Bump the npm_and_yarn group across 4 directories with 42 updates

[dependabot]

Bumps the npm_and_yarn group with 30 updates in the / directory:

Package	From	To
axios	0.26.1	0.28.0
electron-updater	4.6.5	6.2.1
ip	1.1.8	2.0.1
node-fetch	2.6.7	3.3.2
simple-git	3.15.0	3.16.0
ws	8.11.0	8.17.1
electron	21.3.1	22.3.25
webpack	5.75.0	5.76.0
semver	7.3.8	7.6.2
semver	6.3.0	7.6.2
semver	5.7.1	7.6.2
npm	9.1.2	9.9.3
@pm2/agent	2.0.1	2.0.4
@pm2/io	5.0.0	5.0.2
electron-builder	23.6.0	24.13.3
@babel/traverse	7.20.1	7.24.7
tar	4.4.19	6.2.1
npm	9.9.3	10.8.1
web3	1.8.1	4.10.0
@tensorflow/tfjs-node	2.8.6	4.20.0
ejs	3.1.8	3.1.10
express	4.18.2	4.19.2
follow-redirects	1.15.2	1.15.6
http-cache-semantics	4.1.0	4.1.1
json5	1.0.1	1.0.2
minimist	1.2.7	1.2.8
nanoid	3.3.4	3.3.7
postcss	8.4.19	8.4.39
systeminformation	5.14.4	5.22.11
terser	5.16.0	5.31.1
undici	5.13.0	5.28.4
webpack-dev-middleware	5.3.3	5.3.4
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 12 updates in the /Bitcoin-Factory/Dashboard directory:

Package	From	To
axios	0.27.2	0.28.0
node-fetch	2.6.7	2.7.0
ws	7.5.8	7.5.10
webpack	5.73.0	5.92.1
semver	5.7.1	5.7.2
express	4.18.1	4.19.2
follow-redirects	1.15.1	1.15.6
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
minimist	1.2.6	1.2.8
nanoid	3.3.4	3.3.7
webpack-dev-middleware	5.3.3	5.3.4

Bumps the npm_and_yarn group with 22 updates in the /DesktopReact directory:

Package	From	To
ws	8.4.0	8.18.0
webpack	5.66.0	5.76.0
semver	7.3.5	7.5.2
@babel/traverse	7.16.8	7.24.7
async	2.6.3	2.6.4
decode-uri-component	0.2.0	0.2.2
minimatch	3.0.4	3.1.2
recursive-readdir	2.2.2	2.2.3
ejs	3.1.6	3.1.10
express	4.17.2	4.19.2
follow-redirects	1.14.6	1.15.6
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
minimist	1.2.5	1.2.8
nanoid	3.1.30	3.3.7
node-forge	1.2.1	1.3.1
postcss	8.4.5	8.4.31
terser	5.10.0	5.31.1
url-parse	1.5.4	1.5.10
webpack-dev-middleware	5.3.0	5.3.4
word-wrap	1.2.3	1.2.5
eventsource	1.1.0	1.1.2

Bumps the npm_and_yarn group with 5 updates in the /Projects/TensorFlow/TS/Bot-Modules/Learning-Bot/Low-Frequency-Learning directory:

Package	From	To
node-fetch	2.6.1	2.6.13
semver	6.3.0	6.3.1
tar	4.4.19	6.2.1
@tensorflow/tfjs-node	3.8.0	4.20.0
minimatch	3.0.4	3.1.2

Updates axios from 0.26.1 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Updates electron-updater from 4.6.5 to 6.2.1

Release notes

Sourced from electron-updater's releases.

[email protected]

Patch Changes

• #8091 e2a181d9 Thanks @​mmaietta! - fix(mac): revert autoupdate for mac differential

[email protected]

Minor Changes

• #7709 79df5423 Thanks @​beyondkmp! - feat: adding differential downloader for updates on macOS

[email protected]

Patch Changes

• #8051 48603ba0 Thanks @​mmaietta! - fix: auto-update powershell script requires reset of PSModulePath

• #8057 ccbb80de Thanks @​mmaietta! - chore: upgrading connected dependencies (typescript requires higher eslint version)

• Updated dependencies [ccbb80de]:

  • [email protected]

[email protected]

Patch Changes

• #7950 03c94516 Thanks @​bronsonmock! - feat(nsis): add option to disable differential download

[email protected]

Patch Changes

• Updated dependencies [db424e8e, db424e8e]:
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies [549d07b0]:
  • [email protected]

[email protected]

Patch Changes

• #7767 21f3069c Thanks @​jackple! - fix: When error code is ENOENT, try to use electron.shell.openPath to run installer on Windows

[email protected]

Patch Changes

• #7666 441da40d Thanks @​sethjray! - fix: check null for isCustomChannel in GitHubProvider.ts

[email protected]

Patch Changes

... (truncated)

Changelog

Sourced from electron-updater's changelog.

6.2.1

Patch Changes

• #8091 e2a181d9 Thanks @​mmaietta! - fix(mac): revert autoupdate for mac differential

6.2.0

Minor Changes

• #7709 79df5423 Thanks @​beyondkmp! - feat: adding differential downloader for updates on macOS

6.1.9

Patch Changes

• #8051 48603ba0 Thanks @​mmaietta! - fix: auto-update powershell script requires reset of PSModulePath

• #8057 ccbb80de Thanks @​mmaietta! - chore: upgrading connected dependencies (typescript requires higher eslint version)

• Updated dependencies [ccbb80de]:

  • [email protected]

6.1.8

Patch Changes

• #7950 03c94516 Thanks @​bronsonmock! - feat(nsis): add option to disable differential download

6.1.7

Patch Changes

• Updated dependencies [db424e8e, db424e8e]:
  • [email protected]

6.1.6

Patch Changes

• Updated dependencies [549d07b0]:
  • [email protected]

6.1.5

Patch Changes

• #7767 21f3069c Thanks @​jackple! - fix: When error code is ENOENT, try to use electron.shell.openPath to run installer on Windows

6.1.4

... (truncated)

Commits

• 62d1991 chore(deploy): Release ([email protected]) (#8092)
• e2a181d fix(mac): revert mac differential autoupdate (#8091)
• cb335ec chore(deploy): Release v24.13.3 ([email protected]) (#8084)
• 79df542 feat: add support for differential zip updates on macOS (#7709)
• 8965608 chore(deploy): Release v24.13.1 ([email protected]) (#8056)
• ccbb80d chore: upgrading connected dependencies (typescript 5.3.3 requires higher esl...
• 48603ba fix: auto-update powershell script requires reset of PSModulePath (#8051)
• fc13810 chore(deploy): Release v24.11.0 ([email protected]) (#7954)
• 03c9451 feat(nsis): add option to disable differential download (#7950)
• 061d729 chore(docs): exporting more things to API docs (#7898)
• Additional commits viewable in compare view

Updates ip from 1.1.8 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• 4b2f4e7 2.0.0
• 369d56d lib: use Buffer.alloc
• See full diff in compare view

Updates node-fetch from 2.6.7 to 3.3.2

Release notes

Sourced from node-fetch's releases.

v3.3.2

3.3.2 (2023-07-25)

Bug Fixes

• Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473

v3.3.1

3.3.1 (2023-03-11)

Bug Fixes

• release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

v3.3.0

3.3.0 (2022-11-10)

Features

• add static Response.json (#1670) (55a4870)

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

• ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

• Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

• possibly flaky test (#1523) (11b7033)

... (truncated)

Commits

• 8b3320d fix: Remove the default connection close header. (#1736)
• 7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
• 8ced5b9 docs: readme - non ESM example (#1707)
• 71e376b ci(release): use latest Node LTS (#1697)
• e093030 Allow URL class object as an argument for fetch() (#1696)
• 55a4870 feat: add static Response.json (#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
• 6f72caa docs: fix missing comma in example (#1623)
• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates simple-git from 3.15.0 to 3.16.0

Release notes

Sourced from simple-git's releases.

[email protected]

Minor Changes

• 97fde2c: Support the use of -B in place of the default -b in checkout methods
• 0a623e5: Adds vulnerability detection to prevent use of --upload-pack and --receive-pack without explicitly opting in.

Patch Changes

• ec97a39: Include restricting the use of git push --exec with other allowUnsafePack exclusions, thanks to @​stsewd for the suggestion.

[email protected]

Patch Changes

• de570ac: Resolves an issue whereby non-strings can be passed into the config switch detector.

Changelog

Sourced from simple-git's changelog.

3.16.0

Minor Changes

• 97fde2c: Support the use of -B in place of the default -b in checkout methods
• 0a623e5: Adds vulnerability detection to prevent use of --upload-pack and --receive-pack without explicitly opting in.

Patch Changes

• ec97a39: Include restricting the use of git push --exec with other allowUnsafePack exclusions, thanks to @​stsewd for the suggestion.

3.15.1

Patch Changes

• de570ac: Resolves an issue whereby non-strings can be passed into the config switch detector.

Commits

• 1a12952 Version Packages
• ec97a39 Block unsafe pack (push --exec) (#882)
• 0a623e5 Feat/unsafe pack (#881)
• 97fde2c Add support for using the -B modifier instead of the default -b when usin...
• edfd459 Update readme.md
• c9fc61f Version Packages
• de570ac Fix/non strings (#867)
• See full diff in compare view

Updates ws from 8.11.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates electron from 21.3.1 to 22.3.25

Commits

• 1c1c132 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40026)
• d892c2b build: fixup autoninja (#39899)
• 6132e80 build: run on circle hosts for forks (#39865)
• a953199 build: use aks backed runners for linux builds (#39838)
• 056eacf chore: cherry-pick b2eab7500a18 from chromium (#39827)
• 5f8ef81 fix: ensure app load is limited to real asar files when appropriate (#39811)
• 4995c9e chore: cherry-pick 1 changes from Release-3-M116 (#39758)
• e29cdac build: fix depot_tools patch application (#39751)
• b58903d chore: cherry-pick 1 changes from Release-2-M116 (#39689)
• 33f9dce chore: cherry-pick 2 changes from Release-1-M116 (#39648)
• Additional commits viewable in compare view

Updates webpack from 5.75.0 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in webpack/webpack#16500
• Improve hash performance via conditional initialization by @​lvivski in webpack/webpack#16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in webpack/webpack#16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in webpack/webpack#16759

Features

• add target to LoaderContext type by @​askoufis in webpack/webpack#16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in webpack/webpack#16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in webpack/webpack#16614
• Replace TypeScript logo in README by @​jakebailey in webpack/webpack#16613
• Update actions/cache dependencies by @​piwysocki in webpack/webpack#16493

New Contributors

• @​Jack-Works made their first contribution in webpack/webpack#16500
• @​lvivski made their first contribution in webpack/webpack#16491
• @​jakebailey made their first contribution in webpack/webpack#16614
• @​akhilgkrishnan made their first contribution in webpack/webpack#16446
• @​ryanwilsonperkin made their first contribution in webpack/webpack#16703
• @​piwysocki made their first contribution in webpack/webpack#16493
• @​askoufis made their first contribution in webpack/webpack#16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

Commits

• 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request #16493 from piwysocki/patch-1
• 5f34acf feat: Add target to LoaderContext type
• b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request #16613 from jakebailey/ts-logo
• 302eb37 Merge pull request #16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates semver from 7.3.8 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools...

  Description has been truncated

[dryrunsecurity]

DryRun Security Summary

The provided code changes primarily involve updating various dependencies, including TensorFlow, Bitcoin-Factory, DesktopReact, and Superalgos, to improve application security, performance, and stability.

Expand for full summary

Summary:

The provided code changes primarily involve updating various dependencies used in different projects, including TensorFlow, Bitcoin-Factory, DesktopReact, and Superalgos. These dependency updates are generally a positive step from an application security perspective, as they often include security fixes, performance improvements, and bug patches.

The key changes include updates to the @tensorflow/tfjs-node, axios, express, postcss, semver, webpack, electron-updater, ip, node-fetch, npm, simple-git, and ws libraries. Keeping these dependencies up-to-date is crucial for maintaining the security and stability of the applications.

While the dependency updates are generally a good practice, it's important to review the specific changes and their potential impact on the application's functionality. The team should carefully review the release notes and change logs of the new versions to ensure that there are no known security vulnerabilities or breaking changes that could affect the application. Additionally, thorough testing should be conducted to verify that the updated dependencies do not introduce any regressions or unintended behavior.

Files Changed:

1. Projects/TensorFlow/TS/Bot-Modules/Learning-Bot/Low-Frequency-Learning/package.json: The @tensorflow/tfjs-node dependency has been updated from version ^3.8.0 to ^4.20.0.
2. Bitcoin-Factory/Dashboard/package.json: The axios dependency has been updated from version ^0.27.2 to ^0.28.0.
3. DesktopReact/package.json: Several dependencies have been updated, including express (from 4.17.1 to 4.19.2), postcss (from 8.4.4 to 8.4.31), semver (from 7.3.5 to 7.5.2), and webpack (from 5.65.0 to 5.76.0).
4. package.json: The Superalgos project has updated several dependencies, including axios, electron-updater, ip, node-fetch, npm, simple-git, web3, and ws.

Code Analysis

We ran 7 analyzers against 8 files and 1 analyzer had findings. 6 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	4 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.