[Snyk] Upgrade: , , , , dayjs, firebase-admin, mongoose, newrelic, next #1158
+344
−344
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @aws-sdk/credential-provider-node from 3.632.0 to 3.637.0.
See this package in npm: https://www.npmjs.com/package/@aws-sdk/credential-provider-node
- @aws-sdk/client-ses from 3.632.0 to 3.637.0.
See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-ses
- @headlessui/react from 2.1.2 to 2.1.3.
See this package in npm: https://www.npmjs.com/package/@headlessui/react
- @next/third-parties from 14.2.5 to 14.2.7.
See this package in npm: https://www.npmjs.com/package/@next/third-parties
- dayjs from 1.11.12 to 1.11.13.
See this package in npm: https://www.npmjs.com/package/dayjs
- firebase-admin from 12.3.1 to 12.4.0.
See this package in npm: https://www.npmjs.com/package/firebase-admin
- mongoose from 8.5.3 to 8.5.4.
See this package in npm: https://www.npmjs.com/package/mongoose
- newrelic from 12.1.1 to 12.3.0.
See this package in npm: https://www.npmjs.com/package/newrelic
- next from 14.2.5 to 14.2.7.
See this package in npm: https://www.npmjs.com/package/next
See this project in Snyk:
https://app.snyk.io/org/k2xl/project/cf09253a-8e4c-4f7f-b75f-a1763e5c78eb?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@aws-sdk/credential-provider-node
from 3.632.0 to 3.637.0 | 2 versions ahead of your current version | a month ago
on 2024-08-22
@aws-sdk/client-ses
from 3.632.0 to 3.637.0 | 3 versions ahead of your current version | a month ago
on 2024-08-22
@headlessui/react
from 2.1.2 to 2.1.3 | 1 version ahead of your current version | a month ago
on 2024-08-23
@next/third-parties
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 22 days ago
on 2024-08-27
dayjs
from 1.11.12 to 1.11.13 | 1 version ahead of your current version | a month ago
on 2024-08-20
firebase-admin
from 12.3.1 to 12.4.0 | 1 version ahead of your current version | a month ago
on 2024-08-22
mongoose
from 8.5.3 to 8.5.4 | 1 version ahead of your current version | a month ago
on 2024-08-23
newrelic
from 12.1.1 to 12.3.0 | 2 versions ahead of your current version | 22 days ago
on 2024-08-27
next
from 14.2.5 to 14.2.7 | 2 versions ahead of your current version | 22 days ago
on 2024-08-27
Release notes
Package name: @aws-sdk/credential-provider-node
-
3.637.0 - 2024-08-22
- util-endpoints: update aws partitions.json (9d2511b8)
- endpoints: update endpoints model (f7ad4c17)
- models: update API models (842bde9e)
- client-codestar: deprecate CodeStar (#6402) (5327273d)
- client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)
- client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
- client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
- client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
- client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
- client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)
-
3.635.0 - 2024-08-20
- client-ecs: Documentation only release to address various tickets (a4a0836a)
- client-opensearchserverless: Added FailureCode and FailureMessage to BatchGetCollectionResponse for BatchGetVPCEResponse for non-Active Collection and VPCE. (7daa541c)
- client-s3: Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. (b474584f)
- codegen: add Smithy RPCv2 CBOR to list of protocols (#6096) (5154d4f1)
-
3.632.0 - 2024-08-15
from @aws-sdk/credential-provider-node GitHub release notes3.637.0(2024-08-22)
Chores
Documentation Changes
New Features
For list of updated packages, view updated-packages.md in assets-3.637.0.zip
3.635.0(2024-08-20)
Documentation Changes
New Features
For list of updated packages, view updated-packages.md in assets-3.635.0.zip
Package name: @aws-sdk/client-ses
-
3.637.0 - 2024-08-22
- util-endpoints: update aws partitions.json (9d2511b8)
- endpoints: update endpoints model (f7ad4c17)
- models: update API models (842bde9e)
- client-codestar: deprecate CodeStar (#6402) (5327273d)
- client-auto-scaling: Amazon EC2 Auto Scaling now provides EBS health check to manage EC2 instance replacement (041f6dd9)
- client-route-53: Amazon Route 53 now supports the Asia Pacific (Malaysia) Region (ap-southeast-5) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. (b3d22dec)
- client-emr-containers: Correct endpoint for FIPS is configured for US Gov Regions. (0cd9baec)
- client-inspector2: Add enums for Agentless scan statuses and EC2 enablement error states (52856e7f)
- client-quicksight: Explicit query for authors and dashboard viewing sharing for embedded users (18135bcc)
- client-bedrock: Amazon Bedrock Evaluation BatchDeleteEvaluationJob API allows customers to delete evaluation jobs under terminated evaluation job statuses - Stopped, Failed, or Completed. Customers can submit a batch of 25 evaluation jobs to be deleted at once. (06501cbb)
-
3.636.0 - 2024-08-21
- turbo: simplify build scripts in package.json (#6366) (614d98e1)
- link to smithy/middleware-retry in Notable Changes (#6397) (31263194)
- clients: update client endpoints as of 2024-08-21 (f8aaf1df)
- client-ses: Enable email receiving customers to provide SES with access to their S3 buckets via an IAM role for "Deliver to S3 Action" (aafc6ebd)
- client-entityresolution: Increase the mapping attributes in Schema to 35. (d038be36)
- client-glue: Add optional field JobRunQueuingEnabled to CreateJob and UpdateJob APIs. (b3bbf579)
- client-securityhub: Security Hub documentation and definition updates (17db5f7e)
- client-lambda: Release FilterCriteria encryption for Lambda EventSourceMapping, enabling customers to encrypt their filter criteria using a customer-owned KMS key. (6fff3639)
- client-ec2: DescribeInstanceStatus now returns health information on EBS volumes attached to Nitro instances (1baa7ea8)
-
3.635.0 - 2024-08-20
- client-ecs: Documentation only release to address various tickets (a4a0836a)
- client-opensearchserverless: Added FailureCode and FailureMessage to BatchGetCollectionResponse for BatchGetVPCEResponse for non-Active Collection and VPCE. (7daa541c)
- client-s3: Amazon Simple Storage Service / Features : Add support for conditional writes for PutObject and CompleteMultipartUpload APIs. (b474584f)
- codegen: add Smithy RPCv2 CBOR to list of protocols (#6096) (5154d4f1)
-
3.632.0 - 2024-08-15
from @aws-sdk/client-ses GitHub release notes3.637.0(2024-08-22)
Chores
Documentation Changes
New Features
For list of updated packages, view updated-packages.md in assets-3.637.0.zip
3.636.0(2024-08-21)
Chores
Documentation Changes
New Features
For list of updated packages, view updated-packages.md in assets-3.636.0.zip
3.635.0(2024-08-20)
Documentation Changes
New Features
For list of updated packages, view updated-packages.md in assets-3.635.0.zip
Package name: @headlessui/react
-
2.1.3 - 2024-08-23
- Ensure
- Fix closing components using the
- Ensure all client components are marked correctly to avoid a crash with React 19 and Turbopack (#3429)
-
2.1.2 - 2024-07-05
- Fix prematurely added anchoring styles on
- Ensure
- Fix crash in
- Fix hanging tests when using
- Fix
- Fix outside click in nested portalled
- Fix restoring focus to correct element when closing
- Fix
from @headlessui/react GitHub release notesFixed
Transitioncomponent state doesn't change when it becomes hidden (#3372)transitionprop, and after scrolling the page (#3407)Fixed
ListboxOptions(#3337)unmountonDialogworks in combination with thetransitionprop onDialogBackdropandDialogPanelcomponents (#3352)Comboboxcomponent when invirtualmode when options are empty (#3356)anchorprop (#3357)transitionandfocusprop combination forPopoverPanelcomponent (#3361)Popovercomponents (#3362)Dialogcomponent (#3365)flushSyncwarning forComboboxcomponent withimmediateprop enabled (#3366)Package name: @next/third-parties
-
14.2.7 - 2024-08-27
- Revert "chore: externalize undici for bundling" (#65727)
- Refactor internal routing headers to use request meta (#66987)
- fix(next): add cross origin in react dom preload (#67423)
- build: upgrade edge-runtime (#67565)
- GTM dataLayer parameter should take an object, not an array of strings (#66339)
- fix: properly patch lockfile against swc bindings (#66515)
- Add deployment id header for rsc payload if present (#67255)
- Update font data (#68639)
- fix i18n data pathname resolving (#68947)
- pages router: ensure x-middleware-cache is respected (#67734)
- Fix bad modRequest in flight entry manifest #68888
- Reject next image urls in image optimizer #68628
- Fix hmr assetPrefix escaping and reuse logic from other files #67983
-
14.2.6 - 2024-08-21
-
14.2.5 - 2024-07-10
from @next/third-parties GitHub release notesNote
This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
Credits
Huge thanks to @ kjugi, @ huozhi, @ ztanner, @ SukkaW, @ marlier, @ Kikobeats, @ syi0808, @ ijjk, and @ samcx for helping!
Package name: dayjs
-
1.11.13 - 2024-08-20
- customParseFormat supports Q quter / w ww weekOfYear (#2705) (8ca74f1)
-
1.11.12 - 2024-07-18
- Add NegativeYear Plugin support (#2640) (6a42e0d)
- add UTC support to negativeYear plugin (#2692) (f3ef705)
- Fix zero offset issue when use tz with locale (#2532) (d0e6738)
- Improve typing for min/max plugin (#2573) (4fbe94a)
- timezone plugin currect parse UTC tz (#2693) (b575c81)
from dayjs GitHub release notes1.11.13 (2024-08-20)
Bug Fixes
1.11.12 (2024-07-18)
Bug Fixes
Package name: firebase-admin
-
12.4.0 - 2024-08-22
- [chore] Release 12.4.0 (#2674)
- build(deps-dev): bump @ firebase/app-compat from 0.2.38 to 0.2.39 (#2677)
- chore: Deprecate sendToTopic and Condition (#2683)
- build(deps): bump @ types/node from 22.1.0 to 22.3.0 (#2675)
- build(deps-dev): bump mocha from 10.7.0 to 10.7.3 (#2670)
- build(deps): bump @ google-cloud/storage from 7.12.0 to 7.12.1 (#2669)
- build(deps): bump axios in /.github/actions/send-email (#2673)
- build(deps-dev): bump @ microsoft/api-extractor from 7.47.5 to 7.47.6 (#2671)
- Reroute Cloud Tasks to emulator when it is running (#2649)
-
12.3.1 - 2024-08-08
- fix:
- [chore] Release 12.3.1 (#2667)
- chore: Skip sendToDeviceGroup integration test (#2666)
- build(deps-dev): bump @ microsoft/api-extractor from 7.47.2 to 7.47.5 (#2661)
- build(deps): bump @ types/node from 22.0.1 to 22.1.0 (#2663)
- build(deps-dev): bump @ firebase/app-compat from 0.2.37 to 0.2.38 (#2664)
- build(deps): bump @ types/node from 20.14.11 to 22.0.1 (#2657)
- build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#2650)
- build(deps-dev): bump @ firebase/app-compat from 0.2.35 to 0.2.37 (#2653)
- build(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 (#2654)
from firebase-admin GitHub release notesMiscellaneous
Bug Fixes
getToken()returns existing promise to a token if one exists instead of a new token. (#2648)Miscellaneous
Package name: mongoose
-
8.5.4 - 2024-08-23
- fix: add empty string check for collection name passed #14806 Shubham2552
- docs(model): add 'throw' as valid strict value for bulkWrite() and add some more clarification on throwOnValidationError #14809
-
8.5.3 - 2024-08-13
- fix(document): call required functions on subdocuments underneath nested paths with correct context #14801 #14788
- fix(populate): avoid throwing error when no result and
- fix(document): apply virtuals to subdocuments if parent schema has virtuals: true for backwards compatibility #14774 #14771 #14623 #14394
- types: make HydratedSingleSubdocument and HydratedArraySubdocument merge types instead of using & #14800 #14793
- types: support schema type inference based on schema options timestamps as well #14773 #13215 ark23CIS
- types(cursor): indicate that cursor.next() can return null #14798 #14787
- types: allow mongoose.connection.db to be undefined #14797 #14789
- docs: add schema type widening advice #14790 JstnMcBrd
from mongoose GitHub release notes8.5.4 / 2024-08-23
8.5.3 / 2024-08-13
lean()set #14799 #14794 #14759 MohOrabyPackage name: newrelic
-
12.3.0 - 2024-08-27
- Added new API method
- The context will be used to assign custom attributes to every LLM event produced within the function
- Improved AWS Lambda event detection (#2498) (5e8b260)
- Updated compatibility report (#2493) (0448927)
- Fixed linting scripts (#2497) (c395779)
- Removed examples/shim (#2484) (40d1f5c)
- Updated test-utils dependency and added matrix-count only (#2494) (5e04c76)
- Converted the api unit tests to
- Converted context-manager unit tests to
- Updated codecov action sha to post coverage from forks. Added flag to fail ci if it fails to upload report (#2490) (12fbe56)
-
12.2.0 - 2024-08-19
- Added instrumentation support for Express 5 beta (#2476) (06a4c2f)
- This will be experimental until
- Updated
- Removed reference to
- Updated compatibility report (#2487) (c0a5e64)
- Reverted to upstream
- Updated aggregators unit tests to node:test (#2481) (fd2d76f)
-
12.1.1 - 2024-08-15
- Updated
- Updated
- Updated the
- Updated pino instrumentation to separate the wrapping of asJson into its own function (#2464) (81fdde1)
- Updated compatibility report (#2460) (a4570e9)
- Removed limit on superagent versioned testing (#2456) (b4b6a6b)
from newrelic GitHub release notesv12.3.0 (2024-08-27)
Features
withLlmCustomAttributesto run a function in a LLM context (#2437) (57e6be9)Bug fixes
Documentation
Miscellaneous chores
Tests
node:test(#2516) (ab91576)node:test(#2508) (9363eb0)Continuous integration
Support statement:
We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date. (https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/update-new-relic-agent/)
See the New Relic Node.js agent EOL policy for information about agent releases and support dates. (https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/nodejs-agent-eol-policy/)
v12.2.0 (2024-08-19)
Features
express@5.0.0is generally availableBug fixes
koainstrumentation to properly get the matched route name and to handle changes in@ koa/router@13.0.0(#2486) (0c2ee2f)Documentation
@ newrelic/nextin README (#2479) (8740539)Miscellaneous chores
require-in-the-middle(#2473) (9bbc41c)Support statement:
We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date. (https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/update-new-relic-agent/)
See the New Relic Node.js agent EOL policy for information about agent releases and support dates. (https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/nodejs-agent-eol-policy/)
v12.1.1 (2024-08-15)
Bug fixes
amqplibinstrumentation to properly parse host/port from connect (#2461) (91636a8)redisinstrumentation to parse host/port when a url is not provided (#2463) (2b67623)kafkajsnode metrics to remove/Namedfrom the name (#2458) (37ce113)Code refactoring
Documentation
Miscellaneous chores
Support statement:
We recommend updating to the latest agent version as soon as it's available. If you can't upgrade to the latest version, update your agents to a version no more than 90 days old. Read more about keeping agents up to date. (https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/update-new-relic-agent/)
See the New Relic Node.js agent EOL policy for information about agent releases and support dates. (https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/nodejs-agent-eol-policy/)
Package name: next
Note
This release is backporting bug fixes. It does not include all pending features/changes on canary.
Core Changes
Credits
Huge thanks to @ kjugi, @ huozhi, @ ztanner, @ SukkaW, @ marlier,