Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update many non-major #20

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update many non-major #20

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 20, 2021
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@netlify/zip-it-and-ship-it ^4.20.0 -> ^4.30.0 age adoption passing confidence dependencies minor
browser-sync (source) ^2.27.5 -> ^2.29.3 age adoption passing confidence devDependencies minor
firebase-admin (source) ^9.11.1 -> ^9.12.0 age adoption passing confidence dependencies minor
firebase-functions ^3.15.5 -> ^3.24.1 age adoption passing confidence dependencies minor
firebase-tools ^9.18.0 -> ^9.23.3 age adoption passing confidence dependencies minor
lots0logs/gh-action-get-changed-files 2.1.4 -> 2.2.2 age adoption passing confidence action minor
node (source) 12 -> 12.22.12 age adoption passing confidence engines minor

Release Notes

netlify/zip-it-and-ship-it (@​netlify/zip-it-and-ship-it)

v4.30.0

Compare Source

Features
4.29.5 (2021-11-17)
Bug Fixes
  • ensure directories are created before writing files (#​816) (8ea63dd)
  • only transpile ESM imports when entrypoint is ESM (#​807) (a1b0a15)
4.29.4 (2021-11-12)
Bug Fixes
4.29.3 (2021-11-11)
Bug Fixes
4.29.2 (2021-11-09)
Bug Fixes
4.29.1 (2021-11-08)
Bug Fixes

v4.29.5

Compare Source

v4.29.4

Compare Source

v4.29.3

Compare Source

v4.29.2

Compare Source

v4.29.1

Compare Source

v4.29.0

Compare Source

Features
4.28.3 (2021-11-02)
Bug Fixes
4.28.2 (2021-11-02)
Bug Fixes
4.28.1 (2021-10-27)
Bug Fixes

v4.28.3

Compare Source

v4.28.2

Compare Source

v4.28.1

Compare Source

v4.28.0

Compare Source

Features
Bug Fixes

v4.27.0

Compare Source

Features
4.26.1 (2021-10-20)
Bug Fixes
  • take repositoryRoot into account when computing base path with esbuild (#​754) (8b2f8ea)

v4.26.1

Compare Source

v4.26.0

Compare Source

Features

v4.25.0

Compare Source

Features

v4.24.0

Compare Source

Features
Bug Fixes
4.23.6 (2021-10-06)
Bug Fixes
  • allow Node modules to be excluded from the bundle (#​673) (5078244)
4.23.5 (2021-10-06)
Bug Fixes
4.23.4 (2021-10-04)
Bug Fixes
Miscellaneous Chores
4.23.3 (2021-09-29)
Bug Fixes
4.23.2 (2021-09-27)
Bug Fixes
  • limit nodeModulesWithDynamicImports to unresolved imports (#​671) (ce6d1ce)
4.23.1 (2021-09-27)
Bug Fixes

v4.23.6

Compare Source

v4.23.5

Compare Source

v4.23.4

Compare Source

v4.23.3

Compare Source

v4.23.2

Compare Source

v4.23.1

Compare Source

v4.23.0

Compare Source

Features

v4.22.0

Compare Source

Features
  • change default value of processDynamicNodeImports (#​603) (cdbcad2)
4.21.1 (2021-09-20)
Bug Fixes

v4.21.1

Compare Source

v4.21.0

Compare Source

Features
  • use esbuild by default for es modules, if detected (#​625) (9b0c6d5)
Bug Fixes
BrowserSync/browser-sync (browser-sync)

v2.29.3: The one that fixes snippetOptions

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.2...v2.29.3

v2.29.2

Compare Source

v2.29.1

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.29.0...v2.29.1

v2.29.0: The one that restores IE11 support 💪

Compare Source

What's Changed

esbuild does not support down-level transpiling as far as IE11 - so when I switched to it, it accidentally broke IE11 support 😢

This is an important issue for me - many devs that support old browsers like IE11 are doing so because their projects are used in public services, or internal applications. Not every developer out there has the luxury of supporting evergreen-only browsers.

So, IE11 will work once again 🎉. Please use the issues thread to make me aware of any problem that's preventing you from using Browsersync in your day job 💪 (and be sure to thumbs-up the issues you want to see resolved)

### IE11 works, again
npm install browser-sync@latest

Full Changelog: BrowserSync/browser-sync@v2.28.3...v2.29.0

v2.28.3

Compare Source

v2.28.2

Compare Source

v2.28.1

Compare Source

v2.28.0: the one that finally removes document.write

Compare Source

What's Changed

Full Changelog: BrowserSync/browser-sync@v2.27.12...v2.28.0

v2.27.12

Compare Source

v2.27.11

Compare Source

v2.27.10

Compare Source

v2.27.9: 2.27.9

Compare Source

What's Changed

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: BrowserSync/browser-sync@v2.27.8...v2.27.9

v2.27.8: 2.27.8

Compare Source

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

v2.27.7

Compare Source

v2.27.6

Compare Source

firebase/firebase-admin-node (firebase-admin)

v9.12.0: Firebase Admin Node.js SDK v9.12.0

Compare Source

New Features
  • feat(rc): Add Remote Config Parameter Value Type Support (#​1424)
Bug Fixes
  • fix(fac): Verify Token: Change the jwks cache duration from 1 day to 6 hours (#​1439)
  • fix(rtdb): Changed admin.database to use database-compat package (#​1437)
Miscellaneous
firebase/firebase-functions (firebase-functions)

v3.24.1

Compare Source

  • Fix reference docs for performance monitoring.
  • Fix bug where function configuration wil null values couldn't be deployed. (#​1246)

v3.24.0

Compare Source

  • Add performance monitoring triggers to v2 alerts (#​1223).

v3.23.0

Compare Source

  • Fixes a bug that disallowed setting customClaims and/or sessionClaims in blocking functions (#​1199).
  • Add v2 Schedule Triggers (#​1177).

v3.22.0

Compare Source

  • Adds RTDB Triggers for v2 functions (#​1127)
  • Adds support for Firebase Admin SDK v11 (#​1151)
  • Fixes bug where emulated task queue function required auth header (#​1154)

v3.21.2

Compare Source

  • Fixes bug where toJSON was not defined in UserRecord (#​1125).

v3.21.1

Compare Source

  • Add debug feature to enable cors option for v2 onRequest and onCall handlers. (#​1099)

v3.21.0

Compare Source

  • Adds CPU option and enhances internal data structures (#​1077)
  • Add auth blocking handlers (#​1080)
  • Add support for secrets in v2 (#​1079)
  • Update types for AlertPayloads (#​1087)
  • Update AppDistribution [@type] (#​1088)
  • Update CloudEvent types (#​1089)
  • Generate documentation with api-extractor (#​1071)
  • Change type info to be inheritance friendly. (#​1091)
  • Changes the memory options from MB to MiB and GB to GiB for greater clarity (#​1090)

v3.20.1

Compare Source

  • Improve authorization for tasks. (#​1073)

v3.20.0

Compare Source

  • Changes internal structure to be more flexible (#​1070).

v3.19.0

Compare Source

  • Add support for more regions and memory for v2 functions (#​1037).
  • Fixes bug where some RTDB instance names were incorrectly parsed (#​1056).

v3.18.1

Compare Source

  • Expose stack YAML via __/functions.yaml endpoint instead (#​1036).

v3.18.0

Compare Source

  • Add new runtime option for setting secrets.

v3.17.2

Compare Source

  • Fix issue where v2 TS users couldn't compile their code because of unexported types. (#​1033)

v3.17.1

Compare Source

  • Fix issue where TS users couldn't compile their code because of unexported types. (#​1032)

v3.17.0

Compare Source

  • Parallelizes network calls that occur when validating authorization for onCall handlers.
  • Adds new regions to V2 API
  • Fixes bug where the emulator crashed when given app without an options property.
  • Adds new alerting providers

v3.16.0

Compare Source

  • GCS Enhancement
  • Add option to allow callable functions to ignore invalid App Check tokens
  • Add firebase-admin v10 as an allowed peer dependency
  • Fix bug where onCall handler failed to encode returned value with functions

v3.15.7

Compare Source

  • Adjust acceptable runtime options values

v3.15.6

Compare Source

  • Add missing type annotations
firebase/firebase-tools (firebase-tools)

v9.23.3

Compare Source

  • Upgrades Database Emulator to v4.7.3, removing log4j dependency.

v9.23.2

Compare Source

  • Fixes issue when installing a Firebase Extension where secrets would be created before validation.
  • Fixes issue with filtering on a specific storage bucket using functions in the emulator. (#​3893)
  • Fixes check in Cloud Functions for Firebase initialization to check for API enablement before trying to enable them. (#​2574)
  • No longer tries to clean up function build images from Artifact Registry when Artifact Registry is not enabled. (#​3943)
  • Show error message when running firebase init hosting:github with no Hosting config in firebase.json. (#​3113)
  • Fixes issue where remoteconfig:get was not fetching the latest version by default. (#​3559)
  • Fixes issue where empty variables in .env files would instead read as multi-line values. (#​3934)

v9.23.1

Compare Source

  • Corrects a bug where containers in Artifact Registry would not be deleted if a function has an upper case character in its name (#​3918)
  • Fixes issue where providing the --project flag during init would not be recognized with a default project already set. (#​3870)
  • Fixes issue with setting memory limits for some functions (#​3924)
  • New HTTPS functions only allow secure traffic. (#​3923)
  • No longer default-enable AR and don't send builds to AR unless an experiment is enabled (#​3935)

v9.23.0

Compare Source

  • firebase deploy --only extensions now supports project specifc .env files. When deploying to multiple projects, param values that are different between projects can be put in extensions/${extensionInstanceId}.env.${projectIdOrAlias} and common param values can be put in extensions/${extensionInstanceId}.env.

v9.22.0

Compare Source

  • Adds firebase ext:export command, and adds extensions to firebase deploy. See https://firebase.google.com/docs/extensions/reuse-project-config for more infomation on how to manage your extensions with these commands.
  • Fixes issue where init would crash with multiple Hosting items selected (#​3742).
  • Adds a command (crashlytics:symbols:upload) to upload native symbol files, used in Android NDK crash symbolication.

v9.21.0

Compare Source

  • Fix Auth Emulator deleteTenant not working with Node Admin (#​3817).
  • Fix Crashlytics Android Native Symbols not working on Windows due to ":" in the path (#​3842)
  • Fixes Firestore emulator UI showing requests out of order

v9.20.0

Compare Source

  • ext:install, ext:update and ext:configure now support param type secret.

v9.19.0

Compare Source

  • ext:dev:publish and ext:update now support --force and --non-interactive flags.
  • Fixes issue where account specified by login:use was not being correctly loaded (#​3759).
  • Fixes minor layout issues in Auth Emulator IDP sign-in page (#​3774).
lots0logs/gh-action-get-changed-files (lots0logs/gh-action-get-changed-files)

v2.2.2: [FIX]: v2.2.2

Compare Source

v2.2.1: [MAINTENANCE] v2.2.1

Compare Source

v2.2.0: [MAINTENANCE] v2.2.0

Compare Source

nodejs/node (node)

v12.22.12: 2022-04-05, Version 12.22.12 'Erbium' (LTS), @​richardlau

Compare Source

Notable Changes

This is planned to be the final Node.js 12 release. Node.js 12 will
reach End-of-Life status on 30 April 2022, after which it will no
receive updates. You are strongly advised to migrate your applications
to Node.js 16 or 14 (both of which are Long Term Support (LTS) releases)
to continue to receive future security updates beyond 30 April 2022.

This release fixes a shutdown crash in Node-API (formerly N-API) and a
potential stack overflow when using vm.runInNewContext().

The list of GPG keys used to sign releases and instructions on how to
fetch the keys for verifying binaries has been synchronized with the
main branch.

Commits

v12.22.11: 2022-03-17, Version 12.22.11 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable changes

Update to OpenSSL 1.1.1n, which addresses the following vulnerability:

Fix for building Node.js 12.x with Visual Studio 2019 to allow us to continue to
run CI tests.

Commits

v12.22.10: 2022-02-01, Version 12.22.10 'Erbium' (LTS), @​ruyadorno

Compare Source

Notable changes
  • Upgrade npm to 6.14.16
  • Updated ICU time zone data
Commits

v12.22.9: 2022-01-10, Version 12.22.9 'Erbium' (LTS), @​richardlau

Compare Source

This is a security release.

Notable changes
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.

Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44531 after publication.

Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)

Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.

Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.

More details will be available at CVE-2021-44532 after publication.

Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)

Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.

Affected versions of Node.js do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

More details will be available at CVE-2021-44533 after publication.

Prototype pollution via console.table properties (Low)(CVE-2022-21824)

Due to the formatting logic of the console.table() function it was not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be __proto__. The prototype pollution has very limited control, in that it only allows an empty string to be assigned numerical keys of the object prototype.

Versions of Node.js with the fix for this use a null protoype for the object these properties are being assigned to.

More details will be available at CVE-2022-21824 after publication.

Thanks to Patrik Oldsberg (rugvip) for reporting this vulnerability.

Commits

Configuration

📅 Schedule: Branch creation - "after 6am and before 10am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added automerge PR that should be merged automatically dependencies Pull requests that update a dependency file labels Sep 20, 2021
@renovate renovate bot force-pushed the renovate/many-non-major branch 5 times, most recently from 59d3521 to ea0ab56 Compare September 27, 2021 11:22
@renovate renovate bot force-pushed the renovate/many-non-major branch 4 times, most recently from 2e792df to 51b12b6 Compare September 29, 2021 18:26
@renovate renovate bot force-pushed the renovate/many-non-major branch 5 times, most recently from 3a335aa to 113d773 Compare October 11, 2021 10:13
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 7c0a6ed to 5e57701 Compare October 20, 2021 06:30
@renovate renovate bot force-pushed the renovate/many-non-major branch 6 times, most recently from 02fa24a to c9320ec Compare October 27, 2021 10:45
@renovate renovate bot force-pushed the renovate/many-non-major branch 4 times, most recently from f60f225 to d3c9b31 Compare November 2, 2021 19:06
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 18fbfe3 to 48d7618 Compare November 4, 2021 20:42
@renovate renovate bot force-pushed the renovate/many-non-major branch 3 times, most recently from 9cd4615 to 9326bb5 Compare March 16, 2022 21:06
@renovate renovate bot force-pushed the renovate/many-non-major branch from 9326bb5 to 101cfc8 Compare April 4, 2022 22:26
@renovate renovate bot force-pushed the renovate/many-non-major branch from 101cfc8 to c068ef3 Compare April 14, 2022 19:19
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 256537c to 05a1361 Compare May 12, 2022 00:25
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 86cb3f2 to e1748e5 Compare May 17, 2022 20:18
@renovate renovate bot changed the title fix(deps): update many non-major fix(deps): update Many non-major Jun 27, 2022
@renovate renovate bot changed the title fix(deps): update Many non-major fix(deps): update many non-major Jun 28, 2022
@renovate renovate bot force-pushed the renovate/many-non-major branch from e1748e5 to 918f0b5 Compare June 29, 2022 19:54
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 756805b to 02a1e9f Compare February 28, 2023 00:06
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 127c42b to ddde07e Compare March 4, 2023 18:18
@renovate renovate bot force-pushed the renovate/many-non-major branch 2 times, most recently from 63535b7 to ba8de91 Compare March 22, 2023 18:50
@renovate renovate bot force-pushed the renovate/many-non-major branch 5 times, most recently from 6d7d4a7 to cdb94e4 Compare May 22, 2023 05:26
@renovate renovate bot force-pushed the renovate/many-non-major branch from dd142c1 to 6afcf75 Compare April 14, 2024 09:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
automerge PR that should be merged automatically dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants