search

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
https://astro-shield.kindspells.dev
MIT License
57 stars 6 forks source link

chore(deps-dev): bump the dev-deps group across 1 directory with 7 updates #150

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 1 month ago

Bumps the dev-deps group with 7 updates in the / directory:

Package From To
@biomejs/biome 1.9.3 1.9.4
@moonrepo/cli 1.28.3 1.29.2
@vitest/coverage-v8 2.1.2 2.1.3
vitest 2.1.2 2.1.3
@astrojs/starlight 0.28.2 0.28.3
@astrojs/ts-plugin 1.10.2 1.10.3
vite 5.4.8 5.4.9

Updates @biomejs/biome from 1.9.3 to 1.9.4

Release notes

Sourced from @​biomejs/biome's releases.

CLI v1.9.4

Analyzer

Bug fixes

  • Improved the message for unused suppression comments. Contributed by @​dyc3

  • Fix #4228, where the rule a11y/noInteractiveElementToNoninteractiveRole incorrectly reports a role for non-interactive elements. Contributed by @​eryue0220

  • noSuspiciousSemicolonInJsx now catches suspicious semicolons in React fragments. Contributed by @​vasucp1207

CLI

Enhancements

  • The --summary reporter now reports parsing diagnostics too. Contributed by @​ematipico

  • Improved performance of GritQL queries by roughly 25-30%. Contributed by @​arendjr

Configuration

Bug fixes

  • Fix an issue where the JSON schema marked lint rules options as mandatory. Contributed by @​ematipico

Formatter

Bug fixes

  • Fix #4121. Respect line width when printing multiline strings. Contributed by @​ah-yu

Linter

New features

Bug Fixes

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

v1.9.4 (2024-10-17)

Analyzer

Bug fixes

CLI

Enhancements

  • The --summary reporter now reports parsing diagnostics too. Contributed by @​ematipico

  • Improved performance of GritQL queries by roughly 25-30%. Contributed by @​arendjr

Configuration

Bug fixes

  • Fix an issue where the JSON schema marked lint rules options as mandatory. Contributed by @​ematipico

Editors

Formatter

Bug fixes

  • Fix #4121. Respect line width when printing multiline strings. Contributed by @​ah-yu

JavaScript APIs

Linter

New features

... (truncated)

Commits


Updates @moonrepo/cli from 1.28.3 to 1.29.2

Release notes

Sourced from @​moonrepo/cli's releases.

v1.29.2

🚀 Updates

  • Removed the warning around .env files not existing in certain environments.

🐞 Fixes

  • Fixed an issue where the task option timeout would apply to the overall run, and not for each attempt when using the retryCount option.

⚙️ Internal

  • Updated Rust to v1.82.

v1.29.1

🚀 Updates

  • Added a new task option merge, that defines the same strategy for all applicable fields. Can be overridden with mergeX task options.
  • Added a moon setting to .moon/toolchain.yml, which can be used to customize the update check process.

🐞 Fixes

  • Fixed moon query projects including dependency projects by default. Can be controlled with --upstream.
  • Fixed moon query projects regex patterns not working when used in conjunction with affected.
  • Fixed Bash-based hooks being generated with the wrong path separators on Windows.
  • Fixed an issue where an inherited task with merge strategy "replace" will accidentally remove task args, deps, and env in inheriting tasks.
  • Fixed an issue where token variables and environment variables used within task args together would not be replaced correctly.

v1.29.0

🚀 Updates

  • Implemented a new affected project tracker that is more accurate and more powerful.
    • Can now control the depth of upstream (dependencies) and downstream (dependents).
    • Affected information now logs more information and is included in reports/JSON.
    • Added --upstream and --downstream options to moon query projects.
    • Coming soon for affected tasks as well!
  • Implemented experimental support for a new configuration language, Pkl!
    • Pkl is programmable, allowing for variables, loops, conditionals, and more.
  • Added a new task option, cacheLifetime, that controls how long a task will be cached for.
  • Added a new task merge strategy, preserve, that preserves the original inherited value.
  • Added a new setting vcs.hookFormat to .moon/workspace.yml, that can customize the shell/file format for hooks.
  • Added "sync workspace action" support to toolchain plugins. This is our first step in supporting toolchains via WASM plugins.
  • Updated task outputs to support token and environment variables.

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

1.29.2

🚀 Updates

  • Removed the warning around .env files not existing in certain environments.

🐞 Fixes

  • Fixed an issue where the task option timeout would apply to the overall run, and not for each attempt when using the retryCount option.

⚙️ Internal

  • Updated Rust to v1.82.

1.29.1

🚀 Updates

  • Added a new task option merge, that defines the same strategy for all applicable fields. Can be overridden with mergeX task options.
  • Added a moon setting to .moon/toolchain.yml, which can be used to customize the update check process.

🐞 Fixes

  • Fixed moon query projects including dependency projects by default. Can be controlled with --upstream.
  • Fixed moon query projects regex patterns not working when used in conjunction with affected.
  • Fixed Bash-based hooks being generated with the wrong path separators on Windows.
  • Fixed an issue where an inherited task with merge strategy "replace" will accidentally remove task args, deps, and env in inheriting tasks.
  • Fixed an issue where token variables and environment variables used within task args together would not be replaced correctly.

1.29.0

🚀 Updates

  • Implemented a new affected project tracker that is more accurate and more powerful.
    • Can now control the depth of upstream (dependencies) and downstream (dependents).
    • Affected information now logs more information and is included in reports/JSON.
    • Added --upstream and --downstream options to moon query projects.
    • Coming soon for affected tasks as well!
  • Implemented experimental support for a new configuration language, Pkl!
    • Pkl is programmable, allowing for variables, loops, conditionals, and more.
  • Added a new task option, cacheLifetime, that controls how long a task will be cached for.
  • Added a new task merge strategy, preserve, that preserves the original inherited value.
  • Added a new setting vcs.hookFormat to .moon/workspace.yml, that can customize the shell/file format for hooks.

... (truncated)

Commits


Updates @vitest/coverage-v8 from 2.1.2 to 2.1.3

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.3

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits


Updates vitest from 2.1.2 to 2.1.3

Release notes

Sourced from vitest's releases.

v2.1.3

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • 4c03a0d chore: release v2.1.3
  • 70baaaa fix(vitest): use fast-glob instead of tinyglobby in Vitest (#6688)
  • 19d64e2 fix(vitest): always inline setup files (#6689)
  • 47dde76 fix(vitest): show rollup error details as test error (#6686)
  • 7155cee refactor(coverage): move re-usable parts to base provider (#6665)
  • 7a0de0a perf: reuse full name in reported tasks, update generator types (#6666)
  • 8bef5d2 fix(browser): not.toBeInTheDocument works with locators API (#6634)
  • 9ece395 fix(vitest): fix \<empty line> logs when interleaving console.log/error (#...
  • 000459a fix(vitest): deprecate old task types and node-reliant types (#6632)
  • 946d8bb fix(vitest): don't hang with maxConcurrency 0 (#6627)
  • Additional commits viewable in compare view


Updates @astrojs/starlight from 0.28.2 to 0.28.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.28.3

Patch Changes

Changelog

Sourced from @​astrojs/starlight's changelog.

0.28.3

Patch Changes

Commits


Updates @astrojs/ts-plugin from 1.10.2 to 1.10.3

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.3

Patch Changes

  • 8673fa5: Fixes certain cases where content schemas would not be reloaded properly when they were updated
Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.3

Patch Changes

  • 8673fa5: Fixes certain cases where content schemas would not be reloaded properly when they were updated
Commits


Updates vite from 5.4.8 to 5.4.9

Release notes

Sourced from vite's releases.

v5.4.9

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.9 (2024-10-14)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/starlight@0.28.3 Transitive: environment, eval, filesystem, network, shell +234 28.9 MB fredkschott, matthewp, natemoo-re
npm/@astrojs/ts-plugin@1.10.3 Transitive: environment, filesystem +11 6.68 MB fredkschott
npm/@biomejs/biome@1.9.4 None 0 210 kB conaclos, dominionl, ematipico, ...1 more
npm/@moonrepo/cli@1.29.2 environment, filesystem Transitive: shell +1 32.1 kB milesj
npm/@vitest/coverage-v8@2.1.3 Transitive: environment, filesystem, shell +64 10.9 MB vitestbot
npm/vite@5.4.9 Transitive: environment, filesystem, network, shell +5 3.77 MB antfu, patak, soda, ...2 more
npm/vitest@2.1.3 environment, eval Transitive: filesystem, shell, unsafe +31 4.19 MB vitestbot

🚮 Removed packages: npm/@astrojs/starlight@0.28.2, npm/@astrojs/ts-plugin@1.10.2, npm/@biomejs/biome@1.9.3, npm/@moonrepo/cli@1.28.3, npm/@vitest/coverage-v8@2.1.2, npm/vite@5.4.8, npm/vitest@2.1.2

View full report↗︎

dependabot[bot] commented 3 weeks ago

Looks like these dependencies are updatable in another way, so this is no longer needed.