search

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
https://astro-shield.kindspells.dev
MIT License
57 stars 6 forks source link

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates #164

Closed dependabot[bot] closed 33 minutes ago

dependabot[bot] commented 6 days ago

Bumps the dev-deps group with 6 updates in the / directory:

Package From To
@moonrepo/cli 1.29.3 1.29.4
@vitest/coverage-v8 2.1.4 2.1.5
vitest 2.1.4 2.1.5
@astrojs/starlight 0.28.5 0.29.0
rollup 4.24.3 4.27.2
vite 5.4.10 5.4.11

Updates @moonrepo/cli from 1.29.3 to 1.29.4

Release notes

Sourced from @​moonrepo/cli's releases.

v1.29.4

🚀 Updates

  • Added an experiments.strictProjectIds setting to .moon/workspace.yml. When enabled, will disallow using original IDs for renamed projects (via the id setting) when building the project graph.
  • Updated codegen/template destination to be relative from the workspace root if prefixed with /, otherwise the current working directory.

🐞 Fixes

  • Fixed an issue where moon would attempt to execute a folder if it has the same name as the current shell.
  • Fixed an issue where [working_dir] and [workspace_root] variables were not working in the template.yml destination setting.

⚙️ Internal

  • Updated dependencies.
  • Updated proto to v0.42.0 (from 0.41.3).
Changelog

Sourced from @​moonrepo/cli's changelog.

1.29.4

🚀 Updates

  • Added an experiments.strictProjectIds setting to .moon/workspace.yml. When enabled, will disallow using original IDs for renamed projects (via the id setting) when building the project graph.
  • Updated codegen/template destination to be relative from the workspace root if prefixed with /, otherwise the current working directory.

🐞 Fixes

  • Fixed an issue where moon would attempt to execute a folder if it has the same name as the current shell.
  • Fixed an issue where [working_dir] and [workspace_root] variables were not working in the template.yml destination setting.

⚙️ Internal

  • Updated dependencies.
  • Updated proto to v0.42.0 (from 0.41.3).
Commits


Updates @vitest/coverage-v8 from 2.1.4 to 2.1.5

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits


Updates vitest from 2.1.4 to 2.1.5

Release notes

Sourced from vitest's releases.

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Commits
  • 32f23b9 chore: release v2.1.5
  • 417bdb4 fix(browser): init browsers eagerly when tests are running (#6876)
  • 93b67c2 fix: throw an error and a warning if .poll, .element, .rejects/`.resolv...
  • 9a0c93d fix(browser): stop the browser rpc when the pool is closed (#6858)
  • 251893b chore: set resolve.mainFields and resolve.conditions for SSR environment ...
  • 0ad2cdc chore(deps): update all non-major dependencies (#6890)
  • 4c96cce fix: print ssrTransform error (#6885)
  • 98f76ea fix: don't rerun on Esc or Ctrl-C during watch filter (#6895)
  • 00ebea6 refactor(reporters): base reporter readability improvements (#6889)
  • 9b3c3de chore: add JSDoc to Jest assertions and asymmetric matchers (#6822)
  • Additional commits viewable in compare view


Updates @astrojs/starlight from 0.28.5 to 0.29.0

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.29.0

Minor Changes

  • #2551 154c8e3 Thanks @​hippotastic! - Updates the astro-expressive-code dependency to the latest version (0.38).

    The new version allows using ec.config.mjs to selectively override individual Expressive Code styles and settings provided by Starlight themes and plugins, speeds up Shiki language loading, and adds the config option expressiveCode.shiki.injectLangsIntoNestedCodeBlocks. See the Expressive Code release notes for full details.

  • #2252 6116db0 Thanks @​HiDeoo! - Improves build performance for sites with large sidebars

    This release adds a caching layer to Starlight’s sidebar generation logic, reducing the number of times sidebars need to be regenerated while building a site. Some benchmarks for projects with a complex sidebar saw builds complete more than 35% faster with this change.

  • #2503 a4c8edd Thanks @​HiDeoo! - Improves the accessibility of asides and tabs by removing some unnecessary HTML landmarks.

Patch Changes

@​astrojs/starlight@​0.28.6

Patch Changes

  • #2565 236467b Thanks @​HiDeoo! - Fixes an issue with custom UI strings defined in YAML files not being loaded in some contexts.
Changelog

Sourced from @​astrojs/starlight's changelog.

0.29.0

Minor Changes

  • #2551 154c8e3 Thanks @​hippotastic! - Updates the astro-expressive-code dependency to the latest version (0.38).

    The new version allows using ec.config.mjs to selectively override individual Expressive Code styles and settings provided by Starlight themes and plugins, speeds up Shiki language loading, and adds the config option expressiveCode.shiki.injectLangsIntoNestedCodeBlocks. See the Expressive Code release notes for full details.

  • #2252 6116db0 Thanks @​HiDeoo! - Improves build performance for sites with large sidebars

    This release adds a caching layer to Starlight’s sidebar generation logic, reducing the number of times sidebars need to be regenerated while building a site. Some benchmarks for projects with a complex sidebar saw builds complete more than 35% faster with this change.

  • #2503 a4c8edd Thanks @​HiDeoo! - Improves the accessibility of asides and tabs by removing some unnecessary HTML landmarks.

Patch Changes

0.28.6

Patch Changes

  • #2565 236467b Thanks @​HiDeoo! - Fixes an issue with custom UI strings defined in YAML files not being loaded in some contexts.
Commits


Updates rollup from 4.24.3 to 4.27.2

Release notes

Sourced from rollup's releases.

v4.27.2

4.27.2

2024-11-15

Bug Fixes

  • Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

v4.27.1

4.27.1

2024-11-15

Bug Fixes

  • Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

v4.27.0

4.27.0

2024-11-15

Features

  • Tree-shake unused properties in object literals (#5420)

Bug Fixes

  • Change hash length limit to 21 to avoid inconsistent hash length (#5423)

Pull Requests

v4.26.0

4.26.0

2024-11-13

... (truncated)

Changelog

Sourced from rollup's changelog.

4.27.2

2024-11-15

Bug Fixes

  • Ensure unused variables in patterns are always deconflicted if rendered (#5728)

Pull Requests

4.27.1

2024-11-15

Bug Fixes

  • Fix some situations where parameter declarations could put Rollup into an infinite loop (#5727)

Pull Requests

4.27.0

2024-11-15

Features

  • Tree-shake unused properties in object literals (#5420)

Bug Fixes

  • Change hash length limit to 21 to avoid inconsistent hash length (#5423)

Pull Requests

4.26.0

2024-11-13

Features

  • Allow to avoid await bundle.close() via explicit resource management in TypeScript (#5721)

... (truncated)

Commits


Updates vite from 5.4.10 to 5.4.11

Release notes

Sourced from vite's releases.

v5.4.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.11 (2024-11-11)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 6 days ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/starlight@0.29.0 Transitive: environment, eval, filesystem, network, shell +241 29.6 MB fredkschott
npm/@moonrepo/cli@1.29.4 environment, filesystem Transitive: shell +1 32.1 kB milesj
npm/@vitest/coverage-v8@2.1.5 Transitive: environment, filesystem, shell +63 10.7 MB antfu, oreanno, patak, ...1 more
npm/rollup@4.27.2 None +1 2.67 MB eventualbuddha, lukastaegert, rich_harris, ...2 more
npm/vite@5.4.11 Transitive: environment, filesystem, network, shell +5 3.77 MB antfu, patak, soda, ...2 more
npm/vitest@2.1.5 Transitive: environment, filesystem, shell, unsafe +33 4.37 MB antfu, oreanno, patak, ...1 more

🚮 Removed packages: npm/@astrojs/starlight@0.28.5, npm/@moonrepo/cli@1.29.3, npm/@vitest/coverage-v8@2.1.4, npm/rollup@4.24.3, npm/vite@5.4.10, npm/vitest@2.1.4

View full report↗︎

dependabot[bot] commented 33 minutes ago

Superseded by #166.