Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: update all non-major dependencies #27625

Merged
merged 1 commit into from
May 14, 2024
Merged

build: update all non-major dependencies #27625

merged 1 commit into from
May 14, 2024

Conversation

angular-robot
Copy link
Collaborator

@angular-robot angular-robot commented May 9, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
@typescript-eslint/eslint-plugin (source) devDependencies minor 7.8.0 -> 7.9.0
@typescript-eslint/parser (source) devDependencies minor 7.8.0 -> 7.9.0
actions/checkout action patch v4.1.4 -> v4.1.5
aspect_bazel_lib http_archive patch v2.7.2 -> v2.7.3
esbuild optionalDependencies patch 0.21.1 -> 0.21.2
esbuild dependencies patch 0.21.1 -> 0.21.2
esbuild devDependencies patch 0.21.1 -> 0.21.2
esbuild-wasm dependencies patch 0.21.1 -> 0.21.2
esbuild-wasm devDependencies patch 0.21.1 -> 0.21.2
inquirer (source) dependencies patch 9.2.20 -> 9.2.21
inquirer (source) devDependencies patch 9.2.20 -> 9.2.21
quicktype-core devDependencies patch 23.0.158 -> 23.0.162
sass dependencies patch 1.77.0 -> 1.77.1
sass devDependencies patch 1.77.0 -> 1.77.1
semver dependencies patch 7.6.1 -> 7.6.2
semver devDependencies patch 7.6.1 -> 7.6.2
undici (source) dependencies patch 6.16.0 -> 6.16.1
undici (source) devDependencies patch 6.16.0 -> 6.16.1
verdaccio (source) devDependencies minor 5.30.3 -> 5.31.0

Release Notes

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v7.9.0

Compare Source

🩹 Fixes
  • eslint-plugin: [explicit-function-return-types] fix false positive on default parameters
❤️ Thank You
  • Kirk Waiblinger
  • Sheetal Nandi
  • Vinccool96

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v7.9.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

actions/checkout (actions/checkout)

v4.1.5

Compare Source

What's Changed

Full Changelog: actions/checkout@v4.1.4...v4.1.5

aspect-build/bazel-lib (aspect_bazel_lib)

v2.7.3

Compare Source

Using Bzlmod with Bazel 6:

  1. Enable with common --enable_bzlmod in .bazelrc.
  2. Add to your MODULE.bazel file:
bazel_dep(name = "aspect_bazel_lib", version = "2.7.3")

Read more about bzlmod: https://blog.aspect.dev/bzlmod

Using WORKSPACE

Paste this snippet into your WORKSPACE file:

load("@​bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "aspect_bazel_lib",
    sha256 = "87ab4ec479ebeb00d286266aca2068caeef1bb0b1765e8f71c7b6cfee6af4226",
    strip_prefix = "bazel-lib-2.7.3",
    url = "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.3/bazel-lib-v2.7.3.tar.gz",
)

load("@​aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies", "aspect_bazel_lib_register_toolchains")

### Required bazel-lib dependencies

aspect_bazel_lib_dependencies()

### Register bazel-lib toolchains

aspect_bazel_lib_register_toolchains()

What's Changed

Full Changelog: bazel-contrib/bazel-lib@v2.7.2...v2.7.3

evanw/esbuild (esbuild)

v0.21.2

Compare Source

  • Correct this in field and accessor decorators (#​3761)

    This release changes the value of this in initializers for class field and accessor decorators from the module-level this value to the appropriate this value for the decorated element (either the class or the instance). It was previously incorrect due to lack of test coverage. Here's an example of a decorator that doesn't work without this change:

    const dec = () => function() { this.bar = true }
class Foo { @​dec static foo }
console.log(Foo.bar) // Should be "true"

  • Allow es2023 as a target environment (#​3762)

    TypeScript recently added es2023 as a compilation target, so esbuild now supports this too. There is no difference between a target of es2022 and es2023 as far as esbuild is concerned since the 2023 edition of JavaScript doesn't introduce any new syntax features.

SBoudrias/Inquirer.js (inquirer)

v9.2.21

Compare Source

quicktype/quicktype (quicktype-core)

v23.0.162

Compare Source

v23.0.161

Compare Source

v23.0.160

Compare Source

v23.0.159

Compare Source

sass/dart-sass (sass)

v1.77.1

Compare Source

  • Fix a crash that could come up with importers in certain contexts.
npm/node-semver (semver)

v7.6.2

Compare Source

Bug Fixes
nodejs/undici (undici)

v6.16.1

Compare Source

What's Changed

Full Changelog: nodejs/undici@v6.16.0...v6.16.1

verdaccio/verdaccio (verdaccio)

v5.31.0

Compare Source

(🗞️ hey renovate users, read this)

ℹ️ Important changes added to the .verdaccio-db.json and token signature for users that run on Node.js 22 or higher (in the future 🙃 ) please read
https://verdaccio.org/docs/configuration/#.verdaccio-db

TLDR:

  • Enforced for users that runs verdaccio via npmjs, for all Docker image isuers, verdaccio uses Node.js LTS 21 and the secret migration is voluntary until next major release.
  • For Node.js 21 or lower a new deprecation will appear [VERWAR007] VerdaccioDeprecation: the secret length is too lon... to remove it please read the link above
  • For Node.js 22 if you have already a storage with .verdaccio-db.json and the token inside does not complies with the length (read link above) the application startup will fail with fatal error (Error: Invalid storage secret key length, must be 32 characters long but is....)

In both cases by updating the secret all previously tokens will get invalid, in your benefit a new legacy signature will be applied and is more secure than the old one (generating tokens with salt).

For existing installations that have no issues by invalidating tokens is recommended to add to the config.yaml the following setup, this will automatically generate a new the secret once is started, could be removed aftewards, if all went succesfull the [VERWAR007] deprecation will not be displayed anymore.

security:
  api:
    migrateToSecureLegacySignature: true

Any new installation should not worry about this, new token signature and secret (32 characters) is applied by default.

Features
Bug Fixes

Configuration

📅 Schedule: Branch creation - "after 10:00pm every weekday,before 4:00am every weekday,every weekend" in timezone America/Tijuana, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker target: minor This PR is targeted for the next minor release labels May 9, 2024
@angular-robot angular-robot bot added the area: build & ci Related the build and CI infrastructure of the project label May 9, 2024
@angular-robot angular-robot force-pushed the ng-renovate/all-minor-patch branch 7 times, most recently from 514aaf5 to 371eeba Compare May 13, 2024 05:10
@alan-agius4 alan-agius4 added target: rc This PR is targeted for the next release-candidate and removed target: minor This PR is targeted for the next minor release labels May 13, 2024
@angular-robot angular-robot force-pushed the ng-renovate/all-minor-patch branch 3 times, most recently from 87be21e to 849c507 Compare May 13, 2024 18:13
@alan-agius4 alan-agius4 merged commit 0154af9 into angular:main May 14, 2024
32 checks passed
@angular-robot angular-robot deleted the ng-renovate/all-minor-patch branch May 14, 2024 13:13
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jun 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: rc This PR is targeted for the next release-candidate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@angular-robot @alan-agius4