fix(deps): update minor dependencies#5
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
eeffbea to
38efa9b
Compare
f519826 to
7ccf187
Compare
3b3fad8 to
e838021
Compare
3af7c8e to
eda2e0f
Compare
436d4ee to
15df24c
Compare
0411fbd to
8074398
Compare
bde82f9 to
7a4046d
Compare
9fd9387 to
e0bdc3e
Compare
d531a78 to
c1292a3
Compare
f7c25cf to
dd24d46
Compare
dd24d46 to
e4ace78
Compare
e23cfef to
f2067ea
Compare
5b13d7a to
07b0a16
Compare
07b0a16 to
c5973e7
Compare
c5973e7 to
cb2d7df
Compare
cb2d7df to
63a4848
Compare
63a4848 to
67cfa2c
Compare
c11e4db to
8f5a098
Compare
bc91322 to
b3189c4
Compare
14799fb to
3aa9ae5
Compare
f1a4aba to
033dab7
Compare
333166e to
84bd08e
Compare
ef90dce to
426e115
Compare
426e115 to
2ba6e8f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.43.0→1.75.17.1.7→7.2.11.2.3→1.2.420.19.14→20.19.4318.3.24→18.3.31^0.25.9→^0.28.015.0.2→15.5.2015.5.3→15.5.2020.18.2→20.20.26.2.3→6.2.610.10.0→10.34.48.5.6→8.5.163.5.3→3.9.423.3.1→23.11.123.3.1→23.11.119.1.1→19.2.719.1.1→19.2.72.0.18→2.2.06.1.5→6.1.73.4.17→3.4.194.20.5→4.23.05.9.2→5.9.35.6.2→5.9.30.14.12→0.14.13Release Notes
dotenvx/dotenvx (@dotenvx/dotenvx)
v1.75.1Compare Source
Changed
Removed
dotenvx-vlt(now dotenvx-armor) (#849)v1.75.0Compare Source
Changed
@dotenvx/primitives(#848)extcommands become first-class(#847)v1.74.3Compare Source
Changed
@dotenvx/next-envfor user convenience (#845)v1.74.2Compare Source
Changed
@dotenvx/next-env(#844)v1.74.1Compare Source
Added
@dotenvx/next-env(#843)v1.73.1Compare Source
Changed
v1.73.0Compare Source
Added
dotenvx armorcommands directly inside dotenvx (#839)v1.72.0Compare Source
Added
armor logincommand to first classdotenvx logincommand. (#836)dotenvxremains local-first: login is optional and only needed when you want Armor features like moving keys off-device, team sharing, and audit access.v1.71.3Compare Source
Changed
v1.71.2Compare Source
Changed
get,set, anddecryptwhen armor installed (#834)v1.71.1Compare Source
Changed
inheritfor dotenvx-armor integration (#833)v1.71.0Compare Source
Added
--tokensupport for Armor ⛨ users (#831)v1.70.0Compare Source
Changed
v1.69.2Compare Source
Changed
v1.69.1Compare Source
Changed
opstovlt(#823)v1.69.0Compare Source
Changed
opsOffoption in favor ofnoOps(#822)v1.68.1Compare Source
Changed
-fto ops (#821)v1.68.0Compare Source
Changed
ignoreoption onparse(#820)v1.67.0Compare Source
Added
v1.66.0Compare Source
Added
dotenvx doctor(#815)v1.65.3Compare Source
Changed
--no-spinnerflag passed to ops (#814)v1.65.2Compare Source
Changed
dotenvxanddotenvx-ops(#813)v1.65.1Compare Source
Changed
opsshould bubble up (#812)v1.65.0Compare Source
Added
replaceing duplicate keys with different values (#806)v1.64.0Compare Source
Added
dotenvx armorcommand.armor uparmor private keyarmor downdearmor private keyarmor pushpush armored key (from .env.keys)armor pullpull armored key (into .env.keys)Move private keys off device and under access control with Dotenvx Ops ⛨. Learn more
v1.63.0Compare Source
Added
--envflag (#804)--format=colonin order to support cloudflare's wrangler--varflag format (#804)v1.62.0Compare Source
Added
config({ envs }). unlocks simpler cloudflare worker integration (#803)v1.61.6Compare Source
Changed
encrypted:(#802)v1.61.5Compare Source
Changed
--hostnameflag todotenvx-ops.login(#801)v1.61.4Compare Source
Changed
v1.61.3Compare Source
Changed
ext precommit --installmessage (#797)v1.61.2Compare Source
Changed
v1.61.1Compare Source
Changed
dotenvx precommit|prebuildshorthand (#793)v1.61.0Compare Source
Added
loginandlogoutmethod that proxy todotenvx-ops login/logout(#780)v1.60.2Compare Source
Changed
local keyandarmored key(for Ops stored keys) (#778)v1.60.1Compare Source
Added
+ key ⛨for Ops stored keys (#777)v1.60.0Compare Source
Added
injecting(run)encrypting(encrypt,set)decrypting(decrypt,get)rotating(rotate)retrieving(keypair)v1.59.1Compare Source
Added
HELLOkey to the kit sample to match most of our examples in the READMEv1.59.0Compare Source
Changed
encryptandsetnow create a.envfile if one does not exist (#771)--no-createto prevent file creationv1.58.0Compare Source
Changed
⟐ injecting env (N) from FILE · dotenvx@VERSION(#770)v1.57.5Compare Source
Changes
v1.57.4Compare Source
Changes
curlexample for install dotenvx.com/ops (#767)v1.57.3Compare Source
Changes
v1.57.2Compare Source
Changes
npm auditto update package-lock.json (#763)v1.57.1Compare Source
Changes
improved error logs and compacted most to a single line (#755)
introduced leading log glyphs as a visual status language:
⟐success action (injected)◈success action (encrypted)◇success action (set plain value, decrypted)⟳success action (rotated)○informational no-op (no changes)▣success action for generated/updated support files⚠warning☠errorv1.57.0Compare Source
Changed
v1.56.0Compare Source
Changed
ops offflag — now respected byget,keypair,rotate, andencrypt(#750)--ppalias — added as shorthand for--pretty-print; toward sunsetting-pp(#750)Removed
.env.vaultfiles (#750)v1.55.1Compare Source
Added
dotenvx-ops status (on|off)(#749)v1.55.0Compare Source
Added
Removed
ProKeypairlogicv1.54.1Compare Source
Changed
v1.53.0Compare Source
Removed
radar. It has been a year since replaced byops. (#743)v1.52.0Compare Source
Added
main.set(#731)v1.51.4Compare Source
Changed
dotenvx-opsto better reflect its tooling as operational primitives on top of dotenvx for production use cases. (#721)v1.51.3Compare Source
Added
.env.keysfordotenvx armor up. Dotenvx Armor lets you armor your private keys securely with just a single command. It's a convenient alternative to manually copy/pasting them in and out of 1Password. (#718)v1.51.2Compare Source
Changed
npm publishto use Dotenvx Ops' new Rotation Tokens (ROTs) (#715)v1.51.1Compare Source
Added
opsOfftype informationv1.51.0Compare Source
Added
config({opsOff: true})options and--ops-offflag for turning off Dotenvx Ops features. (#680)v1.50.1Compare Source
Removed
radar(nowops) (#678)v1.50.0Compare Source
Added
dotenvx opscommand (#677)dotenvx opsuse dotenvx across your team, infrastructure, agents, and more.v1.49.1Compare Source
Changed
v1.49.0Compare Source
Added
.env.xfile like we do with.env.vaultfile. (#666)v1.48.4Compare Source
Removed
evalin proKeypair helper (#654)v1.48.3Compare Source
Changed
privateKeyNameandprivateKeyon internalprocessedEnvobject (#649)v1.48.2Compare Source
Changed
v1.48.1Compare Source
Changed
beforEnvandafterEnvto Radar if user has installed (#645)v1.48.0Compare Source
Added
beforeEnvandafterEnvfor user debugging (#644)v1.47.7Compare Source
Changed
srcshould be in internalprocessEnvobject (#643)v1.47.6Compare Source
Changed
v1.47.5Compare Source
Changed
v1.47.4Compare Source
Changed
dotenvx-radar(#638)v1.47.3Compare Source
Added
radar#observeif Radar installed by user (#631)Removed
cliin package.json (#632)v1.47.2Compare Source
Added
cliin package.json (#629)v1.47.1Compare Source
Added
radar active 📡when dotenvx-radar is installed (#625)v1.47.0Compare Source
Added
dotenvx radarcommand (#624)v1.46.0Compare Source
Added
Removed
git-dotenvxandgit dotenvxshorthand (#621)v1.45.2Compare Source
Changed
v1.45.1Compare Source
Changed
setLogNameandsetLogVersioninconfig(#613)v1.45.0Compare Source
Added
logger.setNameandlogger.setVersionfor customization of logger (#612)v1.44.2Compare Source
Changed
v1.44.1Compare Source
Changed
SetOutputtype (#597)v1.44.0Compare Source
Added
armv7support (#593)extractus/feed-extractor (@extractus/feed-extractor)
v7.2.1Compare Source
bellajswith @pwshub/bellajsv7.2.0Compare Source
evanw/esbuild (esbuild)
v0.28.1Compare Source
Disallow
\in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a
\backslash character. It happened due to the use of Go'spath.Clean()function, which only handles Unix-style/characters. HTTP requests with paths containing\are no longer allowed.Thanks to @dellalibera for reporting this issue.
Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)
The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.
Note that esbuild's Deno API installs from
registry.npmjs.orgby default, but allows theNPM_CONFIG_REGISTRYenvironment variable to override this with a custom package registry. This change means that the esbuild executable served byNPM_CONFIG_REGISTRYmust now match the expected content.Thanks to @sondt99 for reporting this issue.
Avoid inlining
usingandawait usingdeclarations (#4482)Previously esbuild's minifier sometimes incorrectly inlined
usingandawait usingdeclarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done forletandconstdeclarations by avoiding doing it forvardeclarations, which no longer worked when more declaration types were added. Here's an example:Fix module evaluation when an error is thrown (#4461, #4467)
If an error is thrown during module evaluation, esbuild previously didn't preserve the state of the module for subsequent module references. This was observable if
import()orrequire()is used to import a module multiple times. The thrown error is supposed to be thrown by every call toimport()orrequire(), not just the first. With this release, esbuild will now throw the same error every time you callimport()orrequire()on a module that throws during its evaluation.Fix some edge cases around the
newoperator (#4477)Previously esbuild incorrectly printed certain edge cases involving complex expressions inside the target of a
newexpression (specifically an optional chain and/or a tagged template literal). The generated code for thenewtarget was not correctly wrapped with parentheses, and either contained a syntax error or had different semantics. These edge cases have been fixed so that they now correctly wrap thenewtarget in parentheses. Here is an example of some affected code:Fix renaming of nested
vardeclarations (#4471)This release fixes a bug where
vardeclarations in nested scopes that are hoisted up to module scope were not correctly being renamed during bundling. That could previously lead to name collisions when minification was disabled, which could potentially cause a behavior change. The bug has been fixed so that these hoisted declarations are now considered to be module-level symbols during the name collision avoidance pass.Emit
varinstead ofconstfor certain TypeScript-only constructs for ES5 (#4448)While esbuild doesn't generally support converting
consttovarfor ES5 due to nested scoping rules (which is currently a build-time error), esbuild previously incorrectly converted TypeScript-onlyimportassignment constructs into aconstdeclaration even when targeting ES5. With this release, esbuild will now usevarfor this case instead:v0.28.0Compare Source
Add support for
with { type: 'text' }imports (#4435)The import text proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by Deno and Bun. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing
textloader. Here's an example:Add integrity checks to fallback download path (#4343)
Installing esbuild via npm is somewhat complicated with several different edge cases (see esbuild's documentation for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the
npmcommand, and then with a HTTP request toregistry.npmjs.orgas a last resort).This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level
esbuildpackage. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.Update the Go compiler from 1.25.7 to 1.26.1
This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:
You can read the Go 1.26 release notes for more information.
v0.27.7Compare Source
Fix lowering of define semantics for TypeScript parameter properties (#4421)
The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:
v0.27.5Compare Source
Fix for an async generator edge case (#4401, #4417)
Support for transforming async generators into the equivalent state machine was added in version 0.19.0. However, the generated state machine didn't work correctly when polling async generators concurrently, such as in the following code:
Previously esbuild's output of the above code behaved incorrectly when async generators were transformed (such as with
--supported:async-generator=false). The transformation should be fixed starting with this release.This fix was contributed by @2767mr.
Fix a regression when
metafileis enabled (#4420, #4418)This release fixes a regression introduced by the previous release. When
metafile: truewas enabled in esbuild's JavaScript API, builds with build errors were incorrectly throwing an error about an empty JSON string instead of an object containing the build errors.Use define semantics for TypeScript parameter properties (#4421)
Parameter properties are a TypeScript-specific code generation feature that converts constructor parameters into class fields when they are prefixed by certain keywords. When
"useDefineForClassFields": trueis present intsconfig.json, the TypeScript compiler automatically generates class field declarations for parameter properties. Previously esbuild didn't do this, but esbuild will now do this starting with this release:Allow
es2025as a target intsconfig.json(#4432)TypeScript recently added
es2025as a compilation target, so esbuild now supports this in thetargetfield oftsconfig.jsonfiles, such as in the following configuration file:{ "compilerOptions": { "target": "ES2025" } }As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.
v0.27.4Compare Source
Fix a regression with CSS media queries (#4395, #4405, #4406)
Version 0.25.11 of esbuild introduced support for parsing media queries. This unintentionally introduced a regression with printing media queries that use the
<media-type> and <media-condition-without-or>grammar. Specifically, esbuild was failing to wrap anorclause with parentheses when inside<media-condition-without-or>. This release fixes the regression.Here is an example:
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.