Bump the npm_and_yarn group across 1 directory with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
async	3.2.5	3.2.6
cote	1.0.3	1.2.0
sails-hook-sockets	2.0.4	3.0.1
shortid	2.2.16	2.2.17
micromatch	4.0.5	4.0.8

Updates async from 3.2.5 to 3.2.6

Commits

• 85fb18f Version 3.2.6
• 8c0c941 Update built files
• 5f756b4 Fix ReDoS (#1980)
• 39cdc9b build(deps-dev): bump karma from 6.4.3 to 6.4.4 (#1985)
• 7b8ddeb build(deps-dev): bump @​babel/core from 7.24.7 to 7.25.2 (#1981)
• 4634a9d build(deps-dev): bump rollup from 4.18.0 to 4.19.2 (#1982)
• afb176c build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#1983)
• 3568a74 build(deps-dev): bump @​babel/eslint-parser from 7.24.7 to 7.25.1 (#1984)
• 9e885fd build(deps-dev): bump babel-plugin-istanbul from 6.1.1 to 7.0.0 (#1986)
• f9c7f2a build(deps-dev): bump semver from 7.6.2 to 7.6.3 (#1987)
• Additional commits viewable in compare view

Updates cote from 1.0.3 to 1.2.0

Changelog

Sourced from cote's changelog.

v1.2.0 (2024-11-16)

Full Changelog

Implemented enhancements:

• Upgrade to socket.io 4.8.1
• Run npm audit fix—no production dependencies are affected, this is only for development dependencies

v1.1.0 (2024-06-13)

Full Changelog

Closed issues:

• Remove hiredis dependency #258
• Requester can see the Responder but dont send request to it #267
• Hide "no listeners found for event" log #265
• Can't start cote due to port issue #263
• Select port used #262
• Cote not working with AWS Autoscalling instances. #261
• hiredis dependency preventing using node versions > 10? #256
• Invalid 'main' field - node-discover #255
• K3S Kubernetes Cluster: TypeError [ERR_INVALID_ARG_TYPE]: The "options.port" property must be one of type number or string. Received null #254
• Authentication consideration #53

Merged pull requests:

• Fix typo for README.md #272 (ymzEmre)

Commits

• 5138889 1.2.0
• d2dc3da Update changelog
• 3f29402 Update changelog format to the new version
• e171737 Run npm audit fix
• 9e74f02 Upgrade socket.io to 4.8.1
• 6cde186 Add ESLint and Prettier config and reformat codebase
• 2e5c17f 1.1.0
• 1f73e08 Update changelog
• 0f8007a Upgrade and fix dependencies to also switch to ioredis
• 94cd1b8 Fix typo for README.md
• See full diff in compare view

Updates sails-hook-sockets from 2.0.4 to 3.0.1

Commits

• 8eeff00 3.0.1
• a80f9a1 bump socket.io to 4.7.5 (#52)
• 6aedc51 3.0.0
• 9ffd954 Upgrade Socket.io dependency (2.5.0 » 4.7.2) (#50)
• See full diff in compare view

Updates shortid from 2.2.16 to 2.2.17

Changelog

Sourced from shortid's changelog.

2.2.17

• Fixed CVE warning by moving to Nano ID 3.

Commits

• ef422f7 release 2.2.17
• a12591b Move to Nano ID 3
• 937ce2c Update only clean-publish
• 2e59a92 Revert "Update development tools"
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ai, a new releaser for shortid since your current version.

Updates ajv from 5.5.2 to 6.10.0

Release notes

Sourced from ajv's releases.

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

• dependencies option in to require the presence of keywords in the same schema.
• more strict validation of the definition using JSON Schema.

v6.8.0

Docs: security considerations. Meta-schema for the security assessment of JSON Schemas.

v6.7.0

Option useDefaults: "empty" to replace null and "" (empty strings) with default values (in addition to assigning defaults to missing and undefined properties). Update draft-04 meta-schema to remove incorrect usage of "uri" format.

v6.6.0

Keyword "nullable" from OpenAPI spec Replaced phantomjs with headless chrome

v6.5.0

With option passContext, the context is now passed in recursive/mutually recursive refs (@​cvlab, #768).

v6.4.0

Support URNs in $id - core url package is replaced with url-js (#423, @​sondrele).

v6.3.0

Typescript declarations updated to use PromiseLike (#717, @​krenor)

v6.2.0

Parameter allowedValue in the error of const keyword (#713, @​marshall007).

v6.1.0

A different error message for additionalProperties error with errorDataPath: 'property' option (#671, @​lehni)

v6.0.0

Changes from v5.5.2

draft-07 support:

• if/then/else keywords
• $comment keyword
• default meta-schema is draft-07

Schema IDs

• only $id keyword is used as schema ID by default.
• schemaId option should be set to "id" or "auto" for id keyword to be used. See Options.

... (truncated)

Commits

• 6c20483 6.10.0
• 38d1acd refactor: strictDefaults option
• e993bd6 feat: strictKeywords option to report unknown keywords, closes #781
• 9a28689 style: fix
• 18268c5 additional tests for strictDefault options
• 4b76519 Merge branch 'not-an-aardvark-invalidDefaults-option'
• 88199d5 rename option to strictDefaults
• c081061 feat: invalidDefaults option to warn when defaults are ignored, fixes #957
• 2aa49ae 6.9.2
• dffe473 chore(package): update mocha to version 6.0.0 (#952)
• Additional commits viewable in compare view

Updates cross-spawn from 5.1.0 to 7.0.3

Changelog

Sourced from cross-spawn's changelog.

7.0.3 (2020-05-25)

Bug Fixes

• detect path key based on correct environment (#133) (159e7e9)

7.0.2 (2020-04-04)

Bug Fixes

• fix worker threads in Node >=11.10.0 (#132) (6c5b4f0)

7.0.1 (2019-10-07)

Bug Fixes

• core: support worker threads (#127) (cfd49c9)

7.0.0 (2019-09-03)

⚠ BREAKING CHANGES

• drop support for Node.js < 8

• drop support for versions below Node.js 8 (#125) (16feb53)

6.0.5 (2018-03-02)

Bug Fixes

• avoid using deprecated Buffer constructor (#94) (d5770df), closes /nodejs.org/api/deprecations.html#deprecations_dep0005

6.0.4 (2018-01-31)

Bug Fixes

• fix paths being incorrectly normalized on unix (06ee3c6), closes #90

... (truncated)

Commits

• 7bc42bc chore(release): 7.0.3
• 159e7e9 fix: detect path key based on correct environment (#133)
• 7501971 chore(release): 7.0.2
• 6c5b4f0 fix: fix worker threads in Node >=11.10.0 (#132)
• c76e7bb chore: change postrelease script to push to current branch
• cfcc6f2 chore: change postrelease script to push to current branch
• eb565be chore: commit package-lock
• c86fe67 chore: use https in some links
• 5d0c852 chore: standardize postrelease script (screpto)
• aa7f227 chore(release): 7.0.1
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates nanoid from 2.1.11 to 3.3.8

Release notes

Sourced from nanoid's releases.

3.0 Migration Guide

Nano ID 3.0 is the biggest release in the project history. Unfortunately, you will need to change the code of your application. But the changes are very small in most cases. In return, you will have better performance, smaller size, ES modules and TypeScript support.

Known Issues

• Only Create React App 4.0 supports dual ESM/CJS modules.

Simple Case

In simple cases, you just need to change default import to named import.

- import nanoid from 'nanoid'
+ import { nanoid } from 'nanoid'
nanoid() //=> "sSAi9F8yakJZPxOCr_WFb"
nanoid(5) //=> "ISe9l"

If you support IE, you need to transpile node_modules by Babel.

Non-secure and asynchronous Nano ID need only import changes as well.

- import nanoid from 'nanoid/non-secure'
+ import { nanoid } from 'nanoid/non-secure'
nanoid() //=> "sSAi9F8yakJZPxOCr_WFb"

- import nanoid from 'nanoid/async'
+ import { nanoid } from 'nanoid/async'
nanoid().then(id => {
id //=> "sSAi9F8yakJZPxOCr_WFb"
})

TypeScript

Remove @types/nanoid if you have it. Nano ID now have built-in types.

npm uninstall @types/nanoid

React Native

For Expo you need to load the file by direct path:

... (truncated)

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

3.3.4

• Fixed --help in CLI (by @​Lete114).

3.3.3

• Reduced size (by Anton Khlynovskiy).

3.3.2

• Fixed enhanced-resolve support.

3.3.1

• Reduced package size.

3.3

• Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

• Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

• Reduced async exports size (by Artyom Arutyunyan).
• Moved from Jest to uvu (by Vitaly Baev).

3.1.31

• Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

• Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

• Reduced npm package size.

3.1.28

• Reduced npm package size.

3.1.27

• Cleaned dependencies from development tools.

3.1.26

... (truncated)

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• 89d82d2 Release 3.3.7 version
• 5022c35 Update dual-publish
• 3e7a8e5 Remove benchmark from CI for v3
• d356144 Fix CI for v3
• 37b25df Move to pnpm 8
• d96f392 Release 3.3.6 version
• 8210dfb Release 3.3.5 version
• Additional commits viewable in compare view

Updates socket.io-parser from 3.3.3 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

Links

• Diff: socketio/socket.io-parser@4.2.3...4.2.4

4.2.3

⚠️ This release contains an important security fix ⚠️

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Please upgrade as soon as possible.

Bug Fixes

• check the format of the event name (3b78117)

Links

• Diff: socketio/socket.io-parser@4.2.2...4.2.3

4.2.2

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

Links

• Diff: socketio/socket.io-parser@4.2.1...4.2.2

4.2.1

Bug Fixes

• check the format of the index of each attachment (b5d0cb7)

Links

• Diff: socketio/socket.io-parser@4.2.0...4.2.1

... (truncated)

Changelog

Sourced from socket.io-parser's changelog.

4.2.4 (2023-05-31)

Bug Fixes

• ensure reserved events cannot be used as event names (d9db473)
• properly detect plain objects (b0e6400)

3.4.3 (2023-05-22)

Bug Fixes

• check the format of the event name (2dc3c92)

4.2.3 (2023-05-22)

Bug Fixes

• check the format of the event name (3b78117)

4.2.2 (2023-01-19)

Bug Fixes

• calling destroy() should clear all internal state (22c42e3)
• do not modify the input packet upon encoding (ae8dd88)

Commits

• 164ba2a chore(release): 4.2.4
• b0e6400 fix: properly detect plain objects
• d9db473 fix: ensure reserved events cannot be used as event names
• 6a5a004 docs(changelog): include changelog for release 3.4.3
• b6c824f chore(release): 4.2.3
• dcc70d9 refactor: export typescript declarations for the commonjs build
• 3b78117 fix: check the format of the event name
• 0841bd5 chore: bump ua-parser-js from 1.0.32 to 1.0.33 (#121)
• 28dd668 chore(release): 4.2.2
• 22c42e3 fix: calling destroy() should clear all internal state
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[nh758]

@dependabot show @sailshq/socket.io-redis ignore conditions

[github-actions]

Please add one release label:
major (for breaking changes), minor (for new features), patch (for bug fixes) or skip-release (to skip the auto release process).