Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(deps): update all dependencies #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update all dependencies #82

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 2, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@aptre/common 0.22.5 -> 0.22.12 age adoption passing confidence devDependencies patch
@aptre/protobuf-es-lite 0.4.9 -> 0.5.2 age adoption passing confidence resolutions minor
@aptre/protobuf-es-lite ^0.4.4 -> ^0.5.0 age adoption passing confidence dependencies minor
@types/node (source) 22.15.29 -> 22.18.6 age adoption passing confidence devDependencies minor
actions/checkout v4.2.2 -> v5.0.0 age adoption passing confidence action major
actions/dependency-review-action v4.7.1 -> v4.7.3 age adoption passing confidence action patch
actions/setup-go v5.5.0 -> v6.0.0 age adoption passing confidence action major
actions/setup-node v4.4.0 -> v5.0.0 age adoption passing confidence action major
esbuild 0.25.5 -> 0.25.10 age adoption passing confidence devDependencies patch
github.com/aperturerobotics/common v0.22.5 -> v0.22.12 age adoption passing confidence require patch
github.com/aperturerobotics/protobuf-go-lite v0.9.1 -> v0.11.0 age adoption passing confidence require minor
github/codeql-action v3.28.18 -> v3.30.3 age adoption passing confidence action minor
go (source) 1.24.3 -> 1.25.1 age adoption passing confidence toolchain minor
golang.org/x/tools v0.33.0 -> v0.37.0 age adoption passing confidence require minor
mvdan.cc/gofumpt v0.8.0 -> v0.9.1 age adoption passing confidence require minor
typescript (source) 5.8.3 -> 5.9.2 age adoption passing confidence devDependencies minor
vitest (source) 3.1.4 -> 3.2.4 age adoption passing confidence devDependencies minor

Release Notes

aperturerobotics/common (@​aptre/common)

v0.22.12

Compare Source

v0.22.11

Compare Source

v0.22.10

Compare Source

v0.22.9

Compare Source

v0.22.8

Compare Source

v0.22.7

Compare Source

v0.22.6

Compare Source

aperturerobotics/protobuf-es-lite (@​aptre/protobuf-es-lite)

v0.5.2

Compare Source

v0.5.1

Compare Source

v0.5.0

Compare Source

actions/checkout (actions/checkout)

v5.0.0

Compare Source

What's Changed
⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

actions/dependency-review-action (actions/dependency-review-action)

v4.7.3: 4.7.3

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4...v4.7.2

actions/setup-go (actions/setup-go)

v6.0.0

Compare Source

What's Changed
Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades
New Contributors

Full Changelog: actions/setup-go@v5...v6.0.0

actions/setup-node (actions/setup-node)

v5.0.0

Compare Source

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless.
To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

evanw/esbuild (esbuild)

v0.25.10

Compare Source

  • Fix a panic in a minification edge case (#​4287)

    This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

    function identity(x) { return x }
identity({ y: identity(123) })

  • Fix @supports nested inside pseudo-element (#​4265)

    When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

    The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

    However, it seems like this behavior is different for nested at-rules such as @supports, which do work with pseudo-elements. So this release modifies esbuild's behavior to now take that into account:

    /* Original code */
::placeholder {
  color: red;
  body & { color: green }
  @​supports (color: blue) { color: blue }
}

/* Old output (with --supported:nesting=false) */
::placeholder {
  color: red;
}
body :is() {
  color: green;
}
@​supports (color: blue) {
   {
    color: blue;
  }
}

/* New output (with --supported:nesting=false) */
::placeholder {
  color: red;
}
body :is() {
  color: green;
}
@​supports (color: blue) {
  ::placeholder {
    color: blue;
  }
}

v0.25.9

Compare Source

  • Better support building projects that use Yarn on Windows (#​3131, #​3663)

    With this release, you can now use esbuild to bundle projects that use Yarn Plug'n'Play on Windows on drives other than the C: drive. The problem was as follows:

    1. Yarn in Plug'n'Play mode on Windows stores its global module cache on the C: drive
    2. Some developers put their projects on the D: drive
    3. Yarn generates relative paths that use ../.. to get from the project directory to the cache directory
    4. Windows-style paths don't support directory traversal between drives via .. (so D:\.. is just D:)
    5. I didn't have access to a Windows machine for testing this edge case

    Yarn works around this edge case by pretending Windows-style paths beginning with C:\ are actually Unix-style paths beginning with /C:/, so the ../.. path segments are able to navigate across drives inside Yarn's implementation. This was broken for a long time in esbuild but I finally got access to a Windows machine and was able to debug and fix this edge case. So you should now be able to bundle these projects with esbuild.

  • Preserve parentheses around function expressions (#​4252)

    The V8 JavaScript VM uses parentheses around function expressions as an optimization hint to immediately compile the function. Otherwise the function would be lazily-compiled, which has additional overhead if that function is always called immediately as lazy compilation involves parsing the function twice. You can read V8's blog post about this for more details.

    Previously esbuild did not represent parentheses around functions in the AST so they were lost during compilation. With this change, esbuild will now preserve parentheses around function expressions when they are present in the original source code. This means these optimization hints will not be lost when bundling with esbuild. In addition, esbuild will now automatically add this optimization hint to immediately-invoked function expressions. Here's an example:

    // Original code
const fn0 = () => 0
const fn1 = (() => 1)
console.log(fn0, function() { return fn1() }())

// Old output
const fn0 = () => 0;
const fn1 = () => 1;
console.log(fn0, function() {
  return fn1();
}());

// New output
const fn0 = () => 0;
const fn1 = (() => 1);
console.log(fn0, (function() {
  return fn1();
})());

    Note that you do not want to wrap all function expressions in parentheses. This optimization hint should only be used for functions that are called on initial load. Using this hint for functions that are not called on initial load will unnecessarily delay the initial load. Again, see V8's blog post linked above for details.

  • Update Go from 1.23.10 to 1.23.12 (#​4257, #​4258)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4674 and CVE-2025-47907) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

v0.25.8

Compare Source

  • Fix another TypeScript parsing edge case (#​4248)

    This fixes a regression with a change in the previous release that tries to more accurately parse TypeScript arrow functions inside the ?: operator. The regression specifically involves parsing an arrow function containing a #private identifier inside the middle of a ?: ternary operator inside a class body. This was fixed by propagating private identifier state into the parser clone used to speculatively parse the arrow function body. Here is an example of some affected code:

    class CachedDict {
  #has = (a: string) => dict.has(a);
  has = window
    ? (word: string): boolean => this.#has(word)
    : this.#has;
}

  • Fix a regression with the parsing of source phase imports

    The change in the previous release to parse source phase imports failed to properly handle the following cases:

    import source from 'bar'
import source from from 'bar'
import source type foo from 'bar'

    Parsing for these cases should now be fixed. The first case was incorrectly treated as a syntax error because esbuild was expecting the second case. And the last case was previously allowed but is now forbidden. TypeScript hasn't added this feature yet so it remains to be seen whether the last case will be allowed, but it's safer to disallow it for now. At least Babel doesn't allow the last case when parsing TypeScript, and Babel was involved with the source phase import specification.

v0.25.7

Compare Source

  • Parse and print JavaScript imports with an explicit phase (#​4238)

    This release adds basic syntax support for the defer and source import phases in JavaScript:

    • defer

      This is a stage 3 proposal for an upcoming JavaScript feature that will provide one way to eagerly load but lazily initialize imported modules. The imported module is automatically initialized on first use. Support for this syntax will also be part of the upcoming release of TypeScript 5.9. The syntax looks like this:

      import defer * as foo from "<specifier>";
const bar = await import.defer("<specifier>");

      Note that this feature deliberately cannot be used with the syntax import defer foo from "<specifier>" or import defer { foo } from "<specifier>".

    • source

      This is a stage 3 proposal for an upcoming JavaScript feature that will provide another way to eagerly load but lazily initialize imported modules. The imported module is returned in an uninitialized state. Support for this syntax may or may not be a part of TypeScript 5.9 (see this issue for details). The syntax looks like this:

      import source foo from "<specifier>";
const bar = await import.source("<specifier>");

      Note that this feature deliberately cannot be used with the syntax import defer * as foo from "<specifier>" or import defer { foo } from "<specifier>".

    This change only adds support for this syntax. These imports cannot currently be bundled by esbuild. To use these new features with esbuild's bundler, the imported paths must be external to the bundle and the output format must be set to esm.

  • Support optionally emitting absolute paths instead of relative paths (#​338, #​2082, #​3023)

    This release introduces the --abs-paths= feature which takes a comma-separated list of situations where esbuild should use absolute paths instead of relative paths. There are currently three supported situations: code (comments and string literals), log (log message text and location info), and metafile (the JSON build metadata).

    Using absolute paths instead of relative paths is not the default behavior because it means that the build results are no longer machine-independent (which means builds are no longer reproducible). Absolute paths can be useful when used with certain terminal emulators that allow you to click on absolute paths in the terminal text and/or when esbuild is being automatically invoked from several different directories within the same script.

  • Fix a TypeScript parsing edge case (#​4241)

    This release fixes an edge case with parsing an arrow function in TypeScript with a return type that's in the middle of a ?: ternary operator. For example:

    x = a ? (b) : c => d;
y = a ? (b) : c => d : e;

    The : token in the value assigned to x pairs with the ? token, so it's not the start of a return type annotation. However, the first : token in the value assigned to y is the start of a return type annotation because after parsing the arrow function body, it turns out there's another : token that can be used to pair with the ? token. This case is notable as it's the first TypeScript edge case that esbuild has needed a backtracking parser to parse. It has been addressed by a quick hack (cloning the whole parser) as it's a rare edge case and esbuild doesn't otherwise need a backtracking parser. Hopefully this is sufficient and doesn't cause any issues.

  • Inline small constant strings when minifying

    Previously esbuild's minifier didn't inline string constants because strings can be arbitrarily long, and this isn't necessarily a size win if the string is used more than once. Starting with this release, esbuild will now inline string constants when the length of the string is three code units or less. For example:

    // Original code
const foo = 'foo'
console.log({ [foo]: true })

// Old output (with --minify --bundle --format=esm)
var o="foo";console.log({[o]:!0});

// New output (with --minify --bundle --format=esm)
console.log({foo:!0});

    Note that esbuild's constant inlining only happens in very restrictive scenarios to avoid issues with TDZ handling. This change doesn't change when esbuild's constant inlining happens. It only expands the scope of it to include certain string literals in addition to numeric and boolean literals.

v0.25.6

Compare Source

  • Fix a memory leak when cancel() is used on a build context (#​4231)

    Calling rebuild() followed by cancel() in rapid succession could previously leak memory. The bundler uses a producer/consumer model internally, and the resource leak was caused by the consumer being termianted while there were still remaining unreceived results from a producer. To avoid the leak, the consumer now waits for all producers to finish before terminating.

  • Support empty :is() and :where() syntax in CSS (#​4232)

    Previously using these selectors with esbuild would generate a warning. That warning has been removed in this release for these cases.

  • Improve tree-shaking of try statements in dead code (#​4224)

    With this release, esbuild will now remove certain try statements if esbuild considers them to be within dead code (i.e. code that is known to not ever be evaluated). For example:

    // Original code
return 'foo'
try { return 'bar' } catch {}

// Old output (with --minify)
return"foo";try{return"bar"}catch{}

// New output (with --minify)
return"foo";

  • Consider negated bigints to have no side effects

    While esbuild currently considers 1, -1, and 1n to all have no side effects, it didn't previously consider -1n to have no side effects. This is because esbuild does constant folding with numbers but not bigints. However, it meant that unused negative bigint constants were not tree-shaken. With this release, esbuild will now consider these expressions to also be side-effect free:

    // Original code
let a = 1, b = -1, c = 1n, d = -1n

// Old output (with --bundle --minify)
(()=>{var n=-1n;})();

// New output (with --bundle --minify)
(()=>{})();

  • Support a configurable delay in watch mode before rebuilding (#​3476, #​4178)

    The watch() API now takes a delay option that lets you add a delay (in milliseconds) before rebuilding when a change is detected in watch mode. If you use a tool that regenerates multiple source files very slowly, this should make it more likely that esbuild's watch mode won't generate a broken intermediate build before the successful final build. This option is also available via the CLI using the --watch-delay= flag.

    This should also help avoid confusion about the watch() API's options argument. It was previously empty to allow for future API expansion, which caused some people to think that the documentation was missing. It's no longer empty now that the watch() API has an option.

  • Allow mixed array for entryPoints API option (#​4223)

    The TypeScript type definitions now allow you to pass a mixed array of both string literals and object literals to the entryPoints API option, such as ['foo.js', { out: 'lib', in: 'bar.js' }]. This was always possible to do in JavaScript but the TypeScript type definitions were previously too restrictive.

  • Update Go from 1.23.8 to 1.23.10 (#​4204, #​4207)

    This should have no effect on existing code as this version change does not change Go's operating system support. It may remove certain false positive reports (specifically CVE-2025-4673 and CVE-2025-22874) from vulnerability scanners that only detect which version of the Go compiler esbuild uses.

  • Experimental support for esbuild on OpenHarmony (#​4212)

    With this release, esbuild now publishes the @esbuild/openharmony-arm64 npm package for OpenHarmony. It contains a WebAssembly binary instead of a native binary because Go doesn't currently support OpenHarmony. Node does support it, however, so in theory esbuild should now work on OpenHarmony through WebAssembly.

    This change was contributed by @​hqzing.

aperturerobotics/protobuf-go-lite (github.com/aperturerobotics/protobuf-go-lite)

v0.11.0

Compare Source

v0.10.1

Compare Source

v0.10.0

Compare Source

github/codeql-action (github/codeql-action)

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #​3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025
  • Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025
  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025
  • Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025
  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025
  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025
  • Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

v3.29.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.2 - 30 Jun 2025
  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​2935

See the full CHANGELOG.md for more information.

v3.29.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.1 - 27 Jun 2025
  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #​2938
  • Update default CodeQL bundle version to 2.22.1. #​2950

See the full CHANGELOG.md for more information.

v3.29.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.0 - 11 Jun 2025
  • Update default CodeQL bundle version to 2.22.0.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update dependency @types/node to v22.10.4 chore(deps): update dependency @types/node to v22.10.5 Jan 3, 2025
@renovate renovate bot changed the title chore(deps): update dependency @types/node to v22.10.5 fix(deps): update all dependencies Jan 8, 2025
@renovate renovate bot force-pushed the renovate/all branch 4 times, most recently from 0f32fc8 to a0a60de Compare January 14, 2025 13:04
@renovate renovate bot force-pushed the renovate/all branch 7 times, most recently from 8999f8b to d49a602 Compare January 22, 2025 22:17
@renovate renovate bot force-pushed the renovate/all branch 10 times, most recently from 94c81e0 to f8a4481 Compare January 29, 2025 21:34
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from e10ef08 to 4f3746f Compare February 4, 2025 20:46
@renovate renovate bot changed the title fix(deps): update all dependencies chore(deps): update all dependencies Feb 7, 2025
@renovate renovate bot force-pushed the renovate/all branch 11 times, most recently from 68a2709 to c8e0654 Compare August 13, 2025 03:59
@renovate renovate bot force-pushed the renovate/all branch 6 times, most recently from 68ebe90 to d87ee34 Compare August 21, 2025 19:16
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 699542f to c01082e Compare August 31, 2025 10:37
@renovate renovate bot force-pushed the renovate/all branch 5 times, most recently from aae6507 to 1f4d567 Compare September 13, 2025 23:11
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 6611770 to fd1c178 Compare September 17, 2025 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants