Update all dependencies #195

ggrossetie · 2022-04-01T02:46:00Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	`v3` -> `v4`
actions/setup-node	action	major	`v3` -> `v4`
chai (source)	devDependencies	major	`4.3.7` -> `5.1.2`
mocha (source)	devDependencies	major	`10.2.0` -> `11.0.1`
node	volta	minor	`18.16.1` -> `18.20.5`
sinon (source)	devDependencies	major	`15.2.0` -> `19.0.2`
standard (source)	devDependencies	patch	`17.1.0` -> `17.1.2`
yargs (source)	dependencies	minor	`17.3.1` -> `17.7.2`

Release Notes

actions/checkout

`v4`

Compare Source

url-helper.ts now leverages well-known environment variables by @jww3 in https://github.com/actions/checkout/pull/1941
Expand unit test coverage for isGhes by @jww3 in https://github.com/actions/checkout/pull/1946

actions/setup-node

`v4`

Compare Source

chaijs/chai

Fix bad v5.0.2 publish.

Full Changelog: chaijs/chai@v5.0.2...v5.0.3

`v5.0.2`

Compare Source

What's Changed

build(deps): bump nanoid and mocha by @dependabot in https://github.com/chaijs/chai/pull/1558
remove bump-cli by @koddsson in https://github.com/chaijs/chai/pull/1559
Update developer dependencies by @koddsson in https://github.com/chaijs/chai/pull/1560
fix: removes ?? for node compat (5.x) by @43081j in https://github.com/chaijs/chai/pull/1576
Update loupe to latest version by @koddsson in https://github.com/chaijs/chai/pull/1579
Re-enable some webkit tests by @koddsson in https://github.com/chaijs/chai/pull/1580
Remove a bunch of if statements in test/should.js by @koddsson in https://github.com/chaijs/chai/pull/1581
Remove a bunch of unused files by @koddsson in https://github.com/chaijs/chai/pull/1582
Fix 1564 by @koddsson in https://github.com/chaijs/chai/pull/1566

Full Changelog: chaijs/chai@v5.0.1...v5.0.2

`v5.0.0`

Compare Source

BREAKING CHANGES

Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have import {...} from 'chai' or import('chai'). require('chai') will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.
Dropped support for Internet Explorer.
Dropped support for NodeJS < 18.
Minimum supported browsers are now Firefox 100, Safari 14.1, Chrome 100, Edge 100. Support for browsers prior to these versions is "best effort" (bug reports on older browsers will be assessed individually and may be marked as wontfix).

What's Changed

feat: use chaijs/loupe for inspection by @pcorpet in https://github.com/chaijs/chai/pull/1401
docs: fix URL in README by @Izzur in https://github.com/chaijs/chai/pull/1413
Remove get-func-name dependency by @koddsson in https://github.com/chaijs/chai/pull/1416
Convert Makefile script to npm scripts by @koddsson in https://github.com/chaijs/chai/pull/1424
Clean up README badges by @koddsson in https://github.com/chaijs/chai/pull/1422
fix: package.json - deprecation warning on exports field by @stevenjoezhang in https://github.com/chaijs/chai/pull/1400
fix: deep-eql bump package to support symbols by @snewcomer in https://github.com/chaijs/chai/pull/1458
ES module conversion PoC by @43081j in https://github.com/chaijs/chai/pull/1498
chore: drop commonjs support by @43081j in https://github.com/chaijs/chai/pull/1503
Update pathval by @koddsson in https://github.com/chaijs/chai/pull/1527
Update check-error by @koddsson in https://github.com/chaijs/chai/pull/1528
update deep-eql to latest version by @koddsson in https://github.com/chaijs/chai/pull/1542
Inline type-detect as a simple function by @koddsson in https://github.com/chaijs/chai/pull/1544
Update loupe by @koddsson in https://github.com/chaijs/chai/pull/1545
Typo 'Test an object' not 'Test and object' by @mavaddat in https://github.com/chaijs/chai/pull/1460
Update assertion-error to it's latest major version! by @koddsson in https://github.com/chaijs/chai/pull/1543
Replacing Karma with Web Test Runner by @koddsson in https://github.com/chaijs/chai/pull/1546

New Contributors

@Izzur made their first contribution in https://github.com/chaijs/chai/pull/1413
@stevenjoezhang made their first contribution in https://github.com/chaijs/chai/pull/1400
@43081j made their first contribution in https://github.com/chaijs/chai/pull/1498

Full Changelog: chaijs/chai@4.3.1...v5.0.0

`v4.5.0`

Compare Source

Update type detect (#1631) 1a36d35

What's Changed

Update type detect by @koddsson in https://github.com/chaijs/chai/pull/1631

Full Changelog: chaijs/chai@v4.4.1...v4.5.0

`v4.4.1`

Compare Source

What's Changed

fix: removes ?? for node compat by @43081j in https://github.com/chaijs/chai/pull/1574

Full Changelog: chaijs/chai@v4.4.0...v4.4.1

`v4.4.0`

Compare Source

What's Changed

Allow deepEqual fonction to be configured globally (4.x.x branch) by @forty in https://github.com/chaijs/chai/pull/1553

Full Changelog: chaijs/chai@v4.3.10...v4.4.0

`v4.3.10`

Compare Source

This release simply bumps all dependencies to their latest non-breaking versions.

What's Changed

upgrade all dependencies by @keithamus in https://github.com/chaijs/chai/pull/1540

Full Changelog: chaijs/chai@v4.3.9...v4.3.10

`v4.3.9`

Compare Source

Upgrade dependencies.

This release upgrades dependencies to address CVE-2023-43646 where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang.

Full Changelog: chaijs/chai@v4.3.8...v4.3.9

`v4.3.8`

Compare Source

What's Changed

4.x.x: Fix link to commit logs on GitHub by @bugwelle in https://github.com/chaijs/chai/pull/1487
build(deps): bump socket.io-parser from 4.0.4 to 4.0.5 by @dependabot in https://github.com/chaijs/chai/pull/1488
Small typo in test.js by @mavaddat in https://github.com/chaijs/chai/pull/1459
docs: specify return type of objDisplay by @scarf005 in https://github.com/chaijs/chai/pull/1490
Update CONTRIBUTING.md by @matheus-rodrigues00 in https://github.com/chaijs/chai/pull/1521
Fix: update exports.version to current version by @peanutenthusiast in https://github.com/chaijs/chai/pull/1534

New Contributors

@bugwelle made their first contribution in https://github.com/chaijs/chai/pull/1487
@mavaddat made their first contribution in https://github.com/chaijs/chai/pull/1459
@scarf005 made their first contribution in https://github.com/chaijs/chai/pull/1490
@matheus-rodrigues00 made their first contribution in https://github.com/chaijs/chai/pull/1521
@peanutenthusiast made their first contribution in https://github.com/chaijs/chai/pull/1534

Full Changelog: chaijs/chai@v4.3.7...v4.3.8

mochajs/mocha

`v11.0.1`

Compare Source

🌟 Features

bumped glob dependency from 8 to 10 (#5250) (43c3157)

📚 Documentation

fix examples for linkPartialObjects methods (#5255) (34e0e52)

`v11.0.0`

Compare Source

⚠ BREAKING CHANGES

adapt new engine range for Mocha 11 (#5216)

🌟 Features

allow calling hook methods (#5231) (e3da641)

🩹 Fixes

adapt new engine range for Mocha 11 (#5216) (80da25a)

📚 Documentation

downgrade example/tests chai to 4.5.0 (#5245) (eac87e1)

`v10.8.2`

Compare Source

🩹 Fixes

support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
test link in html reporter (#5224) (f054acc)

📚 Documentation

indicate 'exports' interface does not work in browsers (#5181) (14e640e)

🧹 Chores

fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)

🤖 Automation

deps: bump the github-actions group with 1 update (#5132) (e536ab2)

`v10.8.1`

Compare Source

🩹 Fixes

handle case of invalid package.json with no explicit config (#5198) (f72bc17)
Typos on mochajs.org (#5237) (d8ca270)
use accurate test links in HTML reporter (#5228) (68803b6)

`v10.8.0`

Compare Source

🌟 Features

highlight browser failures (#5222) (8ff4845)

🩹 Fixes

remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)

📚 Documentation

add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)
adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)
update README, LICENSE and fix outdated (#5197) (1203e0e)

🧹 Chores

fix npm scripts on windows (#5219) (1173da0)
remove trailing whitespace in SECURITY.md (7563e59)

`v10.7.3`

Compare Source

🩹 Fixes

make release-please build work (#5194) (afd66ef)

`v10.7.0`

Compare Source

🎉 Enhancements

#4771 feat: add option to not fail on failing test suite (@ilgonmic)

`v10.6.1`

Compare Source

🐛 Fixes

#3825 fix: do not exit when only unref'd timer is present in test code (@boneskull)
#5040 fix: support canonical module (@JacobLey)

`v10.6.0`

Compare Source

🎉 Enhancements

#5150 feat: allow ^ versions for character encoding packages (@JoshuaKGoldberg)
#5151 feat: allow ^ versions for file matching packages (@JoshuaKGoldberg)
#5152 feat: allow ^ versions for yargs packages (@JoshuaKGoldberg)
#5153 feat: allow ^ versions for data serialization packages (@JoshuaKGoldberg)
#5154 feat: allow ^ versions for miscellaneous packages (@JoshuaKGoldberg)

`v10.5.2`

Compare Source

🐛 Fixes

#5032 fix: better tracking of seen objects in error serialization (@sam-super)

`v10.5.1`

Compare Source

🐛 Fixes

#5086 fix: Add error handling for nonexistent file case with --file option (@khoaHyh)

`v10.5.0`

Compare Source

🎉 Enhancements

#5015 feat: use <progress> and <svg> for browser progress indicator instead of <canvas> (@yourWaifu)
#5143 feat: allow using any 3.x chokidar dependencies (@simhnna)
#4835 feat: add MOCHA_OPTIONS env variable (@icholy)

🐛 Fixes

#5107 fix: include stack in browser uncaught error reporting (@JoshuaKGoldberg)

🔩 Other

#5110 chore: switch two-column list styles to be opt-in (@marjys)
#5135 chore: fix some typos in comments (@StevenMia)
#5130 chore: rename 'master' to 'main' in docs and tooling (@JoshuaKGoldberg)

`v10.4.0`

Compare Source

🎉 Enhancements

#4829 feat: include .cause stacks in the error stack traces (@voxpelli)
#4985 feat: add file path to xunit reporter (@bmish)

🐛 Fixes

#5074 fix: harden error handling in lib/cli/run.js (@stalet)

🔩 Other

#5077 chore: add mtfoley/pr-compliance-action (@JoshuaKGoldberg)
#5060 chore: migrate ESLint config to flat config (@JoshuaKGoldberg)
#5095 chore: revert #5069 to restore Netlify builds (@voxpelli)
#5097 docs: add sponsored to sponsorship link rels (@JoshuaKGoldberg)
#5093 chore: add 'status: in triage' label to issue templates and docs (@JoshuaKGoldberg)
#5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@JoshuaKGoldberg)
#5100 chore: fix header generation and production build crashes (@JoshuaKGoldberg)
#5104 chore: bump ESLint ecmaVersion to 2020 (@JoshuaKGoldberg)
#5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@LcsK)
#4869 docs: fix documentation concerning glob expansion on UNIX (@binki)
#5122 test: fix xunit integration test (@voxpelli)
#5123 chore: activate dependabot for workflows (@voxpelli)
#5125 build(deps): bump the github-actions group with 2 updates (@dependabot)

`v10.3.0`

Compare Source

This is a stable release equivalent to 10.30.0-prerelease.

nodejs/node

`v18.20.5`

Compare Source

Notable Changes

[ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #55333

Commits

[c2e6a8f215] - benchmark: fix napi/ref addon (Michaël Zasso) #53233
[4c2e07aaac] - build: pin doc workflow to Node.js 20 (Richard Lau) #55755
[6ba4ebd060] - build: fix build with Python 3.12 (Luigi Pinca) #50582
[c50f01399e] - crypto: ensure invalid SubtleCrypto JWK data import results in DataError (Filip Skokan) #55041
[5c46782137] - crypto: make deriveBits length parameter optional and nullable (Filip Skokan) #53601
[6e7274fa53] - crypto: reject dh,x25519,x448 in {Sign,Verify}Final (Huáng Jùnliàng) #53774
[d2442044db] - crypto: reject Ed25519/Ed448 in Sign/Verify prototypes (Filip Skokan) #52340
[93670de499] - deps: upgrade npm to 10.8.2 (npm team) #53799
[8531c95587] - deps: upgrade npm to 10.8.1 (npm team) #53207
[fd9933ea0f] - deps: upgrade npm to 10.8.0 (npm team) #53014
[03852495d7] - deps: update simdutf to 5.6.0 (Node.js GitHub Bot) #55379
[3597be4146] - deps: update simdutf to 5.5.0 (Node.js GitHub Bot) #54434
[52d2c03738] - deps: update simdutf to 5.3.4 (Node.js GitHub Bot) #54312
[dd882ac483] - deps: update simdutf to 5.3.1 (Node.js GitHub Bot) #54196
[5fb8e1b428] - deps: update simdutf to 5.3.0 (Node.js GitHub Bot) #53837
[c952fd886d] - deps: update simdutf to 5.2.8 (Node.js GitHub Bot) #52727
[a1ae050ed5] - deps: update simdutf to 5.2.6 (Node.js GitHub Bot) #52727
[96ec48da7f] - deps: update brotli to 1.1.0 (Node.js GitHub Bot) #50804
[11242bcfb4] - deps: update zlib to 1.3.0.1-motley-71660e1 (Node.js GitHub Bot) #53464
[64f98a9869] - deps: update zlib to 1.3.0.1-motley-c2469fd (Node.js GitHub Bot) #53464
[4b815550e0] - deps: update zlib to 1.3.0.1-motley-68e57e6 (Node.js GitHub Bot) #53464
[f6b2f68ce7] - deps: update zlib to 1.3.0.1-motley-8b7eff8 (Node.js GitHub Bot) #53464
[e151ebef86] - deps: update zlib to 1.3.0.1-motley-e432200 (Node.js GitHub Bot) #53464
[637a306e02] - deps: update zlib to 1.3.0.1-motley-887bb57 (Node.js GitHub Bot) #53464
[569a739569] - deps: update zlib to 1.3.0.1-motley-209717d (Node.js GitHub Bot) #53156
[033f1e2ba5] - deps: update zlib to 1.3.0.1-motley-4f653ff (Node.js GitHub Bot) #53052
[aaa857fc01] - deps: update ada to 2.8.0 (Node.js GitHub Bot) #53254
[d577321877] - deps: update acorn to 8.13.0 (Node.js GitHub Bot) #55558
[55b3c8a41f] - deps: update acorn-walk to 8.3.4 (Node.js GitHub Bot) #54950
[50a9456f1e] - deps: update acorn-walk to 8.3.3 (Node.js GitHub Bot) #53466
[f56cfe776b] - deps: update acorn to 8.12.1 (Node.js GitHub Bot) #53465
[fce3ab686d] - deps: update archs files for openssl-3.0.15+quic1 (Node.js GitHub Bot) #55184
[46c782486e] - deps: upgrade openssl sources to quictls/openssl-3.0.15+quic1 (Node.js GitHub Bot) #55184
[4a18581dc3] - deps: update corepack to 0.29.4 (Node.js GitHub Bot) #54845
[67e98831ab] - deps: update archs files for openssl-3.0.14+quic1 (Node.js GitHub Bot) #54336
[c60c6630af] - deps: upgrade openssl sources to quictls/openssl-3.0.14+quic1 (Node.js GitHub Bot) #54336
[935a506377] - deps: update corepack to 0.29.3 (Node.js GitHub Bot) #54072
[dbdfdd0226] - deps: update corepack to 0.29.2 (Node.js GitHub Bot) #53838
[395ee44608] - deps: update corepack to 0.28.2 (Node.js GitHub Bot) #53253
[6ba8bc0618] - deps: update c-ares to 1.29.0 (Node.js GitHub Bot) #53155
[81c3260cd2] - deps: update corepack to 0.28.1 (Node.js GitHub Bot) #52946
[e4739e9aa6] - doc: only apply content-visibility on all.html (Filip Skokan) #53510
[4d2ac5d98f] - doc: move release key for Myles Borins (Richard Lau) #54059
[1c4decc998] - doc: add release key for aduh95 (Antoine du Hamel) #55349
[a4f6f0918f] - doc: add names next to release key bash commands (Aviv Keller) #52878
[c679348f83] - errors: use determineSpecificType in more error messages (Antoine du Hamel) #49580
[3059262185] - esm: fix broken assertion in legacyMainResolve (Antoine du Hamel) #55708
[ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #55333
[84b0ead758] - esm: fix hook name in error message (Bruce MacNaughton) #50466
[0092358d00] - http: handle multi-value content-disposition header (Arsalan Ahmad) #50977
[d814fe935c] - src: account for OpenSSL unexpected version (Shelley Vohr) #54038
[6615fe5db1] - src: fix dynamically linked OpenSSL version (Richard Lau) #53456
[d6114cb2e2] - test: fix test when compiled without engine support (Richard Lau) #53232
[ac3a39051c] - test: fix test-tls-junk-closes-server (Michael Dawson) #55089
[c8520ff7d2] - test: fix OpenSSL version checks (Richard Lau) #53503
[9824827937] - test: update tls test to support OpenSSL32 (Michael Dawson) #55030
[1a4d497936] - test: adjust tls-set-ciphers for OpenSSL32 (Michael Dawson) #55016
[341496a5a2] - test: add asserts to validate test assumptions (Michael Dawson) #54997
[37a2f7eaa4] - test: adjust key sizes to support OpenSSL32 (Michael Dawson) #54972
[75ff0cdf66] - test: update test to support OpenSSL32 (Michael Dawson) #54968
[b097d85dfe] - test: adjust test-tls-junk-server for OpenSSL32 (Michael Dawson) #54926
[e9997388a6] - test: adjust tls test for OpenSSL32 (Michael Dawson) #54909
[c7de027adb] - test: fix test test-tls-dhe for OpenSSL32 (Michael Dawson) #54903
[68156cbae1] - test: fix test-tls-client-mindhsize for OpenSSL32 (Michael Dawson) #54739
[d5b73e5683] - test: increase key size for ca2-cert.pem (Michael Dawson) #54599
[5316314755] - test: update TLS test for OpenSSL 3.2 (Richard Lau) #54612
[a1f0c87859] - test: fix test-tls-client-auth test for OpenSSL32 (Michael Dawson) #54610
[e9e3306426] - test: use assert.{s,deepS}trictEqual() (Sonny) #54208
[1320fb9475] - test: update TLS trace tests for OpenSSL >= 3.2 (Richard Lau) #53229
[cc3cdf7cc0] - test: check against run-time OpenSSL version (Richard Lau) #53456
[fc43c6803e] - test: update TLS tests for OpenSSL 3.2 (Richard Lau) #53384
[627d3993f0] - test: fix unreliable assumption in js-native-api/test_cannot_run_js (Joyee Cheung) #51898
[9f521f456e] - test: update tests for OpenSSL 3.0.14 (Richard Lau) #53373
[0fb652eba9] - tools: update gyp-next to v0.16.1 (Michaël Zasso) #50380
[fa72b2c2de] - tools: skip ruff on tools/gyp (Michaël Zasso) #50380

`v18.20.4`

Compare Source

This is a security release.

Notable Changes

CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
CVE-2024-22020 - Bypass network import restriction via data URL (Medium)

Commits

[85abedf1ff] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
[eccd63b865] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596

`v18.20.3`

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies

acorn updated to 8.11.3.
acorn-walk updated to 8.3.2.
ada updated to 2.7.8.
c-ares updated to 1.28.1.
corepack updated to 0.28.0.
nghttp2 updated to 1.61.0.
ngtcp2 updated to 1.3.0.
npm updated to 10.7.0. Includes a fix from [email protected] to limit the number of open connections npm/cli#7324.
simdutf updated to 5.2.4.
zlib updated to 1.3.0.1-motley-7d77fb7.

Commits

[0c260e10e7] - deps: update zlib to 1.3.0.1-motley-7d77fb7 (Node.js GitHub Bot) #52516
[1152d7f919] - deps: update zlib to 1.3.0.1-motley-24c07df (Node.js GitHub Bot) #52199
[755399db9d] - deps: update zlib to 1.3.0.1-motley-24342f6 (Node.js GitHub Bot) #52123
[af3e32073b] - deps: update ada to 2.7.8 (Node.js GitHub Bot) #52517
[e4ea2db58b] - deps: update c-ares to 1.28.1 (Node.js GitHub Bot) #52285
[14e857bea2] - deps: update corepack to 0.28.0 (Node.js GitHub Bot) #52616
[7f5dd44ca6] - deps: upgrade npm to 10.7.0 (npm team) #52767
[78f84ebb09] - deps: update ngtcp2 to 1.3.0 (Node.js GitHub Bot) #51796
[1f489a3753] - deps: update ngtcp2 to 1.2.0 (Node.js GitHub Bot) #51584
[3034968225] - deps: update ngtcp2 to 1.1.0 (Node.js GitHub Bot) #51319
[1aa9da467f] - deps: add nghttp3/**/.deps to .gitignore (Luigi Pinca) #51400
[28c0c78c9a] - deps: update ngtcp2 and nghttp3 (James M Snell) #51291
[8fd5a35364] - deps: upgrade npm to 10.5.2 (npm team) #52458
[2c53ff31c9] - deps: update acorn-walk to 8.3.2 (Node.js GitHub Bot) #51457
[12f28f33c2] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #51317
[dddb7eb3e0] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #50457
[c86550e607] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #50457
[9500817f66] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #50460
[7a8c7b6275] - deps: update ada to 2.7.7 (Node.js GitHub Bot) #52028
[b199889943] - deps: update corepack to 0.26.0 (Node.js GitHub Bot) #52027
[052b0ba0c6] - deps: upgrade npm to 10.5.1 (npm team) #52351
[209823d3af] - deps: update simdutf to 5.2.4 (Node.js GitHub Bot) #52473
[5114cbe18a] - deps: update simdutf to 5.2.3 (Yagiz Nizipli) #52381
[be30309ea0] - deps: update simdutf to 5.0.0 (Daniel Lemire) #52138
[b56f66e250] - deps: update simdutf to 4.0.9 (Node.js GitHub Bot) #51655
[a9f3b9d9d1] - deps: update nghttp2 to 1.61.0 (Node.js GitHub Bot) #52395
[1b6fa70620] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #51948
[3c9dbbf4d4] - deps: update nghttp2 to 1.59.0 (Node.js GitHub Bot) #51581
[e28316da54] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #50441
[678641f470] - deps: V8: cherry-pick d15d49b (Bo Anderson) #52337
[1147fee7d9] - doc: remove ableist language from crypto (Jamie King) #52063
[5e93eae972] - doc: add release key for marco-ippolito (marco-ippolito) #52257
[6689a98488] - http: remove closeIdleConnections function while calling server close (Kumar Rishav) #52336
[71616e8a8a] - node-api: make tsfn accept napi_finalize once more (Gabriel Schulhof) #51801
[d9d9e62474] - src: avoid draining platform tasks at FreeEnvironment (Chengzhong Wu) #51290
[e5fc8ec9fc] - test: skip v8-updates/test-linux-perf (Michaël Zasso) #49639
[351ef189ca] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #50352
[5cec2efc31] - test: reduce the number of requests and parsers (Luigi Pinca) #50240
[5186e453d9] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #49574
[c60cd67e1c] - test: skip test for dynamically linked OpenSSL (Richard Lau) #52542

`v18.20.2`

Compare Source

This is a security release.

Notable Changes

CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

[6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

`v18.20.1`

Compare Source

This is a security release.

Notable Changes

CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
llhttp version 9.2.1
undici version 5.28.4

Commits

[60d24938de] - deps: update undici to v5.28.4 (Matteo Collina) nodejs-private/node-private#577
[5d4d5848cf] - http: do not allow OBS fold in headers by default (Paolo Insogna) nodejs-private/node-private#558
[0fb816dbcc] - src: ensure to close stream when destroying session (Anna Henningsen) nodejs-private/node-private#561

[`v18.20.0`](https://togi

Configuration

📅 Schedule: "before 3am on the first day of the month" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

ggrossetie · 2024-07-27T02:20:29Z

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/chai
npm ERR!   dev chai@"5.1.2" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer chai@">=2.2.1 <5" from [email protected]
npm ERR! node_modules/dirty-chai
npm ERR!   dev dirty-chai@"2.0.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/chai
npm ERR!   peer chai@">=2.2.1 <5" from [email protected]
npm ERR!   node_modules/dirty-chai
npm ERR!     dev dirty-chai@"2.0.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-12-03T02_38_12_840Z-debug-0.log

ggrossetie changed the title ~~Update dependency yargs to v17.4.0~~ Update dependency yargs to v17.4.1 Apr 10, 2022

ggrossetie force-pushed the renovate/all branch from 28ca2f2 to dcec26f Compare April 10, 2022 02:37

ggrossetie force-pushed the renovate/all branch from dcec26f to 9be6745 Compare April 21, 2022 02:51

ggrossetie changed the title ~~Update dependency yargs to v17.4.1~~ Update all dependencies Apr 21, 2022

ggrossetie force-pushed the renovate/all branch 2 times, most recently from ebfe8da to 3eb073b Compare May 8, 2022 02:45

ggrossetie force-pushed the renovate/all branch 2 times, most recently from fe47d4f to 2bbc1b9 Compare May 16, 2022 02:38

ggrossetie force-pushed the renovate/all branch from 2bbc1b9 to ba342d6 Compare September 10, 2022 03:04

ggrossetie force-pushed the renovate/all branch from ba342d6 to afa9a19 Compare September 23, 2022 03:05

ggrossetie force-pushed the renovate/all branch from afa9a19 to 14c7f78 Compare October 1, 2022 03:09

ggrossetie force-pushed the renovate/all branch from 14c7f78 to b347c3a Compare October 16, 2022 03:06

ggrossetie force-pushed the renovate/all branch 2 times, most recently from 26ab091 to 60787f9 Compare November 4, 2022 02:50

ggrossetie force-pushed the renovate/all branch from 60787f9 to ec9a331 Compare November 29, 2022 02:36

ggrossetie force-pushed the renovate/all branch from ec9a331 to c8a4064 Compare December 12, 2022 02:32

ggrossetie force-pushed the renovate/all branch from c8a4064 to 6e6bc76 Compare March 26, 2023 12:00

ggrossetie force-pushed the renovate/all branch from 6e6bc76 to 6e73d04 Compare April 28, 2023 02:24

ggrossetie force-pushed the renovate/all branch from 6e73d04 to f70f0da Compare May 31, 2023 02:41

ggrossetie changed the title ~~Update all dependencies~~ Update dependency yargs to v17.7.2 Jun 25, 2023

ggrossetie force-pushed the renovate/all branch from f70f0da to d05a14a Compare June 25, 2023 02:44

ggrossetie changed the title ~~Update dependency yargs to v17.7.2~~ Update all dependencies Jul 19, 2023

ggrossetie force-pushed the renovate/all branch from d05a14a to a3d2a90 Compare July 19, 2023 03:07

ggrossetie force-pushed the renovate/all branch from a3d2a90 to 988e9b3 Compare August 10, 2023 02:28

ggrossetie force-pushed the renovate/all branch from 988e9b3 to 6e56ccc Compare August 25, 2023 02:16

ggrossetie force-pushed the renovate/all branch from 6e56ccc to 266a3dc Compare November 2, 2023 14:32

ggrossetie force-pushed the renovate/all branch from 266a3dc to a791892 Compare November 30, 2023 02:20

ggrossetie force-pushed the renovate/all branch from a791892 to bdb5c6a Compare December 29, 2023 02:15

ggrossetie force-pushed the renovate/all branch from bdb5c6a to 59ff01b Compare January 26, 2024 02:15

ggrossetie force-pushed the renovate/all branch from 59ff01b to 6b9b83b Compare February 9, 2024 02:12

ggrossetie force-pushed the renovate/all branch 2 times, most recently from 24e040b to 5d3b226 Compare February 15, 2024 02:13

ggrossetie force-pushed the renovate/all branch from 5d3b226 to 9fe7686 Compare March 27, 2024 02:13

ggrossetie force-pushed the renovate/all branch from 9fe7686 to efd644f Compare April 4, 2024 02:15

ggrossetie force-pushed the renovate/all branch from efd644f to dadd5b8 Compare April 11, 2024 02:16

ggrossetie force-pushed the renovate/all branch 3 times, most recently from 8caaf55 to 792fe84 Compare May 14, 2024 02:21

ggrossetie force-pushed the renovate/all branch 2 times, most recently from c507afa to 3600381 Compare May 22, 2024 02:19

ggrossetie force-pushed the renovate/all branch 3 times, most recently from bf1a5b0 to 1da08b4 Compare June 27, 2024 02:20

ggrossetie force-pushed the renovate/all branch 2 times, most recently from 42a2a86 to 96a0b6e Compare July 9, 2024 02:21

ggrossetie force-pushed the renovate/all branch 3 times, most recently from 1b3add4 to 1f30f3c Compare July 27, 2024 02:20

ggrossetie force-pushed the renovate/all branch from 1f30f3c to 7e5e942 Compare August 10, 2024 02:23

ggrossetie force-pushed the renovate/all branch 2 times, most recently from a5a2821 to dd555f4 Compare October 24, 2024 02:31

ggrossetie force-pushed the renovate/all branch 2 times, most recently from 41d3cf2 to 3af8689 Compare October 31, 2024 02:33

ggrossetie force-pushed the renovate/all branch from 3af8689 to 091d73d Compare November 13, 2024 02:33

Update all dependencies

67b387d

ggrossetie force-pushed the renovate/all branch from 091d73d to 67b387d Compare December 3, 2024 02:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update all dependencies #195

Update all dependencies #195

ggrossetie commented Apr 1, 2022 •

edited

Loading

ggrossetie commented Jul 27, 2024 •

edited

Loading

Update all dependencies #195

Are you sure you want to change the base?

Update all dependencies #195

Conversation

ggrossetie commented Apr 1, 2022 • edited Loading

Release Notes

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

BREAKING CHANGES

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

🌟 Features

📚 Documentation

⚠ BREAKING CHANGES

🌟 Features

🩹 Fixes

📚 Documentation

🩹 Fixes

📚 Documentation

🧹 Chores

🤖 Automation

🩹 Fixes

🌟 Features

🩹 Fixes

📚 Documentation

🧹 Chores

🩹 Fixes

🎉 Enhancements

🐛 Fixes

🎉 Enhancements

🐛 Fixes

🐛 Fixes

🎉 Enhancements

🐛 Fixes

🔩 Other

🎉 Enhancements

🐛 Fixes

🔩 Other

Notable Changes

Commits

Notable Changes

Commits

Notable Changes

Updated dependencies

Commits

Notable Changes

Commits

Notable Changes

Commits

[v18.20.0](https://togi

Configuration

ggrossetie commented Jul 27, 2024 • edited Loading

⚠ Artifact update problem

File name: package-lock.json

ggrossetie commented Apr 1, 2022 •

edited

Loading

[`v18.20.0`](https://togi

ggrossetie commented Jul 27, 2024 •

edited

Loading