-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): lock file maintenance everything #321
Conversation
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
fcfd17f
to
d90ebc9
Compare
@SocketSecurity ignore-all |
This PR contains the following updates:
^4.20240423.0
->^4.20240605.0
6.15.20
->6.19.1
2.1.4
->2.3.1
8.16.0
->8.17.3
^18.2.79
->^18.3.3
^14.2.2
->^14.2.3
^3.51.2
->^3.60.0
1.1.4
->1.1.12
v3.4.1
->v3.6.1
14.2.2
->14.2.3
8f24390
->f4d14e0
^3.2.5
->^3.3.1
18.2.0
->18.3.1
^3.4.3
->^3.4.4
6.1.8
->6.1.11
^4.1.7
->^4.1.8
^0.5.14
->^0.6.2
3.23.4
->3.23.8
🔧 This Pull Request updates lock files to use the latest dependency versions.
Release Notes
cloudflare/workerd (@cloudflare/workers-types)
v4.20240605.0
Compare Source
v4.20240603.0
Compare Source
v4.20240529.0
Compare Source
v4.20240524.0
Compare Source
v4.20240512.0
Compare Source
v4.20240502.0
Compare Source
sanity-io/client (@sanity/client)
v6.19.1
Compare Source
Bug Fixes
v6.19.0
Compare Source
Features
v6.18.3
Compare Source
Bug Fixes
v6.18.2
Compare Source
Bug Fixes
v6.18.1
Compare Source
Bug Fixes
client.listen
memory leak (#805) (d2e468a)v6.18.0
Compare Source
Features
v6.17.3
Compare Source
Bug Fixes
v6.17.2
Compare Source
Bug Fixes
stegaClean
(#788) (06aaad2)v6.17.1
Compare Source
Bug Fixes
v6.17.0
Compare Source
Features
v6.16.0
Compare Source
Features
stegaClean
method, deprecatevercelStegaCleanAll
(#773) (2749586)Bug Fixes
sanity-io/ui (@sanity/ui)
v2.3.1
Compare Source
Bug Fixes
v2.3.0
Compare Source
Features
useForwardedRef
(#1324) (62146b6)v2.2.0
Compare Source
Features
muted
property (f70bff6)v2.1.14
Compare Source
Bug Fixes
v2.1.13
Compare Source
Bug Fixes
v2.1.12
Compare Source
Bug Fixes
v2.1.11
Compare Source
Bug Fixes
v2.1.10
Compare Source
Bug Fixes
v2.1.9
Compare Source
Bug Fixes
v2.1.8
Compare Source
Bug Fixes
v2.1.7
Compare Source
Bug Fixes
isElement
(68f9620)v2.1.6
Compare Source
Bug Fixes
v2.1.5
Compare Source
Bug Fixes
TanStack/table (@tanstack/react-table)
v8.17.3
Compare Source
Version 8.17.3 - 5/14/2024, 2:44 PM
Changes
Fix
5411f1a
) by @jjh2613Packages
v8.17.0
Compare Source
Version 8.17.0 - 5/12/2024, 7:21 PM
Changes
Feat
91f4360
) by Kevin Van CottChore
8630fee
) by Kevin Van CottDocs
c1085a6
) by tarob1d29b4
) by @geryogam58f7991
) by @naughtoneae4d0f
) by Kevin Vandyb803962
) by Kevin Vandy102ffd2
) by Kevin Van Cott64ef24c
) by Kevin Vandyec1ab03
) by Kevin Vandy72ab26a
) by Kevin Van Cotte80b802
) by Kevin Van Cottc7c4419
) by Kevin Van Cotted37903
) by @geryogam2afa14b
) by @geryogam289eca3
) by Kevin Van Cott365e0e9
) by @KushagraMehtaOther
filters-fuzzy
URL (#5520) (4fda521
) by Joe GrevePackages
vercel/next.js (eslint-config-next)
v14.2.3
Compare Source
cloudflare/workers-sdk (wrangler)
v3.60.0
Compare Source
Minor Changes
#5878
1e68fe5
Thanks @IgorMinar! - feat: add experimental support for hybrid Node.js compatibilityThis feature is experimental and not yet available for general consumption.
Use a combination of workerd Node.js builtins (behind the
experimental:nodejs_compat_v2
flag) andUnenv polyfills (configured to only add those missing from the runtime) to provide a new more effective
Node.js compatibility approach.
#5988
e144f63
Thanks @RamIdeas! - feature: rename thewrangler secret:bulk
command towrangler secret bulk
The old command is now deprecated (but still functional) and will be removed in a future release. The new command is now more consistent with the rest of the wrangler CLI commands.
#5989
35b1a2f
Thanks @RamIdeas! - feature: renamewrangler kv:...
commands towrangler kv ...
The old commands are now deprecated (but still functional) and will be removed in a future release. The new commands are now more consistent with the rest of the wrangler CLI commands.
#5861
1cc52f1
Thanks @zebp! - feat: allow for Pages projects to upload sourcemapsPages projects can now upload sourcemaps for server bundles to enable remapped stacktraces in realtime logs when deployed with
upload_source_map
set totrue
inwrangler.toml
.Patch Changes
#5939
21573f4
Thanks @penalosa! - refactor: Adds the experimental flag--x-dev-env
which opts in to using an experimental code path forwrangler dev
andwrangler dev --remote
. There should be no observable behaviour changes when this flag is enabled.#5934
bac79fb
Thanks @dbenCF! - fix: Update create KV namespace binding details message for easier implementation#5927
6f83641
Thanks @CarmenPopoviciu! - fix: Cleanpages dev
terminal ouputThis work includes a series of improvements to the
pages dev
terminal output, in an attempt to make this output more structured, organised, cleaner, easier to follow, and therefore more helpful for our users <3#5960
e648825
Thanks @petebacondarwin! - fix: avoid injecting esbuild watch stubs into production Worker codeWhen we added the ability to include additional modules in the deployed bundle of a Worker,
we inadvertently also included some boiler plate code that is only needed at development time.
This fix ensures that this code is only injected if we are running esbuild in watch mode
(e.g.
wrangler dev
) and not when building for deployment.It is interesting to note that this boilerplate only gets included in the production code
if there is an import of CommonJS code in the Worker, which esbuild needs to convert to an
ESM import.
Fixes #4269
Updated dependencies [
ab95473
]:v3.59.0
Compare Source
Minor Changes
#5963
bf803d7
Thanks @Skye-31! - Feature: Add support for hiding the"unsafe" fields are experimental
warning using an environment variableBy setting
WRANGLER_DISABLE_EXPERIMENTAL_WARNING
to any truthy value, these warnings will be hidden.Patch Changes
bdbb7f8
]:v3.58.0
Compare Source
Minor Changes
93b98cb
Thanks @WalshyDev! - feature: allow for writing authentication details per API environment. This allows someone targetting staging to have their staging auth details saved separately from production, this saves them logging in and out when switching environments.Patch Changes
#5938
9e4d8bc
Thanks @threepointone! - fix: let "assets" in wrangler.toml be a stringThe experimental "assets" field can be either a string or an object. However the type definition marks it only as an object. This is a problem because we use this to generate the json schema, which gets picked up by vscode's even better toml extension, and shows it to be an error when used with a string (even though it works fine). The fix is to simply change the type definition to add a string variant.
#5758
8e5e589
Thanks @Jackenmen! - fix: use correct type for AI binding instead of unknownUpdated dependencies [
e0e7725
]:v3.57.2
Compare Source
Patch Changes
#5905
53f22a0
Thanks @penalosa! - fix: Remove WARP certificate injection. Instead, you should ensure that any custom certificates that are needed are included inNODE_EXTRA_CA_CERTS
.#5930
57daae0
Thanks @WalshyDev! - chore: improve error message when updating secret for a non-deployed latest version.#5703
a905f31
Thanks @penalosa! - fix: Don't useExportedHandler["middleware"]
for injecting middlewareUpdated dependencies [
64ccdd6
,4458a9e
]:v3.57.1
Compare Source
Patch Changes
#5859
f2ceb3a
Thanks @w-kuhn! - fix: queue consumer max_batch_timeout should accept a 0 value#5862
441a05f
Thanks @CarmenPopoviciu! - fix:wrangler pages deploy
should fail if deployment was unsuccessfulIf a Pages project fails to deploy,
wrangler pages deploy
will logan error message, but exit successfully. It should instead throw a
FatalError
.#5812
d5e00e4
Thanks @thomasgauvin! - fix: remove Hyperdrive warning for local development.Hyperdrive bindings are now supported when developing locally with Hyperdrive. We should update our logs to reflect this.
#5626
a12b031
Thanks @RamIdeas! - chore: ignore workerd output (error: CODE_MOVED) not intended for end-user devsv3.57.0
Compare Source
Minor Changes
#5696
7e97ba8
Thanks @geelen! - feature: Improvedd1 execute --file --remote
performance & added support for much larger SQL files within a single transaction.#5819
63f7acb
Thanks @CarmenPopoviciu! - fix: Show feedback on Pages project deployment failureToday, if uploading a Pages Function, or deploying a Pages project fails for whatever reason, there’s no feedback shown to the user. Worse yet, the shown message is misleading, saying the deployment was successful, when in fact it was not:
This commit ensures that we provide users with:
#5814
2869e03
Thanks @CarmenPopoviciu! - fix: Display correct global flags inwrangler pages --help
Running
wrangler pages --help
will list, amongst others, the following global flags:This is not accurate, since flags such as
--config
,--experimental-json-config
, orenv
are not supported by Pages.This commit ensures we display the correct global flags that apply to Pages.
#5818
df2daf2
Thanks @WalshyDev! - chore: Deprecate usage of the deployment object on the unsafe metadata binding in favor of the new version_metadata binding.If you're currently using the old binding, please move over to the new version_metadata binding by adding:
and updating your usage accordingly. You can find the docs for the new binding here: https://developers.cloudflare.com/workers/runtime-apis/bindings/version-metadata
Patch Changes
#5838
609debd
Thanks @petebacondarwin! - fix: update undici to the latest version to avoid a potential vulnerability#5832
86a6e09
Thanks @petebacondarwin! - fix: do not allow non-string values in bulk secret uploadsPrior to Wrangler 3.4.0 we displayed an error if the user tried to upload a
JSON file that contained non-string secrets, since these are not supported
by the Cloudflare backend.
This change reintroduces that check to give the user a helpful error message
rather than a cryptic
workers.api.error.invalid_script_config
error code.v3.56.0
Compare Source
Minor Changes
151bc3d
Thanks @penalosa! - feat: Supportmtls_certificates
andbrowser
bindings when usingwrangler.toml
with a Pages projectPatch Changes
#5813
9627cef
Thanks @GregBrimble! - fix: Upload Pages project assets with more graceUpdated dependencies [
0725f6f
,89b6d7f
]:v3.55.0
Compare Source
Minor Changes
#5570
66bdad0
Thanks @sesteves! - feature: support delayed delivery in the miniflare's queue simulator.This change updates the miniflare's queue broker to support delayed delivery of messages, both when sending the message from a producer and when retrying the message from a consumer.
Patch Changes
#5740
97741db
Thanks @WalshyDev! - chore: log "Version ID" inwrangler deploy
,wrangler deployments list
,wrangler deployments view
andwrangler rollback
to support migration from the deprecated "Deployment ID". Users should update any parsing to use "Version ID" before "Deployment ID" is removed.#5754
f673c66
Thanks @RamIdeas! - fix: when using custom builds, thewrangler dev
proxy server was sometimes left in a paused stateThis could be observed as the browser loading indefinitely, after saving a source file (unchanged) when using custom builds. This is now fixed by ensuring the proxy server is unpaused after a short timeout period.
Updated dependencies [
66bdad0
,9b4af8a
]:v3.53.1
Compare Source
Patch Changes
#5091
6365c90
Thanks @Cherry! - fix: better handle dashes and other invalid JS identifier characters inwrangler types
generation for vars, bindings, etc.Previously, with the following in your
wrangler.toml
, an invalid types file would be generated:Now, the generated types file will be valid:
#5748
27966a4
Thanks @penalosa! - fix: Load sourcemaps relative to the entry directory, not cwd.#5746
1dd9f7e
Thanks @petebacondarwin! - fix: suggest trying to update Wrangler if there is a newer one available after an unexpected error#5226
f63e7a5
Thanks @DaniFoldi! - fix: remove second Wrangler banner fromwrangler dispatch-namespace rename
v3.53.0
Compare Source
Minor Changes
#5604
327a456
Thanks @dario-piotrowicz! - feat: add support for environments ingetPlatformProxy
allow
getPlatformProxy
to target environments by allowing users to specify anenvironment
optionExample usage:
Patch Changes
4097759
Thanks @G4brym! - Addstaging
flag to AI bindingv3.52.0
Compare Source
Minor Changes
#5666
81d9615
Thanks @CarmenPopoviciu! - fix: Fix Pages config validation around Durable ObjectsToday Pages cannot deploy Durable Objects itself. For this reason it is mandatory that when declaring Durable Objects bindings in the config file, the
script_name
is specified. We are currently not failing validation ifscript_name
is not specified but we should. These changes fix that.Patch Changes
#5610
24840f6
Thanks @SuperchupuDev! - Markts-json-schema-generator
as a dev dependency#5669
a7e36d5
Thanks @dario-piotrowicz! - fix: fix broken Durable Object local proxying (when nocf
property is present)A regression was introduced in wrangler 3.46.0 (https://github.com/cloudflare/workers-sdk/pull/5215)
which made it so that missing
Request#cf
properties are serialized as"undefined"
, this in turnthrows a syntax parse error when such values are parsed via
JSON.parse
breaking the communicationwith Durable Object local proxies. Fix such issue by serializing missing
Request#cf
properties as"{}"
instead.#5616
c6312b5
Thanks @webbertakken! - fix: broken link to durable object migrations docs#5482
1b7739e
Thanks @DaniFoldi! - docs: show new Discord url everywhere for consistency. The old URL still works, but https://discord.cloudflare.com is preferred.Updated dependencies [
3a0d735
,1b7739e
]:oven-sh/bun (bun-types)
v1.1.12
Compare Source
[
v1.1.11
](https://togithub.com/oven-sh/bun/Configuration
📅 Schedule: Branch creation - "every 12 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here