Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group in /site with 9 updates #161

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the npm_and_yarn group in /site with 9 updates #161

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 8, 2025

Bumps the npm_and_yarn group in /site with 9 updates:

Package From To
astro 4.5.12 4.16.18
@pagefind/default-ui 1.0.4 1.3.0
cookie 0.6.0 0.7.2
dset 3.1.3 3.1.4
micromatch 4.0.5 4.0.8
nanoid 3.3.7 3.3.8
pagefind 1.0.4 1.3.0
rollup 4.18.0 4.30.1
vite 5.3.2 5.4.11

Updates astro from 4.5.12 to 4.16.18

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

[email protected]

Patch Changes

  • #12632 e7d14c3 Thanks @​ematipico! - Fixes an issue where the checkOrigin feature wasn't correctly checking the content-type header

[email protected]

Patch Changes

[email protected]

Patch Changes

[email protected]

Patch Changes

[email protected]

Patch Changes

  • #12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

  • #12392 0462219 Thanks @​apatel369! - Fixes an issue where scripts were not correctly injected during the build. The issue was triggered when there were injected routes with the same entrypoint and different pattern

Changelog

Sourced from astro's changelog.

4.16.18

Patch Changes

4.16.17

Patch Changes

  • #12632 e7d14c3 Thanks @​ematipico! - Fixes an issue where the checkOrigin feature wasn't correctly checking the content-type header

4.16.16

Patch Changes

4.16.15

Patch Changes

4.16.14

Patch Changes

4.16.13

Patch Changes

... (truncated)

Commits

Updates @pagefind/default-ui from 1.0.4 to 1.3.0

Updates cookie from 0.6.0 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

  • Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

  • Allow leading dot for domain (#174)
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

jshttp/cookie@v0.6.0...v0.7.0

Commits
Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.


Updates dset from 3.1.3 to 3.1.4

Commits

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

  • Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).
Commits

Updates pagefind from 1.0.4 to 1.3.0

Release notes

Sourced from pagefind's releases.

v1.3.0

Core Features & Improvements

  • Added --quiet and --silent flags when running the Pagefind CLI, which reduce the logging output to only warnings or only errors respectively.
  • Stablized the Pagefind Rust library.
    • Thanks to @​cdxker for leading this in #751 ❤️
    • This library interface has feature parity with the Node and Python indexing APIs, and is a great solution for integrating Pagefind indexing into any Rust-based tooling.

Default UI Features & Improvements

  • Added a data-pagefind-ui-meta attribute to the metadata tags on search results in the Default UI, allowing them to be targeted with CSS.
    • For example, a tag on a result containing Date: April 19, 2024 will now have data-pagefind-ui-meta="date".

Fixes & Tweaks

  • Fixed an issue where inline metadata would incorrectly render with html-escaped characters.
    • Specifically, tagging metadata inline with data-pagefind-meta="phrase:this &lt; that would index the literal &lt; rather than a < character.
    • This bug didn't occur when using data-pagefind-meta to capture the content of an element.
  • Fixed an issue where matches in compound words could (sometimes) be ranked lower than intended.
    • Specifically, for example, matching just the Cannon in CloudCannon may have ranked the word incorrectly.
  • Fixed an issue where fragment hashes would change between every Pagefind build.
    • Now, if an HTML page has not changed between two Pagefind indexes, the fragment filename will not change.
    • This saves you from having to re-upload all fragment files after every Pagefind build.

v1.2.0

Core Features & Improvements

UI Translations

*️⃣ : These languages are the first right-to-left languages in the translation set. Please open any issues if improvements can be made to the Pagefind UI libraries when rendered for these RTL languages.

v1.1.1

Fixes & Tweaks

  • Fixes an issue where internal anchor and weight tokens would leak when captured in meta or filter attributes.
  • Improves segmentation for extended languages (PR #600 — thanks @​hamano !).
  • Improves Pagefind's processing of "index.html" URLs (PR #604 — thanks @​dscho !).
  • Fixes some instances of incorrect types in the Pagefind NodeJS API (PRs #642 & #655 — thanks @​vanyauhalin & SKalt !).

UI Translations

  • Added Swahili translations

Secutiry

... (truncated)

Changelog

Sourced from pagefind's changelog.

v1.3.0 (December 18, 2024)

Core Features & Improvements

  • Added --quiet and --silent flags when running the Pagefind CLI, which reduce the logging output to only warnings or only errors respectively.
  • Stablized the Pagefind Rust library.
    • Thanks to @​cdxker for leading this in #751 ❤️
    • This library interface has feature parity with the Node and Python indexing APIs, and is a great solution for integrating Pagefind indexing into any Rust-based tooling.

Default UI Features & Improvements

  • Added a data-pagefind-ui-meta attribute to the metadata tags on search results in the Default UI, allowing them to be targeted with CSS.
    • For example, a tag on a result containing Date: April 19, 2024 will now have data-pagefind-ui-meta="date".

Fixes & Tweaks

  • Fixed an issue where inline metadata would incorrectly render with html-escaped characters.
    • Specifically, tagging metadata inline with data-pagefind-meta="phrase:this &lt; that would index the literal &lt; rather than a < character.
    • This bug didn't occur when using data-pagefind-meta to capture the content of an element.
  • Fixed an issue where matches in compound words could (sometimes) be ranked lower than intended.
    • Specifically, for example, matching just the Cannon in CloudCannon may have ranked the word incorrectly.
  • Fixed an issue where fragment hashes would change between every Pagefind build.
    • Now, if an HTML page has not changed between two Pagefind indexes, the fragment filename will not change.
    • This saves you from having to re-upload all fragment files after every Pagefind build.

v1.2.0 (November 6, 2024)

Core Features & Improvements

UI Translations

*️⃣ : These languages are the first right-to-left languages in the translation set. Please open any issues if improvements can be made to the Pagefind UI libraries when rendered for these RTL languages.

v1.1.1 (September 3, 2024)

Fixes & Tweaks

  • Fixes an issue where internal anchor and weight tokens would leak when captured in meta or filter attributes.
  • Improves segmentation for extended languages (PR #600 — thanks @​hamano !).
  • Improves Pagefind's processing of "index.html" URLs (PR #604 — thanks @​dscho !).
  • Fixes some instances of incorrect types in the Pagefind NodeJS API (PRs #642 & #655 — thanks @​vanyauhalin & SKalt !).

UI Translations

  • Added Swahili translations

Security

... (truncated)

Commits
  • df0f721 Merge pull request #762 from CloudCannon/chore/changelog
  • 597d9a5 Changelog
  • a138dd1 Merge pull request #761 from CloudCannon/fix/stable-output
  • da3c0f9 Only test fragment stabilization
  • c933742 Stabilize filename hashes for fragments
  • 36358de Merge pull request #760 from CloudCannon/feat/ui-meta-attribute
  • c45609d Merge pull request #759 from CloudCannon/feat/quiet
  • ae0d9a1 Added data-pagefind-ui-meta attribute to the default UI as CSS target
  • 7899d3d Add --quiet and --silent configuration options when indexing
  • 74c4ed8 Merge pull request #758 from CloudCannon/feat/fix-meta-encoding
  • Additional commits viewable in compare view

Updates rollup from 4.18.0 to 4.30.1

Release notes

Sourced from rollup's releases.

v4.30.1

4.30.1

2025-01-07

Bug Fixes

  • Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

v4.30.0

4.30.0

2025-01-06

Features

  • Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

v4.29.2

4.29.2

2025-01-05

Bug Fixes

  • Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)

Pull Requests

v4.29.1

4.29.1

2024-12-21

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

4.30.1

2025-01-07

Bug Fixes

  • Prevent invalid code when simplifying unary expressions in switch cases (#5786)

Pull Requests

4.30.0

2025-01-06

Features

  • Inline values of resolvable unary expressions for improved tree-shaking (#5775)

Pull Requests

4.29.2

2025-01-05

Bug Fixes

  • Keep import attributes when using dynamic ESM import() expressions from CommonJS (#5781)

Pull Requests

4.29.1

2024-12-21

Bug Fixes

  • Fix crash from deoptimized logical expressions (#5771)

Pull Requests

... (truncated)

Commits

Updates vite from 5.3.2 to 5.4.11

Release notes

Sourced from vite's releases.

v5.4.11

Please refer to CHANGELOG.md for details.

v5.4.10

Please refer to CHANGELOG.md for details.

v5.4.9

Please refer to CHANGELOG.md for details.

v5.4.8

Please refer to CHANGELOG.md for details.

v5.4.7

Please refer to CHANGELOG.md for details.

v5.4.6

Please refer to CHANGELOG.md for details.

v5.4.5

Please refer to CHANGELOG.md for details.

v5.4.4

Please refer to CHANGELOG.md for details.

v5.4.3

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.1

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v5.4.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

6.0.7 (2025-01-02)

6.0.6 (2024-12-26)

6.0.5 (2024-12-20)

6.0.4 (2024-12-19)

... (truncated)

Commits
  • c54c860 release: v5.4.11
  • 5f52bc8 release: v5.4.10
  • 7d1a3bc fix: backport #18367,augment hash for CSS files to prevent chromium erroring ...
  • 898d61f release: v5.4.9
  • 508d9ab fix: bump launch-editor-middleware to v2.9.1 (#18348)
  • dc5434c fix(deps): bump tsconfck (#18322)
  • 851b258 fix(hmr): don't try to rewrite imports for direct CSS soft invalidation (#18252)
  • 96084d6 fix(data-uri): only match ids starting with data: (#18241)
  • eae00b5 fix(css): fix lightningcss dep url resolution with custom root (#18125)
  • c23558a chore: update all url references of vitejs.dev to vite.dev (#18276)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group in /site with 9 updates
41cfd02 
Bumps the npm_and_yarn group in /site with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `4.5.12` | `4.16.18` |
| @pagefind/default-ui | `1.0.4` | `1.3.0` |
| [cookie](https://github.com/jshttp/cookie) | `0.6.0` | `0.7.2` |
| [dset](https://github.com/lukeed/dset) | `3.1.3` | `3.1.4` |
| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |
| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.8` |
| [pagefind](https://github.com/CloudCannon/pagefind) | `1.0.4` | `1.3.0` |
| [rollup](https://github.com/rollup/rollup) | `4.18.0` | `4.30.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.3.2` | `5.4.11` |


Updates `astro` from 4.5.12 to 4.16.18
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/[email protected]/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro)

Updates `@pagefind/default-ui` from 1.0.4 to 1.3.0

Updates `cookie` from 0.6.0 to 0.7.2
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](jshttp/cookie@v0.6.0...v0.7.2)

Updates `dset` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/lukeed/dset/releases)
- [Commits](lukeed/dset@v3.1.3...v3.1.4)

Updates `micromatch` from 4.0.5 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.5...4.0.8)

Updates `nanoid` from 3.3.7 to 3.3.8
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.8)

Updates `pagefind` from 1.0.4 to 1.3.0
- [Release notes](https://github.com/CloudCannon/pagefind/releases)
- [Changelog](https://github.com/CloudCannon/pagefind/blob/main/CHANGELOG.md)
- [Commits](CloudCannon/pagefind@v1.0.4...v1.3.0)

Updates `rollup` from 4.18.0 to 4.30.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.18.0...v4.30.1)

Updates `vite` from 5.3.2 to 5.4.11
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.11/packages/vite)

---
updated-dependencies:
- dependency-name: astro
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@pagefind/default-ui"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cookie
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dset
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: nanoid
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: pagefind
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 8, 2025
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Jan 8, 2025
edited
Loading

Deploying chisel-operator with  Cloudflare Pages  Cloudflare Pages

Latest commit: 41cfd02
Status: ✅  Deploy successful!
Preview URL: https://6152633f.chisel-operator.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-site-z4nx.chisel-operator.pages.dev

View logs

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +324 66.2 MB fredkschott

🚮 Removed packages: npm/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Possible typosquat attack npm/[email protected] ⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants