New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📦 Update subpackage devDependencies #40106

Merged

renovate merged 1 commit into main from renovate/subpackage-devdependencies

Aug 6, 2024

Contributor

renovate bot commented Aug 6, 2024

This PR contains the following updates:

Package	Update	Type	Change	Package file	Age	Adoption	Passing	Confidence
actions/dependency-review-action	patch	action	`v4.3.3` -> `v4.3.4`	.github/workflows/dependency-review.yml
actions/upload-artifact	patch	action	`v4.3.4` -> `v4.3.6`	.github/workflows/scorecard.yml
eslint (source)	minor	devDependencies	`9.6.0` -> `9.8.0`	third_party/amp-toolbox-cache-url/package.json
github/codeql-action	patch	action	`v3.25.11` -> `v3.25.15`	.github/workflows/scorecard.yml
jasmine (source)	minor	devDependencies	`5.1.0` -> `5.2.0`	third_party/amp-toolbox-cache-url/package.json
karma (source)	patch	devDependencies	`6.4.3` -> `6.4.4`	third_party/amp-toolbox-cache-url/package.json
ossf/scorecard-action	minor	action	`v2.3.3` -> `v2.4.0`	.github/workflows/scorecard.yml
rollup (source)	minor	devDependencies	`4.18.1` -> `4.20.0`	third_party/amp-toolbox-cache-url/package.json
rollup-plugin-json	replacement	devDependencies	`4.0.0` -> `4.0.0`	third_party/amp-toolbox-cache-url/package.json
semver	patch	devDependencies	`7.6.2` -> `7.6.3`	third_party/amp-toolbox-cache-url/package.json
step-security/harden-runner	minor	action	`v2.8.1` -> `v2.9.1`	.github/workflows/update-session-issues.yml

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:

# Check out the PR branch
git checkout -b renovate/subpackage-devdependencies main
git pull https://github.com/ampproject/amphtml.git renovate/subpackage-devdependencies

# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors

# Push the changes to the branch
git push git@github.com:ampproject/amphtml.git renovate/subpackage-devdependencies:renovate/subpackage-devdependencies

This is a special PR that replaces rollup-plugin-json with the community suggested minimal stable replacement version.

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

`v4.3.4`

What's Changed

Include all added dependencies in scorecard entries by @elireisman in https://github.com/actions/dependency-review-action/pull/783
Update SPDX Expression Parsing by @febuiles in https://github.com/actions/dependency-review-action/pull/719
- This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

actions/upload-artifact (actions/upload-artifact)

`v4.3.6`

`v4.3.5`

eslint/eslint (eslint)

`v9.8.0`

`v9.7.0`

Features

7bd9839 feat: add support for es2025 duplicate named capturing groups (#18630) (Yosuke Ota)
1381394 feat: add regex option in no-restricted-imports (#18622) (Nitin Kumar)

Bug Fixes

14e9f81 fix: destructuring in catch clause in no-unused-vars (#18636) (Francesco Trotta)

Documentation

9f416db docs: Add Powered by Algolia label to the search. (#18633) (Amaresh S M)
c8d26cb docs: Open JS Foundation -> OpenJS Foundation (#18649) (Milos Djermanovic)
6e79ac7 docs: loadESLint does not support option cwd (#18641) (Francesco Trotta)

Chores

793b718 chore: upgrade @eslint/js @9.7.0 (#18680) (Francesco Trotta)
7ed6f9a chore: package.json update for @eslint/js release (Jenkins)
7bcda76 refactor: Add type references (#18652) (Nicholas C. Zakas)
51bf57c chore: add tech sponsors through actions (#18624) (Strek)
6320732 refactor: don't use parent property in NodeEventGenerator (#18653) (Milos Djermanovic)
9e6d640 refactor: move "Parsing error" prefix adding to Linter (#18650) (Milos Djermanovic)

github/codeql-action (github/codeql-action)

`v3.25.15`

`v3.25.14`

`v3.25.13`

`v3.25.12`

jasmine/jasmine-npm (jasmine)

`v5.2.0`

Please see the release notes.

karma-runner/karma (karma)

`v6.4.4`

ossf/scorecard-action (ossf/scorecard-action)

`v2.4.0`

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
🐛 lower license sarif alert threshold to 9 by @spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

docs: dogfooding badge by @jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

@jkowalleck made their first contribution in https://github.com/ossf/scorecard-action/pull/1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

rollup/rollup (rollup)

`v4.20.0`

2024-08-03

Features

Allow plugins to specify the original file name when emitting assets (#5596)

Pull Requests

#5596: Add originalFIleName property to emitted assets (@lukastaegert)
#5599: chore(deps): update dependency eslint-plugin-unicorn to v55 (@renovate[bot], @lukastaegert)
#5600: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)

`v4.19.2`

2024-08-01

Bug Fixes

Avoid "cannot get value of null" error when using optional chaining with namespaces (#5597)

Pull Requests

#5597: Fix retrieval of literal values for chained namespaces (@lukastaegert)

`v4.19.1`

2024-07-27

Bug Fixes

Do not remove parantheses when tree-shaking logical expressions (#5584)
Do not ignore side effects in calls left of an optional chaining operator (#5589)

Pull Requests

#5584: fix: find whitespace from operator position to start (@TrickyPi)
#5587: docs: improve command by code-group (@thinkasany, @lukastaegert)
#5589: Fix side effect detection in optional chains (@lukastaegert)
#5592: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
#5593: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])
#5594: chore(deps): lock file maintenance (@renovate[bot])
#5595: chore(deps): lock file maintenance (@renovate[bot])

`v4.19.0`

2024-07-20

Features

Implement support for decorators (#5562)

Bug Fixes

Improve soucemap generation when tree-shaking logical expressions (#5581)

Pull Requests

#5562: feat: implementing decorator support (@TrickyPi, @lukastaegert)
#5570: refactor(finalisers): condition branch (@Simon-He95, @zhangmo8)
#5572: Improve chunk and asset type information in docs (@lukastaegert)
#5573: Switch to audit resolver to ignore requirejs vulnerability (@lukastaegert)
#5575: chore(deps): update dependency inquirer to v10 (@renovate[bot], @lukastaegert)
#5576: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)
#5580: chore(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)
#5581: When tree-shaking logical expression, make sure to remove all trailing white-space. (@lukastaegert)

npm/node-semver (semver)

`v7.6.3`

Bug Fixes

73a3d79 #726 optimize Range parsing and formatting (#726) (@jviide)

Documentation

2975ece #719 fix extra backtick typo (#719) (@stdavis)

step-security/harden-runner (step-security/harden-runner)

`v2.9.1`

What's Changed

Release v2.9.1 by @h0x0er and @varunsh-coder in #440
This release includes two changes:

Updated markdown displayed in the job summary by the Harden-Runner Action.
Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

`v2.9.0`

What's Changed

Release v2.9.0 by @h0x0er and @varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
README Update:
A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
Dependency Update:
Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          📦 Update subpackage devDependencies

d264ffd

renovate bot enabled auto-merge (squash)

August 6, 2024 16:01

renovate-approve bot approved these changes

View reviewed changes

danielrozenberg approved these changes

View reviewed changes

renovate bot merged commit 313ba38 into main

52 checks passed

renovate bot deleted the renovate/subpackage-devdependencies branch

August 6, 2024 16:11

ampprojectbot added PR use: In Beta / Experimental PR use: In Stable labels

ampprojectbot added the PR use: In LTS label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

PR use: In Beta / Experimental PR use: In LTS PR use: In Stable