Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📦 Update subpackage devDependencies #40198

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

📦 Update subpackage devDependencies #40198

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 1, 2024

This PR contains the following updates:

Package Update Type Change Package file Age Adoption Passing Confidence
actions/checkout patch action v4.2.1 -> v4.2.2 .github/workflows/update-session-issues.yml age adoption passing confidence
actions/dependency-review-action minor action v4.3.4 -> v4.5.0 .github/workflows/dependency-review.yml age adoption passing confidence
actions/setup-node minor action v4.0.4 -> v4.1.0 .github/workflows/status-page.yml age adoption passing confidence
browser-tools patch orb 1.4.8 -> 1.4.9 .circleci/config.yml age adoption passing confidence
codecov patch orb 5.0.0 -> 5.0.3 .circleci/config.yml age adoption passing confidence
eslint (source) minor devDependencies 9.13.0 -> 9.16.0 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
github/codeql-action minor action v3.26.13 -> v3.27.5 .github/workflows/scorecard.yml age adoption passing confidence
npm-run-all2 patch devDependencies 6.2.4 -> 6.2.6 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
rollup (source) minor devDependencies 4.24.0 -> 4.28.0 third_party/amp-toolbox-cache-url/package.json age adoption passing confidence
rollup-plugin-json replacement devDependencies 4.0.0 -> 4.0.0 third_party/amp-toolbox-cache-url/package.json
step-security/harden-runner patch action v2.10.1 -> v2.10.2 .github/workflows/update-session-issues.yml age adoption passing confidence

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:

# Check out the PR branch
git checkout -b renovate/subpackage-devdependencies main
git pull https://github.com/ampproject/amphtml.git renovate/subpackage-devdependencies

# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors

# Push the changes to the branch
git push [email protected]:ampproject/amphtml.git renovate/subpackage-devdependencies:renovate/subpackage-devdependencies

This is a special PR that replaces rollup-plugin-json with the community suggested minimal stable replacement version.

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

actions/dependency-review-action (actions/dependency-review-action)

v4.5.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

actions/setup-node (actions/setup-node)

v4.1.0

Compare Source

eslint/eslint (eslint)

v9.16.0

Compare Source

Features

  • 8f70eb1 feat: Add ignoreComputedKeys option in sort-keys rule (#​19162) (Milos Djermanovic)

Documentation

  • 9eefc8f docs: fix typos in use-isnan (#​19190) (루밀LuMir)
  • 0c8cea8 docs: switch the order of words in no-unreachable (#​19189) (루밀LuMir)
  • 0c19417 docs: add missing backtick to no-async-promise-executor (#​19188) (루밀LuMir)
  • 8df9276 docs: add backtick in -0 in description of no-compare-neg-zero (#​19186) (루밀LuMir)
  • 7e16e3f docs: fix caseSensitive option's title of sort-keys (#​19183) (Tanuj Kanti)
  • 0c6b842 docs: fix typos in migration-guide.md (#​19180) (루밀LuMir)
  • 353266e docs: fix a typo in debug.md (#​19179) (루밀LuMir)
  • 5ff318a docs: delete unnecessary horizontal rule(---) in nodejs-api (#​19175) (루밀LuMir)
  • 576bcc5 docs: mark more rules as handled by TypeScript (#​19164) (Tanuj Kanti)
  • 742d054 docs: note that no-restricted-syntax can be used with any language (#​19148) (Milos Djermanovic)

Chores

v9.15.0

Compare Source

v9.14.0

Compare Source

github/codeql-action (github/codeql-action)

v3.27.5

Compare Source

v3.27.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024
  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #​2590

See the full CHANGELOG.md for more information.

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024
  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
  • Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

bcomnes/npm-run-all2 (npm-run-all2)

v6.2.6

Compare Source

Commits
  • Prevent a throw when looking up undefined results d928f9a

v6.2.5

Compare Source

rollup/rollup (rollup)

v4.28.0

Compare Source

2024-11-30

Features
  • Allow to specify how to handle import attributes when transpiling Rollup config files (#​5743)
Pull Requests

v4.27.4

Compare Source

2024-11-23

Bug Fixes
  • Update bundled magic-string to support sourcemap debug ids (#​5740)
Pull Requests

v4.27.3

Compare Source

2024-11-18

Bug Fixes
  • Revert object property tree-shaking for now (#​5736)
Pull Requests

v4.27.2

Compare Source

2024-11-15

Bug Fixes
  • Ensure unused variables in patterns are always deconflicted if rendered (#​5728)
Pull Requests

v4.27.1

Compare Source

2024-11-15

Bug Fixes
  • Fix some situations where parameter declarations could put Rollup into an infinite loop (#​5727)
Pull Requests

v4.27.0

Compare Source

2024-11-15

Features
  • Tree-shake unused properties in object literals (#​5420)
Bug Fixes
  • Change hash length limit to 21 to avoid inconsistent hash length (#​5423)
Pull Requests

v4.26.0

Compare Source

2024-11-13

Features
  • Allow to avoid await bundle.close() via explicit resource management in TypeScript (#​5721)
Pull Requests

v4.25.0

Compare Source

2024-11-09

Features
  • Add output.sourcemapDebugIds option to add matching debug ids to sourcemaps and code for tools like Sentry or Rollbar (#​5712)
Bug Fixes
  • Make it easier to manually reproduce base16 hashes by using a more standard base16 conversion algorithm (#​5719)
Pull Requests

v4.24.4

Compare Source

2024-11-04

Bug Fixes
  • Ensure mutations by handlers in Proxy definitions are always respected when tree-shaking (#​5713)
Pull Requests

v4.24.3

Compare Source

2024-10-29

Bug Fixes
  • Slightly reduce memory consumption by specifying fixed array sizes where possible (#​5703)
Pull Requests

v4.24.2

Compare Source

2024-10-27

Bug Fixes
  • Add missing build dependency (#​5705)
Pull Requests

v4.24.1

Compare Source

2024-10-27

Bug Fixes
  • Support running Rollup natively on FreeBSD (#​5698)
Pull Requests
step-security/harden-runner (step-security/harden-runner)

v2.10.2

Compare Source

What's Changed

  1. Fixes low-severity command injection weaknesses
    The advisory is here: GHSA-g85v-wf27-67xc

  2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) December 1, 2024 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants