Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump axios and cmake-js #218

Closed
wants to merge 1 commit into from
Closed

Bump axios and cmake-js #218

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 21, 2024

Bumps axios to 1.6.7 and updates ancestor dependency cmake-js. These dependencies need to be updated together.

Updates axios from 1.5.0 to 1.6.7

Release notes

Sourced from axios's releases.

Release v1.6.7

Release notes:

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Release v1.6.6

Release notes:

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Release v1.6.5

Release notes:

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

Release v1.6.4

Release notes:

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

Release v1.6.3

Release notes:

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.7 (2024-01-25)

Bug Fixes

  • capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

1.6.6 (2024-01-24)

Bug Fixes

  • fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
  • wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

1.6.5 (2024-01-05)

Bug Fixes

  • ci: refactor notify action as a job of publish action; (#6176) (0736f95)
  • dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

1.6.4 (2024-01-03)

Bug Fixes

  • security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)

Contributors to this release

... (truncated)

Commits

Updates cmake-js from 6.3.2 to 7.3.0

Release notes

Sourced from cmake-js's releases.

v7.0.0

This is a breaking change and will likely require some small changes to your cmake config to keep your project building.

Summary

A lot of work has gone into this release, to try and make the general usage of the library smoother. It has better support for building modules with node-api. The on disk footprint of the library is much smaller than before, with various dependencies removed, or updated.

Upgrading

We recommend having the following at the top of your cmake file, before the project(...) definition.

cmake_minimum_required(VERSION 3.15)
cmake_policy(SET CMP0091 NEW)
cmake_policy(SET CMP0042 NEW)

This will force MSVC to do a MT build, so if you were doing that another way, it should be possible to remove that. If you need to keep it building as MD, you can add set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>DLL") in your cmake file.

If you are using node-api, make sure that your package.json has the following, but with the correct NAPI_VERSION filled in. We use this to autodetect that your module is building with node-api.

"binary": {
    "napi_versions": [7]
  },

You should also add the following to the bottom of your cmake file. This lets us avoid downloading the full nodejs headers, and lets us use bundle a much more lightweight copy instead

if(MSVC AND CMAKE_JS_NODELIB_DEF AND CMAKE_JS_NODELIB_TARGET)
  # Generate node.lib
  execute_process(COMMAND ${CMAKE_AR} /def:${CMAKE_JS_NODELIB_DEF} /out:${CMAKE_JS_NODELIB_TARGET} ${CMAKE_STATIC_LINKER_FLAGS})
endif()

If you have something like:

execute_process(COMMAND node -p "require('node-addon-api').include"
        WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
        OUTPUT_VARIABLE NODE_ADDON_API_DIR
        )
string(REPLACE "\n" "" NODE_ADDON_API_DIR ${NODE_ADDON_API_DIR})
string(REPLACE "\"" "" NODE_ADDON_API_DIR ${NODE_ADDON_API_DIR})
target_include_directories(${PROJECT_NAME} PRIVATE ${NODE_ADDON_API_DIR})

in your file, it is no longer needed. We will inject the correct include paths for you, similar to what is done for nan.

That should be everything.
If we missed something in these steps, or if you are having problems getting your module building again, let us know in an issue.

All changes:

  • update dependencies
  • replace some dependencies with modern language features

... (truncated)

Changelog

Sourced from cmake-js's changelog.

v7.3.0 - 15/01/23

  • feat(windows): replace custom libnode.def generation with version from node-api-headers
  • fix: support for vs2015 with nodejs 18 and older (#317)
  • fix(windows): always remove Path if PATH is also defined (#319)
  • fix: Cmake arguments got converted to numbers (#314)
  • fix: update node-api-headers
  • chore: update dependencies

v7.2.1 - 14/02/23

  • fix: support Windows11SDK

v7.2.0 - 12/02/23

  • fix: -DCMAKE_JS_VERSION=undefined (#298)
  • fix: Only add build type to CMAKE_LIBRARY_OUTPUT_DIRECTORY if needed (#299)
  • feat: Forward extra arguments to CMake commands (#297)

v7.1.1 - 15/12/22

  • fix build errors on windows

v7.1.0 - 14/12/22

  • add commands for retrieving cmake-js include and lib directories
  • fix win delay hook issues with electron
  • fix missing js_native_api_symbols in windows node.lib

v7.0.0 - 08/10/22

  • update dependencies
  • replace some dependencies with modern language features
  • follow node-gyp behaviour for visual-studio version detection and selection
  • automatically locate node-addon-api and add to include paths
  • avoid downloads when building for node-api
  • encourage use of MT builds with MSVC, rather than MD

v6.3.1 - 05/06/22

  • add missing bluebird dependency
  • fix platform detection for visual studio 2019 and newer
  • fix platform detection for macos

v6.3.0 - 26/11/21

... (truncated)

Commits
  • b4b5b16 v7.3.0
  • eee8351 chore: update dependencies
  • b3d4cc6 fix: Cmake arguments got converted to numbers (#314)
  • 30e9ae5 chore: fix typo in README.md (#316)
  • f3169e8 fix(windows): always remove Path if PATH is also defined (#319)
  • eee2b4d chore: add some more examples to readme
  • 8e39050 chore: enable tests for pull_requests
  • 62f98e0 fix: update find-visualstudio #317
  • 789bfa7 chore: update ci platforms
  • d9c190b fix(windows): replace custom libnode.def with version provided by `node-api...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump axios and cmake-js
5f9fcb4 
Bumps [axios](https://github.com/axios/axios) to 1.6.7 and updates ancestor dependency [cmake-js](https://github.com/cmake-js/cmake-js). These dependencies need to be updated together.


Updates `axios` from 1.5.0 to 1.6.7
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.5.0...v1.6.7)

Updates `cmake-js` from 6.3.2 to 7.3.0
- [Release notes](https://github.com/cmake-js/cmake-js/releases)
- [Changelog](https://github.com/cmake-js/cmake-js/blob/master/changelog.md)
- [Commits](cmake-js/cmake-js@v6.3.2...v7.3.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: indirect
- dependency-name: cmake-js
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 21, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 24, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/axios-and-cmake-js-1.6.7 branch February 24, 2024 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@murat-dogan