Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates #181

Closed
wants to merge 1 commit into from
Closed

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates #181

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 30, 2024
edited
Loading

Bumps the dev-deps group with 6 updates in the / directory:

Package From To
@moonrepo/cli 1.29.3 1.30.6
@vitest/coverage-v8 2.1.4 2.1.8
vitest 2.1.4 2.1.8
@astrojs/starlight 0.28.5 0.30.3
rollup 4.24.3 4.29.1
vite 5.4.10 6.0.6

Updates @moonrepo/cli from 1.29.3 to 1.30.6

Release notes

Sourced from @​moonrepo/cli's releases.

v1.30.6

🐞 Fixes

  • Fixed an issue where python venv would fail to find an applicable Python version.
  • Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
  • Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

  • Updated proto to v0.44.1 (from 0.43.1).

v1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

v1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

v1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

v1.30.2

🐞 Fixes

  • Fixed an issue where dependencies/dependents of an affected task would be skipped in the action graph if they were also not affected.
  • Fixed a potential cycle (stack overflow) that may occur in the affected tracker.

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

1.30.6

🐞 Fixes

  • Fixed an issue where python venv would fail to find an applicable Python version.
  • Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
  • Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

  • Updated proto to v0.44.1 (from 0.43.1).

1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

1.30.2

... (truncated)

Commits

Updates @vitest/coverage-v8 from 2.1.4 to 2.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits

Updates vitest from 2.1.4 to 2.1.8

Release notes

Sourced from vitest's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits
  • d69cc75 bump: 2.1.8
  • 92f7a2a fix: support Node 21
  • 81ed45b chore: release v2.1.7
  • fbe5c39 fix: revert support for Vite 6
  • b936702 bump: 2.1.6
  • 32f23b9 chore: release v2.1.5
  • 417bdb4 fix(browser): init browsers eagerly when tests are running (#6876)
  • 93b67c2 fix: throw an error and a warning if .poll, .element, .rejects/`.resolv...
  • 9a0c93d fix(browser): stop the browser rpc when the pool is closed (#6858)
  • 251893b chore: set resolve.mainFields and resolve.conditions for SSR environment ...
  • Additional commits viewable in compare view

Updates @astrojs/starlight from 0.28.5 to 0.30.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.30.3

Patch Changes

  • #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

  • #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

  • #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

  • #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

@​astrojs/starlight@​0.30.2

Patch Changes

  • #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

  • #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

@​astrojs/starlight@​0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

@​astrojs/starlight@​0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

       // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader } from "@astrojs/starlight/loaders";

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.30.3

Patch Changes

  • #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

  • #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

  • #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

  • #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

0.30.2

Patch Changes

  • #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

  • #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

      

      3. 

    

    • 






... (truncated)





Commits






Updates rollup from 4.24.3 to 4.29.1



Release notes

Sourced from rollup's releases.




v4.29.1


4.29.1


2024-12-21


Bug Fixes


    

  • Fix crash from deoptimized logical expressions (#5771)
    • 



Pull Requests



v4.29.0


4.29.0


2024-12-20


Features


    

  • Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)
    • 



Pull Requests



v4.28.1


4.28.1


2024-12-06


Bug Fixes


    

  • Support running Rollup natively on LoongArch (#5749)
    • 

  • Add optional debugId to SourceMap types (#5751)
    • 



Pull Requests






... (truncated)





Changelog

Sourced from rollup's changelog.




4.29.1


2024-12-21


Bug Fixes


    

  • Fix crash from deoptimized logical expressions (#5771)
    • 



Pull Requests



4.29.0


2024-12-20


Features


    

  • Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)
    • 



Pull Requests



4.28.1


2024-12-06


Bug Fixes


    

  • Support running Rollup natively on LoongArch (#5749)
    • 

  • Add optional debugId to SourceMap types (#5751)
    • 



Pull Requests



4.28.0





... (truncated)





Commits

    

  • 5d37778 4.29.1
    • 

  • 86e1f43 fix: do not optimize the literal value if the cache is deoptimized (#5771)
    • 

  • f116952 Remove unnecessary lifetimes (#5769)
    • 

  • dadd488 4.29.0
    • 

  • a4b78eb fix(deps): lock file maintenance minor/patch updates (#5767)
    • 

  • d52f00d fix: introduce UnknownFalsyValue for enhancing if statement tree-shaking (#5763)
    • 

  • 65c8901 chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#5766)
    • 

  • 7a8ac46 docs: add utf-8 encoding to JSON file reading (#5759)
    • 

  • 31f1670 fix(deps): lock file maintenance minor/patch updates (#5760)
    • 

  • e60fb1c 4.28.1
    • 

  • Additional commits viewable in compare view
    • 







Updates vite from 5.4.10 to 6.0.6



Release notes

Sourced from vite's releases.




v6.0.6


Please refer to CHANGELOG.md for details.


v6.0.5


Please refer to CHANGELOG.md for details.


v6.0.4


Please refer to CHANGELOG.md for details.


v6.0.3


Please refer to CHANGELOG.md for details.


v6.0.2


Please refer to CHANGELOG.md for details.


[email protected]


Please refer to CHANGELOG.md for details.


v6.0.1


Please refer to CHANGELOG.md for details.


[email protected]


Please refer to CHANGELOG.md for details.


[email protected]


Please refer to CHANGELOG.md for details.


v6.0.0


Please refer to CHANGELOG.md for details.


v6.0.0-beta.10


Please refer to CHANGELOG.md for details.


v6.0.0-beta.9


Please refer to CHANGELOG.md for details.


v6.0.0-beta.8


Please refer to CHANGELOG.md for details.


v6.0.0-beta.7


Please refer to CHANGELOG.md for details.


v6.0.0-beta.6


Please refer to CHANGELOG.md for details.


v6.0.0-beta.5


Please refer to CHANGELOG.md for details.


v6.0.0-beta.4


Please refer to CHANGELOG.md for details.





... (truncated)





Changelog

Sourced from vite's changelog.




6.0.6 (2024-12-26)



6.0.5 (2024-12-20)



6.0.4 (2024-12-19)



6.0.3 (2024-12-05)






... (truncated)





Commits

    

  • 5c2b4a0 release: v6.0.6
    • 

  • 9290d85 fix(css): show correct error when unknown placeholder is used for CSS modules...
    • 

  • afff05c fix(css): resolve style tags in HTML files correctly for lightningcss (#19001)
    • 


    

  
  



      


          

          
  

    
  
    
    

  

  




          

        
      




  





                  



      

  
        

  

      

  
  

  
          

  

    

      


  

      
        @dependabot
  




      

        
          chore(deps-dev): bump the dev-deps group across 1 directory with 6 up…
        

          
                        
      


      

        

    
    
    

  

    


      


      

        

          

    
    
    

  

  

    
  



        

      


      

        
          eceb741
        
      

    

  

    

      
…dates

Bumps the dev-deps group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@moonrepo/cli](https://github.com/moonrepo/moon/tree/HEAD/packages/cli) | `1.29.3` | `1.30.6` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `2.1.4` | `2.1.8` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.4` | `2.1.8` |
| [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.28.5` | `0.30.3` |
| [rollup](https://github.com/rollup/rollup) | `4.24.3` | `4.29.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.10` | `6.0.6` |



Updates `@moonrepo/cli` from 1.29.3 to 1.30.6
- [Release notes](https://github.com/moonrepo/moon/releases)
- [Changelog](https://github.com/moonrepo/moon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moonrepo/moon/commits/@moonrepo/[email protected]/packages/cli)

Updates `@vitest/coverage-v8` from 2.1.4 to 2.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.8/packages/coverage-v8)

Updates `vitest` from 2.1.4 to 2.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.8/packages/vitest)

Updates `@astrojs/starlight` from 0.28.5 to 0.30.3
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/[email protected]/packages/starlight)

Updates `rollup` from 4.24.3 to 4.29.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.24.3...v4.29.1)

Updates `vite` from 5.4.10 to 6.0.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.6/packages/vite)

---
updated-dependencies:
- dependency-name: "@moonrepo/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: "@vitest/coverage-v8"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: vitest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: "@astrojs/starlight"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: rollup
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <[email protected]>

    







  








      

  
            

    

      
    

    


      

          @dependabot
dependabot
bot



          added
  the 

  dependencies

  Pull requests that update a dependency file
 label


      Dec 30, 2024

    

  



  

  

    
  


  

      

    @dependabot
dependabot
bot


    mentioned this pull request
    
      Dec 30, 2024
    





  


  

      
   Closed

  







  









      

  
      



  

  @socket-security

    
      Socket Security
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎






Package
New capabilities
Transitives
Size
Publisher






npm/@astrojs/[email protected]
Transitive: environment, filesystem, network, shell
+236
29.7 MB
fredkschott




npm/@moonrepo/[email protected]
environment, filesystem Transitive: shell
+1
32.1 kB
milesj




npm/@vitest/[email protected]
Transitive: environment, filesystem, shell
+63
10.7 MB
vitestbot




npm/[email protected]
None
+1
2.63 MB
eventualbuddha, lukastaegert, rich_harris, ...2 more




npm/[email protected]
Transitive: environment, filesystem
+5
3.35 MB
antfu, patak, soda, ...2 more




npm/[email protected]
environment, eval Transitive: filesystem, network, shell, unsafe
+39
8.18 MB
vitestbot






🚮 Removed packages: npm/@astrojs/[email protected], npm/@moonrepo/[email protected], npm/@vitest/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]


View full report↗︎

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @socket-security

    
      Socket Security
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎


To accept the risk, merge this PR and you will not be notified again.



    
      

        Alert
        Package
        NoteSourceCI
      

    
    
      

            
               Possible typosquat attack 
            
            
               npm/[email protected] 
            
            
                              
                                                                ⚠︎           
          

    
  


View full report↗︎


Next steps



    
       What is a typosquat? 
    
    
Package name is similar to other popular packages and may not be the package you want.

    
Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

  



    
       Take a deeper look at the dependency 
    
    

      Take a moment to review the security alert above. Review the linked
      package source code to understand the potential risk. Ensure the package
      is not malicious before proceeding. If you're unsure how to proceed, reach
      out to your security team or ask the Socket team for help at support [AT]
      socket [DOT] dev.
    

  



    
       Remove the package 
    
    

      If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
    

  




Mark a package as acceptable risk


To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all




      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @dependabot

    
      Dependabot
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

      

      
            dependabot
  bot

      

      

      commented

        on behalf of github

        Jan 6, 2025


      
    


  





      


        


  
    

      
          
Superseded by #185.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    

      
    

    


      

          @dependabot
dependabot
bot



            closed this


      Jan 6, 2025

    

  


    


  

  
  

  
      @dependabot
  dependabot
bot

    
    deleted the
    
      
        dependabot/npm_and_yarn/dev-deps-ef214efc77
    
    branch

    January 6, 2025 08:04    
    













  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
    




      

  

    
    

    
  

    Reviewers
  


    

    No reviews






    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    dependencies

  Pull requests that update a dependency file








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.



  


    
  




      

    

  
      

  

    

      0 participants