Skip to content

fix(deps): update all non-major dependencies #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Dec 26, 2024
Merged

fix(deps): update all non-major dependencies #170

merged 5 commits into from
Dec 26, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 2, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@babel/types (source) ^7.26.0 -> ^7.26.3 age adoption passing confidence
@jridgewell/gen-mapping ^0.3.5 -> ^0.3.8 age adoption passing confidence
@rspack/cli (source) 1.1.4 -> 1.1.8 age adoption passing confidence
@rspack/core (source) 1.1.4 -> 1.1.8 age adoption passing confidence
@swc/core (source) ^1.9.3 -> ^1.10.1 age adoption passing confidence
@sxzz/eslint-config ^4.5.0 -> ^4.5.1 age adoption passing confidence
@sxzz/test-utils ^0.3.7 -> ^0.3.11 age adoption passing confidence
@types/node (source) ^22.10.0 -> ^22.10.2 age adoption passing confidence
@vitest/ui (source) 2.1.6 -> 2.1.8 age adoption passing confidence
bumpp ^9.8.1 -> ^9.9.1 age adoption passing confidence
debug ^4.3.7 -> ^4.4.0 age adoption passing confidence
esbuild 0.24.0 -> 0.24.1 age adoption passing confidence
esbuild ^0.24.0 -> ^0.24.1 age adoption passing confidence
eslint (source) ^9.15.0 -> ^9.17.0 age adoption passing confidence
pnpm (source) 9.14.2 -> 9.15.1 age adoption passing confidence
rolldown (source) ^0.14.0 -> ^0.15.1 age adoption passing confidence
rollup (source) ^4.27.4 -> ^4.28.1 age adoption passing confidence
sass ^1.81.0 -> ^1.83.0 age adoption passing confidence
vite (source) ^6.0.0 -> ^6.0.5 age adoption passing confidence
vite-plugin-inspect ^0.8.8 -> ^0.10.4 age adoption passing confidence
vitest (source) 2.1.6 -> 2.1.8 age adoption passing confidence
webpack ^5.96.1 -> ^5.97.1 age adoption passing confidence
webpack-dev-server ^5.1.0 -> ^5.2.0 age adoption passing confidence

Release Notes

babel/babel (@​babel/types)

v7.26.3

Compare Source

🐛 Bug Fix
🏠 Internal
  • babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
🏃‍♀️ Performance
jridgewell/gen-mapping (@​jridgewell/gen-mapping)

v0.3.8

Compare Source

v0.3.7

Compare Source

v0.3.6

Compare Source

web-infra-dev/rspack (@​rspack/cli)

v1.1.8

Security Vulnerability Report
Overview

This is a re-release version of v1.1.6

On 12/19/2024, 02:01 (UTC), we discovered that our npm packages @rspack/core and @rspack/cli were maliciously attacked. The attacker released v1.1.7 using a compromised npm token, which contained malicious code. We took immediate action upon discovering the issue.

Impact
  • Affected versions: @rspack/core and @rspack/cli v1.1.7
  • Duration: 12/19/2024, 02:01 (UTC), lasting approximately 1 hour
  • Malicious code impact: After npm install, the postinstall script in package.json runs malicious code in dist/util/support.js. See Malicious code analysis for more details.
Actions Taken

Upon discovery, we immediately deprecated the affected v1.1.7, redirected the npm latest tag to v1.1.6, and reset all related tokens.
Subsequently, we released a secure new version v1.1.8.

Recommended Actions

If you installed v1.1.7 during the affected period, please:

  1. Update to the latest safe version immediately: @rspack/core and @rspack/cli to >= 1.1.8
  2. Check your system for any unusual activity
Apology and Commitment

We deeply apologize for the risks caused by this incident. To prevent similar incidents from happening again, we will implement stricter token management protocols and enhance our security review processes.

If you have any questions or discover any suspicious activity, please create an issue or send an email to: web-infra-security@bytedance.com

We will continue to follow and respond to community feedback.

v1.1.6

Compare Source

What's Changed

Highlights 💡

Reduced memory usage

Rspack's memory usage in large projects has been significantly reduced since v1.1.6:

Related PRs:

Performance Improvements ⚡
Exciting New Features 🎉
Bug Fixes 🐞
Document Updates 📖
Other Changes

New Contributors

Full Changelog: web-infra-dev/rspack@v1.1.5...v1.1.6

v1.1.5

Compare Source

What's Changed

Highlights 💡

refactor css loading

Since #​7306, we have aligned with webpack's CSS loading strategy, which assumed that CSS finished loading before executing JavaScript, which is not true. Both Rspack and webpack have changed the CSS loading strategy to address this issue.

For more specific details on the original problem, please refer to this link.
Webpack fixed this in https://github.com/webpack/webpack/pull/19021
Rspack fixed this in #​8534

Performance Improvements ⚡
Exciting New Features 🎉
Bug Fixes 🐞
Document Updates 📖
Other Changes

Full Changelog: web-infra-dev/rspack@v1.1.4...v1.1.5

swc-project/swc (@​swc/core)

v1.10.1

Compare Source

Bug Fixes
  • (es/resolver) Fix wrong syntax context of vars with the same names as catch params (#​9786) (5a44c6b)
Features

v1.10.0

Compare Source

Bug Fixes
Features
Miscellaneous Tasks
Refactor
sxzz/eslint-config (@​sxzz/eslint-config)

v4.5.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
sxzz/test-utils (@​sxzz/test-utils)

v0.3.11

Compare Source

   🚀 Features
    View changes on GitHub

v0.3.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.3.9

Compare Source

   🚀 Features
    View changes on GitHub

v0.3.8

Compare Source

   🚀 Features
    View changes on GitHub
vitest-dev/vitest (@​vitest/ui)

v2.1.8

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v2.1.7

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
antfu/bumpp (bumpp)

v9.9.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v9.9.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
debug-js/debug (debug)

v4.4.0

Compare Source

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

evanw/esbuild (esbuild)

v0.24.1

Compare Source

  • Allow es2024 as a target in tsconfig.json (#​4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
  "compilerOptions": {
    "target": "ES2024"
  }
}

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
  get
  *x() {}
  set
  *y() {}
}

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#​4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

    // The following code now transforms to "return true;\n"
console.log(esbuild.transformSync(
  `return process.env['SOME-TEST-VAR']`,
  { define: { 'process.env["SOME-TEST-VAR"]': 'true' } },
))

    Note that if you're passing values like this on the command line using esbuild's --define flag, then you'll need to know how to escape quote characters for your shell. You may find esbuild's JavaScript API more ergonomic and portable than writing shell code.

  • Minify empty try/catch/finally blocks (#​4003)

    With this release, esbuild will now attempt to minify empty try blocks:

    // Original code
try {} catch { foo() } finally { bar() }

// Old output (with --minify)
try{}catch{foo()}finally{bar()}

// New output (with --minify)
bar();

    This can sometimes expose additional minification opportunities.

  • Include entryPoint metadata for the copy loader (#​3985)

    Almost all entry points already include a entryPoint field in the outputs map in esbuild's build metadata. However, this wasn't the case for the copy loader as that loader is a special-case that doesn't behave like other loaders. This release adds the entryPoint field in this case.

  • Source mappings may now contain null entries (#​3310, #​3878)

    With this change, sources that result in an empty source map may now emit a null source mapping (i.e. one with a generated position but without a source index or original position). This change improves source map accuracy by fixing a problem where minified code from a source without any source mappings could potentially still be associated with a mapping from another source file earlier in the generated output on the same minified line. It manifests as nonsensical files in source mapped stack traces. Now the null mapping "resets" the source map so that any lookups into the minified code without any mappings resolves to null (which appears as the output file in stack traces) instead of the incorrect source file.

    This change shouldn't affect anything in most situations. I'm only mentioning it in the release notes in case it introduces a bug with source mapping. It's part of a work-in-progress future feature that will let you omit certain unimportant files from the generated source map to reduce source map size.

  • Avoid using the parent directory name for determinism (#​3998)

    To make generated code more readable, esbuild includes the name of the source file when generating certain variable names within the file. Specifically bundling a CommonJS file generates a variable to store the lazily-evaluated module initializer. However, if a file is named index.js (or with a different extension), esbuild will use the name of the parent directory instead for a better name (since many packages have files all named index.js but have unique directory names).

    This is problematic when the bundle entry point is named index.js and the parent directory name is non-deterministic (e.g. a temporary directory created by a build script). To avoid non-determinism in esbuild's output, esbuild will now use index instead of the parent directory in this case. Specifically this will happen if the parent directory is equal to esbuild's outbase API option, which defaults to the lowest common ancestor of all user-specified entry point paths.

  • Experimental support for esbuild on NetBSD (#​3974)

    With this release, esbuild now has a published binary executable for NetBSD in the @esbuild/netbsd-arm64 npm package, and esbuild's installer has been modified to attempt to use it when on NetBSD. Hopefully this makes installing esbuild via npm work on NetBSD. This change was contributed by @​bsiegert.

    ⚠️ Note: NetBSD is not one of Node's supported platforms, so installing esbuild may or may not work on NetBSD depending on how Node has been patched. This is not a problem with esbuild. ⚠️

eslint/eslint (eslint)

v9.17.0

Compare Source

v9.16.0

Compare Source

Features

  • 8f70eb1 feat: Add ignoreComputedKeys option in sort-keys rule (#​19162) (Milos Djermanovic)

Documentation

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Dec 2, 2024
@bolt-new-by-stackblitz Bolt.new (by StackBlitz)
Copy link

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@socket-security Socket Security
Copy link

socket-security bot commented Dec 2, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/types@7.26.3 environment +2 2.63 MB nicolo-ribaudo
npm/@jridgewell/gen-mapping@0.3.8 None +2 131 kB
npm/@rspack/cli@1.1.8 environment, eval Transitive: filesystem, network, shell, unsafe +267 20 MB hardfist
npm/@rspack/core@1.1.8 environment, eval, filesystem, network, shell, unsafe +7 4.79 MB hardfist
npm/@swc/core@1.10.2 None +2 197 kB kdy1, kwonoj
npm/@sxzz/eslint-config@4.5.1 environment Transitive: eval, filesystem, network, shell, unsafe +233 42 MB sxzz
npm/@sxzz/test-utils@0.3.11 Transitive: filesystem +6 311 kB sxzz
npm/@types/node@22.10.2 None +1 2.37 MB types
npm/@vitest/ui@2.1.8 Transitive: environment, filesystem +14 2.24 MB vitestbot
npm/bumpp@9.9.2 Transitive: environment, filesystem, network, shell +59 5.1 MB antfu
npm/debug@4.4.0 environment +1 49.5 kB qix
npm/esbuild@0.24.2 None 0 134 kB esbuild, evanw
npm/eslint@9.17.0 Transitive: environment, eval, filesystem, shell, unsafe +81 10.6 MB eslintbot, openjsfoundation
npm/rolldown@0.15.1 environment, shell 0 798 kB rolldownbot
npm/rollup@4.29.1 None +1 2.63 MB eventualbuddha, lukastaegert, rich_harris, ...2 more
npm/sass@1.83.0 Transitive: filesystem +3 868 kB
npm/vite-plugin-inspect@0.10.6 environment, filesystem +25 5.08 MB antfu
npm/vite@6.0.6 Transitive: environment, filesystem +3 3.08 MB antfu, patak, soda, ...2 more
npm/vitest@2.1.8 environment, eval Transitive: filesystem, network, shell, unsafe +36 7.99 MB vitestbot
npm/webpack-dev-server@5.2.0 environment, eval, network Transitive: filesystem, shell, unsafe +191 11.8 MB evilebottnawi
npm/webpack@5.97.1 environment, filesystem, network, unsafe Transitive: eval, shell +151 29.2 MB evilebottnawi

🚮 Removed packages: npm/@babel/types@7.26.0, npm/@jridgewell/gen-mapping@0.3.5, npm/@rspack/cli@1.1.4, npm/@rspack/core@1.1.4, npm/@swc/core@1.9.3, npm/@sxzz/eslint-config@4.5.0, npm/@sxzz/test-utils@0.3.7, npm/@types/node@22.10.0, npm/@vitest/ui@2.1.6, npm/bumpp@9.8.1, npm/debug@4.3.7, npm/esbuild@0.24.0, npm/eslint@9.15.0, npm/rolldown@0.14.0, npm/rollup@4.27.4, npm/sass@1.81.0, npm/vite-plugin-inspect@0.8.8, npm/vite@6.0.0, npm/vitest@2.1.6, npm/webpack-dev-server@5.1.0, npm/webpack@5.96.1

View full report↗︎

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Dec 2, 2024
edited
Loading

Open in Stackblitz

npm i https://pkg.pr.new/unplugin/unplugin-vue@170

commit: 8917a89

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 16 times, most recently from 6bbe8ae to 75e97de Compare December 9, 2024 08:53
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 75e97de to 97919a7 Compare December 10, 2024 08:07
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Dec 10, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 8d3d5ea to 3ee148c Compare December 13, 2024 21:46
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 1f6a462 to 33987f9 Compare December 20, 2024 18:00
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 20, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@sxzz sxzz force-pushed the renovate/all-minor-patch branch from adeffb7 to e349a25 Compare December 26, 2024 18:08
@sxzz sxzz force-pushed the renovate/all-minor-patch branch from 56b4522 to ef51b5f Compare December 26, 2024 18:25
@sxzz sxzz merged commit c64e38c into main Dec 26, 2024
12 checks passed
@sxzz sxzz deleted the renovate/all-minor-patch branch December 26, 2024 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sxzz