Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump minimist, aws-iot-device-sdk and mkdirp #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 27, 2023

Bumps minimist to 1.2.6 and updates ancestor dependencies minimist, aws-iot-device-sdk and mkdirp. These dependencies need to be updated together.

Updates minimist from 0.0.8 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

  • security notice 4cf1354
  • additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

  • more failing proto pollution tests 13c01a5
  • even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

v1.2.1 - 2020-03-10

Merged

Commits

v1.2.0 - 2015-08-24

Commits

... (truncated)

Commits

Updates aws-iot-device-sdk from 2.2.1 to 2.2.12

Release notes

Sourced from aws-iot-device-sdk's releases.

Dependency Update

  • Updated minimist version

Restore examples in npm

  • Adds examples folder back to npm package

Custom auth query support

  • Add support for custom auth connections via query params, intended for browser environments
  • Bind and propagate mqtt-js 'end' event
  • Misc unit test wording and reliability fixes

Dependency updates and new CD flow

  • Updated crypto-js version
  • Updated mqtt-js version
  • Removed reserved topic checks from subscribe calls

Update mqtt client implementation

  • Update 'mqtt' dependency to 4.2.6
Changelog

Sourced from aws-iot-device-sdk's changelog.

2.2.12 (July 30 2021)

Bugfixes/Improvements

  • Updated minimist version

2.2.11 (July 30 2021)

Bugfixes/Improvements

  • Added examples back into npm package

2.2.10 (July 9 2021)

Bugfixes/Improvements

  • Merged support for custom auth connections via query parameters
  • Bound/propagated the mqtt-js 'end' event
  • Unit test reliability and wording updates

2.2.9 (July 8, 2021)

Bugfixes/Improvements

  • Updated crypto-js version
  • Updated mqtt-js version
  • Removed reserved topic checks from subscribe calls

2.2.8 (May 20, 2021)

Bugfixes/Improvements

  • Updated mqtt dependency to latest version

2.2.7 (Sep 15, 2020)

Bugfixes/Improvements

  • send SNI string while connecting to AWS IoT
  • README warns about MacOS storing certificate in keychain

2.2.6 (May 18, 2020)

Bugfixes/Improvements

  • Require only the necessary modules from crypto-js to optimize bundle

2.2.5 (Apr 7, 2020)

Bugfixes/Improvements

  • Re-adding github related templates and readme change.

2.2.4 (Mar 31, 2020)

Bugfixes/Improvements

  • Bumping minimist version to 1.2.5 to address security issue

... (truncated)

Commits
  • ee40578 Added v2.2.12 release info to ChangeLog (#403)
  • 3bf2eed update minimist (#402)
  • d1b1016 Add examples back into npm package (#390)
  • 7cebf95 Update changelog (#385)
  • f636b45 Add missing device's 'end' event propagation. (#384)
  • 1eaeb85 Allow authorization using queryString when using wss-custom-auth. (#383)
  • fda92f8 Reenable custom auth integration tests and add to CI (#382)
  • 9c0b4db Credentials profile error messaging (#381)
  • 5979a84 Remove AWS_PROFILE from the process environment in a test that is affected by...
  • 4dfaea9 correct wording in unit test (#379)
  • Additional commits viewable in compare view

Updates mkdirp from 0.5.1 to 0.5.6

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [minimist](https://github.com/minimistjs/minimist) to 1.2.6 and updates ancestor dependencies [minimist](https://github.com/minimistjs/minimist), [aws-iot-device-sdk](https://github.com/aws/aws-iot-device-sdk-js) and [mkdirp](https://github.com/isaacs/node-mkdirp). These dependencies need to be updated together.


Updates `minimist` from 0.0.8 to 1.2.6
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v0.0.8...v1.2.6)

Updates `aws-iot-device-sdk` from 2.2.1 to 2.2.12
- [Release notes](https://github.com/aws/aws-iot-device-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-iot-device-sdk-js/blob/master/CHANGELOG.md)
- [Commits](aws/aws-iot-device-sdk-js@v2.2.1...v2.2.12)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-mkdirp@0.5.1...v0.5.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: aws-iot-device-sdk
  dependency-type: direct:production
- dependency-name: mkdirp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants