GitHub
03/13/2024, 3:53 PMGitHub
03/13/2024, 5:11 PMGitHub
03/13/2024, 10:23 PMGitHub
03/14/2024, 7:03 AMGitHub
03/16/2024, 11:17 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js-core
GitHub Actions: release_dry_run
GitHub Actions: release_dry_run
✅ 28 other checks have passed
28/30 successful checksGitHub
03/16/2024, 11:42 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
GitHub Actions: build-and-test (16.x, macos-latest)
✅ 18 other checks have passed
18/20 successful checksGitHub
03/16/2024, 11:42 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: build-and-test (20.x, macos-latest)
GitHub Actions: build-and-test (20.x, macos-latest)
GitHub Actions: build-and-test (18.x, macos-latest)
GitHub Actions: call-workflow / Add issue to project
✅ 16 other checks have passed
16/20 successful checksGitHub
03/16/2024, 11:42 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
GitHub Actions: build-and-test (16.x, macos-latest)
GitHub Actions: build-and-test (16.x, macos-latest)
✅ 17 other checks have passed
17/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
✅ 19 other checks have passed
19/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
✅ 19 other checks have passed
19/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: build-and-test (20.x, macos-latest)
GitHub Actions: call-workflow / Add issue to project
✅ 18 other checks have passed
18/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
✅ 19 other checks have passed
19/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
GitHub Actions: build-and-test (16.x, macos-latest)
GitHub Actions: build-and-test (16.x, macos-latest)
✅ 17 other checks have passed
17/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
✅ 19 other checks have passed
19/20 successful checksGitHub
03/16/2024, 11:43 PM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
✅ 19 other checks have passed
19/20 successful checksGitHub
03/18/2024, 3:22 PMGitHub
03/22/2024, 8:00 AMTypeError: ffi.pactffiMessageGivenWithParams is not a function
150 |
151 | await converterPact
> 152 | .given({ name: "A file to convert", params: { mediaType: "image" } })
| ^
153 | .expectsToReceive("A valid convert image request")
154 | .withMetadata({
155 | // "content-type": "application/json",
at Object.givenWithParams (node_modules/@pact-foundation/pact-core/src/consumer/index.ts:46:9)
at MessageConsumerPact.Object.<anonymous>.MessageConsumerPact.given (node_modules/@pact-foundation/src/messageConsumerPact.ts:77:20)
at Object.<anonymous> (test/some.test.ts:152:10)
Steps to reproduce
We are having trouble running our tests in CI since the update of @pact-foundation/pact
to version 12.1.2
. Consumer message pact tests fail with the below error. Reverting to 12.1.2
lets the test run successfully again.
Tests run with Jest look like this:
it("something works", async () => {
const messageRequest = {
someId: Matchers.string("Nkiwmu-oFoRN3lqzYD7M"),
originalFileChecksum: {
algo: "SHA256",
hash: Matchers.hexadecimal("b3eb64161ac2a85bf364fc3b0e19e063bc9375475237feddee2ae36089c59cb3"),
},
someOtherId: Matchers.string("T-PlRCvy2N3JnjAiANGC"),
fileName: Matchers.string("some-file.bmp"),
profile: Matchers.string("thumb"),
targetFormat: Matchers.string("jpg"),
};
let result: MessageResponse | undefined = undefined;
let message: Message | undefined;
const ackMock = jest.fn();
const nackMock = jest.fn();
await converterPact
.given({ name: "A file to convert", params: { mediaType: "image" } })
.expectsToReceive("A valid convert image request")
.withMetadata({
type: "convert:image",
})
.withContent(converterRequest)
.verify(async (m: PactMessage) => {
message = new Message(m.contents, m.metadata);
message.ack = ackMock;
message.nack = nackMock;
const channel = amqpService.getChannelFromPool("Exchange/Queue/convert");
result = await (channel.consumer as Pipeline<Message, MessageResponse>).execute(message);
return result;
});
expect(message).not.toBeUndefined();
expect(nackMock).not.toHaveBeenCalled();
expect(ackMock).toHaveBeenCalled();
expect(result).not.toBeUndefined();
});
Relevant log files
No special logs are emitted from Pact, however running the same test with Pact version 12.1.2 (where the test works) emits the following logs:
[08:39:20.192] INFO (24436): 0.4.16: pact native library successfully found, and the correct version
2024-03-22T07:39:20.198657Z WARN ThreadId(01) pact_ffi::mock_server::handles: Failed to parse metadata value 'convert:image' as JSON - expected value at line 1 column 1. Will treat it as string
2024-03-22T07:39:20.198776Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $
2024-03-22T07:39:20.198787Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Configuring a normal object
2024-03-22T07:39:20.198909Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.convertedFileId
2024-03-22T07:39:20.198913Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: detected pact:matcher:type, will configure a matcher
2024-03-22T07:39:20.198932Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.originalFileChecksum
2024-03-22T07:39:20.198934Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Configuring a normal object
2024-03-22T07:39:20.198938Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.originalFileChecksum.hash
2024-03-22T07:39:20.198941Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: detected pact:matcher:type, will configure a matcher
2024-03-22T07:39:20.198947Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.originalFileId
2024-03-22T07:39:20.198949Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: detected pact:matcher:type, will configure a matcher
2024-03-22T07:39:20.198953Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.originalFileName
2024-03-22T07:39:20.198955Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: detected pact:matcher:type, will configure a matcher
2024-03-22T07:39:20.198959Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.profile
2024-03-22T07:39:20.198961Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: detected pact:matcher:type, will configure a matcher
2024-03-22T07:39:20.198965Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: Path = $.targetFormat
2024-03-22T07:39:20.198967Z DEBUG ThreadId(01) pact_ffi::mock_server::bodies: detected pact:matcher:type, will configure a matcher
[08:39:20.199] INFO (24436): pact@12.1.2: Verifying message
[08:39:20.199] DEBUG (24436): pact@12.1.2: reified message raw: raw
[08:39:20.199] DEBUG (24436): pact@12.1.2: rehydrated message body into correct type: [object Object]
2024-03-22T07:39:20.201618Z DEBUG ThreadId(01) pact_ffi::mock_server::handles: pact_ffi::mock_server::handles::pactffi_pact_handle_write_file FFI function invoked
2024-03-22T07:39:20.201664Z DEBUG ThreadId(01) pact_models::pact: Merging pact with file "/home/user/project/pacts/somePact.json"
2024-03-22T07:39:20.201750Z WARN ThreadId(01) pact_models::pact: Note: Existing pact is an older specification version (V3), and will be upgraded
pact-foundation/pact-jsGitHub
03/22/2024, 3:24 PMERROR ThreadId(01) pact_ffi::mock_server::handles: Failed to parse the value: expected value at line 1 column 1
Steps to reproduce
1. git clone https://github.com/pact-foundation/pact-js.git
2. Open ./pact-js/examples/typescript/package.json and change
"@pact-foundation/pact": "file:../../dist/",
to
"@pact-foundation/pact": "^12.1.3",
or
"@pact-foundation/pact": "^12.3.0",
(it started showing this errors starting 12.1.3)
3. From ./pact-js/examples/typescript/
run npm install
4. Open ./pact-js/examples/typescript/test/get-dog.spec.ts
Change log level to 'error' and add pactfileWriteMode: 'merge' into Pact configuration:
const provider = new Pact({
// .. leave as is
logLevel: 'error',
pactfileWriteMode: 'merge'
});
6. From ./pact-js/examples/typescript run:
npm run test
7. See error messages in console
Thank you
pact-foundation/pact-jsGitHub
03/25/2024, 5:14 AMGitHub
03/25/2024, 5:51 AMGitHub
03/25/2024, 6:32 AMGitHub
03/27/2024, 2:33 AMnpm
dependencies of this project.
Changes included in this PR
• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
• package.json
• package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express The new version differs by 59 commits.
• b28db2c 4.19.2
• 0b74695 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• 4ee853e docs: loosen TC activity rules
• 414854b docs: nominating @ wesleytodd to be project captian
• 06c6b88 docs: update release date
• 1b51eda 4.18.3
• b625132 build: pin Node 21.x to minor
• e3eca80 build: pin Node 21.x to minor
• 23b44b3 build: support Node.js 21.6.2
• b9fea12 build: support Node.js 21.x in appveyor
• c259c34 build: support Node.js 21.x
• fdeb1d3 build: support Node.js 20.x in appveyor
• 734b281 build: support Node.js 20.x
• 0e3ab6e examples: improve view count in cookie-sessions
• 59af63a build: Node.js@18.19
• e720c5a docs: add documentation for benchmarks
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/85b41f42127f51b8cb9b4c048694d35cf88629f4afdf9e3225892e2e00ae4e0f/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a6b5a6a4933593251354d7930355a6a526a4c54526a5a6d4d74595464694e5330784e7a45325a54566a4f5755315a546b694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d526d4d6a646a5a446b7a4c546c6d4e474d744e474e6d597931684e3249314c5445334d545a6c4e574d355a54566c4f534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Open Redirect
pact-foundation/pact-js
GitHub Actions: build-and-test (16.x, macos-latest)
✅ 18 other checks have passed
18/19 successful checksGitHub
03/27/2024, 11:21 PMv0.4.19
), but the clients will need to update their DSLs to support it.
Motivating Use Case
From a request in slack.
How might you write a matcher to check both the keys and values and the same time (use eachKeyMatches
and eachValueMatches
simultaneously):
enum Keys {
One = "One",
Two = "Two",
}
interface Value {
min: number
max: number
}
type R = Record<Keys, Value>
const record: R = {
[Keys.One]:
{
min: 1,
max: 2
}
}
it("check record", async () => {
messagePact
.expectsToReceive("record")
.withContent({
// What need to write here to check type R ?
})
})
Proposed API to support this
TBC
Background: pact-foundation/pact-reference#399 (comment)
pact-foundation/pact-jsGitHub
03/28/2024, 2:08 AM4.19.2
What's Changed
• Improved fix for open redirect allow list bypass
Full Changelog: expressjs/express@4.19.1...4.19.2
4.19.1
What's Changed
• Fix ci after location patch by `@wesleytodd` in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by `@wesleytodd` in expressjs/express#5556
Full Changelog: expressjs/express@4.19.0...4.19.1
4.19.0
What's Changed
• fix typo in release date by `@UlisesGascon` in expressjs/express#5527
• docs: nominating `@wesleytodd` to be project captian by `@wesleytodd` in expressjs/express#5511
• docs: loosen TC activity rules by `@wesleytodd` in expressjs/express#5510
• Add note on how to update docs for new release by `@crandmck` in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by `@wesleytodd` in expressjs/express#5551
New Contributors
• `@crandmck` made their first contribution in expressjs/express#5541
Full Changelog: expressjs/express@4.18.3...4.19.0
4.18.3
Main Changes
• Fix routing requests without method
• deps: body-parser@1.20.2
• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
• deps: raw-body@2.5.2
Other Changes
• Use https: protocol instead of deprecated git: protocol by `@vcsjones` in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by `@abenhamdine` in expressjs/express#5034
• ci: update actions/checkout to v3 by `@armujahid` in expressjs/express#5027
• test: remove unused function arguments in params by `@raksbisht` in expressjs/express#5124
• Remove unused originalIndex from acceptParams by `@raksbisht` in expressjs/express#5119
• Fixed typos by `@raksbisht` in expressjs/express#5117
• examples: remove unused params by `@raksbisht` in expressjs/express#5113
• fix: parameter str is not described in JSDoc by `@raksbisht` in expressjs/express#5130
• fix: typos in History.md by `@raksbisht` in expressjs/express#5131
• build : add Node.js@19.7 by `@abenhamdine` in expressjs/express#5028
• test: remove unused function arguments in params by `@raksbisht` in expressjs/express#5137... (truncated) Changelog Sourced from express's changelog.
4.19.2 / 2024-03-25
• Improved fix for open redirect allow list bypass
4.19.1 / 2024-03-20
• Allow passing non-strings to res.location with new encoding handling checks
4.19.0 / 2024-03-20
• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0
4.18.3 / 2024-02-29
• Fix routing requests without method
• deps: body-parser@1.20.2
• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
• deps: raw-body@2.5.2
• deps: cookie@0.6.0
• Addoptionpartitioned
4.18.2 / 2022-10-08
• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
• deps: qs@6.11.0
• perf: remove unnecessary object clone
• deps: qs@6.11.0
4.18.1 / 2022-04-29
• Fix hanging on large stack of sync routes
4.18.0 / 2022-04-25
• Add "root" option tores.download
• Allowwithoutoptions
infilename
res.download
• Deprecate string and non-integer arguments tores.status
• Fix behavior of `null`/`undefined` asinmaxAge
res.cookie
• Fix handling very large stacks of sync middleware
• Ignore... (truncated) Commits • `04bc627` 4.19.2 • `da4d763` Improved fix for open redirect allow list bypass • `4f0f6cc` 4.19.1 • `a003cfa` Allow passing non-strings to res.location with new encoding handling checks f... • `a1fa90f` fixed un-edited version in history.md for 4.19.0 • `11f2b1d` build: fix build due to inconsistent supertest behavior in older versions • `084e365` 4.19.0 • `0867302` Prevent open redirect allow list bypass due to encodeurl • `567c9c6` Add note on how to update docs for new release (#5541) • `69a4cf2` deps: cookie@0.6.0 • Additional commits viewable in compare view Maintainer changes This version was pushed to npm by wesleytodd, a new releaser for express since your current version. <https://docs.github.com/en/github/managing… pact-foundation/pact-js-core GitHub Actions: release_dry_run GitHub Actions: release_dry_run ✅ 28 other checks have passed 28/30 successful checksvalues in settings through `app.set`/`app.get`Object.prototype
GitHub
03/28/2024, 7:23 PM4.19.2
What's Changed
• Improved fix for open redirect allow list bypass
Full Changelog: expressjs/express@4.19.1...4.19.2
4.19.1
What's Changed
• Fix ci after location patch by `@wesleytodd` in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by `@wesleytodd` in expressjs/express#5556
Full Changelog: expressjs/express@4.19.0...4.19.1
4.19.0
What's Changed
• fix typo in release date by `@UlisesGascon` in expressjs/express#5527
• docs: nominating `@wesleytodd` to be project captian by `@wesleytodd` in expressjs/express#5511
• docs: loosen TC activity rules by `@wesleytodd` in expressjs/express#5510
• Add note on how to update docs for new release by `@crandmck` in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by `@wesleytodd` in expressjs/express#5551
New Contributors
• `@crandmck` made their first contribution in expressjs/express#5541
Full Changelog: expressjs/express@4.18.3...4.19.0
4.18.3
Main Changes
• Fix routing requests without method
• deps: body-parser@1.20.2
• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
• deps: raw-body@2.5.2
Other Changes
• Use https: protocol instead of deprecated git: protocol by `@vcsjones` in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by `@abenhamdine` in expressjs/express#5034
• ci: update actions/checkout to v3 by `@armujahid` in expressjs/express#5027
• test: remove unused function arguments in params by `@raksbisht` in expressjs/express#5124
• Remove unused originalIndex from acceptParams by `@raksbisht` in expressjs/express#5119
• Fixed typos by `@raksbisht` in expressjs/express#5117
• examples: remove unused params by `@raksbisht` in expressjs/express#5113
• fix: parameter str is not described in JSDoc by `@raksbisht` in expressjs/express#5130
• fix: typos in History.md by `@raksbisht` in expressjs/express#5131
• build : add Node.js@19.7 by `@abenhamdine` in expressjs/express#5028
• test: remove unused function arguments in params by `@raksbisht` in expressjs/express#5137... (truncated) Changelog Sourced from express's changelog.
4.19.2 / 2024-03-25
• Improved fix for open redirect allow list bypass
4.19.1 / 2024-03-20
• Allow passing non-strings to res.location with new encoding handling checks
4.19.0 / 2024-03-20
• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0
4.18.3 / 2024-02-29
• Fix routing requests without method
• deps: body-parser@1.20.2
• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
• deps: raw-body@2.5.2
• deps: cookie@0.6.0
• AddCommits • `04bc627` 4.19.2 • `da4d763` Improved fix for open redirect allow list bypass • `4f0f6cc` 4.19.1 • `a003cfa` Allow passing non-strings to res.location with new encoding handling checks f... • `a1fa90f` fixed un-edited version in history.md for 4.19.0 • `11f2b1d` build: fix build due to inconsistent supertest behavior in older versions • `084e365` 4.19.0 • `0867302` Prevent open redirect allow list bypass due to encodeurl • `567c9c6` Add note on how to update docs for new release (#5541) • `69a4cf2` deps: cookie@0.6.0 • Additional commits viewable in compare view Maintainer changes This version was pushed to npm by wesleytodd, a new releaser for express since your current version. Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commentingoptionpartitioned
@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested …
pact-foundation/pact-js
GitHub Actions: build-and-test (20.x, macos-latest)
GitHub Actions: call-workflow / Add issue to project
GitHub Actions: build-and-test (16.x, macos-latest)
✅ 17 other checks have passed
17/20 successful checksGitHub
03/29/2024, 4:26 PM4.19.2
What's Changed
• Improved fix for open redirect allow list bypass
Full Changelog: expressjs/express@4.19.1...4.19.2
4.19.1
What's Changed
• Fix ci after location patch by `@wesleytodd` in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by `@wesleytodd` in expressjs/express#5556
Full Changelog: expressjs/express@4.19.0...4.19.1
4.19.0
What's Changed
• fix typo in release date by `@UlisesGascon` in expressjs/express#5527
• docs: nominating `@wesleytodd` to be project captian by `@wesleytodd` in expressjs/express#5511
• docs: loosen TC activity rules by `@wesleytodd` in expressjs/express#5510
• Add note on how to update docs for new release by `@crandmck` in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by `@wesleytodd` in expressjs/express#5551
New Contributors
• `@crandmck` made their first contribution in expressjs/express#5541
Full Changelog: expressjs/express@4.18.3...4.19.0
4.18.3
Main Changes
• Fix routing requests without method
• deps: body-parser@1.20.2
• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
• deps: raw-body@2.5.2
Other Changes
• Use https: protocol instead of deprecated git: protocol by `@vcsjones` in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by `@abenhamdine` in expressjs/express#5034
• ci: update actions/checkout to v3 by `@armujahid` in expressjs/express#5027
• test: remove unused function arguments in params by `@raksbisht` in expressjs/express#5124
• Remove unused originalIndex from acceptParams by `@raksbisht` in expressjs/express#5119
• Fixed typos by `@raksbisht` in expressjs/express#5117
• examples: remove unused params by `@raksbisht` in expressjs/express#5113
• fix: parameter str is not described in JSDoc by `@raksbisht` in expressjs/express#5130
• fix: typos in History.md by `@raksbisht` in expressjs/express#5131
• build : add Node.js@19.7 by `@abenhamdine` in expressjs/express#5028
• test: remove unused function arguments in params by `@raksbisht` in expressjs/express#5137... (truncated) Changelog Sourced from express's changelog.
4.19.2 / 2024-03-25
• Improved fix for open redirect allow list bypass
4.19.1 / 2024-03-20
• Allow passing non-strings to res.location with new encoding handling checks
4.19.0 / 2024-03-20
• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0
4.18.3 / 2024-02-29
• Fix routing requests without method
• deps: body-parser@1.20.2
• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
• deps: raw-body@2.5.2
• deps: cookie@0.6.0
• AddCommits • `04bc627` 4.19.2 • `da4d763` Improved fix for open redirect allow list bypass • `4f0f6cc` 4.19.1 • `a003cfa` Allow passing non-strings to res.location with new encoding handling checks f... • `a1fa90f` fixed un-edited version in history.md for 4.19.0 • `11f2b1d` build: fix build due to inconsistent supertest behavior in older versions • `084e365` 4.19.0 • `0867302` Prevent open redirect allow list bypass due to encodeurl • `567c9c6` Add note on how to update docs for new release (#5541) • `69a4cf2` deps: cookie@0.6.0 • Additional commits viewable in compare view Maintainer changes This version was pushed to npm by wesleytodd, a new releaser for express since your current version. Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commentingoptionpartitioned
@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested …
pact-foundation/pact-js
GitHub Actions: call-workflow / Add issue to project
GitHub Actions: build-and-test (18.x, macos-latest)
✅ 18 other checks have passed
18/20 successful checksGitHub
04/10/2024, 9:43 PMprotobufjs: v7.2.5
7.2.5 (2023-08-21)
Bug Fixes
• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)Changelog Sourced from protobufjs's changelog.
7.2.5 (2023-08-21)
Bug Fixes
• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)Commits • `4436cc7` chore: release master (#1925) • `e93286e` fix: deprecation warning for new Buffer (#1905) • `eaf9f0a` fix: crash in comment parsing (#1890) • `f2a8620` fix: possible infinite loop when parsing option (#1923) • See full diff in compare view Dependabot compatibility score Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
pact-foundation/pact-js-core
GitHub Actions: release_dry_run
GitHub Actions: release_dry_run
✅ 28 other checks have passed
28/30 successful checksGitHub
04/17/2024, 6:45 AMeachLike
sets a min
of 0 by default or the documentation is corrected.
Actual behaviour
eachLike
sets a min
of 1 by default. The documentation states that the length is not checked. Likely introduced in 974d247#diff-884c1c7cbdaafa772a7a428e0ca83ce1fc58f03972dfa0fabcb89106d6ac35f5
Steps to reproduce
Use eachLike
for an array property. Run pact consumer tests. See the property received a min
of 1. Should look something like this:
"$[*].theArrayProperty": {
"combine": "AND",
"matchers": [
{
"match": "type",
"min": 1
}
]
},
Relevant log files
Please ensure you set logging to DEBUG
and attach any relevant log files here (or link to a gist).
As described, I can add logs from a reproduction repo if desired, but I think this might not be required here.
pact-foundation/pact-jsGitHub
04/17/2024, 7:46 AMnpm run dist
works locally (this will run tests, lint and build)
☑︎ Commit messages are ready to go in the changelog (see below for details)
☑︎ PR template filled in (see below for details)
PR Template
Adapted eachLike
V3 description as discussed in #1207
pact-foundation/pact-js
✅ All checks have passed
1/1 successful checksGitHub
04/18/2024, 9:51 AMnpm run dist
works locally (this will run tests, lint and build)
☑︎ Commit messages are ready to go in the changelog (see below for details)
☑︎ PR template filled in (see below for details)
PR Template
fixed broken markdown table introduced in 1e7b7ae
pact-foundation/pact-js
✅ All checks have passed
10/10 successful checks