Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #94

Merged
merged 1 commit into from
Dec 12, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 17, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
eslint (source) ^8.53.0 -> ^8.57.1 age adoption passing confidence devDependencies minor
jiti ^1.21.0 -> ^1.21.6 age adoption passing confidence devDependencies patch
node (source) >=8.0.0 -> >=8.17.0 age adoption passing confidence engines minor
node-fetch ^1.4.1 -> ^1.6.4 age adoption passing confidence devDependencies minor
node-fetch-native ^1.4.1 -> ^1.6.4 age adoption passing confidence dependencies minor
npm (source) >=5.0.0 -> >=5.10.0 age adoption passing confidence engines minor

Release Notes

eslint/eslint (eslint)

v8.57.1

Compare Source

v8.57.0

Compare Source

Features

  • 1120b9b feat: Add loadESLint() API method for v8 (#​18098) (Nicholas C. Zakas)
  • dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#​18066) (Nitin Kumar)

Bug Fixes

  • 2196d97 fix: handle absolute file paths in FlatRuleTester (#​18064) (Nitin Kumar)
  • 69dd1d1 fix: Ensure config keys are printed for config errors (#​18067) (Nitin Kumar)
  • 9852a31 fix: deep merge behavior in flat config (#​18065) (Nitin Kumar)
  • 4c7e9b0 fix: allow circular references in config (#​18056) (Milos Djermanovic)

Documentation

Chores

v8.56.0

Compare Source

Features
  • 0dd9704 feat: Support custom severity when reporting unused disable directives (#​17212) (Bryan Mishkin)
  • 31a7e3f feat: fix no-restricted-properties false negatives with unknown objects (#​17818) (Arka Pratim Chaudhuri)
Bug Fixes
  • 7d5e5f6 fix: TypeError: fs.exists is not a function on read-only file system (#​17846) (Francesco Trotta)
  • 74739c8 fix: suggestion with invalid syntax in no-promise-executor-return rule (#​17812) (Bryan Mishkin)
Documentation
  • 9007719 docs: update link in ways-to-extend.md (#​17839) (Amel SELMANE)
  • 3a22236 docs: Update README (GitHub Actions Bot)
  • 54c3ca6 docs: fix migration-guide example (#​17829) (Tanuj Kanti)
  • 4391b71 docs: check config comments in rule examples (#​17815) (Francesco Trotta)
  • fd28363 docs: remove mention about ESLint stylistic rules in readme (#​17810) (Zwyx)
  • 48ed5a6 docs: Update README (GitHub Actions Bot)
Chores

v8.55.0

Compare Source

Features

  • 8c9e6c1 feat: importNamePattern option in no-restricted-imports (#​17721) (Tanuj Kanti)

Documentation

  • 83ece2a docs: fix typo --rules -> --rule (#​17806) (OKURA Masafumi)
  • fffca5c docs: remove "Open in Playground" buttons for removed rules (#​17791) (Francesco Trotta)
  • a6d9442 docs: fix correct/incorrect examples of rules (#​17789) (Tanuj Kanti)
  • 383e999 docs: update and fix examples for no-unused-vars (#​17788) (Tanuj Kanti)
  • 5a8efd5 docs: add specific stylistic rule for each deprecated rule (#​17778) (Etienne)

Chores

v8.54.0

Compare Source

Features

  • a7a883b feat: for-direction rule add check for condition in reverse order (#​17755) (Angelo Annunziata)
  • 1452dc9 feat: Add suggestions to no-console (#​17680) (Joel Mathew Koshy)
  • 21ebf8a feat: update no-array-constructor rule (#​17711) (Francesco Trotta)

Bug Fixes

  • 98926e6 fix: Ensure that extra data is not accidentally stored in the cache file (#​17760) (Milos Djermanovic)
  • e8cf9f6 fix: Make dark scroll bar in dark theme (#​17753) (Pavel)
  • 3cbeaad fix: Use cwd constructor option as config basePath in Linter (#​17705) (Milos Djermanovic)

Documentation

  • becfdd3 docs: Make clear when rules are removed (#​17728) (Nicholas C. Zakas)
  • 05d6e99 docs: update "Submit a Pull Request" page (#​17712) (Francesco Trotta)
  • eb2279e docs: display info about deprecated rules (#​17749) (Percy Ma)
  • d245326 docs: Correct working in migrating plugin docs (#​17722) (Filip Tammergård)

Chores

unjs/jiti (jiti)

v1.21.6

Compare Source

compare changes

🩹 Fixes
  • Use internal cached modules only if loaded (#​247)

v1.21.5

Compare Source

compare changes

🩹 Fixes

From 1.21.4

  • Avoid node: protocol for node 14 compatibility (5d877de)
  • Update deps (5e11181)

v1.21.4

Compare Source

v1.21.3

Compare Source

compare changes

🩹 Fixes
❤️ Contributors

v1.21.2

Compare Source

compare changes

🩹 Fixes
❤️ Contributors

v1.21.1

Compare Source

compare changes

🏡 Chore
🤖 CI
❤️ Contributors
nodejs/node (node)

v8.17.0: 2019-12-17, Version 8.17.0 'Carbon' (LTS), @​MylesBorins

Compare Source

This is a security release.

For more details about the vulnerability please consult the npm blog:

https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli

Notable changes
Commits

v8.16.2: 2019-10-09, Version 8.16.2 'Carbon' (LTS), @​BethGriggs

Compare Source

Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes
  • deps: upgrade openssl sources to 1.0.2s (Sam Roberts) #​28230
Commits

v8.16.1: 2019-08-15, Version 8.16.1 'Carbon' (LTS), @​BethGriggs

Compare Source

Notable changes

This is a security release.

Node.js, as well as many other implementations of HTTP/2, have been found
vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

  • CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
  • CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
  • CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
  • CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
  • CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
  • CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
  • CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
  • CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service. (Discovered by Piotr Sikora of Google)
Commits

v8.16.0: 2019-04-16, Version 8.16.0 'Carbon' (LTS), @​MylesBorins

Compare Source

Notable Changes
  • n-api:
    • add API for asynchronous functions (Gabriel Schulhof) #​17887
    • mark thread-safe function as stable (Gabriel Schulhof) #​25556
Commits

v8.15.1

Compare Source

v8.15.0: 2018-12-26, Version 8.15.0 'Carbon' (LTS), @​MylesBorins

Compare Source

The 8.14.0 security release introduced some unexpected breakages on the 8.x release line.
This is a special release to fix a regression in the HTTP binary upgrade response body and add
a missing CLI flag to adjust the max header size of the http parser.

Notable Changes
  • cli:
    • add --max-http-header-size flag (cjihrig) #​24811
  • http:
    • add maxHeaderSize property (cjihrig) #​24860
Commits

v8.14.1: 2018-12-18, Version 8.14.1 'Carbon' (LTS), @​MylesBorins prepared by @​BethGriggs

Compare Source

Notable changes
  • assert:
    • revert breaking change (Ruben Bridgewater) #​24786
  • http2:
    • fix sequence of error/close events (Gerhard Stoebich) #​24789
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codecov-commenter
Copy link

codecov-commenter commented Nov 17, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.37%. Comparing base (01953a7) to head (731c57d).

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files
@@           Coverage Diff           @@
##             main      #94   +/-   ##
=======================================
  Coverage   99.37%   99.37%           
=======================================
  Files           6        6           
  Lines         161      161           
=======================================
  Hits          160      160           
  Misses          1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 2396ebe to c45a1f4 Compare November 17, 2023 22:35
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from c45a1f4 to 561f5e8 Compare December 2, 2023 01:01
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 561f5e8 to 7c8ff8e Compare December 16, 2023 01:25
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 69ca7eb to 743eb1e Compare December 24, 2023 21:56
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 743eb1e to fd2f3a9 Compare February 7, 2024 21:54
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from fd2f3a9 to c41c521 Compare February 23, 2024 22:46
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from a8f8fab to 731c57d Compare March 21, 2024 19:59
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 731c57d to 6d2eda0 Compare May 7, 2024 15:35
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 61c554f to 55e3c41 Compare June 10, 2024 15:43
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 55e3c41 to 420df0d Compare September 16, 2024 16:21
@danielroe danielroe merged commit 4a29bce into main Dec 12, 2024
1 check passed
@danielroe danielroe deleted the renovate/all-minor-patch branch December 12, 2024 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants