Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the prod-deps group across 1 directory with 3 updates #171

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the prod-deps group across 1 directory with 3 updates #171

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 9, 2024
edited
Loading

Bumps the prod-deps group with 3 updates in the / directory: sst, astro and @astrojs/node.

Updates sst from 3.2.73 to 3.3.59

Release notes

Sourced from sst's releases.

v3.3.59

Changelog

  • f39517512198587250b9e1bba0a3be02488b96de dev: fix issue with appsync not resolving and sst dev exiting right away

v3.3.58

Changelog

  • 7efaab30ea786a044eefdaaba20d9f7fef7bbe06 feat(nextjs): expose revalidation resources for CloudWatch Alarm monitoring (#5010)

v3.3.57

Changelog

  • 4bb5bc2f46be791b480b6f6e6d5b55bd397c54d3 Vpc: support transform security group for bastion

v3.3.56

Changelog

  • 2039eab87b18097c3d566bfc9b14a4fe498e9af5 Vpc: support specifying AZs

v3.3.55

Changelog

  • f39517512198587250b9e1bba0a3be02488b96de dev: fix issue with appsync not resolving and sst dev exiting right away

v3.3.54

Changelog

  • 286f07f9e208527c98694094ab7dae56f85820dc Add missing config values to sst.config.ts in aws-accounts.mdx (#5169)
  • 6fef78e97e219b4974999d8964a9cad854bacdbf SsrSite: revert default runtime to nodejs20.x

v3.3.53

Changelog

  • 7d8f5934764d9a678a377f6d3dab878c87018d98 Router: support .get()
  • 93f1b6c128f951200d8cde8db87e5e43d6c44dfe sync

v3.3.52

Changelog

  • 0b737a0885c82d8d9a4bd5ac738a7b4a53d433be Cluster: support domain alias

v3.3.51

Changelog

  • ecb767c2e243230682b1c61bac403cb4f8d6200e sst dev: fix missing init errors

v3.3.50

sst dev: upgrade protocol for live lambda. should feel faster and consume less resources locally. also link changes should be picked up without a restart sst dev: remove appsync permission requirement unless doing sst dev

v3.3.47

Changelog

  • d8c8c484221ac55aa1d34283ca953b429a1e38d6 Email: fix permissions not granted to recipients

v3.3.46

Changelog

  • c766a8be6600f43e87d4cf727e42abb5c9fc351d Cluster: auto-cache layers
  • 27791b36a701c506552e42e0f8213da26aa28662 Function: keep the default runtime to nodejs20.x

... (truncated)

Commits

Updates astro from 4.16.8 to 5.0.3

Release notes

Sourced from astro's releases.

astro@5.0.3

Patch Changes

  • #12645 8704c54 Thanks @​sarah11918! - Updates some reference links in error messages for new v5 docs.

  • #12641 48ca399 Thanks @​ascorbic! - Fixes a bug where astro info --copy wasn't working correctly on macOS systems.

  • #12461 62939ad Thanks @​kyr0! - Removes the misleading log message telling that a custom renderer is not recognized while it clearly is and works.

  • #12642 ff18b9c Thanks @​ematipico! - Provides more information when logging a warning for accessing Astro.request.headers in prerendered pages

  • #12634 03958d9 Thanks @​delucis! - Improves error message formatting for user config and content collection frontmatter

  • #12547 6b6e18d Thanks @​mtwilliams-code! - Fixes a bug where URL search parameters weren't passed when using the i18n fallback feature.

  • #12449 e6b8017 Thanks @​apatel369! - Fixes an issue where the custom assetFileNames configuration caused assets to be incorrectly moved to the server directory instead of the client directory, resulting in 404 errors when accessed from the client side.

  • #12518 e216250 Thanks @​ematipico! - Fixes an issue where SSR error pages would return duplicated custom headers.

  • #12625 74bfad0 Thanks @​ematipico! - Fixes an issue where the experimental.svg had incorrect type, resulting in some errors in the editors.

  • #12631 dec0305 Thanks @​ascorbic! - Fixes a bug where the class attribute was rendered twice on the image component

  • #12623 0e4fecb Thanks @​ascorbic! - Correctly handles images in content collections with uppercase file extensions

  • #12633 8a551c1 Thanks @​bluwy! - Cleans up content layer sync during builds and programmatic sync() calls

  • #12640 22e405a Thanks @​ascorbic! - Fixes a bug that caused content collections to be returned empty when run in a test environment

  • #12613 306c9f9 Thanks @​matthewp! - Fix use of cloned requests in middleware with clientAddress

    When using context.clientAddress or Astro.clientAddress Astro looks up the address in a hidden property. Cloning a request can cause this hidden property to be lost.

    The fix is to pass the address as an internal property instead, decoupling it from the request.

astro@5.0.2

Patch Changes

astro@5.0.1

Patch Changes

astro@5.0.0

Major Changes

... (truncated)

Changelog

Sourced from astro's changelog.

5.0.3

Patch Changes

  • #12645 8704c54 Thanks @​sarah11918! - Updates some reference links in error messages for new v5 docs.

  • #12641 48ca399 Thanks @​ascorbic! - Fixes a bug where astro info --copy wasn't working correctly on macOS systems.

  • #12461 62939ad Thanks @​kyr0! - Removes the misleading log message telling that a custom renderer is not recognized while it clearly is and works.

  • #12642 ff18b9c Thanks @​ematipico! - Provides more information when logging a warning for accessing Astro.request.headers in prerendered pages

  • #12634 03958d9 Thanks @​delucis! - Improves error message formatting for user config and content collection frontmatter

  • #12547 6b6e18d Thanks @​mtwilliams-code! - Fixes a bug where URL search parameters weren't passed when using the i18n fallback feature.

  • #12449 e6b8017 Thanks @​apatel369! - Fixes an issue where the custom assetFileNames configuration caused assets to be incorrectly moved to the server directory instead of the client directory, resulting in 404 errors when accessed from the client side.

  • #12518 e216250 Thanks @​ematipico! - Fixes an issue where SSR error pages would return duplicated custom headers.

  • #12625 74bfad0 Thanks @​ematipico! - Fixes an issue where the experimental.svg had incorrect type, resulting in some errors in the editors.

  • #12631 dec0305 Thanks @​ascorbic! - Fixes a bug where the class attribute was rendered twice on the image component

  • #12623 0e4fecb Thanks @​ascorbic! - Correctly handles images in content collections with uppercase file extensions

  • #12633 8a551c1 Thanks @​bluwy! - Cleans up content layer sync during builds and programmatic sync() calls

  • #12640 22e405a Thanks @​ascorbic! - Fixes a bug that caused content collections to be returned empty when run in a test environment

  • #12613 306c9f9 Thanks @​matthewp! - Fix use of cloned requests in middleware with clientAddress

    When using context.clientAddress or Astro.clientAddress Astro looks up the address in a hidden property. Cloning a request can cause this hidden property to be lost.

    The fix is to pass the address as an internal property instead, decoupling it from the request.

5.0.2

Patch Changes

5.0.1

Patch Changes

5.0.0

... (truncated)

Commits

Updates @astrojs/node from 8.3.4 to 9.0.0

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​9.0.0

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

  • #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

@​astrojs/node@​9.0.0-beta.3

Major Changes

@​astrojs/node@​9.0.0-beta.2

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

Changelog

Sourced from @​astrojs/node's changelog.

9.0.0

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

  • #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

9.0.0-beta.3

Major Changes

9.0.0-beta.2

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

9.0.0-alpha.1

Major Changes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the prod-deps group across 1 directory with 3 updates
6f2baa3 
Bumps the prod-deps group with 3 updates in the / directory: [sst](https://github.com/sst/sst/tree/HEAD/packages/cli), [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [@astrojs/node](https://github.com/withastro/adapters/tree/HEAD/packages/node).


Updates `sst` from 3.2.73 to 3.3.59
- [Release notes](https://github.com/sst/sst/releases)
- [Commits](https://github.com/sst/sst/commits/v3.3.59/packages/cli)

Updates `astro` from 4.16.8 to 5.0.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.0.3/packages/astro)

Updates `@astrojs/node` from 8.3.4 to 9.0.0
- [Release notes](https://github.com/withastro/adapters/releases)
- [Changelog](https://github.com/withastro/adapters/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/withastro/adapters/commits/@astrojs/node@9.0.0/packages/node)

---
updated-dependencies:
- dependency-name: sst
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: astro
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: "@astrojs/node"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 9, 2024
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/node@9.0.0 Transitive: environment, eval, filesystem, network, unsafe +20 491 kB matthewp
npm/astro@5.0.3 Transitive: environment, eval, filesystem, network, shell, unsafe +256 42.4 MB fredkschott
npm/sst@3.3.59 environment, filesystem, network +8 1.42 MB sst-publisher

🚮 Removed packages: npm/@astrojs/node@8.3.4, npm/astro@4.16.8, npm/sst@3.2.73

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Possible typosquat attack npm/emoji-regex-xs@1.0.0 ⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/emoji-regex-xs@1.0.0

@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Dec 16, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 16, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/prod-deps-ca4f652d2a branch December 16, 2024 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants