search

MattiLehtinen / postgrator-cli

PostgreSQL, MySQL and MS SQL database schema migration tool using plain SQL and JS files
MIT License
41 stars 16 forks source link

chore(deps): bump lilconfig from 3.0.0 to 3.1.1 #196

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps lilconfig from 3.0.0 to 3.1.1.

Release notes

Sourced from lilconfig's releases.

v3.1.1 Security release

  1. Fix security vulnerability by migrating from typescript to javascript with TSDoc comments. See #48
  2. Use tabs instead of spaces

Due to how typescript compilation works I had to use eval() to have a dynamic import in project compiled to commonjs in v3.1.0. Eval call introduced a security vulnerability as it was pointed out to me by kind people from Secfault Security. As there is currently no way to make typescript output dynamic import with a commonjs target I migrated the source code to be in javascript. This means that the code in this repository is the code that gets published to npm. The package still includes first party typescript types in index.d.ts file that gets published as well. The runtime code now uses TSDoc annotations to maintain type safety.

v3.1.0 Support ESM config files (async api only)

Lilconfig now supports loading ESM configuration files.

ESM configs can be searched or loaded via async API only.

ESM syntax can be valid in either

  • .js and .mjs files in projects with "type": "module" in package.json
  • .mjs files in projects that use commonjs

Thanks for pushing this feature @​marekdedic

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
coveralls commented 8 months ago

Pull Request Test Coverage Report for Build 8121578838

Details

Totals Coverage Status
Change from base Build 8121536449: 0.08%
Covered Lines: 527
Relevant Lines: 559
💛 - Coveralls
coveralls commented 8 months ago

Pull Request Test Coverage Report for Build 8117347498

Details

Totals Coverage Status
Change from base Build 7749878016: 0.0%
Covered Lines: 530
Relevant Lines: 562
💛 - Coveralls