From fab8b848f12a1d3f3298664afdc2573dd6ebebbc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Nov 2023 21:45:09 +0000 Subject: [PATCH 1/4] Bump actions/setup-node from 3 to 4 (#70) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy-docker.yml | 2 +- .github/workflows/tests.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-docker.yml b/.github/workflows/deploy-docker.yml index 6623e87..a94b81b 100644 --- a/.github/workflows/deploy-docker.yml +++ b/.github/workflows/deploy-docker.yml @@ -30,7 +30,7 @@ jobs: python-version: 3.11 - name: Set up Node 18.x - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "18.x" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b51d598..adf1e35 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -22,7 +22,7 @@ jobs: python-version: 3.11 - name: Set up Node 18.x - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "18.x" From c0a7d3137f5f383972da9a6d1e8ec467742d54e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 09:53:52 +0000 Subject: [PATCH 2/4] Bump vite from 4.4.9 to 4.4.12 in /museum_map/server/frontend (#71) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.4.9 to 4.4.12. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.4.12/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.4.12/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- museum_map/server/frontend/package-lock.json | 8 ++++---- museum_map/server/frontend/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/museum_map/server/frontend/package-lock.json b/museum_map/server/frontend/package-lock.json index 7f247c4..c47781f 100644 --- a/museum_map/server/frontend/package-lock.json +++ b/museum_map/server/frontend/package-lock.json @@ -18,7 +18,7 @@ "tailwindcss": "^3.0.24", "tslib": "^2.6.0", "typescript": "^5.0.2", - "vite": "^4.4.5" + "vite": "^4.4.12" } }, "node_modules/@alloc/quick-lru": { @@ -2151,9 +2151,9 @@ "dev": true }, "node_modules/vite": { - "version": "4.4.9", - "resolved": "https://registry.npmjs.org/vite/-/vite-4.4.9.tgz", - "integrity": "sha512-2mbUn2LlUmNASWwSCNSJ/EG2HuSRTnVNaydp6vMCm5VIqJsjMfbIWtbH2kDuwUVW5mMUKKZvGPX/rqeqVvv1XA==", + "version": "4.4.12", + "resolved": "https://registry.npmjs.org/vite/-/vite-4.4.12.tgz", + "integrity": "sha512-KtPlUbWfxzGVul8Nut8Gw2Qe8sBzWY+8QVc5SL8iRFnpnrcoCaNlzO40c1R6hPmcdTwIPEDkq0Y9+27a5tVbdQ==", "dev": true, "dependencies": { "esbuild": "^0.18.10", diff --git a/museum_map/server/frontend/package.json b/museum_map/server/frontend/package.json index 08a2855..973c89e 100644 --- a/museum_map/server/frontend/package.json +++ b/museum_map/server/frontend/package.json @@ -20,6 +20,6 @@ "tailwindcss": "^3.0.24", "tslib": "^2.6.0", "typescript": "^5.0.2", - "vite": "^4.4.5" + "vite": "^4.4.12" } } From fe06e0e9f19307fd58a3fe7038eb5386438524f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 10:18:39 +0000 Subject: [PATCH 3/4] Bump actions/setup-python from 4 to 5 (#72) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy-docker.yml | 2 +- .github/workflows/tests.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-docker.yml b/.github/workflows/deploy-docker.yml index a94b81b..f60ae7d 100644 --- a/.github/workflows/deploy-docker.yml +++ b/.github/workflows/deploy-docker.yml @@ -25,7 +25,7 @@ jobs: echo "PIPX_BIN_DIR=$HOME/.local/bin" >> $GITHUB_ENV - name: Set up Python 3.11 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.11 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index adf1e35..9f3294a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -17,7 +17,7 @@ jobs: echo "PIPX_BIN_DIR=$HOME/.local/bin" >> $GITHUB_ENV - name: Set up Python 3.11 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: 3.11 From f23f3c64e7f8cbf3f218026b2564aecb4296393e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Jan 2024 17:27:37 +0000 Subject: [PATCH 4/4] Bump vite from 4.4.12 to 4.5.2 in /museum_map/server/frontend (#73) * Bump vite from 4.4.12 to 4.5.2 in /museum_map/server/frontend Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.4.12 to 4.5.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] * Update CHANGELOG.md --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark --- CHANGELOG.md | 4 ++++ museum_map/server/frontend/package-lock.json | 8 ++++---- museum_map/server/frontend/package.json | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45a863f..44af34d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## Dev + +* **Bugfix**: Updated vite dependency to fix a security issue in dev mode + ## 0.9.1 * **Bugfix**: Include the frontend in the package diff --git a/museum_map/server/frontend/package-lock.json b/museum_map/server/frontend/package-lock.json index c47781f..317d8e1 100644 --- a/museum_map/server/frontend/package-lock.json +++ b/museum_map/server/frontend/package-lock.json @@ -18,7 +18,7 @@ "tailwindcss": "^3.0.24", "tslib": "^2.6.0", "typescript": "^5.0.2", - "vite": "^4.4.12" + "vite": "^4.5.2" } }, "node_modules/@alloc/quick-lru": { @@ -2151,9 +2151,9 @@ "dev": true }, "node_modules/vite": { - "version": "4.4.12", - "resolved": "https://registry.npmjs.org/vite/-/vite-4.4.12.tgz", - "integrity": "sha512-KtPlUbWfxzGVul8Nut8Gw2Qe8sBzWY+8QVc5SL8iRFnpnrcoCaNlzO40c1R6hPmcdTwIPEDkq0Y9+27a5tVbdQ==", + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-4.5.2.tgz", + "integrity": "sha512-tBCZBNSBbHQkaGyhGCDUGqeo2ph8Fstyp6FMSvTtsXeZSPpSMGlviAOav2hxVTqFcx8Hj/twtWKsMJXNY0xI8w==", "dev": true, "dependencies": { "esbuild": "^0.18.10", diff --git a/museum_map/server/frontend/package.json b/museum_map/server/frontend/package.json index 973c89e..be57b80 100644 --- a/museum_map/server/frontend/package.json +++ b/museum_map/server/frontend/package.json @@ -20,6 +20,6 @@ "tailwindcss": "^3.0.24", "tslib": "^2.6.0", "typescript": "^5.0.2", - "vite": "^4.4.12" + "vite": "^4.5.2" } }