astro-shield icon indicating copy to clipboard operation
astro-shield copied to clipboard

Published 20 hours ago verified publisher icon kindspells

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates

Open dependabot[bot] opened this issue 10 months ago • 2 comments

Bumps the dev-deps group with 6 updates in the / directory:

Package From To
@moonrepo/cli 1.29.3 1.30.6
@vitest/coverage-v8 2.1.4 2.1.8
vitest 2.1.4 2.1.8
@astrojs/starlight 0.28.5 0.30.3
rollup 4.24.3 4.30.0
vite 5.4.10 6.0.7

Updates @moonrepo/cli from 1.29.3 to 1.30.6

Release notes

Sourced from @​moonrepo/cli's releases.

v1.30.6

🐞 Fixes

  • Fixed an issue where python venv would fail to find an applicable Python version.
  • Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
  • Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

  • Updated proto to v0.44.1 (from 0.43.1).

v1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

v1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

v1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

v1.30.2

🐞 Fixes

  • Fixed an issue where dependencies/dependents of an affected task would be skipped in the action graph if they were also not affected.
  • Fixed a potential cycle (stack overflow) that may occur in the affected tracker.

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

1.30.6

🐞 Fixes

  • Fixed an issue where python venv would fail to find an applicable Python version.
  • Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
  • Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

  • Updated proto to v0.44.1 (from 0.43.1).

1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

1.30.2

... (truncated)

Commits

Updates @vitest/coverage-v8 from 2.1.4 to 2.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits

Updates vitest from 2.1.4 to 2.1.8

Release notes

Sourced from vitest's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits
  • d69cc75 bump: 2.1.8
  • 92f7a2a fix: support Node 21
  • 81ed45b chore: release v2.1.7
  • fbe5c39 fix: revert support for Vite 6
  • b936702 bump: 2.1.6
  • 32f23b9 chore: release v2.1.5
  • 417bdb4 fix(browser): init browsers eagerly when tests are running (#6876)
  • 93b67c2 fix: throw an error and a warning if .poll, .element, .rejects/`.resolv...
  • 9a0c93d fix(browser): stop the browser rpc when the pool is closed (#6858)
  • 251893b chore: set resolve.mainFields and resolve.conditions for SSR environment ...
  • Additional commits viewable in compare view

Updates @astrojs/starlight from 0.28.5 to 0.30.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.30.3

Patch Changes

  • #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

  • #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

  • #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

  • #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

@​astrojs/starlight@​0.30.2

Patch Changes

  • #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

  • #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

@​astrojs/starlight@​0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

@​astrojs/starlight@​0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

       // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader } from "@astrojs/starlight/loaders";

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.30.3

Patch Changes

  • #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

  • #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

  • #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

  • #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

0.30.2

Patch Changes

  • #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

  • #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

... (truncated)

Commits

Updates rollup from 4.24.3 to 4.30.0

Release notes

Sourced from rollup's releases.

v4.30.0

4.30.0

2025-01-06

Features

  • Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

v4.29.2

4.29.2

2025-01-05

Bug Fixes

  • Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)

Pull Requests

v4.29.1

4.29.1

2024-12-21

Bug Fixes

  • Fix crash from deoptimized logical expressions (#5771)

Pull Requests

v4.29.0

4.29.0

2024-12-20

Features

... (truncated)

Changelog

Sourced from rollup's changelog.

4.30.0

2025-01-06

Features

  • Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

4.29.2

2025-01-05

Bug Fixes

  • Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)

Pull Requests

4.29.1

2024-12-21

Bug Fixes

  • Fix crash from deoptimized logical expressions (#5771)

Pull Requests

4.29.0

2024-12-20

Features

  • Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)

Pull Requests

... (truncated)

Commits

Updates vite from 5.4.10 to 6.0.7

Release notes

Sourced from vite's releases.

v6.0.7

Please refer to CHANGELOG.md for details.

v6.0.6

Please refer to CHANGELOG.md for details.

v6.0.5

Please refer to CHANGELOG.md for details.

v6.0.4

Please refer to CHANGELOG.md for details.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.0.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0-beta.10

Please refer to CHANGELOG.md for details.

v6.0.0-beta.9

Please refer to CHANGELOG.md for details.

v6.0.0-beta.8

Please refer to CHANGELOG.md for details.

v6.0.0-beta.7

Please refer to CHANGELOG.md for details.

v6.0.0-beta.6

Please refer to CHANGELOG.md for details.

v6.0.0-beta.5

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.7 (2025-01-02)

6.0.6 (2024-12-26)

6.0.5 (2024-12-20)

6.0.4 (2024-12-19)

... (truncated)

Commits
  • a671e58 release: v6.0.7
  • 1c102d5 fix(ssr): fix semicolon injection by ssr transform (#19097)
  • 677508b perf: skip globbing for static path in warmup (#19107)
  • b178c90 fix: skip the plugin if it has been called before with the same id and import...
  • a492253 fix(html): error while removing vite-ignore attribute for inline script (#1...
  • b07c036 feat(css): show lightningcss warnings (#19076)
  • f7b1964 fix: fix minify when builder.sharedPlugins: true (#19025)
  • 5c2b4a0 release: v6.0.6
  • 9290d85 fix(css): show correct error when unknown placeholder is used for CSS modules...
  • afff05c fix(css): resolve style tags in HTML files correctly for lightningcss (#19001)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • `@dependabot ignore <depend...

Description has been truncated

dependabot[bot] avatar Jan 06 '25 08:01 dependabot[bot]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/[email protected] Transitive: environment, filesystem, network, shell +238 29.2 MB fredkschott
npm/@moonrepo/[email protected] environment, filesystem Transitive: shell +1 32.1 kB milesj
npm/@vitest/[email protected] Transitive: environment, filesystem, shell +63 10.7 MB vitestbot
npm/[email protected] None +1 2.64 MB eventualbuddha, lukastaegert, rich_harris, ...2 more
npm/[email protected] Transitive: environment, filesystem +5 3.36 MB antfu, patak, soda, ...2 more
npm/[email protected] environment, eval Transitive: filesystem, network, shell, unsafe +39 8.18 MB vitestbot

🚮 Removed packages: npm/@astrojs/[email protected], npm/@moonrepo/[email protected], npm/@vitest/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

socket-security[bot] avatar Jan 06 '25 08:01 socket-security[bot]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Possible typosquat attack npm/[email protected] ⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

socket-security[bot] avatar Jan 06 '25 08:01 socket-security[bot]