Skip to content

build(deps-dev): bump all#822

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Open

build(deps-dev): bump all#822
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented May 27, 2024

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@shopify/prettier-plugin-liquid (source) 1.5.01.10.3 age adoption passing confidence devDependencies minor
@types/markdown-it (source) 14.1.114.1.2 age adoption passing confidence devDependencies patch
actions/checkout v4.1.6v4.3.1 age adoption passing confidence action minor
actions/setup-node v4.0.2v4.4.0 age adoption passing confidence action minor
docker/dockerfile a57df6987999aa syntax digest
dorny/paths-filter v3.0.2v3.0.3 age adoption passing confidence action patch
dprint 0.45.10.55.1 age adoption passing confidence devDependencies minor
editorconfig-checker 5.1.55.1.9 age adoption passing confidence devDependencies patch
eslint-config-prettier 9.1.09.1.2 age adoption passing confidence devDependencies patch
eslint-import-resolver-node (source) 0.3.90.4.0 age adoption passing confidence devDependencies minor
eslint-import-resolver-typescript 3.6.13.10.1 age adoption passing confidence devDependencies minor
eslint-plugin-import 2.29.12.32.0 age adoption passing confidence devDependencies minor
eslint-plugin-json-schema-validator (source) 5.1.05.5.1 age adoption passing confidence devDependencies minor
eslint-plugin-jsonc (source) 2.15.12.21.1 age adoption passing confidence devDependencies minor
eslint-plugin-markdown 5.0.05.1.0 age adoption passing confidence devDependencies minor
eslint-plugin-prettier 5.1.35.5.6 age adoption passing confidence devDependencies minor
eslint-plugin-promise 6.1.16.6.0 age adoption passing confidence devDependencies minor
eslint-plugin-regexp 2.5.02.10.0 age adoption passing confidence devDependencies minor
eslint-plugin-simple-import-sort 12.1.012.1.1 age adoption passing confidence devDependencies patch
eslint-plugin-yml (source) 1.14.01.19.1 age adoption passing confidence devDependencies minor
markdown-it-anchor 9.0.19.2.0 age adoption passing confidence devDependencies minor
markdownlint-cli2 0.13.00.23.0 age adoption passing confidence devDependencies minor
markdownlint-cli2-formatter-default 0.0.40.0.6 age adoption passing confidence devDependencies patch
pnpm (source) 9.1.19.15.9 age adoption passing confidence packageManager minor
prettier (source) 3.2.53.9.4 age adoption passing confidence devDependencies minor
remark-preset-prettier 2.0.12.0.2 age adoption passing confidence devDependencies patch
returntocorp/semgrep 18fcd5306938c1 container digest
ruby (source) 3.3.13.4.10 age adoption passing confidence minor
ruby/setup-ruby v1.176.0v1.316.0 age adoption passing confidence action minor
typescript (source) 5.4.55.9.3 age adoption passing confidence devDependencies minor
unified (source) 11.0.411.0.5 age adoption passing confidence devDependencies patch

Release Notes

Shopify/theme-tools (@​shopify/prettier-plugin-liquid)

v1.10.3

Patch Changes
  • cacd8f3: [internal] local development fix for breakpoints

v1.10.2

Compare Source

v1.10.0

Compare Source

v1.9.4

Compare Source

v1.9.3

Compare Source

v1.9.2

Compare Source

v1.9.1

Compare Source

v1.9.0

Compare Source

v1.8.3

Compare Source

v1.8.2

Compare Source

v1.8.1

Compare Source

v1.8.0

Compare Source

v1.7.2

Compare Source

v1.7.0

Compare Source

v1.6.3

Compare Source

v1.6.2

Compare Source

v1.6.1

Compare Source

v1.6.0

Compare Source

v1.5.2

Compare Source

v1.5.1

Compare Source

actions/checkout (actions/checkout)

v4.3.1

Compare Source

v4.3.0

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

v4.1.7

Compare Source

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:
Enhancement:
Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

New Contributors

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-node@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

  • Resolve High Security Alerts by upgrading Dependencies by @​aparnajyothi-y in #​1132
  • Upgrade IA Publish by @​Jcambass in #​1134
  • Revise isGhes logic by @​jww3 in #​1148
  • Add architecture to cache key by @​pengx17 in #​843
    This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
    Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

Full Changelog: actions/setup-node@v4...v4.1.0

v4.0.4

Compare Source

What's Changed

Documentation changes:

New Contributors

Full Changelog: actions/setup-node@v4...v4.0.4

v4.0.3

Compare Source

What's Changed

Bug fixes:
Documentation changes:
Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v4...v4.0.3

dorny/paths-filter (dorny/paths-filter)

v3.0.3

Compare Source

dprint/dprint (dprint)

v0.55.1

Compare Source

Changes

  • fix(npm): resolve node_modules from config dir
    (#​1194)

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact SHA-256 Checksum
dprint-x86_64-apple-darwin.zip 21f9784b3edf3b0a686932b4387359ebd83fba798ac2f7e2ba1e7b8c9f674e3e
dprint-aarch64-apple-darwin.zip 94a9ce5ca91dbb609d4f22f2ccf28d8b422627c0944c6ee63d1beecac28f8cd4
dprint-x86_64-pc-windows-msvc.zip dfdee60f04810c14df310696ce680da7ece599cd27b162f77906adc80d5e9679
dprint-x86_64-pc-windows-msvc-installer.exe bb244f445a0f7f022c550b0239d7bde00319ea55a1be1ccafdd0b8f52b47042b
dprint-aarch64-pc-windows-msvc.zip a4e3f6921eba2db72d00a4ae35ed1bd6ff49eed610815f8b13f3b64fe12d7b17
dprint-x86_64-unknown-linux-gnu.zip 14f40c47b2a1c79ced321b62bf177f88f064d7b11c41f1ee28488ee0d9391bb2
dprint-x86_64-unknown-linux-musl.zip 7ce856d5999585e58666701eab5e0291abfb63953884d5dd0268001c89d74b8d
dprint-aarch64-unknown-linux-gnu.zip f5ea3a5c196b0bcd91aa0af7b5ef7366dbf87e8315a6797c47bff081a8d4e398
dprint-aarch64-unknown-linux-musl.zip 2d414d659034650bc25b208a87ab427cd01a7ac6c21b3ed2191cf92e1b58f76c
dprint-riscv64gc-unknown-linux-gnu.zip 318c4880ca5042c353cf13d860969b462b43eb758d001356d4cad4bb187c3620
dprint-loongarch64-unknown-linux-gnu.zip eef61b49a6d71f9651a50b64eaf09bdf175ebf29251cd5412ac3d55c2564bc63
dprint-loongarch64-unknown-linux-musl.zip fc3f51a9fd6133cdb2d0dc8af12404ecf0844868b71e3d27efa737d1ee1fafdc
dprint-powerpc64le-unknown-linux-gnu.zip 6fa587bf42a4d7d9635c9387e5e71652dfaee7199427d560f9447ead7f44ae54
dprint-powerpc64le-unknown-linux-musl.zip 098601fedc67ee0c2867a03cf52111e6040820aa98f7e3f025cf023da517512e
dprint-aarch64-linux-android.zip 8d39d1341912bfaf26f7ce140de234e577f20e4ebd520b79ebb42e317bf451f1
dprint-x86_64-linux-android.zip 575900410e5638628e0f5bf006eb99d62f2d76b33711e795214426f25d0f14c0

v0.55.0

Compare Source

dprint is a pluggable and configurable code formatting platform that unifies all your formatters.

This substantial release adds npm specifier plugins, brings dprint to many more CPU architectures, adds richer LSP support, and gives you finer-grained configuration with per-file overrides and config inheritance.

It includes two behaviour changes worth reading before you upgrade.

Highlights

  • 📦 npm specifier plugins — reference plugins with npm:@​scope/name@version
  • 🏗️ Runs on many more architectures — Windows on ARM, Android (Termux), ppc64le, and LoongArch
  • 💡 LSP completions & hover for dprint configuration files
  • 🔀 dprint fmt --dirty — format only the files with uncommitted git changes
  • 🎛️ Per-file plugin config overrides — apply different plugin options to specific files
  • 🧬 "inherit": true for nested configuration files
  • ⚠️ Plugin associations are now additive (behaviour change)
  • ⚠️ Globs are now case-sensitive (behaviour change)

There's also a new website: https://dprint.dev

npm specifier plugins

You can now reference plugins via an npm: specifier in your config:

{
  "plugins": [
    "npm:@​dprint/typescript@0.95.15",
    "npm:@​dprint/json"
  ]
}
  • Pinned form (npm:@​scope/name@version) downloads and locks an exact version.
  • Omitting the version (npm:@​scope/name) resolves the plugin from node_modules, walking up from the config file so npm and your lockfile stay the source of truth.
  • dprint add npm:@​scope/name resolves the latest version and writes the pinned form, unless the package is in a nearby package.json under devDependencies, in which case the unversioned form is written, in which case node resolution will occur.

More architectures supported

dprint now runs on a much wider range of CPU architectures, including:

  • Windows on ARM (aarch64-pc-windows-msvc) - Now native—previously dprint was shipping the x64 binary.
  • Android / Termux.
  • ppc64le.
  • LoongArch (now able to run plugins).

This is made possible by migrating the Wasm plugin runtime from Wasmer to Wasmtime, with equivalent performance and a smaller dependency tree:

  • Native Cranelift codegen on x86_64, aarch64, riscv64, and s390x.
  • ppc64le, LoongArch, and Android compile to Wasmtime's portable Pulley bytecode (pure Rust, no native backend, no signal-based traps — which the Android sandbox doesn't allow), replacing the previous wasmi interpreter path.

LSP completions and hover for config files

dprint lsp now provides autocompletion and hover documentation when editing dprint.json / dprint.jsonc, making it easier to discover plugins and configuration options without leaving your editor.

dprint fmt --dirty

Format only the files with uncommitted changes in your git working directory — staged, unstaged, and untracked (but not gitignored):

dprint fmt --dirty

This complements the existing --staged flag.

"inherit": true for nested config files

A nested configuration file can now opt in to inheriting its ancestor's plugins and configuration. Given a config at the repo root:

// ./dprint.json
{
  "typescript": {
    "indentWidth": 4
  },
  "plugins": [
    "https://plugins.dprint.dev/typescript-0.96.1.wasm"
  ]
}

A config in a subdirectory can inherit it with "inherit": true:

// ./sub-project/dprint.json
{
  "inherit": true,
  "typescript": {
    // inherits the ancestor's TypeScript config, but overrides the indent width
    "indentWidth": 2
  }
}
  • Plugins in the nested config take precedence; any not specified are inherited.
  • The ancestor's includes are not inherited.
  • Inheriting is opt-in so that adding a config higher in the tree doesn't unexpectedly start affecting nested configs.

Per-file plugin config overrides

Plugins now support "overrides" blocks to apply different configuration to specific files:

{
  "json": {
    "overrides": {
      "files": ["**/package.json", "**/composer.json"],
      "indentWidth": 4
    }
  }
}

Use an array for multiple overrides:

{
  "json": {
    "overrides": [
      {
        "files": ["**/package.json", "**/composer.json"],
        "indentWidth": 4
      },
      {
        "files": "**/special-package.json",
        "lineWidth": 80
      }
    ]
  }
}

Overrides are honoured consistently across CLI formatting, stdin, the editor service, the LSP, and host formatting. Note that overrides only change configuration — they don't include or exclude files.

⚠️ Plugin associations are now additive (behaviour change)

Previously, adding an "associations" glob to a plugin silently replaced the file extensions and file names it matched by default. Now associations are additive:

  • A positive glob (e.g. **/*.foo) routes extra files to the plugin while its defaults keep matching.
  • A negated glob (e.g. !**/*.js) cancels a default extension, file name, or path.

If you previously relied on a positive association to replace the defaults, add a negated glob to opt back out. Fixes the surprising behaviour in #​841 and #​794.

⚠️ Globs are now case-sensitive (behaviour change)

File pattern matching for includes/excludes globs is now case-sensitive (#​1082). If your patterns relied on case-insensitive matching, update them to match the actual file casing.

Read a list of files from stdin

The new --stdin-files flag reads a newline-separated list of file paths from stdin instead of from the command line arguments. It works with the fmt, check, file-paths, and format-times subcommands, which is handy when piping the output of another tool into dprint:

generate_files | dprint fmt --stdin-files

Smarter dprint init

dprint init now scans the current directory and pre-selects the plugins whose files it finds, so the defaults match your project out of the box. The plugin picker scrolls to fit your terminal and supports type-to-filter, keeping it usable even when many plugins are available.

Pass --yes (-y) to skip the prompt entirely and accept those defaults — handy for scripts and CI:

dprint init --yes

The prompt is also skipped automatically when there's no interactive terminal.

Other notable additions

  • DPRINT_GLOBAL_GITIGNORE=1 — opt in to respecting git's global excludes file (core.excludesFile). Opt-in because it's machine-specific and won't exist on CI.
  • NO_COLOR / FORCE_COLOR support for controlling colored output.
  • dprint config update --dry-run — preview config updates without writing.
  • dprint resolved-config --file <path> — show only the plugins that would format a given file.
  • dprint incremental-state — print the exact signal dprint uses to decide cache reuse, so you can diff it between revisions.
  • Shorter subcommand namesoutput-resolved-config, output-file-paths, and output-format-times are now resolved-config, file-paths, and format-times.

Changelog

Features
  • feat(BREAKING): make plugin associations additive to default file matching (#​1172)
  • feat(BREAKING): make globs case sensitive (#​1089)
  • feat: migrate wasm plugin runtime from wasmer to wasmtime (#​1178)
  • feat: add Windows on ARM (aarch64-pc-windows-msvc) builds (#​1179)
  • feat: add android (Termux) builds using the wasmi interpreter backend (#​1175)
  • feat: add ppc64le builds using the wasmi interpreter backend (#​1174)
  • feat: use LLVM backend for LoongArch to support plugins (#​1109)
  • feat: LSP completions and hover for dprint configuration files (#​1177)
  • feat: support resolving plugins via npm specifiers and node resolution (#​1134)
  • feat: add --dirty flag to format git working directory changes (#​1171)
  • feat: add per-file plugin config overrides (#​1136)
  • feat: support "inherit": true in nested configuration files (#​1160)
  • feat: opt-in support for git's global excludes file via DPRINT_GLOBAL_GITIGNORE (#​1163)
  • feat: support reading a list of files to format from stdin (#​1157)
  • feat: support NO_COLOR and FORCE_COLOR env vars (#​1155)
  • feat: add --dry-run to dprint config update (#​1156)
  • feat: add --file flag to resolved-config to filter plugins by file (#​1167)
  • feat: add dprint incremental-state command (#​1149)
  • feat: drop output- from some subcommands (#​1150)
  • feat(npm): detect plugin kind on dprint add when no path is given (#​1183)
  • feat(npm): add --checksum flag to dprint add (#​1184)
  • feat(init): pre-select plugins from the current directory, scrollable/filterable picker, and --yes flag (#​1185)
  • feat(init): scaffold plugin config from info.json (defaultConfig + configItems) (#​1186)
  • feat(init): prioritize plugin pre-selection and surface it in the list
    (#​1187)
Performance
  • perf: reduce wasm plugin thread stack size to 4 MiB (#​1180)
  • perf: read directories on multiple threads when globbing (#​1168)
  • perf(windows): delay load DLLs not needed at startup (#​1164)
  • perf: cache resolved global gitignore path to avoid repeated git subprocess (#​1165)
  • perf: use similar for LSP diffing and drop dissimilar (#​1176)
Bug Fixes
  • fix: normalize LSP formatted line endings to match the editor document (#​1173)
  • fix: avoid hang waiting for killed process plugins in clear-cache (#​1169)
  • fix: kill process plugins when running dprint clear-cache (#​1154)
  • fix(npm): download binary when optional dependency is omitted (#​1161)
  • fix(npm): improve musl detection (#​1145)
  • fix: recompile Wasm plugin from source when loading from cache fails (#​1158)
  • fix: avoid regex size limit when given many literal file paths (#​1153)
  • fix: read .git/info/exclude when respecting gitignore (#​1151)
  • fix(plugins): surface plugin cache cleanup errors instead of swallowing them (#​1148)
  • fix(core): prevent unbounded re-evaluation when conditions oscillate (#​1137)
  • fix: include plugin's resolved config in incremental cache key (#​1138)
  • fix(install.sh): correct riscv64 build name, add loongarch64 support, Windows .exe path, resolve relative DPRINT_INSTALL (#​1131)
Internal
  • refactor: redesign plugin cache as flat per-plugin sidecars (#​1181)

Install

Run dprint upgrade or see https://dprint.dev/install/

Checksums

Artifact SHA-256 Checksum
dprint-x86_64-apple-darwin.zip 69d032d8fe70441fc4307cdd5360d5e0086773bb2f7ba63d4863e59c64f3df38
dprint-aarch64-apple-

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from 6693fee to 8026c0a Compare June 1, 2024 19:05
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from cd39ab0 to c0b0d3b Compare June 5, 2024 09:42
@socket-security

socket-security Bot commented Jun 5, 2024

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm diff-sequences is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-plugin-yml@1.19.1npm/eslint-plugin-jsonc@2.21.1npm/diff-sequences@27.5.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/diff-sequences@27.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm editorconfig-checker is 78.0% likely obfuscated

Confidence: 0.78

Location: Package overview

From: package.jsonnpm/editorconfig-checker@5.1.9

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/editorconfig-checker@5.1.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/eslint-import-resolver-node@0.4.0npm/eslint-plugin-import@2.32.0npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/all branch 10 times, most recently from ef92697 to 440b6a3 Compare June 12, 2024 12:45
@renovate renovate Bot changed the title build(deps-dev): bump all chore(deps): bump all Jun 12, 2024
@renovate renovate Bot force-pushed the renovate/all branch 7 times, most recently from af6e1aa to 5c4f4f4 Compare June 24, 2024 17:30
@renovate renovate Bot force-pushed the renovate/all branch 6 times, most recently from 0f6e67e to 56ba551 Compare July 13, 2024 15:03
@renovate renovate Bot force-pushed the renovate/all branch 7 times, most recently from 1d63142 to 85fb2f4 Compare July 23, 2024 01:00
@renovate renovate Bot changed the title chore(deps): bump all build(deps-dev): bump all Jul 25, 2024
@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from 52d4366 to b177b57 Compare July 31, 2024 02:05
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from f31a554 to c8e6a88 Compare August 7, 2024 02:43
@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from 06d878e to 28e8f98 Compare August 26, 2024 17:36
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 37682db to 4e57dd1 Compare September 6, 2024 08:12
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants