search

upleveled / security-vulnerability-examples-next-js-postgres

https://vuln-examples-next-postgres-jose.vercel.app/
11 stars 6 forks source link

Update dependency upgrades - non-major #174

Closed renovate[bot] closed 7 months ago

renovate[bot] commented 7 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@types/react (source) 18.2.55 -> 18.2.57 age adoption passing confidence
dompurify 3.0.8 -> 3.0.9 age adoption passing confidence
dotenv 16.3.1 -> 16.4.5 age adoption passing confidence
eslint-config-upleveled 7.8.0 -> 7.8.1 age adoption passing confidence
prettier-plugin-embed 0.4.13 -> 0.4.14 age adoption passing confidence
sass 1.70.0 -> 1.71.1 age adoption passing confidence

Release Notes

cure53/DOMPurify (dompurify) ### [`v3.0.9`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.9): DOMPurify 3.0.9 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.8...3.0.9) - Fixed a problem with proper detection of Custom Elements, thanks [@​kevin-mizu](https://togithub.com/kevin-mizu) - Refactored the `hasOwnProperty` logic, thanks [@​ssi02014](https://togithub.com/ssi02014) - Removed a superfluous `console.warn` making HappyDom happier, thanks [@​HugoPoi](https://togithub.com/HugoPoi) - Modernized some of the demo hooks for better looks, thanks [@​Steb95](https://togithub.com/Steb95)
motdotla/dotenv (dotenv) ### [`v16.4.5`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1645-2024-02-19) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.4...v16.4.5) ##### Changed - 🐞 fix recent regression when using `path` option. return to historical behavior: do not attempt to auto find `.env` if `path` set. (regression was introduced in `16.4.3`) [#​814](https://togithub.com/motdotla/dotenv/pull/814) ### [`v16.4.4`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1644-2024-02-13) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.3...v16.4.4) ##### Changed - 🐞 Replaced chaining operator `?.` with old school `&&` (fixing node 12 failures) [#​812](https://togithub.com/motdotla/dotenv/pull/812) ### [`v16.4.3`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1643-2024-02-12) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.2...v16.4.3) ##### Changed - Fixed processing of multiple files in `options.path` [#​805](https://togithub.com/motdotla/dotenv/pull/805) ### [`v16.4.2`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1642-2024-02-10) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.1...v16.4.2) ##### Changed - Changed funding link in package.json to [`dotenvx.com`](https://dotenvx.com) ### [`v16.4.1`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1641-2024-01-24) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.4.0...v16.4.1) - Patch support for array as `path` option [#​797](https://togithub.com/motdotla/dotenv/pull/797) ### [`v16.4.0`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1640-2024-01-23) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.3.2...v16.4.0) - Add `error.code` to error messages around `.env.vault` decryption handling [#​795](https://togithub.com/motdotla/dotenv/pull/795) - Add ability to find `.env.vault` file when filename(s) passed as an array [#​784](https://togithub.com/motdotla/dotenv/pull/784) ### [`v16.3.2`](https://togithub.com/motdotla/dotenv/blob/HEAD/CHANGELOG.md#1632-2024-01-18) [Compare Source](https://togithub.com/motdotla/dotenv/compare/v16.3.1...v16.3.2) ##### Added - Add debug message when no encoding set [#​735](https://togithub.com/motdotla/dotenv/pull/735) ##### Changed - Fix output typing for `populate` [#​792](https://togithub.com/motdotla/dotenv/pull/792) - Use subarray instead of slice [#​793](https://togithub.com/motdotla/dotenv/pull/793)
upleveled/eslint-config-upleveled (eslint-config-upleveled) ### [`v7.8.1`](https://togithub.com/upleveled/eslint-config-upleveled/releases/tag/v7.8.1) [Compare Source](https://togithub.com/upleveled/eslint-config-upleveled/compare/v7.8.0...v7.8.1) - Update dependency upgrades - non-major ([#​341](https://togithub.com/upleveled/eslint-config-upleveled/issues/341)) [`1d7b285`](https://togithub.com/upleveled/eslint-config-upleveled/commit/1d7b285) - Update typescript-eslint monorepo to v7 ([#​340](https://togithub.com/upleveled/eslint-config-upleveled/issues/340)) [`6b7484f`](https://togithub.com/upleveled/eslint-config-upleveled/commit/6b7484f) - Update dependency upgrades - non-major ([#​338](https://togithub.com/upleveled/eslint-config-upleveled/issues/338)) [`47fca5f`](https://togithub.com/upleveled/eslint-config-upleveled/commit/47fca5f) - Update dependency globals to v14 ([#​339](https://togithub.com/upleveled/eslint-config-upleveled/issues/339)) [`4fe6c68`](https://togithub.com/upleveled/eslint-config-upleveled/commit/4fe6c68) - Upgrade tests [`d3c076b`](https://togithub.com/upleveled/eslint-config-upleveled/commit/d3c076b)
Sec-ant/prettier-plugin-embed (prettier-plugin-embed) ### [`v0.4.14`](https://togithub.com/Sec-ant/prettier-plugin-embed/blob/HEAD/CHANGELOG.md#0414) [Compare Source](https://togithub.com/Sec-ant/prettier-plugin-embed/compare/v0.4.13...v0.4.14) ##### Patch Changes - [`442be39`](https://togithub.com/Sec-ant/prettier-plugin-embed/commit/442be39): Fix language plugin check false positives. `throwIfPluginIsNotFound` is discarded. Detailed explanation can be found at [https://github.com/Sec-ant/prettier-plugin-embed/issues/84#issuecomment-1953844934](https://togithub.com/Sec-ant/prettier-plugin-embed/issues/84#issuecomment-1953844934).
sass/dart-sass (sass) ### [`v1.71.1`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1711) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.71.0...1.71.1) ##### Command-Line Interface - Ship the musl Linux release with the proper Dart executable. ##### JavaScript API - Export the `NodePackageImporter` class in ESM mode. - Allow `NodePackageImporter` to locate a default directory even when the entrypoint is an ESM module. ##### Dart API - Make passing a null argument to `NodePackageImporter()` a static error rather than just a runtime error. ##### Embedded Sass - In the JS Embedded Host, properly install the musl Linux embedded compiler when running on musl Linux. ### [`v1.71.0`](https://togithub.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1710) [Compare Source](https://togithub.com/sass/dart-sass/compare/1.70.0...1.71.0) For more information about `pkg:` importers, see [the announcement][pkg-importers] on the Sass blog. [pkg-importers]: https://sass-lang.com/blog/announcing-pkg-importers ##### Command-Line Interface - Add a `--pkg-importer` flag to enable built-in `pkg:` importers. Currently this only supports the Node.js package resolution algorithm, via `--pkg-importer=node`. For example, `@use "pkg:bootstrap"` will load `node_modules/bootstrap/scss/bootstrap.scss`. ##### JavaScript API - Add a `NodePackageImporter` importer that can be passed to the `importers` option. This loads files using the `pkg:` URL scheme according to the Node.js package resolution algorithm. For example, `@use "pkg:bootstrap"` will load `node_modules/bootstrap/scss/bootstrap.scss`. The constructor takes a single optional argument, which indicates the base directory to use when locating `node_modules` directories. It defaults to `path.dirname(require.main.filename)`. ##### Dart API - Add a `NodePackageImporter` importer that can be passed to the `importers` option. This loads files using the `pkg:` URL scheme according to the Node.js package resolution algorithm. For example, `@use "pkg:bootstrap"` will load `node_modules/bootstrap/scss/bootstrap.scss`. The constructor takes a single argument, which indicates the base directory to use when locating `node_modules` directories.

Configuration

📅 Schedule: Branch creation - "after 4pm on thursday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Mend Renovate. View repository job log here.

socket-security[bot] commented 7 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/react@18.2.57 None +3 1.62 MB types
npm/dompurify@3.0.9 None 0 721 kB cure53
npm/eslint-config-upleveled@7.8.1 environment Transitive: eval, filesystem, shell, unsafe +404 86.4 MB karlhorky
npm/prettier-plugin-embed@0.4.14 None +7 1000 kB sec-ant
npm/sass@1.71.1 filesystem, unsafe Transitive: environment +16 6.35 MB sassbot

🚮 Removed packages: npm/@types/react@18.2.55, npm/dompurify@3.0.8, npm/eslint-config-upleveled@7.8.0, npm/prettier-plugin-embed@0.4.13, npm/sass@1.70.0

View full report↗︎