Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 6 commits
- 10 files changed
- 4 contributors
Commits on Apr 27, 2025
-
chore(deps): update dependency pnpm to v10.9.0 (#399)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pnpm](https://pnpm.io) ([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm)) | `10.8.1` -> `10.9.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v10.9.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1090) [Compare Source](https://redirect.github.com/pnpm/pnpm/compare/v10.8.1...v10.9.0) ##### Minor Changes - **Added support for installing JSR packages.** You can now install JSR packages using the following syntax: pnpm add jsr:<pkg_name> or with a version range: pnpm add jsr:<pkg_name>@​<range> For example, running: pnpm add jsr:@​foo/bar will add the following entry to your `package.json`: ```json { "dependencies": { "@​foo/bar": "jsr:^0.1.2" } } ``` When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions: ```json { "dependencies": { "@​foo/bar": "npm:@​jsr/foo__bar@^0.1.2" } } ``` Related issue: [#​8941](https://redirect.github.com/pnpm/pnpm/issues/8941). Note: The `@jsr` scope defaults to <https://npm.jsr.io/> if the `@jsr:registry` setting is not defined. - Added a new setting, `dangerouslyAllowAllBuilds`, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to `pnpm-workspace.yaml`: ```yaml neverBuiltDependencies: [] ``` `dangerouslyAllowAllBuilds` has the same effect but also allows to be set globally via: pnpm config set dangerouslyAllowAllBuilds true It can also be set when running a command: pnpm install --dangerously-allow-all-builds ##### Patch Changes - Fix a false negative in `verifyDepsBeforeRun` when `nodeLinker` is `hoisted` and there is a workspace package without dependencies and `node_modules` directory [#​9424](https://redirect.github.com/pnpm/pnpm/issues/9424). - Explicitly drop `verifyDepsBeforeRun` support for `nodeLinker: pnp`. Combining `verifyDepsBeforeRun` and `nodeLinker: pnp` will now print a warning. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 8am on monday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/oxc-project/eslint-plugin-oxlint). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjI1Ny4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
-
chore(deps): update github-actions (#398)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.28.15` -> `v3.28.16` | | [taiki-e/install-action](https://redirect.github.com/taiki-e/install-action) | action | minor | `v2.49.50` -> `v2.50.3` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.28.16`](https://redirect.github.com/github/codeql-action/compare/v3.28.15...v3.28.16) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.28.15...v3.28.16) </details> <details> <summary>taiki-e/install-action (taiki-e/install-action)</summary> ### [`v2.50.3`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.3): 2.50.3 [Compare Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.2...v2.50.3) - Update `cargo-zigbuild@latest` to 0.20.0. ### [`v2.50.2`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.2): 2.50.2 [Compare Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.1...v2.50.2) - Update `cargo-lambda@latest` to 1.8.4. - Update `syft@latest` to 1.23.1. ### [`v2.50.1`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.1): 2.50.1 [Compare Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.0...v2.50.1) - Update `syft@latest` to 1.23.0. - Update `cargo-semver-checks@latest` to 0.41.0. ### [`v2.50.0`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.0): 2.50.0 [Compare Source](https://redirect.github.com/taiki-e/install-action/compare/v2.49.50...v2.50.0) - Support `taplo`. ([#​944](https://redirect.github.com/taiki-e/install-action/pull/944), thanks [@​vivienm](https://redirect.github.com/vivienm)) - Update `wasmtime@latest` to 32.0.0. - Update `release-plz@latest` to 0.3.133. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 8am on monday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/oxc-project/eslint-plugin-oxlint). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjI1Ny4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
-
chore(deps): update dependency eslint-plugin-unicorn to v59 (#400)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [eslint-plugin-unicorn](https://redirect.github.com/sindresorhus/eslint-plugin-unicorn) | [`^58.0.0` -> `^59.0.0`](https://renovatebot.com/diffs/npm/eslint-plugin-unicorn/58.0.0/59.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sindresorhus/eslint-plugin-unicorn (eslint-plugin-unicorn)</summary> ### [`v59.0.0`](https://redirect.github.com/sindresorhus/eslint-plugin-unicorn/compare/v58.0.0...3838ec815057154a7fb4cd8257abfb554502ba2f) [Compare Source](https://redirect.github.com/sindresorhus/eslint-plugin-unicorn/compare/v58.0.0...v59.0.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 8am on monday" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/oxc-project/eslint-plugin-oxlint). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjI1Ny4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Commits on Apr 28, 2025
Commits on Apr 30, 2025
-
chore(deps): update dependency vite to v6.3.4 [security] (#402)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`6.3.2` -> `6.3.4`](https://renovatebot.com/diffs/npm/vite/6.3.2/6.3.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-46565](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3) ### Summary The contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. Only files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed. - Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env` - Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*` ### Details [`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`). ### PoC ``` npm create vite@latest cd vite-project/ cat "secret" > .env npm install npm run dev curl --request-target /.env/. http://localhost:5173 ```   --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v6.3.4`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small634-2025-04-30-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v6.3.3...v6.3.4) - fix: check static serve file inside sirv ([#​19965](https://redirect.github.com/vitejs/vite/issues/19965)) ([c22c43d](https://redirect.github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb)), closes [#​19965](https://redirect.github.com/vitejs/vite/issues/19965) - fix(optimizer): return plain object when using `require` to import externals in optimized dependenci ([efc5eab](https://redirect.github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643)), closes [#​19940](https://redirect.github.com/vitejs/vite/issues/19940) - refactor: remove duplicate plugin context type ([#​19935](https://redirect.github.com/vitejs/vite/issues/19935)) ([d6d01c2](https://redirect.github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0)), closes [#​19935](https://redirect.github.com/vitejs/vite/issues/19935) ### [`v6.3.3`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small633-2025-04-24-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v6.3.2...v6.3.3) - fix: ignore malformed uris in tranform middleware ([#​19853](https://redirect.github.com/vitejs/vite/issues/19853)) ([e4d5201](https://redirect.github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a)), closes [#​19853](https://redirect.github.com/vitejs/vite/issues/19853) - fix(assets): ensure ?no-inline is not included in the asset url in the production environment ([#​1949](https://redirect.github.com/vitejs/vite/issues/1949) ([16a73c0](https://redirect.github.com/vitejs/vite/commit/16a73c05d35daa34117a173784895546212db5f4)), closes [#​19496](https://redirect.github.com/vitejs/vite/issues/19496) - fix(css): resolve relative imports in sass properly on Windows ([#​19920](https://redirect.github.com/vitejs/vite/issues/19920)) ([ffab442](https://redirect.github.com/vitejs/vite/commit/ffab44270488f54ae344801024474b597249071b)), closes [#​19920](https://redirect.github.com/vitejs/vite/issues/19920) - fix(deps): update all non-major dependencies ([#​19899](https://redirect.github.com/vitejs/vite/issues/19899)) ([a4b500e](https://redirect.github.com/vitejs/vite/commit/a4b500ef9ccc9b19a2882156a9ba8397e69bc6b2)), closes [#​19899](https://redirect.github.com/vitejs/vite/issues/19899) - fix(ssr): fix execution order of re-export ([#​19841](https://redirect.github.com/vitejs/vite/issues/19841)) ([ed29dee](https://redirect.github.com/vitejs/vite/commit/ed29dee2eb2e3573b2bc337e1a9124c65222a1e5)), closes [#​19841](https://redirect.github.com/vitejs/vite/issues/19841) - fix(ssr): fix live binding of default export declaration and hoist exports getter ([#​19842](https://redirect.github.com/vitejs/vite/issues/19842)) ([80a91ff](https://redirect.github.com/vitejs/vite/commit/80a91ff82426a4c88d54b9f5ec9a4205cb13899b)), closes [#​19842](https://redirect.github.com/vitejs/vite/issues/19842) - perf: skip sourcemap generation for renderChunk hook of import-analysis-build plugin ([#​19921](https://redirect.github.com/vitejs/vite/issues/19921)) ([55cfd04](https://redirect.github.com/vitejs/vite/commit/55cfd04b10f98cde7a96814a69b9813543ea79c2)), closes [#​19921](https://redirect.github.com/vitejs/vite/issues/19921) - test(ssr): test `ssrTransform` re-export deps and test stacktrace with first line ([#​19629](https://redirect.github.com/vitejs/vite/issues/19629)) ([9399cda](https://redirect.github.com/vitejs/vite/commit/9399cdaf8c3b2efd5f4015d57dc3b0e4e5b91a9d)), closes [#​19629](https://redirect.github.com/vitejs/vite/issues/19629) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/oxc-project/eslint-plugin-oxlint). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Commits on May 3, 2025
-
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action Co-authored-by: Boshen <[email protected]>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.16.8...v0.16.9