Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump the npm_and_yarn group group with 3 updates #226

Closed
wants to merge 1 commit into from
Closed

chore(deps-dev): bump the npm_and_yarn group group with 3 updates #226

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 25, 2024
edited
Loading

Bumps the npm_and_yarn group group with 3 updates: @commitlint/cli, lint-staged and semantic-release.

Updates @commitlint/cli from 13.2.0 to 18.5.0

Release notes

Sourced from @​commitlint/cli's releases.

v18.5.0

18.5.0 (2024-01-22)

Bug Fixes

  • config-nx-scopes: restore compatibility with nx 17.2.0 and higher (#3855) (1e08a17), closes #3820

Features

  • cli: print-config now can be configured to print a json in stdout (#3863) (6381a2d), closes #3819

Chore

New Contributors

Full Changelog: conventional-changelog/commitlint@v18.4.4...v18.5.0

v18.4.4

18.4.4 (2024-01-04)

Bug Fixes

Docs

New Contributors

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

18.5.0 (2024-01-22)

Features

  • cli: print-config now can be configured to print a json in stdout (#3863) (6381a2d), closes #3819

18.4.4 (2024-01-04)

Note: Version bump only for package @​commitlint/cli

18.4.3 (2023-11-21)

Note: Version bump only for package @​commitlint/cli

18.4.2 (2023-11-16)

Note: Version bump only for package @​commitlint/cli

18.4.1 (2023-11-12)

Note: Version bump only for package @​commitlint/cli

18.4.0 (2023-11-10)

Note: Version bump only for package @​commitlint/cli

... (truncated)

Commits

Updates lint-staged from 11.2.0 to 15.2.0

Release notes

Sourced from lint-staged's releases.

v15.2.0

Minor Changes

  • #1371 f3378be Thanks @​iiroj! - Using the --no-stash flag no longer discards all unstaged changes to partially staged files, which resulted in inadvertent data loss. This fix is available with a new flag --no-hide-partially-staged that is automatically enabled when --no-stash is used.

Patch Changes

  • #1362 17bc480 Thanks @​antonk52! - update [email protected]

  • #1368 7c55ca9 Thanks @​iiroj! - Update most dependencies

  • #1368 777d4e9 Thanks @​iiroj! - To improve performance, only use lilconfig when searching for config files outside the git repo. In the regular case, lint-staged finds the config files from the Git index and loads them directly.

  • #1373 85eb0dd Thanks @​iiroj! - When determining git directory, use fs.realpath() only for symlinks. It looks like fs.realpath() changes some Windows mapped network filepaths unexpectedly, causing issues.

v15.1.0

Minor Changes

  • #1344 0423311 Thanks @​danielbayley! - Add support for loading configuration from package.yaml and package.yml files, supported by pnpm.

Patch Changes

v15.0.2

Patch Changes

v15.0.1

Patch Changes

  • #1217 d2e6f8b Thanks @​louneskmt! - Previously it was possible for a function task to mutate the list of staged files passed to the function, and accidentally affect the generation of other tasks. This is now fixed by passing a copy of the original file list instead.

v15.0.0

Major Changes

  • #1322 66b93aa Thanks @​iiroj! - Require at least Node.js 18.12.0

    This release drops support for Node.js 16, which is EOL after 2023-09-11. Please upgrade your Node.js to the latest version.

    Additionally, all dependencies have been updated to their latest versions.

v14.0.1

14.0.1 (2023-08-21)

Bug Fixes

... (truncated)

Changelog

Sourced from lint-staged's changelog.

15.2.0

Minor Changes

  • #1371 f3378be Thanks @​iiroj! - Using the --no-stash flag no longer discards all unstaged changes to partially staged files, which resulted in inadvertent data loss. This fix is available with a new flag --no-hide-partially-staged that is automatically enabled when --no-stash is used.

Patch Changes

  • #1362 17bc480 Thanks @​antonk52! - update [email protected]

  • #1368 7c55ca9 Thanks @​iiroj! - Update most dependencies

  • #1368 777d4e9 Thanks @​iiroj! - To improve performance, only use lilconfig when searching for config files outside the git repo. In the regular case, lint-staged finds the config files from the Git index and loads them directly.

  • #1373 85eb0dd Thanks @​iiroj! - When determining git directory, use fs.realpath() only for symlinks. It looks like fs.realpath() changes some Windows mapped network filepaths unexpectedly, causing issues.

15.1.0

Minor Changes

  • #1344 0423311 Thanks @​danielbayley! - Add support for loading configuration from package.yaml and package.yml files, supported by pnpm.

Patch Changes

15.0.2

Patch Changes

15.0.1

Patch Changes

  • #1217 d2e6f8b Thanks @​louneskmt! - Previously it was possible for a function task to mutate the list of staged files passed to the function, and accidentally affect the generation of other tasks. This is now fixed by passing a copy of the original file list instead.

15.0.0

Major Changes

  • #1322 66b93aa Thanks @​iiroj! - Require at least Node.js 18.12.0

    This release drops support for Node.js 16, which is EOL after 2023-09-11. Please upgrade your Node.js to the latest version.

    Additionally, all dependencies have been updated to their latest versions.

v14.0.1 - 21 Aug 2023

... (truncated)

Commits
  • adf50b0 chore(changeset): release
  • 85eb0dd fix: when determining git directory, use fs.realpath() only for symlinks
  • 82eded4 refactor: use commander implies() syntax for flag
  • f3378be feat: --no-stash flag implies --no-hide-partially-staged
  • f4f61f3 docs: add workaround for verbose Windows output to README FAQ
  • 17bc480 chore(deps): update [email protected]
  • eccda41 style: remove Babel from ESLint
  • 077e6bc test: run Jest tests in native ESM mode
  • 8db4a15 refactor: move config file name constants to separate file
  • 78a0c23 test: add missing test coverage
  • Additional commits viewable in compare view

Updates semantic-release from 18.0.0 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

  • log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

  • npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

  • npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

  • npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
  • upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

  • npm-plugin: @semantic-release/npm has also dropped support for node v15
  • node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

  • npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits
  • 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
  • 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
  • ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
  • ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
  • fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
  • b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
  • 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
  • 2b94bb4 docs: update broken link to CI config recipes (#2378)
  • b4bc191 docs: Correct circleci workflow (#2365)
  • 2c30e26 Merge pull request #2333 from semantic-release/next
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 25, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Jan 25, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@commitlint/[email protected] Transitive: environment, filesystem, shell, unsafe +165 42.3 MB bycedric, escapedcat, marionebl, ...1 more
npm/[email protected] Transitive: environment, filesystem, shell +55 2.48 MB okonet
npm/[email protected] environment, network Transitive: eval, filesystem, shell, unsafe +286 25.4 MB semantic-release-bot

🚮 Removed packages: npm/@commitlint/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-243d007d07 branch 3 times, most recently from 84ba512 to bc5a6da Compare January 25, 2024 06:13
@ianwremmel
Copy link
Contributor

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 25, 2024

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@dependabot
chore(deps-dev): bump the npm_and_yarn group group with 3 updates
0a9f50b 
Bumps the npm_and_yarn group group with 3 updates: [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli), [lint-staged](https://github.com/okonet/lint-staged) and [semantic-release](https://github.com/semantic-release/semantic-release).


Updates `@commitlint/cli` from 13.2.0 to 18.5.0
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v18.5.0/@commitlint/cli)

Updates `lint-staged` from 11.2.0 to 15.2.0
- [Release notes](https://github.com/okonet/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v11.2.0...v15.2.0)

Updates `semantic-release` from 18.0.0 to 19.0.3
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v18.0.0...v19.0.3)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: lint-staged
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: semantic-release
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-243d007d07 branch from bc5a6da to 0a9f50b Compare January 25, 2024 06:18
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 25, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 25, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-243d007d07 branch January 25, 2024 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ianwremmel