Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #37

Merged
merged 1 commit into from May 1, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 1, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@types/node (source) ^18.15.11 -> ^18.16.3 age adoption passing confidence
esbuild ^0.17.15 -> ^0.17.18 age adoption passing confidence
eslint (source) ^8.38.0 -> ^8.39.0 age adoption passing confidence
eslint-define-config ^1.17.0 -> ^1.20.0 age adoption passing confidence
pnpm (source) 8.2.0 -> 8.3.1 age adoption passing confidence
prettier (source) ^2.8.7 -> ^2.8.8 age adoption passing confidence
rollup (source) ^3.20.2 -> ^3.21.2 age adoption passing confidence
vite (source) ^4.2.1 -> ^4.3.3 age adoption passing confidence
vitest ^0.30.0 -> ^0.30.1 age adoption passing confidence
webpack ^5.78.0 -> ^5.81.0 age adoption passing confidence

Release Notes

evanw/esbuild

v0.17.18

Compare Source

  • Fix non-default JSON import error with export {} from (#​3070)

    This release fixes a bug where esbuild incorrectly identified statements of the form export { default as x } from "y" assert { type: "json" } as a non-default import. The bug did not affect code of the form import { default as x } from ... (only code that used the export keyword).

  • Fix a crash with an invalid subpath import (#​3067)

    Previously esbuild could crash when attempting to generate a friendly error message for an invalid subpath import (i.e. an import starting with #). This happened because esbuild originally only supported the exports field and the code for that error message was not updated when esbuild later added support for the imports field. This crash has been fixed.

v0.17.17

Compare Source

  • Fix CSS nesting transform for top-level & (#​3052)

    Previously esbuild could crash with a stack overflow when lowering CSS nesting rules with a top-level &, such as in the code below. This happened because esbuild's CSS nesting transform didn't handle top-level &, causing esbuild to inline the top-level selector into itself. This release handles top-level & by replacing it with the :scope pseudo-class:

    /* Original code */
    &,
    a {
      .b {
        color: red;
      }
    }
    
    /* New output (with --target=chrome90) */
    :is(:scope, a) .b {
      color: red;
    }
  • Support exports in package.json for extends in tsconfig.json (#​3058)

    TypeScript 5.0 added the ability to use extends in tsconfig.json to reference a path in a package whose package.json file contains an exports map that points to the correct location. This doesn't automatically work in esbuild because tsconfig.json affects esbuild's path resolution, so esbuild's normal path resolution logic doesn't apply.

    This release adds support for doing this by adding some additional code that attempts to resolve the extends path using the exports field. The behavior should be similar enough to esbuild's main path resolution logic to work as expected.

    Note that esbuild always treats this extends import as a require() import since that's what TypeScript appears to do. Specifically the require condition will be active and the import condition will be inactive.

  • Fix watch mode with NODE_PATH (#​3062)

    Node has a rarely-used feature where you can extend the set of directories that node searches for packages using the NODE_PATH environment variable. While esbuild supports this too, previously a bug prevented esbuild's watch mode from picking up changes to imported files that were contained directly in a NODE_PATH directory. You're supposed to use NODE_PATH for packages, but some people abuse this feature by putting files in that directory instead (e.g. node_modules/some-file.js instead of node_modules/some-pkg/some-file.js). The watch mode bug happens when you do this because esbuild first tries to read some-file.js as a directory and then as a file. Watch mode was incorrectly waiting for some-file.js to become a valid directory. This release fixes this edge case bug by changing watch mode to watch some-file.js as a file when this happens.

v0.17.16

Compare Source

  • Fix CSS nesting transform for triple-nested rules that start with a combinator (#​3046)

    This release fixes a bug with esbuild where triple-nested CSS rules that start with a combinator were not transformed correctly for older browsers. Here's an example of such a case before and after this bug fix:

    /* Original input */
    .a {
      color: red;
      > .b {
        color: green;
        > .c {
          color: blue;
        }
      }
    }
    
    /* Old output (with --target=chrome90) */
    .a {
      color: red;
    }
    .a > .b {
      color: green;
    }
    .a .b > .c {
      color: blue;
    }
    
    /* New output (with --target=chrome90) */
    .a {
      color: red;
    }
    .a > .b {
      color: green;
    }
    .a > .b > .c {
      color: blue;
    }
  • Support --inject with a file loaded using the copy loader (#​3041)

    This release now allows you to use --inject with a file that is loaded using the copy loader. The copy loader copies the imported file to the output directory verbatim and rewrites the path in the import statement to point to the copied output file. When used with --inject, this means the injected file will be copied to the output directory as-is and a bare import statement for that file will be inserted in any non-copy output files that esbuild generates.

    Note that since esbuild doesn't parse the contents of copied files, esbuild will not expose any of the export names as usable imports when you do this (in the way that esbuild's --inject feature is typically used). However, any side-effects that the injected file has will still occur.

eslint/eslint

v8.39.0

Compare Source

Features

  • 3f7af9f feat: Implement SourceCode#markVariableAsUsed() (#​17086) (Nicholas C. Zakas)

Documentation

  • 6987dc5 docs: Fix formatting in Custom Rules docs (#​17097) (Milos Djermanovic)
  • 4ee92e5 docs: Update README (GitHub Actions Bot)
  • d8e9887 docs: Custom Rules cleanup/expansion (#​16906) (Ben Perlmutter)
  • 1fea279 docs: Clarify how to add to tsc agenda (#​17084) (Nicholas C. Zakas)
  • 970ef1c docs: Update triage board location (Nicholas C. Zakas)
  • 6d8bffd docs: Update README (GitHub Actions Bot)

Chores

Shinigami92/eslint-define-config

v1.20.0

Compare Source

diff

  • Patch types generated by jsonschema compiler ([#​190])
  • Add support for React (#​193)
  • Add support for React Hooks (#​194)
  • Add support for Testing Library (#​195)
  • Add support for JSX A11y (#​196)
  • Update rules for: [jsdoc]

v1.19.0

Compare Source

diff

  • Patch types generated by jsonschema compiler (#​190)
  • Add support for vitest (#​191)
  • Update rules for: [typescript-eslint, jsdoc]

v1.18.0

Compare Source

diff

  • Allow parserOptions.project to be true (#​185)
  • Update rules for: [eslint, typescript-eslint, node, graphql, sonarjs, vue]
pnpm/pnpm

v8.3.1

Compare Source

Patch Changes

  • Patch node-fetch to fix an error that happens on Node.js 20 #​6424.

Our Gold Sponsors

Our Silver Sponsors

v8.3.0

Compare Source

Minor Changes

  • A custom compression level may be specified for the pnpm pack command using the pack-gzip-level setting #​6393.
  • Add --check flag to pnpm dedupe. No changes will be made to node_modules or the lockfile. Exits with a non-zero status code if changes are possible.
  • pnpm install --resolution-only re-runs resolution to print out any peer dependency issues #​6411.

Patch Changes

  • Warn user when publishConfig.directory of an injected workspace dependency does not exist #​6396.
  • Use hard links to link the node executable on Windows machines #​4315.

Our Gold Sponsors

Our Silver Sponsors

prettier/prettier

v2.8.8

Compare Source

This version is a republished version of v2.8.7.
A bad version was accidentally published and it can't be unpublished, apologies for the churn.

rollup/rollup

v3.21.2

Compare Source

2023-04-30

Bug Fixes
  • Mark global functions that trigger iterators as impure for now (#​4955)
Pull Requests

v3.21.1

Compare Source

2023-04-29

Bug Fixes
  • Make sure call arguments are properly deoptimized when a function uses the arguments variable (#​4965)
Pull Requests

v3.21.0

Compare Source

2023-04-23

Features
  • Support tree-shaking of named exports in dynamic imports when using destructuring and similar patterns (#​4952)
Pull Requests

v3.20.7

Compare Source

2023-04-21

Bug Fixes
  • Properly track array element mutations when iterating with a for-of loop (#​4949)
  • Handle default exporting an anonymous class that extends another class (#​4950)
Pull Requests

v3.20.6

Compare Source

2023-04-18

Bug Fixes
  • Revert handling of non-JS import and export names due to regressions (#​4914)
Pull Requests

v3.20.5

Compare Source

2023-04-18

Bug Fixes
  • Handle import and export names that are not valid JavaScript identifiers (#​4939)
Pull Requests

v3.20.4

Compare Source

2023-04-17

Bug Fixes
  • Do not remove breaks statements after switch statements with conditional breaks (#​4937)
Pull Requests

v3.20.3

Compare Source

2023-04-16

Bug Fixes
  • Reduce memory consumption for function call parameter analysis (#​4938)
  • Fix types for shouldTransformCachedModule (#​4932)
Pull Requests
vitejs/vite

v4.3.3

Compare Source

v4.3.2

Compare Source

v4.3.1

Compare Source

v4.3.0

Compare Source

Vite 4.3 is out! Read the announcement blog post here

Vite 4.3, It's Fast

In this minor, we focused on improving the dev server performance. The resolve logic got streamlined, improving hot paths and implementing smarter caching for finding package.json, TS config files, and resolved URL in general.

You can read a detailed walkthrough of the performance work done in this blog post by one of Vite Contributors: How we made Vite 4.3 faaaaster 🚀.

This sprint resulted in speed improvements across the board compared to Vite 4.2.

These are the performance improvements as measured by sapphi-red/performance-compare, which tests an app with 1000 React Components cold and warm dev server startup time as well as HMR times for a root and a leaf component:

Vite (babel) Vite 4.2 Vite 4.3 Improvement
dev cold start 17249.0ms 5132.4ms -70.2%
dev warm start 6027.8ms 4536.1ms -24.7%
Root HMR 46.8ms 26.7ms -42.9%
Leaf HMR 27.0ms 12.9ms -52.2%
Vite (swc) Vite 4.2 Vite 4.3 Improvement
dev cold start 13552.5ms 3201.0ms -76.4%
dev warm start 4625.5ms 2834.4ms -38.7%
Root HMR 30.5ms 24.0ms -21.3%
Leaf HMR 16.9ms 10.0ms -40.8%

You can read more information about the benchmark here

Features
Performance
Bug Fixes

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies label May 1, 2023
@stackblitz
Copy link

stackblitz bot commented May 1, 2023

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎


👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
[email protected] eval, filesystem, environment +0 prettier-bot
@types/[email protected] None +0 types
⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
[email protected] 0.17.15...0.17.18 None +0/-0 evanw
[email protected] 3.20.2...3.21.2 None +0/-0 lukastaegert
[email protected] 1.17.0...1.20.0 None +0/-0 shinigami92

🚮 Removed packages: [email protected], [email protected]

@sxzz sxzz merged commit d3e1431 into main May 1, 2023
6 checks passed
@sxzz sxzz deleted the renovate/all-minor-patch branch May 1, 2023 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant