[Snyk] Upgrade yup from 0.32.11 to 1.0.2

[snyk-bot]

Snyk has created this PR to upgrade yup from 0.32.11 to 1.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2023-02-27.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-JSON5-3182856	427/1000 Why? Proof of Concept exploit, CVSS 6.4	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	427/1000 Why? Proof of Concept exploit, CVSS 6.4	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yup

• 1.0.2 - 2023-02-27
• 1.0.1 - 2023-02-25
• 1.0.0 - 2023-02-08
  

  #1906

• 1.0.0-beta.8 - 2022-11-10
  

  v1.0.0-beta.8

• 1.0.0-beta.7 - 2022-08-20
  

  Fixes published artifacts for the main field

• 1.0.0-beta.5 - 2022-08-19
  Read more
• 1.0.0-beta.4 - 2022-04-10
  

  What's Changed

  • chore(deps): update all non-major dependencies by @ renovate in #1611
  • chore(deps): update all non-major dependencies by @ renovate in #1614
  • chore(deps): update all non-major dependencies by @ renovate in #1618
  • chore(deps): update all non-major dependencies by @ renovate in #1622

  Full Changelog: v1.0.0-beta.3...v1.0.0-beta.4

• 1.0.0-beta.3 - 2022-03-09
  

  This release fixes a bug with object().partial where required() schema we're still failing validation. Now they will no longer do that. To enable this fix we made a breaking change to the way that required is implemented.

  • schema.required no longer adds a test named 'required', this state can be determined via the schema spec or describe() metadata
  • String schema now override required directly to add their length check (this test is called required for some ease of back compat)
• 1.0.0-beta.2 - 2022-01-21
  

  Beta.2 adds core tuple type support, see the docs for more: https://github.com/jquense/yup#tuple

• 1.0.0-beta.1 - 2022-01-03
  

  1.0.0-beta.1 (2022-01-03)

  Features

  • flat bundles and size reductions (753abdf)
  • Refactors a number of internal APIs for Schema type implementers, making it easier to consistently create subclasses of Schema.

  BREAKING CHANGES

  • Yup now compiles to a flat bundle using rollup, this gives us faster to parse and smaller code, as well as clearer size insights (10.26kb gzipped!). The possible breaking change is around cherry picking imports, if you are cherry picking imports from yup import string from 'yup/lib/string' this will no longer work. This pattern has not been supported for a long time and could cause larger than necessary bundles.
• 1.0.0-beta.0 - 2021-12-29
  

  1.0.0-beta.0 (2021-12-29)

  • feat!: add json() method and remove default object/array coercion (94b73c4)

  Features

  • Make Array generic consistent with others (a82353f)

  BREAKING CHANGES

  • types only, ArraySchema initial generic is the array type not the type of the array element. array<T>() is still the inner type.
  • object and array schema no longer parse JSON strings by default, nor do they return null for invalid casts.

  object().json().cast('{}')
  array().json().cast('[]')

  to mimic the previous behavior

• 1.0.0-alpha.4 - 2021-12-29
• 1.0.0-alpha.3 - 2021-12-28
• 1.0.0-alpha.2 - 2020-12-18
• 1.0.0-alpha.1 - 2020-12-18
• 1.0.0-alpha.0 - 2020-12-14
• 0.32.11 - 2021-10-12

from yup GitHub release notes

Commit messages

Package name: yup

• f37a53f Publish v1.0.2
• 4040592 fix: fix array describe not including conditions
• 2461dce Publish v1.0.1
• 60fe3b0 Followups (avoid throwing for flow control cucumber/cucumber-js#1924)
• 3bd5ed9 Improve docs on migrating to 1.0.0 (chore(deps): update dependency sinon to v13.0.1 cucumber/cucumber-js#1917)
• bbfd809 chore(deps): update all non-major dependencies
• 33909e7 Publish v1.0.0
• 0fc5abd chore: docs and type fix
• 0a78e2a chore: fix typo (build: tag as next when publishing release candidates cucumber/cucumber-js#1905)
• 5b94eb1 chore(deps): update all non-major dependencies
• 1a24359 chore(deps): update all non-major dependencies
• b297fee chore(deps): update all non-major dependencies
• 81b65ad Add getDefault results to the describe method (weird output when running cucumber-js cucumber/cucumber-js#1887)
• fc07d1e chore(deps): update all non-major dependencies
• f7a5401 chore(deps): update all non-major dependencies
• ec0c59c chore(deps): update all non-major dependencies
• 1ef73bf chore(deps): update all non-major dependencies
• 09c4eb1 ci: actions version bump (Running tests in browser UI mode cucumber/cucumber-js#1842)
• 9266894 chore(deps): update all non-major dependencies
• e77a183 Fix error in documentation (chore(deps): update unit test packages (major) cucumber/cucumber-js#1860)
• ef86ead chore(deps): update all non-major dependencies
• f3a7c4b chore(deps): update all non-major dependencies
• b840733 chore(deps): update all non-major dependencies
• 4c96379 chore(deps): update all non-major dependencies

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs