Update dependency balena-io/balena-cli to v18.2.33 #375
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![balena-renovate[bot]](https://avatars.githubusercontent.com/u/56742327?s=60&v=4){kind=small}
Update balena-io/balena-cli from 18.2.2 to 18.2.33 Change-type: patch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v18.2.2->v18.2.33Release Notes
balena-io/balena-cli (balena-io/balena-cli)
v18.2.33Compare Source
v18.2.32Compare Source
v18.2.31Compare Source
a39a772(Deduplicate dependencies, 2024-07-15)efa0d67(deploy: Use the sdk's pine instance with balena-compose, 2024-07-15)232b967(Update balena-sdk to 19.7.3, 2024-07-13)v18.2.30Compare Source
4e101e2(Omit unicode control character escapes from test logs, 2024-07-13)9f9fd97(Deduplicate dependencies, 2024-07-13)v18.2.29Compare Source
3c64e13(Update balena-preload from 15.0.5 to 15.0.6, 2024-07-11)v18.2.28Compare Source
79fcd95(Downgrade pinejs-client-request to 7.4.2 to unblock the sdk update, 2024-07-12)33199ac(Update balena-sdk to 19.7.2, 2024-07-12)v18.2.27Compare Source
1702f8b(Update balena-sdk to 19.5.5, 2024-07-12)v18.2.26Compare Source
1bc0f74(Drop unused dependencies, 2024-07-11)f65215e(Move dependencies that should be dev only as devDependencies, 2024-07-11)v18.2.25Compare Source
b1073ca(Fix complete generation intermitency, 2024-07-10)e659e35(Bump oclif to v4, 2024-07-10)v18.2.24Compare Source
19a60bb(Update mocha from 8.4.0 to 10.6.0, 2024-07-10)d1a6f75(Override inline-source-cli with non-vulnerable dependency, 2024-07-10)v18.2.23Compare Source
7273656(Replace resin-discoverable-services with bonjour-service, 2024-07-09)v18.2.22Compare Source
1749937(Remove unused dependency minimatch, 2024-07-10)v18.2.21Compare Source
6c89ba4(Bump resin-discoverable-services from 2.0.4 to 2.0.5, 2024-07-09)v18.2.20Compare Source
b6d1afa(Audit fix dependencies, 2024-07-05)v18.2.19Compare Source
93e597a(Remove unused packagepublish-release, 2024-07-05)v18.2.18Compare Source
Update actions/setup-node action to v4
Notable changes
actions/setup-node (actions/setup-node)
v4Compare Source
List of commits
c30a1dc(Update actions/setup-node action to v4, 2024-07-02)v18.2.17Compare Source
Update dependency etcher-sdk to v9.1.0
Notable changes
balena-io-modules/etcher-sdk (etcher-sdk)
v9.1.0Compare Source
List of commits
2d47eb5(Update dependency etcher-sdk to v9.1.0, 2024-07-02)v18.2.16Compare Source
Update dependency etcher-sdk to v9.0.11
Notable changes
balena-io-modules/etcher-sdk (etcher-sdk)
v9.0.11Compare Source
v9.0.10Compare Source
v9.0.9Compare Source
List of commits
6b56576(Update dependency etcher-sdk to v9.0.11, 2024-07-02)v18.2.15Compare Source
Update dependency event-stream to v3.3.5
Notable changes
dominictarr/event-stream (event-stream)
v3.3.5Compare Source
List of commits
b518067(Update dependency event-stream to v3.3.5, 2024-07-02)v18.2.14Compare Source
Update dependency jsonwebtoken to v9 [SECURITY]
Notable changes
8345030]auth0/node-jsonwebtoken@8345030)ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)Arbitrary File Write via verify function- CVE-2022-23529Insecure default algorithm in jwt.verify() could lead to signature validation bypass- CVE-2022-23540Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC- CVE-2022-23541Unrestricted key type could lead to legacy keys usage- CVE-2022-23539auth0/node-jsonwebtoken (jsonwebtoken)
v9.0.0Compare Source
Breaking changes: See Migration from v8 to v9
Breaking changes
8345030]auth0/node-jsonwebtoken@8345030)ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)Security fixes
Arbitrary File Write via verify function- CVE-2022-23529Insecure default algorithm in jwt.verify() could lead to signature validation bypass- CVE-2022-23540Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC- CVE-2022-23541Unrestricted key type could lead to legacy keys usage- CVE-2022-23539List of commits
f05e499(Update dependency jsonwebtoken to v9 [SECURITY], 2024-07-02)v18.2.13Compare Source
14e1255(Update dependency @types/prettyjson to ^0.0.33, 2024-07-02)v18.2.12Compare Source
7325e8d(Deduplicate dependencies, 2024-07-01)v18.2.11Compare Source
a29bd8d(Update dependency @types/fast-levenshtein to v0.0.4, 2024-06-21)v18.2.10Compare Source
Update actions/download-artifact action to v4.1.7
Notable changes
@actions/artifactdependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324@actions/coreto v1.10.1 and@actions/artifactto v2.1.5@actions/artifactsto latest versionactions/download-artifact (actions/download-artifact)
v4.1.7Compare Source
What's Changed
Full Changelog: actions/download-artifact@v4.1.6...v4.1.7
v4.1.6Compare Source
What's Changed
@actions/artifactdependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324Full Changelog: actions/download-artifact@v4.1.5...v4.1.6
v4.1.5Compare Source
What's Changed
@actions/coreto v1.10.1 and@actions/artifactto v2.1.5Full Changelog: actions/download-artifact@v4.1.4...v4.1.5
v4.1.4Compare Source
What's Changed
Full Changelog: actions/download-artifact@v4...v4.1.4
v4.1.3Compare Source
What's Changed
New Contributors
Full Changelog: actions/download-artifact@v4...v4.1.3
v4.1.2Compare Source
v4.1.1Compare Source
@actions/artifactsto latest versionList of commits
15c0c32(Update actions/download-artifact action to v4.1.7, 2024-06-21)v18.2.9Compare Source
7322020(Update actions/setup-python digest to65d7f2d, 2024-06-21)v18.2.8Compare Source
2cd455f(Update actions/upload-artifact digest to6546280, 2024-06-21)v18.2.7Compare Source
f502878(Pin dependencies, 2024-06-21)v18.2.6Compare Source
75d2d7d(Update @oclif/core from 3.26.9 to 3.27.0, 2024-06-21)v18.2.5Compare Source
5a3f0ea(Limit @oclif/core to ~3.26 so that npm dedupe doesn't auto-bump it, 2024-06-21)e1cd300(Deduplicate dependencies, 2024-06-21)7959e23(Update TypeScript to 5.5.2, 2024-06-21)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.