search

balena-io / open-balena

Open source software to manage connected IoT devices at scale
https://balena.io/open
GNU Affero General Public License v3.0
1.03k stars 162 forks source link

Update dependency balena-io/balena-cli to v18.2.19 #275

Closed balena-renovate[bot] closed 18 hours ago

balena-renovate[bot] commented 3 days ago

This PR contains the following updates:

Package Update Change
balena-io/balena-cli patch v18.2.10 -> v18.2.19

Release Notes

balena-io/balena-cli (balena-io/balena-cli) ### [`v18.2.19`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.19) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.18...v18.2.19) [`93e597a`](https://togithub.com/balena-io/balena-cli/commit/93e597a5) (Remove unused package `publish-release`, 2024-07-05) ### [`v18.2.18`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.18) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.17...v18.2.18) #### Update actions/setup-node action to v4 ##### Notable changes
actions/setup-node (actions/setup-node) ##### [`v4`](https://togithub.com/actions/setup-node/compare/v3...v4) [Compare Source](https://togithub.com/actions/setup-node/compare/v3...v4)
##### List of commits [`c30a1dc`](https://togithub.com/balena-io/balena-cli/commit/c30a1dc1) (Update actions/setup-node action to v4, 2024-07-02) ### [`v18.2.17`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.17) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.16...v18.2.17) #### Update dependency etcher-sdk to v9.1.0 ##### Notable changes - patch: etcher-sdk is not yet compatible with node22 \[JOASSART Edwin] - minor: allow passing custom assets to start SB protected CM4 \[Edwin Joassart]
balena-io-modules/etcher-sdk (etcher-sdk) ##### [`v9.1.0`](https://togithub.com/balena-io-modules/etcher-sdk/blob/HEAD/CHANGELOG.md#910---2024-06-13) [Compare Source](https://togithub.com/balena-io-modules/etcher-sdk/compare/v9.0.11...v9.1.0) - patch: etcher-sdk is not yet compatible with node22 \[JOASSART Edwin] - minor: allow passing custom assets to start SB protected CM4 \[Edwin Joassart]
##### List of commits [`2d47eb5`](https://togithub.com/balena-io/balena-cli/commit/2d47eb53) (Update dependency etcher-sdk to v9.1.0, 2024-07-02) ### [`v18.2.16`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.16) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.15...v18.2.16) #### Update dependency etcher-sdk to v9.0.11 ##### Notable changes - patch: use http2 to fix issues with url source \[Edwin Joassart] - patch: remove CI workaround \[Edwin Joassart] - patch: add option to allow listing virtual drive on Mac \[JOASSART Edwin]
balena-io-modules/etcher-sdk (etcher-sdk) ##### [`v9.0.11`](https://togithub.com/balena-io-modules/etcher-sdk/blob/HEAD/CHANGELOG.md#9011---2024-04-26) [Compare Source](https://togithub.com/balena-io-modules/etcher-sdk/compare/v9.0.10...v9.0.11) - patch: use http2 to fix issues with url source \[Edwin Joassart] ##### [`v9.0.10`](https://togithub.com/balena-io-modules/etcher-sdk/blob/HEAD/CHANGELOG.md#9010---2024-04-26) [Compare Source](https://togithub.com/balena-io-modules/etcher-sdk/compare/v9.0.9...v9.0.10) - patch: remove CI workaround \[Edwin Joassart] ##### [`v9.0.9`](https://togithub.com/balena-io-modules/etcher-sdk/blob/HEAD/CHANGELOG.md#909---2024-04-24) [Compare Source](https://togithub.com/balena-io-modules/etcher-sdk/compare/v9.0.8...v9.0.9) - patch: add option to allow listing virtual drive on Mac \[JOASSART Edwin]
##### List of commits [`6b56576`](https://togithub.com/balena-io/balena-cli/commit/6b565762) (Update dependency etcher-sdk to v9.0.11, 2024-07-02) ### [`v18.2.15`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.15) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.14...v18.2.15) #### Update dependency event-stream to v3.3.5 ##### Notable changes
dominictarr/event-stream (event-stream) ##### [`v3.3.5`](https://togithub.com/dominictarr/event-stream/compare/0d9d45744b06ead81976b3400569160b76299a41...918d4a3398166d6f4264f7fc4ec2cc43f731ab0e) [Compare Source](https://togithub.com/dominictarr/event-stream/compare/0d9d45744b06ead81976b3400569160b76299a41...918d4a3398166d6f4264f7fc4ec2cc43f731ab0e)
##### List of commits [`b518067`](https://togithub.com/balena-io/balena-cli/commit/b5180670) (Update dependency event-stream to v3.3.5, 2024-07-02) ### [`v18.2.14`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.14) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.13...v18.2.14) #### Update dependency jsonwebtoken to v9 \[SECURITY] ##### Notable changes - Removed support for Node versions 11 and below. - The verify() function no longer accepts unsigned tokens by default. (\[[`8345030`](https://togithub.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16) - RSA key size must be 2048 bits or greater. (\[[`ecdf6cc`](https://togithub.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6) - Key types must be valid for the signing / verification algorithm - security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529 - security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540 - security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541 - security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539
auth0/node-jsonwebtoken (jsonwebtoken) ##### [`v9.0.0`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#900---2022-12-21) [Compare Source](https://togithub.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0) **Breaking changes: See [Migration from v8 to v9](https://togithub.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)** ##### Breaking changes - Removed support for Node versions 11 and below. - The verify() function no longer accepts unsigned tokens by default. (\[[`8345030`](https://togithub.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16) - RSA key size must be 2048 bits or greater. (\[[`ecdf6cc`](https://togithub.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6) - Key types must be valid for the signing / verification algorithm ##### Security fixes - security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529 - security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540 - security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541 - security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539
##### List of commits [`f05e499`](https://togithub.com/balena-io/balena-cli/commit/f05e4991) (Update dependency jsonwebtoken to v9 \[SECURITY], 2024-07-02) ### [`v18.2.13`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.13) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.12...v18.2.13) [`14e1255`](https://togithub.com/balena-io/balena-cli/commit/14e1255b) (Update dependency [@​types/prettyjson](https://togithub.com/types/prettyjson) to ^0.0.33, 2024-07-02) ### [`v18.2.12`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.12) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.11...v18.2.12) [`7325e8d`](https://togithub.com/balena-io/balena-cli/commit/7325e8d9) (Deduplicate dependencies, 2024-07-01) ### [`v18.2.11`](https://togithub.com/balena-io/balena-cli/releases/tag/v18.2.11) [Compare Source](https://togithub.com/balena-io/balena-cli/compare/v18.2.10...v18.2.11) [`a29bd8d`](https://togithub.com/balena-io/balena-cli/commit/a29bd8d0) (Update dependency [@​types/fast-levenshtein](https://togithub.com/types/fast-levenshtein) to v0.0.4, 2024-06-21)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.