Upgrade dependencies 04 26#262
Merged
Merged
Conversation
Run npm audit fix # npm audit report brace-expansion <1.1.13 || >=2.0.0 <2.0.3 Severity: moderate brace-expansion: Zero-step sequence causes process hang and memory exhaustion - GHSA-f886-m6hf-6m8v brace-expansion: Zero-step sequence causes process hang and memory exhaustion - GHSA-f886-m6hf-6m8v fix available via `npm audit fix` node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion node_modules/brace-expansion flatted <=3.4.1 Severity: high flatted vulnerable to unbounded recursion DoS in parse() revive phase - GHSA-25h7-pfq9-p65f Prototype Pollution via parse() in NodeJS flatted - GHSA-rf6f-7fwh-wjgh fix available via `npm audit fix` node_modules/flatted minimatch 9.0.0 - 9.0.6 Severity: high minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - GHSA-3ppc-4f35-3m26 minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - GHSA-7r86-cg39-jmmj minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - GHSA-23c5-xmqv-rm74 fix available via `npm audit fix` node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch picomatch <=2.3.1 || 4.0.0 - 4.0.3 Severity: high Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - GHSA-3v7f-55p6-f55p Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - GHSA-3v7f-55p6-f55p Picomatch has a ReDoS vulnerability via extglob quantifiers - GHSA-c2c7-rcm5-vvqj Picomatch has a ReDoS vulnerability via extglob quantifiers - GHSA-c2c7-rcm5-vvqj fix available via `npm audit fix` node_modules/micromatch/node_modules/picomatch node_modules/picomatch rollup 4.0.0 - 4.58.0 Severity: high Rollup 4 has Arbitrary File Write via Path Traversal - GHSA-mw96-cpmx-2vgc fix available via `npm audit fix` node_modules/rollup vite 7.0.0 - 7.3.1 Severity: high Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling - GHSA-4w7w-66w2-5vf9 Vite: `server.fs.deny` bypassed with queries - GHSA-v2wj-q39q-566r Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket - GHSA-p9ff-h696-f583 fix available via `npm audit fix` node_modules/vite 6 vulnerabilities (1 moderate, 5 high) Update dependencies Bump selenium-webdriver from 4.40.0 to 4.41.0 Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.40.0 to 4.41.0. - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](SeleniumHQ/selenium@selenium-4.40.0...selenium-4.41.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-version: 4.41.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump capybara-lockstep from 2.3.0 to 2.3.1 Bumps [capybara-lockstep](https://github.com/makandra/capybara-lockstep) from 2.3.0 to 2.3.1. - [Changelog](https://github.com/makandra/capybara-lockstep/blob/main/CHANGELOG.md) - [Commits](makandra/capybara-lockstep@v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: capybara-lockstep dependency-version: 2.3.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Bump vite-plugin-ruby from 5.1.2 to 5.1.3 Bumps [vite-plugin-ruby](https://github.com/ElMassimo/vite_ruby) from 5.1.2 to 5.1.3. - [Commits](https://github.com/ElMassimo/vite_ruby/compare/vite-plugin-ruby@5.1.2...vite-plugin-ruby@5.1.3) --- updated-dependencies: - dependency-name: vite-plugin-ruby dependency-version: 5.1.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Bump tailwind-merge from 3.4.0 to 3.5.0 Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: tailwind-merge dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Bump web-console from 4.2.1 to 4.3.0 Bumps [web-console](https://github.com/rails/web-console) from 4.2.1 to 4.3.0. - [Release notes](https://github.com/rails/web-console/releases) - [Changelog](https://github.com/rails/web-console/blob/main/CHANGELOG.markdown) - [Commits](rails/web-console@v4.2.1...v4.3.0) --- updated-dependencies: - dependency-name: web-console dependency-version: 4.3.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump @tailwindcss/vite from 4.1.18 to 4.2.1 Bumps [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) from 4.1.18 to 4.2.1. - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.1/packages/@tailwindcss-vite) --- updated-dependencies: - dependency-name: "@tailwindcss/vite" dependency-version: 4.2.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump tailwindcss from 4.1.18 to 4.2.1 Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) from 4.1.18 to 4.2.1. - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.1/packages/tailwindcss) --- updated-dependencies: - dependency-name: tailwindcss dependency-version: 4.2.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump globals from 17.3.0 to 17.4.0 Bumps [globals](https://github.com/sindresorhus/globals) from 17.3.0 to 17.4.0. - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.3.0...v17.4.0) --- updated-dependencies: - dependency-name: globals dependency-version: 17.4.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Bump thruster from 0.1.18 to 0.1.19 Bumps [thruster](https://github.com/basecamp/thruster) from 0.1.18 to 0.1.19. - [Changelog](https://github.com/basecamp/thruster/blob/main/CHANGELOG.md) - [Commits](basecamp/thruster@v0.1.18...v0.1.19) --- updated-dependencies: - dependency-name: thruster dependency-version: 0.1.19 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Bump lucide-react from 0.563.0 to 0.577.0 Bumps [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) from 0.563.0 to 0.577.0. - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.577.0/packages/lucide-react) --- updated-dependencies: - dependency-name: lucide-react dependency-version: 0.577.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump webfactory/ssh-agent from 0.9.1 to 0.10.0 Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.1 to 0.10.0. - [Release notes](https://github.com/webfactory/ssh-agent/releases) - [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md) - [Commits](webfactory/ssh-agent@v0.9.1...v0.10.0) --- updated-dependencies: - dependency-name: webfactory/ssh-agent dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump sqlite3 from 2.9.0 to 2.9.2 Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 2.9.0 to 2.9.2. - [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases) - [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md) - [Commits](sparklemotion/sqlite3-ruby@v2.9.0...v2.9.2) --- updated-dependencies: - dependency-name: sqlite3 dependency-version: 2.9.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Bump rspec-rails from 8.0.2 to 8.0.4 Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 8.0.2 to 8.0.4. - [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md) - [Commits](rspec/rspec-rails@v8.0.2...v8.0.4) --- updated-dependencies: - dependency-name: rspec-rails dependency-version: 8.0.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Bump solid_queue from 1.3.1 to 1.4.0 Bumps [solid_queue](https://github.com/rails/solid_queue) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/rails/solid_queue/releases) - [Commits](rails/solid_queue@v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: solid_queue dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Bump kamal from 2.10.1 to 2.11.0 Bumps [kamal](https://github.com/basecamp/kamal) from 2.10.1 to 2.11.0. - [Release notes](https://github.com/basecamp/kamal/releases) - [Commits](basecamp/kamal@v2.10.1...v2.11.0) --- updated-dependencies: - dependency-name: kamal dependency-version: 2.11.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Address ssr error in use-mobile hook This addresses the error: SSR ERROR window is not defined Source: hooks/use-mobile.ts:5:13 Drop ssr.tsx and pass entrypoint to vite Update gem versions Required by scan_ruby ci step due to vulnerabilities CI updates * Update brakeman from 8.0.2 to 8.0.4 (required by scan_ruby step) * Add void to createInertiaApp on ssr entrypoint (required by lint_js step) Upgrade inertia to v3
skryukov
force-pushed
the
upgrade-dependencies-04-26
branch
from
ae914b9 to
5641d4a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces #260