Bump the npm_and_yarn group across 2 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the /grr/server/grr_response_server/gui/static directory: follow-redirects, undici and firebase.
Bumps the npm_and_yarn group with 7 updates in the /grr/server/grr_response_server/gui/ui directory:

Package	From	To
follow-redirects	1.15.4	1.15.6
@angular/core	15.2.5	15.2.6
d3-color	1.4.1	3.1.0
d3	5.16.0	7.9.0
express	4.18.2	4.19.2
ip	2.0.0	2.0.1
webpack-dev-middleware	5.3.3	5.3.4

Updates follow-redirects from 1.15.4 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• See full diff in compare view

Updates undici from 5.26.5 to 5.28.3

Release notes

Sourced from undici's releases.

v5.28.3

⚠️ Security Release ⚠️

Fixes:

• CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

• fix: remove optional chainning for compatible with Nodejs12 and below by @​bugb in nodejs/undici#2470
• fix: remove node: prefix by @​tsctx in nodejs/undici#2471
• perf: avoid Headers initialization by @​tsctx in nodejs/undici#2468
• fix: handle SharedArrayBuffer correctly by @​tsctx in nodejs/undici#2466
• fix: Add null type to signal in RequestInit by @​gebsh in nodejs/undici#2455
• fix: correctly handle data URL with hashes. by @​tsctx in nodejs/undici#2475
• fix: check response for timinginfo allow flag by @​ToshB in nodejs/undici#2477
• Make call to onBodySent conditional in RetryHandler by @​MzUgM in nodejs/undici#2478
• refactor: better integrity check by @​tsctx in nodejs/undici#2462
• fix: Added support for inline URL username:password proxy auth by @​matt-way in nodejs/undici#2473
• build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @​dependabot in nodejs/undici#2472
• build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @​dependabot in nodejs/undici#2405
• build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @​dependabot in nodejs/undici#2396
• build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @​dependabot in nodejs/undici#2395
• build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @​dependabot in nodejs/undici#2392
• build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @​dependabot in nodejs/undici#2389
• build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @​dependabot in nodejs/undici#2302

New Contributors

• @​bugb made their first contribution in nodejs/undici#2470
• @​gebsh made their first contribution in nodejs/undici#2455
• @​ToshB made their first contribution in nodejs/undici#2477
• @​MzUgM made their first contribution in nodejs/undici#2478
• @​matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

• perf: Improve normalizeMethod by @​tsctx in nodejs/undici#2456
• fix: dispatch error handling by @​ronag in nodejs/undici#2459
• perf(request): optimize if headers are given by @​tsctx in nodejs/undici#2454

Full Changelog: nodejs/undici@v5.28.0...v5.28.1

v5.28.0

What's Changed

• fix(parseHeaders): util.parseHeaders handle correctly array of buffer… by @​mdoria12 in nodejs/undici#2398

... (truncated)

Commits

• e71cb4c Bumped v5.28.3
• 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
• 8ec52cd Fix tests for Node.js v21 (#2609)
• d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
• 9a14e5f Bumped v5.28.2
• fcdfe87 build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#2302)
• 169c157 build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)
• 9788177 build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 (#2392)
• 1f6d159 build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#2395)
• a393a86 build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#2396)
• Additional commits viewable in compare view

Updates firebase from 10.7.1 to 10.10.0

Commits

• 13762a4 Version Packages (#8101)
• 73f40f5 Merge master into release
• c8a2568 Add a changset to the transitive dependency update (#8097)
• 9fc4633 dependabot/npm_and_yarn/e2e/webpack-dev-middleware-5.3.4 (#8095)
• ed84efe [ServerApp] Firebase Server App feature branch (#8005)
• 89541ef Dependabot transitive dependency rollup (#8088)
• 9ca1a4e More complex check for authTokenSyncUrl (#8076)
• 0c51501 Run npm pkg fix on all packages (#8079)
• 1494c4b Enable previously failing (Firestore) Node.js and Browser (Chrome) Tests (#...
• 1eb302f Version Packages (#8063)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.4 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• See full diff in compare view

Updates @angular/core from 15.2.5 to 15.2.6

Changelog

Sourced from @​angular/core's changelog.

