chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /packages/app directory:

Package	From	To
electron-updater	5.3.0	6.3.4
pubnub	4.27.3	7.4.0
ses	0.12.7	1.8.0
chromedriver	111.0.0	129.0.2
gh-pages	3.2.3	6.1.1

Updates electron-updater from 5.3.0 to 6.3.4

Release notes

Sourced from electron-updater's releases.

[email protected]

Patch Changes

• #8417 e77de9f6 Thanks @​beyondkmp! - update semver to latest

• #8409 5fae1cf3 Thanks @​ckarich! - fix: windows signature verification special chars

• #8282 15ce5b41 Thanks @​beyondkmp! - fix aborted event

[email protected]

Patch Changes

• #8400 9dc0b49a Thanks @​Ryan432! - fix: Handle Linux deb auto update installation on applications having spaces in artifactName.

• #8393 8dabf64b Thanks @​beyondkmp! - fix: allow custom channel in github provider

• #8403 1c14820b Thanks @​xyloflake! - fix: handle spaces for all linux package managers

[email protected]

Patch Changes

• #8378 c8fe1462 Thanks @​s77rt! - Limit concurrent downloads to 1

[email protected]

Patch Changes

• #8372 c85b73d7 Thanks @​mmaietta! - fix: allow enabling tsc lib checking on electron-updater package

[email protected]

Minor Changes

• #8095 53cec79b Thanks @​beyondkmp! - feat: adding differential downloader for updates on macOS

Patch Changes

• #8108 3d4cc7ae Thanks @​beyondkmp! - feat: add minimumSystemVersion in electron updater

• #8304 1ac86c9e Thanks @​mmaietta! - chore: update pnpm to 9.4.0

• #8323 fa3275c0 Thanks @​mmaietta! - chore(deps): update dependency typescript to v5.5.3

• #8135 c2392de7 Thanks @​mmaietta! - fix: unstable hdiutil retry mechanism

• #8295 ac2e6a25 Thanks @​mmaietta! - fix: verify LiteralPath of update file during windows signature verification

• #8311 35a0784e Thanks @​rastiqdev! - fix(rpm-updater): stop uninstalling app before update

• #8227 48c59535 Thanks @​rotu! - fix(docs): update autoupdate docs noting that channels work with Github

• #8110 fa7982f1 Thanks @​mmaietta! - chore: entering alpha release stage

... (truncated)

Changelog

Sourced from electron-updater's changelog.

6.3.4

Patch Changes

• #8417 e77de9f6 Thanks @​beyondkmp! - update semver to latest

• #8409 5fae1cf3 Thanks @​ckarich! - fix: windows signature verification special chars

• #8282 15ce5b41 Thanks @​beyondkmp! - fix aborted event

6.3.3

Patch Changes

• #8400 9dc0b49a Thanks @​Ryan432! - fix: Handle Linux deb auto update installation on applications having spaces in artifactName.

• #8393 8dabf64b Thanks @​beyondkmp! - fix: allow custom channel in github provider

• #8403 1c14820b Thanks @​xyloflake! - fix: handle spaces for all linux package managers

6.3.2

Patch Changes

• #8378 c8fe1462 Thanks @​s77rt! - Limit concurrent downloads to 1

6.3.1

Patch Changes

• #8372 c85b73d7 Thanks @​mmaietta! - fix: allow enabling tsc lib checking on electron-updater package

6.3.0

Minor Changes

• #8095 53cec79b Thanks @​beyondkmp! - feat: adding differential downloader for updates on macOS

Patch Changes

• #8108 3d4cc7ae Thanks @​beyondkmp! - feat: add minimumSystemVersion in electron updater

• #8304 1ac86c9e Thanks @​mmaietta! - chore: update pnpm to 9.4.0

• #8323 fa3275c0 Thanks @​mmaietta! - chore(deps): update dependency typescript to v5.5.3

• #8135 c2392de7 Thanks @​mmaietta! - fix: unstable hdiutil retry mechanism

• #8295 ac2e6a25 Thanks @​mmaietta! - fix: verify LiteralPath of update file during windows signature verification

... (truncated)

Commits

• d5d9f3f chore(deploy): Release v25.0.5 ([email protected]) (#8411)
• e77de9f chore(deps): upgrade semver to latest to resolve CVE (#8417)
• 15ce5b4 fix: change abort listener to aborted event (#8282)
• 5fae1cf fix: windows signature verification special chars (#8409)
• 1dcf6bc chore(deploy): Release v25.0.4 ([email protected]) (#8402)
• 1c14820 fix: handle spaces in artifact name for all linux platforms instead of only ....
• 8dabf64 fix: add custom channel in github provider (#8393)
• 9dc0b49 fix(electron-updater,deb): Handle spaces in application artifact name for deb...
• 84f2909 chore(deploy): Release v25.0.3 ([email protected]) (#8377)
• c8fe146 fix(updater): Add global download promise to limit concurrent update download...
• Additional commits viewable in compare view

Updates pubnub from 4.27.3 to 7.4.0

Release notes

Sourced from pubnub's releases.

v7.4.0

October 16 2023

Added

• Add crypto module that allows configure SDK to encrypt and decrypt messages.

Fixed

• Improved security of crypto implementation by adding enhanced AES-CBC cryptor.

v7.3.3

September 11 2023

Fixed

• Fixes issue of getting misleading error message when sendFile fails.

v7.3.2

August 31 2023

Fixed

• Fixes issue of having deprecated superagent version. Fixed the following issues reported by @​wimZ: #317.

v7.3.1

August 21 2023

Fixed

• Fixes issue of missing get and set methods for userId field of PubNub configuration.

v7.3.0

July 28 2023

Fixed

• Fixes issue of severe vulnerability warnings for vm2 usage.

v7.2.3

June 24, 2023

Added

• Added optional parameter withHeartbeat to set state through heartbeat endpoint.

v7.2.2

December 13 2022

Fixed

... (truncated)

Changelog

Sourced from pubnub's changelog.

v7.4.0

October 16 2023

Added

• Add crypto module that allows configure SDK to encrypt and decrypt messages.

Fixed

• Improved security of crypto implementation by adding enhanced AES-CBC cryptor.

v7.3.3

September 11 2023

Fixed

• Fixes issue of getting misleading error message when sendFile fails.

v7.3.2

August 31 2023

Fixed

• Fixes issue of having deprecated superagent version. Fixed the following issues reported by @​wimZ: #317.

v7.3.1

August 21 2023

Fixed

• Fixes issue of missing get and set methods for userId field of PubNub configuration.

v7.3.0

July 26 2023

Fixed

• Fixes issue of severe vulnerability warnings for vm2 usage.

v7.2.3

June 19 2023

Added

• Added optional param withHeartbeat to set state through heartbeat endpoint.

v7.2.2

December 12 2022

Fixed

• Fixes a case in React Native with using an error interface in superagent.
• Fixes issue of getFileUrl not setting auth value as token string when token is set. Fixed the following issues reported by @​abdalla-nayer: #302.

v7.2.1

November 10 2022

... (truncated)

Commits

• fb6cd04 feat/CryptoModule (#339)
• d1fca58 CLEN-1556/fix/error handling when send file encounters issues (#338)
• 3745862 added readme.md tutorial video. (#336)
• ff67973 CLEN-1504/fix/upgrade superagent (#337)
• 8adfccd fix/CLEN-1440 (#335)
• 9584344 CLEN-1406/Fix proxy agent dependency upgrade (#331)
• 40570e6 build(aws): switch AWS CLI auth to access key (#332)
• 667cde9 build: add custom GHA large runner (#329)
• a8870c3 docs: update version and version bump regexp (#327)
• 1ba2fa6 feat: optional param withHeartbeat to set state through heartbeat endpoint. (...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by client-engineering-bot, a new releaser for pubnub since your current version.

Updates ses from 0.12.7 to 1.8.0

Changelog

Sourced from ses's changelog.

1.8.0 (2024-08-27)

Features

• add regenerator runtime taming (#2383) (6ae7995), closes #621 #1950
• ses: errorTrapping reports prepend "SES_UNCAUGHT_EXCEPTION:" (1090063)

Bug Fixes

• Delete obsolete platform-compatibility-test (#2419) (61660da), closes #2418 #2417 #1308 endojs/endo#2419 #2418 #2417
• IteratorResult in getAnonymousIntrinsics (ccb1b26)
• ses: make test insensitive to an irrelevant env var (#2403) (8fc0ef7), closes #2383

1.7.0 (2024-08-01)

Features

• ses: call lockdown before bundling SES shim (#2337) (8c01dd4)

1.6.0 (2024-07-30)

Features

• ses: Capture Compartment endowments and modules options (81eb956)
• ses: Compartment single argument options (bc94a2b)
• ses: Module descriptor parity with XS (11f1345)
• ses: Option noNamespaceBox (d996bad)
• ses: permit toHex etc (#2385) (c7ebcc1)
• ses: Remove module map validation (2f27834)
• types: assert.equal narrows (c3a593c)

Bug Fixes

• endow with original unstructured assert (#2323) (8b2bedb), closes #2324 #2324
• ses-demo: adapt to disabled Date.now() throwing (#2357) (b007d20), closes endojs/endo#910
• ses: Add missing reexports map field on precompiled module source (78b273d)
• ses: Defer module hook assertions (8e4396b)
• ses: work around #2348 linenumber bug (#2355) (00f5eab)

... (truncated)

Commits

• See full diff in compare view

Updates chromedriver from 111.0.0 to 129.0.2

Commits

• e25699d Bump version to 129.0.2
• 7abba4d Bump version to 129.0.1
• da9879c Bump version to 129.0.0
• df46c5c Bump version to 128.0.3
• b2a0982 Bump version to 128.0.2
• 87f9a87 Bump version to 128.0.1
• d95f797 Fix micromatch vulnerability
• 718b040 Bump version to 128.0.0
• b914f40 Update Axios
• e2181e5 Bump version to 127.0.3
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by giggio, a new releaser for chromedriver since your current version.

Updates gh-pages from 3.2.3 to 6.1.1

Release notes

Sourced from gh-pages's releases.

v6.1.1

Fixes

• fix: Add missing cname option not passed to the config by @​WillBAnders in tschaub/gh-pages#535

Dependency Updates

• Bump eslint from 8.53.0 to 8.55.0 by @​dependabot in tschaub/gh-pages#538
• Bump fs-extra from 11.1.1 to 11.2.0 by @​dependabot in tschaub/gh-pages#537
• Bump eslint from 8.55.0 to 8.56.0 by @​dependabot in tschaub/gh-pages#539

New Contributors

• @​WillBAnders made their first contribution in tschaub/gh-pages#535

Full Changelog: tschaub/gh-pages@v6.1.0...v6.1.1

v6.1.0

What's Changed

• Bump eslint from 8.46.0 to 8.49.0 by @​dependabot in tschaub/gh-pages#516
• Bump actions/checkout from 3 to 4 by @​dependabot in tschaub/gh-pages#515
• Bump chai from 4.3.7 to 4.3.8 by @​dependabot in tschaub/gh-pages#513
• Bump dir-compare from 4.0.0 to 4.2.0 by @​dependabot in tschaub/gh-pages#512
• Add --nojekyll and --cname options by @​tschaub in tschaub/gh-pages#533
• Bump actions/setup-node from 3 to 4 by @​dependabot in tschaub/gh-pages#527
• Bump chai from 4.3.8 to 4.3.10 by @​dependabot in tschaub/gh-pages#520
• Bump eslint from 8.49.0 to 8.53.0 by @​dependabot in tschaub/gh-pages#530
• Bump commander from 11.0.0 to 11.1.0 by @​dependabot in tschaub/gh-pages#524
• Bump async from 3.2.4 to 3.2.5 by @​dependabot in tschaub/gh-pages#529
• Bump sinon from 15.2.0 to 17.0.1 by @​dependabot in tschaub/gh-pages#531

Full Changelog: tschaub/gh-pages@v6.0.0...v6.1.0

v6.0.0

This release drops support for Node 14. Otherwise, there are no special upgrade considerations.

What's Changed

• Update readme.md by @​harveer07 in tschaub/gh-pages#440
• Bump sinon from 15.0.1 to 15.0.3 by @​dependabot in tschaub/gh-pages#474
• Bump eslint from 8.32.0 to 8.38.0 by @​dependabot in tschaub/gh-pages#477
• Bump fs-extra from 8.1.0 to 11.1.1 by @​dependabot in tschaub/gh-pages#473
• Add error message when --dist is not specified. by @​domsleee in tschaub/gh-pages#504
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in tschaub/gh-pages#505
• Bump eslint from 8.38.0 to 8.46.0 by @​dependabot in tschaub/gh-pages#506
• Bump semver from 6.3.0 to 6.3.1 by @​dependabot in tschaub/gh-pages#500
• Bump sinon from 15.0.3 to 15.2.0 by @​dependabot in tschaub/gh-pages#495
• Dependency updates and drop Node 14 by @​tschaub in tschaub/gh-pages#507

New Contributors

• @​harveer07 made their first contribution in tschaub/gh-pages#440
• @​domsleee made their first contribution in tschaub/gh-pages#504

... (truncated)

Changelog

Sourced from gh-pages's changelog.

v6.1.1

This release fixes an issue with the --cname option.

• #535 - fix: Add missing cname option not passed to the config (@​WillBAnders)
• #539 - Bump eslint from 8.55.0 to 8.56.0 (@​tschaub)

v6.1.0

This release adds support for --nojekyll and --cname options.

• #531 - Bump sinon from 15.2.0 to 17.0.1 (@​tschaub)
• #529 - Bump async from 3.2.4 to 3.2.5 (@​tschaub)
• #524 - Bump commander from 11.0.0 to 11.1.0 (@​tschaub)
• #530 - Bump eslint from 8.49.0 to 8.53.0 (@​tschaub)
• #520 - Bump chai from 4.3.8 to 4.3.10 (@​tschaub)
• #527 - Bump actions/setup-node from 3 to 4 (@​tschaub)
• #533 - Add --nojekyll and --cname options (@​tschaub)
• #512 - Bump dir-compare from 4.0.0 to 4.2.0 (@​tschaub)
• #513 - Bump chai from 4.3.7 to 4.3.8 (@​tschaub)
• #515 - Bump actions/checkout from 3 to 4 (@​tschaub)
• #516 - Bump eslint from 8.46.0 to 8.49.0 (@​tschaub)

v6.0.0

This release drops support for Node 14. Otherwise, there are no special upgrade considerations.

• #507 - Dependency updates and drop Node 14 (@​tschaub)
• #495 - Bump sinon from 15.0.3 to 15.2.0 (@​tschaub)
• #500 - Bump semver from 6.3.0 to 6.3.1 (@​tschaub)
• #506 - Bump eslint from 8.38.0 to 8.46.0 (@​tschaub)
• #505 - Bump word-wrap from 1.2.3 to 1.2.5 (@​tschaub)
• #504 - Add error message when --dist is not specified. (@​domsleee)
• #473 - Bump fs-extra from 8.1.0 to 11.1.1 (@​tschaub)
• #477 - Bump eslint from 8.32.0 to 8.38.0 (@​tschaub)
• #474 - Bump sinon from 15.0.1 to 15.0.3 (@​tschaub)
• #440 - Update readme.md (@​harveer07)

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

• #438 - Remove quotation marks (@​Vicropht)
• #459 - Bump async from 2.6.4 to 3.2.4 (@​tschaub)
• #454 - Bump email-addresses from 3.0.1 to 5.0.0 (@​tschaub)
• #455 - Bump actions/setup-node from 1 to 3 (@​tschaub)
• #453 - Bump actions/checkout from 2 to 3 (@​tschaub)
• #445 - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. (@​Nezteb)

... (truncated)

Commits

• e98ba0f 6.1.1
• 122872f Log changes
• 3312dc4 Merge pull request #535 from WillBAnders/fix/missing-cname-option
• b6b8454 Add test for cnameExists, asserting it replaces the existing CNAME
• 1c60556 Add debug logs for nojekyll/cname creation as recommended by @​paymand
• 727d714 Merge pull request #539 from tschaub/dependabot/npm_and_yarn/eslint-8.56.0
• 2a53e76 Bump eslint from 8.55.0 to 8.56.0
• 96124af Merge pull request #537 from tschaub/dependabot/npm_and_yarn/fs-extra-11.2.0
• 09076df Merge pull request #538 from tschaub/dependabot/npm_and_yarn/eslint-8.55.0
• 8135495 Bump eslint from 8.53.0 to 8.55.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	environment, shell Transitive: filesystem, network	+45	6.63 MB	giggio
npm/[email protected]	environment, filesystem, network, shell	+7	747 kB	onegoldfishh
npm/[email protected]	filesystem, shell Transitive: environment	+19	1.28 MB	tschaub
npm/[email protected]	filesystem Transitive: environment, eval, network	+52	5.73 MB	client-engineering-bot
npm/[email protected]	None	+1	3.5 MB	kriskowal

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Network access	npm/[email protected]	Module: net Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: tls Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: http2 Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: http Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: https Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: http-proxy-agent Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: https-proxy-agent Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: http Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: https Location: Package overview	packages/app/package.json	🚫
Network access	npm/[email protected]	Module: net Location: Package overview	packages/app/package.json	🚫

View full report↗︎

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]