Commit f851b7b
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
fix(deps): update all (#396)
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence | Type |
Update |
|---|---|---|---|---|---|---|---|
| [@nestjs/swagger](https://togithub.com/nestjs/swagger) | [`7.1.7` ->
`7.1.8`](https://renovatebot.com/diffs/npm/@nestjs%2fswagger/7.1.7/7.1.8)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| dependencies | patch |
| [@tsconfig/node20](https://togithub.com/tsconfig/bases) | [`20.1.0` ->
`20.1.1`](https://renovatebot.com/diffs/npm/@tsconfig%2fnode20/20.1.0/20.1.1)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/lodash](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/lodash)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`4.14.196` ->
`4.14.197`](https://renovatebot.com/diffs/npm/@types%2flodash/4.14.196/4.14.197)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
|
[@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) |
[`20.4.8` ->
`20.4.10`](https://renovatebot.com/diffs/npm/@types%2fnode/20.4.8/20.4.10)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [cspell](https://streetsidesoftware.github.io/cspell/)
([source](https://togithub.com/streetsidesoftware/cspell)) | [`6.31.2`
-> `6.31.3`](https://renovatebot.com/diffs/npm/cspell/6.31.2/6.31.3) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | patch |
| [eslint](https://eslint.org)
([source](https://togithub.com/eslint/eslint)) | [`8.46.0` ->
`8.47.0`](https://renovatebot.com/diffs/npm/eslint/8.46.0/8.47.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
|
[eslint-import-resolver-typescript](https://togithub.com/import-js/eslint-import-resolver-typescript)
| [`3.5.5` ->
`3.6.0`](https://renovatebot.com/diffs/npm/eslint-import-resolver-typescript/3.5.5/3.6.0)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
| [jest-when](https://togithub.com/timkindberg/jest-when) | [`3.5.2` ->
`3.6.0`](https://renovatebot.com/diffs/npm/jest-when/3.5.2/3.6.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| devDependencies | minor |
| [node](https://togithub.com/nodejs/node) | `20.5.0-alpine3.17` ->
`20.5.1-alpine3.17` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| final | patch |
| [node](https://togithub.com/nodejs/node) | `20.5.0-alpine3.17` ->
`20.5.1-alpine3.17` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
| stage | patch |
---
### Release Notes
<details>
<summary>nestjs/swagger (@​nestjs/swagger)</summary>
### [`v7.1.8`](https://togithub.com/nestjs/swagger/releases/tag/7.1.8)
[Compare
Source](https://togithub.com/nestjs/swagger/compare/7.1.7...7.1.8)
- Merge branch 'master' of https://github.com/nestjs/swagger
([`441fea4`](https://togithub.com/nestjs/swagger/commit/441fea4))
- fix: patch local copy of open api document
([`8af173c`](https://togithub.com/nestjs/swagger/commit/8af173c))
- chore(deps): update dependency
[@​types/lodash](https://togithub.com/types/lodash) to v4.14.197
([`5e7aa83`](https://togithub.com/nestjs/swagger/commit/5e7aa83))
- chore(deps): update dependency release-it to v16.1.4
([`e580260`](https://togithub.com/nestjs/swagger/commit/e580260))
- chore(deps): update commitlint monorepo to v17.7.0
([`d8275bb`](https://togithub.com/nestjs/swagger/commit/d8275bb))
- chore(deps): update dependency
[@​types/node](https://togithub.com/types/node) to v18.17.4
([`3b7b6dd`](https://togithub.com/nestjs/swagger/commit/3b7b6dd))
- chore(deps): update typescript-eslint monorepo to v6.3.0
([`9d898b2`](https://togithub.com/nestjs/swagger/commit/9d898b2))
</details>
<details>
<summary>tsconfig/bases (@​tsconfig/node20)</summary>
###
[`v20.1.1`](https://togithub.com/tsconfig/bases/compare/53d80ed4a9ece800ffca9774c4e63cef3ce6ab38...53d80ed4a9ece800ffca9774c4e63cef3ce6ab38)
[Compare
Source](https://togithub.com/tsconfig/bases/compare/53d80ed4a9ece800ffca9774c4e63cef3ce6ab38...53d80ed4a9ece800ffca9774c4e63cef3ce6ab38)
</details>
<details>
<summary>streetsidesoftware/cspell (cspell)</summary>
###
[`v6.31.3`](https://togithub.com/streetsidesoftware/cspell/releases/tag/v6.31.3)
[Compare
Source](https://togithub.com/streetsidesoftware/cspell/compare/v6.31.2...v6.31.3)
#### What's Changed
- fix: Fix dynamic loader on Windows by
[@​Jason3S](https://togithub.com/Jason3S) in
[https://github.com/streetsidesoftware/cspell/pull/4707](https://togithub.com/streetsidesoftware/cspell/pull/4707)
**Full Changelog**:
streetsidesoftware/cspell@v6.31.2...v6.31.3
</details>
<details>
<summary>eslint/eslint (eslint)</summary>
### [`v8.47.0`](https://togithub.com/eslint/eslint/releases/tag/v8.47.0)
[Compare
Source](https://togithub.com/eslint/eslint/compare/v8.46.0...v8.47.0)
#### Features
-
[`53d7508`](https://togithub.com/eslint/eslint/commit/53d750800b1c0c1f8c29393c488bb3167bb1d2a5)
feat: update regex for methods with `thisArg`
([#​17439](https://togithub.com/eslint/eslint/issues/17439))
(Francesco Trotta)
#### Bug Fixes
-
[`631648e`](https://togithub.com/eslint/eslint/commit/631648ee0b51a8951ce576ccd4430e09c9c8bcae)
fix: do not report on shadowed constructors in `no-new-wrappers`
([#​17447](https://togithub.com/eslint/eslint/issues/17447))
(Francesco Trotta)
#### Documentation
-
[`a766a48`](https://togithub.com/eslint/eslint/commit/a766a48030d4359db76523d5b413d6332130e485)
docs: document lack of config file names
([#​17442](https://togithub.com/eslint/eslint/issues/17442))
(James)
-
[`a1635d6`](https://togithub.com/eslint/eslint/commit/a1635d6198a8baf6571b3351e098e5ac960be887)
docs: Update README (GitHub Actions Bot)
-
[`47a0859`](https://togithub.com/eslint/eslint/commit/47a08597966651975126dd6726939cd34f13b80e)
docs: update `require-unicode-regexp.md` as following up
[#​17402](https://togithub.com/eslint/eslint/issues/17402)
([#​17441](https://togithub.com/eslint/eslint/issues/17441))
(SUZUKI Sosuke)
-
[`fcdc85d`](https://togithub.com/eslint/eslint/commit/fcdc85d3a6bc14970c3349cc8d6f3a47eca172a3)
docs: Update README (GitHub Actions Bot)
-
[`2a92b6c`](https://togithub.com/eslint/eslint/commit/2a92b6cc9520a27255520369206556e9841a3af8)
docs: update with "Specifying Parser Options"
([#​17435](https://togithub.com/eslint/eslint/issues/17435))
(Cheol-Won)
-
[`d743ed3`](https://togithub.com/eslint/eslint/commit/d743ed3c06c62a639da0389ad27907b324ea1715)
docs: add metadata for parser/processor
([#​17438](https://togithub.com/eslint/eslint/issues/17438))
(Huáng Jùnliàng)
-
[`224376c`](https://togithub.com/eslint/eslint/commit/224376cd99a08394291a9584ad9c1ea1283673c6)
docs: Update README (GitHub Actions Bot)
-
[`a41a8e4`](https://togithub.com/eslint/eslint/commit/a41a8e4a7da14726d6fce71a023f12101fd52fdb)
docs: update script names in README
([#​17432](https://togithub.com/eslint/eslint/issues/17432))
(Nitin Kumar)
#### Chores
-
[`bf69aa6`](https://togithub.com/eslint/eslint/commit/bf69aa6408f5403a88d8c9b71b0e58232b1ea833)
chore: Update dependencies
([#​17456](https://togithub.com/eslint/eslint/issues/17456))
(Nicholas C. Zakas)
-
[`0e45760`](https://togithub.com/eslint/eslint/commit/0e4576012ab938b880e6f27641bff55fb4313d20)
chore: package.json update for
[@​eslint/js](https://togithub.com/eslint/js) release (ESLint
Jenkins)
-
[`757bfe1`](https://togithub.com/eslint/eslint/commit/757bfe1c35b5ddab7042d388f8d21e834875fff5)
chore: Remove add-to-triage
([#​17450](https://togithub.com/eslint/eslint/issues/17450))
(Nicholas C. Zakas)
-
[`b066640`](https://togithub.com/eslint/eslint/commit/b066640b7040ec30f740dcc803511244fe19473b)
chore: standardize npm script names
([#​17431](https://togithub.com/eslint/eslint/issues/17431))
(Nitin Kumar)
-
[`6b2410f`](https://togithub.com/eslint/eslint/commit/6b2410f911dd2e3d915c879041c6e257d41a2f4e)
chore: Update add-to-triage.yml
([#​17444](https://togithub.com/eslint/eslint/issues/17444))
(Nicholas C. Zakas)
</details>
<details>
<summary>import-js/eslint-import-resolver-typescript
(eslint-import-resolver-typescript)</summary>
###
[`v3.6.0`](https://togithub.com/import-js/eslint-import-resolver-typescript/blob/HEAD/CHANGELOG.md#360)
[Compare
Source](https://togithub.com/import-js/eslint-import-resolver-typescript/compare/v3.5.5...v3.6.0)
##### Minor Changes
-
[#​235](https://togithub.com/import-js/eslint-import-resolver-typescript/pull/235)
[`b5ea367`](https://togithub.com/import-js/eslint-import-resolver-typescript/commit/b5ea367d8361d3a71154545831dfcf8e03aca8e1)
Thanks [@​SukkaW](https://togithub.com/SukkaW)! - refactor: drop
`globby` and `synckit`
</details>
<details>
<summary>timkindberg/jest-when (jest-when)</summary>
###
[`v3.6.0`](https://togithub.com/timkindberg/jest-when/compare/v3.5.2...v3.6.0)
[Compare
Source](https://togithub.com/timkindberg/jest-when/compare/v3.5.2...v3.6.0)
</details>
<details>
<summary>nodejs/node (node)</summary>
### [`v20.5.1`](https://togithub.com/nodejs/node/releases/tag/v20.5.1):
2023-08-09, Version 20.5.1 (Current), @​RafaelGSS
[Compare
Source](https://togithub.com/nodejs/node/compare/v20.5.0...v20.5.1)
This is a security release.
##### Notable Changes
The following CVEs are fixed in this release:
-
[CVE-2023-32002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32002):
Policies can be bypassed via Module.\_load (High)
-
[CVE-2023-32558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32558):
process.binding() can bypass the permission model through path traversal
(High)
-
[CVE-2023-32004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32004):
Permission model can be bypassed by specifying a path traversal sequence
in a Buffer (High)
-
[CVE-2023-32006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32006):
Policies can be bypassed by module.constructor.createRequire (Medium)
-
[CVE-2023-32559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32559):
Policies can be bypassed via process.binding (Medium)
-
[CVE-2023-32005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32005):
fs.statfs can bypass the permission model (Low)
-
[CVE-2023-32003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32003):
fs.mkdtemp() and fs.mkdtempSync() can bypass the permission model (Low)
- OpenSSL Security Releases
- [OpenSSL security advisory 14th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000264.html).
- [OpenSSL security advisory 19th
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000265.html).
- [OpenSSL security advisory 31st
July](https://mta.openssl.org/pipermail/openssl-announce/2023-July/000267.html)
More detailed information on each of the vulnerabilities can be found in
[August 2023 Security
Releases](https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/)
blog post.
##### Commits
- \[[`92300b51b4`](https://togithub.com/nodejs/node/commit/92300b51b4)]
- **deps**: update archs files for openssl-3.0.10+quic1 (Node.js GitHub
Bot) [#​49036](https://togithub.com/nodejs/node/pull/49036)
- \[[`559698abf2`](https://togithub.com/nodejs/node/commit/559698abf2)]
- **deps**: upgrade openssl sources to quictls/openssl-3.0.10+quic1
(Node.js GitHub Bot)
[#​49036](https://togithub.com/nodejs/node/pull/49036)
- \[[`1bf3429e8e`](https://togithub.com/nodejs/node/commit/1bf3429e8e)]
- **lib,permission**: restrict process.binding when pm is enabled
(RafaelGSS)
[nodejs-private/node-private#438](https://togithub.com/nodejs-private/node-private/pull/438)
- \[[`98a83a67e6`](https://togithub.com/nodejs/node/commit/98a83a67e6)]
- **permission**: ensure to resolve path when calling mkdtemp
(RafaelGSS)
[nodejs-private/node-private#464](https://togithub.com/nodejs-private/node-private/pull/464)
- \[[`1f0cde466b`](https://togithub.com/nodejs/node/commit/1f0cde466b)]
- **permission**: handle buffer path on fs calls (RafaelGSS)
[nodejs-private/node-private#439](https://togithub.com/nodejs-private/node-private/pull/439)
- \[[`bd094d60ea`](https://togithub.com/nodejs/node/commit/bd094d60ea)]
- **permission**: handle fstatfs and add pm supported list (RafaelGSS)
[nodejs-private/node-private#441](https://togithub.com/nodejs-private/node-private/pull/441)
- \[[`7337d21484`](https://togithub.com/nodejs/node/commit/7337d21484)]
- **policy**: handle Module.constructor and main.extensions bypass
(RafaelGSS)
[nodejs-private/node-private#417](https://togithub.com/nodejs-private/node-private/pull/417)
- \[[`cf348ec640`](https://togithub.com/nodejs/node/commit/cf348ec640)]
- **policy**: disable process.binding() when enabled (Tobias Nießen)
[nodejs-private/node-private#397](https://togithub.com/nodejs-private/node-private/pull/397)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/UK-Export-Finance/mdm-api).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40MC4zIiwidXBkYXRlZEluVmVyIjoiMzYuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>](https://renovatebot.com){kind=link}
1 parent c2db8eb commit f851b7b
File tree
0 file changed
+0
-0
lines changed0 file changed
+0
-0
lines changed
0 commit comments