Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps(example): bump the dependencies group across 1 directory with 9 updates #2948

Closed
wants to merge 1 commit into from
Closed

deps(example): bump the dependencies group across 1 directory with 9 updates #2948

wants to merge 1 commit into from
+1,434 −672

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 23, 2025
edited
Loading

Bumps the dependencies group with 9 updates in the /examples/nestjs-launchdarkly directory:

Package From To
@launchdarkly/node-server-sdk 9.7.2 9.7.3
@nestjs/config 3.3.0 4.0.0
@nestjs/core 10.4.15 11.0.4
@nestjs/platform-express 10.4.15 11.0.4
@nestjs/cli 10.4.9 11.0.2
@nestjs/schematics 10.2.3 11.0.0
@typescript-eslint/eslint-plugin 8.20.0 8.21.0
@typescript-eslint/parser 8.20.0 8.21.0
eslint-plugin-prettier 5.2.2 5.2.3

Updates @launchdarkly/node-server-sdk from 9.7.2 to 9.7.3

Release notes

Sourced from @​launchdarkly/node-server-sdk's releases.

node-server-sdk: v9.7.3

9.7.3 (2025-01-22)

Bug Fixes

  • Fix typo in proxy-authorization header for basic authentication. (#720) (220b6d6), closes #718

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​launchdarkly/js-server-sdk-common bumped from 2.10.0 to 2.11.0
Commits
  • 1ff96ce chore: release main (#721)
  • 5cffb2b feat: Add the ability to filter errors. (#743)
  • 833f4ce fix: Fix breadcrumb filter option parsing. (#742)
  • 14ecdb3 feat: Make browser-telemetry specific inspector type. (#741)
  • 68a3b87 feat: Add singleton support for browser-telemetry. (#739)
  • 320c07d feat: Add support for the session init event. (#738)
  • 2ef1486 feat: Add basic logging support for browser-telemetry. (#736)
  • 5c327a1 feat: Add support for breadcrumb filtering. (#733)
  • bc4a994 chore: Port TraceKit tests. (#731)
  • c2a87b1 feat: Enable source maps with inlined sources for browser SDK. (#734)
  • Additional commits viewable in compare view

Updates @nestjs/config from 3.3.0 to 4.0.0

Release notes

Sourced from @​nestjs/config's releases.

Release 4.0.0

Breaking changes

The order in which configuration variables are read by the ConfigService#get method has been updated. The new order is:

  • Internal configuration (config namespaces and custom config files)
  • Validated environment variables (if validation is enabled and a schema is provided)
  • The process.env object

Previously, validated environment variables and the process.env object were read first, preventing them from being overridden by internal configuration. With this update, internal configuration will now always take precedence over environment variables.

Additionally, the ignoreEnvVars configuration option, which previously allowed disabling validation of the process.env object, has been deprecated. Instead, use the validatePredefined option (set to false to disable validation of predefined environment variables). Predefined environment variables refer to process.env variables that were set before the module was imported. For example, if you start your application with PORT=3000 node main.js, the PORT variable is considered predefined. However, variables loaded by the ConfigModule from a .env file are not classified as predefined.

A new skipProcessEnv option has also been introduced. This option allows you to prevent the ConfigService#get method from accessing the process.env object entirely, which can be helpful when you want to restrict the service from reading environment variables directly.

Changelog

  • chore: update config attributes to more self descriptive names (c2eaf04)
  • chore(deps): update nest monorepo to v11 (1c20713)
  • feat: order of reading variables, add skip predefined (c53c63c)
Commits
  • 163a4a8 chore(): release v4.0.0
  • c2eaf04 chore: update config attributes to more self descriptive names
  • ce18cb8 Merge branch 'master' into next
  • 49c13fc test: update integration test to use new dotenv-expand opts
  • a1225db chore: upgrade eslint, update deps, ci setup
  • 1c54dde Merge pull request #1919 from foxadb/refactor-missing-return-types
  • 6411b7d Merge pull request #1925 from nestjs/renovate/major-nest-monorepo
  • e9c8727 Merge pull request #1883 from nestjs/feat/skip-predefined-change-order
  • 94852a5 chore(deps): update dependency lint-staged to v15.4.1 (#1926)
  • 49eec57 chore(deps): update dependency lint-staged to v15.4.0 (#1924)
  • Additional commits viewable in compare view

Updates @nestjs/core from 10.4.15 to 11.0.4

Release notes

Sourced from @​nestjs/core's releases.

v11.0.0 (2025-01-16)

Article: coming soon 📆 Migration guide: https://docs.nestjs.com/migration-guide 👈 👈 👈

⚠️ Node v16 and v18 are no longer supported (>= v20 is required).

Features

  • common, core, microservices
    • #14142 feat(microservices): add status, unwrap, on methods to microservice transporters (clients/servers) (@​kamilmysliwiec)
  • common, core
    • #13336 feat(core): introduce different module opaque key factories (improve bootstrap performance) (@​kamilmysliwiec)
  • common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
    • #14238 chore(deps): upgrade to express v5, fastify v5, add legacy route path converter to minimize breaking changes (@​kamilmysliwiec)

Enhancements

Bug fixes

... (truncated)

Commits

Updates @nestjs/platform-express from 10.4.15 to 11.0.4

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.0.0 (2025-01-16)

Article: coming soon 📆 Migration guide: https://docs.nestjs.com/migration-guide 👈 👈 👈

⚠️ Node v16 and v18 are no longer supported (>= v20 is required).

Features

  • common, core, microservices
    • #14142 feat(microservices): add status, unwrap, on methods to microservice transporters (clients/servers) (@​kamilmysliwiec)
  • common, core
    • #13336 feat(core): introduce different module opaque key factories (improve bootstrap performance) (@​kamilmysliwiec)
  • common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
    • #14238 chore(deps): upgrade to express v5, fastify v5, add legacy route path converter to minimize breaking changes (@​kamilmysliwiec)

Enhancements

Bug fixes

... (truncated)

Commits

Updates @nestjs/cli from 10.4.9 to 11.0.2

Release notes

Sourced from @​nestjs/cli's releases.

Release 11.0.2

  • fix: swc compiler does not watch files (8aaa9df6)

Release 11.0.1

  • fix: pass matched paths to chokidar watcher (watchAssets) (bd960640)

11.0.0

Migration guide: https://docs.nestjs.com/migration-guide

Features and improvements

  • feat(schematics): list schematics from extended collections #2096
  • feat: nest build --all flag #2312
  • feat: add flag to disable shell mode for nest start --watch #2522
  • feat!: drop uncommon variants of nest cli config file name #2769
  • feat: add support for --env-file flag #2818

Dependencies

  • fix(deps): update dependency glob to v11 #2788
  • chore/upgrade inquirer package #2718
  • fix(deps): update dependency chokidar to v4 #2734
  • fix(deps): update angular-cli monorepo to v19 #2811
Commits

Updates @nestjs/schematics from 10.2.3 to 11.0.0

Release notes

Sourced from @​nestjs/schematics's releases.

Release 11.0.0 (2025-01-17)

Changelog

  • feat: sort library and sub-app names to reduce git merge conflicts (797a384)
  • feat: enable strict null checks and consistent casing (a4cb235)
  • chore: upgrade to eslint v9 (7b205f5)
Commits
  • 67a5356 chore: resolve conflicts
  • 94a3ba8 chore: update schematics package.json files
  • 641f8ce chore(deps): update dependency @​commitlint/cli to v19.6.1 (#1962)
  • 2aad221 chore(deps): update dependency eslint to v9.17.0 (#1961)
  • 9c9d318 chore(deps): update dependency nodemon to v3.1.9 (#1960)
  • 1cce577 chore(deps): update dependency @​types/node to v22.10.2 (#1959)
  • 000626c chore(deps): update typescript-eslint monorepo to v8.18.0 (#1958)
  • a0efb93 chore(deps): update dependency prettier to v3.4.2 (#1955)
  • 190ff42 chore(deps): update typescript-eslint monorepo to v8.17.0 (#1954)
  • 4809572 chore(deps): update dependency eslint to v9.16.0 (#1953)
  • Additional commits viewable in compare view

Updates @typescript-eslint/eslint-plugin from 8.20.0 to 8.21.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.21.0

8.21.0 (2025-01-20)

🚀 Features

  • ast-spec: support import attributes in TSImportType (#10640)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)
  • eslint-plugin: check JSX spread elements for misused spread usage (#10653)
  • eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
  • eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
  • eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
  • eslint-plugin-internal: [debug-namespace] on windows (#10661)
  • rule-tester: handle window root path (#10654)
  • scope-manager: add a reference for JSX closing element if it exists (#10614)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.21.0 (2025-01-20)

🩹 Fixes

  • eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
  • eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
  • eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
  • eslint-plugin: check JSX spread elements for misused spread usage (#10653)
  • eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Commits
  • 79af426 chore(release): publish 8.21.0
  • 609a78f test(eslint-plugin): adjust tests to verify no-unnecessary-type-assertion d...
  • fb4ca72 fix(eslint-plugin): [no-duplicate-enum-values] handle template literal (#10675)
  • 1895948 fix(eslint-plugin): [no-base-to-string] don't crash for recursive array or tu...
  • 74f1c5a fix(eslint-plugin): [no-for-in-array] report on any type which may be an arra...
  • 916b989 fix(eslint-plugin): check JSX spread elements for misused spread usage (#10653)
  • 31be053 chore: fix failing test on master
  • 70f3092 docs: [no-misused-spread] fix sample code (#10659)
  • a157fd4 chore: standardized on inline named exports (mostly) (#10596)
  • 3dbcc19 fix(eslint-plugin): [no-unnecessary-type-arguments] handle type args on jsx (...
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.20.0 to 8.21.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.21.0

8.21.0 (2025-01-20)

🚀 Features

  • ast-spec: support import attributes in TSImportType (#10640)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-type-arguments] handle type args on jsx (#10630)
  • eslint-plugin: check JSX spread elements for misused spread usage (#10653)
  • eslint-plugin: [no-for-in-array] report on any type which may be an array or array-like (#10535)
  • eslint-plugin: [no-base-to-string] don't crash for recursive array or tuple types (#10633)
  • eslint-plugin: [no-duplicate-enum-values] handle template literal (#10675)
  • eslint-plugin-internal: [debug-namespace] on windows (#10661)
  • rule-tester: handle window root path (#10654)
  • scope-manager: add a reference for JSX closing element if it exists (#10614)

❤️ Thank You

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.21.0 (2025-01-20)

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

Commits

Updates eslint-plugin-prettier from 5.2.2 to 5.2.3

Release notes

Sourced from eslint-plugin-prettier's releases.

v5.2.3

Patch Changes

Changelog

Sourced from eslint-plugin-prettier's changelog.

5.2.3

Patch Changes

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(example): bump the dependencies group across 1 directory with 9 …
f0ccc37 
…updates

Bumps the dependencies group with 9 updates in the /examples/nestjs-launchdarkly directory:

| Package | From | To |
| --- | --- | --- |
| [@launchdarkly/node-server-sdk](https://github.com/launchdarkly/js-core) | `9.7.2` | `9.7.3` |
| [@nestjs/config](https://github.com/nestjs/config) | `3.3.0` | `4.0.0` |
| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `10.4.15` | `11.0.4` |
| [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) | `10.4.15` | `11.0.4` |
| [@nestjs/cli](https://github.com/nestjs/nest-cli) | `10.4.9` | `11.0.2` |
| [@nestjs/schematics](https://github.com/nestjs/schematics) | `10.2.3` | `11.0.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.20.0` | `8.21.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.20.0` | `8.21.0` |
| [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.2.2` | `5.2.3` |



Updates `@launchdarkly/node-server-sdk` from 9.7.2 to 9.7.3
- [Release notes](https://github.com/launchdarkly/js-core/releases)
- [Changelog](https://github.com/launchdarkly/js-core/blob/main/release-please-config.json)
- [Commits](launchdarkly/js-core@node-server-sdk-v9.7.2...node-server-sdk-v9.7.3)

Updates `@nestjs/config` from 3.3.0 to 4.0.0
- [Release notes](https://github.com/nestjs/config/releases)
- [Changelog](https://github.com/nestjs/config/blob/master/.release-it.json)
- [Commits](nestjs/config@3.3.0...4.0.0)

Updates `@nestjs/core` from 10.4.15 to 11.0.4
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.0.4/packages/core)

Updates `@nestjs/platform-express` from 10.4.15 to 11.0.4
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.0.4/packages/platform-express)

Updates `@nestjs/cli` from 10.4.9 to 11.0.2
- [Release notes](https://github.com/nestjs/nest-cli/releases)
- [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json)
- [Commits](nestjs/nest-cli@10.4.9...11.0.2)

Updates `@nestjs/schematics` from 10.2.3 to 11.0.0
- [Release notes](https://github.com/nestjs/schematics/releases)
- [Changelog](https://github.com/nestjs/schematics/blob/master/.release-it.json)
- [Commits](nestjs/schematics@10.2.3...11.0.0)

Updates `@typescript-eslint/eslint-plugin` from 8.20.0 to 8.21.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.21.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.20.0 to 8.21.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.21.0/packages/parser)

Updates `eslint-plugin-prettier` from 5.2.2 to 5.2.3
- [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/master/CHANGELOG.md)
- [Commits](prettier/eslint-plugin-prettier@v5.2.2...v5.2.3)

---
updated-dependencies:
- dependency-name: "@launchdarkly/node-server-sdk"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@nestjs/config"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@nestjs/core"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@nestjs/platform-express"
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@nestjs/cli"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@nestjs/schematics"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: eslint-plugin-prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner January 23, 2025 06:34
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 23, 2025
@dependabot dependabot bot requested review from blaine-arcjet and e-moran January 23, 2025 06:34
@trunk-io Trunk.io
Copy link

trunk-io bot commented Jan 23, 2025

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

@socket-security Socket Security
Copy link

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@launchdarkly/[email protected] filesystem, network Transitive: environment +7 1.95 MB launchdarkly
npm/@nestjs/[email protected] Transitive: environment, eval, filesystem, network +34 7.84 MB kamilmysliwiec, nestjscore
npm/@nestjs/[email protected] environment, filesystem +2 148 kB nestjscore
npm/@nestjs/[email protected] environment, unsafe Transitive: filesystem, shell +3 933 kB nestjscore
npm/@nestjs/[email protected] Transitive: environment, filesystem, network, unsafe +26 1.58 MB nestjscore
npm/@nestjs/[email protected] Transitive: eval, network +7 2.45 MB nestjscore
npm/[email protected] None 0 34.5 kB bpscott, jounqin, lydell, ...3 more

View full report↗︎

@socket-security Socket Security
Copy link

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
New author npm/[email protected] 🚫
New author npm/[email protected] 🚫
New author npm/[email protected] 🚫
New author npm/[email protected] 🚫
New author npm/[email protected] 🚫
New author npm/[email protected] 🚫
Unstable ownership npm/[email protected] 🚫
Shell access npm/@nuxt/[email protected] 🚫
Install scripts npm/@nestjs/[email protected]
  • Install script: postinstall
  • Source: opencollective || exit 0
 🚫

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is unstable ownership?

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 24, 2025

Superseded by #2972.

@dependabot dependabot bot closed this Jan 24, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/examples/nestjs-launchdarkly/dependencies-1ff66e4078 branch January 24, 2025 06:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blaine-arcjet blaine-arcjet Awaiting requested review from blaine-arcjet

@e-moran e-moran Awaiting requested review from e-moran

Assignees

@e-moran e-moran

@blaine-arcjet blaine-arcjet

Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@e-moran @blaine-arcjet