search

arcjet / arcjet-docs

Arcjet's documentation.
https://docs.arcjet.com
Creative Commons Attribution 4.0 International
9 stars 2 forks source link

chore(deps): Bump the arcjet-apps-minor group with 16 updates #207

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps the arcjet-apps-minor group with 16 updates:

Package From To
@astrojs/starlight 0.28.4 0.28.6
@expressive-code/plugin-collapsible-sections 0.37.1 0.38.2
@expressive-code/plugin-line-numbers 0.37.1 0.38.2
@faker-js/faker 9.1.0 9.2.0
@hono/node-server 1.13.3 1.13.5
@langchain/community 0.3.11 0.3.12
@nestjs/common 10.4.6 10.4.7
@nestjs/core 10.4.6 10.4.7
@sveltejs/kit 2.7.3 2.7.7
ai 3.4.27 3.4.33
astro 4.16.7 4.16.9
hono 4.6.8 4.6.9
openai 4.68.4 4.71.0
sass 1.80.5 1.80.6
starlight-links-validator 0.12.3 0.13.0
@types/bun 1.1.12 1.1.13

Updates @astrojs/starlight from 0.28.4 to 0.28.6

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.28.6

Patch Changes

  • #2565 236467b Thanks @​HiDeoo! - Fixes an issue with custom UI strings defined in YAML files not being loaded in some contexts.

@​astrojs/starlight@​0.28.5

Patch Changes

  • #2546 bf42300 Thanks @​HiDeoo! - Fixes an issue where i18n content collection related errors, e.g. malformed JSON or YAML, would not be reported.

  • #2548 07673c8 Thanks @​HiDeoo! - Fixes a URL localization edge case. In projects without a root locale configured, slugs without a locale prefix did not fall back to the default locale as expected.

  • #2547 91e1dd7 Thanks @​HiDeoo! - Fixes a Firefox Markdown content rendering issue for text sentences separated by a line break.

  • #2524 1b46783 Thanks @​jsparkdev! - Fixes a broken link to Astro’s Docs in an error message

Changelog

Sourced from @​astrojs/starlight's changelog.

0.28.6

Patch Changes

  • #2565 236467b Thanks @​HiDeoo! - Fixes an issue with custom UI strings defined in YAML files not being loaded in some contexts.

0.28.5

Patch Changes

  • #2546 bf42300 Thanks @​HiDeoo! - Fixes an issue where i18n content collection related errors, e.g. malformed JSON or YAML, would not be reported.

  • #2548 07673c8 Thanks @​HiDeoo! - Fixes a URL localization edge case. In projects without a root locale configured, slugs without a locale prefix did not fall back to the default locale as expected.

  • #2547 91e1dd7 Thanks @​HiDeoo! - Fixes a Firefox Markdown content rendering issue for text sentences separated by a line break.

  • #2524 1b46783 Thanks @​jsparkdev! - Fixes a broken link to Astro’s Docs in an error message

Commits


Updates @expressive-code/plugin-collapsible-sections from 0.37.1 to 0.38.2

Release notes

Sourced from @​expressive-code/plugin-collapsible-sections's releases.

@​expressive-code/plugin-collapsible-sections@​0.38.2

Patch Changes

  • @​expressive-code/core@​0.38.2

@​expressive-code/plugin-collapsible-sections@​0.38.1

Patch Changes

  • 440bb83: Fixes invalid CSS file links when using the Code component together with plugin-collapsible-sections and pnpm. Thank you @​simonporter007 and @​ayZagen for the report!
  • Updated dependencies [440bb83]
    • @​expressive-code/core@​0.38.1

@​expressive-code/plugin-collapsible-sections@​0.38.0

Patch Changes

  • @​expressive-code/core@​0.38.0
Changelog

Sourced from @​expressive-code/plugin-collapsible-sections's changelog.

