[Snyk] Upgrade: browser-or-node, chai, isomorphic-ws, q, thrift, ws #155
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- browser-or-node from 1.3.0 to 3.0.0.
See this package in npm: https://www.npmjs.com/package/browser-or-node
- chai from 4.5.0 to 5.1.1.
See this package in npm: https://www.npmjs.com/package/chai
- isomorphic-ws from 4.0.1 to 5.0.0.
See this package in npm: https://www.npmjs.com/package/isomorphic-ws
- q from 1.5.1 to 2.0.3.
See this package in npm: https://www.npmjs.com/package/q
- thrift from 0.13.0 to 0.20.0.
See this package in npm: https://www.npmjs.com/package/thrift
- ws from 7.5.10 to 8.18.0.
See this package in npm: https://www.npmjs.com/package/ws
See this project in Snyk:
https://app.snyk.io/org/taeb3/project/d774ea56-0f4e-4632-b2ec-86818396711a?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
browser-or-node
⚠️ This is a major version upgrade, and may be a breaking change | 5 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
⚠️ This is a major version upgrade, and may be a breaking change | 10 years ago
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
from 1.3.0 to 3.0.0 | 5 versions ahead of your current version
on 2024-04-18
chai
from 4.5.0 to 5.1.1 | 9 versions ahead of your current version
on 2024-05-09
isomorphic-ws
from 4.0.1 to 5.0.0 | 4 versions ahead of your current version
on 2022-06-27
q
from 1.5.1 to 2.0.3 | 4 versions ahead of your current version
on 2015-01-31
thrift
from 0.13.0 to 0.20.0 | 10 versions ahead of your current version | 6 months ago
on 2024-03-22
ws
from 7.5.10 to 8.18.0 | 30 versions ahead of your current version
on 2024-07-03
Issues fixed by the recommended upgrade:
SNYK-JS-TAFFYDB-2992450
SNYK-JS-MARKED-174116
SNYK-JS-MARKED-2342073
SNYK-JS-MARKED-2342082
SNYK-JS-MARKED-451540
SNYK-JS-MARKED-584281
SNYK-JS-UNDERSCORE-1080984
Release notes
Package name: browser-or-node
-
3.0.0 - 2024-04-18
-
3.0.0-pre.0 - 2023-11-19
-
2.1.1 - 2022-12-01
-
2.1.0 - 2022-11-30
-
2.0.0 - 2021-11-12
- isDeno support added
- TypeScript types added
- isJsDom is no more a method
-
1.3.0 - 2020-06-25
from browser-or-node GitHub release notesNo breaking API changes. Although the import might break because of the new build setup.
I've migrated the build setup from babel to tsup in #30. As a part of that I've also introduced CJS/ESM import compatibility. Since this package has half a mil downloads a week, I'm slightly hesitant to publish a major (v3) before testing the packages in all the runtimes which I don't have the capacity or the means to do so. So this prerelease is a candidate to test the new build setup in all runtimes with the community's help to make sure the next major is good to go.
Breaking:
Package name: chai
-
5.1.1 - 2024-05-09
- Set up ESLint for JSDoc comments by @ koddsson in #1605
- build(deps-dev): bump ip from 1.1.8 to 1.1.9 by @ dependabot in #1608
- Correct Mocha import instructions by @ MattiSG in #1611
- fix: support some virtual contexts in
- @ MattiSG made their first contribution in #1611
-
5.1.0 - 2024-02-12
- Remove useless guards and add parentheses to constuctors by @ koddsson in #1593
- Cleanup jsdoc comments by @ koddsson in #1596
- Convert comments in "legal comments" format to jsdoc or normal comments by @ koddsson in #1598
- Implement
- Assert interface fix by @ developer-bandi in #1601
- Set support in same members by @ koddsson in #1583
- Fix publish script by @ koddsson in #1602
- @ developer-bandi made their first contribution in #1601
-
5.0.3 - 2024-01-25
-
5.0.2 - 2024-01-25
- build(deps): bump nanoid and mocha by @ dependabot in #1558
- remove
- Update developer dependencies by @ koddsson in #1560
- fix: removes
- Update
- Re-enable some webkit tests by @ koddsson in #1580
- Remove a bunch of if statements in test/should.js by @ koddsson in #1581
- Remove a bunch of unused files by @ koddsson in #1582
- Fix 1564 by @ koddsson in #1566
-
5.0.0 - 2023-12-28
- Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have
- Dropped support for Internet Explorer.
- Dropped support for NodeJS < 18.
- Minimum supported browsers are now Firefox 100, Safari 14.1, Chrome 100, Edge 100. Support for browsers prior to these versions is "best effort" (bug reports on older browsers will be assessed individually and may be marked as wontfix).
- feat: use chaijs/loupe for inspection by @ pcorpet in #1401
- docs: fix URL in README by @ Izzur in #1413
- Remove
- Convert Makefile script to npm scripts by @ koddsson in #1424
- Clean up README badges by @ koddsson in #1422
- fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
- fix: deep-eql bump package to support symbols by @ snewcomer in #1458
- ES module conversion PoC by @ 43081j in #1498
- chore: drop commonjs support by @ 43081j in #1503
- Update pathval by @ koddsson in #1527
- Update check-error by @ koddsson in #1528
- update
- Inline
- Update loupe by @ koddsson in #1545
- Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
- Update
- Replacing Karma with Web Test Runner by @ koddsson in #1546
- @ Izzur made their first contribution in #1413
- @ stevenjoezhang made their first contribution in #1400
- @ 43081j made their first contribution in #1498
-
5.0.0-rc.0 - 2023-12-06
- feat: use chaijs/loupe for inspection by @ pcorpet in #1401
- docs: fix URL in README by @ Izzur in #1413
- Remove
- Convert Makefile script to npm scripts by @ koddsson in #1424
- Clean up README badges by @ koddsson in #1422
- fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
- fix: deep-eql bump package to support symbols by @ snewcomer in #1458
- ES module conversion PoC by @ 43081j in #1498
- chore: drop commonjs support by @ 43081j in #1503
- Update pathval by @ koddsson in #1527
- Update check-error by @ koddsson in #1528
- update
- Inline
- Update loupe by @ koddsson in #1545
- Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
- Update
- Replacing Karma with Web Test Runner by @ koddsson in #1546
- remove codecov by @ koddsson in #1548
- remove chai version constant by @ koddsson in #1550
- Remove istanbul by @ koddsson in #1549
- @ Izzur made their first contribution in #1413
- @ koddsson made their first contribution in #1416
- @ stevenjoezhang made their first contribution in #1400
- @ 43081j made their first contribution in #1498
-
5.0.0-alpha.2 - 2023-10-30
- update
- Inline
- Update loupe by @ koddsson in #1545
- Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
- Update
- Replacing Karma with Web Test Runner by @ koddsson in #1546
-
5.0.0-alpha.1 - 2023-07-26
-
5.0.0-alpha.0 - 2023-02-07
-
4.5.0 - 2024-07-25
from chai GitHub release notesWhat's Changed
toThrowby @ 43081j in #1609New Contributors
Full Changelog: v5.1.0...v5.1.1
What's Changed
iterableassertion by @ koddsson in #1592New Contributors
Full Changelog: v5.0.3...v5.1.0
Fix bad v5.0.2 publish.
Full Changelog: v5.0.2...v5.0.3
What's Changed
bump-cliby @ koddsson in #1559??for node compat (5.x) by @ 43081j in #1576loupeto latest version by @ koddsson in #1579Full Changelog: v5.0.1...v5.0.2
BREAKING CHANGES
import {...} from 'chai'orimport('chai').require('chai')will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.What's Changed
get-func-namedependency by @ koddsson in #1416deep-eqlto latest version by @ koddsson in #1542type-detectas a simple function by @ koddsson in #1544assertion-errorto it's latest major version! by @ koddsson in #1543New Contributors
Full Changelog: 4.3.1...v5.0.0
The first Release Candidate of chai@v5 is here!
We've put out a few alpha versions and tested them out in various projects with good success. This RC includes all those changes plus any fixes that we've discovered since then.
Please try it out in your projects and let us know if you run into any issues so we can make fixes before version 5!
Thanks for using Chai 🙏🏻
What's Changed
get-func-namedependency by @ koddsson in #1416deep-eqlto latest version by @ koddsson in #1542type-detectas a simple function by @ koddsson in #1544assertion-errorto it's latest major version! by @ koddsson in #1543New Contributors
Full Changelog: v4.3.10...v5.0.0-rc.0
What's Changed
deep-eqlto latest version by @ koddsson in #1542type-detectas a simple function by @ koddsson in #1544assertion-errorto it's latest major version! by @ koddsson in #1543Full Changelog: v5.0.0-alpha.1...v5.0.0-alpha.2
Package name: isomorphic-ws
-
5.0.0 - 2022-06-27
- Changed browser to es modules (@ guillemcordoba in #20)
-
5.0.0-beta.3 - 2022-06-27
-
5.0.0-beta.2 - 2022-06-27
-
5.0.0-beta.1 - 2022-06-06
-
4.0.1 - 2018-04-27
from isomorphic-ws GitHub release notes5.0.0 (June 27, 2022)
Package name: q
-
2.0.3 - 2015-01-31
-
2.0.2 - 2014-06-06
-
2.0.1 - 2014-03-20
-
2.0.0 - 2014-03-20
-
1.5.1 - 2017-10-19
from q GitHub release notes2.0.2
Accessible only with:
For adventurers only.
Package name: thrift
-
0.20.0 - 2024-03-22
-
0.19.0 - 2023-09-02
-
0.18.1 - 2023-03-01
-
0.18.0 - 2023-02-14
-
0.17.0 - 2022-09-18
-
0.16.0 - 2022-02-17
-
0.15.0 - 2021-09-11
-
0.14.2 - 2021-06-17
-
0.14.1 - 2021-03-08
-
0.14.0 - 2021-02-12
-
0.13.0 - 2019-11-18
from thrift GitHub release notesPlease head over to the official release download source:
http://thrift.apache.org/download
The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.
Please head over to the official release download source:
http://thrift.apache.org/download
The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.
Please head over to the official release download source:
http://thrift.apache.org/download
The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.
Please head over to the official release download source:
http://thrift.apache.org/download
The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.
Please head over to the official release download source:
http://thrift.apache.org/download
The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.
For release 0.16.0 head over to the official release download source:
http://thrift.apache.org/download
The assets below are added by Github based on the release tag and they may therefore not match the checkums.
For release 0.15.0 head over to the official release download source:
http://thrift.apache.org/download
The assets below are added by Github based on the release tag and they may therefore not match the checkums.
For release 0.14.0 head over to the official release download source:
http://thrift.apache.org/download
The assets below are added by Github based on the release tag and they may therefore not match the checkums.
For release 0.14.1 head over to the official release download source:
http://thrift.apache.org/download
The assets below are added by Github based on the release tag and they may therefore not match the checkums.
Package name: ws
Features
Blob(#2229).Bug fixes
A request with a number of headers exceeding the
server.maxHeadersCountthreshold could be used to crash a ws server.
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break<span class="pl-kos...