Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update all non-major dependencies #361

Merged
merged 1 commit into from
Feb 20, 2024
Merged

Update all non-major dependencies #361

merged 1 commit into from
Feb 20, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 14, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@swc/core (source) 1.4.0 -> 1.4.2 age adoption passing confidence devDependencies patch
@tsconfig/strictest (source) 2.0.2 -> 2.0.3 age adoption passing confidence devDependencies patch
@vitest/coverage-v8 (source) 1.2.2 -> 1.3.0 age adoption passing confidence devDependencies minor
argocd 2.10.0 -> 2.10.1 age adoption passing confidence patch
dotenv 16.4.1 -> 16.4.5 age adoption passing confidence dependencies patch
kubectl 1.29.1 -> 1.29.2 age adoption passing confidence patch
node 20.11.0-bookworm-slim -> 20.11.1-bookworm-slim age adoption passing confidence final patch
node 20.11.0-bookworm -> 20.11.1-bookworm age adoption passing confidence stage patch
node (source) 20.11.0 -> 20.11.1 age adoption passing confidence patch
pnpm (source) 8.15.2 -> 8.15.3 age adoption passing confidence patch
tsx 4.7.0 -> 4.7.1 age adoption passing confidence devDependencies patch
typescript-eslint (source) 7.0.1 -> 7.0.2 age adoption passing confidence devDependencies patch
vite (source) 5.1.1 -> 5.1.3 age adoption passing confidence resolutions patch
vitest (source) 1.2.2 -> 1.3.0 age adoption passing confidence devDependencies minor

Release Notes

swc-project/swc (@​swc/core)

v1.4.2

Compare Source

Bug Fixes
Features
Testing

v1.4.1

Compare Source

Bug Fixes
Features
Miscellaneous Tasks
Refactor
  • (bindings) Remove bindings for experimental packages (#​8600) (6c50ff1)
Testing
Build
tsconfig/bases (@​tsconfig/strictest)

v2.0.3

Compare Source

vitest-dev/vitest (@​vitest/coverage-v8)

v1.3.0

Compare Source

🚀 Features
🐞 Bug Fixes
View changes on GitHub
argoproj/argo-cd (argocd)

v2.10.1

Compare Source

Quick Start

Non-HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.1/manifests/install.yaml
HA:
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.1/manifests/ha/install.yaml

Release Signatures and Provenance

All Argo CD container images are signed by cosign. A Provenance is generated for container images and CLI binaries which meet the SLSA Level 3 specifications. See the documentation on how to verify.

Upgrading

If upgrading from a different minor version, be sure to read the upgrading documentation.

Changes

This release includes 7 contributions from 3 contributors with 0 features and 5 bug fixes.

Bug fixes (5)
Other (1)
  • chore(manifests): add ClsuterRole/ClusterRoleBinding for applicationset controller. (#​16699) (#​17119)
motdotla/dotenv (dotenv)

v16.4.5

Compare Source

Changed
  • 🐞 fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #​814

v16.4.4

Compare Source

Changed
  • 🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #​812

v16.4.3

Compare Source

Changed
  • Fixed processing of multiple files in options.path #​805

v16.4.2

Compare Source

Changed
kubernetes/kubernetes (kubectl)

v1.29.2: Kubernetes v1.29.2

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

nodejs/node (node)

v20.11.1: 2024-02-14, Version 20.11.1 'Iron' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
  • CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  • CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
  • CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • libuv version 1.48.0
  • OpenSSL version 3.0.13+quic1
Commits
pnpm/pnpm (pnpm)

v8.15.3

Compare Source

Patch Changes

  • Remove vulnerable "ip" package from the dependencies #​7652.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

privatenumber/tsx (tsx)

v4.7.1

Compare Source

Bug Fixes

This release is also available on:

typescript-eslint/typescript-eslint (typescript-eslint)

v7.0.2

Compare Source

🩹 Fixes
  • fix tsconfig-less check errors, fix @types/eslint incompatibilities, add tests
❤️ Thank You
  • Brad Zacher
  • Gareth Jones

You can read about our versioning strategy and releases on our website.

vitejs/vite (vite)

v5.1.3

Compare Source

v5.1.2

Compare Source


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@2na2-p 2na2-p bot enabled auto-merge February 14, 2024 16:48
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from a953327 to bb4ee7c Compare February 15, 2024 16:18
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from bb4ee7c to 6ae8fc3 Compare February 16, 2024 00:36
@2na2-p 2na2-p bot merged commit 1ab8bf4 into main Feb 20, 2024
8 checks passed
@2na2-p 2na2-p bot deleted the renovate/all-minor-patch branch February 20, 2024 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant