Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update all dependencies #120

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update all dependencies #120

wants to merge 1 commit into from

Conversation

ggrossetie
Copy link
Member

@ggrossetie ggrossetie commented Dec 1, 2023

This PR contains the following updates:

Package Type Update Change
autoprefixer devDependencies patch 10.4.15 -> 10.4.20
bulma (source) devDependencies major 0.9.4 -> 1.0.2
clean-css-cli devDependencies patch 5.6.2 -> 5.6.3
node volta minor 18.17.1 -> 18.20.5
postcss-cli devDependencies major 10.1.0 -> 11.0.0
rimraf devDependencies major 5.0.1 -> 6.0.1

Release Notes

postcss/autoprefixer

v10.4.20

Compare Source

  • Fixed fit-content prefix for Firefox.

v10.4.19

Compare Source

  • Removed end value has mixed support, consider using flex-end warning
    since end/start now have good support.

v10.4.18

Compare Source

  • Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

v10.4.17

Compare Source

  • Fixed user-select: contain prefixes.

v10.4.16

Compare Source

  • Improved performance (by Romain Menke).
  • Fixed docs (by Christian Oliff).
jgthms/bulma

v1.0.2

Compare Source

Improvements
  • Smart Grid is-col-min now goes up to 32 (Fixes #​3829)
  • Remove need for is-variable modifier for Column gaps
  • You can have a list of radio buttons or checkboxes with the radios and checkboxes classes respectively
  • Add is-max-tablet modifier to the Container element
  • Add currentColor and inherit as possible values for the color and background helpers
  • The Section can now have a minimum height of 100vh with the is-fullheight modifier
  • Add more SCSS variables:
    • $input-border-style
    • $input-border-width
    • $label-spacing
    • $field-block-spacing
  • Add more CSS variables:
    • --bulma-input-border-style
    • --bulma-input-border-width
    • --bulma-label-color
    • --bulma-label-spacing
    • --bulma-label-weight
    • --bulma-help-size
    • --bulma-field-block-spacing
Bug fixes
  • Fix #​3824: ability to override $scheme-h, $scheme-s, $dark-l and $light-l Sass variables
  • Fix #​3830: add remaining logical properties
  • Fix #​3743: make sure 12 columns system take up whole width
  • Fix #​3799: restore variable columns
  • Fix #​3846: restore --bulma-column-gap CSS variable
  • Fix #​3775: has-background helpers should only affect element it's applied to
  • Fix #​3856: Sass nested rule deprecation warning
  • Fix #​3757: restore use of $navbar-burger-color

v1.0.1

Compare Source

Bug fixes
  • Fix #​3755: .select colors
  • Fix #​3736: include helpers in "No Dark Mode" version
  • Fix #​3744: build non-minified versions
  • Fix #​3747: ability to nest fixed grids
  • Fix #​3759: remove unused .skeleton class
  • Fix #​3786: fix horizontal padding of rounded buttons
Documentation fixes
  • Fix #​3725
  • Fix #​3720
  • Update online documentation link in README
  • Update migrating-to-v1.html
  • Fix #​3735
  • Fix #​3729: explain how to use Bulma in a modular way
  • Fix #​3785: make use of the @prefers-reduced-motion setting
  • Fix #​3758: broken links for 0.9.4 version
  • Fix #​3760: fix form controls typo
Improvements
  • Fix #​3737: Move sass to devDependencies

v1.0.0

Compare Source

Bulma v1 is a full rewrite of the framework using Dart Sass, which is the the primary implementation of Sass. While this affects a few development details, everything has been done to make the transition as easy as possible.

clean-css/clean-css-cli

v5.6.3

Compare Source

==================

  • Bumps clean-css dependency to 5.3.3
nodejs/node

v18.20.5

Compare Source

Notable Changes
  • [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333
Commits

v18.20.4

Compare Source

This is a security release.

Notable Changes
Commits

v18.20.3

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
  • acorn updated to 8.11.3.
  • acorn-walk updated to 8.3.2.
  • ada updated to 2.7.8.
  • c-ares updated to 1.28.1.
  • corepack updated to 0.28.0.
  • nghttp2 updated to 1.61.0.
  • ngtcp2 updated to 1.3.0.
  • npm updated to 10.7.0. Includes a fix from [email protected] to limit the number of open connections npm/cli#​7324.
  • simdutf updated to 5.2.4.
  • zlib updated to 1.3.0.1-motley-7d77fb7.
Commits

v18.20.2

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Commits

v18.20.1

Compare Source

This is a security release.

Notable Changes
  • CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
  • CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
  • llhttp version 9.2.1
  • undici version 5.28.4
Commits

v18.20.0

Compare Source

Notable Changes
Added support for import attributes

Support has been added for import attributes, to replace the old import
assertions syntax. This will aid migration by making the new syntax available
across all currently supported Node.js release lines.

This adds the with keyword which should be used in place of the previous
assert keyword, which will be removed in a future semver-major Node.js
release.

For example,

import "foo" assert { ... }

should be replaced with

import "foo" with { ... }

For more details, see

Contributed by Nicolò Ribaudo in #​51136
and Antoine du Hamel in #​50140.

Doc deprecation for dirent.path

Please use newly added dirent.parentPath instead.

Contributed by Antoine du Hamel in #​50976
and #​51020.

Experimental node-api feature flags

Introduces an experimental feature to segregate finalizers that affect GC state.
A new type called node_api_nogc_env has been introduced as the const version
of napi_env and node_api_nogc_finalize as a variant of napi_finalize that
accepts a node_api_nogc_env as its first argument.

This feature can be turned off by defining
NODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT.

Contributed by Gabriel Schulhof in #​50060.

Root certificates updated to NSS 3.98

Certificates added:

  • Telekom Security TLS ECC Root 2020
  • Telekom Security TLS RSA Root 2023

Certificates removed:

  • Security Communication Root CA
Updated dependencies
  • ada updated to 2.7.6.
  • base64 updated to 0.5.2.
  • c-ares updated to 1.27.0.
  • corepack updated to 0.25.2.
  • ICU updated to 74.2. Includes CLDR 44.1 and Unicode 15.1.
  • npm updated to 10.5.0. Fixes a regression in signals not being passed onto child processes.
  • simdutf8 updated to 4.0.8.
  • Timezone updated to 2024a.
  • zlib updated to 1.3.0.1-motley-40e35a7.
vm: fix V8 compilation cache support for vm.Script

Previously repeated compilation of the same source code using vm.Script
stopped hitting the V8 compilation cache after v16.x when support for
importModuleDynamically was added to vm.Script, resulting in a performance
regression that blocked users (in particular Jest users) from upgrading from
v16.x.

The recent fixes allow the compilation cache to be hit again
for vm.Script when --experimental-vm-modules is not used even in the
presence of the importModuleDynamically option, so that users affected by the
performance regression can now upgrade. Ongoing work is also being done to
enable compilation cache support for vm.CompileFunction.

Contributed by Joyee Cheung in #​49950
and #​50137.

Commits

v18.19.1

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#​1 v1.5 padding) - (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • npm version 10.2.4
Commits

v18.19.0

Compare Source

Notable Changes
npm updated to v10

After two months of baking time in Node.js 20, npm 10 is backported, so that all
release lines include a supported version of npm. This release includes npm v10.2.3.

Refer to nodejs/Release#​884 for the plan to land npm 10.

ESM and customization hook changes
Leverage loaders when resolving subsequent loaders

Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript.

Contributed by Maël Nison in #​43772.

New node:module API register for module customization hooks; new initialize hook

There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including `MessageChanne


Configuration

📅 Schedule: "before 3am on the first day of the month" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

@ggrossetie ggrossetie force-pushed the renovate/all branch 2 times, most recently from c922462 to e54ceec Compare February 15, 2024 02:10
@ggrossetie ggrossetie force-pushed the renovate/all branch 3 times, most recently from 889de46 to 45a803b Compare March 27, 2024 02:10
@ggrossetie ggrossetie force-pushed the renovate/all branch 2 times, most recently from 6742c5c to 0504eb8 Compare May 13, 2024 02:15
@ggrossetie ggrossetie force-pushed the renovate/all branch 2 times, most recently from 57542bb to 590d24f Compare May 22, 2024 02:16
@ggrossetie ggrossetie force-pushed the renovate/all branch 3 times, most recently from 24c3b0d to cca0835 Compare July 11, 2024 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant