search

janbiasi / rollup-plugin-sbom

Create SBOMs in CycloneDX format for your Vite or Rollup projects with ease
MIT License
4 stars 1 forks source link

fix: bump the npm group across 1 directory with 14 updates #76

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the npm group with 14 updates in the / directory:

Package From To
@cyclonedx/cyclonedx-library 6.5.1 6.8.0
normalize-package-data 6.0.0 6.0.1
@commitlint/cli 19.2.2 19.3.0
@types/node 20.12.7 20.12.12
@typescript-eslint/eslint-plugin 6.12.0 7.9.0
@typescript-eslint/parser 6.12.0 7.9.0
@vitest/coverage-v8 1.5.0 1.6.0
ajv 8.12.0 8.13.0
eslint 8.54.0 9.3.0
fast-xml-parser 4.3.6 4.4.0
rollup 4.14.3 4.17.2
semantic-release 23.0.8 23.1.1
vitest 1.5.0 1.6.0
@vitejs/plugin-react 4.2.0 4.2.1

Updates @cyclonedx/cyclonedx-library from 6.5.1 to 6.8.0

Release notes

Sourced from @​cyclonedx/cyclonedx-library's releases.

6.8.0

Added

  • Explicitly export own first-level submodules via package manifest (via #1066)
    When used with bundlers/packers downstream, this might enable better tree shaking due to scoped imports.

Refactor

  • Ease internal tree shaking (via #1066)

#1066: CycloneDX/cyclonedx-javascript-library#1066

What's Changed

Full Changelog: https://github.com/CycloneDX/cyclonedx-javascript-library/compare/v6.7.2...v6.8.0

6.7.2

Changed

  • The provided XML validation capabilities were explicitly hardened (via #1064; concerns #1061)
    This is considered a security measure concerning XML external entity (XXE) injection.

#1061: CycloneDX/cyclonedx-javascript-library#1061 #1064: CycloneDX/cyclonedx-javascript-library#1064

What's Changed

Full Changelog: https://github.com/CycloneDX/cyclonedx-javascript-library/compare/v6.7.1...v6.7.2

6.7.1

Reverted v6.7.0, back to v6.6.1 -- fixes SecurityAdvisory https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7 (Release v6.7.0 got yanked for security reasons, and should not be used. Please upgrade to ^6.7.1)

What's Changed

Full Changelog: https://github.com/CycloneDX/cyclonedx-javascript-library/compare/v6.6.1...v6.7.1

6.6.1

Fixed

  • JSON validator allow arbitrary $schema (#1059 via #1060)

... (truncated)

Changelog

Sourced from @​cyclonedx/cyclonedx-library's changelog.

6.8.0 -- 2024-05-14

  • Added
    • Explicitly export own first-level submodules via package manifest (via #1066)
      When used with bundlers/packers downstream, this might enable better tree shaking due to scoped imports.
  • Refactor
    • Ease internal tree shaking (via #1066)

#1066: CycloneDX/cyclonedx-javascript-library#1066

6.7.2 -- 2024-05-07

  • Changed
    • The provided XML validation capabilities were explicitly hardened (via #1064; concerns #1061)
      This is considered a security measure concerning XML external entity (XXE) injection.

#1061: CycloneDX/cyclonedx-javascript-library#1061 #1064: CycloneDX/cyclonedx-javascript-library#1064

6.7.1 -- 2024-05-07

Reverted v6.7.0, back to v6.6.1
Reason: https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7

6.7.0 -- 2024-05-07

!! THIS VERSION GOT YANKED !!
Reason: https://github.com/CycloneDX/cyclonedx-javascript-library/security/advisories/GHSA-38gf-rh2w-gmj7

  • Changed
    • The provided XML validation capabilities no longer supports external entities (via #1063; concerns #1061)
      This is considered a security measure to prevent XML external entity (XXE) injection.

#1061: CycloneDX/cyclonedx-javascript-library#1061 #1063: CycloneDX/cyclonedx-javascript-library#1063

6.6.1 -- 2024-05-06

  • Fixed
    • JSON validator allow arbitrary $schema (#1059 via #1060)

#1059: CycloneDX/cyclonedx-javascript-library#1059 #1060: CycloneDX/cyclonedx-javascript-library#1060

6.6.0 -- 2024-04-26

  • Changed
    • Serializers and License-Normalizers will take license acknowledgement into account (#1051 via #1052)
  • Added
    • Namespace Enums

... (truncated)

Commits


Updates normalize-package-data from 6.0.0 to 6.0.1

Release notes

Sourced from normalize-package-data's releases.

v6.0.1

6.0.1 (2024-05-04)

Bug Fixes

Documentation

Chores

Changelog

Sourced from normalize-package-data's changelog.

6.0.1 (2024-05-04)

Bug Fixes

Documentation

Chores

Commits
  • 335a295 chore: release 6.0.1 (#219)
  • 27688b4 fix(linting): no-unused-vars
  • 02de832 chore: postinstall for dependabot template-oss PR
  • 3c74f51 chore: bump @​npmcli/template-oss to 4.22.0
  • c367107 chore: postinstall for dependabot template-oss PR
  • f6b1f8c chore: bump @​npmcli/template-oss from 4.21.3 to 4.21.4
  • c5b90cd docs(readme): fix broken badge URL (#214)
  • d3bfe73 chore: postinstall for dependabot template-oss PR
  • a80c4a4 chore: bump @​npmcli/template-oss from 4.21.1 to 4.21.3
  • 5c121d5 chore: postinstall for dependabot template-oss PR
  • Additional commits viewable in compare view


Updates @commitlint/cli from 19.2.2 to 19.3.0

Release notes

Sourced from @​commitlint/cli's releases.

v19.3.0

19.3.0 (2024-04-23)

Features

Chore

New Contributors

Full Changelog: https://github.com/conventional-changelog/commitlint/compare/v19.2.2...v19.3.0

Changelog

Sourced from @​commitlint/cli's changelog.

19.3.0 (2024-04-23)

Note: Version bump only for package @​commitlint/cli

Commits


Updates @types/node from 20.12.7 to 20.12.12

Commits


Updates @typescript-eslint/eslint-plugin from 6.12.0 to 7.9.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v7.9.0

7.9.0 (2024-05-13)

🚀 Features

  • rule-tester: check for missing placeholder data in the message (#9039)

🩹 Fixes

  • do not pass tsconfig canonical file name to typescript API to get program details for config file (#9042)
  • eslint-plugin: [explicit-function-return-types] fix false positive on default parameters (#9045)

❤️ Thank You

  • Kirk Waiblinger
  • Sheetal Nandi
  • Vinccool96

You can read about our versioning strategy and releases on our website.

v7.8.0

7.8.0 (2024-04-29)

🚀 Features

  • rule-tester: assert suggestion messages are unique (#8995)
  • typescript-estree: add maximumDefaultProjectFileMatchCount and wide allowDefaultProjectForFiles glob restrictions (#8925)

🩹 Fixes

  • eslint-plugin: [no-unsafe-argument] handle tagged templates (#8746)
  • eslint-plugin: [prefer-optional-chain] suggests optional chaining during strict null equality check (#8717)
  • eslint-plugin: [consistent-type-assertions] handle tagged templates (#8993)
  • eslint-plugin: [no-unsafe-return] handle union types (#9001)
  • eslint-plugin: [no-unused-vars] clear error report range (#8640)
  • utils: export ESLint backwards-compat functions (#8976)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v7.7.1

... (truncated)

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

7.9.0 (2024-05-13)

🩹 Fixes

  • eslint-plugin: [explicit-function-return-types] fix false positive on default parameters

❤️ Thank You

  • Kirk Waiblinger
  • Sheetal Nandi
  • Vinccool96

You can read about our versioning strategy and releases on our website.

7.8.0 (2024-04-29)

🩹 Fixes

  • eslint-plugin: [no-unsafe-argument] handle tagged templates

  • eslint-plugin: [prefer-optional-chain] suggests optional chaining during strict null equality check

  • eslint-plugin: [consistent-type-assertions] handle tagged templates

  • eslint-plugin: [no-unsafe-return] handle union types

  • eslint-plugin: [no-unused-vars] clear error report range

❤️ Thank You

  • auvred
  • Josh Goldberg ✨
  • jsfm01
  • Kim Sang Du
  • YeonJuan

You can read about our versioning strategy and releases on our website.

7.7.1 (2024-04-22)

🩹 Fixes

  • eslint-plugin: [no-unsafe-assignment] handle shorthand property assignment

  • eslint-plugin: [explicit-function-return-type] fix checking wrong ancestor's return type

... (truncated)

Commits
  • 77fc366 chore(release): publish 7.9.0
  • f53fece chore: add knip (#8192)
  • 8acb8d4 fix(eslint-plugin): [explicit-function-return-types] fix false positive on de...
  • d696ea2 docs(eslint-plugin): fix several 404 URLs (#9064)
  • 37a41d9 docs: fix broken link to import/no-duplicates on no-duplicate-imports pag...
  • ab92621 docs: correct its/it's spelling (#9048)
  • f248e68 docs: [no-floating-promises] remove ugly commas (#9034)
  • 6e1241b docs: fix no-unnecessary-boolean-literal-compare example (#8981)
  • ee677f6 chore(release): publish 7.8.0
  • 8127873 fix(eslint-plugin): [no-unused-vars] clear error report range (#8640)
  • Additional commits viewable in compare view


Updates @typescript-eslint/parser from 6.12.0 to 7.9.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v7.9.0

7.9.0 (2024-05-13)

🚀 Features

  • rule-tester: check for missing placeholder data in the message (#9039)

🩹 Fixes

  • do not pass tsconfig canonical file name to typescript API to get program details for config file (#9042)
  • eslint-plugin: [explicit-function-return-types] fix false positive on default parameters (#9045)

❤️ Thank You

  • Kirk Waiblinger
  • Sheetal Nandi
  • Vinccool96

You can read about our versioning strategy and releases on our website.

v7.8.0

7.8.0 (2024-04-29)

🚀 Features

  • rule-tester: assert suggestion messages are unique (#8995)
  • typescript-estree: add maximumDefaultProjectFileMatchCount and wide allowDefaultProjectForFiles glob restrictions (#8925)

🩹 Fixes

  • eslint-plugin: [no-unsafe-argument] handle tagged templates (#8746)
  • eslint-plugin: [prefer-optional-chain] suggests optional chaining during strict null equality check (#8717)
  • eslint-plugin: [consistent-type-assertions] handle tagged templates (#8993)
  • eslint-plugin: [no-unsafe-return] handle union types (#9001)
  • eslint-plugin: [no-unused-vars] clear error report range (#8640)
  • utils: export ESLint backwards-compat functions (#8976)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

v7.7.1

... (truncated)

Changelog

Sourced from @​typescript-eslint/parser's changelog.

7.9.0 (2024-05-13)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

7.8.0 (2024-04-29)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

7.7.1 (2024-04-22)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

7.7.0 (2024-04-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

7.6.0 (2024-04-08)

🚀 Features

  • bump npm dependency ranges

❤️ Thank You

  • Abraham Guo
  • auvred
  • Brad Zacher

You can read about our versioning strategy and releases on our website.

7.5.0 (2024-04-01)

🩹 Fixes

  • parser: disallow errorOnTypeScriptSyntacticAndSemanticIssues

❤️ Thank You

... (truncated)

Commits


Updates @vitest/coverage-v8 from 1.5.0 to 1.6.0

Release notes

Sourced from @​vitest/coverage-v8's releases.

v1.6.0

   🚀 Features

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub

v1.5.3

   🐞 Bug Fixes

    View changes on GitHub

v1.5.2

   🐞 Bug Fixes

    View changes on GitHub

v1.5.1

   🚀 Features

... (truncated)

Commits
  • 6b29f3d chore: release v1.6.0
  • c9883f3 fix(coverage): apply vite-node's wrapper only to executed files (#5642)
  • a52964b chore: release v1.5.3
  • 81f57f4 chore: release v1.5.2
  • 1be4510 chore: release v1.5.1
  • 80265b4 fix(coverage): thresholds to compare files relative to root (#5574)
  • ea3c16e fix(coverage): prevent crash when cleanOnRerun is disabled (#5540)
  • See full diff in compare view


Updates ajv from 8.12.0 to 8.13.0

Release notes

Sourced from ajv's releases.

v8.13.0

  • add named exports
  • update dependencies
  • update node.js
Commits


Updates eslint from 8.54.0 to 9.3.0

Release notes

Sourced from eslint's releases.

v9.3.0

Features

  • b32153c feat: add overrides.namedExports to func-style rule (#18444) (Percy Ma)
  • b67eba4 feat: add restrictedNamedExportsPattern to no-restricted-exports (#18431) (Akul Srivastava)
  • 069aa68 feat: add option allowEscape to no-misleading-character-class rule (#18208) (Francesco Trotta)
  • 05ef92d feat: deprecate multiline-comment-style & line-comment-position (#18435) (唯然)
  • db0b174 feat: add enforceForInnerExpressions option to no-extra-boolean-cast (#18222) (Kirk Waiblinger)

Bug Fixes

  • 8db0eff fix: Improve config error messages (#18457) (Nicholas C. Zakas)
  • 5c28d9a fix: don't remove comments between key and value in object-shorthand (#18442) (Kuba Jastrzębski)
  • 39fb0ee fix: object-shorthand loses type parameters when auto-fixing (#18438) (dalaoshu)
  • 37eba48 fix: don't crash when fs.readFile returns promise from another realm (#18416) (Milos Djermanovic)

Documentation

  • ceada8c docs: explain how to use "tsc waiting" label (#18466) (Francesco Trotta)
  • 62e686c docs: Add troubleshooting info for plugin compatibility (#18451) (Nicholas C. Zakas)
  • e17e1c0 docs: Update README (GitHub Actions Bot)
  • 2465a1e docs: Update README (GitHub Actions Bot)
  • d23574c docs: Clarify usage of no-unreachable with TypeScript (#18445) (benj-dobs)
  • 1db9bae docs: Fix typos (#18443) (Frieder Bluemle)
  • 7065196 docs: Update README (GitHub Actions Bot)
  • 04e7c6e docs: update deprecation notice of no-return-await (#18433) (Tanuj Kanti)
  • e763512 docs: Link global ignores section in config object property list (#18430) (MaoShizhong)
  • ac7f718 docs: reflect release of v9 in config migration guide (#18412) (Peter Briggs)
  • 0de0909 docs: fix grammar in configuration file resolution (#18419) (Mike McCready)

Chores

  • 58e2719 chore: update dependencies for v9.3.0 release (#18469) (Francesco Trotta)
  • b681ecb chore: package.json update for @​eslint/js release (Jenkins)
  • 06f1d1c chore: update dependency @​humanwhocodes/retry to ^0.3.0 (#18463) (renovate[bot])
  • a63ed72 refactor: Use node: protocol for built-in Node.js modules (#18434) (Milos Djermanovic)
  • 040700a chore: update dependency markdownlint-cli to ^0.40.0 (#18425) (renovate[bot])
  • f47847c chore: update actions/stale action to v9 (#18426) (renovate[bot])
  • c18ad25 chore: update actions/upload-artifact action to v4 (#18427) (renovate[bot])
  • 27e3060 chore: Disable documentation label (#18423) (Nicholas C. Zakas)

v9.2.0

Features

  • 8485d76 feat: no-case-declarations add suggestions (#18388) (Josh Goldberg ✨)
  • a498f35 feat: update Unicode letter detection in capitalized-comments rule (#18375) (Francesco Trotta)

Bug Fixes

  • eeec413 fix: do not throw when defining a global named defineSetter (#18364) (唯然)

Documentation

  • 0f5df50 docs: Update README (GitHub Actions Bot)
  • 1579ce0 docs: update wording regarding indirect eval (#18394) (Kirk Waiblinger)
  • f12a02c docs: update to eslint v9 in custom-rule-tutorial (#18383) (唯然)

... (truncated)

Changelog

Sourced from eslint's changelog.

v9.3.0 - May 17, 2024

  • 58e2719 chore: update dependencies for v9.3.0 release (#18469) (Francesco Trotta)
  • b681ecb chore: package.json update for @​eslint/js release (Jenkins)
  • 8db0eff fix: Improve config error messages (#18457) (Nicholas C. Zakas)
  • ceada8c docs: explain how to use "tsc waiting" label (#18466) (Francesco Trotta)
  • b32153c feat: add overrides.namedExports to func-style rule (#18444) (Percy Ma)
  • 06f1d1c chore: update dependency @​humanwhocodes/retry to ^0.3.0 (
    dependabot[bot] commented 1 month ago

    Looks like these dependencies are updatable in another way, so this is no longer needed.