Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the npm_and_yarn group group with 3 updates #152

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 10, 2024

Bumps the npm_and_yarn group group with 3 updates: husky, lint-staged and yaml.

Updates husky from 4.3.8 to 9.0.11

Release notes

Sourced from husky's releases.

v9.0.11

v9.0.10

v9.0.9

v9.0.8

v9.0.7

v9.0.6

v9.0.5

v9.0.4

v9.0.3

v9.0.2

v9.0.1

... (truncated)

Commits

Updates lint-staged from 10.5.4 to 15.2.2

Release notes

Sourced from lint-staged's releases.

v15.2.2

Patch Changes

  • #1391 fdcdad4 Thanks @​iiroj! - Lint-staged no longer tries to load configuration from files that are not checked out. This might happen when using sparse-checkout.

v15.2.1

Patch Changes

  • #1387 e4023f6 Thanks @​iiroj! - Ignore stdin of spawned commands so that they don't get stuck waiting. Until now, lint-staged has used the default settings to spawn linter commands. This means the stdin of the spawned commands has accepted input, and essentially gotten stuck waiting. Now the stdin is ignored and commands will no longer get stuck. If you relied on this behavior, please open a new issue and describe how; the behavior has not been intended.

v15.2.0

Minor Changes

  • #1371 f3378be Thanks @​iiroj! - Using the --no-stash flag no longer discards all unstaged changes to partially staged files, which resulted in inadvertent data loss. This fix is available with a new flag --no-hide-partially-staged that is automatically enabled when --no-stash is used.

Patch Changes

  • #1362 17bc480 Thanks @​antonk52! - update [email protected]

  • #1368 7c55ca9 Thanks @​iiroj! - Update most dependencies

  • #1368 777d4e9 Thanks @​iiroj! - To improve performance, only use lilconfig when searching for config files outside the git repo. In the regular case, lint-staged finds the config files from the Git index and loads them directly.

  • #1373 85eb0dd Thanks @​iiroj! - When determining git directory, use fs.realpath() only for symlinks. It looks like fs.realpath() changes some Windows mapped network filepaths unexpectedly, causing issues.

v15.1.0

Minor Changes

  • #1344 0423311 Thanks @​danielbayley! - Add support for loading configuration from package.yaml and package.yml files, supported by pnpm.

Patch Changes

v15.0.2

Patch Changes

v15.0.1

Patch Changes

  • #1217 d2e6f8b Thanks @​louneskmt! - Previously it was possible for a function task to mutate the list of staged files passed to the function, and accidentally affect the generation of other tasks. This is now fixed by passing a copy of the original file list instead.

v15.0.0

Major Changes

  • #1322 66b93aa Thanks @​iiroj! - Require at least Node.js 18.12.0

    This release drops support for Node.js 16, which is EOL after 2023-09-11.

... (truncated)

Changelog

Sourced from lint-staged's changelog.

15.2.2

Patch Changes

  • #1391 fdcdad4 Thanks @​iiroj! - Lint-staged no longer tries to load configuration from files that are not checked out. This might happen when using sparse-checkout.

15.2.1

Patch Changes

  • #1387 e4023f6 Thanks @​iiroj! - Ignore stdin of spawned commands so that they don't get stuck waiting. Until now, lint-staged has used the default settings to spawn linter commands. This means the stdin of the spawned commands has accepted input, and essentially gotten stuck waiting. Now the stdin is ignored and commands will no longer get stuck. If you relied on this behavior, please open a new issue and describe how; the behavior has not been intended.

15.2.0

Minor Changes

  • #1371 f3378be Thanks @​iiroj! - Using the --no-stash flag no longer discards all unstaged changes to partially staged files, which resulted in inadvertent data loss. This fix is available with a new flag --no-hide-partially-staged that is automatically enabled when --no-stash is used.

Patch Changes

  • #1362 17bc480 Thanks @​antonk52! - update [email protected]

  • #1368 7c55ca9 Thanks @​iiroj! - Update most dependencies

  • #1368 777d4e9 Thanks @​iiroj! - To improve performance, only use lilconfig when searching for config files outside the git repo. In the regular case, lint-staged finds the config files from the Git index and loads them directly.

  • #1373 85eb0dd Thanks @​iiroj! - When determining git directory, use fs.realpath() only for symlinks. It looks like fs.realpath() changes some Windows mapped network filepaths unexpectedly, causing issues.

15.1.0

Minor Changes

  • #1344 0423311 Thanks @​danielbayley! - Add support for loading configuration from package.yaml and package.yml files, supported by pnpm.

Patch Changes

15.0.2

Patch Changes

15.0.1

Patch Changes

  • #1217 d2e6f8b Thanks @​louneskmt! - Previously it was possible for a function task to mutate the list of staged files passed to the function, and accidentally affect the generation of other tasks. This is now fixed by passing a copy of the original file list instead.

... (truncated)

Commits
  • 4d4270b chore(changeset): release
  • a7c5957 Merge pull request #1391 from lint-staged/fix-sparse-checkout
  • c1b2a6a ci: use macOS Sonoma M1 runners
  • fdcdad4 fix: do not try to load configuration from files that are not checked out
  • 999dcce chore(changeset): release
  • 52a9e3f Merge pull request #1387 from lint-staged/ignore-stdin
  • dd72fde ci: update "actions/cache@v4"
  • e4023f6 fix: ignore stdin of spawned commands
  • 46f2c43 ci: update actions/setup-node@v4
  • a684125 ci: update CodeQL action v3
  • Additional commits viewable in compare view

Updates yaml from 1.10.2 to 2.3.4

Release notes

Sourced from yaml's releases.

v2.3.4

  • Do not throw for carriage return in tag shorthand (#501)

v2.3.3

  • Do not throw error on malformed URI escape in tag (#498)

v2.3.2

  • Fix docs typo (#489)
  • Do not require quotes for implicit keys with flow indicators (#494)
  • Update Prettier to v3 & update ESLint config

v2.3.1

  • Drop npm from package.json "engines" config (#476)

v2.3.0

This release corresponds with the release of yaml-types v0.2.0, an expanding library of custom tags or types for use with yaml.

This release contains no changes from v2.3.0-5, and the notes below include all changes from the v2.3.0-x prereleases.

Custom Tag Improvements

  • Add export of createNode() & createPair() to 'yaml/util' (#457)
  • Add static from() methods to simplify tag development, and otherwise make extending custom collections easier (#467)

TypeScript Improvements

  • Add a second optional generic type argument Strict to Document instances. (#441)
  • Add types exports for TypeScript (#463)
  • Export StringifyContext type from 'yaml/util' (#464)

Other New Features

  • Add a toJS(doc, options?) method to nodes (#451, #458)
  • Set explicit tag during createNode() for non-default tags (#464)

Bugfixes

  • Use correct argument order when stringifying flow collection comments (#443)
  • Improve first-line folding for block scalars (#422)

v2.3.0-5

  • Make extending custom collections easier (#467)
  • Fix corner case failure in error pretty-printer (CVE-2023-2251)

v2.3.0-4

New Features

  • Set explicit tag during createNode() for non-default tags (#464)
  • Export StringifyContext type from 'yaml/util' (#464)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 10, 2024
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-f512a0012d branch from 33a501c to 683ea75 Compare March 10, 2024 11:19
Bumps the npm_and_yarn group group with 3 updates: [husky](https://github.com/typicode/husky), [lint-staged](https://github.com/okonet/lint-staged) and [yaml](https://github.com/eemeli/yaml).


Updates `husky` from 4.3.8 to 9.0.11
- [Release notes](https://github.com/typicode/husky/releases)
- [Commits](typicode/husky@v4.3.8...v9.0.11)

Updates `lint-staged` from 10.5.4 to 15.2.2
- [Release notes](https://github.com/okonet/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/master/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v10.5.4...v15.2.2)

Updates `yaml` from 1.10.2 to 2.3.4
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v1.10.2...v2.3.4)

---
updated-dependencies:
- dependency-name: husky
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: lint-staged
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: yaml
  dependency-type: indirect
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-security-group-f512a0012d branch from 683ea75 to 205c118 Compare March 10, 2024 11:21
@matsuyoshi30 matsuyoshi30 merged commit d6b8349 into master Mar 10, 2024
2 of 3 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-f512a0012d branch March 10, 2024 11:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant