fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@azure/core-amqp (source)	^1.1.0 -> ^4.0.0					dependencies	major
@azure/event-hubs (source)	5.0.1 -> 5.12.0					dependencies	minor
@babel/cli (source)	7.12.10 -> 7.24.7					devDependencies	minor
@babel/core (source)	7.12.10 -> 7.24.7					devDependencies	minor
@babel/plugin-syntax-jsx (source)	7.12.1 -> 7.24.7					devDependencies	minor
@babel/plugin-transform-modules-commonjs (source)	7.12.1 -> 7.24.7					devDependencies	minor
@babel/plugin-transform-runtime (source)	7.12.10 -> 7.24.7					devDependencies	minor
@babel/preset-env (source)	7.12.11 -> 7.24.7					devDependencies	minor
@babel/runtime (source)	7.12.5 -> 7.24.7					dependencies	minor
@types/jest (source)	26.0.20 -> 29.5.12					devDependencies	major
@vue/babel-helper-vue-jsx-merge-props (source)	1.2.1 -> 1.4.0					dependencies	minor
@vue/test-utils	1.1.2 -> 2.4.6					devDependencies	major
alex (source)	9.1.0 -> 11.0.1					devDependencies	major
azure-iothub	1.11.0 -> 1.16.5					dependencies	minor
babel-jest (source)	26.6.3 -> 29.7.0					devDependencies	major
babel-loader	8.2.2 -> 9.1.3					devDependencies	major
body-parser	1.19.0 -> 1.20.2					dependencies	minor
chartist (source)	^0.11.4 -> ^1.0.0					dependencies	major
css-loader	5.0.1 -> 7.1.2					devDependencies	major
debug	4.3.2 -> 4.3.5					devDependencies	patch
dotenv	^8.1.0 -> ^16.0.0					dependencies	major
eslint (source)	7.19.0 -> 9.4.0					devDependencies	major
eslint-plugin-vue (source)	7.5.0 -> 9.26.0					devDependencies	major
express-sanitizer	1.0.5 -> 1.0.6					dependencies	patch
husky	4.3.8 -> 9.0.11					devDependencies	major
jest (source)	26.6.3 -> 29.7.0					devDependencies	major
jest-axe	4.1.0 -> 9.0.0					devDependencies	major
jmespath	^0.15.0 -> ^0.16.0					dependencies	minor
node	10.19.0-alpine -> 20.14.0-alpine					final	major
nodemon (source)	2.0.7 -> 3.1.3					devDependencies	major
npm-run-all	4.1.5 -> 5.0.0					devDependencies	replacement
rhea-promise	^1.0.0 -> ^3.0.0					dependencies	major
socket.io	^3.0.0 -> ^4.0.0					dependencies	major
style-loader	2.0.0 -> 4.0.0					devDependencies	major
supertest	6.1.3 -> 7.0.0					devDependencies	major
vue (source)	^2.6.12 -> ^3.0.0					dependencies	major
vue-a11y-dialog	^0.5.2 -> ^1.0.0					dependencies	major
vue-accessible-color-picker (source)	^1.1.2 -> ^5.0.0					dependencies	major
vue-jest	4.0.0-rc.1 -> 4.0.1					devDependencies	patch
vue-loader	15.9.6 -> 17.4.2					devDependencies	major
vue-template-compiler (source)	2.6.12 -> 2.7.16					devDependencies	minor
webpack-cli (source)	4.4.0 -> 5.1.4					devDependencies	major
whatwg-fetch	3.5.0 -> 3.6.20					devDependencies	minor

This is a special PR that replaces npm-run-all with the community suggested minimal stable replacement version.

---

Release Notes

Azure/azure-sdk-for-js (@​azure/core-amqp)

v4.0.0

4.0.0 (2023-09-12)

Features Added

• Added Changefeed support for partition keys, feed ranges, and entire container. #​18062
• Added Diagnostics to all response objects, i.e. ResourceResponse (parent class for ItemRespone, ContainerResponse etc.), FeedResponse, ChangeFeedIteratorResponse,
  ErrorResponse, BulkOperationResponse. #​21177
• Added support for hierarchical partitions. #​23416
• Added support of index metrics. #​20194
• Improved the retry utility to align with other language SDKs. Now, it automatically retries requests on the next available region when encountering HTTP 503 errors (Service Unavailable)
  and handles HTTP timeouts more effectively, enhancing the SDK's reliability. #​23475
• Added priority based throttling. docs #​26393

Bugs Fixed

• Updated response codes for the getDatabase() method. #​25932
• Fix Upsert operation failing when partition key of container is /id and /id is missing in the document. #​21383

Breaking Changes

• The definition of PartitionKey is changed, PartitionKeyDefinition is now a independent type. #​23416

v3.1.0

3.1.0 (2023-10-18)

Features

• Added Interface ManagedServiceIdentity
• Added Interface UserAssignedIdentity
• Added Type Alias ManagedServiceIdentityType
• Interface ManagedHsmResource has a new optional parameter identity
• Added Enum KnownManagedServiceIdentityType

v3.0.0

3.0.0 (2021-06-09)

Breaking changes

• Updates the rhea-promise and rhea dependencies to version 2.x. rhea contains a breaking change that changes deserialization of timestamps from numbers to Date objects.
• Removes the AsyncLock and defaultLock exports. defaultCancellableLock should be used instead.

v2.3.0

2.3.0 (2021-04-29)

• Updates AmqpAnnotatedMessage to identify the AMQP section where body data was decoded from. PR 14703.

• Adds CancellableAsyncLock as an alternative to AsyncLock that supports cancellation via the abort signal. PR 14844.

v2.2.0

2.2.0 (2021-03-30)

• Updates translateError to convert non-object type parameters to errors.
  The parameter will be part of the error's message property unless the parameter is null or undefined.
  Fixes issue 14499.

• Addresses issue 9988
  by updating the following operations to accept an abortSignal to allow cancellation:

  • CbsClient.init()
  • CbsClient.negotiateClaim()
  • RequestResponseLink.create()

• Exporting StandardAbortMessage that is the standard error message accompanying the AbortError.

v2.1.0

2.1.0 (2021-02-08)

• Fixes the bug reported in issue 13048.
  Now an informative error is thrown describing the circumstance that led to the error.
• Adds the ability to configure the amqpHostname and port that a ConnectionContextBase will use when connecting to a service.
  The host field refers to the DNS host or IP address of the service, whereas the amqpHostname
  is the fully qualified host name of the service. Normally host and amqpHostname will be the same.
  However if your network does not allow connecting to the service via the public host,
  you can specify a custom host (e.g. an application gateway) via the host field and continue
  using the public host as the amqpHostname.

v2.0.1

2.0.1 (2021-10-28)

Features Added

• The ManagedIdentityCredential now supports the Service Fabric environment.

Bugs Fixed

• Fixed a bug that caused the AzureCliCredential to fail on Windows. Issue 18268.

v2.0.0

2.0.0 (2021-10-15)

After multiple beta releases over the past year, we're proud to announce the general availability of version 2 of the @azure/identity package. This version includes the best parts of v1, plus several improvements.

This changelog entry showcases the changes that have been made from version 1 of this package. See the v1-to-v2 migration guide for details on how to upgrade your application to use the version 2 of @azure/identity. For information on troubleshooting the Identity package, see the troubleshooting guide.

Features Added

Plugin API

Identity v2 provides a top-level useIdentityPlugin function, which allows using two new plugin packages:

• @​azure/identity-vscode, which provides the dependencies of VisualStudioCodeCredential and enables it.
  • If the @azure/identity-vscode plugin isn't used through the useIdentityPlugin function, the VisualStudioCodeCredential exposed by Identity v2 will throw a CredentialUnavailableError.
• @​azure/identity-cache-persistence, which provides persistent token caching.

Most credentials on Identity v2 now support the persistent token caching feature. Such credentials include the property tokenCachePersistenceOptions in the constructor options which can be used to enable this feature.

The following example showcases how to enable persistence caching by first enabling the @azure/identity-cache-persistence plugin with useIdentityPlugin(cachePersistencePlugin), and then passing the tokenCachePersistenceOptions through the constructor of the DeviceCodeCredential:

import { cachePersistencePlugin } from "@​azure/identity-cache-persistence";
import { useIdentityPlugin, DeviceCodeCredential } from "@​azure/identity";

useIdentityPlugin(cachePersistencePlugin);

async function main() {
  const credential = new DeviceCodeCredential({
    tokenCachePersistenceOptions: {
      enabled: true
    }
  });
}

New credentials

Identity v2 includes two new credential types:

• AzurePowerShellCredential, which re-uses any account previously authenticated with the Az.Account PowerShell module.
• OnBehalfOfCredential, which enables the On-Behalf-Of authentication flow.

New features in all credentials

Identity v2 enables:

• Support for claims challenges resulting from Continuous Access Enforcement (CAE) and Conditional Access authentication context.
  • By default, credentials of Identity v2 will produce tokens that can be used to trigger the challenge authentication flows. After these tokens expire, the next HTTP requests to Azure will fail, but the response will contain information to re-authenticate.
  • To disable this behavior, set the environment variable AZURE_IDENTITY_DISABLE_CP1 to any value. For more about claims challenges, see Claims challenges, claims requests, and client capabilities.
• Support for multi-tenant authentication on all credentials except ManagedIdentityCredential.
  • At the moment, applications needing multi-tenancy support will need to call to the credentials' getToken directly, sending the new tenantId property.
  • A sample with more context will be provided in a future date.
  • To disable it, set the environment variable AZURE_IDENTITY_DISABLE_MULTITENANTAUTH. For more about multitenancy, see Identity management in multitenant apps.

New features in InteractiveBrowserCredential and DeviceCodeCredential

You can now control when the credential requests user input with the new disableAutomaticAuthentication option added to the options you pass to the credential constructors.

• When enabled, this option stops the getToken() method from requesting user input in case the credential is unable to authenticate silently.
• If getToken() fails to authenticate without user interaction, and disableAutomaticAuthentication has been set to true, a new error will be thrown: AuthenticationRequired. You may use this error to identify scenarios when manual authentication needs to be triggered (with authenticate(), as described in the next point).

A new method authenticate() is added to these credentials which is similar to getToken(), but it does not read the disableAutomaticAuthentication option described above.

• Use this to get an AuthenticationRecord which you can then use to create new credentials that will re-use the token information.
• The AuthenticationRecord object has a serialize() method that allows an authenticated account to be stored as a string and re-used in another credential at any time. Use the new helper function deserializeAuthenticationRecord to de-serialize this string.
• authenticate() might succeed and still return undefined if we're unable to pick just one account record from the cache. This might happen if the cache is being used by more than one credential, or if multiple users have authenticated using the same Client ID and Tenant ID. To ensure consistency on a program with many users, please keep track of the AuthenticationRecord and provide them in the constructors of the credentials on initialization.

Learn more via the below samples

• Samples around controlling user interaction.
• Samples around persisting user authentication data.

New features in ManagedIdentityCredential

In Identity v2, the ManagedIdentityCredential retries with exponential back-off when a request for a token fails with a 404 status code. This change only applies to environments with available IMDS endpoints.

Azure Service Fabric support hasn't been added on the initial version 2 of Identity. Subscribe to issue #​12420 for updates on this feature.

Other features

• ClientCertificateCredential now optionally accepts a configuration object as its third constructor parameter, instead of the PEM certificate path. This new object, called ClientCertificateCredentialPEMConfiguration, can contain either the PEM certificate path with the certificatePath property, or the contents of the PEM certificate with the certificate property..
• The Node.js version of InteractiveBrowserCredential has Proof Key for Code Exchange (PKCE) enabled by default.
• InteractiveBrowserCredential has a new loginHint constructor option, which allows a username to be pre-selected for interactive logins.
• In AzureCliCredential, we allow specifying a tenantId in the parameters through the AzureCliCredentialOptions.
• A new error, named AuthenticationRequiredError, has been added. This error shows up when a credential fails to authenticate silently.
• Errors and logged exceptions may point to the new troubleshooting guidelines.
• On all of the credentials we're providing, the initial authentication attempt in the lifetime of your app will include an additional request to first discover relevant endpoint metadata information from Azure.

Breaking changes

Breaking changes from v1

• For ClientCertificateCredential specifically, the validity of the PEM certificate is evaluated on getToken and not on the constructor.

• We have also renamed the error CredentialUnavailable to CredentialUnavailableError, to align with the naming convention used for error classes in the Azure SDKs in JavaScript.

• In v1 of Identity some getToken calls could resolve with null in the case the authentication request succeeded with a malformed output. In v2, issues with the getToken method will always throw errors.

• Breaking changes to InteractiveBrowserCredential

  • The InteractiveBrowserCredential will use the Auth Code Flow with PKCE rather than Implicit Grant Flow to better support browsers with enhanced security restrictions. Learn how to migrate in the migration guide. Read more about the latest InteractiveBrowserCredential here.
  • The default client ID used for InteractiveBrowserCredential was viable only in Node.js and not for the browser. Therefore, on v2 client ID is a required parameter when using this credential in browser apps.
  • Identity v2 also removes the postLogoutRedirectUri from the options to the constructor for InteractiveBrowserCredential. This option wasn't being used. Instead of using this option, use MSAL directly. For more information, see Authenticating with the @​azure/msal-browser Public Client.
  • In Identity v2, VisualStudioCodeCredential throws a CredentialUnavailableError unless the new @​azure/identity-vscode plugin is used.

• Standardizing the tracing span names to be <className>.<operationName> over <className>-<operationName>

Breaking Changes from 2.0.0-beta.4

• Removed the allowMultiTenantAuthentication option from all of the credentials. Multi-tenant authentication is now enabled by default. On Node.js, it can be disabled with the AZURE_IDENTITY_DISABLE_MULTITENANTAUTH environment variable.
• Removed support for specific Azure regions on ClientSecretCredential and `ClientCertificateCredential. This feature will be added back on the next beta.

Breaking Changes from 2.0.0-beta.6

• Stopped exporting the ApplicationCredential from the package. This will be re-introduced in the future.
• Removed the CredentialPersistenceOptions from DefaultAzureCredential and EnvironmentCredential.
• Merged the configuration and the options bag on the OnBehalfOfCredential into a single options bag.
• AuthenticationRequiredError (introduced in 2.0.0-beta.1) now has its parameters into a single options bag.
• AuthenticationRequiredError (introduced in 2.0.0-beta.1) now has its parameters in a single options bag, AuthenticationRequiredErrorOptions.
• InteractiveBrowserCredentialOptions has been renamed to InteractiveBrowserCredentialNodeOptions, and InteractiveBrowserCredentialBrowserOptions has been named InteractiveBrowserCredentialInBrowserOptions.

Bugs Fixed

• ClientSecretCredential, ClientCertificateCredential, and UsernamePasswordCredential throw if the required parameters aren't provided (even in JavaScript).
• Fixed a bug that caused AzureCliCredential to fail when a custom tenant ID was provided.
• Caught up with the bug fixes for Azure POD Identity that were implemented on version 1.5.1.

Other Changes

Identity v2 no longer includes native dependencies (neither ordinary, peer, nor optional dependencies). Previous distributions of @azure/identity included an optional dependency on keytar, which caused issues for some users in restrictive environments.

Identity v2 for JavaScript now also depends on the latest available versions of @azure/msal-common, @azure/msal-node, and @azure/msal-browser. Our goal is to always be up-to-date with the MSAL versions.

v1.1.7

1.1.7 (2020-10-29)

• Internal improvement - Previously, each RequestResponseLink.sendRequest call adds an "onMessage" listener to the ReceiverEvents.message event and keeps discarding the responses that did not match the request-id and returns the response if matched. Adding many listeners would also result in a warning such as MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 message listeners added to [Receiver]. Use emittr.setMaxListeners() to increase limit.
  This has been improved to reuse a single listener for all the requests by maintaining a map of deferred promises that would be resolved(or rejected) upon receiving a message event.
  PR 11749

v1.1.6

1.1.6 (2020-09-08)

• Support using the SharedAccessSignature from the connection string.
  (PR 10951).

v1.1.5

1.1.5 (2020-08-04)

• Fixes issue 9615
  where closing the RequestResponseLink session before closing the receiver
  could cause the service to report a missing session channel.

v1.1.4

1.1.4 (2020-06-30)

• Fixes issue 9287
  where operations that used the RequestResponseLink and encountered an error
  would fail to cleanup their internal timer.
  This caused exiting the process to be delayed until the timer reached its timeout.
• If none is present, add a unique id to message_id on the request to be sent when using the RequestResponseLink. This helps in determining the right response for the request when multiple send requests are made in parallel.
  PR 9503

v1.1.3

1.1.3 (2020-06-02)

• Updated to use the latest version of the rhea package.
  This update fixes an issue where an uncaught exception could be thrown some time after a connection was disconnected.
  PR 8758

v1.1.2

1.1.2 (2020-04-28)

• Adds compatiblity with TypeScript versions 3.1 through 3.6+.
  PR 8540
• Add a new method refreshConnection() on the ConnectionContextBase to replace the connection property on it with a new rhea-promise Connection object.
  PR 8563

v1.1.1

1.1.1 (2020-03-31)

• Removes direct dependency on @azure/identity as it is not used directly by this package.
  PR 7669

babel/babel (@​babel/cli)

v7.24.7

Compare Source

🐛 Bug Fix

• babel-node
  • #​16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #​16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #​16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #​16525 Delete unused array helpers (@​blakewilson)

v7.24.6

Compare Source

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #​16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #​16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #​16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #​16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.