Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the prod-deps group across 1 directory with 4 updates #173

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the prod-deps group across 1 directory with 4 updates #173

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 16, 2024

Bumps the prod-deps group with 4 updates in the / directory: astro-sst, sst, astro and @astrojs/node.

Updates astro-sst from 2.43.5 to 2.45.2

Release notes

Sourced from astro-sst's releases.

[email protected]

Patch Changes

  • 263bcb0: Migrating to astro-sst repo
Changelog

Sourced from astro-sst's changelog.

2.45.2

Patch Changes

  • 263bcb0: Migrating to astro-sst repo

2.44.0

2.43.8

2.43.7

2.43.6

Patch Changes

Commits
Maintainer changes

This version was pushed to npm by sst-publisher, a new releaser for astro-sst since your current version.


Updates sst from 3.2.73 to 3.4.5

Release notes

Sourced from sst's releases.

v3.4.5

Changelog

  • b2e2684e4ec483c44e687faff1d2b9633aaad99a ApiGatewayV1: support sharing domain names

v3.4.4

Changelog

  • badcc3774f624810d0892146d3919ace7d2bcd79 ApiGatewayV2: create api mapping after stage is created

v3.4.3

Changelog

  • 31e060bb991adfaf842eb7b13d43bc5e8b937d1b sst.aws.Auth: force url settings

v3.4.2

Changelog

  • f6895927d9da4ee12be0750be2404588a97fb8ec deploy: fix issue deploying new stages

v3.4.1

Changelog

  • 30a17031f33288aedd58b4372312f0aab811c51a sst dev: fix hanging deployment

v3.4.0

Changelog

  • 4abf3278673d88815a0c9a2c90b0d7005cc0ed45 state sync improvements - detials in full message

v3.3.75

Changelog

  • 9d0ce1f1787725bbaa66c7dbcdb8d7a8a771749e dev: improve sst dev not connected scnearios

v3.3.74

Changelog

  • 9d0ce1f1787725bbaa66c7dbcdb8d7a8a771749e dev: improve sst dev not connected scnearios

v3.3.73

Changelog

  • eb90ca057d52664d91977fb67a9ec462de1e8133 Cluster: support container level cpu and memory cap
  • 95c1e31a5915622d75dd0df28ce4ac5f7d804d17 example: multiple container images

v3.3.72

Changelog

  • 212e6599da425390af86bfd6d8d9dd3a6da17b22 sst.aws.Auth: do not enable cors by default

v3.3.71

Changelog

  • 74560771950e39392d130b1932ef1b885aae9425 Bucket: rename addNotifications to notify

v3.3.70

Changelog

  • 0e7a92962257f5cfd1aa630f7670f5fb2756ecdb Bucket: add multiple notifications
  • 2b20e57d97bb4e5f266903f36f478af2d5609885 Docs: bucket add notifications

... (truncated)

Commits

Updates astro from 4.16.8 to 5.0.5

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

[email protected]

Patch Changes

[email protected]

Patch Changes

  • #12645 8704c54 Thanks @​sarah11918! - Updates some reference links in error messages for new v5 docs.

  • #12641 48ca399 Thanks @​ascorbic! - Fixes a bug where astro info --copy wasn't working correctly on macOS systems.

  • #12461 62939ad Thanks @​kyr0! - Removes the misleading log message telling that a custom renderer is not recognized while it clearly is and works.

  • #12642 ff18b9c Thanks @​ematipico! - Provides more information when logging a warning for accessing Astro.request.headers in prerendered pages

  • #12634 03958d9 Thanks @​delucis! - Improves error message formatting for user config and content collection frontmatter

  • #12547 6b6e18d Thanks @​mtwilliams-code! - Fixes a bug where URL search parameters weren't passed when using the i18n fallback feature.

  • #12449 e6b8017 Thanks @​apatel369! - Fixes an issue where the custom assetFileNames configuration caused assets to be incorrectly moved to the server directory instead of the client directory, resulting in 404 errors when accessed from the client side.

  • #12518 e216250 Thanks @​ematipico! - Fixes an issue where SSR error pages would return duplicated custom headers.

  • #12625 74bfad0 Thanks @​ematipico! - Fixes an issue where the experimental.svg had incorrect type, resulting in some errors in the editors.

  • #12631 dec0305 Thanks @​ascorbic! - Fixes a bug where the class attribute was rendered twice on the image component

... (truncated)

Changelog

Sourced from astro's changelog.

5.0.5

Patch Changes

5.0.4

Patch Changes

5.0.3

Patch Changes

  • #12645 8704c54 Thanks @​sarah11918! - Updates some reference links in error messages for new v5 docs.

  • #12641 48ca399 Thanks @​ascorbic! - Fixes a bug where astro info --copy wasn't working correctly on macOS systems.

  • #12461 62939ad Thanks @​kyr0! - Removes the misleading log message telling that a custom renderer is not recognized while it clearly is and works.

  • #12642 ff18b9c Thanks @​ematipico! - Provides more information when logging a warning for accessing Astro.request.headers in prerendered pages

  • #12634 03958d9 Thanks @​delucis! - Improves error message formatting for user config and content collection frontmatter

  • #12547 6b6e18d Thanks @​mtwilliams-code! - Fixes a bug where URL search parameters weren't passed when using the i18n fallback feature.

  • #12449 e6b8017 Thanks @​apatel369! - Fixes an issue where the custom assetFileNames configuration caused assets to be incorrectly moved to the server directory instead of the client directory, resulting in 404 errors when accessed from the client side.

  • #12518 e216250 Thanks @​ematipico! - Fixes an issue where SSR error pages would return duplicated custom headers.

  • #12625 74bfad0 Thanks @​ematipico! - Fixes an issue where the experimental.svg had incorrect type, resulting in some errors in the editors.

... (truncated)

Commits

Updates @astrojs/node from 8.3.4 to 9.0.0

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​9.0.0

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

  • #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

@​astrojs/node@​9.0.0-beta.3

Major Changes

@​astrojs/node@​9.0.0-beta.2

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

Changelog

Sourced from @​astrojs/node's changelog.

9.0.0

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

  • #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

9.0.0-beta.3

Major Changes

9.0.0-beta.2

Major Changes

  • #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

  • #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

    Starting from this release, no breaking changes will be introduced unless absolutely necessary.

    To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

  • #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

9.0.0-alpha.1

Major Changes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the prod-deps group across 1 directory with 4 updates
24737a8 
Bumps the prod-deps group with 4 updates in the / directory: [astro-sst](https://github.com/sst/astro-sst/tree/HEAD/packages/astro-sst), [sst](https://github.com/sst/sst/tree/HEAD/packages/cli), [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [@astrojs/node](https://github.com/withastro/adapters/tree/HEAD/packages/node).


Updates `astro-sst` from 2.43.5 to 2.45.2
- [Release notes](https://github.com/sst/astro-sst/releases)
- [Changelog](https://github.com/sst/astro-sst/blob/master/packages/astro-sst/CHANGELOG.md)
- [Commits](https://github.com/sst/astro-sst/commits/[email protected]/packages/astro-sst)

Updates `sst` from 3.2.73 to 3.4.5
- [Release notes](https://github.com/sst/sst/releases)
- [Commits](https://github.com/sst/sst/commits/v3.4.5/packages/cli)

Updates `astro` from 4.16.8 to 5.0.5
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro)

Updates `@astrojs/node` from 8.3.4 to 9.0.0
- [Release notes](https://github.com/withastro/adapters/releases)
- [Changelog](https://github.com/withastro/adapters/blob/main/packages/node/CHANGELOG.md)
- [Commits](https://github.com/withastro/adapters/commits/@astrojs/[email protected]/packages/node)

---
updated-dependencies:
- dependency-name: astro-sst
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: sst
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: astro
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: "@astrojs/node"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 16, 2024
@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@astrojs/[email protected] Transitive: environment, eval, filesystem, network, unsafe +20 491 kB matthewp
npm/[email protected] Transitive: environment, network, unsafe +4 1.69 MB sst-publisher
npm/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +256 42.3 MB fredkschott
npm/[email protected] environment, filesystem, network +8 1.42 MB sst-publisher

🚮 Removed packages: npm/@astrojs/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Possible typosquat attack npm/[email protected] ⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants