[helyos_server] (deps): Bump the helyos-server-deps group across 1 directory with 6 updates

[dependabot]

Bumps the helyos-server-deps group with 6 updates in the /helyos_server directory:

Package	From	To
amqplib	0.10.3	0.10.4
express	4.21.0	4.21.1
nock	13.5.4	13.5.6
pg	8.11.3	8.13.1
socket.io	4.7.5	4.8.1
util	0.11.1	0.12.5

Updates amqplib from 0.10.3 to 0.10.4

Changelog

Sourced from amqplib's changelog.

Changes in v0.10.4

• Improve stream example as per amqp-node/amqplib#722
• Added support for RabbitMQ's connection update-secret operation. See amqp-node/amqplib#755

Commits

• d93663a 0.10.4
• 69e68d0 Update changelog in preparation for release
• 992919c Merge pull request #756 from amqp-node/connection-update-secret
• c4da58b Make quotes in updateSecret consistent with other tests
• 4d25951 Automatically remove update-secret-ok event handler
• a06ef44 Add connection-update-secret
• bbe579e Test using Node 20
• 03f458d chore: slice -> subarray (#730)
• f2db0c2 chore: remove circular ref (#732)
• c296d63 Merge pull request #746 from cressie176/main
• Additional commits viewable in compare view

Updates express from 4.21.0 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• See full diff in compare view

Updates nock from 13.5.4 to 13.5.6

Release notes

Sourced from nock's releases.

v13.5.6

13.5.6 (2024-11-09)

Bug Fixes

• types: return type of BackOptions.afterRecord (#2782) (fc90bd3)

v13.5.5

13.5.5 (2024-08-20)

Bug Fixes

• backport: memory leaks due to timer references outliving the timers (#2773) (#2773) (66eb7f4)

Commits

• f155498 chore(deps-dev): bump eslint-plugin-import from 2.29.1 to 2.31.0
• fc90bd3 fix(types): return type of BackOptions.afterRecord (#2782)
• e72df5e chore(deps): bump debug from 4.3.4 to 4.3.6
• 194aa38 chore(deps-dev): bump semantic-release from 23.0.6 to 24.1.0
• 66eb7f4 fix(backport): memory leaks due to timer references outliving the timers (#27...
• e92cdfa chore(deps-dev): bump eslint-plugin-mocha from 10.4.1 to 10.5.0
• 623c933 chore(deps-dev): bump typescript from 5.4.3 to 5.5.4
• 2b7836d ci: exclude nodejs 10, 12 and 14 tests running on macos (#2753)
• 565e99a chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#2752)
• d013ed2 chore(deps-dev): bump typescript from 5.3.3 to 5.4.3
• Additional commits viewable in compare view

Updates pg from 8.11.3 to 8.13.1

Changelog

Sourced from pg's changelog.

All major and minor releases are briefly explained below.

For richer information consult the commit log on github with referenced pull requests.

We do not include break-fix version release in this file.

pg@8.13.0

• Add ability to specify query timeout on per-query basis.

pg@8.12.0

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

pg-pool@8.10.0

• Emit release event when client is returned to the pool.

pg@8.9.0

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

pg@8.8.0

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

• Add connection lifetime limit config option.

pg@8.7.0

• Add optional config to pool to allow process to exit if pool is idle.

pg-cursor@2.7.0

• Convert to es6 class
• Add support for promises to cursor methods

pg@8.6.0

• Better SASL error messages & more validation on bad configuration.
• Export DatabaseError.
• Add ParameterDescription support to protocol parsing.

... (truncated)

Commits

• 95d7e62 Publish
• 1af6321 fix: use existing Result types for new Result (#3310)
• 92cb640 Publish
• f73b22f Handle bad message ordering - make it catchable. Fixes 3174 (#3289)
• fb12280 Bump bluebird from 3.4.1 to 3.7.2 (#3303)
• 50c06f9 Remove test globals (#3264)
• f7e484e refactor: tighten up cloudflare detection (#3170)
• 3e4d545 Fix lint (#3262)
• 9baa56e feat: allow specifying a timeout on a per query base (#3074)
• 4f457e1 Remove unused file: list-db-types (#3249)
• Additional commits viewable in compare view

Updates socket.io from 4.7.5 to 4.8.1

Release notes

Sourced from socket.io's releases.

socket.io@4.8.1

Due to a change in the bundler configuration, the production bundle (socket.io.min.js) did not support sending and receiving binary data in version 4.8.0. This is now fixed.

Dependencies

• engine.io@~6.6.0 (no change)
• ws@~8.17.1 (no change)

socket.io-client@4.8.1

Bug Fixes

• bundle: do not mangle the "_placeholder" attribute (ca9e994)

Dependencies

• engine.io-client@~6.6.1 (no change)
• ws@~8.17.1 (no change)

socket.io-client@4.8.0

Features

Custom transport implementations

The transports option now accepts an array of transport implementations:

import { io } from "socket.io-client";
import { XHR, WebSocket } from "engine.io-client";
const socket = io({
transports: [XHR, WebSocket]
});

Here is the list of provided implementations:

Transport	Description
Fetch	HTTP long-polling based on the built-in fetch() method.
NodeXHR	HTTP long-polling based on the XMLHttpRequest object provided by the xmlhttprequest-ssl package.
XHR	HTTP long-polling based on the built-in XMLHttpRequest object.
NodeWebSocket	WebSocket transport based on the WebSocket object provided by the ws package.
WebSocket	WebSocket transport based on the built-in WebSocket object.
WebTransport	WebTransport transport based on the built-in WebTransport object.

Usage:

Transport	browser	Node.js	Deno	Bun

... (truncated)

Commits

• 91e1c8b chore(release): socket.io@4.8.1
• 8d5528a chore(release): socket.io-client@4.8.1
• 71387e5 refactor(sio-client): reexport transports from the engine
• aead835 refactor(sio): make Namespace._fns private (#5196)
• 029e010 chore(release): engine.io-client@6.6.2
• 4ca6ddb docs(nuxt): update example with latest version
• ca9e994 fix(sio-client): do not mangle the "_placeholder" attribute
• 4865f2e fix(eio-client): prevent infinite loop with Node.js built-in WebSocket
• d4b3dde ci: use Node.js 22
• 3b68658 chore: bump @​fails-components/webtransport to version 1.1.4 (dev)
• Additional commits viewable in compare view

Updates util from 0.11.1 to 0.12.5

Release notes

Sourced from util's releases.

v0.12.4

• Avoid SharedArrayBuffer until required. (@​snyamathi in #59)

  This fixes a security warning for SharedArrayBuffer.

v0.12.3

• Use robust which-typed-array, is-typed-array modules for the util.types.isTypedArray family of functions. (@​wbinnssmith in #47)

  This fixes crash in IE11 when a polyfilled Symbol is available in the environment.

v0.12.2

• Move object.entries dependency to a dev-only dependency. (@​goto-bus-stop in 622f036)

v0.12.1

• Update util.debuglog compatibility to Node 10.4.0. (@​goto-bus-stop in #27)
• Allow newer versions of inherits. (@​snyamathi in #39)

v0.12.0

• Add util.types. (@​lukechilds in #32)

Changelog

Sourced from util's changelog.

0.12.5

• Move safe-buffer dependency to a dev-only dependency. (@​goto-bus-stop in e84cfd5)
• Document usage with webpack 5+. (@​MatrixFrog in #69)

0.12.4

• Avoid SharedArrayBuffer until required. (@​snyamathi in #59)

  This fixes a security warning for SharedArrayBuffer.

0.12.3

• Use robust which-typed-array, is-typed-array modules for the util.types.isTypedArray family of functions. (@​wbinnssmith in #47)

  This fixes crash in IE11 when a polyfilled Symbol is available in the environment.

0.12.2

• Move object.entries dependency to a dev-only dependency. (@​goto-bus-stop in 622f036)

0.12.1

• Update util.debuglog compatibility to Node 10.4.0. (@​goto-bus-stop in #27)
• Allow newer versions of inherits. (@​snyamathi in #39)

0.12.0

• Add util.types. (@​lukechilds in #32)

Commits

• ef98472 0.12.5
• e84cfd5 deps: move safe-buffer to devDependencies, fixes #65
• a292d8a Merge pull request #71 from CommanderRoot/refactor/rm-deprecated-substr
• 073daed refactor: replace deprecated String.prototype.substr()
• ad9dbe0 Merge pull request #69 from MatrixFrog/patch-1
• 51d163f Update README.md
• 46e101e Indicate that util is not automatically included in webpack 5+
• e37ce41 0.12.4
• 7d2a968 Merge pull request #59 from snyamathi/SharedArrayBuffer
• 6a8d35c fix: handle SharedArrayBuffer not existing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #42.