Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📦 Update subpackage devDependencies #40106

Merged
merged 1 commit into from
Aug 6, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 6, 2024

Mend Renovate

This PR contains the following updates:

Package Update Type Change Package file Age Adoption Passing Confidence
actions/dependency-review-action patch action v4.3.3 -> v4.3.4 .github/workflows/dependency-review.yml age adoption passing confidence
actions/upload-artifact patch action v4.3.4 -> v4.3.6 .github/workflows/scorecard.yml age adoption passing confidence
eslint (source) minor devDependencies 9.6.0 -> 9.8.0 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
github/codeql-action patch action v3.25.11 -> v3.25.15 .github/workflows/scorecard.yml age adoption passing confidence
jasmine (source) minor devDependencies 5.1.0 -> 5.2.0 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
karma (source) patch devDependencies 6.4.3 -> 6.4.4 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
ossf/scorecard-action minor action v2.3.3 -> v2.4.0 .github/workflows/scorecard.yml age adoption passing confidence
rollup (source) minor devDependencies 4.18.1 -> 4.20.0 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
rollup-plugin-json replacement devDependencies 4.0.0 -> 4.0.0 third_party/amp-toolbox-cache-url/package.json
semver patch devDependencies 7.6.2 -> 7.6.3 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
step-security/harden-runner minor action v2.8.1 -> v2.9.1 .github/workflows/update-session-issues.yml age adoption passing confidence

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:

# Check out the PR branch
git checkout -b renovate/subpackage-devdependencies main
git pull https://github.com/ampproject/amphtml.git renovate/subpackage-devdependencies

# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors

# Push the changes to the branch
git push [email protected]:ampproject/amphtml.git renovate/subpackage-devdependencies:renovate/subpackage-devdependencies

This is a special PR that replaces rollup-plugin-json with the community suggested minimal stable replacement version.


Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.3.4

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

actions/upload-artifact (actions/upload-artifact)

v4.3.6

Compare Source

v4.3.5

Compare Source

eslint/eslint (eslint)

v9.8.0

Compare Source

v9.7.0

Compare Source

Features

  • 7bd9839 feat: add support for es2025 duplicate named capturing groups (#​18630) (Yosuke Ota)
  • 1381394 feat: add regex option in no-restricted-imports (#​18622) (Nitin Kumar)

Bug Fixes

  • 14e9f81 fix: destructuring in catch clause in no-unused-vars (#​18636) (Francesco Trotta)

Documentation

  • 9f416db docs: Add Powered by Algolia label to the search. (#​18633) (Amaresh S M)
  • c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#​18649) (Milos Djermanovic)
  • 6e79ac7 docs: loadESLint does not support option cwd (#​18641) (Francesco Trotta)

Chores

github/codeql-action (github/codeql-action)

v3.25.15

Compare Source

v3.25.14

Compare Source

v3.25.13

Compare Source

v3.25.12

Compare Source

jasmine/jasmine-npm (jasmine)

v5.2.0

Compare Source

Please see the release notes.

karma-runner/karma (karma)

v6.4.4

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

rollup/rollup (rollup)

v4.20.0

Compare Source

2024-08-03

Features
  • Allow plugins to specify the original file name when emitting assets (#​5596)
Pull Requests

v4.19.2

Compare Source

2024-08-01

Bug Fixes
  • Avoid "cannot get value of null" error when using optional chaining with namespaces (#​5597)
Pull Requests

v4.19.1

Compare Source

2024-07-27

Bug Fixes
  • Do not remove parantheses when tree-shaking logical expressions (#​5584)
  • Do not ignore side effects in calls left of an optional chaining operator (#​5589)
Pull Requests

v4.19.0

Compare Source

2024-07-20

Features
  • Implement support for decorators (#​5562)
Bug Fixes
  • Improve soucemap generation when tree-shaking logical expressions (#​5581)
Pull Requests
npm/node-semver (semver)

v7.6.3

Compare Source

Bug Fixes
Documentation
step-security/harden-runner (step-security/harden-runner)

v2.9.1

Compare Source

What's Changed

Release v2.9.1 by @​h0x0er and @​varunsh-coder in #​440
This release includes two changes:

  1. Updated markdown displayed in the job summary by the Harden-Runner Action.
  2. Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

  • Enterprise Tier - Telemetry Upload Enhancement:
    For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
  • Harden-Runner Agent Authentication:
    The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
  • README Update:
    A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
  • Dependency Update:
    Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0


Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) August 6, 2024 16:01
@renovate renovate bot merged commit 313ba38 into main Aug 6, 2024
52 checks passed
@renovate renovate bot deleted the renovate/subpackage-devdependencies branch August 6, 2024 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants