Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running npm audit fix on several samples #827

Merged
merged 1 commit into from
Sep 12, 2024
Merged

Conversation

AlexJerabek
Copy link
Collaborator

Q A
Bug fix? no
New feature? no
New sample? no -
Related issues?

What's in this Pull Request?

This PR runs npm audit fix on several samples to address security vulnerabilities in the dependencies.

@AlexJerabek
Copy link
Collaborator Author

@davidchesnut, any objections to me checking this in?

@AlexJerabek AlexJerabek merged commit 6b10ae0 into main Sep 12, 2024
1 check passed
@AlexJerabek AlexJerabek deleted the AlexJ-Audit-8-13 branch September 12, 2024 20:27
davidchesnut added a commit that referenced this pull request Oct 18, 2024
* Bump path-to-regexp and express (#847)

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `path-to-regexp` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump serve-static and express in /Samples/word-citation-management (#849)

Bumps [serve-static](https://github.com/expressjs/serve-static) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `serve-static` from 1.15.0 to 1.16.2
- [Release notes](https://github.com/expressjs/serve-static/releases)
- [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md)
- [Commits](expressjs/serve-static@v1.15.0...v1.16.2)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: serve-static
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump path-to-regexp and express (#848)

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `path-to-regexp` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v1.8.0...v1.9.0)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump send and express (#851)

Bumps [send](https://github.com/pillarjs/send) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](pillarjs/send@0.18.0...0.19.0)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](expressjs/express@4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: send
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Outlook NAA update libraries (#833)

* update package and library versions

* Add debug files

* Remove getAuthContext parts as not needed for Outlook

* Running npm audit fix on several samples (#827)

* [Outlook] (event-based activation) Remove platform check from samples (#846)

* Remove platform check

* Remove additional instance

* initial commit

* draft getting files in ie11 webview

* lists files on task pane.

* works for ie and edge webviews

* add sign out for ie11

* code refactoring supports edge and ie webviews

* add signout support and refactoring

* refactoring pass

* add NAA fallback for popup bug

* fixes so that fallback code is working.

* clean up comments and code usage

* add sign out button

* refactoring

* [Word] (keyboard shortcuts) Update sample to include support in Word (#853)

* Add support in Word

* Update screenshot and apply minor fixes

* Fix punctuation

* Apply suggestions from code review

Co-authored-by: Elizabeth Samuel <[email protected]>

* Apply suggestions from review

Co-authored-by: Elizabeth Samuel <[email protected]>

---------

Co-authored-by: Elizabeth Samuel <[email protected]>

* [Word] (keyboard shortcuts) Fix format of note (#858)

* sign-out button and fallback fixes

* fixes to sample

* rename sample

* rename folder

* modify description

* fix path to file in README (#859)

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/README.md

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/README.md

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/assets/sample.json

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/assets/sample.json

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/src/taskpane/fallback/dialog.html

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/README.md

Co-authored-by: Alex Jerabek <[email protected]>

* review comments

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/README.md

Co-authored-by: Alex Jerabek <[email protected]>

* fix internet explorer casing

* Update Samples/auth/Outlook-Add-in-SSO-NAA-IE/assets/sample.json

Co-authored-by: Alex Jerabek <[email protected]>

* fix wrong script path in NAA event sample (#864)

* bump @azure/msal-browser to 3.24.0 for NAA samples (#863)

* [All hosts] Update CDN URL (#865)

* [Outlook] - Update Outlook NAA sample to use standard public client as fallback. (#866)

* use standard public client application in fallback path

* Update Samples/auth/Outlook-Add-in-SSO-NAA/src/taskpane/fallback/fallbackauthdialog.ts

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA/src/taskpane/fallback/dialog.html

Co-authored-by: Alex Jerabek <[email protected]>

* Update Samples/auth/Outlook-Add-in-SSO-NAA/src/taskpane/taskpane.html

Co-authored-by: Alex Jerabek <[email protected]>

---------

Co-authored-by: Alex Jerabek <[email protected]>

* Bump cookie, cookie-parser and express (#869)

Bumps [cookie](https://github.com/jshttp/cookie) to 0.7.2 and updates ancestor dependencies [cookie](https://github.com/jshttp/cookie), [cookie-parser](https://github.com/expressjs/cookie-parser) and [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `cookie` from 0.4.1 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.4.1...v0.7.2)

Updates `cookie-parser` from 1.4.6 to 1.4.7
- [Release notes](https://github.com/expressjs/cookie-parser/releases)
- [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md)
- [Commits](expressjs/cookie-parser@1.4.6...1.4.7)

Updates `express` from 4.19.2 to 4.21.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md)
- [Commits](expressjs/express@4.19.2...4.21.1)

---
updated-dependencies:
- dependency-name: cookie
  dependency-type: indirect
- dependency-name: cookie-parser
  dependency-type: direct:production
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump rollup in /Samples/Office.ASP.NETCoreReactAddins/excel-js/ClientApp (#856)

Bumps [rollup](https://github.com/rollup/rollup) from 2.70.1 to 2.79.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v2.70.1...v2.79.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump cookie and express (#870)

Bumps [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `cookie` from 0.6.0 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.6.0...v0.7.1)

Updates `express` from 4.20.0 to 4.21.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md)
- [Commits](expressjs/express@4.20.0...4.21.1)

---
updated-dependencies:
- dependency-name: cookie
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix sample not loading in es6 runtime (#873)

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Jerabek <[email protected]>
Co-authored-by: Sam Ramon <[email protected]>
Co-authored-by: Elizabeth Samuel <[email protected]>
Co-authored-by: Dan Saunders <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants