chore(deps): update all non-major dependencies #204
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.16.5
->7.16.7
7.16.5
->7.16.7
27.0.3
->27.4.0
16.11.17
->16.11.21
5.8.0
->5.10.0
5.8.0
->5.10.0
8.5.0
->8.7.0
8.2.0
->8.3.0
27.4.5
->27.4.7
16.13.1
->16.13.2
27.1.2
->27.1.3
4.5.4
->4.5.5
2.7.7
->2.7.13
3.2.26
->3.2.28
1.9.5
->1.9.7
Release Notes
babel/babel
v7.16.7
Compare Source
👓 Spec Compliance
babel-parser
🐛 Bug Fix
babel-plugin-transform-runtime
,babel-runtime-corejs2
,babel-runtime-corejs3
,babel-runtime
./typeof.js
helper in@babel/runtime
(@exb)babel-helpers
babel-helper-function-name
,babel-plugin-transform-function-name
💅 Polish
babel-core
$schema
property in json config files (@The-x-Theorist)typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
v5.10.0
Compare Source
Bug Fixes
Features
experimental-utils
toutils
and makeexperimental-utils
an alias to the new package (#4172) (1d55a75)5.9.1 (2022-01-10)
Note: Version bump only for package @typescript-eslint/eslint-plugin
v5.9.1
Compare Source
Note: Version bump only for package @typescript-eslint/eslint-plugin
v5.9.0
Compare Source
Features
5.8.1 (2021-12-27)
Bug Fixes
v5.8.1
Compare Source
Bug Fixes
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v5.10.0
Compare Source
Features
experimental-utils
toutils
and makeexperimental-utils
an alias to the new package (#4172) (1d55a75)5.9.1 (2022-01-10)
Note: Version bump only for package @typescript-eslint/parser
v5.9.1
Compare Source
Note: Version bump only for package @typescript-eslint/parser
v5.9.0
Compare Source
Note: Version bump only for package @typescript-eslint/parser
5.8.1 (2021-12-27)
Note: Version bump only for package @typescript-eslint/parser
v5.8.1
Compare Source
Note: Version bump only for package @typescript-eslint/parser
eslint/eslint
v8.7.0
Compare Source
Features
19ad061
feat: no-restricted-imports support casing (#15439) (gfyoung)564ecdb
feat: Support arbitrary module namespace names in no-restricted-imports (#15491) (Milos Djermanovic)968a02a
feat: Support arbitrary module namespace names in no-useless-rename (#15493) (Milos Djermanovic)0d2b9a6
feat: moveeslint --init
to @eslint/create-config (#15150) (唯然)127f524
feat: false negative withproperty
option inid-match
(#15474) (Nitin Kumar)359b2c1
feat: Support arbitrary module namespace names in the camelcase rule (#15490) (Milos Djermanovic)3549571
feat: Support arbitrary module namespace names in the quotes rule (#15479) (Milos Djermanovic)5563c45
feat: Support arbitrary module namespace names in keyword-spacing (#15481) (Milos Djermanovic)fd3683f
feat: Support arbitrary module namespace names in no-restricted-exports (#15478) (Milos Djermanovic)Bug Fixes
a8db9a5
fix: no-invalid-this false positive in class field initializer (#15495) (Milos Djermanovic)02d6426
fix: Correctly consume RuleTester statics (#15507) (Brad Zacher)db15802
fix: Add propertyfatalErrorCount
to ignored file results (#15520) (Francesco Trotta)03ac8cf
fix: Prevent false positives with no-constant-condition (#15486) (Jordan Eldredge)Documentation
f50f849
docs: Update CLI docs to prefer local install (#15513) (Nicholas C. Zakas)0469eb1
docs: Update shell code fences for new website (#15522) (Olga)Chores
369fb1b
chore: Upgrade to eslint-visitor-keys@3.2.0 (#15526) (Brandon Mills)ba6317b
ci: remove master branch from CI configs (#15501) (Milos Djermanovic)79b6340
chore: fixed typo in client-Engine (#15497) (Abhay Gupta)6278281
chore: switchnew syntax
issue template to forms (#15480) (Nitin Kumar)v8.6.0
Compare Source
Features
6802a54
feat: handle logical assignment in no-self-assign (#14152) (Zzzen)3b38018
feat: allow to defineeslint-disable-next-line
in multiple lines (#15436) (Nitin Kumar)9d6fe5a
feat: false negative withonlyDeclarations
+properties
in id-match (#15431) (Nitin Kumar)Documentation
6c4dee2
docs: Document homedir is a configuration root (#15469) (Bas Bosman)51c37b1
docs: consistency changes (#15404) (Bas Bosman)775d181
docs: Mention character classes in no-useless-escape (#15421) (Sebastian Simon)Chores
3a384fc
chore: Upgrade espree to 9.3.0 (#15473) (Brandon Mills)1443cc2
chore: Update blogpost.md.ejs (#15468) (Nicholas C. Zakas)28e907a
refactor: remove unused parameter inlinter.js
(#15451) (Milos Djermanovic)eaa08d3
test: add tests forallowReserved
parser option with flat config (#15450) (Milos Djermanovic)vuejs/eslint-plugin-vue
v8.3.0
Compare Source
🐛 Bug Fixes
<textarea>
without end tag invue/html-indent
rule.vue/require-explicit-emits
rule.⚙️ Updates
$set
and$nextTick
in computed properties.Full Changelog: vuejs/eslint-plugin-vue@v8.2.0...v8.3.0
facebook/jest
v27.4.7
Compare Source
Fixes
jest-config
Add missing@babel/core
dependency (#12216)v27.4.6
Compare Source
Fixes
[jest-environment-node]
AddAbortSignal
(#12157)[jest-environment-node]
Add Missing node globalperformance
(#12002)[jest-runtime]
Handle missingmocked
property (#12213)[@jest/transform]
Update dependency packagepirates
to 4.0.4 (#12002)Performance
jest-config
perf: only register ts-node once when loading TS config files (#12160)nodejs/node
v16.13.2
Compare Source
This is a security release.
Notable changes
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.
Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the
--security-revert
command-line option.More details will be available at CVE-2021-44531 after publication.
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.
Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the
--security-revert
command-line option.More details will be available at CVE-2021-44532 after publication.
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.
Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
More details will be available at CVE-2021-44533 after publication.
Prototype pollution via
console.table
properties (Low)(CVE-2022-21824)Due to the formatting logic of the
console.table()
function it was not safe to allow user controlled input to be passed to theproperties
parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be__proto__
. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.
More details will be available at CVE-2022-21824 after publication.
Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.
Commits
8dd4ca4537
] - console: fix prototype pollution via console.table (Tobias Nießen) nodejs-private/node-private#307e52882da4c
] - crypto,tls: implement safe x509 GeneralName format (Tobias Nießen) nodejs-private/node-private#3009a0a189b0b
] - src: add cve reverts and associated tests (Michael Dawson) nodejs-private/node-private#3004a262d42bc
] - src: remove unused x509 functions (Tobias Nießen) nodejs-private/node-private#300965536fe3d
] - tls: fix handling of x509 subject and issuer (Tobias Nießen) nodejs-private/node-private#300a2cbfa95ff
] - tls: drop support for URI alternative names (Tobias Nießen) nodejs-private/node-private#300kulshekhar/ts-jest
v27.1.3
Compare Source
Bug Fixes
Microsoft/TypeScript
v4.5.5
Compare Source
This patch release includes a number of fixes to language service crashes and assertion violations, along with improvements to JSX attribute snippets.
For the complete list of fixed issues, check out the
Downloads are available on:
vitejs/vite
v2.7.13
Compare Source
Please refer to CHANGELOG.md for details.
v2.7.12
Compare Source
Please refer to CHANGELOG.md for details.
v2.7.11
Compare Source
Please refer to CHANGELOG.md for details.
v2.7.10
Compare Source
Please refer to CHANGELOG.md for details.
v2.7.9
Compare Source
v2.7.8
Compare Source
Bug Fixes
vuejs/vuepress
v1.9.7
Compare Source
Bug Fixes
ariaLabel
at default theme config (a7b12bf) @chenhaoliv1.9.6
Compare Source
Bug Fixes
sidebarDepth
at default theme config (5c6a16c) @chenhaoliFeatures
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by WhiteSource Renovate. View repository job log here.