Cross-platform project template using Electron and Angular with the Phaser game engine. Project has Flexbox integrated for easy and responsive organization of components around the Phaser canvas.

Overview

coher3ntslogocolor
Coher3nTS Project

Codacy Badge GitHub Gitter GitHub stars GitHub watchers Twitter URL

This is an Angular project template with Phaser nested inside, set up to run with Electron.

Cross-Platform & Responsive

The template should run on any desktop operating system.

Flexbox integration allows for extremely responsive design elements.

Angular and Phaser can be easily decoupled from Electron to allow for mobile deployment with a different framework.

Easy to Build

Build with HTML, CSS, and Typescript


Getting Started

Prerequisites

Node.js and Angular CLI
(you shouldn’t need to go past step 1)
Electron

  1. npm install electron -g to install electron globally & set path.

  2. npm install in project root folder to ensure that all dependencies are installed.

Running

npm run-script start command in the project root folder will concurrently run ng serve and npm run-script electron to fire up the project. It takes a minute for serve to finish up. Will hopefully fix this soon to wait and reload electron automatically when angular finishes compiling.


To Do

  • Setting up config(s) to point at correct hosting environment(s) for the project in Electron's main.js

  • Correctly exposing index.html to Electron as Angular runs (this has proven difficult to do in one run-script as you cannot chain commands with 'ng serve') - fixing this may fix item 1, as there will be no reference needed to host location.

  • Need to make use of this template to find pain points between frameworks and correct them before they occur in use of the template, to optimize ease of implementation.

  • Need to hide Electron toolbar, or bind to a boolean for end-user(developer).

  • Need to turn template into an installable Angular schematics package.

  • Add implementation example images and videos to README

  • Need to setup custom component generation

  • Need to integrate Electron forge for install generation of finished product(s)


Built With

  • Angular – The web framework used.

  • Phaser – The game framework used.

  • Electron – The software framework used.

  • NodeJS – The Javascript framework and package manager used.

  • Flexbox – The web layout model used.

Authors

  • Tim Barani - Initial work - TBosak

See also the list of contributors who participated in this project.


paypal

Comments
  • Bump @types/node from 14.0.4 to 14.11.5

    Bump @types/node from 14.0.4 to 14.11.5

    Bumps @types/node from 14.0.4 to 14.11.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • [Security] Bump electron from 9.0.0 to 10.1.3

    [Security] Bump electron from 9.0.0 to 10.1.3

    Bumps electron from 9.0.0 to 10.1.3.

    Release notes

    Sourced from electron's releases.

    electron v10.1.3

    Release Notes for v10.1.3

    Fixes

    • Fixed CORS not being disabled by webSecurity: false. #25503 (Also in 9, 10, 11)
    • Fixed ready-to-show event not emitted on some machines. #25476 (Also in 9, 10, 11)
    • Fixed a crash in app.importCertificate() on Linux. #25536 (Also in 9, 10, 11)
    • Fixed a crash when closing window in an event listener after exiting fullscreen on macOS. #25604 (Also in 10, 11)
    • Fixed an issue that could cause a normally-exiting process to fail with an "illegal access" message and exit code 7. #25458 (Also in 8, 9, 10, 11)
    • Fixed an issue where an error would be displayed when using webContents.print() if no default was set and no device name provided. #25606 (Also in 9, 10, 11)
    • Fixed an issue where multiple calls to window.print() could cause a crash. #25530
    • Fixed an issue where pageRanges was not properly honored when printing. #25597 (Also in 10)
    • Fixed crashes caused by attempting to modify destroyed views. #25511 (Also in 9, 10, 11)
    • Fixed the remote-debugging-port discovery page showing garbled text. #25601 (Also in 10, 11)
    • Updated Node root certs to use NSS 3.56. #25361 (Also in 8, 9, 10, 11)

    Other Changes

    • Added a small console hint to console to help debug renderer crashes. #25472 (Also in 9, 10, 11)
    • Fixed resource leak in worker threads. #25662 (Also in 9, 10, 11)
    • Updated Chromium to 85.0.4183.121. #25559

    Unknown

    • Fixed extension background page devtools not being openable. #25566 (Also in 9, 10, 11)

    electron v10.1.2

    Release Notes for v10.1.2

    Fixes

    • Added missing module delay loads on windows to reduce per process reference set impact. #25435 (Also in 9, 10, 11)
    • Fixed a crash in the renderer process when invoking the Badging API. #25369 (Also in 9, 10, 11)
    • Fixed an issue where document.hasFocus and document.activeElement would be inconsistent upon showing a window that was initially created with show: false. #25330 (Also in 10, 11)
    • Fixed client_id file being generated in the working directory for node child process. #25309 (Also in 9, 10, 11)
    • Fixed multiple dock icons being left in system when calling dock.show/hide on macOS. #25299 (Also in 8, 9, 10, 11)

    Other Changes

    • Updated Chromium to 85.0.4183.98. #25275

    Unknown

    • Added support for some chrome.management APIs. #25345 (Also in 9, 10, 11)

    electron v10.1.1

    Release Notes for v10.1.1

    Fixes

    • Fixed an issue where filters set in dialogs on macOS would have nondeterministic ordering. #25192
    • Fixed network permission error when there are multiple WebContents sharing same session are created with web security disabled. #25178
    • Fixed the following issues for frameless when maximized on Windows:
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 2
  • Bump karma from 5.0.9 to 5.1.0

    Bump karma from 5.0.9 to 5.1.0

    Bumps karma from 5.0.9 to 5.1.0.

    Release notes

    Sourced from karma's releases.

    v5.1.0

    5.1.0 (2020-06-11)

    Features

    Changelog

    Sourced from karma's changelog.

    5.1.0 (2020-06-11)

    Features

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 2
  • Bump electron from 9.0.0 to 15.5.5

    Bump electron from 9.0.0 to 15.5.5

    Bumps electron from 9.0.0 to 15.5.5.

    Release notes

    Sourced from electron's releases.

    electron v15.5.5

    Release Notes for v15.5.5

    Other Changes

    • Backported fix for CVE-2022-1482. #34040
    • Backported fix for CVE-2022-1483. #34009
    • Backported fix for CVE-2022-1497. #34075

    electron v15.5.4

    Release Notes for v15.5.4

    Other Changes

    • Backported fix for CVE-2022-1138. #33682
    • Backported fix for CVE-2022-1478. #34045
    • Backported fix for CVE-2022-1479. #34037
    • Backported fix for CVE-2022-1480. #34019
    • Backported fix for CVE-2022-1492. #34051

    electron v15.5.3

    Release Notes for v15.5.3

    Fixes

    • Fixed a network service crash that could occur when using setCertificateVerifyProc. #33256 (Also in 16, 17, 18)
    • shell.openExternal() now reports more detailed errors on Windows. #33656 (Also in 16, 17, 18, 19)

    Other Changes

    • Backported fix for CVE-2022-1134. #33763
    • Backported fix for CVE-2022-1305. #33860
    • Backported fix for CVE-2022-1310. #33831
    • Backported fix for CVE-2022-1314. #33884
    • Backported fix for CVE-2022-1364. #33836
    • Backported fix for chromium:1286816. #33679
    • Backported fix for chromium:1291482. #33676
    • Backported fix for chromium:1310761. #33856
    • Security: backported fix for CVE-2022-0116 and CVE-2022-1306. #33852
    • Security: backported fix for CVE-2022-23308. #33670
    • Security: backported fix for chromium:1280743. #33715
    • Security: backported fix for chromium:1280852. #33673

    electron v15.5.2

    Release Notes for v15.5.2

    Fixes

    • Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #33523 (Also in 16, 18)

    Other Changes

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump electron from 9.0.0 to 13.6.6

    Bump electron from 9.0.0 to 13.6.6

    Bumps electron from 9.0.0 to 13.6.6.

    Release notes

    Sourced from electron's releases.

    electron v13.6.6

    Release Notes for v13.6.6

    Fixes

    • Fixed a JavaScript exception from webContents if render frame was disposed in WebFrameMain, resets the value of render_frame_disposed_ after updating render frame host. #32130 (Also in 14, 15, 16)
    • No Notes. #32241 (Also in 14, 15, 16, 17)

    Other Changes

    • Backported fix for CVE-2021-4056. #32237
    • Backported fix for CVE-2021-4057. #32234
    • Backported fix for CVE-2021-4102. #32194

    electron v13.6.3

    Release Notes for v13.6.3

    Fixes

    • Fixed window frame glitch when calling setContentProtection. #31829 (Also in 14, 15, 16)
    • Generate valid config.gypi file in Node.js headers. #31989 (Also in 14, 15, 16)

    Other Changes

    • Backported fix for CVE-2021-38005. #31921
    • Backported fix for CVE-2021-38007. #31912
    • Backported fix for CVE-2021-38011. #31901

    electron v13.6.2

    Release Notes for v13.6.2

    Fixes

    • Fixed an issue where Content-Disposition filenames would be incorrectly truncated at the first comma for a filename attachment which contained one. #31691 (Also in 14, 15, 16)
    • Fixed an issue which caused print settings to not work properly when printing silently. #31618 (Also in 14, 15, 16)

    Other Changes

    • Backported fix for CVE-2021-37998. #31678
    • Backported fix for CVE-2021-38001. #31673
    • Backported fix for CVE-2021-38002. #31671
    • Backported fix for CVE-2021-38003. #31665
    • Backported fix for chromium:1252858. #31682

    electron v13.6.1

    Release Notes for v13.6.1

    Fixes

    • Fixed an issue where MediaMetadata did not work properly. #31532 (Also in 14, 15, 16)
    • Fixed black window when screen capturing a content-protected BrowserWindow on Windows 10. #31550 (Also in 14, 15, 16)

    Other Changes

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump karma from 5.0.9 to 6.3.14

    Bump karma from 5.0.9 to 6.3.14

    Bumps karma from 5.0.9 to 6.3.14.

    Release notes

    Sourced from karma's releases.

    v6.3.14

    6.3.14 (2022-02-05)

    Bug Fixes

    • remove string template from client code (91d5acd)
    • warn when singleRun and autoWatch are false (69cfc76)
    • security: remove XSS vulnerability in returnUrl query param (839578c)

    v6.3.13

    6.3.13 (2022-01-31)

    Bug Fixes

    • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

    v6.3.12

    6.3.12 (2022-01-24)

    Bug Fixes

    • remove depreciation warning from log4js (41bed33)

    v6.3.11

    6.3.11 (2022-01-13)

    Bug Fixes

    • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

    v6.3.10

    6.3.10 (2022-01-08)

    Bug Fixes

    • logger: create parent folders if they are missing (0d24bd9), closes #3734

    v6.3.9

    6.3.9 (2021-11-16)

    Bug Fixes

    • restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

    ... (truncated)

    Changelog

    Sourced from karma's changelog.

    6.3.14 (2022-02-05)

    Bug Fixes

    • remove string template from client code (91d5acd)
    • warn when singleRun and autoWatch are false (69cfc76)
    • security: remove XSS vulnerability in returnUrl query param (839578c)

    6.3.13 (2022-01-31)

    Bug Fixes

    • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

    6.3.12 (2022-01-24)

    Bug Fixes

    • remove depreciation warning from log4js (41bed33)

    6.3.11 (2022-01-13)

    Bug Fixes

    • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

    6.3.10 (2022-01-08)

    Bug Fixes

    • logger: create parent folders if they are missing (0d24bd9), closes #3734

    6.3.9 (2021-11-16)

    Bug Fixes

    • restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

    6.3.8 (2021-11-07)

    Bug Fixes

    • reporter: warning if stack trace contains generated code invocation (4f23b14)

    ... (truncated)

    Commits
    • c97e562 chore(release): 6.3.14 [skip ci]
    • 91d5acd fix: remove string template from client code
    • 69cfc76 fix: warn when singleRun and autoWatch are false
    • 839578c fix(security): remove XSS vulnerability in returnUrl query param
    • db53785 chore(release): 6.3.13 [skip ci]
    • 5bf2df3 fix(deps): bump log4js to resolve security issue
    • 36ad678 chore(release): 6.3.12 [skip ci]
    • 41bed33 fix: remove depreciation warning from log4js
    • c985155 docs: create security.md
    • c96f0c5 chore(release): 6.3.11 [skip ci]
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump electron from 9.0.0 to 11.5.0

    Bump electron from 9.0.0 to 11.5.0

    Bumps electron from 9.0.0 to 11.5.0.

    Release notes

    Sourced from electron's releases.

    electron v11.5.0

    Release Notes for v11.5.0

    Other Changes

    • Security: Backported fix for 1227933. #30614 (Also in 12)
    • Security: Backported fix for 1231134. #30761
    • Security: Backported fix for 1233564. #30755
    • Security: Backported fix for 1234009. #30751
    • Security: Backported fix for 1234764. #30659 (Also in 12)

    End of Support for 11.x.y

    Electron 11.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

    electron v11.4.12

    Release Notes for v11.4.12

    Fixes

    electron v11.4.11

    Release Notes for v11.4.11

    Other Changes

    • Security: backported fix for 1205059,1196302. #30267
    • Security: backported fix for CVE-2021-30541. #30200
    • Security: backported fix for CVE-2021-30560. #30183
    • Security: backported fix for CVE-2021-30562. #30196
    • Security: backported fix for CVE-2021-30563. #30199
    • Security: backported fix for CVE-2021-30568. #30228
    • Security: backported fix for CVE-2021-30569. #30296
    • Security: backported fix for CVE-2021-30572. #30262
    • Security: backported fix for CVE-2021-30573. #30253

    electron v11.4.10

    Release Notes for v11.4.10

    Other Changes

    • Backported fix for chromium:1211215. #29785
    • Security: backported fix for CVE-2021-30522. #29879
    • Security: backported fix for CVE-2021-30523. #29877
    • Security: backported fix for CVE-2021-30547. #29790
    • Security: backported fix for CVE-2021-30553. #29819
    • Security: backported fix for CVE-2021-30554. #29823
    • Security: backported fix for chromium:1194689. #29817
    • Security: backported fix for chromium:1209558. #29815

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump @types/node from 14.0.4 to 16.4.7

    Bump @types/node from 14.0.4 to 16.4.7

    Bumps @types/node from 14.0.4 to 16.4.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump @types/node from 14.0.4 to 16.4.6

    Bump @types/node from 14.0.4 to 16.4.6

    Bumps @types/node from 14.0.4 to 16.4.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump @types/node from 14.0.4 to 16.4.5

    Bump @types/node from 14.0.4 to 16.4.5

    Bumps @types/node from 14.0.4 to 16.4.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump @types/node from 14.0.4 to 16.4.3

    Bump @types/node from 14.0.4 to 16.4.3

    Bumps @types/node from 14.0.4 to 16.4.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump electron from 9.0.0 to 18.3.7

    Bump electron from 9.0.0 to 18.3.7

    Bumps electron from 9.0.0 to 18.3.7.

    Release notes

    Sourced from electron's releases.

    electron v18.3.7

    Release Notes for v18.3.7

    Fixes

    • Fixed WCO not responding to touch events on windows. #35177 (Also in 19, 20)
    • Fixed webContents.getUserAgent() incorrectly returning an empty string unless previously set. #35130 (Also in 17, 19, 20)
    • Fixed an issue in which calling setBounds() after e.preventDefault in a 'will-move' or 'will-resize' event wouldn't change the window's shape until the mouse button was released. #35082 (Also in 19, 20)
    • Fixed context menu not showing all items on macOS when dock is not hidden. #35198 (Also in 19)
    • None. #35171 (Also in 19, 20)

    Other Changes

    • Fixed page size always being restricted to 4k on Linux arm64. #35184
    • Security: backported fix for CVE-2022-2478. #35099
    • Security: backported fix for chromium:1334864. #35097

    electron v18.3.6

    Release Notes for v18.3.6

    Fixes

    • Fixed a crash when calling BrowserWindow.setEnabled(). #34973 (Also in 19, 20)
    • Fixed a potential crash when changing window settings after initializing WCO with an invalid titleBarStyle. #34873 (Also in 17, 19, 20)
    • Fixed alwaysOnTop BrowserWindow option for X11 Linux. #34911 (Also in 19, 20)
    • Fixed an issue where BrowserWindows on macOS were incorrectly marked as resizable. #34907 (Also in 19, 20)
    • Fixed an issue where Windows Control Overlay buttons did not respect maximizable/minimizable/closable states of a BrowserWindow. #34720 (Also in 17, 19, 20)
    • Fixed an issue where calling BrowserWindow.setRepresentedFilename on macOS with titlebarStyle: 'hiddenInset' or titlebarStyle: 'hidden' inadvertently moves the traffic light location. #34847 (Also in 19, 20)
    • Fixed an issue where some BrowserWindows opened from new links wouldn't properly load URLs. #34910 (Also in 19)
    • Fixed an issue where the minimize button with WCO enabled would incorrectly be highlighted in some cases. #34838 (Also in 17, 19, 20)
    • Fixed an issue with background colors being improperly applied to BrowserViews on Windows. #33478 (Also in 16)
    • Fixed empty app_id when running under wayland. #34877 (Also in 19, 20)
    • Fixed missing Sec-CH-UA headers and empty navigator.userAgentData. #34758 (Also in 17, 19, 20)
    • Fixed symbol generation on 32-bit Windows release builds. #35096 (Also in 19, 20)
    • Prevent brief display of "Ozone X11" in window title on Linux. #34943

    Other Changes

    • Backported fix for CVE-2022-2294. #34882
    • Security: backported fix for 1287804. #35102
    • Security: backported fix for 1333333. #34689
    • Security: backported fix for 1335054. #34687
    • Security: backported fix for 1335458. #34685
    • Security: backported fix for 1336014. #35004
    • Security: backported fix for 1339844. #35002
    • Security: backported fix for 1340335. #35000
    • Security: backported fix for 1340654. #34998
    • Security: backported fix for CVE-2022-2162. #34714
    • Security: backported fix for CVE-2022-2295. #34881

    electron v18.3.5

    Release Notes for v18.3.5

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump @angular/core from 9.1.6 to 11.0.5

    Bump @angular/core from 9.1.6 to 11.0.5

    Bumps @angular/core from 9.1.6 to 11.0.5.

    Changelog

    Sourced from @​angular/core's changelog.

    11.0.5 (2020-12-16)

    Bug Fixes

    • compiler: handle strings inside bindings that contain binding characters (#39826) (f5aab2b), closes #39601
    • core: fix possible XSS attack in development through SSR. (#40136) (0aa220b)
    • core: set ngDevMode to false when calling enableProdMode() (#40124) (922f492)
    • upgrade: fix HMR for hybrid applications (#40045) (c4c7509), closes #39935

    11.0.4 (2020-12-09)

    Bug Fixes

    • animations: implement getPosition in browser animation builder (#39983) (5a765f0)
    • compiler-cli: correct incremental behavior even with broken imports (#39967) (adeeb84)
    • compiler-cli: remove the concept of an errored trait (#39967) (0aa35ec)
    • compiler-cli: track poisoned scopes with a flag (#39967) (178cc51)
    • core: remove application from the testability registry when the root view is removed (#39876) (3680ad1), closes #22106
    • core: unsubscribe from the onError when the root view is removed (#39940) (35309bb)
    • language-service: do not return external template that does not exist (#39898) (6b6fcd7)
    • language-service: do not treat file URIs as general URLs (#39917) (829988b)
    • service-worker: handle error with ErrorHandler (#39990) (588dbd3), closes #39913
    • upgrade: avoid memory leak when removing downgraded components (#39965) (97310d3), closes #26209 #39911 #39921

    Performance Improvements

    • animations: use ngDevMode to tree-shake warning (#39964) (72aad32)
    • common: use ngDevMode to tree-shake warnings (#39964) (bf3de9b)
    • core: use ngDevMode to tree-shake checkNoChanges (#39964) (2fbb684)
    • core: use ngDevMode to tree-shake warnings (#39959) (1e3534f)
    • forms: use ngDevMode to tree-shake _ngModelWarning (#39964) (735556d)

    11.0.3 (2020-12-02)

    Bug Fixes

    • animations: getAnimationStyle causes exceptions in older browsers (#29709) (cb1d77a)
    • animations: replace copy of query selector node-list from "spread" to "for" (#39646) (e95cd2a), closes #38551
    • common: Prefer to use pageXOffset / pageYOffset instance of scrollX / scrollY (#28262) (5692607)
    • compiler: ensure that placeholders have the correct sourceSpan (#39717) (8ec7156), closes #39671

    ... (truncated)

    Commits
    • 922f492 fix(core): set ngDevMode to false when calling enableProdMode() (#40124)
    • 0aa220b fix(core): fix possible XSS attack in development through SSR. (#40136)
    • f5aab2b fix(compiler): handle strings inside bindings that contain binding characters...
    • 2fbb684 perf(core): use ngDevMode to tree-shake checkNoChanges (#39964)
    • 1e3534f perf(core): use ngDevMode to tree-shake warnings (#39959)
    • 35309bb fix(core): unsubscribe from the onError when the root view is removed (#39940)
    • 3680ad1 fix(core): remove application from the testability registry when the root vie...
    • 37bb320 test(core): verify onDestroy callbacks are invoked when ComponentRef is des...
    • 75e22ab fix(core): not invoking object's toString when rendering to the DOM (#39843)
    • 01c1bfd fix(core): Ensure OnPush ancestors are marked dirty when events occur (#39833)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump karma from 5.0.9 to 6.3.16

    Bump karma from 5.0.9 to 6.3.16

    Bumps karma from 5.0.9 to 6.3.16.

    Release notes

    Sourced from karma's releases.

    v6.3.16

    6.3.16 (2022-02-10)

    Bug Fixes

    • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

    v6.3.15

    6.3.15 (2022-02-05)

    Bug Fixes

    v6.3.14

    6.3.14 (2022-02-05)

    Bug Fixes

    • remove string template from client code (91d5acd)
    • warn when singleRun and autoWatch are false (69cfc76)
    • security: remove XSS vulnerability in returnUrl query param (839578c)

    v6.3.13

    6.3.13 (2022-01-31)

    Bug Fixes

    • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

    v6.3.12

    6.3.12 (2022-01-24)

    Bug Fixes

    • remove depreciation warning from log4js (41bed33)

    v6.3.11

    6.3.11 (2022-01-13)

    Bug Fixes

    • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

    ... (truncated)

    Changelog

    Sourced from karma's changelog.

    6.3.16 (2022-02-10)

    Bug Fixes

    • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

    6.3.15 (2022-02-05)

    Bug Fixes

    6.3.14 (2022-02-05)

    Bug Fixes

    • remove string template from client code (91d5acd)
    • warn when singleRun and autoWatch are false (69cfc76)
    • security: remove XSS vulnerability in returnUrl query param (839578c)

    6.3.13 (2022-01-31)

    Bug Fixes

    • deps: bump log4js to resolve security issue (5bf2df3), closes #3751

    6.3.12 (2022-01-24)

    Bug Fixes

    • remove depreciation warning from log4js (41bed33)

    6.3.11 (2022-01-13)

    Bug Fixes

    • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

    6.3.10 (2022-01-08)

    Bug Fixes

    • logger: create parent folders if they are missing (0d24bd9), closes #3734

    ... (truncated)

    Commits
    • ab4b328 chore(release): 6.3.16 [skip ci]
    • ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
    • c1befa0 chore(release): 6.3.15 [skip ci]
    • d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
    • 653c762 ci: prevent duplicate CI tasks on creating a PR
    • c97e562 chore(release): 6.3.14 [skip ci]
    • 91d5acd fix: remove string template from client code
    • 69cfc76 fix: warn when singleRun and autoWatch are false
    • 839578c fix(security): remove XSS vulnerability in returnUrl query param
    • db53785 chore(release): 6.3.13 [skip ci]
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump node-fetch from 2.6.0 to 3.1.1

    Bump node-fetch from 2.6.0 to 3.1.1

    Bumps node-fetch from 2.6.0 to 3.1.1.

    Release notes

    Sourced from node-fetch's releases.

    v3.1.1

    Security patch release

    Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

    What's Changed

    New Contributors

    Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.1

    v3.1.0

    What's Changed

    ... (truncated)

    Changelog

    Sourced from node-fetch's changelog.

    Changelog

    All notable changes will be recorded here.