15.2.6 (2023-04-05)

core

Commit	Type	Description
d9efa1b0d7	feat	change the URL sanitization to only block javascript: URLs (#49659)

router

Commit	Type	Description
cad7274ef9	fix	create correct URL relative to path with empty child (#49691)
9b61379096	fix	Ensure initial navigation clears current navigation when blocking (#49572)

Special Thanks

Andrew Scott, Guillaume Weghsteen, John Manners, Johnny Gérard, Matthieu Riegler, Robin Richtsfeld, Sandra Limacher, Sarthak Thakkar, Vinit Neogi and vikram menon

Commits

• da5f316 refactor(core): Use the nullish coalescing assignment in render3 functions (#...
• d9efa1b feat(core): change the URL sanitization to only block javascript: URLs (#49659)
• bd82fbe docs: fix typo (#49669)
• 1d32253 refactor(core): remove unnecessary reflect-metadata import. (#49673)
• 35f4918 docs(core): fix view hierarchy links (#49629)
• See full diff in compare view

Updates d3-color from 1.4.1 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

• Add rgb.clamp and hsl.clamp. #102
• Add color.formatHex8. #103
• Fix color.formatHsl to clamp values to the expected range. #83
• Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

v3.0.1

• Make build reproducible.

v3.0.0

• Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

Commits

• 7a1573e 3.1.0
• 75c19c4 update LICENSE
• ef94e01 update dependencies
• 5e9f757 method shorthand
• e4bc34e formatHex8 (#103)
• ac660c6 {rgb,hsl}.clamp() (#102)
• 70e3a04 clamp HSL format (#101)
• 994d8fd avoid backtracking (#100)
• 7d61bbe 3.0.1
• 93bc4ff related d3/d33; extract copyrights from LICENSE
• Additional commits viewable in compare view

Updates d3 from 5.16.0 to 7.9.0

Release notes

Sourced from d3's releases.

v7.9.0

• Add d3.schemeObservable10. d3/d3-scale-chromatic#51
• Change d3.geoCircle precision to 2 degrees. d3/d3-geo#281
• Set projection.clipAngle precision to 2 degrees. d3/d3-geo#282

v7.8.5

• Fix the return value of d3.medianIndex and d3.quantileIndex when the data contains missing values. #275

v7.8.4

• Fix circumcenters when the hull is collinear. d3/d3-delaunay#142

v7.8.3

• Fix precision error calculating voronoi.neighbors. d3/d3-delaunay#138 d3/d3-delaunay#139
• Fix broken polygon. d3/d3-delaunay#140
• Fix threshold generation when input is empty or has no deviation. d3/d3-array#271

v7.8.2

• d3.ticks now tries harder to generate at least one tick. d3/d3-array#264

v7.8.1

• Tolerate invalid input values when generating contours. #61
• Tolerate invalid input weights when generating density contours. #65
• Fix missing contours at extrema when using default thresholds. #68

v7.8.0

• Add d3.pathRound.
• Add configurable precision when generating path data via path.digits.
• Add likewise shape.digits method to d3.arc, d3.area, d3.line, d3.link, and d3.symbol.
• Improve the performance of d3.geoPath’s string concatenation.
• Fix arc rendering for small arcs with rounded corners.
• Fix BumpRadial implementation to support multiple points.
• Fix projection when lambda is outside the range ±3π.
• Rename d3.symbolX to d3.symbolTimes; d3.symbolX is now deprecated.

v7.7.0

• Add d3.unixDay and d3.unixDays. d3/d3-time#58
• Adopt d3.unixDay in place of d3.utcDay for d3.utcTicks to ensure uniform tick spacing.
• Fix mutation of user-owned thresholds in d3.bin. d3/d3-array#263
• Fix infinite loop when d3.quantile or d3.quickselect is called with invalid arguments. d3/d3-array#262

v7.6.1

• density.bandwidth now supports fractional (non-integer) values.

v7.6.0

• Add d3.blur.
• Add d3.blur2.
• Add d3.blurImage.
• Add d3.medianIndex.
• Add d3.quantileIndex.

... (truncated)

Commits

• 1f8dd3b 7.9.0
• a8afcf8 d3-geo 3.1.1
• b79e7da fix vitepress colors, again
• 1461bfb update actions, again
• 6d6fb02 documentation for schemeObservable10 (#3804)
• a353aa5 Documentation for d3-geo#281 (#3803)
• 9f9d468 fix: jsx compatible camelCase syntax in svg (#3816)
• cb875ee Remove defunct newsletter signup link from footer (#3808)
• 33b372d Revert "Remove mastodon link, change twitter to x (#3801)"
• 4d3e273 Remove mastodon link, change twitter to x (#3801)
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates ip from 2.0.0 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.