Bump json from 2.18.1 to 2.19.2 in /ruby#552
Open
dependabot[bot] wants to merge 704 commits intomasterfrom
Open
Bump json from 2.18.1 to 2.19.2 in /ruby#552dependabot[bot] wants to merge 704 commits intomasterfrom
dependabot[bot] wants to merge 704 commits intomasterfrom
Conversation
Fix WORKDIR
Update Dockerfile
Update README.md
Update README.md
This reverts commit f5eeac6.
Revert "Update Dockerfile"
link to tiny quickstart
Create README.md
EUWECRY-1084: Refactor Quickstart app for UK/EU payment initiation
Removes [got](https://github.com/sindresorhus/got). It's no longer used after updating ancestor dependency [nodemon](https://github.com/remy/nodemon). These dependencies need to be updated together. Removes `got` Updates `nodemon` from 2.0.5 to 2.0.20 - [Release notes](https://github.com/remy/nodemon/releases) - [Commits](remy/nodemon@v2.0.5...v2.0.20) --- updated-dependencies: - dependency-name: got dependency-type: indirect - dependency-name: nodemon dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [shell-quote](https://github.com/ljharb/shell-quote) to 1.7.3 and updates ancestor dependency [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts). These dependencies need to be updated together. Updates `shell-quote` from 1.7.2 to 1.7.3 - [Release notes](https://github.com/ljharb/shell-quote/releases) - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.7.2...1.7.3) Updates `react-scripts` from 4.0.1 to 5.0.1 - [Release notes](https://github.com/facebook/create-react-app/releases) - [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-4.x.md) - [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts) --- updated-dependencies: - dependency-name: shell-quote dependency-type: indirect - dependency-name: react-scripts dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…nd-nodemon--removed Bump got and nodemon in /node
Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.4. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@2.2.3...2.2.4) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…hell-quote-and-react-scripts-1.7.3 Bump shell-quote and react-scripts in /frontend
Bump rack from 2.2.3 to 2.2.4 in /ruby
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.7. - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](minimistjs/minimist@v1.2.5...v1.2.7) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.7 to 1.15.2. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.7...v1.15.2) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ollow-redirects-1.15.2 Bump follow-redirects from 1.14.7 to 1.15.2 in /frontend
…inimist-1.2.7 Bump minimist from 1.2.5 to 1.2.7 in /frontend
unbreak frontend
specify supported node version
Updates the Node.js quickstart to support the new user creation flow: - Default to sending identity object with proper schema (name, emails, phone_numbers, addresses) - Auto-retry with consumer_report_user_identity on INVALID_FIELD error - Track both user_id and user_token from responses - Use user_token when available (from consumer_report_user_identity), otherwise user_id - Remove user.client_user_id when passing user_id/user_token to link token creation - Update CRA endpoints to use correct identifier (user_token or user_id) - Income endpoints always use user_token as required - Upgrade plaid library to v40.0.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated all backend implementations (Python, Node.js, Go, Java, Ruby) to support both old-style (user_token) and new-style (user_id) CRA user integrations. Each backend now tries the Identity field first, then falls back to ConsumerReportUserIdentity if that fails. All CRA endpoints (base_report, income_insights, partner_insights) handle both user_token and user_id parameters. Frontend updated to display both user_token and user_id when available. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add null checks for Java error body reading to prevent NullPointerException - Fix Java and Ruby to only retry on INVALID_FIELD errors, not all errors - Fix duplicate client_user_id generation: now reuses same ID on retry across all backends - Remove superfluous comments for cleaner, self-documenting code 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed all instances of itemID to itemId to follow Java camelCase convention consistently with other variables like userId, accessToken, etc. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The compiled go/server binary (22MB) should not be tracked in git. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Node.js: 40.0.0 → 41.0.0 - Python: 37.1.0 → 38.0.0 - Go: 40.1.0 → 41.0.0 (updated import path from v40 to v41) - Java: 38.1.0 → 39.0.0 - Ruby: 44.1.0 → 45.0.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This reverts commit 629693f.
- Add support for new user APIs (see https://plaid.com/docs/api/users/user-apis/) - Bump dependencies
frontend: - Update plaid to ^41.1.0 (from ^39.1.0) - Update plaid-threads to ^14.5.0 (from ^11.2.3) - Apply safe minor/patch updates to testing libraries, sass, immer node: - Update plaid to ^41.1.0 (from ^41.0.0) - Update express to ^4.22.1 - Update dotenv, nodemon, body-parser, cors - Apply safe minor/patch updates Testing: Installation and build tests passed Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Python: plaid_python 38.0.0 → 38.1.0 - Java: plaid-java 39.0.0 → 39.1.0 - Ruby: plaid 45.0.0 → 45.1.0 - Go: already at 41.0.0 (latest) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Python (python/requirements.txt): - Update plaid_python 38.0.0 -> 38.1.0 - Update werkzeug 3.1.4 -> 3.1.5 Ruby (ruby/Gemfile.lock): - Update plaid 45.0.0 -> 45.1.0 - Update puma 7.1.0 -> 7.2.0 - Update tilt 2.6.1 -> 2.7.0 - Update public_suffix 7.0.0 -> 7.0.2 Java (java/pom.xml): - Update plaid-java 39.0.0 -> 39.1.0 - Update jaxb-api 2.3.1 -> 2.4.0 - Update jaxb-impl 2.3.9 -> 2.4.0 Go (go/go.mod): - Update plaid-go/v41 41.0.0 -> 41.1.0 - Update sonic 1.14.2 -> 1.15.0 - Update quic-go 0.58.0 -> 0.59.0 - Update various golang.org/x/* packages Testing: All SDKs updated to latest versions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Python: 3.12-alpine → 3.12.12-alpine - Ruby: 3.3 → 3.3.10 - Go: 1.24 → 1.24.13 - Maven/JDK: 3.9-eclipse-temurin-21 → 3.9.12-eclipse-temurin-21 - Node: 20-alpine → 20.20.0-alpine All patch-level updates within same minor versions for stability. Testing: Python and Node containers build successfully Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Run npm update to update all dependencies within their semver ranges. This updates axios from 1.13.2 to 1.13.5, which includes security fixes for a Denial of Service vulnerability via __proto__ key in mergeConfig. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update dependencies - quickstart
When Docker support was added, Docker Desktop was free. It no longer is for commercial use, which has significantly reduced usage. Additionally, users were confused thinking Docker was required to run the quickstart. Removing Docker files and updating the README to present native language execution as the single, straightforward path.
Remove Docker support from quickstart
Fix formatting in README.md for Credit Quickstart link
Clarify the description of the main Plaid Quickstart and add links to additional resources.
Bumps [json](https://github.com/ruby/json) from 2.18.1 to 2.19.2. - [Release notes](https://github.com/ruby/json/releases) - [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md) - [Commits](ruby/json@v2.18.1...v2.19.2) --- updated-dependencies: - dependency-name: json dependency-version: 2.19.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps json from 2.18.1 to 2.19.2.
Release notes
Sourced from json's releases.
Changelog
Sourced from json's changelog.
Commits
54f8a87Release 2.19.2393b41cFix a format string injection vulnerabilitydbf6bb1Merge pull request #953 from ruby/dependabot/github_actions/actions/create-gi...7187315Bump actions/create-github-app-token from 2 to 34a42a04Release 2.19.113689c2Add missing GC_GUARD infbuffer_append_stra11acc1Release 2.19.00a4fb79fbuffer.h: Use size_t over unsigned longa29fcdcAdd depth validation to Jruby and TruffleRuby implementationsde993aaReject negative depth; add overflow guards to prevent hang/crashDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.