build(deps-dev): Bump the npm_and_yarn group across 1 directory with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: axios and class-validator.

Updates axios from 0.21.4 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

• 5b8a826 chore(release): v1.7.7 (#6585)
• 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
• d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
• d584fcf chore(release): v1.7.6 (#6583)
• bc03c6c chore(examples): fix module import (#6575)
• df9889b fix(fetch): optimize signals composing logic; (#6582)
• ee208cf chore(sponsor): update sponsor block (#6576)
• 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• Additional commits viewable in compare view

Updates class-validator from 0.13.2 to 0.14.1

Release notes

Sourced from class-validator's releases.

v0.14.1

What's Changed

• fix: fail for non-array constraint in @IsIn decorator by @​NoNameProvided in typestack/class-validator#1844
• feat: allow specifying options for @IsBase64 decorator by @​NoNameProvided in typestack/class-validator#1845
• feat: use official type for version in @IsUUID decorator by @​NoNameProvided in typestack/class-validator#1846
• build(deps-dev): bump @​types/node from 18.11.12 to 18.11.13 by @​dependabot in typestack/class-validator#1847
• build(deps): bump libphonenumber-js from 1.10.14 to 1.10.15 by @​dependabot in typestack/class-validator#1848
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.46.0 to 5.46.1 by @​dependabot in typestack/class-validator#1850
• build(deps-dev): bump @​types/node from 18.11.13 to 18.11.14 by @​dependabot in typestack/class-validator#1851
• build(deps-dev): bump @​typescript-eslint/parser from 5.46.0 to 5.46.1 by @​dependabot in typestack/class-validator#1852
• build(deps-dev): bump @​types/node from 18.11.14 to 18.11.15 by @​dependabot in typestack/class-validator#1854
• build(deps-dev): bump @​rollup/plugin-commonjs from 23.0.4 to 23.0.5 by @​dependabot in typestack/class-validator#1855
• docs: fix typos and reformat decorators table by @​carlocorradini in typestack/class-validator#1849
• fix: allow number and boolean values in validation message "$value" tokens by @​kffl in typestack/class-validator#1467
• feat: update @IsPhoneNumber decorator to use max dataset by @​NoNameProvided in typestack/class-validator#1857
• fix: read nullable option in @IsNotEmptyObject decorator correctly by @​arkist in typestack/class-validator#1555
• build(deps-dev): bump eslint-plugin-jest from 27.1.6 to 27.1.7 by @​dependabot in typestack/class-validator#1859
• build(deps-dev): bump eslint from 8.29.0 to 8.30.0 by @​dependabot in typestack/class-validator#1860
• build(deps-dev): bump @​rollup/plugin-commonjs from 23.0.5 to 24.0.0 by @​dependabot in typestack/class-validator#1862
• build(deps-dev): bump @​types/node from 18.11.15 to 18.11.17 by @​dependabot in typestack/class-validator#1861
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.46.1 to 5.47.0 by @​dependabot in typestack/class-validator#1864
• build(deps-dev): bump @​typescript-eslint/parser from 5.46.1 to 5.47.0 by @​dependabot in typestack/class-validator#1865
• build(deps-dev): bump @​typescript-eslint/parser from 5.47.0 to 5.47.1 by @​dependabot in typestack/class-validator#1870
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.47.0 to 5.47.1 by @​dependabot in typestack/class-validator#1872
• build(deps-dev): bump @​types/node from 18.11.17 to 18.11.18 by @​dependabot in typestack/class-validator#1871
• build(deps-dev): bump @​types/jest from 29.2.4 to 29.2.5 by @​dependabot in typestack/class-validator#1875
• build(deps): bump json5 from 2.2.1 to 2.2.3 by @​dependabot in typestack/class-validator#1878
• build(deps-dev): bump eslint from 8.30.0 to 8.31.0 by @​dependabot in typestack/class-validator#1876
• build(deps-dev): bump eslint-plugin-jest from 27.1.7 to 27.2.0 by @​dependabot in typestack/class-validator#1877
• build(deps-dev): bump @​typescript-eslint/parser from 5.47.1 to 5.48.0 by @​dependabot in typestack/class-validator#1879
• build(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0 by @​dependabot in typestack/class-validator#1881
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.47.1 to 5.48.0 by @​dependabot in typestack/class-validator#1880
• build(deps): bump libphonenumber-js from 1.10.15 to 1.10.16 by @​dependabot in typestack/class-validator#1886
• build(deps-dev): bump eslint-plugin-jest from 27.2.0 to 27.2.1 by @​dependabot in typestack/class-validator#1890
• build(deps): bump libphonenumber-js from 1.10.16 to 1.10.17 by @​dependabot in typestack/class-validator#1892
• build(deps-dev): bump prettier from 2.8.1 to 2.8.2 by @​dependabot in typestack/class-validator#1891
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.48.0 to 5.48.1 by @​dependabot in typestack/class-validator#1894
• build(deps-dev): bump @​typescript-eslint/parser from 5.48.0 to 5.48.1 by @​dependabot in typestack/class-validator#1893
• build(deps): bump libphonenumber-js from 1.10.17 to 1.10.18 by @​dependabot in typestack/class-validator#1895
• build(deps-dev): bump ts-jest from 29.0.3 to 29.0.4 by @​dependabot in typestack/class-validator#1898
• build(deps-dev): bump rimraf from 3.0.2 to 4.0.4 by @​dependabot in typestack/class-validator#1900
• build(deps-dev): bump eslint from 8.31.0 to 8.32.0 by @​dependabot in typestack/class-validator#1902
• build(deps-dev): bump prettier from 2.8.2 to 2.8.3 by @​dependabot in typestack/class-validator#1905
• build(deps-dev): bump ts-jest from 29.0.4 to 29.0.5 by @​dependabot in typestack/class-validator#1904
• build(deps-dev): bump rimraf from 4.0.4 to 4.0.7 by @​dependabot in typestack/class-validator#1903
• build(deps-dev): bump @​typescript-eslint/parser from 5.48.1 to 5.48.2 by @​dependabot in typestack/class-validator#1908
• build(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.48.1 to 5.48.2 by @​dependabot in typestack/class-validator#1910
• build(deps-dev): bump rimraf from 4.0.7 to 4.1.0 by @​dependabot in typestack/class-validator#1909
• build(deps-dev): bump rimraf from 4.1.0 to 4.1.1 by @​dependabot in typestack/class-validator#1911
• build(deps-dev): bump @​types/jest from 29.2.5 to 29.2.6 by @​dependabot in typestack/class-validator#1912

... (truncated)

Changelog

Sourced from class-validator's changelog.

Changelog

This changelog follows the [keep a changelog][keep-a-changelog] format to maintain a human readable changelog.

0.14.0 (2022-12-09)

Added

• add @IsTimeZone decorator to check if given string is valid IANA time zone
• add @IsISO4217CurrencyCode decorator to check if the string is an ISO 4217 currency code
• add @IsStrongPassword decorator to check if given password matches specific complexity criteria
• add @IsBase58 decorator to check if a string is base58 encoded
• add @IsTaxId decorator to check if a given string is a valid tax ID in a given locale
• add support for passing function as date generator in @MinDate and @MaxDate decorators
• add option to print constraint error message instead of constraint type in validation error
• improve decorator metadata lookup performance
• return possible values in error message for @IsEnum decorator

Fixed

• re-added @types/validator as dependency
• fix error generation when using @NestedValidation
• pass validation options correctly to validator in @IsDateString decorator
• support passing Symbol as parameter in error message generation
• specify supported locales for @IsAlphanumeric decorator
• correctly assign decorator name in metadata instead of loosing it
• fix various spelling errors in documentation
• fix various spelling errors and inconsistencies in JSDoc for decorators

Changed

• enable forbidUnknownValues option by default
• remove documentation about deprecated schema based validation and added warning
• update warning message logged about missing decorator metadata
• update libphonenumber-js to ^1.10.14 from ^1.9.43
• update various dev-dependencies

BREAKING CHANGES

forbidUnknownValues option is enabled by default

From this release the forbidUnknownValues is enabled by default. This is the desired behavior for majority of use-cases, but this change may break validation for some. The two scenarios that results in failed validation:

• when attempting to validate a class instance without metadata for it
• when using group validation and the specified validation group results in zero validation applied

The old behavior can be restored via specifying forbidUnknownValues: false option when calling the validate functions.

For more details see [PR #1798](typestack/class-validator#1798) and #1422 (comment).

... (truncated)

Commits

• adffae3 bump package-lock version from 0.14.0 to 0.14.1 (#2375)
• 0a18ea2 [UPDATE] bump repo version (#2372)
• 19f290f build(deps-dev): bump @​types/node from 20.10.8 to 20.11.0 (#2369)
• 0042559 Fix validator imports (#2360)
• 611f833 build(deps-dev): bump @​types/node from 20.10.7 to 20.10.8 (#2359)
• b76fab3 build(deps-dev): bump eslint-plugin-jest from 27.6.1 to 27.6.2 (#2358)
• e8f3c8a build(deps-dev): bump @​types/node from 20.10.6 to 20.10.7 (#2355)
• 6d176e2 build(deps-dev): bump eslint-plugin-jest from 27.6.0 to 27.6.1 (#2353)
• d16211c build(deps-dev): bump @​types/node from 20.10.5 to 20.10.6 (#2351)
• 3ab54c4 build(deps): bump libphonenumber-js from 1.10.52 to 1.10.53 (#2348)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/axios@1.7.7	network Transitive: environment, filesystem	+8	2.5 MB	jasonsaayman
npm/class-validator@0.14.1	None	+3	14.3 MB	typestack-release-bot
npm/progress@2.0.3	None	0	15.5 kB	turbopope
npm/prop-types@15.8.1	environment	+4	145 kB	ljharb
npm/reflect-metadata@0.1.14	None	0	295 kB	rbuckton
npm/regenerator-runtime@0.13.11	None	0	27.8 kB	benjamn
npm/source-map-support@0.5.21	filesystem	+2	895 kB	linusu
npm/source-map@0.7.4	filesystem, network	0	226 kB	eemeli
npm/sourcemap-validator@2.1.0	Transitive: eval	+7	341 kB	stefanpenner
npm/swc-plugin-coverage-instrument@0.0.24	None	0	6.41 MB	kwonoj
npm/terser@5.34.1	Transitive: filesystem, shell	+7	2.88 MB	fabiosantoscode
npm/yaml@2.6.0	None	0	681 kB	eemeli
npm/zx@8.1.9	environment, filesystem, network, shell, unsafe	+2	893 kB	google-wombot

🚮 Removed packages: npm/axios@0.21.4, npm/class-validator@0.13.2

View full report↗︎

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your package.json. Because of this, Dependabot cannot update this pull request.