NodeSecure / cli

JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
MIT License
367 stars 39 forks source link

chore(deps-dev): bump the development-dependencies group across 1 directory with 4 updates #393

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 5 months ago

Bumps the development-dependencies group with 4 updates in the / directory: @myunisoft/httpie, c8, esbuild and eslint.

Updates @myunisoft/httpie from 4.0.1 to 5.0.0

Release notes

Sourced from @​myunisoft/httpie's releases.

v5.0.0

What's Changed

Full Changelog: https://github.com/MyUnisoft/httpie/compare/v4.0.1...v5.0.0

Commits
  • d740ce6 5.0.0
  • c186cb1 Merge pull request #250 from MyUnisoft/dependabot/github_actions/github-actio...
  • 3ff7861 chore(deps): bump the github-actions group across 1 directory with 5 updates
  • 8c94713 Merge pull request #248 from MyUnisoft/fix-create-headers
  • 272a29e fix: use API with valide SSL certificate
  • b1bec6b ci: drop support for Node.js 18
  • 7bf8cd7 fix: update @​openally/result to v1.2.1
  • 71f5a4f fix(createHeaders): custom headers overwrite default header
  • 254b32b refactor: Result error type (#243)
  • See full diff in compare view


Updates c8 from 9.1.0 to 10.1.2

Release notes

Sourced from c8's releases.

v10.1.2

10.1.2 (2024-06-13)

Bug Fixes

  • deps: make monocart-coverage-reports an optional with meta defined (3b91fda)

v10.1.1

10.1.1 (2024-06-11)

Bug Fixes

  • stop installing monocart-coverage-reports (#535) (13979a7)

v10.1.0

10.1.0 (2024-06-11)

Features

v10.0.0

10.0.0 (2024-06-10)

⚠ BREAKING CHANGES

  • deps: Node 18 is now the minimum supported Node.js version

Bug Fixes

  • deps: update test-exclude with new glob / minimatch (#531) (e33cf30)
Changelog

Sourced from c8's changelog.

10.1.2 (2024-06-13)

Bug Fixes

  • deps: make monocart-coverage-reports an optional with meta defined (3b91fda)

10.1.1 (2024-06-11)

Bug Fixes

  • stop installing monocart-coverage-reports (#535) (13979a7)

10.1.0 (2024-06-11)

Features

10.0.0 (2024-06-10)

⚠ BREAKING CHANGES

  • deps: Node 18 is now the minimum supported Node.js version

Bug Fixes

  • deps: update test-exclude with new glob / minimatch (#531) (e33cf30)
Commits
  • ff146b4 chore(main): release 10.1.2 (#538)
  • 3b91fda fix(deps): make monocart-coverage-reports an optional with meta defined
  • e3560e1 chore(main): release 10.1.1 (#536)
  • 13979a7 fix: stop installing monocart-coverage-reports (#535)
  • 15ac690 chore(main): release 10.1.0 (#533)
  • 96e869f build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#534)
  • 2e5e297 feat: add experimental monocart reports (#521)
  • dc38051 chore(main): release 10.0.0 (#532)
  • e33cf30 fix(deps)!: update test-exclude with new glob / minimatch (#531)
  • 1eeeaeb doc(CONTRIBUTING): remove dead link, update broken link (#526)
  • Additional commits viewable in compare view


Updates esbuild from 0.20.2 to 0.22.0

Release notes

Sourced from esbuild's releases.

v0.22.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.21.0 or ~0.21.0. See npm's documentation about semver for more information.

  • Omit packages from bundles by default when targeting node (#1874, #2830, #2846, #2915, #3145, #3294, #3323, #3582, #3809, #3815)

    This breaking change is an experiment. People are commonly confused when using esbuild to bundle code for node (i.e. for --platform=node) because some packages may not be intended for bundlers, and may use node-specific features that don't work with a bundler. Even though esbuild's "getting started" instructions say to use --packages=external to work around this problem, many people don't read the documentation and don't do this, and are then confused when it doesn't work. So arguably this is a bad default behavior for esbuild to have if people keep tripping over this.

    With this release, esbuild will now omit packages from the bundle by default when the platform is node (i.e. the previous behavior of --packages=external is now the default in this case). Note that your dependencies must now be present on the file system when your bundle is run. If you don't want this behavior, you can do --packages=bundle to allow packages to be included in the bundle (i.e. the previous default behavior). Note that --packages=bundle doesn't mean all packages are bundled, just that packages are allowed to be bundled. You can still exclude individual packages from the bundle using --external: even when --packages=bundle is present.

    The --packages= setting considers all import paths that "look like" package imports in the original source code to be package imports. Specifically import paths that don't start with a path segment of / or . or .. are considered to be package imports. The only two exceptions to this rule are subpath imports (which start with a # character) and TypeScript path remappings via paths and/or baseUrl in tsconfig.json (which are applied first).

  • Drop support for older platforms (#3802)

    This release drops support for the following operating systems:

    • Windows 7
    • Windows 8
    • Windows Server 2008
    • Windows Server 2012

    This is because the Go programming language dropped support for these operating system versions in Go 1.21, and this release updates esbuild from Go 1.20 to Go 1.22.

    Note that this only affects the binary esbuild executables that are published to the esbuild npm package. It's still possible to compile esbuild's source code for these older operating systems. If you need to, you can compile esbuild for yourself using an older version of the Go compiler (before Go version 1.21). That might look something like this:

    git clone https://github.com/evanw/esbuild.git
    cd esbuild
    go build ./cmd/esbuild
    ./esbuild.exe --version
    

    In addition, this release increases the minimum required node version for esbuild's JavaScript API from node 12 to node 18. Node 18 is the oldest version of node that is still being supported (see node's release schedule for more information). This increase is because of an incompatibility between the JavaScript that the Go compiler generates for the esbuild-wasm package and versions of node before node 17.4 (specifically the crypto.getRandomValues function).

  • Update await using behavior to match TypeScript

    TypeScript 5.5 subtly changes the way await using behaves. This release updates esbuild to match these changes in TypeScript. You can read more about these changes in microsoft/TypeScript#58624.

  • Allow es2024 as a target environment

    The ECMAScript 2024 specification was just approved, so it has been added to esbuild as a possible compilation target. You can read more about the features that it adds here: https://2ality.com/2024/06/ecmascript-2024.html. The only addition that's relevant for esbuild is the regular expression /v flag. With --target=es2024, regular expressions that use the /v flag will now be passed through untransformed instead of being transformed into a call to new RegExp.

  • Publish binaries for OpenBSD on 64-bit ARM (#3665, #3674)

    With this release, you should now be able to install the esbuild npm package in OpenBSD on 64-bit ARM, such as on an Apple device with an M1 chip.

    This was contributed by @​ikmckenz.

  • Publish binaries for WASI (WebAssembly System Interface) preview 1 (#3300, #3779)

    The upcoming WASI (WebAssembly System Interface) standard is going to be a way to run WebAssembly outside of a JavaScript host environment. In this scenario you only need a .wasm file without any supporting JavaScript code. Instead of JavaScript providing the APIs for the host environment, the WASI standard specifies a "system interface" that WebAssembly code can access directly (e.g. for file system access).

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.22.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.21.0 or ~0.21.0. See npm's documentation about semver for more information.

  • Omit packages from bundles by default when targeting node (#1874, #2830, #2846, #2915, #3145, #3294, #3323, #3582, #3809, #3815)

    This breaking change is an experiment. People are commonly confused when using esbuild to bundle code for node (i.e. for --platform=node) because some packages may not be intended for bundlers, and may use node-specific features that don't work with a bundler. Even though esbuild's "getting started" instructions say to use --packages=external to work around this problem, many people don't read the documentation and don't do this, and are then confused when it doesn't work. So arguably this is a bad default behavior for esbuild to have if people keep tripping over this.

    With this release, esbuild will now omit packages from the bundle by default when the platform is node (i.e. the previous behavior of --packages=external is now the default in this case). Note that your dependencies must now be present on the file system when your bundle is run. If you don't want this behavior, you can do --packages=bundle to allow packages to be included in the bundle (i.e. the previous default behavior). Note that --packages=bundle doesn't mean all packages are bundled, just that packages are allowed to be bundled. You can still exclude individual packages from the bundle using --external: even when --packages=bundle is present.

    The --packages= setting considers all import paths that "look like" package imports in the original source code to be package imports. Specifically import paths that don't start with a path segment of / or . or .. are considered to be package imports. The only two exceptions to this rule are subpath imports (which start with a # character) and TypeScript path remappings via paths and/or baseUrl in tsconfig.json (which are applied first).

  • Drop support for older platforms (#3802)

    This release drops support for the following operating systems:

    • Windows 7
    • Windows 8
    • Windows Server 2008
    • Windows Server 2012

    This is because the Go programming language dropped support for these operating system versions in Go 1.21, and this release updates esbuild from Go 1.20 to Go 1.22.

    Note that this only affects the binary esbuild executables that are published to the esbuild npm package. It's still possible to compile esbuild's source code for these older operating systems. If you need to, you can compile esbuild for yourself using an older version of the Go compiler (before Go version 1.21). That might look something like this:

    git clone https://github.com/evanw/esbuild.git
    cd esbuild
    go build ./cmd/esbuild
    ./esbuild.exe --version
    

    In addition, this release increases the minimum required node version for esbuild's JavaScript API from node 12 to node 18. Node 18 is the oldest version of node that is still being supported (see node's release schedule for more information). This increase is because of an incompatibility between the JavaScript that the Go compiler generates for the esbuild-wasm package and versions of node before node 17.4 (specifically the crypto.getRandomValues function).

  • Update await using behavior to match TypeScript

    TypeScript 5.5 subtly changes the way await using behaves. This release updates esbuild to match these changes in TypeScript. You can read more about these changes in microsoft/TypeScript#58624.

  • Allow es2024 as a target environment

    The ECMAScript 2024 specification was just approved, so it has been added to esbuild as a possible compilation target. You can read more about the features that it adds here: https://2ality.com/2024/06/ecmascript-2024.html. The only addition that's relevant for esbuild is the regular expression /v flag. With --target=es2024, regular expressions that use the /v flag will now be passed through untransformed instead of being transformed into a call to new RegExp.

  • Publish binaries for OpenBSD on 64-bit ARM (#3665, #3674)

    With this release, you should now be able to install the esbuild npm package in OpenBSD on 64-bit ARM, such as on an Apple device with an M1 chip.

    This was contributed by @​ikmckenz.

  • Publish binaries for WASI (WebAssembly System Interface) preview 1 (#3300, #3779)

... (truncated)

Commits


Updates eslint from 8.57.0 to 9.6.0

Release notes

Sourced from eslint's releases.

v9.6.0

Features

  • e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
  • 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)

Bug Fixes

  • 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
  • 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
  • d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
  • f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)

Documentation

  • 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
  • 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
  • 44915bb docs: Update README (GitHub Actions Bot)
  • d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

Chores

  • b15ee30 chore: upgrade @​eslint/js@​9.6.0 (#18632) (Milos Djermanovic)
  • d655503 chore: package.json update for @​eslint/js release (Jenkins)
  • 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
  • 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
  • d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
  • 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
  • 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
  • c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
  • 3379164 chore: remove .eslintrc.js (#18011) (唯然)
  • d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)

v9.5.0

Features

  • b2d256c feat: no-sparse-arrays report on "comma" instead of the whole array (#18579) (fisker Cheung)

Bug Fixes

  • 6880286 fix: treat * as a universal pattern (#18586) (Milos Djermanovic)
  • 7fbe211 fix: message template for all files ignored (#18564) (Milos Djermanovic)
  • 469cb36 fix: Don't lint the same file multiple times (#18552) (Milos Djermanovic)
  • 5cff638 fix: improve message for ignored files without a matching config (#18404) (Francesco Trotta)

Documentation

  • 455f7fd docs: add section about including .gitignore files (#18590) (Milos Djermanovic)
  • 721eafe docs: update info about universal files patterns (#18587) (Francesco Trotta)
  • 8127127 docs: Update README (GitHub Actions Bot)
  • 55c2a66 docs: Update README (GitHub Actions Bot)
  • eb76282 docs: Update README (GitHub Actions Bot)
  • ff6e96e docs: baseConfig and overrideConfig can be arrays (#18571) (Milos Djermanovic)
  • d2d83e0 docs: Add mention of eslint-transforms to v9 migration guide (#18566) (Nicholas C. Zakas)
  • 9ce6832 docs: add callout box for unintuitive behavior (#18567) (Ben McCann)
  • b8db99c docs: Add VS Code info to config migration guide (#18555) (Nicholas C. Zakas)
  • 518a35c docs: Mention config migrator (#18561) (Nicholas C. Zakas)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.6.0 - June 28, 2024

  • b15ee30 chore: upgrade @​eslint/js@​9.6.0 (#18632) (Milos Djermanovic)
  • d655503 chore: package.json update for @​eslint/js release (Jenkins)
  • 1613e2e fix: Allow escaping characters in config patterns on Windows (#18628) (Milos Djermanovic)
  • 13dbecd docs: Limit search to just docs (#18627) (Nicholas C. Zakas)
  • 7c78ad9 refactor: Use language.visitorKeys and check for non-JS SourceCode (#18625) (Nicholas C. Zakas)
  • e2b16e2 feat: Implement feature flags (#18516) (Nicholas C. Zakas)
  • 69ff64e refactor: Return value of applyInlineConfig() (#18623) (Nicholas C. Zakas)
  • 375227f docs: Update getting-started.md - add pnpm to init eslint config (#18599) (Kostiantyn Ochenash)
  • 44915bb docs: Update README (GitHub Actions Bot)
  • d2d06f7 refactor: use / separator when adjusting ignorePatterns on Windows (#18613) (Milos Djermanovic)
  • 21d3766 fix: no-unused-vars include caught errors pattern in report message (#18609) (Kirk Waiblinger)
  • 6421973 refactor: fix disable directives for languages with 0-based lines (#18605) (Milos Djermanovic)
  • d7a7736 fix: improve no-unused-vars message on unused caught errors (#18608) (Kirk Waiblinger)
  • 0a13539 refactor: Allow optional methods for languages (#18604) (Nicholas C. Zakas)
  • f9e95d2 fix: correct locations of invalid /* eslint */ comments (#18593) (Milos Djermanovic)
  • 8824aa1 feat: add ecmaVersion: 2025, parsing duplicate named capturing groups (#18596) (Milos Djermanovic)
  • c7ddee0 chore: make internal-rules not being a package (#18601) (Milos Djermanovic)
  • 3379164 chore: remove .eslintrc.js (#18011) (唯然)
  • d0c3a32 chore: update knip (with webdriver-io plugin) (#18594) (Lars Kappert)
  • d50db7b docs: Update vscode-eslint info (#18595) (Nicholas C. Zakas)

v9.5.0 - June 14, 2024

  • f588160 chore: upgrade @​eslint/js@​9.5.0 (#18591) (Milos Djermanovic)
  • 5890841 chore: package.json update for @​eslint/js release (Jenkins)
  • 455f7fd docs: add section about including .gitignore files (#18590) (Milos Djermanovic)
  • e9f4ccd chore: remove unused eslint-disable directive (#18589) (Milos Djermanovic)
  • 721eafe docs: update info about universal files patterns (#18587) (Francesco Trotta)
  • 4b23ffd refactor: Move JS parsing logic into JS language (#18448) (Nicholas C. Zakas)
  • 6880286 fix: treat * as a universal pattern (#18586) (Milos Djermanovic)
  • 8127127 docs: Update README (GitHub Actions Bot)
  • b2d256c feat: no-sparse-arrays report on "comma" instead of the whole array (#18579) (fisker Cheung)
  • 1495b93 chore: update WebdriverIO packages (#18558) (Christian Bromann)
  • cea7ede chore: add website donate link instead of opencollective (#18582) (Strek)
  • 55c2a66 docs: Update README (GitHub Actions Bot)
  • eb76282 docs: Update README (GitHub Actions Bot)
  • ff6e96e docs: baseConfig and overrideConfig can be arrays (#18571) (Milos Djermanovic)
  • 7fbe211 fix: message template for all files ignored (#18564) (Milos Djermanovic)
  • ec94880 chore: package.json update for eslint-config-eslint release (Jenkins)
  • d2d83e0 docs: Add mention of eslint-transforms to v9 migration guide (#18566) (Nicholas C. Zakas)
  • 6912586 chore: extract formatting rules into separate config (#18560) (Milos Djermanovic)
  • 9ce6832 docs: add callout box for unintuitive behavior (#18567) (Ben McCann)
  • b8db99c docs: Add VS Code info to config migration guide (#18555) (Nicholas C. Zakas)
  • 518a35c docs: Mention config migrator (#18561) (Nicholas C. Zakas)
  • 469cb36 fix: Don't lint the same file multiple times (#18552) (Milos Djermanovic)
  • 9738f7e ci: fix CLI flags for c8, raise thresholds (#18554) (Francesco Trotta)
  • eb440fc docs: specifying files with arbitrary or no extension (#18539) (Francesco Trotta)
  • 38c159e docs: Provide example of reading package.json for plugins meta (#18530) (Nicholas C. Zakas)

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 5 months ago

Looks like these dependencies are no longer updatable, so this is no longer needed.