notes icon indicating copy to clipboard operation
notes copied to clipboard

Published 20 hours ago verified publisher icon lextoumbourou

Bump ws, @mermaid-js/mermaid-cli and puppeteer

Open dependabot[bot] opened this issue 7 months ago • 1 comments
trafficstars

Bumps ws to 8.18.1 and updates ancestor dependencies ws, @mermaid-js/mermaid-cli and puppeteer. These dependencies need to be updated together.

Updates ws from 8.13.0 to 8.18.1

Release notes

Sourced from ws's releases.

8.18.1

Bug fixes

  • The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

8.18.0

Features

  • Added support for Blob (#2229).

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
</tr></table>

... (truncated)

Commits

Updates @mermaid-js/mermaid-cli from 10.9.1 to 11.4.2

Release notes

Sourced from @​mermaid-js/mermaid-cli's releases.

11.4.2

Changes

🐛 Bug Fixes

  • fix(types): correct rootDir in tsconfig.json @​aloisklink (#804) This fixes TypeScripts imports in v11.4.1

Full Changelog: https://github.com/mermaid-js/mermaid-cli/compare/11.4.1...11.4.2

11.4.1

Changes

🐛 Bug Fixes

📦 Dependency updates

11.4.0

Changes

📦 Dependency updates

11.3.0

Changes

🐛 Bug Fixes

... (truncated)

Commits
  • 6fddb94 fix(types): correct rootDir in tsconfig.json
  • f98b6f9 Bump version 11.4.1
  • 1284b7e build(deps): bump mermaid from 11.4.0 to 11.4.1
  • c23d016 build(deps-dev): bump vite from 4.5.5 to 6.0.2
  • aa35c3f build(deps-dev): bump @​types/node from 18.19.65 to 18.19.67
  • 170e869 build(deps-dev): bump @​mermaid-js/layout-elk from 0.1.5 to 0.1.7
  • d12939c fix: change to update version.js from scripts
  • 9a42e3c refactor: create version file and delete loading package.json version
  • 162a640 build(deps-dev): bump @​types/node from 18.19.64 to 18.19.65
  • d51fdea build(deps-dev): bump typescript from 5.6.3 to 5.7.2
  • Additional commits viewable in compare view

Updates puppeteer from 21.11.0 to 24.6.1

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.6.1

24.6.1 (2025-04-09)

Bug Fixes

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 2.9.0 to 2.10.0

puppeteer: v24.6.1

24.6.1 (2025-04-09)

Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 2.9.0 to 2.10.0
      • puppeteer-core bumped from 24.6.0 to 24.6.1

puppeteer-core: v24.6.0

24.6.0 (2025-04-03)

Features

puppeteer: v24.6.0

24.6.0 (2025-04-03)

Features

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.6.1 (2025-04-09)

Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​puppeteer/browsers bumped from 2.9.0 to 2.10.0

Bug Fixes

24.6.0 (2025-04-03)

Features

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 24.5.0 to 24.6.0

24.5.0 (2025-03-31)

Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated

... (truncated)

Commits
  • 45a289e chore: release main (#13762)
  • 8145dd6 fix: optimize base64 decoding (#13753)
  • 43baf13 feat: expose utilities for managing browser artifacts manually (#13761)
  • 4013556 fix(webdriver): handle errors if exposed function args are no longer availabl...
  • 446a07c fix: roll to Firefox 137.0.1 (#13758)
  • ab6459f fix: roll to Chrome 135.0.7049.84 (#13756)
  • 1007c56 ci: disable wireit caching (#13754)
  • af20ea8 test: fix a flaky test (#13751)
  • 559cf41 chore(deps-dev): Bump @​swc/core from 1.11.13 to 1.11.16 in /website in the al...
  • 3b8303d chore(deps): Bump estree-util-value-to-estree from 3.3.2 to 3.3.3 in /website...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for puppeteer since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Apr 21 '25 01:04 dependabot[bot]

Deploy Preview for notesbylex failed.

Name Link
Latest commit 2c8730d33289263e2c2179a3da801c85b5e9308b
Latest deploy log https://app.netlify.com/sites/notesbylex/deploys/6805a286f18e4a000887e242

netlify[bot] avatar Apr 21 '25 01:04 netlify[bot]