search

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
https://astro-shield.kindspells.dev
MIT License
58 stars 6 forks source link

chore(deps): bump the prod-deps group across 1 directory with 2 updates #154

Closed dependabot[bot] closed 3 weeks ago

dependabot[bot] commented 1 month ago

Bumps the prod-deps group with 2 updates in the / directory: sst and astro.

Updates sst from 3.1.67 to 3.2.61

Release notes

Sourced from sst's releases.

v3.2.61

Changelog

  • 1dea9450d17a76441a747923981a78aa91c2b9ac dev: fix freezing on wsl when exiting sst dev

v3.2.60

Changelog

  • 43606b520ce6b5add65a3342cff71af053387d40 Components: .get() supports resource options like providers

v3.2.59

Changelog

  • 48e04e3df4ebeb4ce990a8dc0d7acd6e930bbb30 SsrSite: fix bucket files removal issue when provider is provided

v3.2.58

Changelog

  • 6a39fc127f764d8986a7c799b55b4ef9d85d40bc Function: do not show hint for internally created function url
  • 2670f614820e8613f898f81e39e46b8317414a96 Sites: respect provider region for s3 uploads
  • 3ecb4275a01e1acac690bf3fcb0c7a2d412b0252 examples: update playground

v3.2.57

Changelog

  • 58ff613568d742b3abe09ec62da2aedd2e957127 sst.cloudflare.Worker: add workerd polyfills

v3.2.56

Changelog

  • c970fca3c476cd0815698d5284275e3ea20251b0 fix: pass through nodePaths to esbuild (#4974)
  • e7394e2bcfaade543956dd5bcf8ec9790c3aef0e fix: use correct paths for pyproject and related files (#4967)

v3.2.55

Changelog

  • 70fb331b40ab872f73b319f6dab07d03d849e56b fix: freezing when killing sst dev on mac os

v3.2.54

Changelog

  • 0d8aa57b85773c0f3b8a6b843c671342f8089015 fix: slice out of bounds error when exiting with error

v3.2.52

Changelog

  • 9a2b758b265c3f162cf7f06d18fc2d9db3887dbc introduce process manager to better kill processes that hang in the background

v3.2.51

Changelog

  • 9a2b758b265c3f162cf7f06d18fc2d9db3887dbc introduce process manager to better kill processes that hang in the background

v3.2.50

Changelog

  • 021f69f032889a823f60b8a6f2f466c29f660f64 Docs: update version number
  • fe3e2269ba299adfe7ae7d4029e873c76ec7e1e7 sst.aws.Function: fix runtime not found error when using amazon linux

v3.2.49

Changelog

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by sst-publisher, a new releaser for sst since your current version.


Updates astro from 4.15.11 to 4.16.7

Release notes

Sourced from astro's releases.

astro@4.16.7

Patch Changes

astro@4.16.6

Patch Changes

  • #11823 a3d30a6 Thanks @​DerTimonius! - fix: improve error message when inferSize is used in local images with the Image component

  • #12227 8b1a641 Thanks @​florian-lefebvre! - Fixes a case where environment variables would not be refreshed when using astro:env

  • #12239 2b6daa5 Thanks @​ematipico! - BREAKING CHANGE to the experimental Container API only

    Changes the default page rendering behavior of Astro components in containers, and adds a new option partial: false to render full Astro pages as before.

    Previously, the Container API was rendering all Astro components as if they were full Astro pages containing <!DOCTYPE html> by default. This was not intended, and now by default, all components will render as page partials: only the contents of the components without a page shell.

    To render the component as a full-fledged Astro page, pass a new option called partial: false to renderToString() and renderToResponse():

    import { experimental_AstroContainer as AstroContainer } from 'astro/container';
import Card from '../src/components/Card.astro';

    const container = AstroContainer.create();
    

    await container.renderToString(Card); // the string will not contain &lt;!DOCTYPE html&gt;
await container.renderToString(Card, { partial: false }); // the string will contain &lt;!DOCTYPE html&gt;

astro@4.16.5

Patch Changes

astro@4.16.4

Patch Changes

  • #12223 79ffa5d Thanks @​ArmandPhilippot! - Fixes a false positive reported by the dev toolbar Audit app where a label was considered missing when associated with a button

... (truncated)

Changelog

Sourced from astro's changelog.

4.16.7

Patch Changes

4.16.6

Patch Changes

  • #11823 a3d30a6 Thanks @​DerTimonius! - fix: improve error message when inferSize is used in local images with the Image component

  • #12227 8b1a641 Thanks @​florian-lefebvre! - Fixes a case where environment variables would not be refreshed when using astro:env

  • #12239 2b6daa5 Thanks @​ematipico! - BREAKING CHANGE to the experimental Container API only

    Changes the default page rendering behavior of Astro components in containers, and adds a new option partial: false to render full Astro pages as before.

    Previously, the Container API was rendering all Astro components as if they were full Astro pages containing <!DOCTYPE html> by default. This was not intended, and now by default, all components will render as page partials: only the contents of the components without a page shell.

    To render the component as a full-fledged Astro page, pass a new option called partial: false to renderToString() and renderToResponse():

    import { experimental_AstroContainer as AstroContainer } from 'astro/container';
import Card from '../src/components/Card.astro';

    const container = AstroContainer.create();
    

    await container.renderToString(Card); // the string will not contain &lt;!DOCTYPE html&gt;
await container.renderToString(Card, { partial: false }); // the string will contain &lt;!DOCTYPE html&gt;

4.16.5

Patch Changes

4.16.4

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/astro@4.16.7 Transitive: environment, eval, filesystem, network, shell +305 61.5 MB fredkschott
npm/sst@3.2.61 environment, filesystem, network +8 1.42 MB sst-publisher

🚮 Removed packages: npm/astro@4.15.11, npm/sst@3.1.67

View full report↗︎

dependabot[bot] commented 3 weeks ago

Looks like these dependencies are no longer updatable, so this is no longer needed.