Bump socket.io-parser and jsreport

[dependabot]

Bumps socket.io-parser to 3.4.1 and updates ancestor dependency jsreport. These dependencies need to be updated together.

Updates socket.io-parser from 3.2.0 to 3.4.1

Release notes

Sourced from socket.io-parser's releases.

3.4.1

Bug Fixes

• prevent DoS (OOM) via massive packets (#95) (dcb942d)

Links

• Milestone: -
• Diff: 3.4.0...3.4.1

3.4.0

This release mostly contains a bump of the debug package.

Links

• Milestone: -
• Diff: 3.3.0...3.4.0

3.3.2

Bug Fixes

• prevent DoS (OOM) via massive packets (#95) (89197a0)

Links

• Diff: socketio/socket.io-parser@3.3.1...3.3.2

3.3.1

Links

• Diff: socketio/socket.io-parser@3.3.0...3.3.1

3.3.0

Bug Fixes

• remove any reference to the global variable (b47efb2)

Links

• Milestone: -
• Diff: 3.2.0...3.3.0

Changelog

Sourced from socket.io-parser's changelog.

3.4.1 (2020-05-13)

Bug Fixes

• prevent DoS (OOM) via massive packets (#95) (dcb942d)

Commits

• a8130ce chore: release 3.4.1
• dcb942d fix: prevent DoS (OOM) via massive packets (#95)
• a5d0435 test: transpile to es5 with babelify
• 652402a [chore] Release 3.4.0
• 9b3572e [chore] Bump debug to version 4.1.0 (#92)
• de1fd36 [docs] Fix incorrect socket.io-protocol version in Readme (#89)
• 0de72b9 [chore] Release 3.3.0
• b47efb2 [fix] Remove any reference to the global variable
• d95e38f [chore] Update the Makefile
• b57e063 [test] Update travis configuration
• Additional commits viewable in compare view

Updates jsreport from 2.5.0 to 2.11.0

Release notes

Sourced from jsreport's releases.

2.11.0

highlights of updates

general updates

• chrome was not updated this time because some compatibility issues, we are still using Chrome 79
• pdf utils improvements for form elements, sign and password and general optimizations
• version control diff calculation optimization
• docx recipe improvements for charts and content in loop (data labels, axis options)
• all extensions dependencies were updated to ensure that we don't use vulnerable packages, so npm audit now reports 0 vulnerabilities in most cases

core

• fix warning for node 14

authentication

• fix bug about can not insert duplicated user when doing full import-export

chrome-pdf

• use allowLocalFilesAccess to enable/disable local files access

docx

• fix office warning about not legible content present in docx when adding an image that was not part of default mime types of document
• add support for chart options, starting with a few option to customize the axis
• add initial support for combo charts and fix generating chart with more data series than the one defined in the docx template
• add basic support for data labels, starting with just scatterChart
• add docxRaw helper
• fix generation of bookmarks in loop

express

• fix export of the public ping route

fs-store

• ignore .DS_Store from sync monitoring

html-to-xlsx

• fix sheet id generation when using a base template
• fix jsreport global reportTimeout config not working
• fix column widths calculation when table data contains colspans

import-export

• fixed local import to authenticated server

... (truncated)

Commits

• 6c7fd6f release 2.11.0
• 7525a25 update docker images
• 3f736c1 update html-to-xlsx
• ac2cecd update pdf-utils
• 32f8798 update extensions
• d863afe added Vulnerabilities section
• 524a7b6 release 2.10.0
• bacd495 update extensions in docker full
• 4d525bb update extensions
• 4d2f11d update jsreport-studio
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.