build(deps): bump semver, bcrypt and pg in /services/backend/auth-server

[dependabot]

Bumps semver to 7.5.4 and updates ancestor dependencies semver, bcrypt and pg. These dependencies need to be updated together.

Updates semver from 4.3.2 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

... (truncated)

Commits

• 36cd334 chore: release 7.5.4
• 8456d87 chore: postinstall for dependabot template-oss PR
• dde1f00 chore: postinstall for dependabot template-oss PR
• dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
• d619f66 chore: postinstall for dependabot template-oss PR
• 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
• cc6fde2 fix: trim each range set before parsing
• 99d8287 fix: correctly parse long build ids as valid (#583)
• 4f0f6b1 chore: fix arguments in whitespace test (#574)
• 6bd1a37 chore: remove duplicate test in semver class (#575)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates bcrypt from 3.0.8 to 5.1.0

Release notes

Sourced from bcrypt's releases.

v5.1.0

What's Changed

• Update node-pre-gyp to 1.0.2 by @​feuxfollets1013 in kelektiv/node.bcrypt.js#865
• Update README for inclusion of musl by @​arbourd in kelektiv/node.bcrypt.js#883
• Version bump, security updates to sub dep npmlog by @​adaniels-parabol in kelektiv/node.bcrypt.js#905
• document ESM usage (#892) by @​mariusa in kelektiv/node.bcrypt.js#899
• fix: update travis CI Docker image repository by @​cokia in kelektiv/node.bcrypt.js#930
• Update node versions in appveyor test matrix by @​p-kuen in kelektiv/node.bcrypt.js#936
• chore(appveyor): not use latest npm by @​cokia in kelektiv/node.bcrypt.js#932
• chore: update Appveyor readme badge by @​cokia in kelektiv/node.bcrypt.js#933
• Use Github actions for CI by @​recrsn in kelektiv/node.bcrypt.js#858
• Update dependencies by @​recrsn in kelektiv/node.bcrypt.js#953
• Migrate tests to use Jest by @​recrsn in kelektiv/node.bcrypt.js#958
• Pin NAPI to v3 by @​recrsn in kelektiv/node.bcrypt.js#959

New Contributors

• @​feuxfollets1013 made their first contribution in kelektiv/node.bcrypt.js#865
• @​arbourd made their first contribution in kelektiv/node.bcrypt.js#883
• @​adaniels-parabol made their first contribution in kelektiv/node.bcrypt.js#905
• @​mariusa made their first contribution in kelektiv/node.bcrypt.js#899
• @​cokia made their first contribution in kelektiv/node.bcrypt.js#930
• @​p-kuen made their first contribution in kelektiv/node.bcrypt.js#936

Full Changelog: kelektiv/node.bcrypt.js@v5.0.1...v5.1.0

v5.0.1

Update node-pre-gyp to 1.0.0

v5.0.0

• Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255. It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug was unsuccessful.
• Experimental support for z/OS
• Fix a bug related to NUL in password input
• Update node-pre-gyp to 0.15.0

v4.0.1

bcrypt 4.0.1

v4.0.0

NAPI support

Changelog

Sourced from bcrypt's changelog.

5.1.0 (2022-10-06)

• Update node-pre-gyp to 1.0.10
• Replace nodeunit with jest as the testing library

5.0.1 (2021-02-22)

• Update node-pre-gyp to 1.0.0

5.0.0 (2020-06-02)

• Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255. It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug was unsuccessful.
• Experimental support for z/OS
• Fix a bug related to NUL in password input
• Update node-pre-gyp to 0.15.0

4.0.1 (2020-02-27)

• Fix compilation errors in Alpine linux

4.0.0 (2020-02-17)

• Switch to NAPI bcrypt
• Drop support for NodeJS 8

Commits

• fc225b1 Merge pull request #960 from kelektiv/release-v5-1-0
• 809ad03 Prepare for v5.1.0
• 9eec9e8 Merge pull request #959 from kelektiv/release-v5-1-0
• b309eaf Pin NAPI to v3
• 9d6516a Merge pull request #958 from kelektiv/jest
• 5a2b952 Increase test timeout
• 8d201d1 Move tests to use Jest
• 5a7082a Merge pull request #955 from kelektiv/github-actions
• fa5bc55 Fix github actions
• 86aa111 Merge pull request #953 from kelektiv/version-update
• Additional commits viewable in compare view

Updates pg from 8.0.3 to 8.11.1

Changelog

Sourced from pg's changelog.

All major and minor releases are briefly explained below.

For richer information consult the commit log on github with referenced pull requests.

We do not include break-fix version release in this file.

pg-pool@8.10.0

• Emit release event when client is returned to the pool.

pg@8.9.0

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

pg@8.8.0

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

• Add connection lifetime limit config option.

pg@8.7.0

• Add optional config to pool to allow process to exit if pool is idle.

pg-cursor@2.7.0

• Convert to es6 class
• Add support for promises to cursor methods

pg@8.6.0

• Better SASL error messages & more validation on bad configuration.
• Export DatabaseError.
• Add ParameterDescription support to protocol parsing.
• Fix typescript typedefs with --isolatedModules.

pg-query-stream@4.0.0

• Library has been converted to Typescript. The behavior is identical, but there could be subtle breaking changes due to class names changing or other small inconsistencies introduced by the conversion.

pg@8.5.0

... (truncated)

Commits

• eaafac3 Publish
• d59cd15 fix stack traces of query() to include the async context (#1762) (#2983)
• dee3ae5 feat: add connection parameter nativeConnectionString (#2941)
• 3039f1d Revert "Update utils.js (#2981)"
• 522e2dc Update utils.js (#2981)
• 14b840e Publish
• f206293 Clean up pg-native in Makefile better
• 7152d4d Add example Cloudflare Worker and test
• 0755342 Add Cloudflare Worker compatible socket
• 5532ca5 Use WebCrypto APIs where possible
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.