chore(deps): update all non-major dependencies (patch) #1254

renovate · 2023-06-19T00:49:56Z

This PR contains the following updates:

Package	Change	Type	Update
@sveltejs/kit (source)	`1.20.2` -> `1.20.5`	devDependencies	patch
@typescript-eslint/eslint-plugin	`5.59.9` -> `5.59.11`	devDependencies	patch
@typescript-eslint/parser	`5.59.9` -> `5.59.11`	devDependencies	patch
@vitest/ui (source)	`0.32.0` -> `0.32.2`	devDependencies	patch
analytics	`0.8.7` -> `0.8.9`	dependencies	patch
cy-verify-downloads	`0.1.14` -> `0.1.15`	devDependencies	patch
lint-staged	`13.2.2` -> `13.2.3`	devDependencies	patch
node	`18.16.0` -> `18.16.1`	volta	patch
node	`20.3.0` -> `20.3.1`	stage	patch
svelte (source)	`3.59.1` -> `3.59.2`	devDependencies	patch
typescript (source)	`5.1.3` -> `5.1.5`	devDependencies	patch
vitest	`0.32.0` -> `0.32.2`	devDependencies	patch

Release Notes

sveltejs/kit (@sveltejs/kit)

`v1.20.5`

Compare Source

Patch Changes

fix: batch synchronous invalidate invocations (#10145)
fix: allow rest params to be empty in resolvePath (#10146)
fix: correctly close dialogs when form is enhanced (#10093)
fix: precompress filter (#10185)

`v1.20.4`

Compare Source

Patch Changes

fix: remove reference to tiny-glob from postinstall script (#10174)

`v1.20.3`

Compare Source

Patch Changes

chore: remove tiny-glob as a dependency (#10166)
fix: don't import types from svelte/internal (#10172)
fix: don't skip rest parameter's matcher when there is a non-matching optional parameter (#10020)
fix: ensure fetch respects headers from provided Request (#10136)

typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)

`v5.59.11`

Compare Source

Note: Version bump only for package @typescript-eslint/eslint-plugin

`v5.59.10`

Compare Source

Note: Version bump only for package @typescript-eslint/eslint-plugin

typescript-eslint/typescript-eslint (@typescript-eslint/parser)

`v5.59.11`

Compare Source

Note: Version bump only for package @typescript-eslint/parser

`v5.59.10`

Compare Source

Note: Version bump only for package @typescript-eslint/parser

vitest-dev/vitest (@vitest/ui)

`v0.32.2`

Compare Source

🐞 Bug Fixes

browser: Don't fail on importing diff-sequences - by @sheremet-va (00b0e)

View changes on GitHub

View changes on GitHub

DavidWells/analytics (analytics)

`v0.8.9`

Compare Source

elaichenkov/cy-verify-downloads (cy-verify-downloads)

`v0.1.15`

Compare Source

Merge pull request #114 from elaichenkov/dependabot/npm_and_yarn/release-it-15.11.0 (5a78d61)
Merge pull request #113 from elaichenkov/dependabot/npm_and_yarn/cypress-12.14.0 (359c286)
build(deps-dev): bump release-it from 15.10.5 to 15.11.0 (79de182)
build(deps-dev): bump cypress from 12.13.0 to 12.14.0 (ba1166d)
Merge pull request #112 from elaichenkov/dependabot/npm_and_yarn/release-it-15.10.5 (8f31a9a)
build(deps-dev): bump release-it from 15.10.3 to 15.10.5 (6016298)
Merge pull request #111 from elaichenkov/dependabot/npm_and_yarn/cypress-12.13.0 (1a1f81e)
build(deps-dev): bump cypress from 12.12.0 to 12.13.0 (c21b7b5)
Merge pull request #110 from elaichenkov/dependabot/npm_and_yarn/vm2-3.9.18 (5939c55)
Merge pull request #109 from elaichenkov/dependabot/npm_and_yarn/cypress-12.12.0 (c5ec48b)
build(deps): bump vm2 from 3.9.17 to 3.9.18 (2fc42de)
build(deps-dev): bump cypress from 12.11.0 to 12.12.0 (28e6c5d)
Merge pull request #108 from elaichenkov/dependabot/npm_and_yarn/release-it-15.10.3 (e6c4399)
build(deps-dev): bump release-it from 15.10.2 to 15.10.3 (09877cf)
Merge pull request #107 from elaichenkov/dependabot/npm_and_yarn/release-it-15.10.2 (be78a1f)
Merge pull request #106 from elaichenkov/dependabot/npm_and_yarn/cypress-12.11.0 (2a165d8)
build(deps-dev): bump release-it from 15.10.1 to 15.10.2 (c34323e)
build(deps-dev): bump cypress from 12.10.0 to 12.11.0 (03759c7)
Merge pull request #105 from elaichenkov/dependabot/npm_and_yarn/cypress-12.10.0 (4fcf03b)
build(deps-dev): bump cypress from 12.9.0 to 12.10.0 (18645b8)
Merge pull request #104 from elaichenkov/dependabot/npm_and_yarn/vm2-3.9.17 (6251b6e)
build(deps): bump vm2 from 3.9.16 to 3.9.17 (3559f62)
Merge pull request #103 from elaichenkov/dependabot/npm_and_yarn/vm2-3.9.16 (878238e)
build(deps): bump vm2 from 3.9.15 to 3.9.16 (59e8ee7)
Merge pull request #102 from elaichenkov/dependabot/npm_and_yarn/vm2-3.9.15 (836f392)
build(deps): bump vm2 from 3.9.11 to 3.9.15 (08567c3)
Merge pull request #100 from elaichenkov/dependabot/npm_and_yarn/release-it-15.10.1 (064bfb1)
Merge pull request #99 from elaichenkov/dependabot/npm_and_yarn/cypress-12.9.0 (a7b8d9d)
build(deps-dev): bump release-it from 15.9.3 to 15.10.1 (47e4df2)
build(deps-dev): bump cypress from 12.8.1 to 12.9.0 (6a27fa8)

okonet/lint-staged (lint-staged)

`v13.2.3`

Compare Source

Bug Fixes

the --diff option implies --no-stash (66a716d)

nodejs/node (node)

`v18.16.1`: 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
c-ares vulnerabilities:

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

[bf3e2c8928] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen) nodejs-private/node-private#393
[70f9449072] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #48156
[35d4efb57b] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115
[392dfedc77] - deps: update archs files for openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402
[46cd5fe38b] - deps: upgrade openssl sources to quictls/openssl-3.0.9-quic1 (Node.js GitHub Bot) #48402
[7e3d2d85c2] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426
[4ff6ba050a] - http: disable request smuggling via rempty headers (Paolo Insogna) nodejs-private/node-private#428
[ab269129a6] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408
[925e8f5619] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416
[d6fae8e47e] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851

sveltejs/svelte (svelte)

`v3.59.2`

Compare Source

Fix escaping <textarea bind:value={...}> values in SSR

Microsoft/TypeScript (typescript)

`v5.1.5`: TypeScript 5.1.5

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

netlify · 2023-06-19T00:50:07Z

✅ Deploy Preview for mermaidjs ready!

Name	Link
🔨 Latest commit	`abcbd6a`
🔍 Latest deploy log	https://app.netlify.com/sites/mermaidjs/deploys/649be5f28335d90008020fcb
😎 Deploy Preview	https://deploy-preview-1254--mermaidjs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

cypress · 2023-06-19T00:54:46Z

Passing run #1028 ↗︎

0	28	6	0	0

Details:

Merge `bc68dd0` into `a3c4c79`...
Project: Mermaid Live Editor	Commit: `ebef26bb33 ℹ️`
Status: Passed	Duration: 02:15 💡
Started: Jun 28, 2023 12:51 AM	Ended: Jun 28, 2023 12:53 AM

_{This comment has been generated by cypress-bot as a result of this
project's GitHub integration settings.}

renovate bot force-pushed the renovate/patch-all-minor-patch branch 6 times, most recently from b132e2c to 9d12717 Compare June 23, 2023 15:43

renovate bot force-pushed the renovate/patch-all-minor-patch branch from 9d12717 to bc68dd0 Compare June 28, 2023 00:48

chore(deps): update all non-major dependencies

abcbd6a

renovate bot force-pushed the renovate/patch-all-minor-patch branch from bc68dd0 to abcbd6a Compare June 28, 2023 07:49

sidharthv96 merged commit 336422b into develop Jun 28, 2023

sidharthv96 deleted the renovate/patch-all-minor-patch branch June 28, 2023 09:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update all non-major dependencies (patch) #1254

chore(deps): update all non-major dependencies (patch) #1254

renovate bot commented Jun 19, 2023 •

edited

Loading

netlify bot commented Jun 19, 2023 •

edited

Loading

cypress bot commented Jun 19, 2023 •

edited

Loading

chore(deps): update all non-major dependencies (patch) #1254

chore(deps): update all non-major dependencies (patch) #1254

Conversation

renovate bot commented Jun 19, 2023 • edited Loading

Release Notes

Patch Changes

Patch Changes

Patch Changes

🐞 Bug Fixes

🚀 Features

🐞 Bug Fixes

Bug Fixes

v18.16.1: 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @​RafaelGSS

Notable Changes

Commits

v5.1.5: TypeScript 5.1.5

Configuration

netlify bot commented Jun 19, 2023 • edited Loading

✅ Deploy Preview for mermaidjs ready!

cypress bot commented Jun 19, 2023 • edited Loading

Passing run #1028 ↗︎

renovate bot commented Jun 19, 2023 •

edited

Loading

`v18.16.1`: 2023-06-20, Version 18.16.1 'Hydrogen' (LTS), @RafaelGSS

`v5.1.5`: TypeScript 5.1.5

netlify bot commented Jun 19, 2023 •

edited

Loading

cypress bot commented Jun 19, 2023 •

edited

Loading