hackernews icon indicating copy to clipboard operation
hackernews copied to clipboard

Published 20 hours ago verified publisher icon nuxt

chore(deps): update all non-major dependencies

Open renovate[bot] opened this issue 2 years ago • 3 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
eslint (source) ^8.15.0 -> ^8.21.0 age adoption passing confidence devDependencies minor
node >=14.0 -> >=v14.20.0 age adoption passing confidence engines minor
nuxt ^3.0.0-rc.3 -> ^3.0.0-rc.7 age adoption passing confidence devDependencies patch
pnpm (source) 7.0.1 -> 7.9.0 age adoption passing confidence packageManager minor
typescript (source) ^4.6.4 -> ^4.7.4 age adoption passing confidence devDependencies minor

Release Notes

eslint/eslint

v8.21.0

Compare Source

Features

  • 7b43ea1 feat: Implement FlatESLint (#​16149) (Nicholas C. Zakas)
  • 92bf49a feat: improve the key width calculation in key-spacing rule (#​16154) (Nitin Kumar)
  • c461542 feat: add new allowLineSeparatedGroups option to the sort-keys rule (#​16138) (Nitin Kumar)
  • 1cdcbca feat: add deprecation warnings for legacy API in RuleTester (#​16063) (Nitin Kumar)

Bug Fixes

  • 0396775 fix: lines-around-comment apply allowBlockStart for switch statements (#​16153) (Nitin Kumar)

Documentation

Chores

v8.20.0

Compare Source

Features
Bug Fixes
  • 30be0ed fix: no-warning-comments rule escapes special RegEx characters in terms (#​16090) (Lachlan Hunt)
  • bfe5e88 fix: ignore spacing before ] and } in comma-spacing (#​16113) (Milos Djermanovic)
Documentation
Chores
  • bbf8df4 chore: Mark autogenerated release blog post as draft (#​16130) (Nicholas C. Zakas)
  • eee4306 chore: update internal lint dependencies (#​16088) (Bryan Mishkin)
  • 9615a42 chore: update formatter examples template to avoid markdown lint error (#​16085) (Milos Djermanovic)
  • 62541ed chore: fix markdown linting error (#​16083) (唯然)

v8.19.0

Compare Source

Features

  • 7023628 feat: add importNames support for patterns in no-restricted-imports (#​16059) (Brandon Scott)
  • 472c368 feat: fix handling of blockless with statements in indent rule (#​16068) (Milos Djermanovic)

Bug Fixes

  • fc81848 fix: throw helpful exception when rule has wrong return type (#​16075) (Bryan Mishkin)

Documentation

  • 3ae0574 docs: Remove duplicate rule descriptions (#​16052) (Amaresh S M)
  • f50cf43 docs: Add base href to each page to fix relative URLs (#​16046) (Nicholas C. Zakas)
  • ae4b449 docs: make logo link clickable on small width screens (#​16058) (Milos Djermanovic)
  • 280f898 docs: use only fenced code blocks (#​16044) (Milos Djermanovic)
  • f5d63b9 docs: add listener only if element exists (#​16045) (Amaresh S M)
  • 8b639cc docs: add missing migrating-to-8.0.0 in the user guide (#​16048) (唯然)
  • b8e68c1 docs: Update release process (#​16036) (Nicholas C. Zakas)
  • 6d0cb11 docs: remove table of contents from markdown text (#​15999) (Nitin Kumar)

Chores

v8.18.0

Compare Source

Features

  • a6273b8 feat: account for rule creation time in performance reports (#​15982) (Nitin Kumar)

Bug Fixes

  • f364d47 fix: Make no-unused-vars treat for..of loops same as for..in loops (#​15868) (Alex Bass)

Documentation

  • 4871047 docs: Update analytics, canonical URL, ads (#​15996) (Nicholas C. Zakas)
  • cddad14 docs: Add correct/incorrect containers (#​15998) (Nicholas C. Zakas)
  • b04bc6f docs: Add rules meta info to rule pages (#​15902) (Nicholas C. Zakas)
  • 1324f10 docs: unify the wording referring to optional exception (#​15893) (Abdelrahman Elkady)
  • ad54d02 docs: add missing trailing slash to some internal links (#​15991) (Milos Djermanovic)
  • df7768e docs: Switch to version-relative URLs (#​15978) (Nicholas C. Zakas)
  • 21d6479 docs: change some absolute links to relative (#​15970) (Milos Djermanovic)
  • f31216a docs: Update README team and sponsors (ESLint Jenkins)

Build Related

  • ed49f15 build: remove unwanted parallel and image-min for dev server (#​15986) (Strek)

Chores

  • f6e2e63 chore: fix 'replaced by' rule list (#​16007) (Milos Djermanovic)
  • d94dc84 chore: remove unused deprecation warnings (#​15994) (Francesco Trotta)
  • cdcf11e chore: fix versions link (#​15995) (Milos Djermanovic)
  • d2a8715 chore: add trailing slash to pathPrefix (#​15993) (Milos Djermanovic)
  • 58a1bf0 chore: tweak URL rewriting for local previews (#​15992) (Milos Djermanovic)
  • 80404d2 chore: remove docs deploy workflow (#​15984) (Nicholas C. Zakas)
  • 71bc750 chore: Set permissions for GitHub actions (#​15971) (Naveen)
  • 90ff647 chore: avoid generating subdirectories for each page on new docs site (#​15967) (Milos Djermanovic)

v8.17.0

Compare Source

Features

  • 55319e1 feat: fix indent bug with semicolon-first style (#​15951) (Milos Djermanovic)
  • f6d7920 feat: add allowNamedExports option to no-use-before-define (#​15953) (Milos Djermanovic)

Bug Fixes

Documentation

Chores

v8.16.0

Compare Source

Features

  • cab0c22 feat: add Unicode flag suggestion in no-misleading-character-class (#​15867) (Milos Djermanovic)
  • 38ae956 feat: check Unicode code point escapes in no-control-regex (#​15862) (Milos Djermanovic)
  • ee69cd3 feat: Update global variables (#​15871) (Sébastien Règne)

Bug Fixes

  • 3f09aab fix: function-paren-newline crash on "new new Foo();" (#​15850) (coderaiser)

Documentation

  • 050d5f4 docs: Static further reading links (#​15890) (Nicholas C. Zakas)
  • 36287c0 docs: fix absolute paths in related rules shortcode to work from /docs (#​15892) (Milos Djermanovic)
  • 90b6990 docs: fix absolute links in rule macro to work from /docs (#​15891) (Milos Djermanovic)
  • f437249 docs: Adjust docs site path prefix (#​15889) (Nicholas C. Zakas)
  • 6e16025 docs: update 'Related Rules' and 'Further Reading' in remaining rules (#​15884) (Milos Djermanovic)
  • 1d39f69 docs: remove confusing examples for no-mixed-operators (#​15875) (Milos Djermanovic)
  • 3071d76 docs: Fix some grammar issues (#​15837) (byodian)

Chores

nodejs/node

v14.20.0

Compare Source

This is a security release.

Notable Changes
Commits

v14.19.3

Compare Source

Notable Changes
  • This release updates OpenSSL to 1.1.1o. This update is not being treated as a security release as the issues addressed in OpenSSL 1.1.1o were assessed to not affect Node.js 14. See https://nodejs.org/en/blog/vulnerability/openssl-fixes-in-regular-releases-may2022/ for more information on how the May 2022 OpenSSL releases affects other Node.js release lines.
  • The list of GPG keys used to sign releases has been synchronized with the main branch.
Commits

v14.19.2

Compare Source

Notable Changes

doc:

  • New release key for Bryan English

Learn more at: #​42102 Contributed by Bryan English (@​bengl)

npm:

  • Upgrade npm to v6.14.17.

Learn more at: #​42900 Contributed by Ruy Adorno (@​ruyadorno)

V8:

  • V8 had a stack overflow issue affecting the vm module, cherry-picking cc9a8a37445e from V8 solves this issue.

Learn more at: #​41826 Contributed by Gus Caplan (@​devsnek)

  • Using getHeapSnapshot() was causing a Node.js crash due a V8 issue, this is fixed by backporting 367b0c1e7a32 from V8.

Learn more at: #​42637 Contributed by Chengzhong Wu (@​legendecas)

Commits

v14.19.1

Compare Source

This is a security release.

Notable Changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

  • Infinite loop in BN_mod_sqrt() reachable when parsing certificates (High)(CVE-2022-0778) More details are available at https://www.openssl.org/news/secadv/20220315.txt
Commits

v14.19.0

Compare Source

Notable Changes
Corepack

Node.js now includes Corepack, a script that acts as a bridge between Node.js projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them - just like what currently happens with npm, which is shipped in Node.js by default. Please head over to the Corepack documentation page for more information on how to use it.

Contributed by Maël Nison - #​39608

ICU updated

ICU has been updated to 70.1. This updates timezone database to 2021a3, including bringing forward the start for DST for Jordan from March to February.

Contributed by Michaël Zasso - #​40658

New option to disable loading of native addons

A new command line option --no-addons has been added to disallow loading of native addons.

Contributed by Dominic Elm - #​39977

Updated Root Certificates

Root certificates have been updated to those from Mozilla's Network Security Services 3.71.

Contributed by Richard Lau - #​40280

Other Notable Changes
  • [0d448eaab5] - (SEMVER-MINOR) crypto: make FIPS related options always available (Vít Ondruch) #​36341
  • [004eafbebf] - (SEMVER-MINOR) lib: add unsubscribe method to non-active DC channels (simon-id) #​40433
  • [625be7585d] - (SEMVER-MINOR) lib: add return value for DC channel.unsubscribe (simon-id) #​40433
  • [607bc74eae] - (SEMVER-MINOR) module: support pattern trailers (Guy Bedford) #​39635
  • [f74fe2a59c] - (SEMVER-MINOR) src: make napi_create_reference accept symbol (JckXia) #​39926
Commits

v14.18.3

Compare Source

This is a security release.

Notable changes
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.

Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44531 after publication.

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)

Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.

Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44532 after publication.

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)

Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.

Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

More details will be available at CVE-2021-44533 after publication.

Prototype pollution via console.table properties (Low)(CVE-2022-21824)

Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.

Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.

More details will be available at CVE-2022-21824 after publication.

Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.

Commits

v14.18.2

Compare Source

Notable changes

This release contains a c-ares update to fix a regression introduced in Node.js 14.17.5 resolving CNAME records containing underscores #​39780.

Also included are commits to allow Node.js 14 to continue to build and pass tests on our Jenkins CI, including adding Python 3.10 to the list of allowable Python versions for building.

Commits

v14.18.1

Compare Source

This is a security release.

Notable changes
  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
Commits

v14.18.0

Compare Source

Notable Changes
  • [3a60de0135] - assert: change status of legacy asserts (James M Snell) #​38113
  • [df37c106a7] - (SEMVER-MINOR) buffer: introduce Blob (James M Snell) #​36811
  • [223494c548] - (SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan) #​36952
  • [14fc4ddabc] - (SEMVER-MINOR) child_process: allow options.cwd receive a URL (Khaidi Chu) #​38862
  • [b68b13acb3] - (SEMVER-MINOR) child_process: add timeout to spawn and fork (Nitzan Uziely) #​37256
  • [da98c9f99b] - (SEMVER-MINOR) child_process: allow promisified exec to be cancel (Carlos Fuentes) #​34249
  • [779310ac87] - (SEMVER-MINOR) child_process: add 'overlapped' stdio flag (Thiago Padilha) #​29412
  • [40eb3b79f1] - (SEMVER-MINOR) cli: add -C alias for --conditions flag (Guy Bedford) #​38755
  • [39eba0a2e1] - (SEMVER-MINOR) cli: add --node-memory-debug option (Anna Henningsen) #​35537
  • [d8d9a9628a] - (SEMVER-MINOR) dns: add "tries" option to Resolve options (Luan Devecchi) #​39610
  • [15ba19b020] - (SEMVER-MINOR) dns: allow --dns-result-order to change default dns verbatim (Ouyang Yadong) #​38099
  • [307c1d817f] - doc: refactor fs docs structure (James M Snell) #​37170
  • [9ee3f77e32] - (SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe) #​37362
  • [e73bfed2f4] - esm: deprecate legacy main lookup for modules (Guy Bedford) #​36918
  • [989c204a58] - (SEMVER-MINOR) fs: allow empty string for temp directory prefix (Voltrex) [#​39028](https://togithub.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • [ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Jun 11 '21 06:06 renovate[bot]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/nuxt-js/hackernews/AmtCvic2tieEuPUZ1dPzspCzaoqE
✅ Preview: https://hackernews-git-renovate-all-minor-patch-nuxt-js.vercel.app

vercel[bot] avatar Jun 11 '21 06:06 vercel[bot]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
hackernews ✅ Ready (Inspect) Visit Preview Aug 15, 2022 at 2:37AM (UTC)

vercel[bot] avatar Apr 24 '22 18:04 vercel[bot]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
installing v2 tool node v16.16.0
linking tool node v16.16.0
node: v16.16.0 /usr/local/bin/node
npm: 8.11.0  /usr/local/bin/npm
Installed v2 /usr/local/buildpack/tools/v2/node.sh in 6 seconds
installing v2 tool pnpm v7.9.0
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.

added 1 package in 2s
linking tool pnpm v7.9.0
7.9.0
Installed v2 /usr/local/buildpack/tools/v2/pnpm.sh in 4 seconds
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 6, reused 0, downloaded 2, added 0
Progress: resolved 26, reused 0, downloaded 10, added 0
Progress: resolved 42, reused 0, downloaded 23, added 0
Progress: resolved 59, reused 0, downloaded 35, added 0
Progress: resolved 75, reused 0, downloaded 51, added 0
Progress: resolved 86, reused 0, downloaded 63, added 0
Progress: resolved 89, reused 0, downloaded 74, added 0
Progress: resolved 102, reused 0, downloaded 84, added 0
Progress: resolved 110, reused 0, downloaded 93, added 0
Progress: resolved 132, reused 0, downloaded 109, added 0
Progress: resolved 152, reused 0, downloaded 124, added 0
Progress: resolved 168, reused 0, downloaded 140, added 0
Progress: resolved 185, reused 0, downloaded 163, added 0
Progress: resolved 197, reused 0, downloaded 171, added 0
Progress: resolved 211, reused 0, downloaded 183, added 0
Progress: resolved 226, reused 0, downloaded 196, added 0
Progress: resolved 253, reused 0, downloaded 222, added 0
Progress: resolved 267, reused 0, downloaded 237, added 0
Progress: resolved 285, reused 0, downloaded 251, added 0
Progress: resolved 313, reused 0, downloaded 271, added 0
Progress: resolved 337, reused 0, downloaded 302, added 0
Progress: resolved 369, reused 0, downloaded 312, added 0
Progress: resolved 379, reused 0, downloaded 320, added 0
Progress: resolved 396, reused 0, downloaded 335, added 0
Progress: resolved 414, reused 0, downloaded 351, added 0
Progress: resolved 435, reused 0, downloaded 366, added 0
Progress: resolved 442, reused 0, downloaded 380, added 0
Progress: resolved 447, reused 0, downloaded 386, added 0
Progress: resolved 457, reused 0, downloaded 393, added 0
Progress: resolved 477, reused 0, downloaded 410, added 0
Progress: resolved 498, reused 0, downloaded 432, added 0
Progress: resolved 527, reused 0, downloaded 453, added 0
Progress: resolved 581, reused 0, downloaded 483, added 0
Progress: resolved 610, reused 0, downloaded 515, added 0
Progress: resolved 640, reused 0, downloaded 540, added 0
Progress: resolved 663, reused 0, downloaded 557, added 0
.                                        |  WARN  deprecated @jridgewell/[email protected]
Progress: resolved 691, reused 0, downloaded 587, added 0
.                                        |  WARN  deprecated [email protected]
Progress: resolved 723, reused 0, downloaded 620, added 0
Progress: resolved 747, reused 0, downloaded 653, added 0
Progress: resolved 783, reused 0, downloaded 692, added 0
Progress: resolved 799, reused 0, downloaded 734, added 0
Progress: resolved 802, reused 0, downloaded 757, added 0
Progress: resolved 802, reused 0, downloaded 760, added 0
Progress: resolved 802, reused 0, downloaded 761, added 0
undefined
 ERR_PNPM_PEER_DEP_ISSUES  Unmet peer dependencies

.
└─┬ postcss-nested 5.0.6
  └── ✕ missing peer postcss@^8.2.14
Peer dependencies that should be installed:
  postcss@^8.2.14

hint: If you want peer dependencies to be automatically installed, add "auto-install-peers=true" to an .npmrc file at the root of your project.
hint: If you don't want pnpm to fail on peer dependency issues, add "strict-peer-dependencies=false" to an .npmrc file at the root of your project.

renovate[bot] avatar Aug 03 '22 10:08 renovate[bot]