fix(deps): update all npm non-major packages >= 1.0 #358
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
from
0c3d98a
to
32982aa
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
from
32982aa
to
63b3516
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
11 times, most recently
from
7920cfa
to
c94a717
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
6 times, most recently
from
6c1cae8
to
e2a0b50
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
4 times, most recently
from
2847262
to
e4ea0ef
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
6 times, most recently
from
dd73b5c
to
29ded3c
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
5 times, most recently
from
d7e64ac
to
b5118ff
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
4 times, most recently
from
99ee878
to
c44e344
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
7 times, most recently
from
931d40e
to
a94894d
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
2 times, most recently
from
102a670
to
496149f
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
from
496149f
to
6cb83f3
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
2 times, most recently
from
7f3e756
to
33c1ed3
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
from
33c1ed3
to
d6e053e
Compare
renovate
bot
force-pushed
the
renovate/npm-all-non-major-gte-1.0
branch
from
d6e053e
to
391836c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.9.1->2.9.32.9.1->2.9.34.1.0->4.1.13.0.0->3.1.016.20.0->16.20.29.7.1->9.9.35.1.3->5.6.3Release Notes
apollographql/federation (@apollo/federation-internals)
v2.9.3Compare Source
Patch Changes
fix: normalize field set selection sets (#3162)
FieldSetscalar represents a selection set without outer braces. This means that users could potentially specify some selections that could be normalized (i.e. eliminate duplicate field selections, hoist/collapse unnecessary inline fragments, etc). Previously we were using@requiresfield set selection AS-IS for edge conditions. With this change we will now normalize theFieldSetselections before using them as fetch node conditions.Fixed missing referenced variables in the
variableUsagesfield of fetch operations (#3166)Query variables used in fetch operation should be listed in the
variableUsagesfield. However, there was a bug where variables referenced by query-level directives could be missing in the field.Fix fragment generation recursion logic to apply minification on all subselections. (#3158)
Fixed a bug that
__typenamewith applied directives gets lost in fetch operations. (#3164)The sibling typename optimization used by query planner simplifies operations by folding
__typenameselections into their sibling selections. However, that optimization does not account for directives or aliases. The bug was applying the optimization even if the__typenamehas directives on it, which caused the selection to lose its directives. Now,__typenamewith directives (or aliases) are excluded from the optimization.v2.9.2Compare Source
Patch Changes
Fixes handling of a
__typenameselection during query planning process. (#3156)When expanding fragments we were keeping references to the same
Fields regardless where those fragments appeared in our original selection set. This was generally fine as in most cases we would have same inline fragment selection sets across whole operation but was causing problems when we were applying another optimization by collapsing those expanded inline fragments creating a new selection set. As a result, if any single field selection (within that fragment) would perform optimization around the usage of__typename, ALL occurrences of that field selection would get that optimization as well.Add validations for demand control directive applications (#3148)
apollographql/federation (@apollo/query-planner)
v2.9.3Compare Source
Patch Changes
Fixes edge case where contextual arguments can yield inefficient query plans. Also fixes naming of query plan arguments which can be a problem when using contextual variables in multiple subgraphs (#3140)
Ensure all useless fetch groups are removed (#3163)
When removing "useless" fetch nodes/groups we remove them in-place while still iterating over the same list. This leads to potentially skipping processing of some the children fetch nodes, as when we remove nodes we left shift all remaining children but the iterator keeps the old position unchanged effectively skipping next child.
fix: normalize field set selection sets (#3162)
FieldSetscalar represents a selection set without outer braces. This means that users could potentially specify some selections that could be normalized (i.e. eliminate duplicate field selections, hoist/collapse unnecessary inline fragments, etc). Previously we were using@requiresfield set selection AS-IS for edge conditions. With this change we will now normalize theFieldSetselections before using them as fetch node conditions.Fixed missing referenced variables in the
variableUsagesfield of fetch operations (#3166)Query variables used in fetch operation should be listed in the
variableUsagesfield. However, there was a bug where variables referenced by query-level directives could be missing in the field.Fixed a bug that
__typenamewith applied directives gets lost in fetch operations. (#3164)The sibling typename optimization used by query planner simplifies operations by folding
__typenameselections into their sibling selections. However, that optimization does not account for directives or aliases. The bug was applying the optimization even if the__typenamehas directives on it, which caused the selection to lose its directives. Now,__typenamewith directives (or aliases) are excluded from the optimization.Updated dependencies [
345661c558773e4eb5d5f0b28464a8d1acdc2a2d,e00e1c9892b48ac89823597113989830877966ef,cc4573471696ef78d04fa00c4cf8e5c50314ba9f,062572b3253e8640b60a0bf58b83945094b76b6f,df5eb3cb0e2b4802fcd425ab9c23714de2707db3,1c99cb0dcc6c639ac351210932623ab0bd6907e4]:v2.9.2Compare Source
Patch Changes
Fixes handling of a
__typenameselection during query planning process. (#3156)When expanding fragments we were keeping references to the same
Fields regardless where those fragments appeared in our original selection set. This was generally fine as in most cases we would have same inline fragment selection sets across whole operation but was causing problems when we were applying another optimization by collapsing those expanded inline fragments creating a new selection set. As a result, if any single field selection (within that fragment) would perform optimization around the usage of__typename, ALL occurrences of that field selection would get that optimization as well.Fixes issue where contextual parameters can have naming collisions if used in multiple subgraphs (#3155)
Updated dependencies [
2192f355f50db33fe0807d16153f357696b9f190,e1e2605b30efc488b57f62ba43436606a38a3607,5ac01b534318105e904c1e6598070f753add3bb1]:apollographql/apollo-server (@apollo/usage-reporting-protobuf)
v4.1.1Compare Source
Patch Changes
#7614
4fadf3ddcThanks @Cellule! - Publish TypeScript typings for CommonJS modules output.This allows TypeScript projects that use CommonJS modules with
moduleResolution: "node16"ormoduleResolution: "nodeNext"to correctly resolves the typings of apollo's packages as CommonJS instead of ESM.
sindresorhus/make-dir-cli (make-dir-cli)
v3.1.0Compare Source
make-dirdependency (#3)b477ce2nodejs/node (node)
v16.20.2: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.
Commits
40c3958a5a] - deps: update archs files for OpenSSL-1.1.1v (RafaelGSS) #49043a9ac9da89a] - deps: fix openssl crypto clean (RafaelGSS) #49043362d4c7494] - deps: upgrade openssl sources to OpenSSL_1_1_1v (RafaelGSS) #49043d8ccfe9ad4] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#445242aaa0caa] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#459v16.20.1: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSSCompare Source
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
mainModule.__proto__Bypass Experimental Policy Mechanism (High)More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.
Commits
5a92ea7a3b] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)5df04e893a] - deps: setCARES_RANDOM_FILEfor c-ares (Richard Lau) #48156c171cbd124] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115155d3aac02] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #483698d4c8f8ebe] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #483691a5c9284eb] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426e42ff4b018] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#42910042683c8] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408a6f4e87bc9] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416b77000f4d7] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #47851npm/cli (npm)
v9.9.3Compare Source
Bug Fixes
88ea8c7#7010 set objectMode for search filter stream (@lukekarrys)8d9d735#7010 unpublish: bubble up all errors parsing local package.json (#7049) (@wraithgar)e0e75e5#7010 unpublish bugfixes (#7039) (@wraithgar)4d59ce1#7047 reverse direction of SPDX SBOM dep rels (#7047) (@bdehamer, @antonbauhofer)878f22b#7008 properly catch missing url opener error (@wraithgar)91a8eca#7008 properly catch missing url opener error on interactive prompt (@wraithgar)Dependencies
1968e0e#7010[email protected]d130576#7010[email protected]00f28b8#7010[email protected]57096c3#7010[email protected]3ce677e#7010[email protected]89757ed#7010[email protected]bc1e841#7010[email protected]01f4049#7010[email protected]15f8982#7010[email protected]88ff949#7010[email protected]3e298f6#7010[email protected]35a6286#7010[email protected]aeb28c4#7010[email protected]edc7e23#7010@npmcli/[email protected]00a3a08#7010[email protected]7f424c3#7010[email protected]79b8538#7010[email protected]b5faf10#7010[email protected]2c62266#7010[email protected]cc0516b#7010[email protected]651d362#7010[email protected]4b239c6#7010[email protected]2f65b46#7010[email protected]6c73ddf#7010[email protected]73ee6cc#7010[email protected]64715a4#7010[email protected]@npmcli/[email protected]@npmcli/[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]Chores
77fa150#7252 release: do not exclude docs directory from CLI release commits (#7162) (@lukekarrys)1d4c464#7252@npmcli/[email protected](@lukekarrys)6780643#7010 dev dependency updates (@wraithgar)ce701e9#7048 fix tests for zlib differences between node versions (#7048) (@wraithgar)v9.9.2Compare Source
Bug Fixes
4c9a5e1#6993 look in workspace for exec commands (#6993) (@wraithgar)bb6f496#6992 correctly handle object licenses in SBOM generation (#6992) (@bdehamer, @jamietanna)10db3ca#6990 pkg: properly output in workspace mode (#6990) (@wraithgar)Documentation
6ab06d7#6985 update npm-prune description (#6985) (@Eomm)Dependencies
[email protected]v9.9.1Compare Source
Bug Fixes
0dba79a#6942 add back bin/node-gyp-bin/node-gyp files (@lukekarrys)c93edb5#6932 add backbin/node-gyp-bin/node-gypfiles (@lukekarrys)Documentation
e6cce28#6925 use markdown links instead of html (@lukekarrys)v9.9.0Compare Source
Features
ecda95a#6841 add npm sbom command (#6841) (@bdehamer)fdb8a86#6794 add package-lock-only mode to npm query (@wraithgar)16c04b1#6877 add no-package-lock mode to npm audit (@wraithgar)66ef765#6776 Add--cpuand--osoption to override platform specific install (#6776) (@yukukotani)Bug Fixes
c9406f7#6791 deprecate: ignore implicit workspace mode (#6758) (#6791) (@wraithgar)0b1d7c3#6779 allow searching packages with no description (#6779) (@wraithgar, @lukekarrys)Documentation
9750720#6694 fix example path (#6694) (@fvilers)Dependencies
588a245#6756[email protected]a76b1df#6877[email protected]95b5ab0#6877[email protected]@npmcli/[email protected]@npmcli/[email protected][email protected][email protected][email protected][email protected]v9.8.1Compare Source
Bug Fixes
38351c9#6651 warn on autocorrected package.json entries during publish (@wraithgar)02c7ddb#6642 much clearer npx 'canceled' error (#6642) (@rahulio96, @AaronHamilton965)Documentation
36bf5fe#6643 Added steps for using npm/npx locally to CONTRIBUTING.md (#6643) (@AaronHamilton965, @rahulio96)Dependencies
a0763d3#6651@npmcli/[email protected]24f5a8b#6653[email protected]f45498b#6653[email protected]44d60eb#6653[email protected]fc9a843#6653[email protected]daad9ad#6653[email protected]c1ffd6a#6653 move @npmcli/fs, @npmcli/promise-spawn into dependencies[email protected]v9.8.0Compare Source
Features
67459e7#6626 addpkg fixsubcommand (@wraithgar)89b2741#6548 add ps1 scripts (#6548) (@mribbons, @lukekarrys)Dependencies
b252164#6626@npmcli/[email protected]9238682#6623[email protected](#6623)@npmcli/[email protected][email protected][email protected][email protected][email protected][email protected]v9.7.2Compare Source
Bug Fixes
939a188#6574 ignore node prereleases in npm engines check (#6574) (@wraithgar)d980405#6556 better color support detection (#6556) (@lukekarrys)40d7e09#6555 remove unnecessary package.json values (#6555) (@lukekarrys)3a7378d#6554 cleanup bin contents (@lukekarrys)e722439#6497 move all definitions to @npmcli/config package (@lukekarrys)Documentation
405ffbf#6557 remove redundant statement about files attribute (#6557) (@DaviDevMod)cd1e6aa#6551 add flagpackage-lock-onlyfornpm install(#6551) (@m4rch3n1ng)Dependencies
aebc523#6585[email protected][email protected](#6585)bb6054b#6573[email protected]aee4a30#6573[email protected]6105dbc#6573[email protected]22d44e8#6573[email protected]fdd02fd#6573[email protected]7797075#6573[email protected]f9780cc#6573[email protected]72d6a79#6573[email protected]98f1f5f#6573[email protected]8710ff8#6573[email protected]0cb539d#6573[email protected]39ad586#6573[email protected]5e0070c#6573[email protected][email protected]26cf235#6573[email protected]@npmcli/[email protected]@npmcli/[email protected][email protected][email protected][email protected][email protected][email protected]microsoft/TypeScript (typescript)
v5.6.3Compare Source
v5.6.2Compare Source
v5.5.4: TypeScript 5.5.4Compare Source
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
v5.5.3: TypeScript 5.5.3Compare Source
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
v5.5.2: TypeScript 5.5Compare Source
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
v5.4.5: TypeScript 5.4.5Compare Source
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
v5.4.4: TypeScript 5.4.4Compare Source
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
v5.4.3: TypeScript 5.4.3Compare Source
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
v5.4.2: TypeScript 5.4Compare Source
For release notes, check out the [release announcemen
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.