{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":263503250,"defaultBranch":"main","name":"bicep","ownerLogin":"Azure","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-05-13T02:18:30.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/6844498?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718987447.0","currentOid":""},"activityList":{"items":[{"before":"8191dc878cd65720b33bea5f49bdf2fc5c47fac4","after":"c33d26363178f0bbff4a989733dad5117a3b79e0","ref":"refs/heads/jasondou/microsoftgraph-0624","pushedAt":"2024-06-21T16:46:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jason-dou","name":"Jason Dou","path":"/jason-dou","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/85079049?s=80&v=4"},"commit":{"message":"Update package hash","shortMessageHtmlLink":"Update package hash"}},{"before":null,"after":"8191dc878cd65720b33bea5f49bdf2fc5c47fac4","ref":"refs/heads/jasondou/microsoftgraph-0624","pushedAt":"2024-06-21T16:30:47.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jason-dou","name":"Jason Dou","path":"/jason-dou","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/85079049?s=80&v=4"},"commit":{"message":"Update Microsoft Graph Bicep Types","shortMessageHtmlLink":"Update Microsoft Graph Bicep Types"}},{"before":"19bddfdd5b4be1b2c3dd397dcd265ec56ebf4210","after":"70ac99d94dd063727da13150189ddcf29d031f8e","ref":"refs/heads/shenglol/provider-to-extension","pushedAt":"2024-06-21T03:18:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"shenglol","name":"Shenglong Li","path":"/shenglol","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/16367959?s=80&v=4"},"commit":{"message":"Update keyword","shortMessageHtmlLink":"Update keyword"}},{"before":null,"after":"19bddfdd5b4be1b2c3dd397dcd265ec56ebf4210","ref":"refs/heads/shenglol/provider-to-extension","pushedAt":"2024-06-20T23:22:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"shenglol","name":"Shenglong Li","path":"/shenglol","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/16367959?s=80&v=4"},"commit":{"message":"Replace provider with extension","shortMessageHtmlLink":"Replace provider with extension"}},{"before":"a2741e45696707157c83d5e7dc6b3b126b1929b1","after":"771389c9c1558ea82129ac8552396b29b6db7bf6","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-20T01:55:42.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Partially working","shortMessageHtmlLink":"Partially working"}},{"before":"89af644812fd5588343464e1ea49703bb0b77476","after":"a2741e45696707157c83d5e7dc6b3b126b1929b1","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-20T01:44:02.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Partially working","shortMessageHtmlLink":"Partially working"}},{"before":"28c3da63bbfc10250905ba13b4343ce96b5d43ff","after":null,"ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-20T01:37:12.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"}},{"before":"bf8a3449001d797747dfcf7971751351e59fcbae","after":"e307d17ca9420eec3673efcd1bfc73f3b33061ec","ref":"refs/heads/main","pushedAt":"2024-06-20T01:37:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"Fixed UDT syntax highlighting (#14372)\n\nFixed the recent regression in syntax highlighting for user defined\r\ntypes:\r\n* Now emitting `SemanticTokenType.Namespace` for namespace symbols.\r\n* Now emitting `SemanticTokenType.Type` for `TypeVariableAccessSyntax`\r\nthat resolves to a valid type symbol.\r\n* Now emitting `SemanticTokenType.Keyword` for `null`, `true` and\r\n`false` type keywords.\r\n\r\nExamples of changes:\r\n\"image\"\r\nsrc=\"https://github.com/Azure/bicep/assets/22460039/42e65336-4885-43d6-8308-ea06b762d789\"\r\n\r\nI will look into adding tests separately since we don't currently have\r\nbaselines or meaningful unit tests for syntax highlighting. (I recall we\r\nhad some issues with that in the past, but will need to confirm.)\r\n\r\nThis fixes #14147\r\n###### Microsoft Reviewers: [Open in\r\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14372)","shortMessageHtmlLink":"Fixed UDT syntax highlighting (#14372)"}},{"before":"8985fd23db982fcd2324c51801a3fd74adb3534a","after":"9841a6698253c112627c9d0acd048ad6af18fe35","ref":"refs/heads/enpolat/12019-design-proposal-modular-parameters","pushedAt":"2024-06-20T00:12:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"polatengin","name":"Engin Polat","path":"/polatengin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/118744?s=80&v=4"},"commit":{"message":"addressing a comment on the PR","shortMessageHtmlLink":"addressing a comment on the PR"}},{"before":"019d9d791761a58408338a469b0f8e03faba8a68","after":"8985fd23db982fcd2324c51801a3fd74adb3534a","ref":"refs/heads/enpolat/12019-design-proposal-modular-parameters","pushedAt":"2024-06-20T00:05:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"polatengin","name":"Engin Polat","path":"/polatengin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/118744?s=80&v=4"},"commit":{"message":"renaming to empty semantic model","shortMessageHtmlLink":"renaming to empty semantic model"}},{"before":"3998f5ac2fad844fd935434b8ae8efbab9299621","after":"019d9d791761a58408338a469b0f8e03faba8a68","ref":"refs/heads/enpolat/12019-design-proposal-modular-parameters","pushedAt":"2024-06-20T00:01:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"polatengin","name":"Engin Polat","path":"/polatengin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/118744?s=80&v=4"},"commit":{"message":"simplifying if statement","shortMessageHtmlLink":"simplifying if statement"}},{"before":"87b53bbed659e2018d5723310e1e5a07adeb1524","after":"28c3da63bbfc10250905ba13b4343ce96b5d43ff","ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-19T19:45:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"additional highlight fixes","shortMessageHtmlLink":"additional highlight fixes"}},{"before":"bf8a3449001d797747dfcf7971751351e59fcbae","after":"87b53bbed659e2018d5723310e1e5a07adeb1524","ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-19T00:57:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"fixed type highlights","shortMessageHtmlLink":"fixed type highlights"}},{"before":null,"after":"bf8a3449001d797747dfcf7971751351e59fcbae","ref":"refs/heads/majastrz/type-highlighting","pushedAt":"2024-06-18T17:57:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"majastrz","name":"Marcin Jastrzebski","path":"/majastrz","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/22460039?s=80&v=4"},"commit":{"message":"Bump @typescript-eslint/parser from 7.12.0 to 7.13.0 in /src/highlightjs (#14340)\n\nBumps\r\n[@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)\r\nfrom 7.12.0 to 7.13.0.\r\n
\r\nRelease notes\r\n

Sourced from @​typescript-eslint/parser's\r\nreleases.

\r\n
\r\n

v7.13.0

\r\n

7.13.0 (2024-06-10)

\r\n

🚀 Features

\r\n\r\n

🩹 Fixes

\r\n\r\n

❤️ Thank You

\r\n\r\n

You can read about our versioning\r\nstrategy and releases\r\non our website.

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from @​typescript-eslint/parser's\r\nchangelog.

\r\n
\r\n

7.13.0 (2024-06-10)

\r\n

🚀 Features

\r\n\r\n

❤️ Thank You

\r\n\r\n

You can read about our versioning\r\nstrategy and releases\r\non our website.

\r\n
\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/parser&package-manager=npm_and_yarn&previous-version=7.12.0&new-version=7.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n###### Microsoft Reviewers: [Open in\r\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14340)\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump @typescript-eslint/parser from 7.12.0 to 7.13.0 in /src/highligh…"}},{"before":null,"after":"3733232b929d1b2489e2afa51f5b93af45ea1cd7","ref":"refs/heads/ant/jsonrpc","pushedAt":"2024-06-18T16:03:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Remove experimental flag for JSONRPC command group","shortMessageHtmlLink":"Remove experimental flag for JSONRPC command group"}},{"before":"a5446f1eca396c56579577ee80eadc79b6ef50c8","after":"89af644812fd5588343464e1ea49703bb0b77476","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-18T15:35:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Partially working","shortMessageHtmlLink":"Partially working"}},{"before":"04666baa14688bfc3cca4b11c0b26032207392f3","after":"a5446f1eca396c56579577ee80eadc79b6ef50c8","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-18T13:59:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Convert JSONRPC -> gRPC","shortMessageHtmlLink":"Convert JSONRPC -> gRPC"}},{"before":"d531d405e9e67ed6095fcf17566c6b462541f692","after":"04666baa14688bfc3cca4b11c0b26032207392f3","ref":"refs/heads/ant/grpc","pushedAt":"2024-06-18T11:30:47.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"anthony-c-martin","name":"Anthony Martin","path":"/anthony-c-martin","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/38542602?s=80&v=4"},"commit":{"message":"Convert JSONRPC -> gRPC","shortMessageHtmlLink":"Convert JSONRPC -> gRPC"}},{"before":"07e3cc62d0d55bdcb2e1b55d7b2e42c99fdc39f1","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/src/highlightjs/typescript-eslint/parser-7.13.0","pushedAt":"2024-06-18T01:22:50.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"StephenWeatherford","name":"Stephen Weatherford (MSFT)","path":"/StephenWeatherford","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6913354?s=80&v=4"}},{"before":"d5c5358d55d1abc9de7c8cbc811e59b04c6f9abb","after":"bf8a3449001d797747dfcf7971751351e59fcbae","ref":"refs/heads/main","pushedAt":"2024-06-18T01:22:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"StephenWeatherford","name":"Stephen Weatherford (MSFT)","path":"/StephenWeatherford","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6913354?s=80&v=4"},"commit":{"message":"Bump @typescript-eslint/parser from 7.12.0 to 7.13.0 in /src/highlightjs (#14340)\n\nBumps\r\n[@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)\r\nfrom 7.12.0 to 7.13.0.\r\n
\r\nRelease notes\r\n

Sourced from @​typescript-eslint/parser's\r\nreleases.

\r\n
\r\n

v7.13.0

\r\n

7.13.0 (2024-06-10)

\r\n

🚀 Features

\r\n
    \r\n
  • eslint-plugin: [no-dynamic-delete] allow all string\r\nliterals as index (#9280)
    • \r\n
  • parser, typescript-estree: export\r\nwithoutProjectParserOptions utility (#9233)
    • \r\n
  • typescript-estree: require import =\r\nrequire() argument to be a string literal (#9226)
    • \r\n
  • typescript-estree: forbid .body,\r\n.async, .generator on declare\r\nfunction (#9225)
    • \r\n
\r\n

🩹 Fixes

\r\n
    \r\n
  • ast-spec: function-call-like callee should be\r\nExpression not LeftHandSideExpression (#9231)
    • \r\n
  • eslint-plugin: [init-declarations] refine report\r\nlocations (#8893)
    • \r\n
  • eslint-plugin: [no-base-to-string] make error\r\nmessage more nuanced (#9281)
    • \r\n
  • eslint-plugin: [no-unsafe-assignment] be more\r\nspecific about error types (#8304)
    • \r\n
  • eslint-plugin: [no-magic-numbers] fix\r\nimplementation of the ignore option (#9167)
    • \r\n
  • scope-manager: handle index signature in class (#9054)
    • \r\n
\r\n

❤️ Thank You

\r\n
    \r\n
  • Fotis Papadogeorgopoulos
    • \r\n
  • Joshua Chen
    • \r\n
  • Kirk Waiblinger
    • \r\n
  • Tobiloba Adedeji @​tobySolutions
    • \r\n
  • Vinccool96
    • \r\n
  • YeonJuan @​yeonjuan
    • \r\n
\r\n

You can read about our versioning\r\nstrategy and releases\r\non our website.

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from @​typescript-eslint/parser's\r\nchangelog.

\r\n
\r\n

7.13.0 (2024-06-10)

\r\n

🚀 Features

\r\n
    \r\n
  • parser, typescript-estree: export\r\nwithoutProjectParserOptions utility
    • \r\n
\r\n

❤️ Thank You

\r\n
    \r\n
  • Fotis Papadogeorgopoulos
    • \r\n
  • Joshua Chen
    • \r\n
  • Kirk Waiblinger
    • \r\n
  • Tobiloba Adedeji
    • \r\n
  • Vinccool96
    • \r\n
  • YeonJuan
    • \r\n
\r\n

You can read about our versioning\r\nstrategy and releases\r\non our website.

