Skip to content

fix(deps): update all non-major dependencies #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 26, 2023
Merged

fix(deps): update all non-major dependencies #18

merged 1 commit into from
Jun 26, 2023

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jun 26, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@vue/babel-plugin-jsx (source) ^1.1.1 -> ^1.1.3 age adoption passing confidence
pnpm (source) 8.6.2 -> 8.6.4 age adoption passing confidence
tsup (source) ^7.0.0 -> ^7.1.0 age adoption passing confidence

Release Notes

vuejs/babel-plugin-jsx (@​vue/babel-plugin-jsx)

v1.1.3

Compare Source

No significant changes

    View changes on GitHub

v1.1.2

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub
pnpm/pnpm (pnpm)

v8.6.4

Compare Source

Patch Changes
  • In cases where both aliased and non-aliased dependencies exist to the same package, non-aliased dependencies will be used for resolving peer dependencies, addressing issue #​6588.
  • Ignore the port in the URL, while searching for authentication token in the .npmrc file #​6354.
  • Don't add the version of a local directory dependency to the lockfile. This information is not used anywhere by pnpm and is only causing more Git conflicts #​6695.
Our Gold Sponsors
Our Silver Sponsors

v8.6.3

Compare Source

Patch Changes
  • When running a script in multiple projects, the script outputs should preserve colours #​2148.
  • Don't crash when the APPDATA env variable is not set on Windows #​6659.
  • Don't fail when a package is archived in a tarball with malformed tar headers #​5362.
  • Peer dependencies of subdependencies should be installed, when node-linker is set to hoisted #​6680.
  • Throw a meaningful error when applying a patch to a dependency fails.
  • pnpm update --global --latest should work #​3779.
  • pnpm license ls should work even when there is a patched git protocol dependency #​6595
Our Gold Sponsors
Our Silver Sponsors
egoist/tsup (tsup)

v7.1.0

Compare Source

Features
  • Ensure matching declaration file exists for each output bundle format (#​934) (fb4c2b6)

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@bolt-new-by-stackblitz
Copy link

bolt-new-by-stackblitz bot commented Jun 26, 2023

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@socket-security
Copy link

socket-security bot commented Jun 26, 2023

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Network access mz 2.7.0
  • Module: dns
  • Location: dns.js
 pnpm-lock.yaml via tsup@7.1.0

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore mz@2.7.0

@socket-security
Copy link

socket-security bot commented Jun 26, 2023

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives1 Size Publisher
tsup 🆕 7.1.0 eval, network, filesystem, environment +46 2.11 MB egoist
@vue/babel-plugin-jsx ⬆️ 1.1.1...1.1.3 None +6/-1 431 kB sxzz

Footnotes

  1. https://docs.socket.dev

@sxzz sxzz merged commit b1063d3 into main Jun 26, 2023
@sxzz sxzz deleted the renovate/all-minor-patch branch June 26, 2023 05:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sxzz sxzz sxzz approved these changes

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sxzz