chore(deps): bump qs from 6.14.0 to 6.14.1#8
Open
dependabot[bot] wants to merge 31 commits intomasterfrom
Open
chore(deps): bump qs from 6.14.0 to 6.14.1#8dependabot[bot] wants to merge 31 commits intomasterfrom
dependabot[bot] wants to merge 31 commits intomasterfrom
Conversation
Updated source code imports: - @zazuko/vue-graph-layout -> @lindas/vue-graph-layout - @zazuko/env/web -> @lindas/env/web - @zazuko/prefixes -> @lindas/prefixes Files changed: - src/components/data-model/data-model-component.vue - src/components/ResourcesExplorer.vue - src/components/shacl-dialog/modal-shacl-load.vue - src/views/ShaclEditor.vue Published versions: - @lindas/vue-graph-layout@0.1.6 - @lindas/spex@0.2.4
Updated source code imports: - @zazuko/vue-graph-layout -> @lindas/vue-graph-layout - @zazuko/env/web -> @lindas/env/web - @zazuko/prefixes -> @lindas/prefixes Files changed: - src/components/data-model/data-model-component.vue - src/components/ResourcesExplorer.vue - src/components/shacl-dialog/modal-shacl-load.vue - src/views/ShaclEditor.vue - packages/vocabulary-extras-builders/package.json (generate script)
- Add @lindas/rdf-parser-csvw-xlsx package (forked from @zazuko/rdf-parser-csvw-xlsx) - Update clownface package.json: - Rename from lindas-clownface to @lindas/clownface - Point repository to lindas-stack-libraries monorepo - Remove husky configuration (not needed in monorepo) - Add publishConfig for public access
…yout Security fixes: - Replace xlsx library with exceljs in rdf-parser-csvw-xlsx to fix: - Prototype Pollution vulnerability (GHSA-4r6h-8v6p-xvw6) - ReDoS vulnerability (GHSA-5pgg-2g8v-p4x9) - Migrate vue-graph-layout from Vue CLI to Vite to fix: - webpack-dev-server source code theft vulnerability - Multiple other webpack-dev-server vulnerabilities Other improvements: - Fix Windows path handling in tests using fileURLToPath - Bump @lindas/env-node to ^3.0.2 - All 8 tests pass with exceljs implementation
Renamed config files to use .cjs extension for CommonJS compatibility: - postcss.config.js -> postcss.config.cjs - tailwind.config.js -> tailwind.config.cjs - babel.config.js -> Removed (not needed with Vite) This fixes the build failure caused by module.exports being used in an ES module context (package.json has "type": "module"). Build now succeeds with Vite producing: - vue-graph-layout.js (9.90 kB) - vue-graph-layout.umd.cjs (7.12 kB) - vue-graph-layout.css (0.49 kB)
- Added npm override to replace @zazuko/rdf-parser-csvw-xlsx (uses vulnerable xlsx) with @lindas/rdf-parser-csvw-xlsx (uses safe exceljs) - Resolves GHSA-4r6h-8v6p-xvw6 (Prototype Pollution in sheetJS) - Resolves GHSA-5pgg-2g8v-p4x9 (ReDoS in sheetJS) - npm audit now reports 0 vulnerabilities
- Add proper exports with types for @lindas/env subpath exports (./web.js, ./Environment.js, etc.) - Update CI and release workflows to use --legacy-peer-deps - Support both main and master branches - Exclude test directory from TypeScript compilation in rdf-parser-csvw-xlsx - Remove compiled test files from repository
Published to npm with fixed TypeScript module exports.
- Add test suites for prefixes, vocabulary-loader, vocabulary-extras, vocabulary-extras-builders - Add mocha configuration for TypeScript tests - Add placeholder test scripts for UI packages (yasgui, yasr, yasqe, spex, shacl-test) - Configure changesets with README documentation - Add ts-node for TypeScript test support
- Add type assertions for streamToArray results - Fix factory type compatibility - Add eslint-disable comments for necessary any types
- wait-on@6 uses axios internal paths that don't work with Node 22 - Update to wait-on@9.0.3 which is compatible
The cube-hierarchy-query tests require docker-compose to start Fuseki (SPARQL server) for integration tests.
Updated snapshot key from @zazuko/cube-hierarchy-query to @lindas/cube-hierarchy-query to match the renamed package.
Same fix as CI workflow - cube-hierarchy-query tests require docker-compose to start Fuseki for integration tests.
- Tests run first on Node 18, 20, 22 - Security audit runs in parallel (non-blocking) - Release job runs after tests pass (only on push to main/master) - Added concurrency control to cancel outdated runs
Changesets action runs tests internally which need docker-compose for cube-hierarchy-query integration tests.
- Add webpack configuration for building yasgui packages - Add tsconfig files for TypeScript compilation - Increase maxPersistentResponseSize from 100KB to 10MB in yasr defaults - Add build scripts for yasgui bundle generation
- Downgrade get-stream from ^9.0.1 to ^8.0.0 in @lindas/env to fix Angular/esbuild bundler compatibility issue caused by @sec-ant/readable-stream async generator patterns - Add comprehensive proxy traps to extend() function in @lindas/env-core: getPrototypeOf, setPrototypeOf, isExtensible, preventExtensions, defineProperty, deleteProperty - Clean up debug logging from extend.js and Environment.js - Update changelogs
- Fork of @zazuko/formats-lazy v1.0.2 - Provides lazy-loaded RDF parsers and serializers - Uses @rdfjs/parser-n3, @rdfjs/parser-jsonld, rdfxml-streaming-parser - Does not depend on @graphy/* packages which require Node.js crypto - Browser-compatible alternative to @rdfjs-elements/formats-pretty
- Fixed malformed SinkMap generic types in index.d.ts - Properly import EventEmitter from events and Stream from @rdfjs/types - Fixes TS2345 error when using env.formats.import(formats)
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.1. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps qs from 6.14.0 to 6.14.1.
Changelog
Sourced from qs's changelog.
Commits
3fa11a5v6.14.1a626704[Dev Deps] updatenpmignore3086902[Fix] ensure arrayLength applies to[]notation as wellfc7930e[Dev Deps] updateeslint,@ljharb/eslint-config0b06aac[Dev Deps] update@ljharb/eslint-config64951f6[Refactor]parse: extract key segment splitting helpere1bd259[Dev Deps] update@ljharb/eslint-configf4b3d39[eslint] add eslint 9 optional peer dep6e94d95[Dev Deps] updateeslint,@ljharb/eslint-config,npmignore973dc3c[actions] add workflow permissionsYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.