\r\n
\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@typescript-eslint/parser&package-manager=npm_and_yarn&previous-version=7.12.0&new-version=7.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n
\r\n###### Microsoft Reviewers: [Open in\r\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14340)\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump @typescript-eslint/parser from 7.12.0 to 7.13.0 in /src/highligh…"}},{"before":"6ecd0d3bb5ec9bdba51025ea1ca5c02eeb513b43","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/src/Bicep.Cli.E2eTests/ws-7.5.10","pushedAt":"2024-06-18T01:22:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"StephenWeatherford","name":"Stephen Weatherford (MSFT)","path":"/StephenWeatherford","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6913354?s=80&v=4"}},{"before":"91b20f539ed8e3e73071cef056496ed973c8da9a","after":"d5c5358d55d1abc9de7c8cbc811e59b04c6f9abb","ref":"refs/heads/main","pushedAt":"2024-06-18T01:22:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"StephenWeatherford","name":"Stephen Weatherford (MSFT)","path":"/StephenWeatherford","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6913354?s=80&v=4"},"commit":{"message":"Bump ws from 7.5.7 to 7.5.10 in /src/Bicep.Cli.E2eTests (#14362)\n\nBumps [ws](https://github.com/websockets/ws) from 7.5.7 to 7.5.10.\r\n
\r\nRelease notes\r\n

Sourced from ws's\r\nreleases.

\r\n
\r\n

7.5.10

\r\n

Bug fixes

\r\n
    \r\n
  • Backported e55e5106 to the 7.x release line (22c28763).
    • \r\n
\r\n

7.5.9

\r\n

Bug fixes

\r\n
    \r\n
  • Backported bc8bd34e to the 7.x release line (0435e6e1).
    • \r\n
\r\n

7.5.8

\r\n

Bug fixes

\r\n
    \r\n
  • Backported 0fdcc0af to the 7.x release line (2758ed35).
    • \r\n
  • Backported d68ba9e1 to the 7.x release line (dc1781bc).
    • \r\n
\r\n
\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • d962d70\r\n[dist] 7.5.10
    • \r\n
  • 22c2876\r\n[security] Fix crash when the Upgrade header cannot be read (#2231)
    • \r\n
  • 8a78f87\r\n[dist] 7.5.9
    • \r\n
  • 0435e6e\r\n[security] Fix same host check for ws+unix: redirects
    • \r\n
  • 4271f07\r\n[dist] 7.5.8
    • \r\n
  • dc1781b\r\n[security] Drop sensitive headers when following insecure redirects
    • \r\n
  • 2758ed3\r\n[fix] Abort the handshake if the Upgrade header is invalid
    • \r\n
  • See full diff in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=7.5.7&new-version=7.5.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts page](https://github.com/Azure/bicep/network/alerts).\r\n\r\n
\r\n###### Microsoft Reviewers: [Open in\r\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14362)\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ws from 7.5.7 to 7.5.10 in /src/Bicep.Cli.E2eTests (#14362)"}},{"before":"37e920312b645ced6912490cd34fbb93ce82387c","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/src/monarch/ws-8.17.1","pushedAt":"2024-06-18T01:22:23.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"StephenWeatherford","name":"Stephen Weatherford (MSFT)","path":"/StephenWeatherford","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6913354?s=80&v=4"}},{"before":"8a6a534514f53714e65d181569765a6b9cffe0fa","after":"91b20f539ed8e3e73071cef056496ed973c8da9a","ref":"refs/heads/main","pushedAt":"2024-06-18T01:22:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"StephenWeatherford","name":"Stephen Weatherford (MSFT)","path":"/StephenWeatherford","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6913354?s=80&v=4"},"commit":{"message":"Bump ws from 8.8.1 to 8.17.1 in /src/monarch (#14364)\n\nBumps [ws](https://github.com/websockets/ws) from 8.8.1 to 8.17.1.\r\n
\r\nRelease notes\r\n

Sourced from ws's\r\nreleases.

\r\n
\r\n

8.17.1

\r\n

Bug fixes

\r\n
    \r\n
  • Fixed a DoS vulnerability (#2231).
    • \r\n
\r\n

A request with a number of headers exceeding\r\nthe[server.maxHeadersCount][]\r\nthreshold could be used to crash a ws server.

\r\n
const http = require('http');\r\nconst WebSocket = require('ws');\r\n
const wss = new WebSocket.Server({ port: 0 }, function () {\r\nconst chars =\r\n"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');\r\nconst headers = {};\r\nlet count = 0;
\r\n
for (let i = 0; i < chars.length; i++) {\r\nif (count === 2000) break;
\r\n
for (let j = 0; j &lt; chars.length; j++) {\r\n  const key = chars[i] + chars[j];\r\n  headers[key] = 'x';\r\n\r\n  if (++count === 2000) break;\r\n}\r\n
\r\n
}
\r\n
headers.Connection = 'Upgrade';\r\nheaders.Upgrade = 'websocket';\r\nheaders['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\r\nheaders['Sec-WebSocket-Version'] = '13';
\r\n
const request = http.request({\r\nheaders: headers,\r\nhost: '127.0.0.1',\r\nport: wss.address().port\r\n});
\r\n
request.end();\r\n});\r\n

\r\n

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

\r\n

In vulnerable versions of ws, the issue can be mitigated in the\r\nfollowing ways:

\r\n
    \r\n
  1. Reduce the maximum allowed length of the request headers using the\r\n[--max-http-header-size=size][] and/or the\r\n[maxHeaderSize][] options so\r\nthat no more headers than the server.maxHeadersCount limit\r\ncan be sent.
    2. \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 3c56601\r\n[dist] 8.17.1
    • \r\n
  • e55e510\r\n[security] Fix crash when the Upgrade header cannot be read (#2231)
    • \r\n
  • 6a00029\r\n[test] Increase code coverage
    • \r\n
  • ddfe4a8\r\n[perf] Reduce the amount of crypto.randomFillSync()\r\ncalls
    • \r\n
  • b73b118\r\n[dist] 8.17.0
    • \r\n
  • 29694a5\r\n[test] Use the highWaterMark variable
    • \r\n
  • 934c9d6\r\n[ci] Test on node 22
    • \r\n
  • 1817bac\r\n[ci] Do not test on node 21
    • \r\n
  • 96c9b3d\r\n[major] Flip the default value of allowSynchronousEvents\r\n(#2221)
    • \r\n
  • e5f32c7\r\n[fix] Emit at most one event per event loop iteration (#2218)
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.8.1&new-version=8.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts page](https://github.com/Azure/bicep/network/alerts).\r\n\r\n
\r\n###### Microsoft Reviewers: [Open in\r\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14364)\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ws from 8.8.1 to 8.17.1 in /src/monarch (#14364)"}},{"before":"cf7f1109eb5c378004dce96b8f6d0cabbba386ca","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/src/playground/ws-8.17.1","pushedAt":"2024-06-17T23:53:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"microsoft-github-policy-service[bot]","name":null,"path":"/apps/microsoft-github-policy-service","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/95686?s=80&v=4"}},{"before":"de3df6fdce0173c2a040d3a097911985e54cd010","after":"8a6a534514f53714e65d181569765a6b9cffe0fa","ref":"refs/heads/main","pushedAt":"2024-06-17T23:53:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"microsoft-github-policy-service[bot]","name":null,"path":"/apps/microsoft-github-policy-service","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/95686?s=80&v=4"},"commit":{"message":"Bump ws from 8.16.0 to 8.17.1 in /src/playground (#14363)\n\nBumps [ws](https://github.com/websockets/ws) from 8.16.0 to 8.17.1.\n
\nRelease notes\n

Sourced from ws's\nreleases.

\n
\n

8.17.1

\n

Bug fixes

\n
    \n
  • Fixed a DoS vulnerability (#2231).
    • \n
\n

A request with a number of headers exceeding\nthe[server.maxHeadersCount][]\nthreshold could be used to crash a ws server.

\n
const http = require('http');\nconst WebSocket = require('ws');\n
const wss = new WebSocket.Server({ port: 0 }, function () {\nconst chars =\n"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');\nconst headers = {};\nlet count = 0;
\n
for (let i = 0; i < chars.length; i++) {\nif (count === 2000) break;
\n
for (let j = 0; j &lt; chars.length; j++) {\n  const key = chars[i] + chars[j];\n  headers[key] = 'x';\n\n  if (++count === 2000) break;\n}\n
\n
}
\n
headers.Connection = 'Upgrade';\nheaders.Upgrade = 'websocket';\nheaders['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\nheaders['Sec-WebSocket-Version'] = '13';
\n
const request = http.request({\nheaders: headers,\nhost: '127.0.0.1',\nport: wss.address().port\n});
\n
request.end();\n});\n

\n

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

\n

In vulnerable versions of ws, the issue can be mitigated in the\nfollowing ways:

\n
    \n
  1. Reduce the maximum allowed length of the request headers using the\n[--max-http-header-size=size][] and/or the\n[maxHeaderSize][] options so\nthat no more headers than the server.maxHeadersCount limit\ncan be sent.
    2. \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n
    \n
  • 3c56601\n[dist] 8.17.1
    • \n
  • e55e510\n[security] Fix crash when the Upgrade header cannot be read (#2231)
    • \n
  • 6a00029\n[test] Increase code coverage
    • \n
  • ddfe4a8\n[perf] Reduce the amount of crypto.randomFillSync()\ncalls
    • \n
  • b73b118\n[dist] 8.17.0
    • \n
  • 29694a5\n[test] Use the highWaterMark variable
    • \n
  • 934c9d6\n[ci] Test on node 22
    • \n
  • 1817bac\n[ci] Do not test on node 21
    • \n
  • 96c9b3d\n[major] Flip the default value of allowSynchronousEvents\n(#2221)
    • \n
  • e5f32c7\n[fix] Emit at most one event per event loop iteration (#2218)
    • \n
  • Additional commits viewable in compare\nview
    • \n
\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.16.0&new-version=8.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the\n[Security Alerts page](https://github.com/Azure/bicep/network/alerts).\n\n
\n###### Microsoft Reviewers: [Open in\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14363)\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ws from 8.16.0 to 8.17.1 in /src/playground (#14363)"}},{"before":"559612c3fd6c7f691619bc684ad612819cd2cecf","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/src/vscode-bicep/ws-8.17.1","pushedAt":"2024-06-17T23:53:01.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"microsoft-github-policy-service[bot]","name":null,"path":"/apps/microsoft-github-policy-service","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/95686?s=80&v=4"}},{"before":"89d4f01581a23dbd7c57cfd6808245f5e6cdd301","after":"de3df6fdce0173c2a040d3a097911985e54cd010","ref":"refs/heads/main","pushedAt":"2024-06-17T23:53:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"microsoft-github-policy-service[bot]","name":null,"path":"/apps/microsoft-github-policy-service","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/95686?s=80&v=4"},"commit":{"message":"Bump ws from 8.16.0 to 8.17.1 in /src/vscode-bicep (#14361)\n\nBumps [ws](https://github.com/websockets/ws) from 8.16.0 to 8.17.1.\n
\nRelease notes\n

Sourced from ws's\nreleases.

\n
\n

8.17.1

\n

Bug fixes

\n
    \n
  • Fixed a DoS vulnerability (#2231).
    • \n
\n

A request with a number of headers exceeding\nthe[server.maxHeadersCount][]\nthreshold could be used to crash a ws server.

\n
const http = require('http');\nconst WebSocket = require('ws');\n
const wss = new WebSocket.Server({ port: 0 }, function () {\nconst chars =\n"!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');\nconst headers = {};\nlet count = 0;
\n
for (let i = 0; i < chars.length; i++) {\nif (count === 2000) break;
\n
for (let j = 0; j &lt; chars.length; j++) {\n  const key = chars[i] + chars[j];\n  headers[key] = 'x';\n\n  if (++count === 2000) break;\n}\n
\n
}
\n
headers.Connection = 'Upgrade';\nheaders.Upgrade = 'websocket';\nheaders['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';\nheaders['Sec-WebSocket-Version'] = '13';
\n
const request = http.request({\nheaders: headers,\nhost: '127.0.0.1',\nport: wss.address().port\n});
\n
request.end();\n});\n

\n

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

\n

In vulnerable versions of ws, the issue can be mitigated in the\nfollowing ways:

\n
    \n
  1. Reduce the maximum allowed length of the request headers using the\n[--max-http-header-size=size][] and/or the\n[maxHeaderSize][] options so\nthat no more headers than the server.maxHeadersCount limit\ncan be sent.
    2. \n
\n\n
\n

... (truncated)

\n
\n
\nCommits\n
    \n
  • 3c56601\n[dist] 8.17.1
    • \n
  • e55e510\n[security] Fix crash when the Upgrade header cannot be read (#2231)
    • \n
  • 6a00029\n[test] Increase code coverage
    • \n
  • ddfe4a8\n[perf] Reduce the amount of crypto.randomFillSync()\ncalls
    • \n
  • b73b118\n[dist] 8.17.0
    • \n
  • 29694a5\n[test] Use the highWaterMark variable
    • \n
  • 934c9d6\n[ci] Test on node 22
    • \n
  • 1817bac\n[ci] Do not test on node 21
    • \n
  • 96c9b3d\n[major] Flip the default value of allowSynchronousEvents\n(#2221)
    • \n
  • e5f32c7\n[fix] Emit at most one event per event loop iteration (#2218)
    • \n
  • Additional commits viewable in compare\nview
    • \n
\n
\n
\n\n\n[![Dependabot compatibility\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.16.0&new-version=8.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't\nalter it yourself. You can also trigger a rebase manually by commenting\n`@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits\nthat have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after\nyour CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge\nand block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating\nit. You can achieve the same result by closing it manually\n- `@dependabot show ignore conditions` will show all\nof the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop\nDependabot creating any more for this major version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop\nDependabot creating any more for this minor version (unless you reopen\nthe PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop\nDependabot creating any more for this dependency (unless you reopen the\nPR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the\n[Security Alerts page](https://github.com/Azure/bicep/network/alerts).\n\n
\n###### Microsoft Reviewers: [Open in\nCodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/Azure/bicep/pull/14361)\n\nSigned-off-by: dependabot[bot] \nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump ws from 8.16.0 to 8.17.1 in /src/vscode-bicep (#14361)"}},{"before":null,"after":"37e920312b645ced6912490cd34fbb93ce82387c","ref":"refs/heads/dependabot/npm_and_yarn/src/monarch/ws-8.17.1","pushedAt":"2024-06-17T23:43:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump ws from 8.8.1 to 8.17.1 in /src/monarch\n\nBumps [ws](https://github.com/websockets/ws) from 8.8.1 to 8.17.1.\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/8.8.1...8.17.1)\n\n---\nupdated-dependencies:\n- dependency-name: ws\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump ws from 8.8.1 to 8.17.1 in /src/monarch"}},{"before":null,"after":"cf7f1109eb5c378004dce96b8f6d0cabbba386ca","ref":"refs/heads/dependabot/npm_and_yarn/src/playground/ws-8.17.1","pushedAt":"2024-06-17T23:43:00.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump ws from 8.16.0 to 8.17.1 in /src/playground\n\nBumps [ws](https://github.com/websockets/ws) from 8.16.0 to 8.17.1.\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/8.16.0...8.17.1)\n\n---\nupdated-dependencies:\n- dependency-name: ws\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump ws from 8.16.0 to 8.17.1 in /src/playground"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEa8uoagA","startCursor":null,"endCursor":null}},"title":"Activity · Azure/bicep"}