chore(deps): lock file maintenance everything #321
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
renovate
bot
force-pushed
the
renovate/everything
branch
from
fcfd17f
to
d90ebc9
Compare
|
@SocketSecurity ignore-all |
This PR contains the following updates:
^4.20240423.0->^4.20240605.06.15.20->6.19.12.1.4->2.3.18.16.0->8.17.3^18.2.79->^18.3.3^14.2.2->^14.2.3^3.51.2->^3.60.01.1.4->1.1.12v3.4.1->v3.6.114.2.2->14.2.38f24390->f4d14e0^3.2.5->^3.3.118.2.0->18.3.1^3.4.3->^3.4.46.1.8->6.1.11^4.1.7->^4.1.8^0.5.14->^0.6.23.23.4->3.23.8🔧 This Pull Request updates lock files to use the latest dependency versions.
Release Notes
cloudflare/workerd (@cloudflare/workers-types)
v4.20240605.0Compare Source
v4.20240603.0Compare Source
v4.20240529.0Compare Source
v4.20240524.0Compare Source
v4.20240512.0Compare Source
v4.20240502.0Compare Source
sanity-io/client (@sanity/client)
v6.19.1Compare Source
Bug Fixes
v6.19.0Compare Source
Features
v6.18.3Compare Source
Bug Fixes
v6.18.2Compare Source
Bug Fixes
v6.18.1Compare Source
Bug Fixes
client.listenmemory leak (#805) (d2e468a)v6.18.0Compare Source
Features
v6.17.3Compare Source
Bug Fixes
v6.17.2Compare Source
Bug Fixes
stegaClean(#788) (06aaad2)v6.17.1Compare Source
Bug Fixes
v6.17.0Compare Source
Features
v6.16.0Compare Source
Features
stegaCleanmethod, deprecatevercelStegaCleanAll(#773) (2749586)Bug Fixes
sanity-io/ui (@sanity/ui)
v2.3.1Compare Source
Bug Fixes
v2.3.0Compare Source
Features
useForwardedRef(#1324) (62146b6)v2.2.0Compare Source
Features
mutedproperty (f70bff6)v2.1.14Compare Source
Bug Fixes
v2.1.13Compare Source
Bug Fixes
v2.1.12Compare Source
Bug Fixes
v2.1.11Compare Source
Bug Fixes
v2.1.10Compare Source
Bug Fixes
v2.1.9Compare Source
Bug Fixes
v2.1.8Compare Source
Bug Fixes
v2.1.7Compare Source
Bug Fixes
isElement(68f9620)v2.1.6Compare Source
Bug Fixes
v2.1.5Compare Source
Bug Fixes
TanStack/table (@tanstack/react-table)
v8.17.3Compare Source
Version 8.17.3 - 5/14/2024, 2:44 PM
Changes
Fix
5411f1a) by @jjh2613Packages
v8.17.0Compare Source
Version 8.17.0 - 5/12/2024, 7:21 PM
Changes
Feat
91f4360) by Kevin Van CottChore
8630fee) by Kevin Van CottDocs
c1085a6) by tarob1d29b4) by @geryogam58f7991) by @naughtoneae4d0f) by Kevin Vandyb803962) by Kevin Vandy102ffd2) by Kevin Van Cott64ef24c) by Kevin Vandyec1ab03) by Kevin Vandy72ab26a) by Kevin Van Cotte80b802) by Kevin Van Cottc7c4419) by Kevin Van Cotted37903) by @geryogam2afa14b) by @geryogam289eca3) by Kevin Van Cott365e0e9) by @KushagraMehtaOther
filters-fuzzyURL (#5520) (4fda521) by Joe GrevePackages
vercel/next.js (eslint-config-next)
v14.2.3Compare Source
cloudflare/workers-sdk (wrangler)
v3.60.0Compare Source
Minor Changes
#5878
1e68fe5Thanks @IgorMinar! - feat: add experimental support for hybrid Node.js compatibilityThis feature is experimental and not yet available for general consumption.
Use a combination of workerd Node.js builtins (behind the
experimental:nodejs_compat_v2flag) andUnenv polyfills (configured to only add those missing from the runtime) to provide a new more effective
Node.js compatibility approach.
#5988
e144f63Thanks @RamIdeas! - feature: rename thewrangler secret:bulkcommand towrangler secret bulkThe old command is now deprecated (but still functional) and will be removed in a future release. The new command is now more consistent with the rest of the wrangler CLI commands.
#5989
35b1a2fThanks @RamIdeas! - feature: renamewrangler kv:...commands towrangler kv ...The old commands are now deprecated (but still functional) and will be removed in a future release. The new commands are now more consistent with the rest of the wrangler CLI commands.
#5861
1cc52f1Thanks @zebp! - feat: allow for Pages projects to upload sourcemapsPages projects can now upload sourcemaps for server bundles to enable remapped stacktraces in realtime logs when deployed with
upload_source_mapset totrueinwrangler.toml.Patch Changes
#5939
21573f4Thanks @penalosa! - refactor: Adds the experimental flag--x-dev-envwhich opts in to using an experimental code path forwrangler devandwrangler dev --remote. There should be no observable behaviour changes when this flag is enabled.#5934
bac79fbThanks @dbenCF! - fix: Update create KV namespace binding details message for easier implementation#5927
6f83641Thanks @CarmenPopoviciu! - fix: Cleanpages devterminal ouputThis work includes a series of improvements to the
pages devterminal output, in an attempt to make this output more structured, organised, cleaner, easier to follow, and therefore more helpful for our users <3#5960
e648825Thanks @petebacondarwin! - fix: avoid injecting esbuild watch stubs into production Worker codeWhen we added the ability to include additional modules in the deployed bundle of a Worker,
we inadvertently also included some boiler plate code that is only needed at development time.
This fix ensures that this code is only injected if we are running esbuild in watch mode
(e.g.
wrangler dev) and not when building for deployment.It is interesting to note that this boilerplate only gets included in the production code
if there is an import of CommonJS code in the Worker, which esbuild needs to convert to an
ESM import.
Fixes #4269
Updated dependencies [
ab95473]:v3.59.0Compare Source
Minor Changes
#5963
bf803d7Thanks @Skye-31! - Feature: Add support for hiding the"unsafe" fields are experimentalwarning using an environment variableBy setting
WRANGLER_DISABLE_EXPERIMENTAL_WARNINGto any truthy value, these warnings will be hidden.Patch Changes
bdbb7f8]:v3.58.0Compare Source
Minor Changes
93b98cbThanks @WalshyDev! - feature: allow for writing authentication details per API environment. This allows someone targetting staging to have their staging auth details saved separately from production, this saves them logging in and out when switching environments.Patch Changes
#5938
9e4d8bcThanks @threepointone! - fix: let "assets" in wrangler.toml be a stringThe experimental "assets" field can be either a string or an object. However the type definition marks it only as an object. This is a problem because we use this to generate the json schema, which gets picked up by vscode's even better toml extension, and shows it to be an error when used with a string (even though it works fine). The fix is to simply change the type definition to add a string variant.
#5758
8e5e589Thanks @Jackenmen! - fix: use correct type for AI binding instead of unknownUpdated dependencies [
e0e7725]:v3.57.2Compare Source
Patch Changes
#5905
53f22a0Thanks @penalosa! - fix: Remove WARP certificate injection. Instead, you should ensure that any custom certificates that are needed are included inNODE_EXTRA_CA_CERTS.#5930
57daae0Thanks @WalshyDev! - chore: improve error message when updating secret for a non-deployed latest version.#5703
a905f31Thanks @penalosa! - fix: Don't useExportedHandler["middleware"]for injecting middlewareUpdated dependencies [
64ccdd6,4458a9e]:v3.57.1Compare Source
Patch Changes
#5859
f2ceb3aThanks @w-kuhn! - fix: queue consumer max_batch_timeout should accept a 0 value#5862
441a05fThanks @CarmenPopoviciu! - fix:wrangler pages deployshould fail if deployment was unsuccessfulIf a Pages project fails to deploy,
wrangler pages deploywill logan error message, but exit successfully. It should instead throw a
FatalError.#5812
d5e00e4Thanks @thomasgauvin! - fix: remove Hyperdrive warning for local development.Hyperdrive bindings are now supported when developing locally with Hyperdrive. We should update our logs to reflect this.
#5626
a12b031Thanks @RamIdeas! - chore: ignore workerd output (error: CODE_MOVED) not intended for end-user devsv3.57.0Compare Source
Minor Changes
#5696
7e97ba8Thanks @geelen! - feature: Improvedd1 execute --file --remoteperformance & added support for much larger SQL files within a single transaction.#5819
63f7acbThanks @CarmenPopoviciu! - fix: Show feedback on Pages project deployment failureToday, if uploading a Pages Function, or deploying a Pages project fails for whatever reason, there’s no feedback shown to the user. Worse yet, the shown message is misleading, saying the deployment was successful, when in fact it was not:
This commit ensures that we provide users with:
#5814
2869e03Thanks @CarmenPopoviciu! - fix: Display correct global flags inwrangler pages --helpRunning
wrangler pages --helpwill list, amongst others, the following global flags:This is not accurate, since flags such as
--config,--experimental-json-config, orenvare not supported by Pages.This commit ensures we display the correct global flags that apply to Pages.
#5818
df2daf2Thanks @WalshyDev! - chore: Deprecate usage of the deployment object on the unsafe metadata binding in favor of the new version_metadata binding.If you're currently using the old binding, please move over to the new version_metadata binding by adding:
and updating your usage accordingly. You can find the docs for the new binding here: https://developers.cloudflare.com/workers/runtime-apis/bindings/version-metadata
Patch Changes
#5838
609debdThanks @petebacondarwin! - fix: update undici to the latest version to avoid a potential vulnerability#5832
86a6e09Thanks @petebacondarwin! - fix: do not allow non-string values in bulk secret uploadsPrior to Wrangler 3.4.0 we displayed an error if the user tried to upload a
JSON file that contained non-string secrets, since these are not supported
by the Cloudflare backend.
This change reintroduces that check to give the user a helpful error message
rather than a cryptic
workers.api.error.invalid_script_configerror code.v3.56.0Compare Source
Minor Changes
151bc3dThanks @penalosa! - feat: Supportmtls_certificatesandbrowserbindings when usingwrangler.tomlwith a Pages projectPatch Changes
#5813
9627cefThanks @GregBrimble! - fix: Upload Pages project assets with more graceUpdated dependencies [
0725f6f,89b6d7f]:v3.55.0Compare Source
Minor Changes
#5570
66bdad0Thanks @sesteves! - feature: support delayed delivery in the miniflare's queue simulator.This change updates the miniflare's queue broker to support delayed delivery of messages, both when sending the message from a producer and when retrying the message from a consumer.
Patch Changes
#5740
97741dbThanks @WalshyDev! - chore: log "Version ID" inwrangler deploy,wrangler deployments list,wrangler deployments viewandwrangler rollbackto support migration from the deprecated "Deployment ID". Users should update any parsing to use "Version ID" before "Deployment ID" is removed.#5754
f673c66Thanks @RamIdeas! - fix: when using custom builds, thewrangler devproxy server was sometimes left in a paused stateThis could be observed as the browser loading indefinitely, after saving a source file (unchanged) when using custom builds. This is now fixed by ensuring the proxy server is unpaused after a short timeout period.
Updated dependencies [
66bdad0,9b4af8a]:v3.53.1Compare Source
Patch Changes
#5091
6365c90Thanks @Cherry! - fix: better handle dashes and other invalid JS identifier characters inwrangler typesgeneration for vars, bindings, etc.Previously, with the following in your
wrangler.toml, an invalid types file would be generated:Now, the generated types file will be valid:
#5748
27966a4Thanks @penalosa! - fix: Load sourcemaps relative to the entry directory, not cwd.#5746
1dd9f7eThanks @petebacondarwin! - fix: suggest trying to update Wrangler if there is a newer one available after an unexpected error#5226
f63e7a5Thanks @DaniFoldi! - fix: remove second Wrangler banner fromwrangler dispatch-namespace renamev3.53.0Compare Source
Minor Changes
#5604
327a456Thanks @dario-piotrowicz! - feat: add support for environments ingetPlatformProxyallow
getPlatformProxyto target environments by allowing users to specify anenvironmentoptionExample usage:
Patch Changes
4097759Thanks @G4brym! - Addstagingflag to AI bindingv3.52.0Compare Source
Minor Changes
#5666
81d9615Thanks @CarmenPopoviciu! - fix: Fix Pages config validation around Durable ObjectsToday Pages cannot deploy Durable Objects itself. For this reason it is mandatory that when declaring Durable Objects bindings in the config file, the
script_nameis specified. We are currently not failing validation ifscript_nameis not specified but we should. These changes fix that.Patch Changes
#5610
24840f6Thanks @SuperchupuDev! - Markts-json-schema-generatoras a dev dependency#5669
a7e36d5Thanks @dario-piotrowicz! - fix: fix broken Durable Object local proxying (when nocfproperty is present)A regression was introduced in wrangler 3.46.0 (https://github.com/cloudflare/workers-sdk/pull/5215)
which made it so that missing
Request#cfproperties are serialized as"undefined", this in turnthrows a syntax parse error when such values are parsed via
JSON.parsebreaking the communicationwith Durable Object local proxies. Fix such issue by serializing missing
Request#cfproperties as"{}"instead.#5616
c6312b5Thanks @webbertakken! - fix: broken link to durable object migrations docs#5482
1b7739eThanks @DaniFoldi! - docs: show new Discord url everywhere for consistency. The old URL still works, but https://discord.cloudflare.com is preferred.Updated dependencies [
3a0d735,1b7739e]:oven-sh/bun (bun-types)
v1.1.12Compare Source
[
v1.1.11](https://togithub.com/oven-sh/bun/Configuration
📅 Schedule: Branch creation - "every 12 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate using a curated preset maintained by