Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates #185

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps-dev): bump the dev-deps group across 1 directory with 6 updates #185

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 6, 2025

Bumps the dev-deps group with 6 updates in the / directory:

Package From To
@moonrepo/cli 1.29.3 1.30.6
@vitest/coverage-v8 2.1.4 2.1.8
vitest 2.1.4 2.1.8
@astrojs/starlight 0.28.5 0.30.3
rollup 4.24.3 4.30.0
vite 5.4.10 6.0.7

Updates @moonrepo/cli from 1.29.3 to 1.30.6

Release notes

Sourced from @​moonrepo/cli's releases.

v1.30.6

🐞 Fixes

  • Fixed an issue where python venv would fail to find an applicable Python version.
  • Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
  • Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

  • Updated proto to v0.44.1 (from 0.43.1).

v1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

v1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

v1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

v1.30.2

🐞 Fixes

  • Fixed an issue where dependencies/dependents of an affected task would be skipped in the action graph if they were also not affected.
  • Fixed a potential cycle (stack overflow) that may occur in the affected tracker.

... (truncated)

Changelog

Sourced from @​moonrepo/cli's changelog.

1.30.6

🐞 Fixes

  • Fixed an issue where python venv would fail to find an applicable Python version.
  • Fixed an issue with PowerShell Git hooks not bubbling up exit codes of failed commands.
  • Fixed an issue where Git submodules/worktrees would point to the wrong hooks folder.

⚙️ Internal

  • Updated proto to v0.44.1 (from 0.43.1).

1.30.5

🐞 Fixes

  • Fixed Python virtual env bin path not being available for tasks when python.version is not defined.

⚙️ Internal

  • Updated proto to v0.43.1 (from 0.43.0).
  • Updated dependencies.

1.30.4

🐞 Fixes

  • Fixed moon ci showing incorrect job related logs.
  • Fixed some issues with the Python toolchain:
    • pip is no longer required to be enabled to activate a virtual environment.
    • Changed python.rootRequirementsOnly to false by default.
    • The venv root is now the location of a found requirements.txt, otherwise the package root, or workspace root if python.rootRequirementsOnly is enabled.
    • Tasks will now inherit the correct venv paths in PATH.

1.30.3

🐞 Fixes

  • Fixed an issue where a task with explicit no inputs (inputs: []) would always be marked as affected.

⚙️ Internal

  • Updated proto to v0.43.0 (from 0.42.2).
  • Updated wasmtime to v26 (from v23).
  • Updated Rust to v1.83.

1.30.2

... (truncated)

Commits

Updates @vitest/coverage-v8 from 2.1.4 to 2.1.8

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits

Updates vitest from 2.1.4 to 2.1.8

Release notes

Sourced from vitest's releases.

v2.1.8

   🐞 Bug Fixes

    View changes on GitHub

v2.1.7

   🐞 Bug Fixes

  • Revert support for Vite 6  -  by @​sheremet-va (fbe5c)
    • This introduced some breaking changes (vitest-dev/vitest#6992). We will enable support for it later. In the meantime, you can still use pnpm.overrides or yarn resolutions to override the vite version in the vitest package - the APIs are compatible.
    View changes on GitHub

v2.1.6

🚀 Features

  • Support Vite 6
    View changes on GitHub

v2.1.5

   🐞 Bug Fixes

   🏎 Performance

... (truncated)

Commits
  • d69cc75 bump: 2.1.8
  • 92f7a2a fix: support Node 21
  • 81ed45b chore: release v2.1.7
  • fbe5c39 fix: revert support for Vite 6
  • b936702 bump: 2.1.6
  • 32f23b9 chore: release v2.1.5
  • 417bdb4 fix(browser): init browsers eagerly when tests are running (#6876)
  • 93b67c2 fix: throw an error and a warning if .poll, .element, .rejects/`.resolv...
  • 9a0c93d fix(browser): stop the browser rpc when the pool is closed (#6858)
  • 251893b chore: set resolve.mainFields and resolve.conditions for SSR environment ...
  • Additional commits viewable in compare view

Updates @astrojs/starlight from 0.28.5 to 0.30.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.30.3

Patch Changes

  • #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

  • #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

  • #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

  • #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

@​astrojs/starlight@​0.30.2

Patch Changes

  • #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

  • #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

@​astrojs/starlight@​0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

@​astrojs/starlight@​0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

       // src/content.config.ts
 import { defineCollection } from "astro:content";
+import { docsLoader } from "@astrojs/starlight/loaders";

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.30.3

Patch Changes

  • #2717 c5fcbb3 Thanks @​delucis! - Fixes a list item spacing issue where line break elements (<br>) could receive a margin, breaking layout in Firefox

  • #2724 02d7ac6 Thanks @​dionysuzx! - Adds social link support for Farcaster

  • #2635 ec4b851 Thanks @​HiDeoo! - Fixes an issue where the language picker in multilingual sites could display the wrong language when navigating between pages with the browser back/forward buttons.

  • #2726 e54ebd5 Thanks @​techfg! - Adds icon for phone

0.30.2

Patch Changes

  • #2702 02d16f3 Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API with directories containing spaces or special characters.

  • #2704 fd16470 Thanks @​delucis! - Fixes display of focus indicator around site title

0.30.1

Patch Changes

  • #2688 5c6996c Thanks @​HiDeoo! - Fixes an issue with autogenerated sidebars when using Starlight with Astro's new Content Layer API where group names would be sluggified.

0.30.0

Minor Changes

  • #2612 8d5a4e8 Thanks @​HiDeoo! - Adds support for Astro v5, drops support for Astro v4.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v4 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v5. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    Update your collections

    ⚠️ BREAKING CHANGE: Starlight's internal content collections, which organize, validate, and render your content, have been updated to use Astro's new Content Layer API and require configuration changes in your project.

    1. Move the content config file. This file no longer lives within the src/content/config.ts folder and should now exist at src/content.config.ts.

    2. Edit the collection definition(s). To update the docs collection, a loader is now required:

      

      3. 

    

    • 






... (truncated)





Commits






Updates rollup from 4.24.3 to 4.30.0



Release notes

Sourced from rollup's releases.




v4.30.0


4.30.0


2025-01-06


Features


    

  • Inline values of resolvable unary expressions for improved tree-shaking (#5775)
    • 



Pull Requests



v4.29.2


4.29.2


2025-01-05


Bug Fixes


    

  • Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)
    • 



Pull Requests



v4.29.1


4.29.1


2024-12-21


Bug Fixes


    

  • Fix crash from deoptimized logical expressions (#5771)
    • 



Pull Requests



v4.29.0


4.29.0


2024-12-20


Features





... (truncated)





Changelog

Sourced from rollup's changelog.




4.30.0


2025-01-06


Features


    

  • Inline values of resolvable unary expressions for improved tree-shaking (#5775)
    • 



Pull Requests



4.29.2


2025-01-05


Bug Fixes


    

  • Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)
    • 



Pull Requests



4.29.1


2024-12-21


Bug Fixes


    

  • Fix crash from deoptimized logical expressions (#5771)
    • 



Pull Requests



4.29.0


2024-12-20


Features


    

  • Treat objects as truthy and always check second argument to better simplify logical expressions (#5763)
    • 



Pull Requests





... (truncated)





Commits






Updates vite from 5.4.10 to 6.0.7



Release notes

Sourced from vite's releases.




v6.0.7


Please refer to CHANGELOG.md for details.


v6.0.6


Please refer to CHANGELOG.md for details.


v6.0.5


Please refer to CHANGELOG.md for details.


v6.0.4


Please refer to CHANGELOG.md for details.


v6.0.3


Please refer to CHANGELOG.md for details.


v6.0.2


Please refer to CHANGELOG.md for details.


[email protected]


Please refer to CHANGELOG.md for details.


v6.0.1


Please refer to CHANGELOG.md for details.


[email protected]


Please refer to CHANGELOG.md for details.


[email protected]


Please refer to CHANGELOG.md for details.


v6.0.0


Please refer to CHANGELOG.md for details.


v6.0.0-beta.10


Please refer to CHANGELOG.md for details.


v6.0.0-beta.9


Please refer to CHANGELOG.md for details.


v6.0.0-beta.8


Please refer to CHANGELOG.md for details.


v6.0.0-beta.7


Please refer to CHANGELOG.md for details.


v6.0.0-beta.6


Please refer to CHANGELOG.md for details.


v6.0.0-beta.5


Please refer to CHANGELOG.md for details.





... (truncated)





Changelog

Sourced from vite's changelog.




6.0.7 (2025-01-02)



6.0.6 (2024-12-26)



6.0.5 (2024-12-20)



6.0.4 (2024-12-19)






... (truncated)





Commits

    

  • a671e58 release: v6.0.7
    • 

  • 1c102d5 fix(ssr): fix semicolon injection by ssr transform (#19097)
    • 

  • 677508b perf: skip globbing for static path in warmup (#19107)
    • 

  • b178c90 fix: skip the plugin if it has been called before with the same id and import...
    • 

  • a492253 fix(html): error while removing vite-ignore attribute for inline script (#1...
    • 

  • b07c036 feat(css): show lightningcss warnings (#19076)
    • 

  • f7b1964 fix: fix minify when builder.sharedPlugins: true (#19025)
    • 

  • 5c2b4a0 release: v6.0.6
    • 

  • 9290d85 fix(css): show correct error when unknown placeholder is used for CSS modules...
    • 

  • afff05c fix(css): resolve style tags in HTML files correctly for lightningcss (#19001)
    • 

  • Additional commits viewable in compare view
    • 







Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.





Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:


    

  • @dependabot rebase will rebase this PR
    • 

  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • 

  • @dependabot merge will merge this PR after your CI passes on it
    • 

  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • 

  • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • 

  • @dependabot reopen will reopen this PR if it is closed
    • 

  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • 

  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
    • 

  • `@dependabot ignore <depend...
    • 



Description has been truncated

    

  
  



      


          

          
  

    
  
    
    

  

  




          

        
      




  





                  



      

  
        

  

      

  
  

  
          

  

    

      


  

      
        @dependabot
  




      

        
          chore(deps-dev): bump the dev-deps group across 1 directory with 6 up…
        

          
                        
      


      

        

    
    
    

  

    


      


      

        

          

    
    
    

  

  

    
  



        

      


      

        
          17013c7
        
      

    

  

    

      
…dates

Bumps the dev-deps group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@moonrepo/cli](https://github.com/moonrepo/moon/tree/HEAD/packages/cli) | `1.29.3` | `1.30.6` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `2.1.4` | `2.1.8` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `2.1.4` | `2.1.8` |
| [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.28.5` | `0.30.3` |
| [rollup](https://github.com/rollup/rollup) | `4.24.3` | `4.30.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.10` | `6.0.7` |



Updates `@moonrepo/cli` from 1.29.3 to 1.30.6
- [Release notes](https://github.com/moonrepo/moon/releases)
- [Changelog](https://github.com/moonrepo/moon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moonrepo/moon/commits/@moonrepo/[email protected]/packages/cli)

Updates `@vitest/coverage-v8` from 2.1.4 to 2.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.8/packages/coverage-v8)

Updates `vitest` from 2.1.4 to 2.1.8
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v2.1.8/packages/vitest)

Updates `@astrojs/starlight` from 0.28.5 to 0.30.3
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/[email protected]/packages/starlight)

Updates `rollup` from 4.24.3 to 4.30.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.24.3...v4.30.0)

Updates `vite` from 5.4.10 to 6.0.7
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.7/packages/vite)

---
updated-dependencies:
- dependency-name: "@moonrepo/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: "@vitest/coverage-v8"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: vitest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: "@astrojs/starlight"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: rollup
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-deps
- dependency-name: vite
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <[email protected]>

    







  








      

  
            

    

      
    

    


      

          @dependabot
dependabot
bot



          added
  the 

  dependencies

  Pull requests that update a dependency file
 label


      Jan 6, 2025

    

  



  

  

    
  


  

      

    @dependabot
dependabot
bot


    mentioned this pull request
    
      Jan 6, 2025
    





  


  

      
   Closed

  







  









      

  
      



  

  @socket-security

    
      Socket Security
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎






Package
New capabilities
Transitives
Size
Publisher






npm/@astrojs/[email protected]
Transitive: environment, filesystem, network, shell
+238
29.2 MB
fredkschott




npm/@moonrepo/[email protected]
environment, filesystem Transitive: shell
+1
32.1 kB
milesj




npm/@vitest/[email protected]
Transitive: environment, filesystem, shell
+63
10.7 MB
vitestbot




npm/[email protected]
None
+1
2.64 MB
eventualbuddha, lukastaegert, rich_harris, ...2 more




npm/[email protected]
Transitive: environment, filesystem
+5
3.36 MB
antfu, patak, soda, ...2 more




npm/[email protected]
environment, eval Transitive: filesystem, network, shell, unsafe
+39
8.18 MB
vitestbot






🚮 Removed packages: npm/@astrojs/[email protected], npm/@moonrepo/[email protected], npm/@vitest/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]


View full report↗︎

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @socket-security

    
      Socket Security
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎


To accept the risk, merge this PR and you will not be notified again.



    
      

        Alert
        Package
        NoteSourceCI
      

    
    
      

            
               Possible typosquat attack 
            
            
               npm/[email protected] 
            
            
                              
                                                                ⚠︎           
          

    
  


View full report↗︎


Next steps



    
       What is a typosquat? 
    
    
Package name is similar to other popular packages and may not be the package you want.

    
Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

  



    
       Take a deeper look at the dependency 
    
    

      Take a moment to review the security alert above. Review the linked
      package source code to understand the potential risk. Ensure the package
      is not malicious before proceeding. If you're unsure how to proceed, reach
      out to your security team or ask the Socket team for help at support [AT]
      socket [DOT] dev.
    

  



    
       Remove the package 
    
    

      If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
    

  




Mark a package as acceptable risk


To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all




      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    
















  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
    




      

  

    
    

    
  

    Reviewers
  


    

    No reviews






    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    dependencies

  Pull requests that update a dependency file








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.



  


    
  




      

    

  
      

  

    

      0 participants