mayeaux / nodetube

Open-source YouTube alternative that offers video, audio and image uploads, livestreaming and built-in monetization
MIT License
2.35k stars 266 forks source link

Bump tar, node-sass and node-sass-middleware #464

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps tar to 6.1.11 and updates ancestor dependencies tar, node-sass and node-sass-middleware. These dependencies need to be updated together.

Updates tar from 4.4.13 to 6.1.11

Changelog

Sourced from tar's changelog.

Changelog

6.0

  • Drop support for node 6 and 8
  • fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

  • Address unpack race conditions using path reservations
  • Change large-numbers errors from TypeError to Error
  • Add TAR_* error codes
  • Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
  • do not treat ignored entries as an invalid archive
  • drop support for node v4
  • unpack: conditionally use a file mapping to write files on Windows
  • Set more portable 'mode' value in portable mode
  • Set portable gzip option in portable mode

4.4

  • Add 'mtime' option to tar creation to force mtime
  • unpack: only reuse file fs entries if nlink = 1
  • unpack: rename before unlinking files on Windows
  • Fix encoding/decoding of base-256 numbers
  • Use stat instead of lstat when checking CWD
  • Always provide a callback to fs.close()

4.3

  • Add 'transform' unpack option

4.2

  • Fail when zlib fails

4.1

  • Add noMtime flag for tar creation

4.0

  • unpack: raise error if cwd is missing or not a dir
  • pack: don't drop dots from dotfiles when prefixing

3.1

  • Support @file.tar as an entry argument to copy entries from one tar

... (truncated)

Commits
  • e573aee 6.1.11
  • edb8e9a fix: perf regression on hot string munging path
  • a9d9b05 chore(test): Avoid spurious failures packing node_modules/.cache
  • 24b8bda fix(test): use posix path for testing path reservations
  • e5a223c fix(test): make unpack test pass on case-sensitive fs
  • 188badd 6.1.10
  • 23312ce drop dirCache for symlink on all platforms
  • 4f1f4a2 6.1.9
  • 875a37e fix: prevent path escape using drive-relative paths
  • b6162c7 fix: reserve paths properly for unicode, windows
  • Additional commits viewable in compare view


Updates node-sass from 4.14.1 to 7.0.3

Release notes

Sourced from node-sass's releases.

v7.0.3

Dependencies

  • Bump sass-graph from 4.0.0 to ^4.0.1

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v7.0.2

This release has been unpublished

v7.0.1

Dependencies

  • Bump node-gyp from 7.1.2 to 8.4.1
  • Bump sass-graph from 2.2.5 to 4.0.0

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v7.0.0

Breaking changes

Features

Dependencies

... (truncated)

Commits


Updates node-sass-middleware from 0.11.0 to 1.0.1

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mayeaux/nodetube/network/alerts).