dependabot[bot] opened a new pull request, #334: URL: https://github.com/apache/incubator-nemo/pull/334
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) and [nuxt](https://github.com/nuxt/nuxt.js). These dependencies needed to be updated together. Updates `node-fetch` from 1.6.3 to 2.6.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/releases";>node-fetch's releases</a>.</em></p> <blockquote> <h2>v2.6.7</h2> <h1>Security patch release</h1> <p>Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred</p> <h2>What's Changed</h2> <ul> <li>fix: don't forward secure headers to 3th party by <a href="https://github.com/jimmywarting";><code>@jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1453";>node-fetch/node-fetch#1453</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7";>https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7</a></p> <h2>v2.6.6</h2> <h2>What's Changed</h2> <ul> <li>fix(URL): prefer built in URL version when available and fallback to whatwg by <a href="https://github.com/jimmywarting";><code>@jimmywarting</code></a> in <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1352";>node-fetch/node-fetch#1352</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6";>https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6</a></p> <h2>v2.6.2</h2> <p>fixed main path in package.json</p> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <p>See <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261";>CHANGELOG</a> for details.</p> <h2>v2.6.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.6.0/CHANGELOG.md#v260";>CHANGELOG</a>.</p> <h2>v2.5.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.5.0/CHANGELOG.md#v250";>CHANGELOG</a>.</p> <h2>v2.4.1</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.4.1/CHANGELOG.md#v241";>CHANGELOG</a>.</p> <h2>v2.4.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.4.0/CHANGELOG.md#v240";>CHANGELOG</a>.</p> <h2>v2.3.0</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.3.0/CHANGELOG.md#v230";>CHANGELOG</a>.</p> <h2>v2.2.1</h2> <p>See <a href="https://github.com/bitinn/node-fetch/blob/v2.2.1/CHANGELOG.md#v221";>CHANGELOG</a>.</p> <h2>Version 2.1.2</h2> <ul> <li>Fix: allow <code>Body</code> methods to work on ArrayBuffer<code>-backed </code>Body` objects</li> <li>Fix: reject promise returned by <code>Body</code> methods when the accumulated <code>Buffer</code> exceeds the maximum size</li> <li>Fix: support custom <code>Host</code> headers with any casing</li> <li>Fix: support importing <code>fetch()</code> from TypeScript in <code>browser.js</code></li> <li>Fix: handle the redirect response body properly</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35";><code>1ef4b56</code></a> backport of <a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449";>#1449</a> (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1453";>#1453</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/8fe5c4ea66b9b8187600e6d5ec9b1b6781f44009";><code>8fe5c4e</code></a> 2.x: Specify encoding as an optional peer dependency in package.json (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1310";>#1310</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/f56b0c66d3dd2ef185436de1f2fd40f66bfea8f4";><code>f56b0c6</code></a> fix(URL): prefer built in URL version when available and fallback to whatwg (...</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/b5417aea6a3275932283a200214522e6ab53f1ea";><code>b5417ae</code></a> fix: import whatwg-url in a way compatible with ESM Node (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1303";>#1303</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/18193c5922c64046b922e18faf41821290535f06";><code>18193c5</code></a> fix v2.6.3 that did not sending query params (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1301";>#1301</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/ace7536c955556be742d9910566738630cc3c2a6";><code>ace7536</code></a> fix: properly encode url with unicode characters (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1291";>#1291</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/152214ca2f6e2a5a17d71e4638114625d3be30c6";><code>152214c</code></a> Fix(package.json): Corrected main file path in package.json (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1274";>#1274</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/b5e2e41b2b50bf2997720d6125accaf0dd68c0ab";><code>b5e2e41</code></a> update version number</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334";><code>2358a6c</code></a> Honor the <code>size</code> option after following a redirect and revert data uri support</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/8c197f8982a238b3c345c64b17bfa92e16b4f7c4";><code>8c197f8</code></a> docs: Fix typos and grammatical errors in README.md (<a href="https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/686";>#686</a>)</li> <li>Additional commits viewable in <a href="https://github.com/node-fetch/node-fetch/compare/v1.6.3...v2.6.7";>compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~endless";>endless</a>, a new releaser for node-fetch since your current version.</p> </details> <br /> Updates `nuxt` from 1.4.5 to 2.15.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nuxt/nuxt.js/releases";>nuxt's releases</a>.</em></p> <blockquote> <h2>v2.15.8</h2> <h3>🐛 Bug Fixes</h3> <ul> <li><code>vue-app</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9460";>#9460</a> Don't normalise route path if it's valid</li> </ul> </li> <li><code>babel</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9631";>#9631</a> Loose option for <code>babel private-property-in-object</code></li> </ul> </li> </ul> <h2>v2.15.7</h2> <h3>🔰 Security advisory</h3> <p>Please upgrade to <code>nuxt@^2.15.7</code> if using <code>[email protected]</code> or <code>[email protected]</code></p> <h3>🐛 Bug Fixes</h3> <ul> <li><code>vue-app</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9431";>#9431</a> Check whether a route exists within the nuxt app before replacing</li> </ul> </li> </ul> <h2>v2.15.6</h2> <h3>🐛 Bug Fixes</h3> <ul> <li><code>types</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9270";>#9270</a> Pin to <code>@types/[email protected]</code> (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9268";>#9268</a>)</li> </ul> </li> </ul> <h2>v2.15.5</h2> <h3>🐛 Bug Fixes</h3> <ul> <li><code>babel</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9232";>#9232</a> Loose option for babel <code>class-properties</code> and <code>private-methods</code> (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9224";>#9224</a>)</li> </ul> </li> <li><code>vue-app</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9201";>#9201</a> Use <code>route.replace</code> instead of <code>router.push</code> to trigger navigation guards (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9111";>#9111</a>)</li> </ul> </li> <li><code>builder</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9153";>#9153</a> Resolve aliases in <code>build.watch</code> paths (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9045";>#9045</a>)</li> </ul> </li> <li><code>cli</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9152";>#9152</a> Add warning for <code>css-loader < 4.2</code> (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9117";>#9117</a>)</li> </ul> </li> </ul> <h3>💖 Thanks to</h3> <ul> <li>Thomas Beduneau (<a href="https://github.com/enwin";><code>@enwin</code></a>)</li> <li><a href="https://github.com/rlam3";><code>@rlam3</code></a></li> </ul> <h2>v2.15.4</h2> <h3>🐛 Bug Fixes</h3> <ul> <li><code>vue-app</code> <ul> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/8978";>#8978</a> Reload page once after loading chunk error (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/3389";>#3389</a>)</li> <li><a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9008";>#9008</a> Fallback to global nuxt instance of <code>$root</code> is not available (resolves <a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/8995";>#8995</a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nuxt/nuxt.js/blob/dev/RELEASE_PLAN.md";>nuxt's changelog</a>.</em></p> <blockquote> <h2>Release Plan</h2> <p>Starting with version <code>v2.4</code>, Nuxt will adhere to a formalized release plan (as good as possible). Also, an end of life for older major versions is defined with this document.</p> <h3>Major versions (3.x -> 4.0)</h3> <p>Nuxt major releases are planned every <strong>6 months</strong>. This depends on a few factors though:</p> <ul> <li>If there are no breaking changes waiting for a release, no new major version will be published. Instead, another minor one will be released</li> <li>In case of unexpected major updates of important dependencies like Vue, Webpack, and so on, major versions might be released <em>earlier</em> than planned</li> </ul> <p>The goal is to provide a <strong>migration guide</strong> for each major version as well, as escape hatches, so existing code won't "just break".</p> <h3>Minor versions (2.1 -> 2.2)</h3> <p>The release cycle for Nuxt minor versions is roughly <strong>4 weeks</strong>.</p> <p>Three of the four weeks will be used for actual <strong>feature implementations</strong> while the last week will be used for <strong>testing, fixing bugs and thorough audits</strong>.</p> <p>That also means a <em>feature freeze</em> for the next minor version after these three weeks. Features that aren't ready will be moved to the next cycle. "Waiting" for features (for a longer time) will be avoided as good as possible to keep releases lean, concise, predictable and digestible.</p> <h3>Patch releases (2.2.3 -> 2.2.4)</h3> <p>The last patch releases were mostly <em>bundled</em> fixes or single <em>hotfixes</em>. In the future, fixes will be released <strong>as soon as possible</strong> after the actual PR/commit so people won't have to switch to <code>nuxt-edge</code> for bugfixes. This should improve the stability of Nuxt.</p> <p>Fixes can or will include:</p> <ul> <li>Updates of dependencies (for various reasons, like a "faulty/buggy" dependency or an newer versions that works better with the Nuxt code)</li> <li>Fixes for our code</li> </ul> <p>Bugfixes for upcoming features won't be ported of course.</p> <h3>Edge Release Channel</h3> <p>After experimenting with <code>nuxt-edge</code> releases in the last time, the decision to do <strong>nightly releases</strong> for now instead of releasing a version after <em>each commit</em> was made.</p> <h2>End of Life</h2> <p>Starting with <code>v2.4</code>, every major Nuxt version will have an <strong>End of Life</strong>. Previous releases will receive security updates and bugfixes <strong>for one year and two weeks</strong>, counted from the first release on. As Nuxt majors are approximately released once every 6 months, this will allow developers to "skip one major version" without being stuck with a broken or unsecure Nuxt dependency. The EOL also applies to the documentation.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nuxt/nuxt.js/commit/d4b9e4b0553bcd617ecbc0b8b76871070b347fcb";><code>d4b9e4b</code></a> v2.15.8</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/af1d3e9877c3fb88e5ed81bf41b689fd54455f15";><code>af1d3e9</code></a> chore: skip audit due to outdated lockfile</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/1ccd15191cf90d1fac48978159d3a3ce1d05c7ea";><code>1ccd151</code></a> fix(vue-app): don't normalise route path if it's valid (<a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9460";>#9460</a>)</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/af491991eb92c85461eea3d16a47a2cf26cb5481";><code>af49199</code></a> fix(babel): loose option for babel private-property-in-object (<a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9631";>#9631</a>)</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/4f370e2043b7731db0e8ef65a4f88431cd8795f3";><code>4f370e2</code></a> v2.15.7</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/85615a5dc56a343c8be17d9dbfb6d71551c90e36";><code>85615a5</code></a> fix(vue-app): check whether route exists within nuxt app before replacing (<a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9";>#9</a>...</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/0eae970e74f1fbf29f400a3178f54061a79bfac2";><code>0eae970</code></a> chore(release): v2.15.6</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/fc5fb58c856d9506ea2d55cf4f9855d259040411";><code>fc5fb58</code></a> hotfix: revert feat additions</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/cd1fc6277f980366c69a702c3a48e09bf01ce8ad";><code>cd1fc62</code></a> chore(deps): update ufo to 0.7.4</li> <li><a href="https://github.com/nuxt/nuxt.js/commit/a80ddeee6fa5b19abc07bc8085a379c848724ad9";><code>a80ddee</code></a> chore(deps): update all non-major dependencies (<a href="https://github-redirect.dependabot.com/nuxt/nuxt.js/issues/9281";>#9281</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nuxt/nuxt.js/compare/v1.4.5...v2.15.8";>compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/incubator-nemo/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
