chore(deps): update all

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/express-session (source)	1.17.3 -> 1.17.7
@types/node (source)	10.17.50 -> 10.17.60
@types/sinon (source)	9.0.10 -> 9.0.11
coveralls	3.1.0 -> 3.1.1
express (source)	4.17.1 -> 4.18.2
express-session	1.17.1 -> 1.17.3
graphql	15.4.0 -> 15.8.0
graphql-subscriptions	1.1.0 -> 1.2.1
keycloak-admin	1.14.4 -> 1.14.22
sinon (source)	9.2.2 -> 9.2.4
subscriptions-transport-ws	0.9.18 -> 0.11.0
typescript (source)	4.1.3 -> 4.9.5

---

Release Notes

nickmerwin/node-coveralls

v3.1.1: Maintenance / Security updates

Compare Source

• swapped exec for execFile. Credit: Adar Zandberg from the CxSCA AppSec team at Checkmarx.
• updated devDependencies
• merged Dependabot PRs

expressjs/express

v4.18.2

Compare Source

===================

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

v4.18.1

Compare Source

===================

• Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: serve-static@1.15.0
  • deps: send@0.18.0
• deps: statuses@2.0.1
  • Remove code 306
  • Rename 425 Unordered Collection to standard 425 Too Early

v4.17.3

Compare Source

===================

• deps: accepts@~1.3.8
  • deps: mime-types@~2.1.34
  • deps: negotiator@0.6.3
• deps: body-parser@1.19.2
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
  • deps: raw-body@2.4.3
• deps: cookie@0.4.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• pref: remove unnecessary regexp for trust proxy

v4.17.2

Compare Source

===================

• Fix handling of undefined in res.jsonp
• Fix handling of undefined when "json escape" is enabled
• Fix incorrect middleware execution with unanchored RegExps
• Fix res.jsonp(obj, status) deprecation message
• Fix typo in res.is JSDoc
• deps: body-parser@1.19.1
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• deps: content-disposition@0.5.4
  • deps: safe-buffer@5.2.1
• deps: cookie@0.4.1
  • Fix maxAge option to reject invalid values
• deps: proxy-addr@~2.0.7
  • Use req.socket over deprecated req.connection
  • deps: forwarded@0.2.0
  • deps: ipaddr.js@1.9.1
• deps: qs@6.9.6
• deps: safe-buffer@5.2.1
• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens
• deps: serve-static@1.14.2
  • deps: send@0.17.2
• deps: setprototypeof@1.2.0

expressjs/session

v1.17.3

Compare Source

===================

• Fix resaving already-saved new session at end of request
• deps: cookie@0.4.2

v1.17.2

Compare Source

===================

• Fix res.end patch to always commit headers
• deps: cookie@0.4.1
• deps: safe-buffer@5.2.1

graphql/graphql-js

v15.8.0

Compare Source

v15.8.0 (2021-12-07)

New Feature 🚀

• #​3410 Refine getNamedType() for Input and Output types (@​IvanGoncharov)

Internal 🏠

2 PRs were merged

• #​3411 publish 15.x.x packages only under '15.x.x' tag (@​IvanGoncharov)
• #​3412 cspell: do not show progress (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v15.7.2

Compare Source

v15.7.2 (2021-10-28)

Bug Fix 🐞

• #​3343 GraphQLError: Fixed originalError.extensions overriding extensions argument to constructor (@​klippx)

Committers: 1

• Mathias Klippinge(@​klippx)

v15.7.1

Compare Source

v15.7.1 (2021-10-27)

Bug Fix 🐞

• #​3341 GraphQLError: revert originalError to be nullable (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v15.7.0

Compare Source

v15.7.0 (2021-10-26)

New Feature 🚀

• #​3327 Change type of error extensions from anonymous Record to named interfaces (@​IvanGoncharov)
• #​3333 GraphQLError: major refactoring to be more in line with v16 (@​IvanGoncharov)
• #​3334 GraphQLError: keep extensions always present (@​IvanGoncharov)

Bug Fix 🐞

• #​3332 GraphQLError: fix empty locations if error got nodes without locations (@​IvanGoncharov)
• #​3335 GraphQLError: restore order of enumerable fields (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v15.6.1

Compare Source

v15.6.1 (2021-10-05)

Bug Fix 🐞

• #​3275 type/introspection: add missing __Directive.args(includeDeprecated:) (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v15.6.0

Compare Source

v15.6.0 (2021-09-20)

New Feature 🚀

• #​3267 Depreacate 'VisitorKeyMap' and backported 'ASTVisitorKeyMap' type (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v15.5.3

Compare Source

v15.5.3 (2021-09-06)

Bug Fix 🐞

• #​3254 Parser: fix function definition of parseArguments and parseArgument (@​n1ru4l)
• #​3260 backport: Preserve deprecationReason on GraphQLInputFields (@​IvanGoncharov)

Committers: 2

• Ivan Goncharov(@​IvanGoncharov)
• Laurin Quast(@​n1ru4l)

v15.5.2

Compare Source

v15.5.2 (2021-08-30)

Bug Fix 🐞

• #​3251 backport parser typescript type-definitions for 15.x.x release (@​n1ru4l)

Committers: 1

• Laurin Quast(@​n1ru4l)

v15.5.1

Compare Source

v15.5.1 (2021-06-20)

Bug Fix 🐞

• #​3186 Backport instanceOf Error Check Improvements (@​tubbo)

Internal 🏠

• #​3191 Remove deprecated rmdirSync usage from internal scripts (@​IvanGoncharov)

Committers: 2

• Ivan Goncharov(@​IvanGoncharov)
• Tom Scott(@​tubbo)

v15.5.0

Compare Source

v15.5.0 (2021-01-26)

Bug Fix 🐞

• #​2852 introspectionFromSchema: enable 'specifiedByUrl' by default (@​IvanGoncharov)
• #​2855 introspection: Add missing support for deprecated input values (@​IvanGoncharov)
• #​2859 separateOperations: distinguish query and fragment names (@​IvanGoncharov)
• #​2876 Replace 'localeCompare' with function independent from locale (@​IvanGoncharov)
• #​2893 Fix handling of input objects with 'length' property (@​IvanGoncharov)

Docs 📝

• #​2849 README: add instructions on using experimental features (@​robrichard)

Polish 💅

7 PRs were merged

• #​2847 Add tests for supporting Iterable collections across the lib (@​IvanGoncharov)
• #​2851 tests: update 'getIntrospectionQuery' tests to use custom matchers (@​IvanGoncharov)
• #​2858 separateOperations-test: refactor tests to look like snapshots (@​IvanGoncharov)
• #​2868 Extract types for normalized configs into named types (@​IvanGoncharov)
• #​2878 fix: type annotation cannot appear on a constructor declaration (@​saihaj)
• #​2879 fix: no need to mark param optional if default value is given (@​saihaj)
• #​2889 Simplify isAsyncIterable (@​IvanGoncharov)

Internal 🏠

7 PRs were merged

• #​2831 build: add support for experimental releases (@​IvanGoncharov)
• #​2836 CI: test on node 15 (@​IvanGoncharov)
• #​2837 Flow: remove support for measuring Flow coverage (@​IvanGoncharov)
• #​2838 TS: exclude integration tests from root tsconfig.json (@​IvanGoncharov)
• #​2840 resources: use named groups in RegExp (@​IvanGoncharov)
• #​2886 Use correct flags for rmdir/mkdir functions (@​IvanGoncharov)
• #​2891 benchmark: fix temp dir creation (@​IvanGoncharov)

Dependency 📦

5 PRs were merged

• #​2835 Update deps (@​IvanGoncharov)
• #​2844 Update deps (@​IvanGoncharov)
• #​2850 Update deps (@​IvanGoncharov)
• #​2884 Update deps (@​IvanGoncharov)
• #​2890 Update deps (@​IvanGoncharov)

Committers: 3

• Ivan Goncharov(@​IvanGoncharov)
• Rob Richard(@​robrichard)
• Saihajpreet Singh(@​saihaj)

apollostack/graphql-subscriptions

v1.2.1

Compare Source

• Fix memory leak in withFilter. PR #​209

v1.2.0

Compare Source

• Add graphql@15 to peerDependencies.

sinonjs/sinon

v9.2.4

Compare Source

• Upgrade @​sinonjs/samsam@​5.3.1

v9.2.3

Compare Source

• Use util.inspect for formatting human readable output
  (this retires @​sinonjs/formatio)

apollostack/subscriptions-transport-ws

v0.11.0

Compare Source

• Support for graphql@16 and bump minimal supported version to be graphql@15.7.2. As part of this change signatures for ExecuteFunction and SubscribeFunction were changed.
  
  @​IvanGoncharov in #​902

v0.10.0

Compare Source

• Same contents as v0.9.19 (published before v0.9.19 before realizing it would be helpful if the new version was picked up by packages looking for ^0.9).

v0.9.19

Compare Source

• Bump ws dependency to allow v6 and v7. Note that there are breaking changes in ws 6.0.0 and 7.0.0; for example, messages over 100MiB are rejected, and (in v7) the behavior of sending messages while the connection is starting or ending has changed. We are publishing this package to allow users of Apollo Server 2 to avoid seeing this CVE in their npm audit. However, note that (a) this CVE does not affect the subscriptions client, just the server and (b) Apollo Server 3 will remove its superficial integration with this package entirely. We encourage users of Apollo Server 2 to disable the integration with this unmaintained package via new ApolloServer({subscriptions: false}), and consider packages such as graphql-ws to power GraphQL subscriptions until such time as Apollo Server has more fully integrated subscriptions support.

Microsoft/TypeScript

v4.9.5: TypeScript 4.9.5

Compare Source

For release notes, check out the release announcement.

Downloads are available on:

• npm
• NuGet package

Changes:

• 69e88ef Port ignore deprecations to 4.9 (#​52419)
• daf4e81 Port timestamp fix to 4.9 (#​52426)

v4.9.4: TypeScript 4.9.4

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript v4.9.4.

Downloads are available on:

• npm
• NuGet package

Changes:

• e286821 Bump version to 4.9.4 and LKG.
• eb5419f Cherry-pick #​51704 to release 4.9 (#​51712)
• b4d382b Cherry-pick changes for narrowing to tagged literal types.
• e7a02f4 Port of #​51626 and #​51689 to release-4.9 (#​51627)
• 1727912 Cherry-pick fix around visitEachChild to release-4.9. (#​51544)

This list of changes was auto generated.

v4.9.3: TypeScript 4.9

Compare Source

For release notes, check out the release announcement.

Downloads are available on:

• npm
• NuGet package

Changes:

• 93bd577 Bump version to 4.9.3 and LKG.
• 107f832 Update LKG.
• 31bee56 Cherry-pick PR #​50977 into release-4.9 (#​51363) [ #​50872 ]
• 1e2fa7a Update version to 4.9.2-rc and LKG.
• 7ab89e5 Merge remote-tracking branch 'origin/main' into release-4.9
• e5cd686 Update package-lock.json
• 8d40dc1 Update package-lock.json
• 5cfb3a2 Only call return() for an abrupt completion in user code (#​51297)
• a7a9d15 Fix for broken baseline in yieldInForInInDownlevelGenerator (#​51345)
• 7f8426f fix for-in enumeration containing yield in generator (#​51295)

See More

• 3d2b401 Fix assertion functions accessed via wildcard imports (#​51324)
• 64d0d5a fix(51301): Fixing an unused import at the end of a line removes the newline (#​51320)
• 754eeb2 Update CodeQL workflow and configuration, fix found bugs (#​51263)
• d8aad26 Update package-lock.json
• d4f26c8 fix(51245): Class with parameter decorator in arrow function causes "convert to default export" refactoring failure (#​51256)
• 16faf45 Update package-lock.json
• 8b1ecdb fix(50654): "Move to a new file" breaks the declaration of referenced variable (#​50681)
• 170a17f Dom update 2022-10-25 (#​51300)
• 9c4e14d Remove "No type information for this code" from baseline (#​51311)
• 88d25b4 fix(50068): Refactors trigger debug failure when JSX text has a ' and a tag on the same line. (#​51299)
• 8bee69a Update package-lock.json
• 702de1e Fix early call to return/throw on generator (#​51294)
• 2c12b14 Add a GH Action to file a new issue if we go a week without seeing a typescript-error-deltas issue (#​51271)
• 6af270d Update package-lock.json
• 2cc4c16 Update package-lock.json
• 6093491 Fix apparent typo in getStringMappingType (#​51248)
• 61c2609 Update package-lock.json
• ef69116 Generate shortest rootDirs module specifier instead of first possible (#​51244)
• bbb42f4 Fix typo in canWatchDirectoryOrFile found by CodeQL (#​51262)
• a56b254 Include 'this' type parameter in isRelatedTo fast path (#​51230)
• 3abd351 Fix super property transform in async arrow in method (#​51240)
• eed0511 Update package-lock.json
• 2625c1f Make the init config category order predictable (#​51247)
• 1ca99b3 fix(50551): Destructuring assignment with var bypasses "variable is used before being assigned" check (2454) (#​50560)
• 3f28fa1 Update package-lock.json
• 906ebe4 Revert structuredTypeRelatedTo change and fix isUnitLikeType (#​51076)
• 8ac4652 change type (#​51231)
• 245a02c fix(51222): Go-to-definition on return statements should jump to the containing function declaration (#​51227)
• 2dff34e markAliasReferenced should include ExportValue as well (#​51219)
• 5ef2634 Update package-lock.json
• d0f0e35 Remove old tslint comments (#​51220)
• 85d405a Fixed a false positive "await has no effect on the type" diagnostic with mixed generic union (#​50833)
• 1f8959f fix: avoid downleveled dynamic import closing over specifier expression (#​49663)
• 11066b2 Rename internal functions to narrowTypeBySwitchOnTypeOf and narrowTypeByInKeyword (#​51215)
• 4c9afe8 Update package-lock.json
• f25bcb7 fix(49196): add jsdoc snippet for interface member functions (#​51135)
• 7406ee9 fix(51170): Completing an unimplemented property overwrites rest of line (#​51175)
• a1d82fc Remove some unnecessary code discovered by rollup (#​51204)
• 0481773 LEGO: Merge pull request 51200
• 98c19cb LEGO: Merge pull request 51190
• 13c9b05 Update package-lock.json
• 673475e Update package-lock.json
• f6cf510 Add more tracing to node16/nodenext resolution (#​51168)
• 83c5581 Update package-lock.json
• be5f0fe Add an extra regression test for awaited unresolvable recursive union (#​51167)
• 2cb7e77 fix(50416): correctly names disabled export refactors (#​50663) [ #​50416 ]
• 2bcfed0 feat(37440): Provide a quick-fix for non-exported types (#​51038)
• a24201c Remove VSDevMode.ps1 and createPlaygroundBuild (#​51166)
• 2da62a7 fix(51112): omit parameter names that precede the type (#​51142)
• cf1b6b7 feat(51163): show QF to fill in the missing properties for the mapped type. (#​51165)
• bdcc240 Remove bug-causing carve-out in conditional type instantiation that hopefully is no longer required (#​51151)
• 37317a2 Check nested weak types in intersections on target side of relation (#​51140)
• 9f49f9c Update package-lock.json
• 4f54e7e Fix isExhaustiveSwitchStatement to better handle circularities (#​51095)
• 503604c Overloads shouldn't gain @​deprecated tags of other overloads in quick info (#​50904)
• e14a229 Update package-lock.json
• 67256e5 Remove unused declarations array in extractSymbol's TargetRange (#​51091)
• 9c87ded fix(51100): ensure tsserver shuts down when parent process is killed (#​51107)
• c01ae01 Fix nightly publish oops in Gulpfile (#​51131)
• a7d10f1 Update package-lock.json
• d0bfd8c fix(51072): ts.preProcessFile finds import in template string after conditional expression with template strings (#​51082)
• ad56b5c Convert scripts/Gulpfile to checked mjs/cjs so they can run without compilation (#​50988)
• dbeae5d fix(51017): Make lineText in the references response opt-out (#​51081)
• d06a592 Properly defer resolution of mapped types with generic as clauses (#​51050)
• 42b1049 Update package-lock.json
• 5f3e6cc Plugin probe location is higher priority than peer node_modules (#​51079) [ #​34616 ]
• 2648f6a Plugins in project were adding up after every config file reload (#​51087)
• c18791c Fix incorrect options type to WatchOptions (#​51064)
• b0795e9 Update package-lock.json
• 43c6fd4 Covert some of the config testing to baselines for easy validation (#​51063)
• fc5e72b Remove unused defaultWatchFileKind method since useFsEvents is default for tsserver and tsc (#​51044)
• 8af9a93 Use typescript.d.ts in APISample tests (#​51061)
• 4953316 Remove configureLanguageServiceBuild, instrumenter (#​51048)
• 9dfffd0 Update GitHub Actions (#​51045)
• 4635a5c Update package-lock.json
• 33a34e5 Adding a JSDoc comment to the es5 type declarations to describe the functionality of Date.now() (#​50630)
• 299745c Fix crash in goto-def on @override (#​51016)
• 7dcf11f fix(50750): Object type literal with string literal property in contextual typing position causes language service error on all literal type references (#​50757)
• 5cd49f6 Update package-lock.json
• 8a1b858 Update package-lock.json
• 96894db Include type parameter defaults in contextual typing (#​50994) [ #​51002 ]
• 0d0a793 Allow Unicode extended escapes in ES5 and earlier (#​50918)
• 58bae8d Update package-lock.json
• 0ce72ef Add option to OrganizeImports for removal only (#​50931)
• 42f9143 feat: codefix for for await of (#​50623)
• ecf50e8 Properly compute SymbolFlags.Optional for intersected properties (#​50958)
• d1586de Fully resolve aliases when checking symbol flags (#​50853)
• 45148dd Update LKG to 4.8.4 (#​50987)
• 9a83f25 Update package-lock.json
• 865848f Fix <= and > comparisons when compared against prerelease versions (#​50915)
• fbfe934 Fix comparability between type parameters related by a union constraint (#​50978)
• b09e93d Merge pull request #​50041 from microsoft/fix/47969
• 0ac12bb Update package-lock.json
• 8192d55 Pick correct compilerOptions when checking if we can share emitSignatures (#​50910) [ #​50902 ]
• 16faef1 During uptodate ness check with buildInfo, check if there are errors explicitly with noEmit (#​50974) [ #​50959 ]
• 63791f5 Update package-lock.json
• 09368bc Handle if project for open file will get recollected because of pending cleanup from closed script info (#​50908) [ #​50868 ]
• c81bf4d fix(49594): Typescript 4.7.3 bracketed class property compilation error strictPropertyInitialization:true (#​49619)
• bc9cbbe Merge pull request #​49912 from microsoft/fix/47508
• 5a10f46 Update package-lock.json
• 8e71f42 Fixing pr comments
• c100c64 Update package-lock.json
• 2a91107 Update package-lock.json
• 4ab9e76 Use paths in package.json 'files' array that work with npm 6 and later. (#​50930)
• 549b542 Use paths in package.json 'files' array that work with npm 6 and later.
• 7f37d25 Update version to 4.9.1-beta and LKG.
• f16ca7d Remove 'async' dependency, used only in errorCheck.ts, modernize file (#​50667)
• c6bef3f LEGO: Merge pull request 50921
• 6753027 Update package-lock.json
• 9740bcc Pluralized hasInvalidatedResolution -> hasInvalidatedResolutions ([#​50912](https://togithub.com/Mic

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.