Skip to content

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates#174

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-deps-c920e9be3e
Closed

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates#174
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dev-deps-c920e9be3e

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Dec 16, 2024
edited
Loading

Bumps the dev-deps group with 6 updates in the / directory:

Package From To
@moonrepo/cli 1.29.3 1.30.5
@vitest/coverage-v8 2.1.4 2.1.8
vitest 2.1.4 2.1.8
@astrojs/starlight 0.28.5 0.30.1
rollup 4.24.3 4.28.1
vite 5.4.10 6.0.3

Updates @moonrepo/cli from 1.29.3 to 1.30.5

Release notes

Sourced from @​moonrepo/cli's releases.

v1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

v1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

v1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

v1.30.2

🐞 Fixes

  • Fixed an issue where dependencies/dependents of an affected task would be skipped in the action graph if they were also not affected.
  • Fixed a potential cycle (stack overflow) that may occur in the affected tracker.

⚙️ Internal

  • Improved task dependent resolution in the action graph.

v1.30.1

🐞 Fixes

  • Fixed a Git "fatal: bad object" error when submodules are in being used.
  • Fixed an issue where moon ci would trigger a shallow checkout error, even when a base revision is provided.

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

1.30.2

🐞 Fixes

  • Fixed an issue where dependencies/dependents of an affected task would be skipped in the action graph if they were also not affected.
  • Fixed a potential cycle (stack overflow) that may occur in the affected tracker.

⚙️ Internal

  • Improved task dependent resolution in the action graph.

1.30.1

... (truncated)

Commits

Updates @vitest/coverage-v8 from 2.1.4 to 2.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits

Updates vitest from 2.1.4 to 2.1.8

Release notes

Sourced from vitest's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits
  • d69cc75 bump: 2.1.8
  • 92f7a2a fix: support Node 21
  • 81ed45b chore: release v2.1.7
  • fbe5c39 fix: revert support for Vite 6
  • b936702 bump: 2.1.6
  • 32f23b9 chore: release v2.1.5
  • 417bdb4 fix(browser): init browsers eagerly when tests are running (#6876)
  • 93b67c2 fix: throw an error and a warning if .poll, .element, .rejects/`.resolv...
  • 9a0c93d fix(browser): stop the browser rpc when the pool is closed (#6858)
  • 251893b chore: set resolve.mainFields and resolve.conditions for SSR environment ...
  • Additional commits viewable in compare view

Updates @astrojs/starlight from 0.28.5 to 0.30.1

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

@​astrojs/starlight@​0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

       // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader } from "@astrojs/starlight/loaders";
 import { docsSchema } from "@astrojs/starlight/schema";
export const collections = {

docs: defineCollection({ schema: docsSchema() }),


docs: defineCollection({ loader: docsLoader(), schema: docsSchema() }),
};

If you are using the i18n collection to provide translations for additional languages you support or override our default labels, you will need to update the collection definition in a similar way and remove the collection type which is no longer available:

 // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader, i18nLoader } from "@astrojs/starlight/loaders";
 import { docsSchema, i18nSchema } from "@astrojs/starlight/schema";
export const collections = {

docs: defineCollection({ schema: docsSchema() }),

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

       // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader } from "@astrojs/starlight/loaders";
 import { docsSchema } from "@astrojs/starlight/schema";
export const collections = {

docs: defineCollection({ schema: docsSchema() }),


docs: defineCollection({ loader: docsLoader(), schema: docsSchema() }),
};

If you are using the i18n collection to provide translations for additional languages you support or override our default labels, you will need to update the collection definition in a similar way and remove the collection type which is no longer available:

 // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader, i18nLoader } from "@astrojs/starlight/loaders";
 import { docsSchema, i18nSchema } from "@astrojs/starlight/schema";
export const collections = {

... (truncated)

Commits

Updates rollup from 4.24.3 to 4.28.1

Release notes

Sourced from rollup's releases.

v4.28.1

4.28.1

2024-12-06

Bug Fixes

  • Support running Rollup natively on LoongArch (#5749)
  • Add optional debugId to SourceMap types (#5751)

Pull Requests

v4.28.0

4.28.0

2024-11-30

Features

  • Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

v4.27.4

4.27.4

2024-11-23

Bug Fixes

  • Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

v4.27.3

4.27.3

... (truncated)

Changelog

Sourced from rollup's changelog.

4.28.1

2024-12-06

Bug Fixes

  • Support running Rollup natively on LoongArch (#5749)
  • Add optional debugId to SourceMap types (#5751)

Pull Requests

4.28.0

2024-11-30

Features

  • Allow to specify how to handle import attributes when transpiling Rollup config files (#5743)

Pull Requests

4.27.4

2024-11-23

Bug Fixes

  • Update bundled magic-string to support sourcemap debug ids (#5740)

Pull Requests

4.27.3

2024-11-18

Bug Fixes

... (truncated)

Commits

Updates vite from 5.4.10 to 6.0.3

Release notes

Sourced from vite's releases.

v6.0.3

Please refer to CHANGELOG.md for details.

v6.0.2

Please refer to CHANGELOG.md for details.

create-vite@6.0.1

Please refer to CHANGELOG.md for details.

v6.0.1

Please refer to CHANGELOG.md for details.

create-vite@6.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0

Please refer to CHANGELOG.md for details.

v6.0.0-beta.10

Please refer to CHANGELOG.md for details.

v6.0.0-beta.9

Please refer to CHANGELOG.md for details.

v6.0.0-beta.8

Please refer to CHANGELOG.md for details.

v6.0.0-beta.7

Please refer to CHANGELOG.md for details.

v6.0.0-beta.6

Please refer to CHANGELOG.md for details.

v6.0.0-beta.5

Please refer to CHANGELOG.md for details.

v6.0.0-beta.4

Please refer to CHANGELOG.md for details.

v6.0.0-beta.3

Please refer to CHANGELOG.md for details.

v6.0.0-beta.2

Please refer to CHANGELOG.md for details.

v6.0.0-beta.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.3 (2024-12-05)

6.0.2 (2024-12-02)

6.0.1 (2024-11-27)

6.0.0 (2024-11-26)

... (truncated)

Commits
  • 7a0758c release: v6.0.3
  • a1dd396 fix: make handleInvoke interface compatible with invoke (#18876)
  • ea802f8 refactor: fix logic errors found by no-unnecessary-condition rule (#18891)
  • 690a36f fix: remove CSS import in CJS correctly in some cases (#18885)
  • d5fb653 fix: handle postcss load unhandled rejections (#18886)
  • 2b5926a fix(config): bundle files referenced with imports field (#18887)
  • 1b54e50 fix(html): allow unexpected question mark in tag name (#18852)
  • d59efd8 fix(css): rewrite url when image-set and url exist at the same time (#18868)
  • 20fdf21 fix(config): make stacktrace path correct when sourcemap is enabled (#18833)
  • 88e49aa fix(module-runner): decode uri for file url passed to import (#18837)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more f...

Description has been truncated

@dependabot
chore(deps-dev): bump the dev-deps group across 1 directory with 6 up…
f4aac78 
…dates

Bumps the dev-deps group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@moonrepo/cli](https://github.com/moonrepo/moon/tree/HEAD/packages/cli) | `1.29.3` | `1.30.5` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `2.1.4` | `2.1.8` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.4` | `2.1.8` |
| [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.28.5` | `0.30.1` |
| [rollup](https://github.com/rollup/rollup) | `4.24.3` | `4.28.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.10` | `6.0.3` |



Updates `@moonrepo/cli` from 1.29.3 to 1.30.5
- [Release notes](https://github.com/moonrepo/moon/releases)
- [Changelog](https://github.com/moonrepo/moon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moonrepo/moon/commits/@moonrepo/cli@1.30.5/packages/cli)

Updates `@vitest/coverage-v8` from 2.1.4 to 2.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.8/packages/coverage-v8)

Updates `vitest` from 2.1.4 to 2.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.8/packages/vitest)

Updates `@astrojs/starlight` from 0.28.5 to 0.30.1
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.30.1/packages/starlight)

Updates `rollup` from 4.24.3 to 4.28.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.24.3...v4.28.1)

Updates `vite` from 5.4.10 to 6.0.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.3/packages/vite)

---
updated-dependencies:
- dependency-name: "@moonrepo/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: "@vitest/coverage-v8"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: vitest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: "@astrojs/starlight"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: rollup
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 16, 2024
@dependabot dependabot bot mentioned this pull request Dec 16, 2024
Closed
@socket-security
Copy link
Copy Markdown

socket-security bot commented Dec 16, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/starlight@0.30.1 Transitive: environment, filesystem, network, shell +235 29.6 MB fredkschott
npm/@moonrepo/cli@1.30.5 environment, filesystem Transitive: shell +1 32.1 kB milesj
npm/@vitest/coverage-v8@2.1.8 Transitive: environment, filesystem, shell +63 10.6 MB vitestbot
npm/rollup@4.28.1 environment, filesystem +1 2.63 MB lukastaegert
npm/vite@6.0.3 environment, eval, filesystem, network, shell, unsafe +5 3.34 MB vitebot
npm/vitest@2.1.8 environment, eval Transitive: filesystem, network, shell, unsafe +39 8.18 MB vitestbot

🚮 Removed packages: npm/@astrojs/starlight@0.28.5, npm/@moonrepo/cli@1.29.3, npm/@vitest/coverage-v8@2.1.4, npm/rollup@4.24.3, npm/vite@5.4.10, npm/vitest@2.1.4

View full report↗︎

@socket-security
Copy link
Copy Markdown

socket-security bot commented Dec 16, 2024

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Possible typosquat attack npm/emoji-regex-xs@1.0.0 ⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/emoji-regex-xs@1.0.0

@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Dec 23, 2024

Superseded by #179.

@dependabot dependabot bot closed this Dec 23, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/dev-deps-c920e9be3e branch December 23, 2024 07:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants