Bump the npm-security-updates group across 5 directories with 7 updates by dependabot[bot] · Pull Request #3129 · secureCodeBox/secureCodeBox

dependabot · 2025-07-14T16:34:07Z

Bumps the npm-security-updates group with 1 update in the /tests/integration directory: @babel/helpers.
Bumps the npm-security-updates group with 5 updates in the /parser-sdk/nodejs directory:

Package	From	To
brace-expansion	`2.0.1`	`2.0.2`
jsonpath-plus	`10.2.0`	`10.3.0`
tough-cookie	`2.5.0`	`removed`
@kubernetes/client-node	`0.22.3`	`1.3.0`
axios	`1.7.9`	`1.8.2`

Bumps the npm-security-updates group with 4 updates in the /hook-sdk/nodejs directory: brace-expansion, jsonpath-plus, tough-cookie and @kubernetes/client-node.
Bumps the npm-security-updates group with 4 updates in the /auto-discovery/kubernetes/pull-secret-extractor/integration-test directory: @babel/helpers, jsonpath-plus, tough-cookie and @kubernetes/client-node.
Bumps the npm-security-updates group with 4 updates in the / directory: @babel/helpers, jsonpath-plus, tough-cookie and @kubernetes/client-node.

Updates @babel/helpers from 7.26.0 to 7.27.6

Release notes

Sourced from @babel/helpers's releases.

v7.27.6 (2025-06-05)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17366 fix: finally causes unexpected return value (@liuxingbaoyu)

babel-generator, babel-parser, babel-types

#17357 Ensure syntactic ordering when visiting array-type AST nodes (@JLHwung)

Committers: 3

Huáng Jùnliàng (@JLHwung)

Ingvar Stepanyan (@RReverser)

@liuxingbaoyu

v7.27.5 (2025-06-03)

Thanks @NullVoxPopuli for your first PR!

🐛 Bug Fix

babel-plugin-transform-regenerator

#17359 fix: Unexpected infinite loop with regenerator for try (@liuxingbaoyu)

Other

#17349 Map ESLint's sourceType: commonjs to script (@JLHwung)

💅 Polish

babel-parser

#17333 Improve using declaration errors (@JLHwung)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

@NullVoxPopuli

@liuxingbaoyu

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

... (truncated)

Changelog

Sourced from @babel/helpers's changelog.

v7.27.6 (2025-06-05)

🐛 Bug Fix

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17366 fix: finally causes unexpected return value (@liuxingbaoyu)

babel-generator, babel-parser, babel-types

#17357 Ensure syntactic ordering when visiting array-type AST nodes (@JLHwung)

v7.27.5 (2025-06-03)

🐛 Bug Fix

babel-plugin-transform-regenerator

#17359 fix: Unexpected infinite loop with regenerator for try (@liuxingbaoyu)

Other

#17349 Map ESLint's sourceType: commonjs to script (@JLHwung)

💅 Polish

babel-parser

#17333 Improve using declaration errors (@JLHwung)

v7.27.4 (2025-05-30)

👓 Spec Compliance

babel-parser, babel-plugin-proposal-explicit-resource-management

#17323 Disallow using in bare case statement (@JLHwung)

💅 Polish

babel-parser

#17311 Improve parseExpression error messages (@JLHwung)

🔬 Output optimization

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#17287 Reduce regenerator size more (@liuxingbaoyu)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

#17334 Use shorter method names for regenerator context (@nicolo-ribaudo)

#17268 Reduce regenerator helper size (@liuxingbaoyu)

babel-core, babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoping, babel-plugin-transform-classes, babel-plugin-transform-destructuring, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone

#17238 Split regeneratorRuntime into multiple helpers (@nicolo-ribaudo)

v7.27.3 (2025-05-27)

🐛 Bug Fix

babel-generator

#17324 Improve multiline comments handling in yield/await expression (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3

#17328 Correctly set .displayName on GeneratorFunction (@nicolo-ribaudo)

babel-plugin-proposal-explicit-resource-management

#17319 fix: handle shadowed binding in for using of body (@JLHwung)

#17317 fix: support named evaluation for using declaration (@JLHwung)

babel-plugin-proposal-decorators, babel-types

#17321 fix(converter): Remove abstract modifiers in class declaration to expression conversion (@magic-akari)

babel-helper-module-transforms, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd

#17257 Preserve class id when transforming using declarations with exported class (@JLHwung)

... (truncated)

Commits

baa4cb8 v7.27.6
fdbf1b3 fix: finally causes unexpected return value (#17366)
7d06930 v7.27.4
5b9468d Reduce regenerator size more (#17287)
cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
49c0dbb Fix iterator compatibility of regeneratorValues (#17335)
d23a1bd Use shorter method names for regenerator context (#17334)
9dcd115 Restore behavior of regeneratorRuntime helper (#17329)
fe32019 Reduce regenerator helper size (#17268)
a0690e3 Split regeneratorRuntime into multiple helpers (#17238)
Additional commits viewable in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

pkg: publish on tag 2.x 14f1d91

fmt ed7780a

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

a3efcee 2.0.2
14f1d91 pkg: publish on tag 2.x
ed7780a fmt
36603d5 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates jsonpath-plus from 10.2.0 to 10.3.0

Release notes

Sourced from jsonpath-plus's releases.

v10.3.0

What's Changed

fix(eval): rce using non-string prop names by @80avin in JSONPath-Plus/JSONPath#237

feat(demo): make demo link shareable by @80avin in JSONPath-Plus/JSONPath#238

Full Changelog: JSONPath-Plus/JSONPath@v10.2.0...v10.3.0

Changelog

Sourced from jsonpath-plus's changelog.

10.3.0

fix(eval): rce using non-string prop names (#237)

feat(demo): make demo link shareable (#238)

chore: update deps. and devDeps.

Commits

9754e4b chore: bump version
f690da1 chore: update deps and devDeps
313a9b4 Merge pull request #238 from 80avin/shareable-demo
39a0d03 Merge pull request #237 from 80avin/fix-10.2.0-rce
1c532fc feat(demo): make demo link shareable
3094289 fix(eval): rce using non-string prop names
See full diff in compare view

Maintainer changes

This version was pushed to npm by 80avin, a new releaser for jsonpath-plus since your current version.

Removes tough-cookie

Updates @kubernetes/client-node from 0.22.3 to 1.3.0

Release notes

Sourced from @kubernetes/client-node's releases.

1.3.0

What's Changed

Update README.md by @brendandburns in kubernetes-client/javascript#2418

ci: test on Node v24 by @cjihrig in kubernetes-client/javascript#2419

build(deps): bump openid-client from 6.4.2 to 6.5.0 by @dependabot in kubernetes-client/javascript#2422

build(deps): bump @types/node from 22.15.11 to 22.15.14 by @dependabot in kubernetes-client/javascript#2423

build(deps): bump @types/node from 22.15.14 to 22.15.15 by @dependabot in kubernetes-client/javascript#2426

build(deps): bump @types/node from 22.15.15 to 22.15.17 by @dependabot in kubernetes-client/javascript#2428

Cherry-pick in two watch changes from the 0.x branch, clean up tests, fix list -> resourceVersion handling by @brendandburns in kubernetes-client/javascript#2429

build(deps-dev): bump typescript-eslint from 8.32.0 to 8.32.1 by @dependabot in kubernetes-client/javascript#2431

build(deps): bump @types/node from 22.15.17 to 22.15.18 by @dependabot in kubernetes-client/javascript#2436

feat: add model registry to object serializer by @schrodit in kubernetes-client/javascript#2433

build(deps-dev): bump @eslint/js from 9.26.0 to 9.27.0 by @dependabot in kubernetes-client/javascript#2439

build(deps): bump @types/node from 22.15.18 to 22.15.19 by @dependabot in kubernetes-client/javascript#2440

build(deps-dev): bump eslint from 9.26.0 to 9.27.0 by @dependabot in kubernetes-client/javascript#2441

chore: readd ws as a dependency by @mstruebing in kubernetes-client/javascript#2442

build(deps): bump @types/node from 22.15.19 to 22.15.21 by @dependabot in kubernetes-client/javascript#2445

fix: readd AbortError export by @xkabylgSICKAG in kubernetes-client/javascript#2446

build(deps): bump tar-fs from 3.0.8 to 3.0.9 by @dependabot in kubernetes-client/javascript#2447

build(deps-dev): bump typedoc from 0.28.4 to 0.28.5 by @dependabot in kubernetes-client/javascript#2452

update package versions in preparation for release by @cjihrig in kubernetes-client/javascript#2454

build(deps): bump @types/node from 22.15.21 to 22.15.23 by @dependabot in kubernetes-client/javascript#2456

build(deps-dev): bump typescript-eslint from 8.32.1 to 8.33.0 by @dependabot in kubernetes-client/javascript#2457

Full Changelog: kubernetes-client/javascript@1.2.0...1.3.0

1.2.0

What's Changed

Reintroduce timeout and keep-alive for watch requests to match client-go by @rossanthony in kubernetes-client/javascript#2367

watch: prevent done callback from being called twice on connection loss by @bverhoeven in kubernetes-client/javascript#2389

config: support username impersonation by @cjihrig in kubernetes-client/javascript#2373

fix(object): properly serialize objects on create/replace/patch by @schrodit in kubernetes-client/javascript#2400

Regenerate for Kubernetes 1.33 by @brendandburns in kubernetes-client/javascript#2416

New Contributors

@rossanthony made their first contribution in kubernetes-client/javascript#2367

@juldrixx made their first contribution in kubernetes-client/javascript#2388

@bverhoeven made their first contribution in kubernetes-client/javascript#2389

Full Changelog: kubernetes-client/javascript@1.1.2...1.2.0

1.1.2

What's Changed between 1.0.0 and 1.1.2

test: support testing transpiled code by @cjihrig in kubernetes-client/javascript#2122

Add proxy support by @krmodelski in kubernetes-client/javascript#2111

Fix type definition for KubernetesObjectApi.read() by @jportner in kubernetes-client/javascript#2129

export ApiConstructor-type by @mstruebing in kubernetes-client/javascript#2139

websocket: do not close when protocol supports it by @cjihrig in kubernetes-client/javascript#2144

Improve loadFromCluster testing by @brendandburns in kubernetes-client/javascript#2191

... (truncated)

Commits

940af26 Merge pull request #2457 from kubernetes-client/dependabot/npm_and_yarn/main/...
5dad6d3 Merge pull request #2456 from kubernetes-client/dependabot/npm_and_yarn/main/...
55e1a8a build(deps-dev): bump typescript-eslint from 8.32.1 to 8.33.0
adf25e2 build(deps): bump @types/node from 22.15.21 to 22.15.23
2ed3379 Merge pull request #2454 from cjihrig/bump
4846def update package versions in preparation for release
f809c36 Merge pull request #2452 from kubernetes-client/dependabot/npm_and_yarn/main/...
52c1acf build(deps-dev): bump typedoc from 0.28.4 to 0.28.5
1fcb3a6 Merge pull request #2447 from kubernetes-client/dependabot/npm_and_yarn/main/...
affa86a build(deps): bump tar-fs from 3.0.8 to 3.0.9
Additional commits viewable in compare view

Updates axios from 1.7.9 to 1.8.2

Release notes

Sourced from axios's releases.

Release v1.8.2

Release notes:

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

Release v1.8.1

Release notes:

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

Release v1.8.0

Release notes:

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL

feat: add config option for allowing absolute URLs

fix: add default value for allowAbsoluteUrls in buildFullPath

fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.8.2 (2025-03-07)

Bug Fixes

http-adapter: add allowAbsoluteUrls to path building (#6810) (fb8eec2)

Contributors to this release

Fasoro-Joseph Alexander

1.8.1 (2025-02-26)

Bug Fixes

utils: move generateString to platform utils to avoid importing crypto module into client builds; (#6789) (36a5a62)

Contributors to this release

Dmitriy Mozgovoy

1.8.0 (2025-02-25)

Bug Fixes

examples: application crashed when navigating examples in browser (#5938) (1260ded)

missing word in SUPPORT_QUESTION.yml (#6757) (1f890b1)

utils: replace getRandomValues with crypto module (#6788) (23a25af)

Features

Add config for ignoring absolute URLs (#5902) (#6192) (32c7bcc)

Reverts

Revert "chore: expose fromDataToStream to be consumable (#6731)" (#6732) (1317261), closes #6731 #6732

BREAKING CHANGES

code relying on the above will now combine the URLs instead of prefer request URL

feat: add config option for allowing absolute URLs

fix: add default value for allowAbsoluteUrls in buildFullPath

... (truncated)

Commits

a9f7689 chore(release): v1.8.2 (#6812)
fb8eec2 fix(http-adapter): add allowAbsoluteUrls to path building (#6810)
9812045 chore(sponsor): update sponsor block (#6804)
72acf75 chore(sponsor): update sponsor block (#6794)
2e64afd chore(release): v1.8.1 (#6800)
36a5a62 fix(utils): move generateString to platform utils to avoid importing crypto...
cceb7b1 chore(release): v1.8.0 (#6795)
23a25af fix(utils): replace getRandomValues with crypto module (#6788)
32c7bcc feat: Add config for ignoring absolute URLs (#5902) (#6192)
4a3e26c chore(config): adjust rollup config to preserve license header to minified Ja...
Additional commits viewable in compare view

Updates ws from 8.18.0 to 8.18.3

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (33f5dbaf).

8.18.2

Bug fixes

Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

Commits

dabbdec [dist] 8.18.3
33f5dba [fix] Respond with the supported protocol versions (#2291)
22a5a17 [ci] Test on node 24
e67eb7a [ci] Do not test on node 23
fa670f2 [ci] Run the lint step on node 22
0eb8535 [dist] 8.18.2
4f20aed [fix] Handle oversized messages with designated error (#2285)
aa998e3 [pkg] Update globals to version 16.0.0
cf25954 [minor] Fix nit in error message
b92745a [dist] 8.18.1
Additional commits viewable in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

pkg: publish on tag 2.x 14f1d91

fmt ed7780a

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

juliangruber/brace-expansion@v2.0.1...v2.0.2

Commits

a3efcee 2.0.2
14f1d91 pkg: publish on tag 2.x
ed7780a fmt
36603d5 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
See full diff in compare view

Updates jsonpath-plus from 10.2.0 to 10.3.0

Release notes

Sourced from jsonpath-plus's releases.

v10.3.0

What's Changed

fix(eval): rce using non-string prop names by @80avin in JSONPath-Plus/JSONPath#237

feat(demo): make demo link shareable by @80avin in JSONPath-Plus/JSONPath#238

Full Changelog: JSONPath-Plus/JSONPath@v10.2.0...v10.3.0

Changelog

Sourced from jsonpath-plus's changelog.

10.3.0

fix(eval): rce using non-string prop names (#237)

feat(demo): make demo link shareable (#238)

chore: update deps. and devDeps.

Commits

9754e4b chore: bump version
f690da1 chore: update deps and devDeps
313a9b4 Merge pull request #238 from 80avin/shareable-demo
39a0d03 Merge pull request #237 from 80avin/fix-10.2.0-rce
1c532fc feat(demo): make demo link shareable
3094289 fix(eval): rce using non-string prop names
See full diff in compare view

Maintainer changes

This version was pushed to npm by 80avin, a new releaser for jsonpath-plus since your current version.

Removes tough-cookie

Updates @kubernetes/client-node from 0.22.3 to 1.3.0

Release notes

Sourced from @kubernetes/client-node's releases.

1.3.0

What's Changed

Update README.md by @brendandburns in kubernetes-client/javascript#2418

ci: test on Node v24 by @cjihrig in kubernetes-client/javascript#2419

build(deps): bump openid-client from 6.4.2 to 6.5.0 by @dependabot in kubernetes-client/javascript#2422

build(deps): bump @types/node from 22.15.11 to 22.15.14 by @dependabot in kubernetes-client/javascript#2423

build(deps): bump @types/node from 22.15.14 to 22.15.15 by @dependabot in kubernetes-client/javascript#2426

build(deps): bump @types/node from 22.15.15 to 22.15.17 by @dependabot in kubernetes-client/javascript#2428

Cherry-pick in two watch changes from the 0.x branch, clean up tests, fix list -> resourceVersion handling by @brendandburns in kubernetes-client/javascript#2429

build(deps-dev): bump typescript-eslint from 8.32.0 to 8.32.1 by @dependabot in kubernetes-client/javascript#2431

build(deps): bump @types/node from 22.15.17 to 22.15.18 by @dependabot in kubernetes-client/javascript#2436

feat: add model registry to object serializer by @schrodit in kubernetes-client/javascript#2433

build(deps-dev): bump @eslint/js from 9.26.0 to 9.27.0 by @dependabot in kubernetes-client/javascript#2439

build(deps): bump @types/node from 22.15.18 to 22.15.19 by @dependabot in kubernetes-client/javascript#2440

build(deps-dev): bump eslint from 9.26.0 to 9.27.0 by @dependabot in kubernetes-client/javascript#2441

chore: readd ws as a dependency by @mstruebing in kubernetes-client/javascript#2442

build(deps): bump @types/node from 22.15.19 to 22.15.21 by @dependabot in kubernetes-client/javascript#2445

fix: readd AbortError export by @xkabylgSICKAG in kubernetes-client/javascript#2446

build(deps): bump tar-fs from 3.0.8 to 3.0.9 by @dependabot in kubernetes-client/javascript#2447

build(deps-dev): bump typedoc from 0.28.4 to 0.28.5 by @dependabot in kubernetes-client/javascript#2452

update package versions in preparation for release by @cjihrig in kubernetes-client/javascript#2454

build(deps): bump @types/node from 22.15.21 to 22.15.23 by @dependabot in kubernetes-client/javascript#2456

build(deps-dev): bump typescript-eslint from 8.32.1 to 8.33.0 by @dependabot in kubernetes-client/javascript#2457

Full Changelog: kubernetes-client/javascript@1.2.0...1.3.0

1.2.0

What's Changed

Reintroduce timeout and keep-alive for watch requests to match client-go by @rossanthony in kubernetes-client/javascript#2367

watch: prevent done callback from being called twice on connection loss by @bverhoeven in kubernetes-client/javascript#2389

config: support username impersonation by @cjihrig in kubernetes-client/javascript#2373

fix(object): properly serialize objects on create/replace/patch by @schrodit in kubernetes-client/javascript#2400

Regenerate for Kubernetes 1.33 by @brendandburns in kubernetes-client/javascript#2416

New Contributors

@rossanthony made their first contribution in kubernetes-client/javascript#2367

@juldrixx made their first contribution in kubernetes-client/javascript#2388

@bverhoeven made their first contribution in kubernetes-client/javascript#2389

Full Changelog: kubernetes-client/javascript@1.1.2...1.2.0

1.1.2

What's Changed between 1.0.0 and 1.1.2

test: support testing transpiled code by @cjihrig in kubernetes-client/javascript#2122

Add proxy support by @krmodelski in kubernetes-client/javascript#2111

Fix type definition for KubernetesObjectApi.read() by @jportner in kubernetes-client/javascript#2129

export ApiConstructor-type by @mstruebing in kubernetes-client/javascript#2139

websocket: do not close when protocol supports it by @cjihrig in kubernetes-client/javascript#2144

Improve loadFromCluster testing by @brendandburns in kubernetes-client/javascript#2191

... (truncated)

Commits

940af26 Merge pull request #2457 from kubernetes-client/dependabot/npm_and_yarn/main/...
5dad6d3 Merge pull request #2456 from kubernetes-client/dependabot/npm_and_yarn/main/...
55e1a8a build(deps-dev): bump typescript-eslint from 8.32.1 to 8.33.0
adf25e2 build(deps): bump @types/node from 22.15.21 to 22.15.23
2ed3379 Merge pull request #2454 from cjihrig/bump
4846def update package versions in preparation for release
f809c36 Merge pull request #2452 from kubernetes-client/dependabot/npm_and_yarn/main/...
52c1acf build(deps-dev): bump typedoc from 0.28.4 to 0.28.5
1fcb3a6 Merge pull request #2447 from kubernetes-client/dependabot/npm_and_yarn/main/...
affa86a build(deps): bump tar-fs from 3.0.8 to 3.0.9
Additional commits viewable in compare view

Updates ws from 8.18.0 to 8.18.3

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (33f5dbaf).

8.18.2

Bug fixes

Fixed an issue that, during message decompression when the maximum size was exceeded, led to the emission of an inaccurate error and closure of the connection with an improper close code (#2285).

8.18.1

Bug fixes

The length of the UNIX domain socket paths in the tests has been shortened to make them work when run via CITGM (021f7b8b).

Commits

dabbdec [dist] 8.18.3
33f5dba [fix] Respond with the supported protocol versions (#2291)
22a5a17 [ci] Test on node 24

Bumps the npm-security-updates group with 1 update in the /tests/integration directory: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers). Bumps the npm-security-updates group with 5 updates in the /parser-sdk/nodejs directory: | Package | From | To | | --- | --- | --- | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.0.2` | | [jsonpath-plus](https://github.com/s3u/JSONPath) | `10.2.0` | `10.3.0` | | [tough-cookie](https://github.com/salesforce/tough-cookie) | `2.5.0` | `removed` | | [@kubernetes/client-node](https://github.com/kubernetes-client/javascript) | `0.22.3` | `1.3.0` | | [axios](https://github.com/axios/axios) | `1.7.9` | `1.8.2` | Bumps the npm-security-updates group with 4 updates in the /hook-sdk/nodejs directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [jsonpath-plus](https://github.com/s3u/JSONPath), [tough-cookie](https://github.com/salesforce/tough-cookie) and [@kubernetes/client-node](https://github.com/kubernetes-client/javascript). Bumps the npm-security-updates group with 4 updates in the /auto-discovery/kubernetes/pull-secret-extractor/integration-test directory: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers), [jsonpath-plus](https://github.com/s3u/JSONPath), [tough-cookie](https://github.com/salesforce/tough-cookie) and [@kubernetes/client-node](https://github.com/kubernetes-client/javascript). Bumps the npm-security-updates group with 4 updates in the / directory: [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers), [jsonpath-plus](https://github.com/s3u/JSONPath), [tough-cookie](https://github.com/salesforce/tough-cookie) and [@kubernetes/client-node](https://github.com/kubernetes-client/javascript). Updates `@babel/helpers` from 7.26.0 to 7.27.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.6/packages/babel-helpers) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.2) Updates `jsonpath-plus` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.2.0...v10.3.0) Removes `tough-cookie` Updates `@kubernetes/client-node` from 0.22.3 to 1.3.0 - [Release notes](https://github.com/kubernetes-client/javascript/releases) - [Commits](kubernetes-client/javascript@0.22.3...1.3.0) Updates `axios` from 1.7.9 to 1.8.2 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.8.2) Updates `ws` from 8.18.0 to 8.18.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.0...8.18.3) Updates `brace-expansion` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@v2.0.1...v2.0.2) Updates `jsonpath-plus` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.2.0...v10.3.0) Removes `tough-cookie` Updates `@kubernetes/client-node` from 0.22.3 to 1.3.0 - [Release notes](https://github.com/kubernetes-client/javascript/releases) - [Commits](kubernetes-client/javascript@0.22.3...1.3.0) Updates `ws` from 8.18.0 to 8.18.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.0...8.18.3) Updates `@babel/helpers` from 7.26.0 to 7.27.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.6/packages/babel-helpers) Updates `jsonpath-plus` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.2.0...v10.3.0) Removes `tough-cookie` Updates `@kubernetes/client-node` from 0.22.3 to 1.3.0 - [Release notes](https://github.com/kubernetes-client/javascript/releases) - [Commits](kubernetes-client/javascript@0.22.3...1.3.0) Updates `ws` from 8.18.0 to 8.18.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.0...8.18.3) Updates `@babel/helpers` from 7.24.4 to 7.27.6 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.6/packages/babel-helpers) Updates `jsonpath-plus` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.2.0...v10.3.0) Removes `tough-cookie` Updates `@kubernetes/client-node` from 0.22.3 to 1.3.0 - [Release notes](https://github.com/kubernetes-client/javascript/releases) - [Commits](kubernetes-client/javascript@0.22.3...1.3.0) Updates `ws` from 8.18.0 to 8.18.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.0...8.18.3) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-version: 7.27.6 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: jsonpath-plus dependency-version: 10.3.0 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: tough-cookie dependency-version: dependency-type: indirect dependency-group: npm-security-updates - dependency-name: "@kubernetes/client-node" dependency-version: 1.3.0 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: axios dependency-version: 1.8.2 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: ws dependency-version: 8.18.3 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: brace-expansion dependency-version: 2.0.2 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: jsonpath-plus dependency-version: 10.3.0 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: tough-cookie dependency-version: dependency-type: indirect dependency-group: npm-security-updates - dependency-name: "@kubernetes/client-node" dependency-version: 1.3.0 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: ws dependency-version: 8.18.3 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: "@babel/helpers" dependency-version: 7.27.6 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: jsonpath-plus dependency-version: 10.3.0 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: tough-cookie dependency-version: dependency-type: indirect dependency-group: npm-security-updates - dependency-name: "@kubernetes/client-node" dependency-version: 1.3.0 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: ws dependency-version: 8.18.3 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: "@babel/helpers" dependency-version: 7.27.6 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: jsonpath-plus dependency-version: 10.3.0 dependency-type: indirect dependency-group: npm-security-updates - dependency-name: tough-cookie dependency-version: dependency-type: indirect dependency-group: npm-security-updates - dependency-name: "@kubernetes/client-node" dependency-version: 1.3.0 dependency-type: direct:production dependency-group: npm-security-updates - dependency-name: ws dependency-version: 8.18.3 dependency-type: indirect dependency-group: npm-security-updates ... Signed-off-by: dependabot[bot] <support@github.com>

netlify · 2025-07-14T16:34:12Z

✅ Deploy Preview for docs-securecodebox ready!

Name	Link
🔨 Latest commit	`bbf9282`
🔍 Latest deploy log	https://app.netlify.com/projects/docs-securecodebox/deploys/687531827ca54a00095e77f1
😎 Deploy Preview	https://deploy-preview-3129--docs-securecodebox.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

sonarqubecloud · 2025-07-14T16:35:03Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

J12934 · 2025-07-15T07:43:40Z

fixed by #3088

dependabot · 2025-07-15T07:43:42Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 14, 2025

github-project-automation bot added this to secureCodeBox Jul 14, 2025

github-project-automation bot moved this to Triage in secureCodeBox Jul 14, 2025

J12934 closed this Jul 15, 2025

github-project-automation bot moved this from Triage to Done in secureCodeBox Jul 15, 2025

dependabot bot deleted the dependabot/npm_and_yarn/tests/integration/npm-security-updates-e23846816f branch July 15, 2025 07:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm-security-updates group across 5 directories with 7 updates#3129

Bump the npm-security-updates group across 5 directories with 7 updates#3129
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tests/integration/npm-security-updates-e23846816f

dependabot bot commented on behalf of github Jul 14, 2025

Uh oh!

netlify bot commented Jul 14, 2025 •

edited

Loading

Uh oh!

sonarqubecloud bot commented Jul 14, 2025

Uh oh!

J12934 commented Jul 15, 2025

Uh oh!

dependabot bot commented on behalf of github Jul 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Jul 14, 2025

v7.27.6 (2025-06-05)

🐛 Bug Fix

Committers: 3

v7.27.5 (2025-06-03)

🐛 Bug Fix

💅 Polish

Committers: 4

v7.27.4 (2025-05-30)

👓 Spec Compliance

💅 Polish

🔬 Output optimization

v7.27.6 (2025-06-05)

🐛 Bug Fix

v7.27.5 (2025-06-03)

🐛 Bug Fix

💅 Polish

v7.27.4 (2025-05-30)

👓 Spec Compliance

💅 Polish

🔬 Output optimization

v7.27.3 (2025-05-27)

🐛 Bug Fix

v2.0.2

v10.3.0

What's Changed

10.3.0

1.3.0

What's Changed

1.2.0

What's Changed

New Contributors

1.1.2

What's Changed between 1.0.0 and 1.1.2

Release v1.8.2

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.1

Release notes:

Bug Fixes

Contributors to this release

Release v1.8.0

Release notes:

Bug Fixes

Features

Reverts

BREAKING CHANGES

Contributors to this release

1.8.2 (2025-03-07)

Bug Fixes

Contributors to this release

1.8.1 (2025-02-26)

Bug Fixes

Contributors to this release

1.8.0 (2025-02-25)

Bug Fixes

Features

Reverts

BREAKING CHANGES

8.18.3

Bug fixes

8.18.2

Bug fixes

8.18.1

Bug fixes

v2.0.2

v10.3.0

What's Changed

10.3.0

1.3.0

What's Changed

1.2.0

What's Changed

New Contributors

1.1.2

What's Changed between 1.0.0 and 1.1.2

8.18.3

Bug fixes

netlify bot commented Jul 14, 2025 •

edited

Loading