Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security(deps): bump formidable and superagent #2162

Merged
merged 1 commit into from
Apr 24, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 24, 2024

Bumps formidable to 3.5.1 and updates ancestor dependency superagent. These dependencies need to be updated together.

Updates formidable from 2.1.2 to 3.5.1

Release notes

Sourced from formidable's releases.

v3.2.5

No release notes provided.

3.2.4

No release notes provided.

3.1.4

https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md

Changelog

Sourced from formidable's changelog.

3.5.1

  • fix: (#945) multipart parser fix: flush or fail always (don't hang)

3.5.0

  • feature: (#944) Dual package: Can be imported as ES module and required as commonjs module

3.4.0

  • feature: (#940) form.parse returns a promise if no callback is provided
  • it resolves with an array [fields, files]

3.3.2

  • feature: (#855) add options.createDirsFromUploads, see README for usage
  • form.parse is an async function (ignore the promise)
  • benchmarks: add e2e becnhmark with as many request as possible per second
    • npm run to display all the commands
  • mark as latest on npm

3.2.5

  • fix: (#881) fail earlier when maxFiles is exceeded

3.2.4

  • fix: (#857) improve keep extension
  • The code from before 3.2.4 already removed some characters from the file extension. But not always. So it was inconsistent.
  • The new code cuts the file extension at the first invalid character (invalid in a file extension).
  • The characters that are considered invalid inside a file extension are all except the . numbers and a-Z.
  • This change only has an effect if filename option is not used and keepextension option is used

3.2.3

  • fix: (#852) end event is emitted once

3.2.2

3.2.1

  • fix: do not let empty file on error (#796)
  • it was probably due to the fact that .destroy on a file stream does not always complete on time

... (truncated)

Commits

Updates superagent from 8.1.2 to 9.0.1

Release notes

Sourced from superagent's releases.

v9.0.1

  • Merge pull request #1796 from mmmmmrob/patch-2 68f7bb1
  • Merge branch 'master' into patch-2 450f7b2
  • Merge pull request #1794 from SukkaW/replace-polyfill-io ea633d7
  • Merge pull request #1791 from HannesOberreiter/patch-1 e334068
  • Update README.md a5c39b2
  • Add superagent-cheerio to the readme 0165c7c
  • docs: no longer recommend polyfill.io da9ff20
  • Update README.md c4205e0

ladjs/superagent@v9.0.0...v9.0.1

v9.0.0

  • fix: fixed ci job not installing npm deps 489708e
  • fix: fix numeric identifier issue ea2577e
  • fix: drop support for node < v14.18.0 due to formidable node:fs scope import statement (per #1800) 23fe5ab
  • Merge pull request #1800 from tomstrong64/master 03de30c
  • fix: formidable v3 multipart form contents mapped to expected format b9c7837
  • Update formidable 3ee138d
  • test: replace should with node:assert (#1782) 1c8338b
  • test: replace should with node:assert (#1780) 0dc80d1
  • Merge pull request #1777 from jimmywarting/classify 83e92cb
  • classify agent fca95a3

ladjs/superagent@v8.1.2...v9.0.0

Commits
  • b368f62 9.0.1
  • 68f7bb1 Merge pull request #1796 from mmmmmrob/patch-2
  • 450f7b2 Merge branch 'master' into patch-2
  • ea633d7 Merge pull request #1794 from SukkaW/replace-polyfill-io
  • e334068 Merge pull request #1791 from HannesOberreiter/patch-1
  • fc27f36 9.0.0
  • 489708e fix: fixed ci job not installing npm deps
  • ea2577e fix: fix numeric identifier issue
  • 23fe5ab fix: drop support for node < v14.18.0 due to formidable node:fs scope import ...
  • 03de30c Merge pull request #1800 from tomstrong64/master
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by titanism, a new releaser for superagent since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 24, 2024
@bizob2828 bizob2828 added the dev:deps Indicates updates to dev deps only label Apr 24, 2024
@bizob2828
Copy link
Member

@dependabot rebase

Bumps [formidable](https://github.com/node-formidable/formidable) to 3.5.1 and updates ancestor dependency [superagent](https://github.com/ladjs/superagent). These dependencies need to be updated together.


Updates `formidable` from 2.1.2 to 3.5.1
- [Release notes](https://github.com/node-formidable/formidable/releases)
- [Changelog](https://github.com/node-formidable/formidable/blob/master/CHANGELOG.md)
- [Commits](https://github.com/node-formidable/formidable/commits/v3.5.1)

Updates `superagent` from 8.1.2 to 9.0.1
- [Release notes](https://github.com/ladjs/superagent/releases)
- [Changelog](https://github.com/ladjs/superagent/blob/master/HISTORY.md)
- [Commits](ladjs/superagent@v8.1.2...v9.0.1)

---
updated-dependencies:
- dependency-name: formidable
  dependency-type: indirect
- dependency-name: superagent
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file dev:deps Indicates updates to dev deps only
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

1 participant