    The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

    What's Changed

    New Contributors

    Full Changelog: https://github.com/node-fetch/node-fetch/compare/v3.1.0...v3.1.2

    3.1.0

    What's Changed

    ... (truncated)

    Commits
    Maintainer changes

    This version was pushed to npm by endless, a new releaser for node-fetch since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • [Security] Bump tar from 4.4.13 to 4.4.15

    [Security] Bump tar from 4.4.13 to 4.4.15

    Bumps tar from 4.4.13 to 4.4.15. This update includes security fixes.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

    Impact

    Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution

    node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example /home/user/.bashrc would turn into home/user/.bashrc.

    This logic was insufficient when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite.

    Patches

    3.2.2 || 4.4.14 || 5.0.6 || 6.1.1

    NOTE: an adjacent issue CVE-2021-32803 affects this release level. Please ensure you update to the latest patch levels that address CVE-2021-32803 as well if this adjacent issue affects your node-tar use case.

    Workarounds

    Users may work around this vulnerability without upgrading by creating a custom onentry method which sanitizes the entry.path or a filter method which removes entries with absolute paths.

    const path = require('path')
    </tr></table> 
    

    ... (truncated)

    Affected versions: >= 4.0.0 < 4.4.14

    Sourced from The GitHub Security Advisory Database.

    Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

    Impact

    Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution

    node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.

    This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the node-tar directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where node-tar checks for symlinks occur.

    By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.

    This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.

    Patches

    3.2.3 || 4.4.15 || 5.0.7 || 6.1.2

    Workarounds

    Users may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.

    ... (truncated)

    Affected versions: >= 4.0.0 < 4.4.15

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 0
  • [Security] Bump browserslist from 4.12.0 to 4.16.7

    [Security] Bump browserslist from 4.12.0 to 4.16.7

    Bumps browserslist from 4.12.0 to 4.16.7. This update includes a security fix.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Regular Expression Denial of Service in browserslist The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

    Affected versions: >= 4.0.0 < 4.16.5

    Changelog

    Sourced from browserslist's changelog.

    4.16.7

    • Fixed oudated caniuse-lite warning text (by Paul Verest).
    • Fixed docs (by Alexander Belov).

    4.16.6

    • Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).

    4.16.5

    • Fixed unsafe RegExp (by Yeting Li).

    4.16.4

    • Fixed unsafe RegExp.
    • Added artifactory support to --update-db (by Ittai Baratz).

    4.16.3

    • Fixed --update-db.

    4.16.2

    4.16.1

    • Fixed Chrome 4 with mobileToDesktop (by Aron Woost).

    4.16

    • Add browserslist config query.

    4.15

    • Add TypeScript types (by Dmitry Semigradsky).

    4.14.7

    • Fixed Yarn Workspaces support to --update-db (by Fausto Núñez Alberro).
    • Added browser changes to --update-db (by @​AleksandrSl).
    • Added color output to --update-db.
    • Updated package.funding to have link to our Open Collective.

    4.14.6

    • Fixed Yarn support in --update-db (by Ivan Storck).
    • Fixed npm 7 support in --update-db.

    4.14.5

    • Fixed last 2 electron versions query (by Sergey Melyukov).

    4.14.4

    • Fixed Unknown version 59 of op_mob error.

    4.14.3

    • Update Firefox ESR.

    4.14.2

    • Fixed --update-db on Windows (by James Ross).

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies security 
    opened by dependabot-preview[bot] 0
Releases(1.02)
Owner
Tim B
Tim B
Catberry is an isomorphic framework for building universal front-end apps using components, Flux architecture and progressive rendering.

Catberry What the cat is that? Catberry was developed to help create "isomorphic/Universal" Web applications. Long story short, isomorphic/universal a

Catberry.js 801 Dec 20, 2022
:seedling: Next-Gen AI-Assisted Isomorphic Application Engine for Embedded, Console, Mobile, Server and Desktop

lychee.js Mono Repository Important Notes to follow through Installation Quirks: The lycheejs-engine Repository needs to be installed to the path /opt

Cookie Engineer 791 Dec 31, 2022
A template project for building high-performance, portable, and safe serverless functions in Vercel.

Tutorial | Demo for image processing | Demo for tensorflow This is a Next.js project bootstrapped with create-next-app. This project is aimed to demon

Second State 63 Dec 8, 2022
Meteor, the JavaScript App Platform

Meteor is an ultra-simple environment for building modern web applications. With Meteor you write apps: in modern JavaScript that send data over the w

Meteor 43.2k Jan 9, 2023
Realtime.js - a fast frontend framework based on Web-Components.

Realtime.js is a fast frontend framework based on Web-Components and Proxies. It has a lot of features to simplify your way of live as a vanillajs developer. The framework is programmed in such a way, that you can edit it yourself if you need additional features.

Kilian Hertel 7 Nov 1, 2022
🍔 A Node.js Serverless Framework for front-end/full-stack developers. Build the application for next decade. Works on AWS, Alibaba Cloud, Tencent Cloud and traditional VM/Container. Super easy integrate with React and Vue. 🌈

Midway - 一个面向未来的云端一体 Node.js 框架 English | 简体中文 ?? 欢迎观看 Midway Serverless 2.0 发布会回放: https://www.bilibili.com/video/BV17A411T7Md 《Midway Serverless 发布

Midway.js 6.3k Jan 8, 2023
MVC framework making it easy to write realtime, collaborative applications that run in both Node.js and browsers

Derby The Derby MVC framework makes it easy to write realtime, collaborative applications that run in both Node.js and browsers. Derby includes a powe

DerbyJS 4.7k Dec 23, 2022
LoopBack makes it easy to build modern API applications that require complex integrations.

LoopBack makes it easy to build modern applications that require complex integrations. Fast, small, powerful, extensible core Generate real APIs with

StrongLoop and IBM API Connect 4.4k Jan 4, 2023
API Services Made Easy With Node.js

Nodal API Services Made Easy with Node.js View the website at nodaljs.com. Nodal is a web server and opinionated framework for building data manipulat

Keith Horwood 4.5k Dec 26, 2022
Create GraphQL schema and resolvers with TypeScript, using classes and decorators!

TypeGraphQL Create GraphQL schema and resolvers with TypeScript, using classes and decorators! https://typegraphql.com/ Introduction TypeGraphQL makes

Michał Lytek 7.6k Jan 9, 2023
Expressive middleware for node.js using ES2017 async functions

Expressive HTTP middleware framework for node.js to make web applications and APIs more enjoyable to write. Koa's middleware stack flows in a stack-li

Koa.js 33.5k Jan 4, 2023
Application structure for new adonis app, think of it as scaffolding a new project

AdonisJs Application This repo is the pre-configured project structure to be used for creating ambitious web servers using AdonisJs. Make sure to star

AdonisJS Framework 375 Oct 15, 2022
A framework for real-time applications and REST APIs with JavaScript and TypeScript

A framework for real-time applications and REST APIs with JavaScript and TypeScript Feathers is a lightweight web-framework for creating real-time app

Feathers 14.3k Jan 1, 2023
A progressive Node.js framework for building efficient, scalable, and enterprise-grade server-side applications on top of TypeScript & JavaScript (ES6, ES7, ES8) 🚀

A progressive Node.js framework for building efficient and scalable server-side applications. Description Nest is a framework for building efficient,

nestjs 53.2k Dec 31, 2022
🥚 Born to build better enterprise frameworks and apps with Node.js & Koa

Features Built-in Process Management Plugin System Framework Customization Lots of plugins Quickstart Follow the commands listed below. $ mkdir showca

egg 18.3k Dec 29, 2022
Fast and low overhead web framework, for Node.js

An efficient server implies a lower cost of the infrastructure, a better responsiveness under load and happy users. How can you efficiently handle the

Fastify 26k Jan 2, 2023
🚀 The Node.js Framework highly focused on developer ergonomics, stability and confidence

Sponsored by FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in Ind

AdonisJS Framework 13.4k Dec 31, 2022
Marble.js - functional reactive Node.js framework for building server-side applications, based on TypeScript and RxJS.

Functional reactive Node.js framework for building server-side applications, based on TypeScript and RxJS. Ecosystem Name Description @marblejs/core F

Marble.js 2.1k Dec 16, 2022
Easily add filtering, sorting, and pagination to your Node.js REST API through your old friend: the query string!

QueryQL QueryQL makes it easy to add filtering, sorting, and pagination to your Node.js REST API through your old friend: the query string! Read our i

Truepic 99 Dec 27, 2022