Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #127

Merged
merged 1 commit into from
Aug 22, 2024
Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 22, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
esbuild ^0.23.0 -> ^0.23.1 age adoption passing confidence
hono (source) ^4.5.5 -> ^4.5.8 age adoption passing confidence
pnpm (source) 9.7.0 -> 9.8.0 age adoption passing confidence

Release Notes

evanw/esbuild (esbuild)

v0.23.1

Compare Source

  • Allow using the node: import prefix with es* targets (#​3821)

    The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

    // Original code
    import fs from 'node:fs'
    fs.open
    
    // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
    import fs from "fs";
    fs.open;
    
    // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
    import fs from "node:fs";
    fs.open;
  • Fix a panic when using the CLI with invalid build flags if --analyze is present (#​3834)

    Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

  • Fix incorrect location of certain error messages (#​3845)

    This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

  • Print comments before case clauses in switch statements (#​3838)

    With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

  • Fix a memory leak with pluginData (#​3825)

    With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

honojs/hono (hono)

v4.5.8

Compare Source

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: GHSA-rpfr-3m35-5vx5

v4.5.7

Compare Source

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.5.6...v4.5.7

v4.5.6

Compare Source

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.5.5...v4.5.6

pnpm/pnpm (pnpm)

v9.8.0

Compare Source

v9.7.1

Compare Source


Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

codecov bot commented Aug 22, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.08%. Comparing base (13c522e) to head (698492e).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #127   +/-   ##
=======================================
  Coverage   99.08%   99.08%           
=======================================
  Files           9        9           
  Lines         327      327           
  Branches       99       99           
=======================================
  Hits          324      324           
  Misses          3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 2cff9b1 to 92d382d Compare August 22, 2024 14:35
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 92d382d to 698492e Compare August 22, 2024 21:23
@pi0 pi0 merged commit 1e3474b into main Aug 22, 2024
4 checks passed
@pi0 pi0 deleted the renovate/all-minor-patch branch August 22, 2024 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant