2024 23:48:17 GMT

Minor changes

Client Assertion Implementation now accepts a callback instead of a string argument (rginsburg@microsoft.com)

Bump @azure/msal-common to v14.10.0 (beachball)

Bump eslint-config-msal to v0.0.0 (beachball)

Patches

Fixed inconsistencies with cancellationToken (timeout) (rginsburg@microsoft.com)

ClientCredential and OBO acquireToken requests with claims will now skip the cache (rginsburg@microsoft.com)

Managed Identity: ManagedIdentityTokenResponses expires_in is now calculated correctly (rginsburg@microsoft.com)

Removed Managed Identity Resource URI Validation (rginsburg@microsoft.com)

... (truncated)

Commits

1b0fc20 Bump package versions
5685c8c Update lab request scope (#7155)
25aefea Support pop as optional for full framed apps (#7119)
7563498 Update package-lock (#7152)
3893cce Update gatsby and angular samples (#7150)
3ee9c68 Implementation Based on Feature Request (#7151)
cc18b42 Remove outdated TS Sample (#7149)
46f6e8a Bump package versions
8e4b664 Fix MSAL Angular MsalInterceptor bug matching to query string (#7137)
69e58c3 Update regional-authorities.md (#7078)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by azuread, a new releaser for @azure/msal-node since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates fast-xml-parser from 4.0.11 to 4.4.0

Release notes

Sourced from fast-xml-parser's releases.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.0 / 2024-05-18

fix #654: parse attribute list correctly for self closing stop node.

fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)

fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

code for v5 is added for experimental use

4.3.4 / 2024-01-10

fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

Remove unnecessary regex

4.3.2 / 2023-10-02

fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))

Fix #610 ignore properties set to Object.prototype

Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)

Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

change code implementation

4.2.4 / 2023-06-06

fix security bug

4.2.3 / 2023-06-05

fix security bug

4.2.2 / 2023-04-18

fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag

4.2.1 / 2023-04-18

... (truncated)

Commits

96f7501 update package detail
151b8f4 fix #654: parse attribute list correctly for self closing stop node
1a384a5 Run PR tests on node 16
2ae1f62 fix: return type for tagValueProcessor & attributeValueProcessor (#582)
9118736 docs: fix typos in v5 document fast-xml-parse (#650)
a96b968 fix: validator bag when closing tag is not opened. (#647)
3ab1b3b update pcakge detail
4c26aaa fix v5 options, add docs
391f24f Add support for parsing HTML numeric entities (#645)
072b2b0 update dev dependencies
Additional commits viewable in compare view

Updates word-wrap from 1.2.4 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates express from 4.18.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

Fix ci after location patch by @wesleytodd in expressjs/express#5552

fixed un-edited version in history.md for 4.19.0 by @wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

fix typo in release date by @UlisesGascon in expressjs/express#5527

docs: nominating @wesleytodd to be project captian by @wesleytodd in expressjs/express#5511

docs: loosen TC activity rules by @wesleytodd in expressjs/express#5510

Add note on how to update docs for new release by @crandmck in expressjs/express#5541

Prevent open redirect allow list bypass due to encodeurl

Release 4.19.0 by @wesleytodd in expressjs/express#5551

New Contributors

@crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

Other Changes

Use https: protocol instead of deprecated git: protocol by @vcsjones in expressjs/express#5032

build: Node.js@16.18 and Node.js@18.12 by @abenhamdine in expressjs/express#5034

ci: update actions/checkout to v3 by @armujahid in expressjs/express#5027

test: remove unused function arguments in params by @raksbisht in expressjs/express#5124

Remove unused originalIndex from acceptParams by @raksbisht in expressjs/express#5119

Fixed typos by @raksbisht in expressjs/express#5117

examples: remove unused params by @raksbisht in expressjs/express#5113

fix: parameter str is not described in JSDoc by @raksbisht in expressjs/express#5130

fix: typos in History.md by @raksbisht in expressjs/express#5131

build : add Node.js@19.7 by @abenhamdine in expressjs/express#5028

test: remove unused function arguments in params by @raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

Prevent open redirect allow list bypass due to encodeurl

deps: cookie@0.6.0

4.18.3 / 2024-02-29

Fix routing requests without method

deps: body-parser@1.20.2

Fix strict json error message on Node.js 19+

deps: content-type@~1.0.5

deps: raw-body@2.5.2

deps: cookie@0.6.0

Add partitioned option

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: body-parser@1.20.1

deps: qs@6.11.0

perf: remove unnecessary object clone

deps: qs@6.11.0

Commits

04bc627 4.19.2
da4d763 Improved fix for open redirect allow list bypass
4f0f6cc 4.19.1
a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
a1fa90f fixed un-edited version in history.md for 4.19.0
11f2b1d build: fix build due to inconsistent supertest behavior in older versions
084e365 4.19.0
0867302 Prevent open redirect allow list bypass due to encodeurl
567c9c6 Add note on how to update docs for new release (#5541)
69a4cf2 deps: cookie@0.6.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…updates Bumps the npm_and_yarn group with 7 updates in the /app/event-handler directory: | Package | From | To | | --- | --- | --- | | [@azure/identity](https://github.com/Azure/azure-sdk-for-js) | `2.1.0` | `4.2.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.0.9` | `4.4.0` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `9.0.0` | `9.0.2` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) | `0.4.23` | `0.5.0` | | [@azure/core-http](https://github.com/Azure/azure-sdk-for-js) | `2.2.7` | `2.3.2` | Bumps the npm_and_yarn group with 5 updates in the /app/runner-controller directory: | Package | From | To | | --- | --- | --- | | [@azure/identity](https://github.com/Azure/azure-sdk-for-js) | `2.1.0` | `4.2.1` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.0.11` | `4.4.0` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.4` | `1.2.5` | | [express](https://github.com/expressjs/express) | `4.18.1` | `4.19.2` | Updates `@azure/identity` from 2.1.0 to 4.2.1 - [Release notes](https://github.com/Azure/azure-sdk-for-js/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md) - [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/identity_2.1.0...@azure/identity_4.2.1) Updates `@azure/msal-node` from 1.15.0 to 2.9.2 - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases) - [Commits](AzureAD/microsoft-authentication-library-for-js@msal-node-v1.15.0...msal-node-v2.9.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `fast-xml-parser` from 4.0.9 to 4.4.0 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.0.9...v4.4.0) Updates `jsonwebtoken` from 9.0.0 to 9.0.2 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v9.0.0...v9.0.2) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `xml2js` from 0.4.23 to 0.5.0 - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits/0.5.0) Updates `@azure/core-http` from 2.2.7 to 2.3.2 - [Release notes](https://github.com/Azure/azure-sdk-for-js/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md) - [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/core-http_2.2.7...@azure/core-http_2.3.2) Updates `@azure/identity` from 2.1.0 to 4.2.1 - [Release notes](https://github.com/Azure/azure-sdk-for-js/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-js/blob/main/documentation/Changelog-for-next-generation.md) - [Commits](https://github.com/Azure/azure-sdk-for-js/compare/@azure/identity_2.1.0...@azure/identity_4.2.1) Updates `@azure/msal-node` from 1.14.1 to 2.9.2 - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases) - [Commits](AzureAD/microsoft-authentication-library-for-js@msal-node-v1.15.0...msal-node-v2.9.2) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `fast-xml-parser` from 4.0.11 to 4.4.0 - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.0.9...v4.4.0) Updates `word-wrap` from 1.2.4 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `express` from 4.18.1 to 4.19.2 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.1...4.19.2) --- updated-dependencies: - dependency-name: "@azure/identity" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@azure/msal-node" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: jsonwebtoken dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: xml2js dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@azure/core-http" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@azure/identity" dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: "@azure/msal-node" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fast-xml-parser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: express dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from a team as a code owner June 11, 2024 20:28

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 11, 2024

dependabot bot mentioned this pull request Jun 11, 2024

chore(deps): bump the npm_and_yarn group across 2 directories with 6 updates #111

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #112

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #112

dependabot bot commented on behalf of github Jun 11, 2024

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #112

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #112

Conversation

dependabot bot commented on behalf of github Jun 11, 2024

@​azure/msal-node v2.9.2

2.9.2

Patches

@​azure/msal-node v2.9.1

2.9.1

Patches

@​azure/msal-node v2.9.0

2.9.0

Minor changes

@​azure/msal-node v2.8.0

2.8.0

Minor changes

Patches

Security Fix

9.0.2 - 2023-08-30

9.0.1 - 2023-07-05

1.2.5

1.2.4

What's Changed

New Contributors

@​azure/msal-node v2.9.2

2.9.2

Patches

@​azure/msal-node v2.9.1

2.9.1

Patches

@​azure/msal-node v2.9.0

2.9.0

Minor changes

@​azure/msal-node v2.8.0

2.8.0

Minor changes

Patches

Security Fix

1.2.5

1.2.4

What's Changed

New Contributors

4.19.2

What's Changed

4.19.1

What's Changed

4.19.0

What's Changed

New Contributors

4.18.3

Main Changes

Other Changes

4.19.2 / 2024-03-25

4.19.1 / 2024-03-20

4.19.0 / 2024-03-20

4.18.3 / 2024-02-29

4.18.2 / 2022-10-08

`@azure/msal-node` v2.9.2

`@azure/msal-node` v2.9.1

`@azure/msal-node` v2.9.0

`@azure/msal-node` v2.8.0

`@azure/msal-node` v2.9.2

`@azure/msal-node` v2.9.1

`@azure/msal-node` v2.9.0

`@azure/msal-node` v2.8.0