Bump the npm_and_yarn group across 1 directory with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
moment	2.29.3	2.29.4
json5	2.2.1	2.2.3
@babel/traverse	7.18.5	7.27.1
@grpc/grpc-js	1.8.2	1.13.3
@hashgraph/sdk	2.28.0	2.64.5
braces	3.0.2	3.0.3
got	9.6.0	removed
nodemon	2.0.18	2.0.22
tough-cookie	4.0.0	4.1.4
word-wrap	1.2.3	1.2.5

Updates moment from 2.29.3 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• See full diff in compare view

Updates json5 from 2.2.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates @babel/traverse from 7.18.5 to 7.27.1

Release notes

Sourced from @​babel/traverse's releases.

v7.27.1 (2025-04-30)

Thanks @​kermanx and @​woaitsAryan for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17254 Allow using of as lexical declaration within for (@​JLHwung)
  • #17230 Disallow get/set in TSPropertySignature (@​JLHwung)
• babel-parser, babel-types
  • #17193 Stricter TSImportType options parsing (@​JLHwung)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse
  • #17137 fix: do expressions should allow early exit (@​kermanx)
• babel-helper-wrap-function, babel-plugin-transform-async-to-generator
  • #17251 Fix: propagate argument evaluation errors through async promise chain (@​magic-akari)
• babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator
  • #17231 fix apply()/call() annotated as pure (@​Lacsw)
• babel-helper-fixtures, babel-parser
  • #17233 Create ChainExpression within TSInstantiationExpression (@​JLHwung)
• babel-generator, babel-parser
  • #17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@​JLHwung)
• babel-parser
  • #17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@​JLHwung)
  • #17080 Fix start of TSParameterProperty (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17228 Update firefox bugfix compat data (@​JLHwung)
• babel-traverse
  • #17156 fix: Objects and arrays with multiple references should not be evaluated (@​liuxingbaoyu)
• babel-generator
  • #17216 Fix: support const type parameter in generator (@​JLHwung)

💅 Polish

• babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse
  • #17221 Reduce generated names size for the 10th-11th (@​nicolo-ribaudo)

🏠 Internal

• babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17263 Remove unused regenerator-runtime dep in @babel/runtime (@​nicolo-ribaudo)
• babel-compat-data, babel-preset-env
  • #17256 Tune plugin compat data (@​JLHwung)
• babel-compat-data, babel-standalone
  • #17236 migrate babel-compat-data build script to mjs (@​JLHwung)
• babel-register
  • #16844 Migrate @babel/register to cts (@​liuxingbaoyu)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
• All packages
  • #17207 Enforce node protocol import (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

• babel-parser
  • #17254 Allow using of as lexical declaration within for (@​JLHwung)
  • #17230 Disallow get/set in TSPropertySignature (@​JLHwung)
• babel-parser, babel-types
  • #17193 Stricter TSImportType options parsing (@​JLHwung)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse
  • #17137 fix: do expressions should allow early exit (@​kermanx)
• babel-helper-wrap-function, babel-plugin-transform-async-to-generator
  • #17251 Fix: propagate argument evaluation errors through async promise chain (@​magic-akari)
• babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator
  • #17231 fix apply()/call() annotated as pure (@​Lacsw)
• babel-helper-fixtures, babel-parser
  • #17233 Create ChainExpression within TSInstantiationExpression (@​JLHwung)
• babel-generator, babel-parser
  • #17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@​JLHwung)
• babel-parser
  • #17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@​JLHwung)
  • #17080 Fix start of TSParameterProperty (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17228 Update firefox bugfix compat data (@​JLHwung)
• babel-traverse
  • #17156 fix: Objects and arrays with multiple references should not be evaluated (@​liuxingbaoyu)
• babel-generator
  • #17216 Fix: support const type parameter in generator (@​JLHwung)

💅 Polish

• babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse
  • #17221 Reduce generated names size for the 10th-11th (@​nicolo-ribaudo)

🏠 Internal

• babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #17263 Remove unused regenerator-runtime dep in @babel/runtime (@​nicolo-ribaudo)
• babel-compat-data, babel-preset-env
  • #17256 Tune plugin compat data (@​JLHwung)
• babel-compat-data, babel-standalone
  • #17236 migrate babel-compat-data build script to mjs (@​JLHwung)
• Other
  • #17232 Bump typescript-eslint to 8.29.1 (@​JLHwung)
  • #17219 test: add basic typescript-eslint integration tests (@​JLHwung)
  • #17205 Inline regenerator in the relevant packages (@​nicolo-ribaudo)
• babel-register
  • #16844 Migrate @babel/register to cts (@​liuxingbaoyu)
• babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types
  • #17207 Enforce node protocol import (@​JLHwung)
• babel-plugin-transform-regenerator

... (truncated)

Commits

• eebd3a0 v7.27.1
• 62af1a6 fix: do expressions should allow early exit (#17137)
• 8e23272 [Babel 8] perf: Improve traverse performance (#16965)
• 9a40d85 [Babel 8]: Remove record and tuple syntax support (#17242)
• 4d39e9d Harden variable declarator validations (#17217)
• 6cd1c60 Reduce generated names size for the 10th-11th (#17221)
• a5c8992 fix: Objects and arrays with multiple references should not be evaluated (#17...
• fdc0fb5 [Babel 8] Bump nodejs requirements to ^20.19.0 || >= 22.12.0 (#17204)
• 5c350ea v7.27.0
• 582538c Allow traverseFast to exit early (#17169)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 1.8.2 to 1.13.3

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.13.3

• Disable Nagle's algorithm (#2936)
• Avoid calling http2.getDefaultSettings (#2937)

@​grpc/grpc-js 1.13.2

• Fix a bug that caused clients to be unable to connect through local proxies (#2933)

@​grpc/grpc-js 1.13.1

• Fix a bug that caused the rejectUnauthorized channel credentials option to be handled incorrectly (#2926)
• Fix a bug that caused the client to never send retries if any retryThrottling config was set (#2927)
• Fix a bug that caused clients to incorrectly send retries if the feature was disabled by a channel option and a retry config was provided (#2927)

@​grpc/grpc-js-xds 1.13.0

• Implement gRFC A29: xDS-Based Security for gRPC Clients and Servers (#2837, #2866)
• Fix aggregate cluster behavior (gRFC A75) (#2844)
• Include validation error details when NACKing invalid resources (#2902)
• Proactively connect in more cases when using the ring_hash load balancing policy (#2904)

@​grpc/grpc-js 1.13.0

Changelog

• Add support for channel option grpc-node.flow_control_window to control HTTP/2 flow control window size (#2864 contributed by @​rickihastings)
• Show meaningful error messages more consistently when requests fail (#2868)
• Add support for CIDR blocks in no_proxyenvironment variable (#2876 contributed by @​melkouri)
• Fix a bug that caused server interceptor sendMetadata methods to not be called if the server interceptor did not explicitly send metadata (#2897)
• Fix IPv6-mapped IPv4 address parsing in channelz, and represent them as IPv4 addresses (#2909)

Experimental API changes

Added:

• SecureConnector
• SecureConnectResult
• SUBCHANNEL_ARGS_EXCLUDE_KEY_PREFIX
• Server#experimentalRegisterListenerToChannelz protected method
• ServerexperimentalUnregisterListenerFromChannelz protected method
• Server#experimentalCreateConnectionInjectorWithChannelzRef protected method

Modified:

• LoadBalancer: Removed the ChannelCredentials constructor argument
• LoadBalancer: Removed the ChannelOptions constructor argument
• LoadBalancer#updateAddressList: Replaced the attributes argument with one of type ChannelOptions.
• ChannelControlHelper#createSubchannel: Removed the ChannelCredentials argument
• LeafLoadBalancer: Removed the ChannelCredentials constructor argument

@​grpc/grpc-js@​1.12.6

• Allow garbage collection of IDLE channels (#2896)

@​grpc/grpc-js 1.12.5

... (truncated)

Commits

• 863a81a Merge pull request #2940 from murgatroid99/grpc-js_1.13.3
• 75a96ec grpc-js: Bump to 1.13.3
• 07486d8 Merge pull request #2937 from murgatroid99/grpc-js_avoid_getDefaultSettings
• 6f916c9 Merge pull request #2936 from murgatroid99/grpc-js_disable_nagle
• 482006e grpc-js: Avoid calling http2.getDefaultSettings
• 6168fe8 grpc-js: Disable Nagle's Algorithm
• 9652680 Merge pull request #2933 from murgatroid99/grpc-js_channel_options_fix
• bdcbdf4 grpc-js: Consistently reference the same options object in the channel constr...
• b937786 Merge pull request #2928 from murgatroid99/grpc-js_1.13.1
• 2bb7eae grpc-js: Bump to 1.13.1
• Additional commits viewable in compare view

Updates @hashgraph/sdk from 2.28.0 to 2.64.5

Release notes

Sourced from @​hashgraph/sdk's releases.

v2.64.5

What's Changed

• chore(release): v2.64.5 by @​ivaylogarnev-limechain in hiero-ledger/hiero-sdk-js#3110

Full Changelog: hiero-ledger/hiero-sdk-js@v2.64.4...v2.64.5

v2.64.3

What's Changed

• chore(release): v2.64.3 by @​ivaylogarnev-limechain in hiero-ledger/hiero-sdk-js#3106

Full Changelog: hiero-ledger/hiero-sdk-js@v2.64.2...v2.64.3

v2.64.0-beta.1

What's Changed

• chore: Renamed TCK client image by @​ivaylogarnev-limechain in hiero-ledger/hiero-sdk-js#3058
• chore(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot in hiero-ledger/hiero-sdk-js#3062
• chore(deps): bump renovatebot/github-action from 41.0.20 to 41.0.21 by @​dependabot in hiero-ledger/hiero-sdk-js#3060
• chore(deps): bump actions/setup-java from 4.7.0 to 4.7.1 by @​dependabot in hiero-ledger/hiero-sdk-js#3036
• feat: update protobufs 0.61 by @​ivaylonikolov7 in hiero-ledger/hiero-sdk-js#3066
• chore(TCK): Added airdropToken endpoint by @​ivaylogarnev-limechain in hiero-ledger/hiero-sdk-js#3067
• feat: transaction retry on THROTTLED_AT_CONSENSUS by @​ivaylonikolov7 in hiero-ledger/hiero-sdk-js#3065
• chore(deps): bump renovatebot/github-action from 41.0.21 to 41.0.22 by @​dependabot in hiero-ledger/hiero-sdk-js#3074
• feat: extend set key with alias to work with public ecdsa keys by @​venilinvasilev in hiero-ledger/hiero-sdk-js#3051
• fix: update README.md by @​SimiHunjan in hiero-ledger/hiero-sdk-js#3026
• chore(TCK): Added retry on unhealthy local node by @​ivaylogarnev-limechain in hiero-ledger/hiero-sdk-js#3077
• feat: HIP 551 by @​ivaylonikolov7 in hiero-ledger/hiero-sdk-js#3039
• chore(release): v2.64.0 beta.1 by @​ivaylonikolov7 in hiero-ledger/hiero-sdk-js#3078

Full Changelog: hiero-ledger/hiero-sdk-js@v2.63.0...v2.64.0-beta.1

v2.63.0

This release introduces various enhancements to the Hedera JavaScript SDK, including improved browser support, extended ECDSA functionality, better error handling, and internal optimizations.

Enhancements

• UMD Browser Support: Added a UMD example demonstrating usage of the SDK in browser environments. #3028

• PrivateKey Recovery ID Calculation: Added PrivateKey.getRecoveryId(r, s, message) method to enable recovery ID (v) calculation from raw ECDSA signature components. This addition allows developers to compute the recovery ID directly, enabling full support for signing and serializing Ethereum transactions (including EIP-155) within the SDK. It enhances compatibility with external Ethereum clients and tooling. #3021

• Ethereum Address Example: Added an example demonstrating how to sign and recover Ethereum addresses using the Hedera SDK, Ethereum-style signature hashing (EIP-191), and the ecrecover contract. #3029

• Dynamic Protobuf Generation: Implemented dynamic generation of RequestType.js and Status.js by parsing protobuf definitions. #3018

• Improved Query Reliability: Enhanced reliability of getReceiptQuery and getRecordQuery, which are single-node requests. These queries now retry up to 10 times with a delay when encountering node-specific issues (e.g., "All nodes are unhealthy") to handle transient network or node health problems more gracefully. #3038

• Internal Code Optimization: Extracted _makePaymentTransaction function used by both Query and CostQuery for initiating payment transactions. #3017

... (truncated)

Changelog

Sourced from @​hashgraph/sdk's changelog.

v2.64.5

Added

• Support for HIP-1064 Daily Rewards For Active Nodes https://hips.hedera.com/hip/hip-1064 This HIP proposes a reward mechanism that will incentivize nodes to remain active on the network. #3099
  • NodeCreateTransaction declineReward: whether the node declines rewards
  • NodeCreateTransaction setDeclineReward: update whether the node declines reward
• Added the x-user-agent header to all gRPC calls to enable SDK version tracking, following the approach outlined in #3089
• Included examples that demonstrate proper error handling in realistic, real-world scenarios, including how to manage network connectivity issues when interacting with a single node. #3064

v2.64.0-beta.1

Added

• Support for HIP-551 Batch Transaction https://hips.hedera.com/hip/hip-551 It defines a mechanism to execute batch transactions such that a series of transactions (HAPI calls) depending on each other can be rolled into one transaction that passes the ACID test (atomicity, consistency, isolation, and durability). #3039
  • New BatchTransaction struct that has a list of innerTransactions and innerTransactionIds.
  • New batchKey field in Transaction class that must sign the BatchTransaction
  • New batchify method that sets the batch key and marks a transaction as part of a batch transaction (inner transaction). The transaction is signed by the client of the operator and frozen.
• Extend setKeyWithAlias funcs to support PublicKey. #3051
• Enhancing the retry mechanism for the status code THROTTLED_AT_CONSENSUS using backoffs retry mechanism. #3065 #3076

v2.63.0

Added

• Added a UMD example demonstrating usage of the SDK in browser environments #3028
• Added PrivateKey.getRecoveryId(r, s, message) method to enable recovery ID (v) calculation from raw ECDSA signature components.
  This addition allows developers to compute the recovery ID directly, enabling full support for signing and serializing Ethereum transactions (including EIP-155) within the SDK. It enhances compatibility with external Ethereum clients and tooling. #3021
• Added an example demonstrating how to sign and recover Ethereum addresses using the Hedera SDK, Ethereum-style signature hashing (EIP-191), and the ecrecover contract. #3029
• Implemented dynamic generation of RequestType.js and Status.js by parsing protobuf definitions. #3018

Changed

• Improved reliability of getReceiptQuery and getRecordQuery, which are single-node requests. These queries now retry up to 10 times with a delay when encountering node-specific issues (e.g., "All nodes are unhealthy") to handle transient network or node health problems more gracefully. #3038
• Extracted _makePaymentTransaction function used by both Query and CostQuery for initiating payment transactions. The filename begins with an underscore to indicate it is not meant for public use and is placed in the queries folder to clearly indicate its internal scope. #3017
• Fixed a bug in TopicUpdateTransaction related to the handling of feeExemptKeys and customFees properties when they are unset. Previously, the transaction would include empty arrays for these fields, unintentionally clearing existing values on the topic. This change ensures that unset properties are treated as null, preserving existing topic configurations.#3031
• Updated README.md to reflect support for the UMD package #3028

Removed

• MyHbarWallet gRPC web proxies #3053

v2.63.0-beta.1

Changed

• Replaced elliptic package with @​noble/curves package by @​venilinvasilev in #2937

Unlike elliptic, @​noble/curves automatically enforces a normalized s value in ECDSA signatures, aligning with best practices in cryptographic security. This ensures better interoperability while preventing malleability-related issues.

... (truncated)

Commits

• ce932c0 chore(release): v2.64.5 (#3110)
• 3884731 chore(release): v2.64.4 (#3108)
• 4b7d56e chore(release): v2.64.3 (#3106)
• 127c849 chore(release): v2.64.2 (#3105)
• 6bb943d chore(release): v2.64.1 (#3104)
• 555800f chore(release): v2.64.0 (#3103)
• 35f73cb feat: HIP 1064 (#3099)
• 16304c2 feat: SDK Metrics (#3089)
• 40b0758 chore(deps): bump renovatebot/github-action from 41.0.22 to 42.0.1 (#3090)
• dc1db24 feat: Add examples with error handling (#3064)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hedera-eng-automation, a new releaser for @​hashgraph/sdk since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates crypto-js from 4.1.1 to 4.2.0

Commits

• 808f499 Merge branch 'release/4.2.0'
• d5af3ae Update release notes.
• 9496e07 Bump version.
• 421dd53 Change default hash algorithm and iteration's for PBKDF2 to prevent weak secu...
• d1f4f4d Update grunt.
• c755289 Discontinued
• 1da3dab Discontinued
• 4dcaa7a Merge pull request #380 from Alanscut/dev
• 762feb2 chore: rename BF to Blowfish
• fb81418 feat: blowfish support
• Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• Additional commits viewable in compare view

Removes got

Updates nodemon from 2.0.18 to 2.0.22

Release notes

Sourced from nodemon's releases.

v2.0.22

2.0.22 (2023-03-22)

Bug Fixes

• remove ts mapping if loader present (f7816e4), closes #2083

v2.0.21

2.0.21 (2023-03-02)

Bug Fixes

• remove ts mapping if loader present (1468397), closes #2083

v2.0.20

2.0.20 (2022-09-16)

Bug Fixes

• remove postinstall script (e099e91)

v2.0.19

2.0.19 (2022-07-05)

Bug Fixes

• Replace update notifier with simplified deps (#2033) (176c4a6), closes #1961 #2028

Commits

• c971fdc Merge branch 'main' of github.com:remy/nodemon
• b9679a2 chore: supporters
• f7816e4 fix: remove ts mapping if loader present
• 9f3ffdb One more fix
• abc8522 Get rid of spawning shell windows if nodemon is started without console.
• b11ddd1 Merge branch 'main' of github.com:remy/nodemon
• 204af11 chore: missing supporters
• 1468397 fix: remove ts mapping if loader present
• 26b1f0f chore: add conventional commit check
• adaafa1 One more fix
• Additional commits viewable in compare view

Updates protobufjs from 7.2.4 to 7.2.5

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

Changelog

Sourced from protobufjs's changelog.

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

Commits

• 4436cc7 chore: release master (#1925)
• e93286e fix: deprecation warning for new Buffer (#1905)
• eaf9f0a fix: crash in comment parsing (#1890)
• f2a8620 fix: possible infinite loop when parsing option (#1923)
• See full diff in compare view

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

• Add local alias for toString by @​corvidism in salesforce/tough-cookie#409
• Fix incorrect string validation for URL by @​coditva in salesforce/tough-cookie#261

New Contributors

• @​corvidism made their first contribution in salesforce/tough-cookie#409
• @​coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by @​colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by @​colincasey in salesforce/tough-cookie#249
• 4.1.1 Patch -- allow special use domains by default by @​awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by @​ShivanKaul in salesforce/tough-cookie#189
• Missing param validation issue145 by @​medelibero-sfdc in salesforce/tough-cookie#193
• Create SECURITY.md by @​ShivanKaul in salesforce/tough-cookie#201
• Create CODE_OF_CONDUCT.md by @​ShivanKaul in salesforce/tough-cookie#200
• Fix for issue #195 by @​medelibero-sfdc in salesforce/tough-cookie#202
• Add explanation and more special-use domains by @​ShivanKaul in salesforce/tough-cookie#203
• Sync of constructor options for serialization by @​medelibero-sfdc in salesforce/tough-cookie#204
• Returned null in case of empty cookie value by @​vsin12 in salesforce/tough-cookie#196
• 132 str trim not a function by @​awaterma in salesforce/tough-cookie#209
• Fix for issue #153 by @​medelibero-sfdc in salesforce/tough-cookie#210
• Fix permuteDomain with trailing dot by