Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump the security-updates group across 1 directory with 8 updates #959

Closed
wants to merge 1 commit into from
Closed

chore(deps-dev): bump the security-updates group across 1 directory with 8 updates #959

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 14, 2025
edited
Loading

Bumps the security-updates group with 8 updates in the / directory:

Package From To
@nuxt/eslint 1.0.0 1.0.1
@nuxt/eslint-config 1.0.0 1.0.1
@types/node 20.16.5 20.17.19
cypress 13.15.0 13.17.0
eslint-plugin-cypress 3.5.0 3.6.0
nuxt 3.13.2 3.15.4
prettier 3.4.2 3.5.1
@nuxt/devtools 1.5.2 1.7.0

Updates @nuxt/eslint from 1.0.0 to 1.0.1

Commits

Updates @nuxt/eslint-config from 1.0.0 to 1.0.1

Commits

Updates @types/node from 20.16.5 to 20.17.19

Commits

Updates cypress from 13.15.0 to 13.17.0

Release notes

Sourced from cypress's releases.

v13.17.0

Changelog: https://docs.cypress.io/app/references/changelog#13-17-0

v13.16.1

Changelog: https://docs.cypress.io/app/references/changelog#13-16-1

v13.16.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-16-0

v13.15.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-15-2

v13.15.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-15-1

Commits

Updates eslint-plugin-cypress from 3.5.0 to 3.6.0

Release notes

Sourced from eslint-plugin-cypress's releases.

v3.6.0

3.6.0 (2024-10-11)

Features

  • publish eslint v8 deprecation (44a7722)
Commits
  • ce12040 Merge pull request #233 from MikeMcC399/publish/readme
  • 44a7722 feat: publish eslint v8 deprecation
  • 68ce9c6 Merge pull request #230 from MikeMcC399/update/semantic-release
  • 9587d00 chore(deps): update semantic release to 24.1.2
  • 3cab227 Merge pull request #226 from MikeMcC399/deprecate/eslint-v8
  • 5361dad Merge pull request #221 from MikeMcC399/update/eslint-deps
  • e4d0797 chore(deps): update eslint to 9.12.0 and other eslint* deps
  • 649750d Merge branch 'master' into deprecate/eslint-v8
  • b8424e3 Merge pull request #225 from MikeMcC399/update/husky
  • 6dd9036 docs: deprecate eslint v8
  • Additional commits viewable in compare view

Updates nuxt from 3.13.2 to 3.15.4

Release notes

Sourced from nuxt's releases.

v3.15.4

3.15.4 is the next patch release.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

npx nuxi@latest upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the unjs ecosystem.

👉 Changelog

compare changes

🩹 Fixes

  • nuxt: Improve error logging when parsing with acorn (#30754)
  • nuxt: Clear island uid before saving into the payload (#30767)
  • kit: Load @nuxt/schema from nuxt package dir (#30774)
  • nuxt: Allow restarting nuxt on paths outside srcDir (#30771)
  • nuxt: Don't warn about calling useRoute in SFC setup (#30788)
  • webpack: Disallow cross-site requests in no-cors mode (#30757)
  • vite: Restore externality for dev server externals (#30802)

💅 Refactors

  • vite: Use new rollup chunk.names for asset names (#30780)

❤️ Contributors

v3.15.3

3.15.3 is the next regularly scheduled patch release.

👀 Highlights

CORS configuration for dev server

Alongside a range of improvements, we've also shipped a significant fix to impose CORS origin restrictions on the dev server. This applies to your Vite or Webpack/Rspack dev middleware only.

This is a significant/breaking change we would not normally ship in a patch but it is a security fix (see GHSA-4gf7-ff8x-hq99 and GHSA-2452-6xj8-jh47) and we urge you to update ASAP.

You can configure the allowed origins and other CORS options via the devServer.cors options in your nuxt.config, which may be relevant if you are developing with a custom hostname:

export default defineNuxtConfig({
</tr></table>

... (truncated)

Commits
  • 244da17 v3.15.4
  • ceaf0f5 chore(deps): update all non-major dependencies (3.x) (#30804)
  • 626eba0 fix(nuxt): don't warn about calling useRoute in SFC setup (#30788)
  • 7a1e5c8 fix(nuxt): allow restarting nuxt on paths outside srcDir (#30771)
  • ca2d91f fix(kit): load @nuxt/schema from nuxt package dir (#30774)
  • b78da56 fix(nuxt): clear island uid before saving into the payload (#30767)
  • e0c47f9 fix(nuxt): improve error logging when parsing with acorn (#30754)
  • 940bcb8 chore(deps): update all non-major dependencies (3.x) (#30747)
  • 048f974 v3.15.3
  • e96a96d perf(nuxt): enable Transition component only on client side (#30720)
  • Additional commits viewable in compare view

Updates prettier from 3.4.2 to 3.5.1

Release notes

Sourced from prettier's releases.

3.5.1

🔗 Changelog

3.5.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.5.1

diff

Fix CLI crash when cache for old version exists (#17100 by @​sosukesuzuki)

Prettier 3.5 uses a different cache format than previous versions, Prettier 3.5.0 crashes when reading existing cache file, Prettier 3.5.1 fixed the problem.

Support dockercompose and github-actions-workflow in VSCode (#17101 by @​remcohaszing)

Prettier now supports the dockercompose and github-actions-workflow languages in Visual Studio Code.

3.5.0

diff

🔗 Release Notes

Commits

Updates @nuxt/devtools from 1.5.2 to 1.7.0

Release notes

Sourced from @​nuxt/devtools's releases.

v1.7.0

   🚀 Features

    View changes on GitHub

v1.6.4

   🐞 Bug Fixes

    View changes on GitHub

v1.6.3

   🐞 Bug Fixes

    View changes on GitHub

v1.6.2

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v1.6.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub

v1.6.0

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from @​nuxt/devtools's changelog.

1.7.0 (2024-12-26)

Features

  • improves vscode integration, support multiple backends (#763) (463f6ad)

1.6.4 (2024-12-12)

Bug Fixes

1.6.3 (2024-12-03)

Bug Fixes

  • revert #757, pin vite-plugin-inspect version (a399082)

1.6.2 (2024-12-03)

Bug Fixes

  • add v4 compatibility version handeling for pages tab (#758) (bd8651c)

Features

  • support vite-plugin-inspect for both Vite 5 and 6 (#757) (cfcbc24)

1.6.1 (2024-11-20)

Bug Fixes

Features

... (truncated)

Commits
  • 28eecb6 chore: release v1.7.0
  • 463f6ad feat: improves vscode integration, support multiple backends (#763)
  • a596308 chore: release v1.6.4
  • 798f141 chore: release v1.6.3
  • a399082 fix: revert #757, pin vite-plugin-inspect version
  • f414441 chore: release v1.6.2
  • 68314dd chore: update deps
  • cfcbc24 feat: support vite-plugin-inspect for both Vite 5 and 6 (#757)
  • bd8651c fix: add v4 compatibility version handeling for pages tab (#758)
  • 9ea2ba0 chore: upgrade nuxt, workaround jiti v2 issue (#755)
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
cypress [>= 10.a, < 11]
@types/node [>= 22.a, < 23]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the security-updates group across 1 directory w…
2eb0810 
…ith 8 updates

Bumps the security-updates group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@nuxt/eslint](https://github.com/nuxt/eslint/tree/HEAD/packages/module) | `1.0.0` | `1.0.1` |
| [@nuxt/eslint-config](https://github.com/nuxt/eslint/tree/HEAD/packages/eslint-config) | `1.0.0` | `1.0.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.16.5` | `20.17.19` |
| [cypress](https://github.com/cypress-io/cypress) | `13.15.0` | `13.17.0` |
| [eslint-plugin-cypress](https://github.com/cypress-io/eslint-plugin-cypress) | `3.5.0` | `3.6.0` |
| [nuxt](https://github.com/nuxt/nuxt/tree/HEAD/packages/nuxt) | `3.13.2` | `3.15.4` |
| [prettier](https://github.com/prettier/prettier) | `3.4.2` | `3.5.1` |
| [@nuxt/devtools](https://github.com/nuxt/devtools/tree/HEAD/packages/devtools) | `1.5.2` | `1.7.0` |



Updates `@nuxt/eslint` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/nuxt/eslint/releases)
- [Commits](https://github.com/nuxt/eslint/commits/v1.0.1/packages/module)

Updates `@nuxt/eslint-config` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/nuxt/eslint/releases)
- [Commits](https://github.com/nuxt/eslint/commits/v1.0.1/packages/eslint-config)

Updates `@types/node` from 20.16.5 to 20.17.19
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `cypress` from 13.15.0 to 13.17.0
- [Release notes](https://github.com/cypress-io/cypress/releases)
- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)
- [Commits](cypress-io/cypress@v13.15.0...v13.17.0)

Updates `eslint-plugin-cypress` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/cypress-io/eslint-plugin-cypress/releases)
- [Commits](cypress-io/eslint-plugin-cypress@v3.5.0...v3.6.0)

Updates `nuxt` from 3.13.2 to 3.15.4
- [Release notes](https://github.com/nuxt/nuxt/releases)
- [Commits](https://github.com/nuxt/nuxt/commits/v3.15.4/packages/nuxt)

Updates `prettier` from 3.4.2 to 3.5.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.4.2...3.5.1)

Updates `@nuxt/devtools` from 1.5.2 to 1.7.0
- [Release notes](https://github.com/nuxt/devtools/releases)
- [Changelog](https://github.com/nuxt/devtools/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nuxt/devtools/commits/v1.7.0/packages/devtools)

---
updated-dependencies:
- dependency-name: "@nuxt/eslint"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-updates
- dependency-name: "@nuxt/eslint-config"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: security-updates
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: cypress
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: eslint-plugin-cypress
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: nuxt
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: "@nuxt/devtools"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: security-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 14, 2025

The following labels could not be found: dependabot.

@dependabot dependabot bot mentioned this pull request Feb 14, 2025
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 20, 2025

Superseded by #960.

@dependabot dependabot bot closed this Feb 20, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/security-updates-ae45c3a956 branch February 20, 2025 04:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants