Bump ms, fsevents, eslint-module-utils, karma, mocha and socket.io

[dependabot]

Bumps ms to 2.0.0 and updates ancestor dependencies ms, fsevents, eslint-module-utils, karma, mocha and socket.io. These dependencies need to be updated together.

Updates ms from 0.7.1 to 2.0.0

Release notes

Sourced from ms's releases.

2.0.0

Major Changes

• Limit str to 100 to avoid ReDoS of 0.3s: #89

Patches

• Ignored logs coming from npm: b1eaab752203e978492a4d540a7ae1d26e6306b1
• Bumped dependencies to the latest version: bcf57157678fd5afc691383145a35e116f9704d0
• Invalidated cache for slack badge: 94b995c1d6d5d13ec976a0c6849a3cca9b277e6b

Credits

Huge thanks to @​karenyavine for their help!

1.0.0

Major Changes

• Removed component specification: 1fbbe974cdcad96e592dcb65a7b2a8649f690420

Patches

• Test on LTS version of Node: c9b1fd319f0f9198d85ecf4ba83e46cc1216be04
• Removed XO: 94068ea6d518387670df277f740b1abada80ed48
• Use prettier and eslint: 57b3ef8e3423cae6254f94c5564a11b4492cff43
• Badge for XO removed: 389840b329436117741b2ef13a172725082695b9
• Removed browser testing: e818c3581aca3119c00d81901bfe8fe653bcfda4
• More suitable name for file containing tests: ee91f307a8dc3581ebdad614ec0533ddb3d8bf56

0.7.3

Patches

• Mark "options" param as optional in jsdoc: #77
• Lowercased text files: 5f0653ab192a30301aed8668b4588a87975b41ab
• Pinned dependencies: 126d7f094a1836b991c8d0abfeb4d0ce09ac280f
• Chore(package): update serve to version 5.0.1: #81

Credits

Huge thanks to @​Jokero for their help!

0.7.2

Patches 💅

• Added license field to package.json file: zeit/ms#42
• Renamed long and short (reserved keywords): zeit/ms#53
• Capitalized important files: b2d9f9d
• Specified version numbers for devDependencies in package.json: abd3616
• Updated license file to the latest version: 5d53ae8
• Only upload important files to npm, instead of excluding certain ones: 2b2f02a
• Adjusted name of repository in package.json: e84f95d

... (truncated)

Commits

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s (#89)
• b83b36d chore(package): update eslint to version 3.19.0 (#88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 (#86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by leo, a new releaser for ms since your current version.

Updates fsevents from 1.1.1 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

• Added node v10 for pre-built binaries
• C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

• BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
  • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
• Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
• Compatibility updates for nan v2.9.0

v1.1.3

• Added node v9 for pre-built binaries
• Fixed bug related to using --no-bin-links option on install
• Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

• Added Node.js v8 to the prebuild binary assets.
• Stopped prebuilding for io.js (can still be built locally)
• Updated node-pre-gyp to latest version (0.6.36)

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Updates eslint-module-utils from 2.0.0 to 2.7.4

Changelog

Sourced from eslint-module-utils's changelog.

Change Log

All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning. This change log adheres to standards from Keep a CHANGELOG.

[Unreleased]

Added

• [newline-after-import]: add considerComments option (#2399, thanks [@​pri1311])
• [no-cycle]: add allowUnsafeDynamicCyclicDependency option (#2387, thanks [@​GerkinDev])
• [no-restricted-paths]: support arrays for from and target options (#2466, thanks [@​AdriAt360])
• [no-anonymous-default-export]: add allowNew option (#2505, thanks [@​DamienCassou])
• [order]: Add distinctGroup option (#2395, thanks [@​hyperupcall])
• [no-extraneous-dependencies]: Add includeInternal option (#2541, thanks [@​bdwain])
• [no-extraneous-dependencies]: Add includeTypes option (#2543, thanks [@​bdwain])
• [order]: new alphabetize.orderImportKind option to sort imports with same path based on their kind (type, typeof) (#2544, thanks [@​stropho])
• [consistent-type-specifier-style]: add rule (#2473, thanks [@​bradzacher])
• Add [no-empty-named-blocks] rule (#2568, thanks [@​guilhermelimak])
• [prefer-default-export]: add "target" option (#2602, thanks [@​azyzz228])
• [no-absolute-path]: add fixer (#2613, thanks [@​adipascu])
• [no-duplicates]: support inline type import with inlineTypeImport option (#2475, thanks [@​snewcomer])

Fixed

• [order]: move nested imports closer to main import entry (#2396, thanks [@​pri1311])
• [no-restricted-paths]: fix an error message (#2466, thanks [@​AdriAt360])
• [no-restricted-paths]: use Minimatch.match instead of minimatch to comply with Windows Native paths (#2466, thanks [@​AdriAt360])
• [order]: require with member expression could not be fixed if alphabetize.order was used (#2490, thanks [@​msvab])
• [order]: leave more space in rankings for consecutive path groups (#2506, thanks [@​Pearce-Ropion])
• [no-cycle]: add ExportNamedDeclaration statements to dependencies (#2511, thanks [@​BenoitZugmeyer])
• [dynamic-import-chunkname]: prevent false report on a valid webpack magic comment (#2330, thanks [@​mhmadhamster])
• [export]: do not error on TS export overloads (#1590, thanks [@​ljharb])
• [no-unresolved], [extensions]: ignore type only exports (#2436, thanks [@​Lukas-Kullmann])
• ExportMap: add missing param to function (#2589, thanks [@​Fdawgs])
• [no-unused-modules]: checkPkgFieldObject filters boolean fields from checks (#2598, thanks [@​mpint])
• [no-cycle]: accept Flow typeof imports, just like type (#2608, thanks [@​gnprice])

Changed

• [Tests] [named]: Run all TypeScript test (#2427, thanks [@​ProdigySim])
• [readme] note use of typescript in readme import/extensions section (#2440, thanks [@​OutdatedVersion])
• [Docs] [order]: use correct default value (#2392, thanks [@​hyperupcall])
• [meta] replace git.io link in comments with the original URL (#2444, thanks [@​liby])
• [Docs] remove global install in readme (#2412, thanks [@​aladdin-add])
• [readme] clarify eslint-import-resolver-typescript usage (#2503, thanks [@​JounQin])
• [Refactor] [no-cycle]: Add per-run caching of traversed paths (#2419, thanks [@​nokel81])
• [Performance] ExportMap: add caching after parsing for an ambiguous module (#2531, thanks [@​stenin-nikita])
• [Docs] [no-useless-path-segments]: fix paths (#2424, thanks [@​s-h-a-d-o-w])
• [Tests] [no-cycle]: add passing test cases (#2438, thanks [@​georeith])
• [Refactor] [no-extraneous-dependencies] improve performance using cache (#2374, thanks [@​meowtec])
• [meta] CONTRIBUTING.md: mention inactive PRs (#2546, thanks [@​stropho])

... (truncated)

Commits

• d85bc44 utils: v2.7.4
• e4c90e5 [utils] [patch] mark eslint as an optional peer dep
• ab8b6d8 [Deps] update is-core-module
• 7a37f90 [Fix] order: leave more space in rankings for consecutive path groups
• 5fe9aa4 [readme] clarify eslint-import-resolver-typescript usage
• 0ef8cba [New] no-anonymous-default-export: add allowNew option
• d82670c [utils] [refactor] switch to an internal replacement for find-up
• 53a9d5d [Fix] no-unused-modules: ignore hashbang and BOM while parsing
• f18b676 [utils] [fix] ignore hashbang and BOM while parsing (#2431)
• ce037f4 [Fix] order: require with member expression could not be fixed if alphabeti...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for eslint-module-utils since your current version.

Updates karma from 1.7.0 to 6.4.1

Release notes

Sourced from karma's releases.

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.18

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

v6.3.17

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

v6.3.16

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

... (truncated)

Commits

• 0013121 chore(release): 6.4.1 [skip ci]
• 63d86be fix: pass integrity value
• 84f7cc3 chore(release): 6.4.0 [skip ci]
• f2d0663 docs: add integrity parameter
• dc51a2e feat: support SRI verification of link tags
• 6a54b1c feat: support SRI verification of script tags
• 5e71cf5 chore(release): 6.3.20 [skip ci]
• e17698f fix: prefer IPv4 addresses when resolving domains
• 60f4f79 build: add Node 16 and 18 to the CI matrix
• 6ff5aaf chore(release): 6.3.19 [skip ci]
• Additional commits viewable in compare view

Updates mocha from 3.4.2 to 3.5.3

Release notes

Sourced from mocha's releases.

v3.5.3

3.5.3 / 2017-09-11

🐛 Fixes

• #3003: Fix invalid entities in xUnit reporter first appearing in v3.5.1 ([@​jkrems])

#3003: mochajs/mocha#3003 [@​jkrems]: https://github.com/jkrems

v3.5.2

3.5.2 / 2017-09-10

🐛 Fixes

• #3001: Fix AMD-related failures first appearing in v3.5.1 ([@​boneskull])

#3001: mochajs/mocha#3001 [@​boneskull]: https://github.com/boneskull

v3.5.1

3.5.1 / 2017-09-09

📰 News

• 📣 Mocha is now sponsoring PDXNode! If you're in the Portland area, come check out the monthly talks and hack nights!

🐛 Fixes

• #2997: Fix missing xit export for "require" interface ([@​solodynamo])
• #2957: Fix unicode character handling in XUnit reporter failures ([@​jkrems])

🔩 Other

• #2986: Add issue and PR templates ([@​kungapal])
• #2918: Drop bash dependency for glob-related tests ([@​ScottFreeCode])
• #2922: Improve --compilers coverage ([@​ScottFreeCode])
• #2981: Fix tpyos and spelling errors ([@​jsoref])

#2997: mochajs/mocha#2997 #2957: mochajs/mocha#2957 #2918: mochajs/mocha#2918 #2986: mochajs/mocha#2986 #2922: mochajs/mocha#2922 #2981: mochajs/mocha#2981 [@​solodynamo]: https://github.com/solodynamo [@​jkrems]: https://github.com/jkrems [@​jsoref]: https://github.com/jsoref [@​ScottFreeCode]: https://github.com/ScottFreeCode [@​kungapal]: https://github.com/kungapal

... (truncated)

Changelog

Sourced from mocha's changelog.

3.5.3 / 2017-09-11

🐛 Fixes

• #3003: Fix invalid entities in xUnit reporter first appearing in v3.5.1 ([@​jkrems])

#3003: mochajs/mocha#3003

3.5.2 / 2017-09-10

🐛 Fixes

• #3001: Fix AMD-related failures first appearing in v3.5.1 ([@​boneskull])

#3001: mochajs/mocha#3001

3.5.1 / 2017-09-09

📰 News

• 📣 Mocha is now sponsoring PDXNode! If you're in the Portland area, come check out the monthly talks and hack nights!

🐛 Fixes

• #2997: Fix missing xit export for "require" interface ([@​solodynamo])
• #2957: Fix unicode character handling in XUnit reporter failures ([@​jkrems])

🔩 Other

• #2986: Add issue and PR templates ([@​kungapal])
• #2918: Drop bash dependency for glob-related tests ([@​ScottFreeCode])
• #2922: Improve --compilers coverage ([@​ScottFreeCode])
• #2981: Fix tpyos and spelling errors ([@​jsoref])

#2997: mochajs/mocha#2997 #2957: mochajs/mocha#2957 #2918: mochajs/mocha#2918 #2986: mochajs/mocha#2986 #2922: mochajs/mocha#2922 #2981: mochajs/mocha#2981 [@​solodynamo]: https://github.com/solodynamo [@​jkrems]: https://github.com/jkrems [@​jsoref]: https://github.com/jsoref

3.5.0 / 2017-07-31

📰 News

• Mocha now has a code of conduct (thanks [@​kungapal]!).
• Old issues and PRs are now being marked "stale" by Probot's "Stale" plugin. If an issue is marked as such, and you would like to see it remain open, simply add a new comment to the ticket or PR.

... (truncated)

Commits

• e838a77 Release v3.5.3
• 4727367 update changelog for v3.5.3 [ci skip]
• 45c870d Use safer XML escaping
• 72622ab Release v3.5.2
• ac4c39f fix version in CHANGELOG.md [ci skip]
• f06d969 update CHANGELOG for 3.5.2 [ci skip]
• 9a3ddeb fix AMD bundle by hacking around check in he module; closes #3000
• 337d317 fix broken links in CHANGELOG.md [ci skip]
• 4070a44 Release v3.5.1
• 466ba73 update CHANGELOG.md for v3.5.1 [ci skip]
• Additional commits viewable in compare view

Updates socket.io from 1.7.4 to 4.5.4

Release notes

Sourced from socket.io's releases.

4.5.4

This release contains a bump of:

• engine.io in order to fix CVE-2022-41940
• socket.io-parser in order to fix CVE-2022-2421.

Links:

• Diff: socketio/socket.io@4.5.3...4.5.4
• Client release: 4.5.4
• engine.io@~6.2.1 (diff)
• ws@~8.2.3

4.5.3

Bug Fixes

• typings: accept an HTTP2 server in the constructor (d3d0a2d)
• typings: apply types to "io.timeout(...).emit()" calls (e357daf)

Links:

• Diff: socketio/socket.io@4.5.2...4.5.3
• Client release: 4.5.3
• engine.io version: ~6.2.0
• ws version: ~8.2.3

4.5.2

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

Links:

• Diff: socketio/socket.io@4.5.1...4.5.2
• Client release: 4.5.2
• engine.io version: ~6.2.0
• ws version: ~8.2.3

4.5.1

Bug Fixes

• forward the local flag to the adapter when using fetchSockets() (30430f0)
• typings: add HTTPS server to accepted types (#4351) (9b43c91)

Links:

• Diff: socketio/socket.io@4.5.0...4.5.1
• Client release: 4.5.1
• engine.io version: ~6.2.0

... (truncated)

Changelog

Sourced from socket.io's changelog.

4.5.4 (2022-11-22)

This release contains a bump of:

• engine.io in order to fix CVE-2022-41940
• socket.io-parser in order to fix CVE-2022-2421.

Dependencies

• engine.io@~6.2.1 (diff)
• ws@~8.2.3

4.5.3 (2022-10-15)

Bug Fixes

• typings: accept an HTTP2 server in the constructor (d3d0a2d)
• typings: apply types to "io.timeout(...).emit()" calls (e357daf)

4.5.2 (2022-09-02)

Bug Fixes

• prevent the socket from joining a room after disconnection (18f3fda)
• uws: prevent the server from crashing after upgrade (ba497ee)

2.5.0 (2022-06-26)

Bug Fixes

• fix race condition in dynamic namespaces (05e1278)
• ignore packet received after disconnection (22d4bdf)
• only set 'connected' to true after middleware execution (226cc16)
• prevent the socket from joining a room after disconnection (f223178)

4.5.1 (2022-05-17)

Bug Fixes

... (truncated)

Commits

• 3b7ced7 chore(release): 4.5.4
• c00bb95 chore: bump engine.io to version 6.2.1
• 57e5f25 chore: bump socket.io-parser to version 4.2.1
• f4b6984 docs: add missing versions in the changelog
• 945c84b chore(release): 4.5.3
• d3d0a2d fix(typings): accept an HTTP2 server in the constructor
• 19b225b docs(examples): update dependencies of the basic CRUD example
• 8fae95d docs: add jsdoc for each public method
• e6f6b90 docs: add deprecation notice for the allSockets() method
• 596eb88 ci: upgrade to actions/checkout@3 and actions/setup-node@3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.