search

guardian / security-hq

Centralised security information for AWS accounts
https://security-hq.gutools.co.uk/
12 stars 4 forks source link

chore(deps): Bump the all group in /cdk with 7 updates #1158

Closed dependabot[bot] closed 1 day ago

dependabot[bot] commented 1 day ago

Bumps the all group in /cdk with 7 updates:

Package From To
@guardian/cdk 59.5.0 59.5.2
@types/jest 29.5.12 29.5.13
@types/node 22.5.1 22.5.5
@typescript-eslint/eslint-plugin 8.3.0 8.6.0
eslint 8.57.0 9.10.0
eslint-plugin-import 2.29.1 2.30.0
typescript 5.5.4 5.6.2

Updates @guardian/cdk from 59.5.0 to 59.5.2

Release notes

Sourced from @​guardian/cdk's releases.

v59.5.2

Patch Changes

  • 1110a11: fix(experimental-ec2-pattern): Create Policy first

    When deploying Prism with the GuEc2AppExperimental for the first time, the deployment failed with the cloud-init-output logs stating:

    An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action

    This suggests the instance update was started before the policy was created.

    Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.

  • 5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability

v59.5.1

Patch Changes

  • fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout

    If we consider the health check grace period to be the time it takes the "normal" user data to run, the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.

    A buffer of 1 minute is somewhat arbitrarily chosen. Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck. Too low a value, then we risk flaky deploys.

Changelog

Sourced from @​guardian/cdk's changelog.

59.5.2

Patch Changes

  • 1110a11: fix(experimental-ec2-pattern): Create Policy first

    When deploying Prism with the GuEc2AppExperimental for the first time, the deployment failed with the cloud-init-output logs stating:

    An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action

    This suggests the instance update was started before the policy was created.

    Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.

  • 5add16c: feat(experimental-ec2-pattern): Tag launch template to improve observability

59.5.1

Patch Changes

  • fed2598: fix(experimental-ec2-pattern): Add buffer to rolling update timeout

    If we consider the health check grace period to be the time it takes the "normal" user data to run, the rolling update should be configured to be a little longer to cover the additional time spent polling the target group.

    A buffer of 1 minute is somewhat arbitrarily chosen. Too high a value, then we increase the time it takes to automatically rollback from a failing healthcheck. Too low a value, then we risk flaky deploys.

Commits
  • 71af94b Merge pull request #2466 from guardian/changeset-release/main
  • 8bdea84 Bump package version
  • e9f9862 Merge pull request #2465 from guardian/aa/build-identifier
  • 311607c Merge pull request #2464 from guardian/aa/depends-on
  • 5add16c chore: Add changeset
  • 17a00be feat(experimental-ec2-pattern): Add buildIdentifier prop
  • 1110a11 chore: Add changeset
  • 21015c2 fix(experimental-ec2-pattern): Create Policy first
  • 70de4fb Merge pull request #2463 from guardian/changeset-release/main
  • 5eee278 Bump package version
  • Additional commits viewable in compare view


Updates @types/jest from 29.5.12 to 29.5.13

Commits


Updates @types/node from 22.5.1 to 22.5.5

Commits


Updates @typescript-eslint/eslint-plugin from 8.3.0 to 8.6.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.6.0

8.6.0 (2024-09-16)

🚀 Features

  • add allow option for restrict-template-expressions (#8556)
  • eslint-plugin: [no-unnecessary-condition] check switch cases (#9912)
  • eslint-plugin: [no-misused-promises] check array predicate return (#9955)
  • type-utils: isNullableType add Void logic (#9937)
  • typescript-estree: disable plugin loading by default in project service (#9964)

🩹 Fixes

  • eslint-plugin: [no-deprecated] don't report recursive types in destructuring assignment twice (#9969)
  • eslint-plugin: [no-deprecated] report on deprecated variables used in destructuring assignment (#9978)
  • eslint-plugin: [no-deprecated] report on deprecated properties with function-like types (#9977)
  • eslint-plugin: [no-unnecessary-condition] properly reflect multiple negations in message (#9940)
  • typescript-estree: don't throw on missing tsconfig.json by default in project service (#9989)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v8.5.0

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary | undefined for optional parameters (#9479)
  • eslint-plugin: [no-unsafe-argument] differentiate error types (#9920)
  • typescript-estree: default projectService.defaultProject to 'tsconfig.json' (#9893)

🩹 Fixes

  • deps: update dependency prism-react-renderer to v2.4.0 (#9943)
  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer (#9898)
  • eslint-plugin: [no-misused-promises] handle static method (#9951)
  • eslint-plugin: [no-unnecessary-type-parameters] fix AST quick path scope analysis (#9900)
  • eslint-plugin: [consistent-type-assertions] access parser services lazily (#9921)

❤️ Thank You

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.6.0 (2024-09-16)

🚀 Features

  • add allow option for restrict-template-expressions

  • type-utils: isNullableType add Void logic

  • eslint-plugin: [no-unnecessary-condition] check switch cases

  • eslint-plugin: [no-misused-promises] check array predicate return

🩹 Fixes

  • eslint-plugin: [no-deprecated] don't report recursive types in destructuring assignment twice

  • eslint-plugin: [no-deprecated] report on deprecated variables used in destructuring assignment

  • eslint-plugin: [no-deprecated] report on deprecated properties with function-like types

  • eslint-plugin: [no-unnecessary-condition] properly reflect multiple negations in message

❤️ Thank You

  • Abraham Guo
  • auvred
  • Josh Goldberg ✨
  • Kim Sang Du
  • YeonJuan

You can read about our versioning strategy and releases on our website.

8.5.0 (2024-09-09)

🚀 Features

  • eslint-plugin: [no-duplicate-type-constituents] prevent unnecessary `

  • eslint-plugin: [no-unsafe-argument] differentiate error types

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-assertion] fix TSNonNullExpression fixer

  • eslint-plugin: [no-misused-promises] handle static method

... (truncated)

Commits
  • 343710e chore(release): publish 8.6.0
  • 454d37e feat(eslint-plugin): [no-misused-promises] check array predicate return (#9955)
  • af92611 feat: add allow option for restrict-template-expressions (#8556)
  • 2a809e2 test(eslint-plugin): [no-unnecessary-type-parameters] add tests with intrinsi...
  • 682299e feat(eslint-plugin): [no-unnecessary-condition] check switch cases (#9912)
  • 77e65df fix(eslint-plugin): [no-unnecessary-condition] properly reflect multiple nega...
  • c11ca06 chore(eslint-plugin): make utility for static member access (#9836)
  • 2a956b2 fix(eslint-plugin): [no-deprecated] report on deprecated properties with func...
  • 9a80067 fix(eslint-plugin): [no-deprecated] report on deprecated variables used in de...
  • 3710c9c feat(type-utils): isNullableType add Void logic (#9937)
  • Additional commits viewable in compare view


Updates eslint from 8.57.0 to 9.10.0

Release notes

Sourced from eslint's releases.

v9.10.0

Features

  • 301b90d feat: Add types (#18854) (Nicholas C. Zakas)
  • bcf0df5 feat: limit namespace import identifier in id-length rule (#18849) (ChaedongIm)
  • 45c18e1 feat: add requireFlag option to require-unicode-regexp rule (#18836) (Brett Zamir)
  • 183b459 feat: add error message for duplicate flags in no-invalid-regexp (#18837) (Tanuj Kanti)
  • c69b406 feat: report duplicate allowed flags in no-invalid-regexp (#18754) (Tanuj Kanti)

Documentation

  • bee0e7a docs: update README (#18865) (Milos Djermanovic)
  • 5d80b59 docs: specify that ruleId can be null in custom formatter docs (#18857) (Milos Djermanovic)
  • 156b1c3 docs: Update README (GitHub Actions Bot)
  • f6fdef9 docs: Update README (GitHub Actions Bot)
  • a20c870 docs: Update README (GitHub Actions Bot)
  • 90e699b docs: Update README (GitHub Actions Bot)

Chores

  • 24c3ff7 chore: upgrade to @​eslint/js@​9.10.0 (#18866) (Francesco Trotta)
  • 1ebdde1 chore: package.json update for @​eslint/js release (Jenkins)
  • e8fc5bd chore: update dependency @​eslint/core to ^0.5.0 (#18848) (renovate[bot])
  • 343f992 refactor: don't use node.value when removing unused directives (#18835) (Milos Djermanovic)
  • 3db18b0 refactor: Extract FileContext into class (#18831) (Nicholas C. Zakas)
  • 931d650 refactor: Use @​eslint/plugin-kit (#18822) (Nicholas C. Zakas)
  • ed5cf0c chore: update dependency @​eslint/json to ^0.4.0 (#18829) (Milos Djermanovic)
  • d1f0831 chore: added missing ids (#18817) (Strek)
  • ec92813 refactor: Config class (#18763) (Nicholas C. Zakas)

v9.9.1

Bug Fixes

  • 9bde90c fix: add logic to handle fixTypes in lintText() (#18736) (Amaresh S M)

Documentation

  • 4840930 docs: Update README with version support and clean up content (#18804) (Nicholas C. Zakas)
  • f61f40d docs: Update globals examples (#18805) (Nicholas C. Zakas)
  • 241fcea docs: Use and define languages (#18795) (Nicholas C. Zakas)
  • 5dbdd63 docs: eslint-plugin-markdown -> @​eslint/markdown (#18797) (Nicholas C. Zakas)
  • c6c8ddd docs: update links to eslint-visitor-keys repo (#18796) (Francesco Trotta)
  • f981d05 docs: Update README (GitHub Actions Bot)
  • b516974 docs: update links to eslint/js repo (#18781) (Francesco Trotta)
  • fb7a3f5 docs: update note for package managers (#18779) (Jay)

Chores

  • b0c34d0 chore: upgrade to @​eslint/js@​9.9.1 (#18809) (Francesco Trotta)
  • cd5a0da chore: package.json update for @​eslint/js release (Jenkins)
  • e112642 refactor: Extract parsing logic from Linter (#18790) (Nicholas C. Zakas)
  • 0f68a85 chore: use eslint-plugin-yml on yaml files only (#18801) (Milos Djermanovic)
  • f8d1b3c chore: update dependencies for browser tests (#18794) (Christian Bromann)
  • aed2624 chore: update dependency @​eslint/config-array to ^0.18.0 (#18788) (renovate[bot])
  • 5c29128 chore: update dependency @​eslint/core to ^0.4.0 (#18789) (renovate[bot])
  • 5d66fb2 chore: migrate linting workflow to use trunk check meta-linter (#18643) (Chris Clearwater)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.10.0 - September 6, 2024

  • 24c3ff7 chore: upgrade to @​eslint/js@​9.10.0 (#18866) (Francesco Trotta)
  • 1ebdde1 chore: package.json update for @​eslint/js release (Jenkins)
  • 301b90d feat: Add types (#18854) (Nicholas C. Zakas)
  • bee0e7a docs: update README (#18865) (Milos Djermanovic)
  • bcf0df5 feat: limit namespace import identifier in id-length rule (#18849) (ChaedongIm)
  • 45c18e1 feat: add requireFlag option to require-unicode-regexp rule (#18836) (Brett Zamir)
  • 5d80b59 docs: specify that ruleId can be null in custom formatter docs (#18857) (Milos Djermanovic)
  • 156b1c3 docs: Update README (GitHub Actions Bot)
  • e8fc5bd chore: update dependency @​eslint/core to ^0.5.0 (#18848) (renovate[bot])
  • 343f992 refactor: don't use node.value when removing unused directives (#18835) (Milos Djermanovic)
  • 183b459 feat: add error message for duplicate flags in no-invalid-regexp (#18837) (Tanuj Kanti)
  • f6fdef9 docs: Update README (GitHub Actions Bot)
  • c69b406 feat: report duplicate allowed flags in no-invalid-regexp (#18754) (Tanuj Kanti)
  • a20c870 docs: Update README (GitHub Actions Bot)
  • 90e699b docs: Update README (GitHub Actions Bot)
  • 3db18b0 refactor: Extract FileContext into class (#18831) (Nicholas C. Zakas)
  • 931d650 refactor: Use @​eslint/plugin-kit (#18822) (Nicholas C. Zakas)
  • ed5cf0c chore: update dependency @​eslint/json to ^0.4.0 (#18829) (Milos Djermanovic)
  • d1f0831 chore: added missing ids (#18817) (Strek)
  • ec92813 refactor: Config class (#18763) (Nicholas C. Zakas)

v9.9.1 - August 23, 2024

  • b0c34d0 chore: upgrade to @​eslint/js@​9.9.1 (#18809) (Francesco Trotta)
  • cd5a0da chore: package.json update for @​eslint/js release (Jenkins)
  • 4840930 docs: Update README with version support and clean up content (#18804) (Nicholas C. Zakas)
  • f61f40d docs: Update globals examples (#18805) (Nicholas C. Zakas)
  • e112642 refactor: Extract parsing logic from Linter (#18790) (Nicholas C. Zakas)
  • 241fcea docs: Use and define languages (#18795) (Nicholas C. Zakas)
  • 0f68a85 chore: use eslint-plugin-yml on yaml files only (#18801) (Milos Djermanovic)
  • 5dbdd63 docs: eslint-plugin-markdown -> @​eslint/markdown (#18797) (Nicholas C. Zakas)
  • c6c8ddd docs: update links to eslint-visitor-keys repo (#18796) (Francesco Trotta)
  • f8d1b3c chore: update dependencies for browser tests (#18794) (Christian Bromann)
  • aed2624 chore: update dependency @​eslint/config-array to ^0.18.0 (#18788) (renovate[bot])
  • 5c29128 chore: update dependency @​eslint/core to ^0.4.0 (#18789) (renovate[bot])
  • 5d66fb2 chore: migrate linting workflow to use trunk check meta-linter (#18643) (Chris Clearwater)
  • f981d05 docs: Update README (GitHub Actions Bot)
  • b516974 docs: update links to eslint/js repo (#18781) (Francesco Trotta)
  • fb7a3f5 docs: update note for package managers (#18779) (Jay)
  • bf96855 chore: add ids to github issue templates (#18775) (Strek)
  • 9bde90c fix: add logic to handle fixTypes in lintText() (#18736) (Amaresh S M)

v9.9.0 - August 9, 2024

  • 461b2c3 chore: upgrade to @eslint/js@9.9.0 (#18765) (Francesco Trotta)
  • 59dba1b chore: package.json update for @​eslint/js release (Jenkins)
  • fea8563 chore: update dependency @​eslint/core to ^0.3.0 (#18724) (renovate[bot])
  • 41d0206 feat: Add support for TS config files (#18134) (Arya Emami)

... (truncated)

Commits


Updates eslint-plugin-import from 2.29.1 to 2.30.0

Release notes

Sourced from eslint-plugin-import's releases.

v2.30.0

Added

Fixed

Changed

  • [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks [@​mulztob])
  • [no-unused-modules]: add console message to help debug #2866
  • [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks [@​soryy708])
  • [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks [@​soryy708])
  • [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks [@​minervabot])
  • [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks [@​joeyguerra])
  • [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
  • [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks [@​soryy708])
  • [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks [@​soryy708])
  • [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks [@​liby])
  • [readme] Clarify how to install the plugin (#2993, thanks [@​jwbth])

... (truncated)

Changelog

Sourced from eslint-plugin-import's changelog.

[2.30.0] - 2024-09-02

Added

  • [dynamic-import-chunkname]: add allowEmpty option to allow empty leading comments (#2942, thanks [@​JiangWeixian])
  • [dynamic-import-chunkname]: Allow empty chunk name when webpackMode: 'eager' is set; add suggestions to remove name in eager mode (#3004, thanks [@​amsardesai])
  • [no-unused-modules]: Add ignoreUnusedTypeExports option (#3011, thanks [@​silverwind])
  • add support for Flat Config (#3018, thanks [@​michaelfaith])

Fixed

Changed

  • [Docs] no-extraneous-dependencies: Make glob pattern description more explicit (#2944, thanks [@​mulztob])
  • [no-unused-modules]: add console message to help debug #2866
  • [Refactor] ExportMap: make procedures static instead of monkeypatching exportmap (#2982, thanks [@​soryy708])
  • [Refactor] ExportMap: separate ExportMap instance from its builder logic (#2985, thanks [@​soryy708])
  • [Docs] order: Add a quick note on how unbound imports and --fix (#2640, thanks [@​minervabot])
  • [Tests] appveyor -> GHA (run tests on Windows in both pwsh and WSL + Ubuntu) (#2987, thanks [@​joeyguerra])
  • [actions] migrate OSX tests to GHA ([ljharb#37], thanks [@​aks-])
  • [Refactor] exportMapBuilder: avoid hoisting (#2989, thanks [@​soryy708])
  • [Refactor] ExportMap: extract "builder" logic to separate files (#2991, thanks [@​soryy708])
  • [Docs] [order]: update the description of the pathGroupsExcludedImportTypes option (#3036, thanks [@​liby])
  • [readme] Clarify how to install the plugin (#2993, thanks [@​jwbth])
Commits
  • 18787d3 Bump to 2.30.0
  • 9902298 [Deps] update eslint-module-utils
  • 9d194a6 [utils] v2.9.0
  • 0a58d75 [resolvers/webpack] v0.13.9
  • a3015eb [Test] namespace: ensure valid case is actually included
  • 8bdb32b [Test] add explicit marker for trailing whitespace in cases
  • 038c26c [readme] Clarify how to install the plugin
  • 32a2b89 [Fix] order: do not compare first path segment for relative paths (#2682)
  • ee1ea02 [Fix] newline-after-import: fix considerComments option when require
  • 806e3c2 [New] add support for Flat Config
  • Additional commits viewable in compare view


Updates typescript from 5.5.4 to 5.6.2

Release notes

Sourced from typescript's releases.

TypeScript 5.6

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.6 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.6 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

Commits
  • a7e3374 Bump version to 5.6.2 and LKG
  • 2063357 🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...
  • 4fe7e41 🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...
  • 1a03e53 🤖 Pick PR #59761 (this can be nullish) into release-5.6 (#59762)
  • 6212132 Update LKG
  • bbb5faf 🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...
  • e6914a5 Bump version to 5.6.1-rc and LKG
  • 34121c4 Update LKG
  • 2a30c2a Merge remote-tracking branch 'origin/main' into release-5.6
  • 936a79b Expose TypeChecker. getAwaitedType to public (#59268)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 1 day ago

Deploy build 2947 of security-hq to CODE

All deployment options - [Deploy build 2947 of `security-hq` to CODE](https://riffraff.gutools.co.uk/deployment/deployAgain?project=security-hq&build=2947&stage=CODE&updateStrategy=MostlyHarmless&action=deploy) - [Deploy parts of build 2947 to CODE by previewing it first](https://riffraff.gutools.co.uk/preview/yaml?project=security-hq&build=2947&stage=CODE&updateStrategy=MostlyHarmless) - [What's on CODE right now?](https://riffraff.gutools.co.uk/deployment/history?projectName=security-hq&stage=CODE)

From guardian/actions-riff-raff.