chore(deps): bump the npm_and_yarn group across 7 directories with 28 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
@fastify/session	10.7.0	10.9.0
jsonwebtoken	8.5.1	9.0.0
mongodb	3.6.9	3.6.10
nanoid	3.3.4	5.0.7
axios	0.23.0	0.28.0
debug	2.2.0	2.6.9
moment	2.29.3	2.29.4
moment-timezone	0.5.33	0.5.35
node-fetch	2.7.0	3.2.10
passport	0.4.1	0.6.0
gatsby	3.15.0	4.25.7
postcss	8.4.35	8.4.36
sanitize-html	2.11.0	2.12.1
express	4.18.2	4.19.2
vite	4.5.2	4.5.3

Bumps the npm_and_yarn group with 3 updates in the /api directory: @fastify/session, mongodb and nanoid.
Bumps the npm_and_yarn group with 9 updates in the /api-server directory:

Package	From	To
jsonwebtoken	8.5.1	9.0.0
mongodb	3.6.9	3.6.10
nanoid	3.3.4	5.0.7
axios	0.23.0	0.28.0
debug	2.2.0	2.6.9
moment	2.29.3	2.29.4
moment-timezone	0.5.33	0.5.35
node-fetch	2.7.0	3.3.2
passport	0.4.1	0.6.0

Bumps the npm_and_yarn group with 5 updates in the /client directory:

Package	From	To
nanoid	3.3.7	5.0.7
node-fetch	2.7.0	3.3.2
gatsby	3.15.0	4.25.7
postcss	8.4.35	8.4.38
sanitize-html	2.11.0	2.12.1

Bumps the npm_and_yarn group with 1 update in the /tools/challenge-editor/api directory: express.
Bumps the npm_and_yarn group with 1 update in the /tools/challenge-editor/client directory: vite.
Bumps the npm_and_yarn group with 1 update in the /web directory: next.

Updates @fastify/session from 10.7.0 to 10.9.0

Release notes

Sourced from @​fastify/session's releases.

v10.9.0

⚠️ Security Release ⚠️

This release fixes GHSA-pj27-2xvp-4qxg with CVE CVE-2024-35220. It's severity is classified as HIGH.

When restoring the cookie from the session store, the expires field is overriden if the maxAge field was set. This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed.

Full Changelog: fastify/session@v10.8.0...v10.9.0

v10.8.0

What's Changed

• use sha256 instead of sha1 as default by @​mcollina in fastify/session#247
• fix: npm run benchmark isn't working by @​zetaraku in fastify/session#248
• Fix type argument inference of session.get(key) and session.set(key, value) by @​zetaraku in fastify/session#249

New Contributors

• @​zetaraku made their first contribution in fastify/session#248

Full Changelog: fastify/session@v10.7.2...v10.8.0

v10.7.2

What's Changed

• enhance checkOptions to reject invalid signer objects by @​autopulated in fastify/session#241

Full Changelog: fastify/session@v10.7.1...v10.7.2

v10.7.1

What's Changed

• build(deps-dev): bump tsd from 0.29.0 to 0.30.1 by @​dependabot in fastify/session#231
• docs(readme): replace fastify.io links with fastify.dev by @​Fdawgs in fastify/session#232
• chore(license): Update licensing year by @​codershiba in fastify/session#233
• chore(.gitignore): add .tap/ dir by @​Fdawgs in fastify/session#235
• build(deps-dev): bump cronometro from 1.2.0 to 3.0.1 by @​dependabot in fastify/session#236
• fix: use request.protocol to check for HTTPS by @​mohd-akram in fastify/session#238
• build(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @​dependabot in fastify/session#239
• fix race condition in cookie.maxAge test by @​autopulated in fastify/session#242
• Ensure maxAge type has milliseconds as the unit by @​chuanqisun in fastify/session#245

New Contributors

• @​codershiba made their first contribution in fastify/session#233
• @​mohd-akram made their first contribution in fastify/session#238
• @​autopulated made their first contribution in fastify/session#242
• @​chuanqisun made their first contribution in fastify/session#245

Full Changelog: fastify/session@v10.7.0...v10.7.1

Commits

• 742e1dc Bumped v10.9.0
• 0495ce5 Merge pull request from GHSA-pj27-2xvp-4qxg
• 8b6241c Bumped v10.8.0
• 90ee1f5 Fix type argument inference of session.get(key) and `session.set(key, value...
• b42ab14 Migrate from connect-redis v6 (#248)
• 4f8384e use sha256 in place of sha1 (#247)
• a94dfbb Bumped v10.7.2
• 5f9f8d8 enhance checkOptions to reject invalid signer objects, and test. This catches...
• 7372714 v10.7.1
• e1a1d93 ensure maxAge type has milliseconds as the unit (#245)
• Additional commits viewable in compare view

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
• a46097e docs: make decode impossible to discover before verify
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates mongodb from 3.6.9 to 3.6.10

Release notes

Sourced from mongodb's releases.

v3.6.10

The MongoDB Node.js team is pleased to announce version 3.6.10 of the mongodb package!

Release Highlights

This patch addresses a few bugs listed below. Notably the bsonRegExp option is now respected by the underlying BSON library, you can use this to decode regular expressions that contain syntax not permitted in native JS RegExp objects. Take a look at this example:

await collection.insertOne({ a: new BSONRegExp('(?-i)AA_') })
await collection.findOne({ a: new BSONRegExp('(?-i)AA_') }, { bsonRegExp: true })
// { _id: ObjectId,  a: BSONRegExp { pattern: '(?-i)AA_', options: '' } }

Also there was an issue with Cursor.forEach where user defined forEach callbacks that throw errors incorrectly handled catching errors. Take a look at the comments in this example:

collection.find({}).forEach(doc => {
    if(doc.bad) throw new Error('bad document!');
}).catch(error => {
    // now this is called! and error is `bad document!`
})
// before this fix the `bad document!` error would be thrown synchronously
// and have to be caught with try catch out here

Bug Fixes

• NODE-2035: Exceptions thrown from awaited cursor forEach do not propagate (#2852) (a917dfa)
• NODE-3150: added bsonRegExp option for v3.6 (#2843) (e4a9a57)
• NODE-3358: Command monitoring objects hold internal state references (#2858) (750760c)
• NODE-3380: perform retryable write checks against server (#2861) (621677a)
• NODE-3397: report more helpful error with unsupported authMechanism in initial handshake (#2876) (3ce148d)

Documentation

• Reference: https://docs.mongodb.com/drivers/node/current/
• API: http://mongodb.github.io/node-mongodb-native/3.6/api
• Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

We invite you to try the mongodb package immediately, and report any issues to the NODE project.

Commits

• 1297cd1 chore(release): 3.6.10
• e9196ab refactor(NODE-3324): bump max wire version to 13 (#2875)
• 3ce148d fix(NODE-3397): report more helpful error with unsupported authMechanism in i...
• 558182f test(NODE-3307): unified runner does not assert identical keys (#2867)
• 621677a fix(NODE-3380): perform retryable write checks against server (#2861)
• e4a9a57 fix(NODE-3150): added bsonRegExp option for v3.6 (#2843)
• 750760c fix(NODE-3358): Command monitoring objects hold internal state references (#2...
• a917dfa fix(NODE-2035): Exceptions thrown from awaited cursor forEach do not propagat...
• b98f206 refactor(NODE-3356): Update command monitoring logging (#2853)
• 68b4665 test(NODE-2856): ensure defaultTransactionOptions get used from session (#2845)
• Additional commits viewable in compare view

Updates nanoid from 3.3.4 to 5.0.7

Release notes

Sourced from nanoid's releases.

5.0.7

• Fixed Parcel support (by @​WilhelmYakunin).

5.0.6

• Fixed React Native support.

Changelog

Sourced from nanoid's changelog.

5.0.7

• Fixed Parcel support (by @​WilhelmYakunin).

5.0.6

• Fixed React Native support.

5.0.5

• Make browser’s version faster by increasing size a little (by Samuel Elgozi).

5.0.4

• Fixed CLI docs (by @​ilyaboka).

5.0.3

• Fixed CLI docs (by Chris Schmich).

5.0.2

• Fixed webcrypto import (by Divyansh Singh).

5.0.1

• Fixed Node.js 18 support.

5.0

• Moved Node.js version to Web Crypto API.
• Removed async API since Web Crypto API has only sync version.
• Removed Node.js 14 and 16 support.

4.0.2

• Added link to Github Sponsors.

4.0.1

• Reduced npm package size (by @​HiChen404).

4.0

• Removed CommonJS support. Nano ID 4 will work only with ESM applications. We will support 3.x branch with CommonJS for users who can’t migrate to ESM.
• Removed Node.js 10 and Node.js 12 support.
• Reduced npm package size.

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

Commits

• 4d0036f Release 5.0.7 version
• 131d4d0 Sort imports
• 596a8b2 Move to console colors from Node.js
• df9bb34 Move to flat ESLint config
• d40c8e6 Sort imports
• 04727e4 Update dependencies
• ff346fc add scoped name of urlAlphabet which is in export and import in one file (#473)
• 5bb460c Bump vite from 5.1.6 to 5.1.7 (#472)
• 9244d1c Update dependencies
• 4443103 Update translations
• Additional commits viewable in compare view

Updates axios from 0.23.0 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates moment from 2.29.3 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• See full diff in compare view

Updates moment-timezone from 0.5.33 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

• Updated data to IANA TZDB 2021e

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

• Updated data to IANA TZDB 2021e

Commits

• b8fb1ba Build moment-timezone 0.5.35
• f1b5e5a Add changelog for 0.5.35
• 8b0eb0c Bump version to 0.5.35
• 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
• ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
• 9430b4c Merge remote-tracking branch 'origin/master' into develop
• feaf900 Updated contributing.md + added 2021e files
• 704cfac updated contributing.md
• 877c863 Updated contributing.md + added 2021e files
• 5a3015c updated contributing.md
• Additional commits viewable in compare view

Updates node-fetch from 2.7.0 to 3.2.10

Release notes

Sourced from node-fetch's releases.

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

• ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

• Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

• possibly flaky test (#1523) (11b7033)

v3.2.7

3.2.7 (2022-07-11)

Bug Fixes

• always warn Request.data (#1550) (4f43c9e)

v3.2.6

3.2.6 (2022-06-09)

Bug Fixes

• undefined reference to response.body when aborted (#1578) (1c5ed6b)

v3.2.5

3.2.5 (2022-06-01)

Bug Fixes

• use space in accept-encoding values (#1572) (a92b5d5), closes #1571

v3.2.4

3.2.4 (2022-04-28)

... (truncated)

Commits

• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• bcfb71c chore: remove triple-slash directives from typings (#1285) (#1287)
• 95165d5 fix spelling (#1602)
• 11b7033 fix: possibly flaky test (#1523)
• 4f43c9e fix: always warn Request.data (#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (#1578)
• a92b5d5 fix: use space in accept-encoding values (#1572)
• 0f122b8 docs: fix formdata code example (#1562)
• 6ae9c76 docs(readme): response.clone() is not async (#1560)
• Additional commits viewable in compare view

Updates passport from 0.4.1 to 0.6.0

Changelog

Sourced from passport's changelog.

[0.6.0] - 2022-05-20

Added

• authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

Changed

• req#login() and req#logout() regenerate the the session and clear session information by default.
• req#logout() is now an asynchronous function and requires a callback function as the last argument.

Security

• Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

[0.5.3] - 2022-05-16

Fixed

• initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions again, reverting change from 0.5.1.

[0.5.2] - 2021-12-16

Fixed

• Introduced a compatibility layer for strategies that depend directly on passport@0.4.x or earlier (such as passport-azure-ad), which were broken by the removal of private variables in passport@0.5.1.

[0.5.1] - 2021-12-15

Added

• Informative error message in session strategy if session support is not available.

Changed

• authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

[0.5.0] - 2021-09-23

Changed

• initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

... (truncated)

Commits

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• Additional commits viewable in compare view

Updates gatsby from 3.15.0 to 4.25.7

Release notes

Sourced from gatsby's releases.

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

• Gatsby 5 Alpha
• Updating File System Routes on data changes

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

• Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

• Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.21

Welcome to gatsby@4.21.0 release (August 2022 #2)

Key highlights of this release:

• gatsby-plugin-mdx v4
• Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

... (truncated)

Commits

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.