chore(deps): update config-no-service (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	major	v3 -> v4
ava (source)	dependencies	major	4.3.3 -> 5.3.1
docker/build-push-action	action	major	v3.3.1 -> v5.1.0
docker/setup-buildx-action	action	major	v2 -> v3
docker/setup-qemu-action	action	major	v2 -> v3
dotenv-expand	dependencies	major	^8.0.3 -> ^10.0.0
node	final	major	16-alpine -> 21-alpine
node	stage	major	16-alpine -> 21-alpine
node-fetch	dependencies	major	2.7.0 -> 3.3.2

---

Release Notes

actions/checkout (actions/checkout)

v4

Compare Source

• Support fetching without the --progress option
• Update to node20

avajs/ava (ava)

v5.3.1

Compare Source

What's Changed

• Update t.like() to support Symbol keys and ignore non-enumerable properties by @​gibson042 in https://github.com/avajs/ava/pull/3209
• Fix circular selector detection in t.like() by @​novemberborn in https://github.com/avajs/ava/pull/3212

Full Changelog: avajs/ava@v5.3.0...v5.3.1

v5.3.0

Compare Source

What's Changed

• Support arrays in t.like() assertions by @​tommy-mitchell in https://github.com/avajs/ava/pull/3185
• Recognize typical assertion errors (expect and assert) and use their formatting by @​Irvenae in https://github.com/avajs/ava/pull/3187

New Contributors

• @​MartynasZilinskas made their first contribution in https://github.com/avajs/ava/pull/3172
• @​flovogt made their first contribution in https://github.com/avajs/ava/pull/3194
• @​ondreian made their first contribution in https://github.com/avajs/ava/pull/3192
• @​tommy-mitchell made their first contribution in https://github.com/avajs/ava/pull/3185
• @​craigahobbs made their first contribution in https://github.com/avajs/ava/pull/3198
• @​Irvenae made their first contribution in https://github.com/avajs/ava/pull/3187

Full Changelog: avajs/ava@v5.2.0...v5.3.0

v5.2.0

Compare Source

What's Changed

• Infer thrown error from expectations by @​tao-cumplido in https://github.com/avajs/ava/pull/3156

New Contributors

• @​tao-cumplido made their first contribution in https://github.com/avajs/ava/pull/3156

Full Changelog: avajs/ava@v5.1.1...v5.2.0

v5.1.1

Compare Source

What's Changed

• Fix de-registration of shared workers to ensure AVA exits correctly, by @​codetheweb in https://github.com/avajs/ava/pull/3149 & https://github.com/avajs/ava/pull/3151

Full Changelog: avajs/ava@v5.1.0...v5.1.1

v5.1.0

Compare Source

What's Changed

• Output logs for tests that remain pending when AVA exits by @​kevo1ution in https://github.com/avajs/ava/pull/3125
• Check for --config file extensions after they fail to load, allowing custom loaders by @​panva in https://github.com/avajs/ava/pull/3135

New Contributors

• @​kevo1ution made their first contribution in https://github.com/avajs/ava/pull/3125
• @​panva made their first contribution in https://github.com/avajs/ava/pull/3135

Full Changelog: avajs/ava@v5.0.1...v5.1.0

v5.0.1

Compare Source

Despite the major version bump this is a relatively minor release. Node.js 12 is no longer supported. The type definitions are now distributed to be compatible with TypeScript 4.7 or newer.

npm install --save-dev ava

Breaking Changes

• AVA now requires Node.js 14.19, 16.15 or 18. https://github.com/avajs/ava/pull/3043
• Type definition distribution assumes at least TypeScript 4.7. https://github.com/avajs/ava/pull/3041
• We're now exporting types rather than interfaces. https://github.com/avajs/ava/pull/3096

Improvements

• Detect process.exit() called from tests by @​gibson042 in https://github.com/avajs/ava/pull/3080
• Improve test result accessibility by @​gibson042 in https://github.com/avajs/ava/pull/3082
• Parse for line numbers with latest supported ECMA version by @​novemberborn in https://github.com/avajs/ava/pull/3063
• Work around os.cpus() returning an empty array on unsupported platforms by @​catink123 in https://github.com/avajs/ava/pull/3095
• Count timeouts separately from the timed out tests by @​novemberborn in https://github.com/avajs/ava/pull/3099
• Cap idle timeouts to the maximum possible value by @​creestor in https://github.com/avajs/ava/pull/3100

New Contributors

• @​Prinzhorn made their first contribution in https://github.com/avajs/ava/pull/3073
• @​catink123 made their first contribution in https://github.com/avajs/ava/pull/3095
• @​creestor made their first contribution in https://github.com/avajs/ava/pull/3100
• @​DavidVujic made their first contribution in https://github.com/avajs/ava/pull/3109

Full Changelog: avajs/ava@v4.3.3...v5.0.1

v5.0.0

Compare Source

Despite the major version bump this is a relatively minor release. Node.js 12 is no longer supported. The type definitions are now distributed to be compatible with TypeScript 4.7 or newer.

It's available as a pre-release under the next tag for the next few weeks:

npm install --save-dev ava@next

Breaking Changes

• AVA now requires Node.js 14.19, 16.15 or 18. https://github.com/avajs/ava/pull/3043
• Type definition distribution is no longer compatible with TypeScript versions before 4.7. https://github.com/avajs/ava/pull/3041
• We're now exporting types rather than interfaces. https://github.com/avajs/ava/pull/3096

Improvements

• Detect process.exit() called from tests by @​gibson042 in https://github.com/avajs/ava/pull/3080
• Improve test result accessibility by @​gibson042 in https://github.com/avajs/ava/pull/3082
• Parse for line numbers with latest supported ECMA version by @​novemberborn in https://github.com/avajs/ava/pull/3063
• Work around os.cpus() returning an empty array on unsupported platforms by @​catink123 in https://github.com/avajs/ava/pull/3095
• Count timeouts separately from the timed out tests by @​novemberborn in https://github.com/avajs/ava/pull/3099

New Contributors

• @​Prinzhorn made their first contribution in https://github.com/avajs/ava/pull/3073
• @​catink123 made their first contribution in https://github.com/avajs/ava/pull/3095

Full Changelog: avajs/ava@v4.3.3...v5.0.0

docker/build-push-action (docker/build-push-action)

v5.1.0

Compare Source

• Add annotations input by @​crazy-max in https://github.com/docker/build-push-action/pull/992
• Add secret-envs input by @​elias-lundgren in https://github.com/docker/build-push-action/pull/980
• Bump @​babel/traverse from 7.17.3 to 7.23.2 by @​dependabot in https://github.com/docker/build-push-action/pull/991
• Bump @​docker/actions-toolkit from 0.13.0-rc.1 to 0.14.0 in https://github.com/docker/build-push-action/pull/990 https://github.com/docker/build-push-action/pull/1006

Full Changelog: docker/build-push-action@v5.0.0...v5.1.0

v5.0.0

Compare Source

• Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @​crazy-max in https://github.com/docker/build-push-action/pull/954
• Bump @​actions/core from 1.10.0 to 1.10.1 in https://github.com/docker/build-push-action/pull/959

Full Changelog: docker/build-push-action@v4.2.1...v5.0.0

v4.2.1

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• warn if docker config can't be parsed by @​crazy-max in https://github.com/docker/build-push-action/pull/957

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• display proxy configuration by @​crazy-max in https://github.com/docker/build-push-action/pull/872
• chore(deps): Bump @​docker/actions-toolkit from 0.6.0 to 0.8.0 in https://github.com/docker/build-push-action/pull/930
• chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in https://github.com/docker/build-push-action/pull/925
• chore(deps): Bump semver from 6.3.0 to 6.3.1 in https://github.com/docker/build-push-action/pull/902

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

v4.1.1

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Bump @​docker/actions-toolkit from 0.3.0 to 0.5.0 by @​crazy-max in https://github.com/docker/build-push-action/pull/880

Full Changelog: docker/build-push-action@v4.1.0...v4.1.1

v4.1.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Switch to actions-toolkit implementation by @​crazy-max in https://github.com/docker/build-push-action/pull/811 https://github.com/docker/build-push-action/pull/838 https://github.com/docker/build-push-action/pull/855 https://github.com/docker/build-push-action/pull/860 https://github.com/docker/build-push-action/pull/875
• e2e: quay.io by @​crazy-max in https://github.com/docker/build-push-action/pull/799 https://github.com/docker/build-push-action/pull/805
• e2e: local harbor and nexus by @​crazy-max in https://github.com/docker/build-push-action/pull/800
• e2e: add artifactory container registry to test against by @​jedevc in https://github.com/docker/build-push-action/pull/804
• e2e: add distribution tests by @​jedevc in https://github.com/docker/build-push-action/pull/814 https://github.com/docker/build-push-action/pull/815

Full Changelog: docker/build-push-action@v4.0.0...v4.1.0

v4.0.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Enable provenance by default if not set by @​crazy-max in https://github.com/docker/build-push-action/pull/784

Full Changelog: docker/build-push-action@v3.3.1...v4.0.0

docker/setup-buildx-action (docker/setup-buildx-action)

v3

Compare Source

docker/setup-qemu-action (docker/setup-qemu-action)

v3

Compare Source

motdotla/dotenv-expand (dotenv-expand)

v10.0.0

Compare Source

Added

• Support special characters in default expansion (#​74)

v9.0.0

Compare Source

Added

• Proper support for preload and cli args (#​78)

nodejs/node (node)

v21

Moved to doc/changelogs/CHANGELOG_V4.md#4.2.6.

v20

Moved to doc/changelogs/CHANGELOG_V012.md#0.12.14.

v19

Moved to doc/changelogs/CHANGELOG_IOJS.md#1.6.0.

v18

Moved to doc/changelogs/CHANGELOG_IOJS.md#3.1.0.

v17

Moved to doc/changelogs/CHANGELOG_V5.md#5.1.0.

node-fetch/node-fetch (node-fetch)

v3.3.2

Compare Source

Bug Fixes

• Remove the default connection close header. (#​1736) (8b3320d), closes #​1735 #​1473

v3.3.1

Compare Source

Bug Fixes

• release "Allow URL class object as an argument for fetch()" #​1696 (#​1716) (7b86e94)

v3.3.0

Compare Source

Features

• add static Response.json (#​1670) (55a4870)

v3.2.10

Compare Source

Bug Fixes

• ReDoS referrer (#​1611) (2880238)

v3.2.9

Compare Source

Bug Fixes

• Headers: don't forward secure headers on protocol change (#​1599) (e87b093)

v3.2.8

Compare Source

Bug Fixes

• possibly flaky test (#​1523) (11b7033)

v3.2.7

Compare Source

Bug Fixes

• always warn Request.data (#​1550) (4f43c9e)

v3.2.6

Compare Source

Bug Fixes

• undefined reference to response.body when aborted (#​1578) (1c5ed6b)

v3.2.5

Compare Source

Bug Fixes

• use space in accept-encoding values (#​1572) (a92b5d5), closes #​1571

v3.2.4

Compare Source

Bug Fixes

• don't uppercase unknown methods (#​1542) (004b3ac)

v3.2.3

Compare Source

Bug Fixes

• handle bom in text and json (#​1482) (6425e20)

v3.2.2

Compare Source

Bug Fixes

• add missing formdata export to types (#​1518) (a4ea5f9), closes #​1517

v3.2.1

Compare Source

Bug Fixes

• cancel request example import (#​1513) (61b3b5a)

v3.2.0

Compare Source

Features

• export Blob, File and FormData + utilities (#​1463) (81b1378)

v3.1.1

Compare Source

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• core: update fetch-blob by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1371
• docs: Fix typo around sending a file by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1381
• core: (http.request): Cast URL to string before sending it to NodeJS core by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1378
• core: handle errors from the request body stream by @​mdmitry01 in https://github.com/node-fetch/node-fetch/pull/1392
• core: Better handle wrong redirect header in a response by @​tasinet in https://github.com/node-fetch/node-fetch/pull/1387
• core: Don't use buffer to make a blob by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1402
• docs: update readme for TS @​types/node-fetch by @​adamellsworth in https://github.com/node-fetch/node-fetch/pull/1405
• core: Fix logical operator priority to disallow GET/HEAD with non-empty body by @​maxshirshin in https://github.com/node-fetch/node-fetch/pull/1369
• core: Don't use global buffer by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1422
• ci: fix main branch by @​dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1429
• core: use more node: protocol imports by @​dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1428
• core: Warn when using data by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1421
• docs: Create SECURITY.md by @​JamieSlome in https://github.com/node-fetch/node-fetch/pull/1445
• core: don't forward secure headers to 3th party by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1449

New Contributors

• @​mdmitry01 made their first contribution in https://github.com/node-fetch/node-fetch/pull/1392
• @​tasinet made their first contribution in https://github.com/node-fetch/node-fetch/pull/1387
• @​adamellsworth made their first contribution in https://github.com/node-fetch/node-fetch/pull/1405
• @​maxshirshin made their first contribution in https://github.com/node-fetch/node-fetch/pull/1369
• @​JamieSlome made their first contribution in https://github.com/node-fetch/node-fetch/pull/1445

Full Changelog: node-fetch/node-fetch@v3.1.0...v3.1.1

v3.1.0

Compare Source

What's Changed

• fix(Body): Discourage form-data and buffer() by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1212
• fix: Pass url string to http.request by @​serverwentdown in https://github.com/node-fetch/node-fetch/pull/1268
• Fix octocat image link by @​lakuapik in https://github.com/node-fetch/node-fetch/pull/1281
• fix(Body.body): Normalize Body.body into a node:stream by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/924
• docs(Headers): Add default Host request header to README.md file by @​robertoaceves in https://github.com/node-fetch/node-fetch/pull/1316
• Update CHANGELOG.md by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1292
• Add highWaterMark to cloned properties by @​davesidious in https://github.com/node-fetch/node-fetch/pull/1162
• Update README.md to fix HTTPResponseError by @​thedanfernandez in https://github.com/node-fetch/node-fetch/pull/1135
• docs: switch url to URL by @​dhritzkiv in https://github.com/node-fetch/node-fetch/pull/1318
• fix(types): declare buffer() deprecated by @​dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1345
• chore: fix lint by @​dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1348
• refactor: use node: prefix for imports by @​dnalborczyk in https://github.com/node-fetch/node-fetch/pull/1346
• Bump data-uri-to-buffer from 3.0.1 to 4.0.0 by @​dependabot in https://github.com/node-fetch/node-fetch/pull/1319
• Bump mocha from 8.4.0 to 9.1.3 by @​dependabot in https://github.com/node-fetch/node-fetch/pull/1339
• Referrer and Referrer Policy by @​tekwiz in https://github.com/node-fetch/node-fetch/pull/1057
• Add typing for Response.redirect(url, status) by @​c-w in https://github.com/node-fetch/node-fetch/pull/1169
• chore: Correct stuff in README.md by @​Jiralite in https://github.com/node-fetch/node-fetch/pull/1361
• docs: Improve clarity of "Loading and configuring" by @​serverwentdown in https://github.com/node-fetch/node-fetch/pull/1323
• feat(Body): Added support for BodyMixin.formData() and constructing bodies with FormData by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1314
• template: Make PR template more task oriented by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1224
• docs: Update code examples by @​jimmywarting in https://github.com/node-fetch/node-fetch/pull/1365

New Contributors

• @​serverwentdown made their first contribution in https://github.com/node-fetch/node-fetch/pull/1268
• @​lakuapik made their first contribution in https://github.com/node-fetch/node-fetch/pull/1281
• @​robertoaceves made their first contribution in https://github.com/node-fetch/node-fetch/pull/1316
• @​davesidious made their first contribution in https://github.com/node-fetch/node-fetch/pull/1162
• @​thedanfernandez made their first contribution in https://github.com/node-fetch/node-fetch/pull/1135
• @​dhritzkiv made their first contribution in https://github.com/node-fetch/node-fetch/pull/1318
• @​dnalborczyk made their first contribution in https://github.com/node-fetch/node-fetch/pull/1345
• @​dependabot made their first contribution in https://github.com/node-fetch/node-fetch/pull/1319
• @​c-w made their first contribution in https://github.com/node-fetch/node-fetch/pull/1169

Full Changelog: node-fetch/node-fetch@v3.0.0...v3.1.0

v3.0.0

Compare Source

version 3 is going out of a long beta period and switches to stable

One major change is that it's now a ESM only package
See changelog for more information about all the changes.

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

This PR was marked stale due to lack of activity. It will be closed in 7 days.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.