Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚨 [security] Update firebase-tools 6.3.0 β†’ 13.8.0 (major) #73

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

🚨 [security] Update firebase-tools 6.3.0 β†’ 13.8.0 (major) #73

wants to merge 1 commit into from

Conversation

depfu[bot]
Copy link

@depfu depfu bot commented May 3, 2024

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ firebase-tools (6.3.0 β†’ 13.8.0) Β· Repo Β· Changelog

Security Advisories 🚨

🚨 Firebase vulnerable to CRSF attack

This vulnerability was a potential CSRF attack.Β When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commitΒ 068a2b08dc308c7ab4b569617f5fc8821237e3a0.

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ansi-align (indirect, 2.0.0 β†’ 3.0.1) Β· Repo Β· Changelog

Release Notes

3.0.1 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ archiver (indirect, 2.1.1 β†’ 5.3.2) Β· Repo Β· Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ archiver-utils (indirect, 1.3.0 β†’ 2.1.0) Β· Repo Β· Changelog

Release Notes

2.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ bl (indirect, 1.2.2 β†’ 4.1.0) Β· Repo Β· Changelog

Security Advisories 🚨

🚨 Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

🚨 Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

🚨 Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

🚨 Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

Release Notes

4.0.3

More info than we can show here.

4.0.1

More info than we can show here.

3.0.1

More info than we can show here.

3.0.0

More info than we can show here.

2.2.1

More info than we can show here.

2.2.0

More info than we can show here.

2.1.2

More info than we can show here.

2.1.1

More info than we can show here.

2.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ boxen (indirect, 1.3.0 β†’ 5.1.2) Β· Repo

Release Notes

5.1.2

More info than we can show here.

5.1.1

More info than we can show here.

5.1.0

More info than we can show here.

5.0.1

More info than we can show here.

5.0.0

More info than we can show here.

4.2.0

More info than we can show here.

4.1.0

More info than we can show here.

4.0.0

More info than we can show here.

3.2.0

More info than we can show here.

3.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ci-info (indirect, 1.6.0 β†’ 2.0.0) Β· Repo Β· Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cli-boxes (indirect, 1.0.0 β†’ 2.2.1) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cli-spinners (indirect, 0.1.2 β†’ 2.9.2) Β· Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cli-table (indirect, 0.3.1 β†’ 0.3.11) Β· Repo Β· Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ configstore (indirect, 1.4.0 β†’ 5.0.1) Β· Repo

Release Notes

5.0.1

More info than we can show here.

5.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cross-env (indirect, 5.2.0 β†’ 5.2.1) Β· Repo Β· Changelog

Release Notes

5.2.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ crypto-random-string (indirect, 1.0.0 β†’ 2.0.0) Β· Repo

Release Notes

2.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ dot-prop (indirect, 4.2.0 β†’ 5.3.0) Β· Repo

Security Advisories 🚨

🚨 dot-prop Prototype Pollution vulnerability

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

🚨 dot-prop Prototype Pollution vulnerability

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Release Notes

5.3.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ecdsa-sig-formatter (indirect, 1.0.10 β†’ 1.0.11) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ filesize (indirect, 3.6.1 β†’ 6.4.0) Β· Repo Β· Changelog

Release Notes

6.4.0 (from changelog)

More info than we can show here.

6.3.0 (from changelog)

More info than we can show here.

6.2.6 (from changelog)

More info than we can show here.

6.2.5 (from changelog)

More info than we can show here.

6.2.4 (from changelog)

More info than we can show here.

6.2.3 (from changelog)

More info than we can show here.

6.2.2 (from changelog)

More info than we can show here.

6.2.1 (from changelog)

More info than we can show here.

6.2.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ fs-extra (indirect, 0.23.1 β†’ 10.1.0) Β· Repo Β· Changelog

Release Notes

10.1.0 (from changelog)

More info than we can show here.

10.0.1 (from changelog)

More info than we can show here.

10.0.0 (from changelog)

More info than we can show here.

9.1.0 (from changelog)

More info than we can show here.

9.0.1 (from changelog)

More info than we can show here.

9.0.0 (from changelog)

More info than we can show here.

8.1.0 (from changelog)

More info than we can show here.

8.0.1 (from changelog)

More info than we can show here.

8.0.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ gaxios (indirect, 1.2.7 β†’ 6.5.0) Β· Repo Β· Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ gcp-metadata (indirect, 0.6.3 β†’ 6.1.0) Β· Repo Β· Changelog

Release Notes

6.1.0

More info than we can show here.

6.0.0

More info than we can show here.

5.3.0

More info than we can show here.

5.2.0

More info than we can show here.

5.1.0

More info than we can show here.

5.0.1

More info than we can show here.

5.0.0

More info than we can show here.

4.3.1

More info than we can show here.

4.3.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ global-dirs (indirect, 0.1.1 β†’ 3.0.1) Β· Repo

Release Notes

3.0.1

More info than we can show here.

3.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ google-auth-library (indirect, 1.6.1 β†’ 9.9.0) Β· Repo Β· Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ google-p12-pem (indirect, 1.0.3 β†’ 4.0.1) Β· Repo Β· Changelog

Release Notes

4.0.1

More info than we can show here.

4.0.0

More info than we can show here.

3.1.4

More info than we can show here.

3.1.3

More info than we can show here.

3.1.2

More info than we can show here.

3.1.1

More info than we can show here.

3.1.0

More info than we can show here.

1.0.5

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ gtoken (indirect, 2.3.2 β†’ 7.1.0) Β· Repo Β· Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ is-ci (indirect, 1.2.1 β†’ 2.0.0) Β· Repo Β· Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ is-installed-globally (indirect, 0.1.0 β†’ 0.4.0) Β· Repo

Release Notes

0.4.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ is-npm (indirect, 1.0.0 β†’ 5.0.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ is-obj (indirect, 1.0.1 β†’ 2.0.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jsonfile (indirect, 2.4.0 β†’ 6.1.0) Β· Repo Β· Changelog

Release Notes

6.1.0 (from changelog)

More info than we can show here.

6.0.1 (from changelog)

More info than we can show here.

6.0.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jsonwebtoken (indirect, 8.4.0 β†’ 9.0.2) Β· Repo Β· Changelog

Security Advisories 🚨

🚨 jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Overview

Versions <=8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the secretOrPublicKey argument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens.

Am I affected?

You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function.

How do I fix it?

Update to version 9.0.0.

Will the fix impact my users?

There is no impact for end users

🚨 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

Overview

In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.

Am I affected?

You will be affected if all the following are true in the jwt.verify() function:

  • a token with no signature is received
  • no algorithms are specified
  • a falsy (e.g. null, false, undefined) secret or key is passed

How do I fix it?

Update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method.

Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.

🚨 jsonwebtoken unrestricted key type could lead to legacy keys usage

Overview

Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm.

Am I affected?

You are affected if you are using an algorithm and a key type other than the combinations mentioned below

Key type algorithm
ec ES256, ES384, ES512
rsa RS256, RS384, RS512, PS256, PS384, PS512
rsa-pss PS256, PS384, PS512

And for Elliptic Curve algorithms:

alg Curve
ES256 prime256v1
ES384 secp384r1
ES512 secp521r1

How do I fix it?

Update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option to true in the sign() and/or verify() functions.

Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise, use the allowInvalidAsymmetricKeyTypes option to true in the sign() and verify() functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.

Release Notes

9.0.2 (from changelog)

More info than we can show here.

9.0.1 (from changelog)

More info than we can show here.

9.0.0 (from changelog)

More info than we can show here.

8.5.1 (from changelog)

More info than we can show here.

8.5.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jwa (indirect, 1.2.0 β†’ 2.0.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jws (indirect, 3.2.1 β†’ 4.0.0) Β· Repo Β· Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ klaw (indirect, 1.3.1 β†’ 3.0.0) Β· Repo Β· Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ morgan (indirect, 1.9.1 β†’ 1.10.0) Β· Repo Β· Changelog

Release Notes

1.10.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ora (indirect, 0.2.3 β†’ 5.4.1) Β· Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ registry-auth-token (indirect, 3.3.2 β†’ 5.0.2) Β· Repo Β· Changelog

Release Notes

5.0.2 (from changelog)

More info than we can show here.

4.2.2 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ registry-url (indirect, 3.1.0 β†’ 5.1.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ retry-request (indirect, 3.3.2 β†’ 5.0.2) Β· Repo Β· Changelog

Release Notes

5.0.2

More info than we can show here.

5.0.1

More info than we can show here.

5.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ router (indirect, 1.3.3 β†’ 1.3.8) Β· Repo Β· Changelog

Release Notes

1.3.8

More info than we can show here.

1.3.7

More info than we can show here.

1.3.6

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ semver-diff (indirect, 2.1.0 β†’ 3.1.1) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ strip-json-comments (indirect, 2.0.1 β†’ 3.1.1) Β· Repo

Release Notes

3.1.1

More info than we can show here.

3.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ superstatic (indirect, 6.0.4 β†’ 9.0.3) Β· Repo Β· Changelog

Release Notes

8.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ tar-stream (indirect, 1.6.2 β†’ 2.2.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unique-string (indirect, 1.0.0 β†’ 2.0.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ universal-analytics (indirect, 0.4.20 β†’ 0.5.3) Β· Repo Β· Changelog

Release Notes

0.5.3 (from changelog)

More info than we can show here.

0.5.2 (from changelog)

More info than we can show here.

0.5.1 (from changelog)

More info than we can show here.

0.4.22 (from changelog)

More info than we can show here.

0.4.21 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ widest-line (indirect, 2.0.1 β†’ 3.1.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ winston (indirect, 1.1.2 β†’ 3.13.0) Β· Repo Β· Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ write-file-atomic (indirect, 2.4.2 β†’ 3.0.3) Β· Repo Β· Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ xdg-basedir (indirect, 3.0.0 β†’ 4.0.0) Β· Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ zip-stream (indirect, 1.2.0 β†’ 4.1.1) Β· Repo Β· Changelog

Release Notes

4.1.1

More info than we can show here.

4.1.0

More info than we can show here.

4.0.4

More info than we can show here.

4.0.3

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

πŸ†• @​apidevtools/json-schema-ref-parser (added, 9.1.2)

πŸ†• @​colors/colors (added, 1.5.0)

πŸ†• @​dabh/diagnostics (added, 2.0.3)

πŸ†• @​google-cloud/cloud-sql-connector (added, 1.3.0)

πŸ†• @​google-cloud/paginator (added, 4.0.1)

πŸ†• @​google-cloud/precise-date (added, 3.0.1)

πŸ†• @​google-cloud/projectify (added, 3.0.0)

πŸ†• @​google-cloud/promisify (added, 2.0.4)

πŸ†• @​google-cloud/pubsub (added, 3.7.5)

πŸ†• @​googleapis/sqladmin (added, 16.1.0)

πŸ†• @​grpc/grpc-js (added, 1.8.21)

πŸ†• @​grpc/proto-loader (added, 0.7.13)

πŸ†• @​isaacs/cliui (added, 8.0.2)

πŸ†• @​jsdevtools/ono (added, 7.1.3)

πŸ†• @​jsdoc/salty (added, 0.2.8)

πŸ†• @​npmcli/agent (added, 2.2.2)

πŸ†• @​npmcli/fs (added, 3.1.0)

πŸ†• @​opentelemetry/api (added, 1.8.0)

πŸ†• @​opentelemetry/semantic-conventions (added, 1.3.1)

πŸ†• @​pkgjs/parseargs (added, 0.11.0)

πŸ†• @​pnpm/config.env-replace (added, 1.1.0)

πŸ†• @​pnpm/network.ca-file (added, 1.0.2)

πŸ†• @​pnpm/npm-conf (added, 2.2.2)

πŸ†• @​protobufjs/aspromise (added, 1.1.2)

πŸ†• @​protobufjs/base64 (added, 1.1.2)

πŸ†• @​protobufjs/codegen (added, 2.0.4)

πŸ†• @​protobufjs/eventemitter (added, 1.1.0)

πŸ†• @​protobufjs/fetch (added, 1.1.0)

πŸ†• @​protobufjs/float (added, 1.0.2)

πŸ†• @​protobufjs/inquire (added, 1.1.0)

πŸ†• @​protobufjs/path (added, 1.1.2)

πŸ†• @​protobufjs/pool (added, 1.1.0)

πŸ†• @​protobufjs/utf8 (added, 1.1.0)

πŸ†• @​tootallnate/quickjs-emscripten (added, 0.23.0)

πŸ†• @​types/duplexify (added, 3.6.4)

πŸ†• @​types/glob (added, 8.1.0)

πŸ†• @​types/json-schema (added, 7.0.15)

πŸ†• @​types/linkify-it (added, 5.0.0)

πŸ†• @​types/long (added, 4.0.2)

πŸ†• @​types/markdown-it (added, 14.1.1)

πŸ†• @​types/mdurl (added, 2.0.0)

πŸ†• @​types/minimatch (added, 5.1.2)

πŸ†• @​types/rimraf (added, 3.0.2)

πŸ†• @​types/triple-beam (added, 1.3.5)

πŸ†• abort-controller (added, 3.0.0)

πŸ†• acorn-jsx (added, 5.3.2)

πŸ†• aggregate-error (added, 3.1.0)

πŸ†• ajv-formats (added, 2.1.1)

πŸ†• ansicolors (added, 0.3.2)

πŸ†• ast-types (added, 0.13.4)

πŸ†• async-lock (added, 1.3.2)

πŸ†• basic-ftp (added, 5.0.5)

πŸ†• bignumber.js (added, 9.1.2)

πŸ†• call-bind (added, 1.0.7)

πŸ†• call-me-maybe (added, 1.0.2)

πŸ†• cardinal (added, 2.1.1)

πŸ†• catharsis (added, 0.9.0)

πŸ†• clean-stack (added, 2.2.0)

πŸ†• cli-table3 (added, 0.6.4)

πŸ†• color (added, 3.2.1)

πŸ†• color-string (added, 1.9.1)

πŸ†• colorette (added, 2.0.20)

πŸ†• colorspace (added, 1.1.4)

πŸ†• config-chain (added, 1.1.13)

πŸ†• cors (added, 2.8.5)

πŸ†• crc-32 (added, 1.2.2)

πŸ†• csv-parse (added, 5.5.5)

πŸ†• data-uri-to-buffer (added, 6.0.2)

πŸ†• deep-equal-in-any-order (added, 2.0.6)

πŸ†• deep-freeze (added, 0.0.1)

πŸ†• defaults (added, 1.0.4)

πŸ†• define-data-property (added, 1.1.4)

πŸ†• degenerator (added, 5.0.1)

πŸ†• discontinuous-range (added, 1.0.0)

πŸ†• eastasianwidth (added, 0.2.0)

πŸ†• emoji-regex (added, 8.0.0)

πŸ†• enabled (added, 2.0.0)

πŸ†• entities (added, 4.5.0)

πŸ†• env-paths (added, 2.2.1)

πŸ†• es-define-property (added, 1.0.0)

πŸ†• es-errors (added, 1.3.0)

πŸ†• escalade (added, 3.1.2)

πŸ†• escape-goat (added, 2.1.1)

πŸ†• eslint-visitor-keys (added, 3.4.3)

πŸ†• espree (added, 9.6.1)

πŸ†• event-target-shim (added, 5.0.1)

πŸ†• events-listener (added, 1.1.0)

πŸ†• exegesis (added, 4.1.2)

πŸ†• exegesis-express (added, 4.0.0)

πŸ†• exponential-backoff (added, 3.1.1)

πŸ†• fast-text-encoding (added, 1.0.6)

πŸ†• fecha (added, 4.2.3)

πŸ†• fn.name (added, 1.1.0)

πŸ†• foreground-child (added, 3.1.1)

πŸ†• function-bind (added, 1.1.2)

πŸ†• fuzzy (added, 0.1.3)

πŸ†• get-intrinsic (added, 1.2.4)

πŸ†• get-uri (added, 6.0.3)

πŸ†• google-gax (added, 3.6.1)

πŸ†• googleapis-common (added, 7.2.0)

πŸ†• gopd (added, 1.0.1)

πŸ†• has-property-descriptors (added, 1.0.2)

πŸ†• has-proto (added, 1.0.3)

πŸ†• has-symbols (added, 1.0.3)

πŸ†• has-yarn (added, 2.1.0)

πŸ†• hasown (added, 2.0.2)

πŸ†• heap-js (added, 2.5.0)

πŸ†• inquirer-autocomplete-prompt (added, 2.0.1)

πŸ†• install-artifact-from-github (added, 1.3.5)

πŸ†• ip-address (added, 9.0.5)

πŸ†• is-interactive (added, 1.0.0)

πŸ†• is-lambda (added, 1.0.1)

πŸ†• is-unicode-supported (added, 0.1.0)

πŸ†• is-yarn-global (added, 0.3.0)

πŸ†• is2 (added, 2.0.9)

πŸ†• jackspeak (added, 2.3.6)

πŸ†• js2xmlparser (added, 4.0.2)

πŸ†• jsdoc (added, 4.0.3)

πŸ†• json-bigint (added, 1.0.0)

πŸ†• json-ptr (added, 3.1.1)

πŸ†• kuler (added, 2.0.0)

πŸ†• leven (added, 3.1.0)

πŸ†• libsodium (added, 0.7.13)

πŸ†• libsodium-wrappers (added, 0.7.13)

πŸ†• linkify-it (added, 5.0.0)

πŸ†• lodash.defaults (added, 4.2.0)

πŸ†• lodash.difference (added, 4.5.0)

πŸ†• lodash.flatten (added, 4.4.0)

πŸ†• lodash.mapvalues (added, 4.6.0)

πŸ†• lodash.snakecase (added, 4.1.1)

πŸ†• lodash.union (added, 4.6.0)

πŸ†• log-symbols (added, 4.1.0)

πŸ†• logform (added, 2.6.0)

πŸ†• markdown-it (added, 14.1.0)

πŸ†• markdown-it-anchor (added, 8.6.7)

πŸ†• marked (added, 4.3.0)

πŸ†• marked-terminal (added, 5.2.0)

πŸ†• mdurl (added, 2.0.0)

πŸ†• minipass-collect (added, 2.0.1)

πŸ†• minipass-fetch (added, 3.0.4)

πŸ†• minipass-flush (added, 1.0.5)

πŸ†• minipass-pipeline (added, 1.2.4)

πŸ†• minipass-sized (added, 1.0.3)

πŸ†• moo (added, 0.5.2)

πŸ†• nearley (added, 2.20.1)

πŸ†• netmask (added, 2.0.2)

πŸ†• node-emoji (added, 1.11.0)

πŸ†• object-hash (added, 3.0.0)

πŸ†• object-inspect (added, 1.13.1)

πŸ†• one-time (added, 1.0.0)

πŸ†• open (added, 6.4.0)

πŸ†• openapi3-ts (added, 3.2.0)

πŸ†• p-throttle (added, 5.1.0)

πŸ†• pac-proxy-agent (added, 7.0.1)

πŸ†• pac-resolver (added, 7.0.1)

πŸ†• path-scurry (added, 1.10.2)

πŸ†• pg (added, 8.11.5)

πŸ†• pg-cloudflare (added, 1.1.1)

πŸ†• pg-connection-string (added, 2.6.4)

πŸ†• pg-int8 (added, 1.0.1)

πŸ†• pg-pool (added, 3.6.2)

πŸ†• pg-protocol (added, 1.6.1)

πŸ†• pg-types (added, 2.2.0)

πŸ†• pgpass (added, 1.0.5)

πŸ†• picocolors (added, 1.0.0)

πŸ†• picomatch (added, 2.3.1)

πŸ†• postgres-array (added, 2.0.0)

πŸ†• postgres-bytea (added, 1.0.0)

πŸ†• postgres-date (added, 1.0.7)

πŸ†• postgres-interval (added, 1.2.0)

πŸ†• proc-log (added, 3.0.0)

πŸ†• promise-breaker (added, 6.0.0)

πŸ†• proto-list (added, 1.2.4)

πŸ†• proto3-json-serializer (added, 1.1.1)

πŸ†• protobufjs-cli (added, 1.1.1)

πŸ†• proxy-agent (added, 6.4.0)

πŸ†• proxy-from-env (added, 1.1.0)

πŸ†• punycode.js (added, 2.3.1)

πŸ†• pupa (added, 2.1.1)

πŸ†• railroad-diagrams (added, 1.0.0)

πŸ†• randexp (added, 0.4.6)

πŸ†• re2 (added, 1.20.10)

πŸ†• readdir-glob (added, 1.1.3)

πŸ†• redeyed (added, 2.1.1)

πŸ†• requizzle (added, 0.2.4)

πŸ†• safe-stable-stringify (added, 2.4.3)

πŸ†• set-function-length (added, 1.2.2)

πŸ†• side-channel (added, 1.0.6)

πŸ†• simple-swizzle (added, 0.2.2)

πŸ†• sort-any (added, 2.0.0)

πŸ†• split2 (added, 4.2.0)

πŸ†• sql-formatter (added, 15.3.1)

πŸ†• stream-chain (added, 2.2.5)

πŸ†• stream-json (added, 1.8.0)

πŸ†• string-width-cjs (added, npm:[email protected])

πŸ†• strip-ansi-cjs (added, npm:[email protected])

πŸ†• supports-hyperlinks (added, 2.3.0)

πŸ†• tcp-port-used (added, 1.0.2)

πŸ†• text-hex (added, 1.0.0)

πŸ†• toidentifier (added, 1.0.1)

πŸ†• tr46 (added, 0.0.3)

πŸ†• triple-beam (added, 1.4.1)

πŸ†• type-fest (added, 0.21.3)

πŸ†• typedarray-to-buffer (added, 3.1.5)

πŸ†• uc.micro (added, 2.1.0)

πŸ†• underscore (added, 1.13.6)

πŸ†• undici-types (added, 5.26.5)

πŸ†• universalify (added, 2.0.1)

πŸ†• update-notifier-cjs (added, 5.1.6)

πŸ†• url-join (added, 0.0.1)

πŸ†• url-template (added, 2.0.8)

πŸ†• wcwidth (added, 1.0.1)

πŸ†• webidl-conversions (added, 3.0.1)

πŸ†• whatwg-url (added, 5.0.0)

πŸ†• winston-transport (added, 4.7.0)

πŸ†• wrap-ansi-cjs (added, npm:[email protected])

πŸ†• xmlcreate (added, 2.0.4)

πŸ†• yaml (added, 2.4.2)

πŸ†• yocto-queue (added, 0.1.0)

πŸ—‘οΈ @​google-cloud/common (removed)

πŸ—‘οΈ @​google-cloud/functions-emulator (removed)

πŸ—‘οΈ @​google-cloud/storage (removed)

πŸ—‘οΈ @​sindresorhus/is (removed)

πŸ—‘οΈ axios (removed)

πŸ—‘οΈ cacheable-request (removed)

πŸ—‘οΈ capture-stack-trace (removed)

πŸ—‘οΈ char-spinner (removed)

πŸ—‘οΈ cli-color (removed)

πŸ—‘οΈ cli-table2 (removed)

πŸ—‘οΈ clone-response (removed)

πŸ—‘οΈ compare-semver (removed)

πŸ—‘οΈ connect-query (removed)

πŸ—‘οΈ crc (removed)

πŸ—‘οΈ create-error-class (removed)

πŸ—‘οΈ csv-streamify (removed)

πŸ—‘οΈ cycle (removed)

πŸ—‘οΈ d (removed)

πŸ—‘οΈ decompress-response (removed)

πŸ—‘οΈ didyoumean (removed)

πŸ—‘οΈ duplexer3 (removed)

πŸ—‘οΈ es5-ext (removed)

πŸ—‘οΈ es6-iterator (removed)

πŸ—‘οΈ es6-set (removed)

πŸ—‘οΈ es6-symbol (removed)

πŸ—‘οΈ es6-weak-map (removed)

πŸ—‘οΈ event-emitter (removed)

πŸ—‘οΈ exit-code (removed)

πŸ—‘οΈ exit-hook (removed)

πŸ—‘οΈ eyes (removed)

πŸ—‘οΈ flat-arguments (removed)

πŸ—‘οΈ gcs-resumable-upload (removed)

πŸ—‘οΈ google-auto-auth (removed)

πŸ—‘οΈ googleapis (removed)

πŸ—‘οΈ got (removed)

πŸ—‘οΈ has-symbol-support-x (removed)

πŸ—‘οΈ has-to-string-tag-x (removed)

πŸ—‘οΈ hash-stream-validation (removed)

πŸ—‘οΈ home-dir (removed)

πŸ—‘οΈ i (removed)

πŸ—‘οΈ into-stream (removed)

πŸ—‘οΈ is (removed)

πŸ—‘οΈ is-object (removed)

πŸ—‘οΈ is-plain-obj (removed)

πŸ—‘οΈ is-redirect (removed)

πŸ—‘οΈ is-retry-allowed (removed)

πŸ—‘οΈ isurl (removed)

πŸ—‘οΈ json-buffer (removed)

πŸ—‘οΈ jsonschema (removed)

πŸ—‘οΈ keyv (removed)

πŸ—‘οΈ latest-version (removed)

πŸ—‘οΈ lodash._isnative (removed)

πŸ—‘οΈ lodash._shimkeys (removed)

πŸ—‘οΈ lodash.isarguments (removed)

πŸ—‘οΈ lodash.keys (removed)

πŸ—‘οΈ lodash.merge (removed)

πŸ—‘οΈ lodash.noop (removed)

πŸ—‘οΈ lodash.values (removed)

πŸ—‘οΈ log-driver (removed)

πŸ—‘οΈ lowercase-keys (removed)

πŸ—‘οΈ lru-queue (removed)

πŸ—‘οΈ memoizee (removed)

πŸ—‘οΈ methmeth (removed)

πŸ—‘οΈ mimic-response (removed)

πŸ—‘οΈ modelo (removed)

πŸ—‘οΈ nash (removed)

πŸ—‘οΈ ncp (removed)

πŸ—‘οΈ next-tick (removed)

πŸ—‘οΈ normalize-url (removed)

πŸ—‘οΈ p-cancelable (removed)

πŸ—‘οΈ p-timeout (removed)

πŸ—‘οΈ package-json (removed)

πŸ—‘οΈ pkginfo (removed)

πŸ—‘οΈ prepend-http (removed)

πŸ—‘οΈ prompt (removed)

πŸ—‘οΈ protochain (removed)

πŸ—‘οΈ query-string (removed)

πŸ—‘οΈ read (removed)

πŸ—‘οΈ readline2 (removed)

πŸ—‘οΈ responselike (removed)

πŸ—‘οΈ retry-axios (removed)

πŸ—‘οΈ revalidator (removed)

πŸ—‘οΈ rsvp (removed)

πŸ—‘οΈ rx-lite (removed)

πŸ—‘οΈ serializerr (removed)

πŸ—‘οΈ slide (removed)

πŸ—‘οΈ snakeize (removed)

πŸ—‘οΈ sort-keys (removed)

πŸ—‘οΈ split-array-stream (removed)

πŸ—‘οΈ stream-events (removed)

πŸ—‘οΈ strict-uri-encode (removed)

πŸ—‘οΈ string-format-obj (removed)

πŸ—‘οΈ string-length (removed)

πŸ—‘οΈ string-template (removed)

πŸ—‘οΈ stubs (removed)

πŸ—‘οΈ term-size (removed)

πŸ—‘οΈ timed-out (removed)

πŸ—‘οΈ timers-ext (removed)

πŸ—‘οΈ to-buffer (removed)

πŸ—‘οΈ try-require (removed)

πŸ—‘οΈ unzip-response (removed)

πŸ—‘οΈ update-notifier (removed)

πŸ—‘οΈ url-parse-lax (removed)

πŸ—‘οΈ url-to-options (removed)

πŸ—‘οΈ user-home (removed)

πŸ—‘οΈ utile (removed)

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu cancel merge
Cancels automatic merging of this PR
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

@depfu depfu bot added the depfu label May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
depfu
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants