build(deps): bump the npm-deps group with 4 updates

[dependabot]

Bumps the npm-deps group with 4 updates: sweetalert2, openpgp, puppeteer and typescript-eslint.

Updates sweetalert2 from 11.14.4 to 11.14.5

Release notes

Sourced from sweetalert2's releases.

v11.14.5

11.14.5 (2024-11-04)

Bug Fixes

• add types to close.js (e5956d8)

Changelog

Sourced from sweetalert2's changelog.

11.14.5 (2024-11-04)

Bug Fixes

• add types to close.js (e5956d8)

Commits

• 076295e chore(release): 11.14.5 [skip ci]
• e5956d8 fix: add types to close.js
• 75c6a7a chore: add tabootwin to sponsors
• 252acd4 chore: bun -> yarn
• See full diff in compare view

Updates openpgp from 5.11.2 to 6.0.0

Release notes

Sourced from openpgp's releases.

v6.0.0

What's Changed

OpenPGP.js v6 adds support for the new version of the OpenPGP specification, RFC 9580. It also increases compliance with the specification, as demonstrated by the OpenPGP interoperability test suite.

OpenPGP.js v6 only makes minor API changes. This is the first stable release of OpenPGP.js v6: no more breaking changes to the high-level API will be made until the next major release.

For the changes since the previous pre-release (v6.0.0-beta.3.patch.1), see the end of this message. Here we list a summary of the main changes since v5:

Platform support changes

• The library is now declared as a module (type: module in package.json), and declares exports, alongside the legacy package.json entrypoints, which should ensure backwards compatibility. Still, bundlers might be affected by the package.json changes depending on how they load the library.
• Node.js:
  • Drop support for Node.js versions below 18 (OpenPGP.js v5 supported Node.js v14 and above).
  • Streaming: drop support for native Node Readable stream: require passing Node Web Streams (#1716)
• Web:
  • Require availability of the Web Crypto API's SubtleCrypto (insecure contexts are no longer supported, as SubtleCrypto is not available there)
  • Require availability of the Web Streams API, since it's now supported in all browsers (applications can load a polyfill if they need to support older browser versions: see README)
  • Require availability of native BigInts (not supported by e.g. Safari 13 and below, see full compatibility table)
  • Argon2 has been added as S2K algorithm (on all platforms). For performance reasons, the implementation relies on a WASM module, thus web apps might need to make changes to their CSP policy in order to use the feature. Alternatively, since the Argon2 WASM module is only loaded if needed, apps can manually reject password-encrypted messages and private keys which use Argon2 by checking e.g. SymEncryptedSessionKeyPacket.s2k?.type === 'argon2' or SecretKeyPacket|SecretSubkeyPacket.keyPacket.s2k?.type === 'argon2'.

Breaking API changes

• Ensure primary key meets strength and algo requirements when encrypting/verifying/signing using subkeys (#1719)
• read[Private]Key: support parsing key blocks (return first parsable key); previously, parsing would fail if a block with more than one key was given in input (#1755)
• PrivateKey.getDecryptionKeys will now throw if no decryption key is found (#1789). Previously, an empty array was returned. As a consequence of this change, some openpgp.decrypt errors will be more specific.
• Refuse to use keys without key flags (see config.allowMissingKeyFlags below)
• Randomize v4 and v5 signatures via custom notation (#1737): while this notation solution is interoperable, it will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. For this reason, the option config.nonDeterministicSignaturesViaNotation (defaulting to true) has been added to turn off the feature.
• AEAD-encrypted v4 keys from OpenPGP.js v5 or older (namely keys generated without .v5Keys flag and encrypted with config.aeadProtect = true) cannot be decrypted by OpenPGP.js v6 (via decryptKey) out-of-the-box (see config.parseAEADEncryptedV4KeysAsLegacy below) (#1672)
• Parsing of v5 keys and v5 signatures now requires turning on the corresponding config flag (see config.enableParsingV5Entities below). The affected entities are non-standard, and in the RFC 9580 they have been superseded by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively. However, generation of v5 entities was supported behind config flags in OpenPGP.js v5, and some other libraries, hence parsing them might be necessary in some cases. (#1774 , #1779)

Configuration changes

• RFC 9580 has updated parts of the draft RFC 4880bis as implemented by OpenPGP.js v4 and v5. Related changes in v6 are:
  • Drop the config.v5Keys flag and corresponding key generation. The flag is replaced by .v6Keys, and results in a different key format.
  • The config.aeadProtect flag has a different effect than in v5:
    • for private keys, a new encryption mechanism is used;
    • for password-encrypted messages, a new message format is used;
    • when encrypting messages to public keys, the flag is ignored (see openpgpjs/openpgpjs#1678).
  • Add config.parseAEADEncryptedV4KeysAsLegacy to allow decrypting AEAD-encrypted v4 keys from OpenPGP.js v5 or older (namely keys generated without .v5Keys flag and encrypted with config.aeadProtect = true) (#1672).
  • Add config.enableParsingV5Entities to enable parsing support for v5 entities (openpgpjs/openpgpjs#1774 , #1779)
• Add config.allowMissingKeyFlags to bypass the missing key flag check (see openpgpjs/openpgpjs#1677)
• Drop config.minBytesForWebCrypto, and always use WebCrypto if available, since there is no longer a performance overhead for small messages.
• Rename EdDSA-related enums following the standardization of new key formats:
  • Drop enums.publicKey.eddsa in favour of enums.publicKey.eddsaLegacy
  • Rename string value of enums.curve.ed25519Legacy to 'ed25519Legacy' (was: 'ed25519')
  • Rename string value of enums.curve.curve25519Legacy to 'curve25519Legacy' (was: 'curve25519')
• Rename config.useIndutnyElliptic to .useEllipticFallback, to reflect the change of underlying library.
• Remove enums.symmetric.plaintext (internally unused)
• Rename NIST curves to disambiguate the names with the Brainpool curves (#1721).:
  • the identifiers enums.curve.p256, .p384, .p521 are now marked as @deprecated (to be dropped in the main release)

... (truncated)

Commits

• dd01ee0 6.0.0
• a5645e1 Spaces after "RFC" in README
• 0980074 Document required Web Crypto support in README
• 31a7e26 Merge pull request #1629 from openpgpjs/v6
• 42d504a Switch to SHA512 as default preferred hash algo (`config.preferredHashAlgorit...
• fb72ea4 Merge pull request #1802
• f9a3e54 openpgp.sign: add recipientKeys option to get the signing prefs from
• d3e75de openpgp.encrypt: use encryptionKeys to determine preferred hash algo when...
• 12274a1 Update README [skip ci]
• 0138b69 CI: update Browserstack project id to include target branch
• Additional commits viewable in compare view

Updates puppeteer from 23.6.1 to 23.7.1

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v23.7.1

23.7.1 (2024-11-07)

Bug Fixes

• roll to Chrome 130.0.6723.116 (#13274) (979af2b)
• roll to Chrome 130.0.6723.93 (#13268) (b7c7785)
• roll to Firefox 132.0.1 (#13265) (acd3c72)
• webdriver: report frame URL as console message location (#13273) (33b4f09)

puppeteer: v23.7.1

23.7.1 (2024-11-07)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 23.7.0 to 23.7.1

puppeteer-core: v23.7.0

23.7.0 (2024-11-04)

Features

• distinguish different Touches (#13231) (a2a205c)
• roll to Firefox 132.0 (#13252) (41d3dd9)

Bug Fixes

• browser: omit file path validation in uploadFile() in browser environments (#13258) (a9e6cd1)
• remove event listeners from AbortSignal in WaitTask (#13257) (4e5c0ad)
• roll to Chrome 130.0.6723.91 (#13255) (8295e67)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.4.0 to 2.4.1

puppeteer: v23.7.0

... (truncated)

Commits

• 1e3724b chore: release main (#13266)
• 979af2b fix: roll to Chrome 130.0.6723.116 (#13274)
• 33b4f09 fix(webdriver): report frame URL as console message location (#13273)
• d40658f fix: use numeric user ID in Dockerfile for pptruser (#13272)
• b7c7785 fix: roll to Chrome 130.0.6723.93 (#13268)
• acd3c72 fix: roll to Firefox 132.0.1 (#13265)
• a10eebb chore(deps): Bump the all group in /website with 2 updates (#13262)
• eec8072 chore: release main (#13246)
• 8d62667 chore(deps-dev): Bump the dev-dependencies group with 10 updates (#13261)
• a9e6cd1 fix(browser): omit file path validation in uploadFile() in browser environmen...
• Additional commits viewable in compare view

Updates typescript-eslint from 8.12.2 to 8.13.0

Release notes

Sourced from typescript-eslint's releases.

v8.13.0

8.13.0 (2024-11-04)

🚀 Features

• add options property to ImportExpression node (#10255)
• eslint-plugin: disable no-class-assign rule in eslint-recommended config (#10250)
• eslint-plugin: [prefer-nullish-coalescing] add option ignoreBooleanCoercion (#9924)
• eslint-plugin: [only-throw-error] add allow option (#10221)

🩹 Fixes

• deps: update dependency @​eslint-community/regexpp to v4.12.1 (#10269)
• eslint-plugin: [no-unnecessary-condition] falsey bigint should be falsey (#10205)
• eslint-plugin: [no-deprecated] report on deprecated variables used inside dynamic imports (#10261)
• eslint-plugin: [no-deprecated] report when exported class implements/extends deprecated entity (#10259)
• eslint-plugin: [consistent-type-definitions] don't leave trailing parens when fixing type to interface (#10235)
• eslint-plugin: [switch-exhaustiveness-check] add support for covering a missing property with undefined (#10232)
• types: parent property type annotation in the ImportAttribute node (#10258)
• utils: allow an array for the values of SharedConfig (#10217)

❤️ Thank You

• auvred @​auvred
• Kim Sang Du @​developer-bandi
• Kirk Waiblinger @​kirkwaiblinger
• Mark de Dios @​peanutenthusiast
• Ronen Amiel
• Trygve Aaberge
• YeonJuan @​yeonjuan
• Yosuke Ota @​ota-meshi

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.13.0 (2024-11-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

• ac1f632 chore(release): publish 8.13.0
• 3b97b55 chore: enable eslint-plugin-perfectionist on the rest of the repo (#10189)
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
puppeteer	[>= 21.7.a, < 21.8]
puppeteer	[>= 22.0.a, < 22.1]
puppeteer	[>= 22.1.a, < 22.2]
puppeteer	[>= 22.3.a, < 22.4]
puppeteer	[>= 22.5.a, < 22.6]
puppeteer	[>= 22.6.a, < 22.7]
puppeteer	[>= 22.4.a, < 22.5]
puppeteer	[>= 22.2.a, < 22.3]
puppeteer	[>= 22.7.a, < 22.8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions