oaeproject / Hilary

Open Academic Environment (OAE) Back-End
http://www.oaeproject.org
Educational Community License v2.0
105 stars 96 forks source link

build(deps): bump degenerator and pm2 #2570

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps degenerator to 3.0.2 and updates ancestor dependency pm2. These dependencies need to be updated together.

Updates degenerator from 2.2.0 to 3.0.2

Release notes

Sourced from degenerator's releases.

3.0.2

Patches

  • Update vm2 to v3.9.8: f690e194041f9dacba5341d5a98bbd1a65996048

3.0.1

Patches

  • Fix return undefined: ccc3445354135398b6eb1a04c7d27c13b833f2d5
  • Fix filename option: 9d25bb67d957bc2e5425fea7bf7a58b3fc64ff9e

3.0.0

Major Changes

  • Remove "generator" output mode: #12
  • Use vm2 module to prevent privilege escalation of untrusted code: #11

Minor Changes

  • Add any default return type to compile(): e0b9fc83faabb101944b63bc73b710be7787f15b
Commits


Updates pm2 from 4.5.6 to 5.2.0

Release notes

Sourced from pm2's releases.

5.2.0

  • replace node-cron by croner (#5183 #5035)
  • upgrade mocha deps
  • fix pm2 report when daemon not running
  • remove semver check for legacy node.js versions
  • update node version in setup.deb.sh by using lts (#5201) + openrc
  • replace legacy util._extend by Object.assign (#5239)
  • add missing start options types (#5242)
  • recursive detection of package.json (#5267)
  • make tarball module uninstall cross-platform (#5269)
  • Fix unnecessary "ENOENT" console.error when serving a spa (#5272)
  • fix: used env variable instead of hardcode datetime format (#5277)
  • copyright update (#5278)
  • fix: remove constants import from VersionCheck (not needed) (#5279)
  • Reduce async import (#5280)

5.1.2

  • cron-restart improvements

5.1.1

  • add back Node 10.x support
  • make pm2-sysmonit module optional
  • remove fast-printf and replace with sprintfjs

5.0.3

  • fixes for system monitoring

5.0.0

System Monitoring

A new local system monitoring feature has been added, allowing to monitor numerous vital server metrics.

Most important metrics will be displayed when doing a pm2 ls:

┌─────┬─────────────────┬─────────────┬─────────┬─────────┬──────────┬────────┬──────┬───────────┬──────────┬──────────┬──────────┬──────────┐
│ id  │ name            │ namespace   │ version │ mode    │ pid      │ uptime │ ↺    │ status    │ cpu      │ mem      │ user     │ watching │
├─────┼─────────────────┼─────────────┼─────────┼─────────┼──────────┼────────┼──────┼───────────┼──────────┼──────────┼──────────┼──────────┤
│ 4   │ app             │ default     │ 1.0.0   │ fork    │ 164618   │ 2s     │ 1670 │ online    │ 0%       │ 41.8mb   │ unitech  │ disabled │
└─────┴─────────────────┴─────────────┴─────────┴─────────┴──────────┴────────┴──────┴───────────┴──────────┴──────────┴──────────┴──────────┘
host metrics | cpu: 1.6% 42.9º | mem free: 52.0% | wlp0s20f3: ⇓ 0mb/s ⇑ 0mb/s | disk: ⇓ 0.199mb/s ⇑ 0mb/s /dev/nvme0n1p3 88.25% |

All server metrics will be available to pm2.io:

┌─────────────────────────────┬──────────────────────────────────┐
│ PM2 CPU Usage               │ 0.0 %                            │
│ PM2 Memory Usage            │ 67.4 mb                          │
│ PM2 Agent CPU Usage         │ 0 %                              │
</tr></table> 

... (truncated)

Changelog

Sourced from pm2's changelog.

5.2.0

  • replace node-cron by croner (#5183 #5035)
  • upgrade mocha deps
  • fix pm2 report when daemon not running
  • remove semver check for legacy node.js versions
  • update node version in setup.deb.sh by using lts (#5201) + openrc
  • replace legacy util._extend by Object.assign (#5239)
  • add missing start options types (#5242)
  • recursive detection of package.json (#5267)
  • make tarball module uninstall cross-platform (#5269)
  • Fix unnecessary "ENOENT" console.error when serving a spa (#5272)
  • fix: used env variable instead of hardcode datetime format (#5277)
  • copyright update (#5278)
  • fix: remove constants import from VersionCheck (not needed) (#5279)
  • Reduce async import (#5280)

5.1.2

  • easily disable cron-restart strategy via $ pm2 restart --cron-restart 0
  • allow to update cron-restart on restart

5.1.1

  • remove fast-printf and replace with sprintfjs

5.1.0

  • add back Node 10.x support
  • make pm2-sysmonit module optional

5.0.3

  • skip system monitoring on Windows

5.0.1/5.0.2

  • fix npm install --no-optional pm2

5.0.0

System Monitoring

A new local system monitoring feature has been added, allowing to monitor numerous vital server metrics.

Most important metrics will be displayed when doing a pm2 ls:

┌─────┬─────────────────┬─────────────┬─────────┬─────────┬──────────┬────────┬──────┬───────────┬──────────┬──────────┬──────────┬──────────┐
│ id  │ name            │ namespace   │ version │ mode    │ pid      │ uptime │ ↺    │ status    │ cpu      │ mem      │ user     │ watching │
</tr></table> 

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/oaeproject/Hilary/network/alerts).

This change is Reviewable