Automattic / vip-cli

The VIP-CLI
https://docs.wpvip.com/vip-cli/
MIT License
58 stars 17 forks source link

build(deps): bump uuid from 10.0.0 to 11.0.2 #2074

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 4 weeks ago

Bumps uuid from 10.0.0 to 11.0.2.

Release notes

Sourced from uuid's releases.

v11.0.2

11.0.2 (2024-10-28)

Bug Fixes

v11.0.1

11.0.1 (2024-10-27)

Bug Fixes

v11.0.0

11.0.0 (2024-10-27)

⚠ BREAKING CHANGES

  • refactor v1 internal state and options logic (#780)
  • refactor v7 internal state and options logic, fixes #764 (#779)
  • Port to TypeScript, closes #762 (#763)
  • update node support matrix (only support node 16-20) (#750)
  • This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022.
  • Remove the minified UMD build from the package.
  • Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015.
  • Although in practice this is currently a noop since the resulting build does not change, the build will no longer transpiles future changes for Node.js 8.x targets, so semantically this is still a breaking change.
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.
  • The default export, which used to be the v4() method but which was already discouraged in v3.x of this library, has been removed.
  • Explicitly note that deep imports of the different uuid version functions are deprecated and no longer encouraged and that ECMAScript module named imports should be used instead. Emit a deprecation warning for people who deep-require the different algorithm variants.
  • Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function.
  • Remove support for generating v3 and v5 UUIDs in Node.js<4.x
  • Convert code base to ECMAScript Modules (ESM) and release CommonJS build for node and ESM build for browser bundlers.

Features

  • add parse/stringify/validate/version/NIL APIs (#479) (0e6c10b)
  • add support for MAX uuid (new in RFC9562) (#714) (0385cd3)
  • add UMD build to npm package (#357) (4e75adf)
  • add various es module and CommonJS examples (b238510)
  • enforce Conventional Commit style commit messages (#282) (0705cd5)
  • ensure that docs are up-to-date in CI (ee5e77d)
  • hybrid CommonJS & ECMAScript modules build (a3f078f)
  • improve performance of v1 string representation (#453) (0ee0b67)
  • improve v4 performance by reusing random number array (#435) (bf4af0d)
  • optimize uuid.v1 by 1.3x uuid.v4 by 4.3x (430%) (#597) (3a033f6)

... (truncated)

Changelog

Sourced from uuid's changelog.

11.0.2 (2024-10-28)

Bug Fixes

11.0.0 (2024-10-26)

⚠ BREAKING CHANGES

  • refactor v1 internal state and options logic (#780)
  • refactor v7 internal state and options logic, fixes #764 (#779)
  • Port to TypeScript, closes #762 (#763)
  • update node support matrix (only support node 16-20) (#750)

Features

Bug Fixes

  • missing v7 expectations in browser spec (#751) (f54a866)
  • refactor v1 internal state and options logic (#780) (031b3d3)
  • refactor v7 internal state and options logic, fixes #764 (#779) (9dbd1cd)
  • remove v4 options default assignment preventing native.randomUUID from being used (#786) (afe6232), closes #763
  • seq_hi shift for byte 6 (#775) (1d532ca)
  • tsconfig module type (#778) (7eff835)
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 4 weeks ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/uuid 11.0.2 :green_circle: 5.8
Details
CheckScoreReason
Maintained:green_circle: 1014 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 3Found 10/30 approved changesets -- score normalized to 3
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 3security policy file detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies:green_circle: 5dependency not pinned by hash detected -- score normalized to 5
Fuzzing:warning: 0project is not fuzzed
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 8SAST tool is not run on all commits -- score normalized to 8
Vulnerabilities:green_circle: 37 existing vulnerabilities detected

Scanned Files

sjinks commented 3 weeks ago

@dependabot rebase

sonarcloud[bot] commented 3 weeks ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud