chore(deps): bump the npm_and_yarn group across 2 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /app/event-handler directory:

Package	From	To
fast-xml-parser	4.0.9	4.4.0
jsonwebtoken	9.0.0	9.0.2
word-wrap	1.2.3	1.2.5
xml2js	0.4.23	0.5.0
@azure/core-http	2.2.7	2.3.2

Bumps the npm_and_yarn group with 3 updates in the /app/runner-controller directory: fast-xml-parser, word-wrap and express.

Updates fast-xml-parser from 4.0.9 to 4.4.0

Release notes

Sourced from fast-xml-parser's releases.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.0 / 2024-05-18

• fix #654: parse attribute list correctly for self closing stop node.
• fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
• fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

• Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

• code for v5 is added for experimental use

4.3.4 / 2024-01-10

• fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

• Remove unnecessary regex

4.3.2 / 2023-10-02

• fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

• revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

• Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))
• Fix #610 ignore properties set to Object.prototype
• Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

• Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
• Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

• Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

• change code implementation

4.2.4 / 2023-06-06

• fix security bug

4.2.3 / 2023-06-05

• fix security bug

4.2.2 / 2023-04-18

• fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag

4.2.1 / 2023-04-18

... (truncated)

Commits

• 96f7501 update package detail
• 151b8f4 fix #654: parse attribute list correctly for self closing stop node
• 1a384a5 Run PR tests on node 16
• 2ae1f62 fix: return type for tagValueProcessor & attributeValueProcessor (#582)
• 9118736 docs: fix typos in v5 document fast-xml-parse (#650)
• a96b968 fix: validator bag when closing tag is not opened. (#647)
• 3ab1b3b update pcakge detail
• 4c26aaa fix v5 options, add docs
• 391f24f Add support for parsing HTML numeric entities (#645)
• 072b2b0 update dev dependencies
• Additional commits viewable in compare view

Updates jsonwebtoken from 9.0.0 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

Commits

• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• 🔒 fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

• 207044e 1.2.5
• 9894315 revert default indent
• f64b188 run verb to generate README
• 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
• 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
• bfa694e Update .github/workflows/publish.yml
• ace0b3c chore: bump version to 1.2.4
• 6fd7275 chore: add publish workflow
• 30d6daf chore: fix test
• 655929c chore: remove package-lock
• Additional commits viewable in compare view

Updates xml2js from 0.4.23 to 0.5.0

Commits

• See full diff in compare view

Updates @azure/core-http from 2.2.7 to 2.3.2

Commits

• 863622f set version
• de86985 Sync eng/common directory with azure-sdk-tools for PR 5918 (#25467)
• 5fc37df [core-lro] Remove broken link (#24631)
• 9b3f06a Port PR #25502 from main
• 1df8a1c [core-http] undo PR #23660 to fix storage-blob
• 6684e1c [Language Text] Mitigation for modifiedOn (#23729)
• e7b7a32 Added change log for version 3.17.2 (#23689)
• 9158f92 [Anomaly Detector] Enable CI and add tests (#23725)
• 526926a Upgrade TypeScript to 4.8 for most packages (#23730)
• ceb5483 [engsys] bump api-extractor and typescript versions (#23726)
• Additional commits viewable in compare view

Updates fast-xml-parser from 4.0.11 to 4.4.0

Release notes

Sourced from fast-xml-parser's releases.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.4.0 / 2024-05-18

• fix #654: parse attribute list correctly for self closing stop node.
• fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
• fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

• Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

• code for v5 is added for experimental use

4.3.4 / 2024-01-10

• fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

• Remove unnecessary regex

4.3.2 / 2023-10-02

• fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

• revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

• Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))
• Fix #610 ignore properties set to Object.prototype
• Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

• Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
• Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

• Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

• change code implementation

4.2.4 / 2023-06-06

• fix security bug

4.2.3 / 2023-06-05

• fix security bug

4.2.2 / 2023-04-18

• fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag

4.2.1 / 2023-04-18

... (truncated)

Commits

• 96f7501 update package detail
• 151b8f4 fix #654: parse attribute list correctly for self closing stop node
• 1a384a5 Run PR tests on node 16
• 2ae1f62 fix: return type for tagValueProcessor & attributeValueProcessor (#582)
• 9118736 docs: fix typos in v5 document fast-xml-parse (#650)
• a96b968 fix: validator bag when closing tag is not opened. (#647)
• 3ab1b3b update pcakge detail
• 4c26aaa fix v5 options, add docs
• 391f24f Add support for parsing HTML numeric entities (#645)
• 072b2b0 update dev dependencies
• Additional commits viewable in compare view

Updates word-wrap from 1.2.4 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• 🔒 fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

• 207044e 1.2.5
• 9894315 revert default indent
• f64b188 run verb to generate README
• 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
• 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
• bfa694e Update .github/workflows/publish.yml
• ace0b3c chore: bump version to 1.2.4
• 6fd7275 chore: add publish workflow
• 30d6daf chore: fix test
• 655929c chore: remove package-lock
• Additional commits viewable in compare view

Updates express from 4.18.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #112.