protobuf-project
protobuf-project copied to clipboard
Published
20 hours ago •
aperturerobotics
aperturerobotics
fix(deps): update all dependencies
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type | Update |
|---|---|---|---|---|---|---|---|
| @aptre/common | ^0.16.1 -> ^0.22.0 |
devDependencies | minor | ||||
| @aptre/it-ws | 1.0.1 -> 1.1.2 |
dependencies | minor | ||||
| @aptre/protobuf-es-lite | ^0.4.3 -> ^0.5.0 |
dependencies | minor | ||||
| actions/checkout | v4.1.7 -> v6.0.0 |
action | major | ||||
| actions/dependency-review-action | v4.3.3 -> v4.8.2 |
action | minor | ||||
| actions/setup-go | v5.0.1 -> v6.1.0 |
action | major | ||||
| actions/setup-node | v4.0.2 -> v6.0.0 |
action | major | ||||
| github.com/aperturerobotics/common | v0.16.12 -> v0.22.14 |
require | minor | ||||
| github.com/aperturerobotics/protobuf-go-lite | v0.6.5 -> v0.11.0 |
require | minor | ||||
| github.com/aperturerobotics/starpc | v0.32.15 -> v0.39.10 |
require | minor | ||||
| github/codeql-action | v3.25.11 -> v4.31.4 |
action | major | ||||
| google.golang.org/protobuf | v1.34.2 -> v1.36.10 |
require | minor | ||||
| prettier (source) | 3.3.2 -> 3.6.2 |
devDependencies | minor | ||||
| rimraf | ^5.0.7 -> ^6.0.0 |
devDependencies | major | ||||
| starpc | ^0.32.8 -> ^0.39.0 |
dependencies | minor | ||||
| typescript (source) | 5.5.3 -> 5.9.3 |
devDependencies | minor |
Release Notes
aperturerobotics/common (@aptre/common)
v0.22.14
v0.22.13
v0.22.12
v0.22.11
v0.22.10
v0.22.9
v0.22.8
v0.22.7
v0.22.6
v0.22.5
v0.22.4
v0.22.3
v0.22.2
v0.22.1
v0.22.0
v0.21.2
v0.21.1
v0.21.0
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.1
v0.18.8
v0.18.7
v0.18.6
v0.18.5
v0.18.4
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.3
v0.17.2
v0.17.1
v0.17.0
aperturerobotics/protobuf-es-lite (@aptre/protobuf-es-lite)
v0.5.2
v0.5.1
v0.5.0
v0.4.9
v0.4.8
v0.4.7
actions/checkout (actions/checkout)
v6.0.0
v5.0.1
What's Changed
- Port v6 cleanup to v5 by @ericsciple in #2301
Full Changelog: https://github.com/actions/checkout/compare/v5...v5.0.1
v5.0.0
What's Changed
- Update actions checkout to use node 24 by @salmanmkc in #2226
- Prepare v5.0.0 release by @salmanmkc in #2238
⚠️ Minimum Compatible Runner Version
v2.327.1
Release Notes
Make sure your runner is updated to this version or newer to use this release.
Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0
v4.3.1
What's Changed
- Port v6 cleanup to v4 by @ericsciple in #2305
Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.1
v4.3.0
What's Changed
- docs: update README.md by @motss in #1971
- Add internal repos for checking out multiple repositories by @mouismail in #1977
- Documentation update - add recommended permissions to Readme by @benwells in #2043
- Adjust positioning of user email note and permissions heading by @joshmgross in #2044
- Update README.md by @nebuk89 in #2194
- Update CODEOWNERS for actions by @TingluoHuang in #2224
- Update package dependencies by @salmanmkc in #2236
- Prepare release v4.3.0 by @salmanmkc in #2237
New Contributors
- @motss made their first contribution in #1971
- @mouismail made their first contribution in #1977
- @benwells made their first contribution in #2043
- @nebuk89 made their first contribution in #2194
- @salmanmkc made their first contribution in #2236
Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0
v4.2.2
url-helper.tsnow leverages well-known environment variables by @jww3 in #1941- Expand unit test coverage for
isGhesby @jww3 in #1946
v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by @orhantoy in #1924
v4.2.0
- Add Ref and Commit outputs by @lucacome in #1180
- Dependency updates by @dependabot- #1777, #1872
actions/dependency-review-action (actions/dependency-review-action)
v4.8.2
Minor fixes:
- Fix PURL parsing for scoped packages (#1008 from @danielhardej)
- Fix for large summaries (#1007 from @gitulisca)
- README includes a working example for allow-dependencies-licenses (#1009 from @danielhardej)
v4.8.1: Dependency Review Action v4.8.1
What's Changed
- (bug) Fix spamming link test in deprecation warning (again) by @ahpook in #1000
- Bump version for 4.8.1 release by @ahpook in #1001
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.8.1
v4.8.0
What's Changed
- Make Ruby Code Scannable by @ljones140 in #978
- Batch some contributions for release by @brrygrdn in #986
- Make license lists collapsable by @jasperkamerling
- feat: add large summary handling with artifact upload by @MattMencel
New Contributors
- @ljones140 made their first contribution in #978
- @jasperkamerling made their first contribution in #986
- @MattMencel made their first contribution in #986
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.8.0
v4.7.4
v4.7.3: 4.7.3
What's Changed
- Add explicit permissions to workflow files by @AshelyTC in #966
- Claire153/fix spamming mentioned issue by @claire153 in #974
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.7.3
v4.7.2: 4.7.2
What's Changed
- Add Missing Languages to CodeQL Advanced Configuration by @KyFaSt in #945
- Deprecate deny lists by @claire153 in #958
- Address discrepancy between docs and reality by @ahpook in #960
New Contributors
- @KyFaSt made their first contribution in #945
- @claire153 made their first contribution in #958
- @ahpook made their first contribution in #960
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.7.2
v4.7.1
- Packages added to
allow-dependencies-licenseswill be allowed even if the package in question has no license information #889 - License expressions (e.g.
Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g.Ruby)
v4.7.0
- Handle complex license expressions (e.g.
MIT AND GPL-2.0) in allow lists (fixes #809 and probably others) - Replace
OTHERin package licenses withLicenseRef-clearlydefined-OTHERso that parsing passes
v4.6.0
What's Changed
- Updating multiple dependency versions by @Ahmed3lmallah in #870
- Grouping minor and patch dependabot updates to lessen the number of PRs by @Ahmed3lmallah in #876
- Bump actions/stale from 9.0.0 to 9.1.0 by @dependabot in #878
- Bump undici from 5.28.4 to 5.28.5 by @dependabot in #877
- DR Action should link to the proxima stamp when appropriate in error messages by @AshelyTC in #891
- Allow deny package removal by @ellenfieldn in #888
- Fix typos by @omahs in #893
- Bump esbuild from 0.19.5 to 0.25.0 by @dependabot in #900
- Bump octokit and related dependencies by @RomanIakovlev in #904
- Bump @babel/helpers from 7.23.2 to 7.26.10 by @dependabot in #905
- Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @dependabot in #899
- Update transitive dependency spdx-license-ids by @ailox in #855
- To not print OpenSSF Scorecard section if no dependencies scanned by @fabasoad in #884
- Improve usage of this action in dependency-review.yml by @fabasoad in #883
- Clarify comment-summary-in-pr behaviour by @Pantelis-Santorinios in #902
- Prepare 4.6.0 Release candidate by @brrygrdn in #910
New Contributors
- @AshelyTC made their first contribution in #891
- @ellenfieldn made their first contribution in #888
- @omahs made their first contribution in #893
- @RomanIakovlev made their first contribution in #904
- @ailox made their first contribution in #855
- @fabasoad made their first contribution in #884
- @Pantelis-Santorinios made their first contribution in #902
- @brrygrdn made their first contribution in #910
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.5.0...v4.6.0
v4.5.0
What's Changed
- Bump got from 14.4.2 to 14.4.3 by @dependabot in #844
- Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in #847
- Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in #849
- Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in #850
- fix: add summary comment on failure when warn-only: true by @ebickle in #827
- Prepare for 4.5.0 release by @Ahmed3lmallah in #851
New Contributors
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4...v4.5.0
v4.4.0
What's Changed
- Fix for merge_group event bug by @Ahmed3lmallah in #846
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0
v4.3.5
What's Changed
- fix: getRefs function to handle merge_group events by @louis-bompart in #766
- Create pull_request_template.md by @jonjanego in #794
- Update CONTRIBUTING.md by @jonjanego in #793
- Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in #815
- Upgrade transitive micromatch library by @elireisman in #829
- Do not list changed dependencies in summary by @hmaurer in #828
- Update stale.yaml by @jonjanego in #832
- Bump got from 14.4.1 to 14.4.2 by @dependabot in #822
- Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in #840
New Contributors
- @louis-bompart made their first contribution in #766
- @Ahmed3lmallah made their first contribution in #840
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5
v4.3.4
What's Changed
- Include all added dependencies in scorecard entries by @elireisman in #783
- Update SPDX Expression Parsing by @febuiles in #719
- This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.
Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4
actions/setup-go (actions/setup-go)
v6.1.0
What's Changed
Enhancements
- Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in #665
- Add support for .tool-versions file and update workflow by @priya-kinthali in #673
- Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in #674
Dependency updates
- Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @dependabot in #617
- Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #641
- Upgrade semver and @types/semver by @dependabot in #652
New Contributors
- @nicholasngai made their first contribution in #665
- @priya-kinthali made their first contribution in #673
- @mahabaleshwars made their first contribution in #674
Full Changelog: https://github.com/actions/setup-go/compare/v6...v6.1.0
v6.0.0
What's Changed
Breaking Changes
- Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in #460
- Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in #624
Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes
Dependency Upgrades
- Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in #589
- Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in #591
- Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in #590
- Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in #594
- Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in #538
- Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in #603
- Upgrade
form-datato bring in fix for critical vulnerability by @matthewhughes934 in #618 - Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in #631
New Contributors
- @matthewhughes934 made their first contribution in #618
- @salmanmkc made their first contribution in #624
Full Changelog: https://github.com/actions/setup-go/compare/v5...v6.0.0
v5.5.0
What's Changed
Bug fixes:
- Update self-hosted environment validation by @priyagupta108 in #556
- Add manifest validation and improve error handling by @priyagupta108 in #586
- Update template link by @jsoref in #527
Dependency updates:
- Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in #574
- Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in #573
- Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in #582
- Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in #537
New Contributors
Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.5.0
v5.4.0
What's Changed
Dependency updates :
- Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in #535
- Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @dependabot in #536
- Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in #568
- Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in #541
New Contributors
- @aparnajyothi-y made their first contribution in #568
Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.4.0
v5.3.0
What's Changed
- Use the new cache service: upgrade
@actions/cacheto^4.0.0by @Link- in #531 - Configure Dependabot settings by @HarithaVattikuti in #530
- Document update - permission section by @HarithaVattikuti in #533
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in #534
New Contributors
Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.3.0
v5.2.0
What's Changed
- Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in #496
New Contributors
Full Changelog: https://github.com/actions/setup-go/compare/v5...v5.2.0
v5.1.0
What's Changed
- Add workflow file for publishing releases to immutable action package by @Jcambass in #500
- Upgrade IA Publish by @Jcambass in #502
- Add architecture to cache key by @Zxilly in #493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.
- Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in #510
Bug Fixes
New Contributors
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
ℹ Artifact update notice
File name: go.mod
In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):
- 13 additional dependencies were updated
- The
godirective was updated for compatibility reasons
Details:
| Package | Change |
|---|---|
go |
1.22 -> 1.24 |
github.com/aperturerobotics/util |
v1.23.7 -> v1.31.3 |
github.com/aperturerobotics/json-iterator-lite |
v1.0.0 -> v1.0.1-0.20240713111131-be6bf89c3008 |
github.com/decred/dcrd/dcrec/secp256k1/v4 |
v4.3.0 -> v4.4.0 |
github.com/ipfs/go-cid |
v0.4.1 -> v0.5.0 |
github.com/klauspost/cpuid/v2 |
v2.2.7 -> v2.2.10 |
github.com/libp2p/go-libp2p |
v0.35.1 -> v0.43.0 |
github.com/multiformats/go-multiaddr |
v0.12.4 -> v0.16.0 |
github.com/multiformats/go-multicodec |
v0.9.0 -> v0.9.1 |
github.com/multiformats/go-multistream |
v0.5.0 -> v0.6.1 |
golang.org/x/crypto |
v0.23.0 -> v0.39.0 |
golang.org/x/exp |
v0.0.0-20240613232115-7f521ea00fb8 -> v0.0.0-20250606033433-dcc06ee1d476 |
golang.org/x/sys |
v0.20.0 -> v0.34.0 |
lukechampine.com/blake3 |
v1.2.1 -> v1.4.1 |
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
| Diff | Package | Supply Chain Security |
Vulnerability | Quality | Maintenance | License |
|---|---|---|---|---|---|---|
 | npm/@aptre/common@0.16.12 ⏵ 0.22.12 |  |  |  |  +1 | |
| npm/@aptre/it-ws@1.0.1 ⏵ 1.1.2 |  +1 | | |  | |
| npm/starpc@0.32.15 ⏵ 0.39.10 |  +2 | | +1 |  | |
| npm/@aptre/protobuf-es-lite@0.4.6 ⏵ 0.5.2 |  +2 | | +1 |  -4 | |
| npm/prettier@3.3.2 ⏵ 3.6.2 | +1 | | |  | |
| npm/typescript@5.5.3 ⏵ 5.9.3 | | | +1 | | |
| golang/github.com/aperturerobotics/starpc@v0.32.15 ⏵ v0.39.10 | +1 | | | | |
| golang/github.com/aperturerobotics/protobuf-go-lite@v0.6.5 ⏵ v0.11.0 | +1 | | | | |
| golang/github.com/aperturerobotics/common@v0.16.12 ⏵ v0.22.12 | | | | | |
| npm/rimraf@5.0.7 ⏵ 6.1.0 | +1 | | +1 | +23 | |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}