fix(deps): update all non-major dependencies #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

renovate wants to merge 1 commit into master from renovate/all-minor-patch

Contributor

renovate bot commented Mar 5, 2023 •

edited

Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@commitlint/cli (source)	`17.4.2` → `17.8.1`			devDependencies	minor
@commitlint/config-conventional (source)	`17.4.2` → `17.8.1`			devDependencies	minor
@wildpeaks/eslint-config-commonjs	`15.6.0` → `15.7.0`			devDependencies	minor
@wildpeaks/prettier-config	`15.6.0` → `15.7.0`			devDependencies	minor
body-parser	`^1.20.1` → `^1.20.4`			dependencies	patch
canvas	`^2.11.0` → `^2.11.2`			dependencies	patch
dotenv	`^16.0.3` → `^16.6.1`			dependencies	minor
eslint-config-prettier	`8.6.0` → `8.10.2`			devDependencies	minor
eslint-plugin-prettier	`4.2.1` → `4.2.5`			devDependencies	patch
express (source)	`^4.18.2` → `^4.22.1`			dependencies	minor
helmet (source)	`^6.0.1` → `^6.2.0`			dependencies	minor
lint-staged	`^13.1.0` → `^13.3.0`			devDependencies	minor
node (source)	`>=v16.19.0` → `>=16.20.2`			engines	minor
node-superfetch	`0.3.3` → `0.3.5`			dependencies	patch
nodemon (source)	`2.0.20` → `2.0.22`			devDependencies	patch
prettier (source)	`2.8.3` → `2.8.8`			devDependencies	patch
pretty-quick	`^3.1.3` → `^3.3.1`			devDependencies	minor
serve-favicon	`^2.5.0` → `^2.5.1`			dependencies	patch
xss-clean	`^0.1.1` → `^0.1.4`			dependencies	patch
yarn (source)	`3.3.1` → `3.8.7`			packageManager	minor

Release Notes

conventional-changelog/commitlint (@commitlint/cli)

`v17.8.1`

Note: Version bump only for package @commitlint/cli

`v17.8.0`

Note: Version bump only for package @commitlint/cli

17.7.2 (2023-09-28)

Note: Version bump only for package @commitlint/cli

17.7.1 (2023-08-10)

Note: Version bump only for package @commitlint/cli

`v17.7.2`

Note: Version bump only for package @commitlint/cli

`v17.7.1`

Note: Version bump only for package @commitlint/cli

`v17.7.0`

Note: Version bump only for package @commitlint/cli

17.6.7 (2023-07-19)

Note: Version bump only for package @commitlint/cli

17.6.6 (2023-06-24)

Note: Version bump only for package @commitlint/cli

17.6.5 (2023-05-30)

Note: Version bump only for package @commitlint/cli

17.6.3 (2023-05-04)

Note: Version bump only for package @commitlint/cli

17.6.1 (2023-04-14)

Note: Version bump only for package @commitlint/cli

`v17.6.7`

Note: Version bump only for package @commitlint/cli

`v17.6.6`

Note: Version bump only for package @commitlint/cli

`v17.6.5`

Note: Version bump only for package @commitlint/cli

`v17.6.3`

Note: Version bump only for package @commitlint/cli

`v17.6.1`

Note: Version bump only for package @commitlint/cli

`v17.6.0`

Note: Version bump only for package @commitlint/cli

17.5.1 (2023-03-28)

Note: Version bump only for package @commitlint/cli

`v17.5.1`

Note: Version bump only for package @commitlint/cli

`v17.5.0`

Note: Version bump only for package @commitlint/cli

17.4.4 (2023-02-17)

Note: Version bump only for package @commitlint/cli

17.4.3 (2023-02-13)

Note: Version bump only for package @commitlint/cli

17.4.2 (2023-01-12)

Note: Version bump only for package @commitlint/cli

17.4.1 (2023-01-09)

Note: Version bump only for package @commitlint/cli

`v17.4.4`

Note: Version bump only for package @commitlint/cli

`v17.4.3`

Note: Version bump only for package @commitlint/cli

conventional-changelog/commitlint (@commitlint/config-conventional)

`v17.8.1`

Note: Version bump only for package @commitlint/config-conventional

`v17.8.0`

Note: Version bump only for package @commitlint/config-conventional

`v17.7.0`

Note: Version bump only for package @commitlint/config-conventional

17.6.7 (2023-07-19)

Note: Version bump only for package @commitlint/config-conventional

17.6.6 (2023-06-24)

Note: Version bump only for package @commitlint/config-conventional

17.6.5 (2023-05-30)

Note: Version bump only for package @commitlint/config-conventional

17.6.3 (2023-05-04)

Note: Version bump only for package @commitlint/config-conventional

17.6.1 (2023-04-14)

Note: Version bump only for package @commitlint/config-conventional

`v17.6.7`

Note: Version bump only for package @commitlint/config-conventional

`v17.6.6`

Note: Version bump only for package @commitlint/config-conventional

`v17.6.5`

Note: Version bump only for package @commitlint/config-conventional

`v17.6.3`

Note: Version bump only for package @commitlint/config-conventional

`v17.6.1`

Note: Version bump only for package @commitlint/config-conventional

`v17.6.0`

Note: Version bump only for package @commitlint/config-conventional

17.4.4 (2023-02-17)

Note: Version bump only for package @commitlint/config-conventional

17.4.3 (2023-02-13)

Note: Version bump only for package @commitlint/config-conventional

17.4.2 (2023-01-12)

Note: Version bump only for package @commitlint/config-conventional

`v17.4.4`

Note: Version bump only for package @commitlint/config-conventional

`v17.4.3`

Note: Version bump only for package @commitlint/config-conventional

wildpeaks/packages-eslint-config (@wildpeaks/eslint-config-commonjs)

`v15.7.0`: 15.7.0

Updated eslint, @typescript-eslint/eslint-plugin, @typescript-eslint/parser, prettier, and devDependencies.

expressjs/body-parser (body-parser)

`v1.20.4`

===================

deps: qs@~6.14.0
deps: use tilde notation for dependencies
deps: http-errors@~2.0.1
deps: raw-body@~2.5.3

`v1.20.3`

===================

deps: qs@6.13.0
add depth option to customize the depth level in the parser
IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

`v1.20.2`

===================

Fix strict json error message on Node.js 19+
deps: content-type@~1.0.5
- perf: skip value escaping when unnecessary
deps: raw-body@2.5.2

Automattic/node-canvas (canvas)

`v2.11.2`

==================

Fixed

Building on Windows in CI (and maybe other Windows configurations?) (#2216)

`v2.11.1`

==================

Fixed

Add missing property canvas to the CanvasRenderingContext2D type
Fixed glyph positions getting rounded, resulting text having a slight letter-spacing effect
Fixed ctx.font not being restored correctly after ctx.restore() (#1946)

motdotla/dotenv (dotenv)

`v16.6.1`

Changed

Default quiet to true – hiding the runtime log message (#874)
NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

`v16.6.0`

Added

Default log helpful message [dotenv@16.6.0] injecting env (1) from .env (#870)
Use { quiet: true } to suppress
Aligns dotenv more closely with dotenvx.

`v16.5.0`

Added

🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

Remove _log method. Use _debug #862

`v16.4.7`

Changed

Ignore .tap folder when publishing. (oops, sorry about that everyone. - @motdotla) #848

`v16.4.6`

Changed

Clean up stale dev dependencies #847
Various README updates clarifying usage and alternative solutions using dotenvx

`v16.4.5`

Changed

🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #814

`v16.4.4`

Changed

🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #812

`v16.4.3`

Changed

🐞 Fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #814

`v16.4.2`

Changed

Changed funding link in package.json to dotenvx.com

`v16.4.1`

Patch support for array as path option #797

`v16.4.0`

Add error.code to error messages around .env.vault decryption handling #795
Add ability to find .env.vault file when filename(s) passed as an array #784

`v16.3.2`

Added

Add debug message when no encoding set #735

Changed

Fix output typing for populate #792
Use subarray instead of slice #793

`v16.3.1`

Added

Add missing type definitions for processEnv and DOTENV_KEY options. #756

`v16.3.0`

Added

Optionally pass DOTENV_KEY to options rather than relying on process.env.DOTENV_KEY. Defaults to process.env.DOTENV_KEY #754

`v16.2.0`

Added

Optionally write to your own target object rather than process.env. Defaults to process.env. #753
Add import type URL to types file #751

`v16.1.4`

Added

Added .github/ to .npmignore #747

`v16.1.3`

Removed

Removed browser keys for path, os, and crypto in package.json. These were set to false incorrectly as of 16.1. Instead, if using dotenv on the front-end make sure to include polyfills for path, os, and crypto. node-polyfill-webpack-plugin provides these.

`v16.1.2`

Changed

Exposed private function _configDotenv as configDotenv. #744

`v16.1.1`

Added

Added type definition for decrypt function

Changed

Fixed {crypto: false} in packageJson.browser

`v16.1.0`

Added

Add populate convenience method #733
Accept URL as path option #720
Add dotenv to npm fund command
Spanish language README #698
Add .env.vault support. 🎉 (#730)

ℹ️ .env.vault extends the .env file format standard with a localized encrypted vault file. Package it securely with your production code deploys. It's cloud agnostic so that you can deploy your secrets anywhere – without risky third-party integrations. read more

Changed

Fixed "cannot resolve 'fs'" error on tools like Replit #693

prettier/eslint-config-prettier (eslint-config-prettier)

`v8.10.2`

`v8.10.0`

Added: [max-statements-per-line]. Thanks to @Zamiell!

`v8.9.0`

Added: [vue/array-element-newline]. Thanks to @xcatliu!

`v8.8.0`

Added: [@typescript-eslint/lines-around-comment]. Thanks to @ttionya!

`v8.7.0`

Added: [@typescript-eslint/block-spacing]. Thanks to @ttionya!
Added: [@typescript-eslint/key-spacing]. Thanks to @ttionya!

prettier/eslint-plugin-prettier (eslint-plugin-prettier)

`v4.2.5`

republish the v4 version

Full Changelog: prettier/eslint-plugin-prettier@v4.2.4...v4.2.5

`v4.2.4`

republish the v4 version

Full Changelog: prettier/eslint-plugin-prettier@v4.2.1...v4.2.4

expressjs/express (express)

`v4.22.1`

`v4.22.0`

`v4.21.2`

What's Changed

Add funding field (v4) by @bjohansebas in #6065
deps: path-to-regexp@0.1.11 by @blakeembrey in #5956
deps: bump path-to-regexp@0.1.12 by @jonchurch in #6209
Release: 4.21.2 by @UlisesGascon in #6094

Full Changelog: expressjs/express@4.21.1...4.21.2

`v4.21.1`

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in #6029
Release: 4.21.1 by @UlisesGascon in #6031

Full Changelog: expressjs/express@4.21.0...4.21.1

`v4.21.0`

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in #5935
finalhandler@1.3.1 by @wesleytodd in #5954
fix(deps): serve-static@1.16.2 by @wesleytodd in #5951
Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in #5946

New Contributors

@agadzinski93 made their first contribution in #5946

Full Changelog: expressjs/express@4.20.0...4.21.0

`v4.20.0`

==========

deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
deps: send@0.19.0
- Remove link renderization in html while redirecting
deps: body-parser@0.6.0
- add depth option to customize the depth level in the parser
- IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Remove link renderization in html while using res.redirect
deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
deps: encodeurl@~2.0.0
- Removes encoding of \, |, and ^ to align better with URL spec
Deprecate passing options.maxAge and options.expires to res.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

`v4.19.2`

==========

Improved fix for open redirect allow list bypass

`v4.19.1`

==========

Allow passing non-strings to res.location with new encoding handling checks

`v4.19.0`

==========

Prevent open redirect allow list bypass due to encodeurl
deps: cookie@0.6.0

`v4.18.3`

==========

Fix routing requests without method
deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
deps: cookie@0.6.0
- Add partitioned option

helmetjs/helmet (helmet)

`v6.2.0`

Expose header names (e.g., strictTransportSecurity for the Strict-Transport-Security header, instead of hsts)
Rework documentation

`v6.1.5`

Fixed

Fixed yet another issue with TypeScript exports. See #420

`v6.1.4`

Fixed

Fix another issue with TypeScript default exports. See #418

`v6.1.3`

Fixed

Fix issue with TypeScript default exports. See #417

`v6.1.2`

Fixed

Retored main to package to help with some build tools

`v6.1.1`

Fixed

Fixed missing package metadata

`v6.1.0`

Changed

Improve support for various TypeScript setups, including "nodenext". See #405

lint-staged/lint-staged (lint-staged)

`v13.3.0`

Bug Fixes

dependencies: update most dependencies (7443870)
detect duplicate redundant braces in pattern (d895aa8)

Features

dependencies: update listr2@6.6.0 (09844ca)

`v13.2.3`

Bug Fixes

the --diff option implies --no-stash (66a716d)

`v13.2.2`

Bug Fixes

dependencies: update yaml@2.2.2 (GHSA-f9xv-q969-pqx4) (#1290) (cf691aa)

`v13.2.1`

Bug Fixes

ignore "package.json" as config file when it's invalid JSON (#1281) (e7ed6f7)

`v13.2.0`

Bug Fixes

dependencies: replace colorette with chalk for better color support detection (f598725)
use index-based stash references for improved MSYS2 compatibility (#1270) (60fcd99)

Features

version bump only (#1275) (05fb382)

`v13.1.4`

`v13.1.3`

`v13.1.2`

Bug Fixes

disable stash by default when using diff option (#1259) (142c6f2)

`v13.1.1`

Bug Fixes

allow re-enabling --stash when using the --diff option (99390c3)

nodejs/node (node)

`v16.20.2`: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @RafaelGSS

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-32002: Policies can be bypassed via Module._load (High)
CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
OpenSSL Security Releases

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

[40c3958a5a] - deps: update archs files for OpenSSL-1.1.1v (RafaelGSS) #49043
[a9ac9da89a] - deps: fix openssl crypto clean (RafaelGSS) #49043
[362d4c7494] - deps: upgrade openssl sources to OpenSSL_1_1_1v (RafaelGSS) #49043
[d8ccfe9ad4] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#445
[242aaa0caa] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#459

`v16.20.1`: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @RafaelGSS

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases
c-ares vulnerabilities:

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

[5a92ea7a3b] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)
[5df04e893a] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #48156
[c171cbd124] - deps: update c-ares to 1.19.1 (RafaelGSS) #48115
[155d3aac02] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #48369
[8d4c8f8ebe] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #48369
[1a5c9284eb] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426
[e42ff4b018] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#429
[10042683c8] - msi: do not create

Configuration

📅 Schedule: Branch creation - "before 12pm on Sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot requested a review from NotKaskus as a code owner

March 5, 2023 03:30

renovate bot added the Meta: Dependencies label

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 7b696db to f819eb5 Compare

March 10, 2023 13:36

renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from c28bae6 to 62eec32 Compare

March 22, 2023 21:00

renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from e7c163a to 9233ee8 Compare

March 29, 2023 23:03

renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 963ab48 to 5df8cc9 Compare

April 9, 2023 17:50

renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 63a076c to 2dae2bd Compare

April 14, 2023 08:43

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from cda01b2 to ad87376 Compare

April 26, 2023 15:19

renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from ac49b14 to 030c143 Compare

May 7, 2023 00:52

renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 302d639 to 1995fa6 Compare

May 31, 2023 02:45

renovate bot force-pushed the renovate/all-minor-patch branch from a64cb6d to ce2865c Compare

May 2, 2024 18:59

renovate bot force-pushed the renovate/all-minor-patch branch from ce2865c to bd9c1f0 Compare

June 21, 2024 16:42

renovate bot force-pushed the renovate/all-minor-patch branch from bd9c1f0 to b4969dc Compare

August 5, 2024 16:05

renovate bot force-pushed the renovate/all-minor-patch branch from b4969dc to 545f3fc Compare

August 24, 2024 16:54

renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 6f97d97 to 4b17930 Compare

September 11, 2024 23:19

renovate bot force-pushed the renovate/all-minor-patch branch from 4b17930 to 93ea2ca Compare

October 8, 2024 20:01

renovate bot force-pushed the renovate/all-minor-patch branch from 93ea2ca to f4f9163 Compare

October 18, 2024 18:39

renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 3792ef4 to 9fd121e Compare

December 6, 2024 00:11

renovate bot changed the title ~~chore(deps): update all non-major dependencies~~ chore(deps): update node.js to >=16.20.2

renovate bot changed the title ~~chore(deps): update node.js to >=16.20.2~~ chore(deps): update all non-major dependencies

renovate bot changed the title ~~chore(deps): update all non-major dependencies~~ fix(deps): update all non-major dependencies

renovate bot force-pushed the renovate/all-minor-patch branch from 9fd121e to baf2558 Compare

April 10, 2025 22:55

renovate bot force-pushed the renovate/all-minor-patch branch from baf2558 to 9324ae3 Compare

April 21, 2025 18:05

renovate bot force-pushed the renovate/all-minor-patch branch from 9324ae3 to a5acbfe Compare

June 10, 2025 11:05

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from ab45572 to f69b226 Compare

June 27, 2025 16:59

renovate bot force-pushed the renovate/all-minor-patch branch from f69b226 to 344dc5d Compare

July 18, 2025 20:25

renovate bot force-pushed the renovate/all-minor-patch branch from 344dc5d to 92b9878 Compare

August 10, 2025 13:28

renovate bot force-pushed the renovate/all-minor-patch branch from 92b9878 to 42fc05e Compare

September 25, 2025 15:26

renovate bot force-pushed the renovate/all-minor-patch branch from 42fc05e to c775c54 Compare

October 21, 2025 11:56

renovate bot force-pushed the renovate/all-minor-patch branch from c775c54 to 1e5eec2 Compare

November 18, 2025 12:43

renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 7ed037b to 3a3ca71 Compare

December 2, 2025 00:41


          fix(deps): update all non-major dependencies

864ce9d

renovate bot force-pushed the renovate/all-minor-patch branch from 3a3ca71 to 864ce9d Compare

December 31, 2025 15:07

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Meta: Dependencies