Conversation
chore: merge v0.9.0 into develop
* chore(deps): Upgrade vulnerable axios version * chore: use lockfileVersion 2 for package-lock.json * fix(deps): update axios to 0.24.0 Co-authored-by: Kar Rui Lau <karrui.lau@gmail.com>
so the build can work successfully
build: release v0.10.0
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](json5/json5@v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Snyk has created this PR to upgrade axios from 0.24.0 to 0.25.0. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/formsg/project/c69f3c8b-d305-4604-ac27-253ffb6333c2?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: wanlingt <wanling@open.gov.sg>
Added link to Python and Ruby libraries
Update README.md to include existence of sister SDks
* chore: add wording for period inclusion of unstable fields * Update README.md Co-authored-by: tshuli <63710093+tshuli@users.noreply.github.com> --------- Co-authored-by: tshuli <63710093+tshuli@users.noreply.github.com>
* Update ci.yml * Update ci.yml to use node-version 18
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.5. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.16.3 to 7.23.3. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.3/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: upgrade axios to 1.6.2 * fix: update outdated packages that caused test failures * chore: update package-lock --------- Co-authored-by: Ken <ken@open.gov.sg>
* Create LICENSE * Rename LICENSE to LICENSE.md
* feat: mrf crypto * fix: export crypto-v3 * chore: update encodings * feat: coalesce encryption and decryption steps * chore: add logging for errors * chore: remove validation check * chore: skip catching errors * chore: remove more error catching * chore: log submission secret key * chore: comment code * test: add tests to crypto-v3 * feat: return submission secret key in the clear for workflows * test: update test infra to use bigger heap size * feat: provide submission public key as part of encrypted payload * feat: attachments * test: update tests * fix: revert for backward-compatibility * chore: update function documentation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-6144788 Co-authored-by: snyk-bot <snyk-bot@snyk.io>
* chore: update readme for paymentContent * chore: add payment content fields
Bumps [axios](https://github.com/axios/axios) from 1.6.4 to 1.7.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.6.4...v1.7.4) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.4...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Release v0.13.0
fix: upgrade actions/cache
feat: add signature to supported form fields
* add verifiedContent decryption support for cryptoV3 * move decryption of verifiedContent to decryptFromSubmissionkey; use submissionKey * remove unused variables * bumped version to 0.14.0 to match latest * fixed tests * added to tests * replace coveralls with coveralls-next * resolved tests * revert coveralls to use v2 * rethrow missingPublicKeyError * add missing } * added comment to explain v1 vs v3 decryption differences * removed coveralls package * updated explanataion for v1 vs v3 content
* add publish script for OIDC support * updated changelog to reflect correct version changes * only publish when releasing --------- Co-authored-by: Ken <ken@open.gov.sg>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Contributor
Author
|
Bypassing rules as we're resetting up the repo. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
To catchup
releasebranch withdevelopbranch.Note: We've not been synchronising
releasebranch as publication was not triggered through CI.