Bump the npm_and_yarn group across 10 directories with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the /examples/supplychain-app/besu/express_nodeJS directory: express, web3-utils and ws.
Bumps the npm_and_yarn group with 1 update in the /examples/supplychain-app/besu/smartContracts directory: express.
Bumps the npm_and_yarn group with 1 update in the /examples/supplychain-app/corda/express_nodeJS directory: express.
Bumps the npm_and_yarn group with 4 updates in the /examples/supplychain-app/fabric/chaincode_rest_server/rest-server directory: node-fetch, tar, async and braces.
Bumps the npm_and_yarn group with 1 update in the /examples/supplychain-app/fabric/express_nodeJs directory: express.
Bumps the npm_and_yarn group with 3 updates in the /examples/supplychain-app/quorum/express_nodeJS directory: express, web3-utils and ws.
Bumps the npm_and_yarn group with 7 updates in the /examples/supplychain-app/quorum/smartContracts directory:

Package	From	To
express	4.18.2	4.19.2
ws	3.3.3	8.17.1
web3	1.10.4	4.10.0
ethers	6.10.0	6.13.1
hardhat	2.19.4	2.22.5
braces	3.0.2	3.0.3
undici	5.28.3	5.28.4

Bumps the npm_and_yarn group with 9 updates in the /examples/supplychain-app/supplychain-frontend directory:

Package	From	To
express	4.18.2	4.19.2
node-fetch	1.7.3	removed
@material-ui/core	3.9.4	4.12.4
@material-ui/icons	3.0.2	4.11.3
ws	7.5.9	7.5.10
tough-cookie	4.1.3	4.1.4
braces	3.0.2	3.0.3
http-proxy-middleware	0.19.1	3.0.0
ejs	3.1.9	3.1.10

Bumps the npm_and_yarn group with 3 updates in the /images/doorman/website directory: ws, semver and pug.
Bumps the npm_and_yarn group with 4 updates in the /images/networkmap/website directory: ws, braces, anymatch and pug.

Updates express from 4.17.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates qs from 6.9.7 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

• [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
• [readme] fix version badge

6.10.5

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

Commits

• 56763c1 v6.11.0
• ddd3e29 [readme] fix version badge
• c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
• 95bc018 v6.10.5
• 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
• ba9703c v6.10.4
• 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
• 113b990 [Dev Deps] update object-inspect
• c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
• 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
• Additional commits viewable in compare view

Updates web3-utils from 4.1.1 to 4.3.0

Release notes

Sourced from web3-utils's releases.

web3-utils@4.0.0-alpha.0

Initial alpha release

Install with yarn add web3-utils@4.0.0-alpha.0

Changelog

Sourced from web3-utils's changelog.

[4.1.1]

Added

web3

• To fix issue #6190, added the functionality to introduce different timeout value for Web3. (#6336)

web3-core

• To fix issue #6190, added the functionality to introduce different timeout value for Web3. (#6336)

web3-eth-contract

• In case of error events there will be inner error also available for details

Fixed

web3-eth

• Added return type for formatSubscriptionResult in class NewHeadsSubscription (#6368)

web3-core

• Fixed rpc errors not being sent as an inner error when using the send method on request manager (#6300).

web3-errors

• ESM import bug (#6359)

web3-eth-contract

• Fixed bug in contract.events.allEvents

web3-validator

• ESM import bug (#6359)

Changed

web3-eth-abi

• Dependencies updated

web3-eth-accounts

• Dependencies updated

web3-eth-ens

... (truncated)

Commits

• ee5e81d update changelog and run lerna
• b3ccd5c change default to data (#6622)
• e6d8c14 Stress Tests 1 - QA Tests (#6595)
• 3bda14d added methods (privateKeyToAddress, parseAndValidatePrivateKey,and privateKey...
• 20cc5da Proposal: Expose plugin functionality to plugins so it's easier to discover w...
• f8d8774 update socket provider test (#6614)
• 2785782 Stress Tests 3 - create long duration ws tests (#6588)
• af91519 fix: unnecessary array copy when pack encoding (#6553)
• 2c60685 Stress Tests 2 - QA Tests (#6583)
• d8b8e18 fix: faster hex to byte implementation (#6596)
• Additional commits viewable in compare view

Updates ws from 8.16.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates express from 4.17.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates qs from 6.9.7 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

• [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
• [readme] fix version badge

6.10.5

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

Commits

• 56763c1 v6.11.0
• ddd3e29 [readme] fix version badge
• c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
• 95bc018 v6.10.5
• 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
• ba9703c v6.10.4
• 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
• 113b990 [Dev Deps] update object-inspect
• c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
• 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
• Additional commits viewable in compare view

Updates node-fetch from 2.6.9 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• See full diff in compare view

Updates tar from 6.1.13 to 6.2.1

Changelog

Sourced from tar's changelog.

Changelog

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)
• replace deprecated String.prototype.substr() (@​CommanderRoot, @​lukekarrys)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Updates async from 2.6.1 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

v2.6.3

• Updated lodash to squelch a security warning (#1675)

v2.6.2

• Updated lodash to squelch a security warning (#1620)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• f1d8383 Version 2.6.3
• 2b674c1 update changelog
• eab740f fix: udpate lodash. closes #1675
• eaf32be Version 2.6.2
• 684b42e Update built files
• e1bd3da update changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request