Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the npm_and_yarn group across 1 directory with 10 updates #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the npm_and_yarn group across 1 directory with 10 updates #5

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 18, 2024

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package From To
zod 3.21.4 3.22.3
@builder.io/qwik-city 0.101.0 0.104.0
postcss 8.4.21 8.4.31
undici 5.21.0 5.28.4
vite 4.2.1 4.5.3
axios 0.26.1 removed
openai 3.2.1 4.51.0
next 13.3.0 14.2.4
ws 8.13.0 8.17.1
puppeteer 19.8.5 22.11.2

Updates zod from 3.21.4 to 3.22.3

Release notes

Sourced from zod's releases.

v3.22.3

Commits:

  • 1e23990bcdd33d1e81b31e40e77a031fcfd87ce1 Commit
  • 9bd3879b482f139fd03d5025813ee66a04195cdd docs: remove obsolete text about readonly types (#2676)
  • f59be093ec21430d9f32bbcb628d7e39116adf34 clarify datetime ISO 8601 (#2673)
  • 64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3 Update sponsors
  • 18115a8f128680b4526df58ce96deab7dce93b93 Formatting
  • 28c19273658b164c53c149785fa7a8187c428ad4 Update sponsors
  • ad2ee9ccf723c4388158ff6b8669c2a6cdc85643 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
  • ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551 docs: update ref to discriminated-unions docs (#2485)
  • 2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4 [2609] fix ReDoS vulnerability in email regex (#2824)
  • 1e61d76cdec05de9271fc0df58798ddf9ce94923 3.22.3

v3.22.2

Commits:

  • 13d9e6bda286cbd4c1b177171273695d8309e5de Fix lint
  • 0d49f10b3c25a8e4cbb6534cc0773b195c56d06d docs: add typeschema to ecosystem (#2626)
  • 8e4af7b56df6f2e3daf0dd825b986f1d963025ce X to Zod: add app.quicktype.io (#2668)
  • 792b3ef0d41c144cd10641c6966b98dae1222d82 Fix superrefine types

v3.22.1

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.

const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)
  • 932cc472d2e66430d368a409b8d251909d7d8d21 Initial prototype fix for issue #2651 (#2652)
  • 0a055e726ac210ef6efc69aa70cd2491767f6060 3.22.1

v3.22.0

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

... (truncated)

Commits

Updates @builder.io/qwik-city from 0.101.0 to 0.104.0

Release notes

Sourced from @​builder.io/qwik-city's releases.

v0.104.0

Features

Fixes

Documation

... (truncated)

Commits

Updates postcss from 8.4.21 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

Changelog

Sourced from postcss's changelog.

8.4.31

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).
Commits

Updates undici from 5.21.0 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

New Contributors

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

... (truncated)

Commits

Updates vite from 4.2.1 to 4.5.3

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

4.5.2 (2024-01-19)

4.5.1 (2023-12-04)

4.5.0 (2023-10-18)

4.4.11 (2023-10-05)

  • revert: "fix: use string manipulation instead of regex to inject esbuild helpers (54e1275), closes #14094

4.4.10 (2023-10-03)

... (truncated)

Commits

Removes axios

Updates openai from 3.2.1 to 4.51.0

Release notes

Sourced from openai's releases.

v4.51.0

4.51.0 (2024-06-12)

Full Changelog: v4.50.0...v4.51.0

Features

v4.50.0

4.50.0 (2024-06-10)

Full Changelog: v4.49.1...v4.50.0

Features

  • support application/octet-stream request bodies (#892) (51661c8)

v4.49.1

4.49.1 (2024-06-07)

Full Changelog: v4.49.0...v4.49.1

Bug Fixes

  • remove erroneous thread create argument (#889) (a9f898e)

v4.49.0

4.49.0 (2024-06-06)

Full Changelog: v4.48.3...v4.49.0

Features

v4.48.3

4.48.3 (2024-06-06)

Full Changelog: v4.48.2...v4.48.3

Chores

v4.48.2

4.48.2 (2024-06-05)

Full Changelog: v4.48.1...v4.48.2

... (truncated)

Changelog

Sourced from openai's changelog.

4.51.0 (2024-06-12)

Full Changelog: v4.50.0...v4.51.0

Features

4.50.0 (2024-06-10)

Full Changelog: v4.49.1...v4.50.0

Features

  • support application/octet-stream request bodies (#892) (51661c8)

4.49.1 (2024-06-07)

Full Changelog: v4.49.0...v4.49.1

Bug Fixes

  • remove erroneous thread create argument (#889) (a9f898e)

4.49.0 (2024-06-06)

Full Changelog: v4.48.3...v4.49.0

Features

4.48.3 (2024-06-06)

Full Changelog: v4.48.2...v4.48.3

Chores

4.48.2 (2024-06-05)

Full Changelog: v4.48.1...v4.48.2

Chores

4.48.1 (2024-06-04)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by dschnurr-openai, a new releaser for openai since your current version.


Updates next from 13.3.0 to 14.2.4

Release notes

Sourced from next's releases.

v14.2.4

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

  • fix: ensure route handlers properly track dynamic access (#66446)
  • fix NextRequest proxy in edge runtime (#66551)
  • Fix next/dynamic with babel and src dir (#65177)
  • Use vercel deployment url for metadataBase fallbacks (#65089)
  • fix(next/image): detect react@19 for fetchPriority prop (#65235)
  • Fix loading navigation with metadata and prefetch (#66447)
  • prevent duplicate RSC fetch when action redirects (#66620)
  • ensure router cache updates reference the latest cache values (#66681)
  • Prevent append of trailing slash in cases where path ends with a file extension (#66636)
  • Fix inconsistency with 404 getStaticProps cache-control (#66674)
  • Use addDependency to track metadata route file changes (#66714)
  • Add timeout/retry handling for fetch cache (#66652)
  • fix: app-router prefetch crash when an invalid URL is passed to Link (#66755)

Credits

Huge thanks to @​ztanner, @​ijjk, @​wbinnssmith, @​huozhi, and @​lubieowoce for helping!

Commits
  • 3078441 v14.2.4
  • 0538a0d [not a backport] fix lint errors
  • 2807fb4 fix: app-router prefetch crash when an invalid URL is passed to Link (#66755)
  • efb476e Add timeout/retry handling for fetch cache (#66652)
  • c16a3f9 Use addDependency to track metadata route file changes (#66714)
  • 942e45a Fix inconsistency with 404 getStaticProps cache-control (#66674)
  • 9728a35 Prevent append of trailing slash in cases where path ends with a file extensi...
  • 44661c2 ensure router cache updates reference the latest cache values (#66681)
  • f7ec039 prevent duplicate RSC fetch when action redirects (#66620)
  • dd6ab93 Fix loading navigation with metadata and prefetch (#66447)
  • Additional commits viewable in compare view

Updates ws from 8.13.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view

Updates puppeteer from 19.8.5 to 22.11.2

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v22.11.2

22.11.2 (2024-06-18)

Bug Fixes

puppeteer: v22.11.2

22.11.2 (2024-06-18)

Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 22.11.1 to 22.11.2

puppeteer-core: v22.11.1

22.11.1 (2024-06-17)

Bug Fixes

puppeteer: v22.11.1

22.11.1 (2024-06-17)

Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 22.11.0 to 22.11.1

puppeteer-core: v22.11.0

... (truncated)

Commits
  • 92707ae chore: release main (#12606)
  • ac06674 Revert "chore(deps-dev): Bump @​swc/core from 1.5.25 to 1.6.0 in /website in t...
  • 49bcb25 fix(deps): bump ws to 8.17.1 (#12605)
  • fea43a9 chore(deps-dev): Bump the dev-dependencies group across 1 directory with 9 up...
  • a26dcfd chore(deps-dev): Bump @​swc/core from 1.5.25 to 1.6.0 in /website in the all g...
  • 0cba2b4 build: explicitly set typeRoots (#12599)
  • 9e12673 chore: release main (#12596)
  • 3874300 fix: implement nested selector parsing (#12587)
  • 80783fe fix: ensure selector parser falls back to CSS (#12585)
  • 772e088 fix: roll to Chrome 126.0.6478.61 (r1300313) (#12586)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for puppeteer since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specifi...

Description has been truncated

@dependabot
Bump the npm_and_yarn group across 1 directory with 10 updates
75746a2 
Bumps the npm_and_yarn group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [zod](https://github.com/colinhacks/zod) | `3.21.4` | `3.22.3` |
| [@builder.io/qwik-city](https://github.com/QwikDev/qwik/tree/HEAD/packages/qwik-city) | `0.101.0` | `0.104.0` |
| [postcss](https://github.com/postcss/postcss) | `8.4.21` | `8.4.31` |
| [undici](https://github.com/nodejs/undici) | `5.21.0` | `5.28.4` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.2.1` | `4.5.3` |
| [axios](https://github.com/axios/axios) | `0.26.1` | `removed` |
| [openai](https://github.com/openai/openai-node) | `3.2.1` | `4.51.0` |
| [next](https://github.com/vercel/next.js) | `13.3.0` | `14.2.4` |
| [ws](https://github.com/websockets/ws) | `8.13.0` | `8.17.1` |
| [puppeteer](https://github.com/puppeteer/puppeteer) | `19.8.5` | `22.11.2` |



Updates `zod` from 3.21.4 to 3.22.3
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Changelog](https://github.com/colinhacks/zod/blob/main/CHANGELOG.md)
- [Commits](colinhacks/zod@v3.21.4...v3.22.3)

Updates `@builder.io/qwik-city` from 0.101.0 to 0.104.0
- [Release notes](https://github.com/QwikDev/qwik/releases)
- [Commits](https://github.com/QwikDev/qwik/commits/v0.104.0/packages/qwik-city)

Updates `postcss` from 8.4.21 to 8.4.31
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.21...8.4.31)

Updates `undici` from 5.21.0 to 5.28.4
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.21.0...v5.28.4)

Updates `vite` from 4.2.1 to 4.5.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v4.5.3/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v4.5.3/packages/vite)

Removes `axios`

Updates `openai` from 3.2.1 to 4.51.0
- [Release notes](https://github.com/openai/openai-node/releases)
- [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md)
- [Commits](openai/openai-node@v3.2.1...v4.51.0)

Updates `next` from 13.3.0 to 14.2.4
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.3.0...v14.2.4)

Updates `ws` from 8.13.0 to 8.17.1
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.13.0...8.17.1)

Updates `puppeteer` from 19.8.5 to 22.11.2
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](puppeteer/puppeteer@puppeteer-v19.8.5...puppeteer-v22.11.2)

---
updated-dependencies:
- dependency-name: zod
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@builder.io/qwik-city"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: openai
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: puppeteer
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 18, 2024
@dependabot dependabot bot mentioned this pull request Jun 18, 2024
Closed
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Jun 18, 2024

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants