search

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
https://astro-shield.kindspells.dev
MIT License
58 stars 6 forks source link

chore(deps): bump the prod-deps group across 1 directory with 2 updates #163

Closed dependabot[bot] closed 3 days ago

dependabot[bot] commented 1 week ago

Bumps the prod-deps group with 2 updates in the / directory: sst and astro.

Updates sst from 3.2.73 to 3.3.22

Release notes

Sourced from sst's releases.

v3.3.22

Changelog

  • c255a21c3f9dd26db70e2545fc56acb8e7394c58 Remix: fix client build touput
  • 1e2a4e9d1bcd1a621039dc2cfe57fd518101e5ee Remix: handle loading vite config hangs

v3.3.21

Changelog

  • 86e042976a2be8a58b85065829947160064ff33d Components: support granular control over build concurrency

v3.3.20

Changelog

  • 98b9d9751cdd63b69213926733d498bc5784dbe9 Config: update AutoDeploy config type
  • 982a630593d52ddc25827b75ae77c630ef1bdd7d sst.cloudflare.Worker: fix conflict with unenv polyfill

v3.3.19

Changelog

  • 86a8b0977cf3101c149306927b9ec71d7888ba65 do not use bun for sst add to keep thigns simpler

v3.3.18

Changelog

  • 8a9b008f3e4b5cc416d2b9b8d32681584935f596 sst.aws.Function: use arn for sourcemap key

v3.3.16

Changelog

v3.3.14

Changelog

  • a7a5d3695fdeb86167c59c39f2fa244abe2ec1ec Ensure softwareTokenMfaConfiguration is not set when not enabled on cognito user pool (#5029)
  • fd947386af45359aeab6108beb0f7cfb0249fa3a Function: support storage
  • 44778ee9139883b9355e5a1411eb414116daeb93 Support container level health checks in ECS (#4990)
  • ca0f0a2b3ebb0472577da620736fccea13c6375e feat(platform): support container secrets (#5042)

v3.3.13

Changelog

  • b58f34dc86751423305fe3ac666ae16effe20c00 aws: improve bootstrapping system
  • 3539b90f00749efb850079e28b34e22062392b70 tunnel: force tunnel to cleanup previous interface on start

v3.3.12

Changelog

  • 1c3e34f2bd96aab11ef79759197f1f0de2c91249 Bus: handle EventRule resource names

v3.3.11

Changelog

  • 49ea09375806c084d079ae306c3e3e3353494c8b sst.aws.Function: fix live lambda not connecting to appsync when using static credentials

v3.3.10

Changelog

... (truncated)

Commits


Updates astro from 4.16.8 to 4.16.13

Release notes

Sourced from astro's releases.

astro@4.16.13

Patch Changes

  • #12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

  • #12392 0462219 Thanks @​apatel369! - Fixes an issue where scripts were not correctly injected during the build. The issue was triggered when there were injected routes with the same entrypoint and different pattern

astro@4.16.12

Patch Changes

  • #12420 acac0af Thanks @​ematipico! - Fixes an issue where the dev server returns a 404 status code when a user middleware returns a valid Response.

astro@4.16.11

Patch Changes

  • #12305 f5f7109 Thanks @​florian-lefebvre! - Fixes a case where the error overlay would not escape the message

  • #12402 823e73b Thanks @​ematipico! - Fixes a case where Astro allowed to call an action without using Astro.callAction. This is now invalid, and Astro will show a proper error.

    ---
import { actions } from "astro:actions";

    -const result = actions.getUser({ userId: 123 });
+const result = Astro.callAction(actions.getUser, { userId: 123 });

  • #12401 9cca108 Thanks @​bholmesdev! - Fixes unexpected 200 status in dev server logs for action errors and redirects.

astro@4.16.10

Patch Changes

  • #12311 bf2723e Thanks @​dinesh-58! - Adds checked to the list of boolean attributes.

  • #12363 222f718 Thanks @​Fryuni! - Fixes code generated by astro add command when adding a version of an integration other than the default latest.

  • #12368 493fe43 Thanks @​bluwy! - Improves error logs when executing commands

  • #12355 c4726d7 Thanks @​apatel369! - Improves error reporting for invalid frontmatter in MDX files during the astro build command. The error message now includes the file path where the frontmatter parsing failed.

astro@4.16.9

Patch Changes

... (truncated)

Changelog

Sourced from astro's changelog.

4.16.13

Patch Changes

  • #12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

  • #12392 0462219 Thanks @​apatel369! - Fixes an issue where scripts were not correctly injected during the build. The issue was triggered when there were injected routes with the same entrypoint and different pattern

4.16.12

Patch Changes

  • #12420 acac0af Thanks @​ematipico! - Fixes an issue where the dev server returns a 404 status code when a user middleware returns a valid Response.

4.16.11

Patch Changes

  • #12305 f5f7109 Thanks @​florian-lefebvre! - Fixes a case where the error overlay would not escape the message

  • #12402 823e73b Thanks @​ematipico! - Fixes a case where Astro allowed to call an action without using Astro.callAction. This is now invalid, and Astro will show a proper error.

    ---
import { actions } from "astro:actions";

    -const result = actions.getUser({ userId: 123 });
+const result = Astro.callAction(actions.getUser, { userId: 123 });

  • #12401 9cca108 Thanks @​bholmesdev! - Fixes unexpected 200 status in dev server logs for action errors and redirects.

4.16.10

Patch Changes

  • #12311 bf2723e Thanks @​dinesh-58! - Adds checked to the list of boolean attributes.

  • #12363 222f718 Thanks @​Fryuni! - Fixes code generated by astro add command when adding a version of an integration other than the default latest.

  • #12368 493fe43 Thanks @​bluwy! - Improves error logs when executing commands

  • #12355 c4726d7 Thanks @​apatel369! - Improves error reporting for invalid frontmatter in MDX files during the astro build command. The error message now includes the file path where the frontmatter parsing failed.

4.16.9

Patch Changes

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 1 week ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/astro@4.16.13 Transitive: environment, eval, filesystem, network, shell, unsafe +303 57.9 MB fredkschott
npm/sst@3.3.22 environment, filesystem, network +8 1.42 MB sst-publisher

🚮 Removed packages: npm/astro@4.16.8, npm/sst@3.2.73

View full report↗︎

dependabot[bot] commented 3 days ago

Superseded by #165.