0.38.2

Patch Changes

  • @​expressive-code/core@​0.38.2

0.38.1

Patch Changes

  • 440bb83: Fixes invalid CSS file links when using the Code component together with plugin-collapsible-sections and pnpm. Thank you @​simonporter007 and @​ayZagen for the report!
  • Updated dependencies [440bb83]
    • @​expressive-code/core@​0.38.1

0.38.0

Patch Changes

  • @​expressive-code/core@​0.38.0
Commits


Updates @expressive-code/plugin-line-numbers from 0.37.1 to 0.38.2

Release notes

Sourced from @​expressive-code/plugin-line-numbers's releases.

@​expressive-code/plugin-line-numbers@​0.38.2

Patch Changes

  • @​expressive-code/core@​0.38.2

@​expressive-code/plugin-line-numbers@​0.38.1

Patch Changes

  • Updated dependencies [440bb83]
    • @​expressive-code/core@​0.38.1

@​expressive-code/plugin-line-numbers@​0.38.0

Patch Changes

  • @​expressive-code/core@​0.38.0
Changelog

Sourced from @​expressive-code/plugin-line-numbers's changelog.

0.38.2

Patch Changes

  • @​expressive-code/core@​0.38.2

0.38.1

Patch Changes

  • Updated dependencies [440bb83]
    • @​expressive-code/core@​0.38.1

0.38.0

Patch Changes

  • @​expressive-code/core@​0.38.0
Commits


Updates @faker-js/faker from 9.1.0 to 9.2.0

Release notes

Sourced from @​faker-js/faker's releases.

v9.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/faker-js/faker/compare/v9.1.0...v9.2.0

Changelog

Sourced from @​faker-js/faker's changelog.

9.2.0 (2024-11-03)

Features

Changed Locales

Commits


Updates @hono/node-server from 1.13.3 to 1.13.5

Release notes

Sourced from @​hono/node-server's releases.

v1.13.5

What's Changed

Full Changelog: https://github.com/honojs/node-server/compare/v1.13.4...v1.13.5

v1.13.4

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/node-server/compare/v1.13.3...v1.13.4

Commits


Updates @langchain/community from 0.3.11 to 0.3.12

Release notes

Sourced from @​langchain/community's releases.

0.2.0@next

What's Changed

... (truncated)

Commits


Updates @nestjs/common from 10.4.6 to 10.4.7

Commits


Updates @nestjs/core from 10.4.6 to 10.4.7

Commits


Updates @sveltejs/kit from 2.7.3 to 2.7.7

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.7.7

Patch Changes

  • fix: update link in JSDoc (#12963)

@​sveltejs/kit@​2.7.6

Patch Changes

  • fix: update broken links in JSDoc (#12960)

@​sveltejs/kit@​2.7.5

Patch Changes

  • fix: warn on invalid cookie name characters (#12806)

  • fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#12907)

@​sveltejs/kit@​2.7.4

Patch Changes

  • fix: ensure element is focused after subsequent clicks of the same hash link (#12866)

  • fix: avoid preload if event default was prevented for touchstart and mousedown events (#12887)

  • fix: avoid reloading behaviour for hash links with data-sveltekit-reload if the hash is on the same page (#12866)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.7.7

Patch Changes

  • fix: update link in JSDoc (#12963)

2.7.6

Patch Changes

  • fix: update broken links in JSDoc (#12960)

2.7.5

Patch Changes

  • fix: warn on invalid cookie name characters (#12806)

  • fix: when using @vitejs/plugin-basic-ssl, set a no-op proxy config to downgrade from HTTP/2 to TLS since undici does not yet enable HTTP/2 by default (#12907)

2.7.4

Patch Changes

  • fix: ensure element is focused after subsequent clicks of the same hash link (#12866)

  • fix: avoid preload if event default was prevented for touchstart and mousedown events (#12887)

  • fix: avoid reloading behaviour for hash links with data-sveltekit-reload if the hash is on the same page (#12866)

Commits


Updates ai from 3.4.27 to 3.4.33

Release notes

Sourced from ai's releases.

ai@3.4.33

Patch Changes

  • ac380e3: fix (provider/anthropic): continuation mode with 3+ steps

ai@3.4.32

Patch Changes

  • 6bb9e51: fix (ai/core): expose response.messages in streamText

ai@3.4.31

Patch Changes

  • Updated dependencies [2dfb93e]
    • @​ai-sdk/react@​0.0.70

ai@3.4.30

Patch Changes

  • Updated dependencies [a85c965]
    • @​ai-sdk/ui-utils@​0.0.50
    • @​ai-sdk/react@​0.0.69
    • @​ai-sdk/solid@​0.0.54
    • @​ai-sdk/svelte@​0.0.57
    • @​ai-sdk/vue@​0.0.59

ai@3.4.29

Patch Changes

  • 54b56f7: feat (ai/core): send tool and tool choice telemetry data

ai@3.4.28

Patch Changes

  • 29f1390: feat (ai/test): add simulateReadableStream helper
Commits


Updates astro from 4.16.7 to 4.16.9

Release notes

Sourced from astro's releases.

astro@4.16.9

Patch Changes

astro@4.16.8

Patch Changes

Changelog

Sourced from astro's changelog.

4.16.9

Patch Changes

4.16.8

Patch Changes

Commits


Updates hono from 4.6.8 to 4.6.9

Release notes

Sourced from hono's releases.

v4.6.9

What's Changed

socket-security[bot] commented 1 week ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/starlight@0.28.6 Transitive: environment, eval, filesystem, network, shell +235 30.9 MB fredkschott
npm/@expressive-code/plugin-collapsible-sections@0.38.2 Transitive: environment, filesystem +54 2.86 MB hippotastic
npm/@expressive-code/plugin-line-numbers@0.38.2 Transitive: environment, filesystem +54 2.84 MB hippotastic
npm/@faker-js/faker@9.2.0 None 0 8.51 MB st-ddt
npm/@hono/node-server@1.13.5 network 0 167 kB yusukebe
npm/@langchain/community@0.3.12 Transitive: environment, eval, filesystem, network, shell +90 49.4 MB jacoblee93
npm/@nestjs/common@10.4.7 None +7 5.4 MB nestjscore
npm/@nestjs/core@10.4.7 environment, unsafe Transitive: filesystem, network, shell +20 6.21 MB nestjscore
npm/@sveltejs/kit@2.7.7 Transitive: environment, eval, filesystem, network, shell, unsafe +74 244 MB conduitry, dominik_g, rich_harris, ...1 more
npm/@types/bun@1.1.13 None +5 4.57 MB types
npm/ai@3.4.33 environment, network Transitive: filesystem, unsafe +62 34.1 MB vercel-release-bot
npm/astro@4.16.9 Transitive: environment, eval, filesystem, network, shell +332 293 MB fredkschott, matthewp, natemoo-re
npm/hono@4.6.9 None 0 1.06 MB yusukebe
npm/openai@4.71.0 Transitive: filesystem, network +23 7.21 MB dschnurr, dschnurr-openai, jeevnayak, ...2 more
npm/sass@1.80.6 Transitive: environment, filesystem, shell +27 12.9 MB hcatlin, nex3, sassbot
npm/starlight-links-validator@0.13.0 None +28 1.13 MB hideoo

🚮 Removed packages: npm/@astrojs/starlight@0.28.4, npm/@expressive-code/plugin-collapsible-sections@0.37.1, npm/@expressive-code/plugin-line-numbers@0.37.1, npm/@faker-js/faker@9.1.0, npm/@hono/node-server@1.13.3, npm/@langchain/community@0.3.11, npm/@nestjs/common@10.4.6, npm/@nestjs/core@10.4.6, npm/@sveltejs/kit@2.7.3, npm/@types/bun@1.1.12, npm/ai@3.4.27, npm/astro@4.16.7, npm/hono@4.6.8, npm/openai@4.68.4, npm/sass@1.80.5, npm/starlight-links-validator@0.12.3

View full report↗︎

socket-security[bot] commented 1 week ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Install scripts npm/@nestjs/core@10.4.7
  • Install script: postinstall
  • Source: opencollective || exit 0
 🚫

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/@nestjs/core@10.4.7
dependabot[bot] commented 1 week ago

Looks like these dependencies are no longer updatable, so this is no longer needed.