Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependencies (major) #2994

Merged
merged 2 commits into from
Nov 25, 2024
Merged

fix(deps): update dependencies (major) #2994

merged 2 commits into from
Nov 25, 2024
+277 −152

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 14, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@vercel/kv (source) ^2.0.0 -> ^3.0.0 age adoption passing confidence
nuxt-security (source) ^1.4.3 -> ^2.0.0 age adoption passing confidence
postcss-nested ^6.0.1 -> ^7.0.0 age adoption passing confidence

Release Notes

vercel/storage (@​vercel/kv)

v3.0.0

Compare Source

Major Changes
  • 14bc82e: BREAKING: Updates @​upstash/redis to v1.34.0 which contains a small breaking change in the public API. The cursor field in scan commands is now returned as string instead of number.
Baroshem/nuxt-security (nuxt-security)

v2.1.4

Compare Source

compare changes

🩹 Fixes
  • #​564 resolves issue with element.replace on non-string elements (#​564)
❤️ Contributors

v2.1.3

Compare Source

compare changes

🩹 Fixes
  • #​564 resolves issue with element.replace on non-string elements (#​564)
❤️ Contributors

v2.1.2: 2.1.2

Compare Source

🚨Hotfix release: re-enable console.logs in dev mode

This release prevents the removal of console.log statements by Nuxt-Security in development mode.

Nuxt Security helps you ship safer applications by removing console.log statements when the removeLoggers option is set to true, which is the default value.
However, removing console.log statements by default also in development mode is causing our users to search why their logs are disappearing.

With this release, removeLoggers only removes console.log statements in production builds.

What's Changed

Full Changelog: Baroshem/nuxt-security@v2.1.1...v2.1.2

v2.1.1: 2.1.1

Compare Source

🛠️ Hotfix Release : Node 18 Compatibility

This hotfix release re-introduces support for Node 18.
Node 18 is the minimum requirement for all Nuxt 3 applications.

Full Changelog: Baroshem/nuxt-security@v2.1.0...v2.1.1

v2.1.0: 2.1.0

Compare Source

2.1.0 🎉

This is a new minor version where we focused mainly on fixing bugs but we also introduced Continous Releases by Stackblitz!

Enjoy!

👉 Changelog
compare changes

❤️ Contributors

What's Changed

New Contributors

Full Changelog: Baroshem/nuxt-security@v2.0.0...v2.1.0

v2.0.0: 2.0.0

Compare Source

2.0.0 🎉

This is the new major version of the NuxtSecurity module. After nine release candidates versions, we are ready to present you this new amazing version 🚀

With it, we have updated many things that you can check out below in comparison to version 1.4.0.

Enjoy!

New features

As a part of this new release, there are several new features.

A+ Score by default

Our new version delivers an A+ security rating by default on both the Mozilla Observatory and SecurityHeaders.com
Our documentation page is deployed with Nuxt-Security and is tested on these two scanners: 329857551-f181edcd-7059-4399-9af0-26c83a9dc48e329857562-d28f9b97-de64-49d8-9969-eef2692e6dd1

Performance optimization

We are considerably improving the performance of Nuxt Security with this release, by removing all dependency from cheerio.
Applications running in lightweight environments such as workers, will benefit from significantly reduced CPU and memory usage, and increased page delivery.

Many thanks to @​GalacticHypernova for leading the full rewrite of our HTML parsing engine 💚

All Nuxt modes

Security headers are now deployed in all Nuxt rendering modes:

  • Universal
  • Client-only
  • Hybrid

See https://github.com/Baroshem/nuxt-security/pull/441 for details.

OWASP compliance

We are updating our default security settings to conform with the latest OWASP default values for headers.
Users benefit from these updating settings out of the box, with no changes required.

See https://github.com/Baroshem/nuxt-security/pull/450 for details.

Full Static Support

We are significantly improving application security for static websites:

  • If the site is deployed with a Nitro Preset, security headers are now delivered natively. Netlify and Vercel static presets have been fully tested.
  • If the site is deployed in a custom environment (e.g. bare-metal server), we provide a new prerenderedHeaders build-time hook that exposes all security headers for complete control of your server's headers.
🗞️ Next steps

We are planning a new release soon with the Nuxt DevTools Tab support 🚀

👉 Changelog
compare changes

❤️ Contributors
What's Changed
New Contributors
postcss/postcss-nested (postcss-nested)

v7.0.2

Compare Source

v7.0.1

Compare Source

v7.0.0

Compare Source

  • More complex logic of when to move comments (by @​Ulyanov-programmer).
  • Removed Node.js 16, 14, and 12 support.

v6.2.0

Compare Source

  • Added @starting-style to bubbling at-rules.

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the c: dependencies Pull requests that adds/updates a dependency label Oct 14, 2024
@netlify Netlify
Copy link

netlify bot commented Oct 14, 2024
edited
Loading

Deploy Preview for elk-docs canceled.

Name Link
🔨 Latest commit a029917
🔍 Latest deploy log https://app.netlify.com/sites/elk-docs/deploys/6743ec39451897000804ee2a

@netlify Netlify
Copy link

netlify bot commented Oct 14, 2024
edited
Loading

Deploy Preview for elk-zone ready!

Name Link
🔨 Latest commit a029917
🔍 Latest deploy log https://app.netlify.com/sites/elk-zone/deploys/6743ec39a3f5510008444ea0
😎 Deploy Preview https://deploy-preview-2994--elk-zone.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@socket-security Socket Security
Copy link

socket-security bot commented Oct 14, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@vercel/[email protected] environment 0 40.2 kB vercel-release-bot

🚮 Removed packages: npm/@vercel/[email protected]

View full report↗︎

@renovate renovate bot force-pushed the renovate/major-dependencies branch from d766e7d to b8fcfc9 Compare October 14, 2024 08:35
shuuji3
shuuji3 reviewed Oct 15, 2024
View reviewed changes
package.json
@@ -85,7 +85,7 @@
"lru-cache": "^11.0.0",
"masto": "^6.7.5",
"node-emoji": "^2.1.3",
"nuxt-security": "^1.4.3",
"nuxt-security": "^2.0.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that this major version up somehow broke the type inference of the returned value of useRuntimeConfig().

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, the latest version of nuxt-security (v2.1.4) no longer has the previous type error.

@renovate renovate bot force-pushed the renovate/major-dependencies branch from b8fcfc9 to 90bf83a Compare October 21, 2024 02:27
@renovate renovate bot force-pushed the renovate/major-dependencies branch 4 times, most recently from 7a8e58b to 92ee07f Compare November 4, 2024 17:06
@renovate renovate bot force-pushed the renovate/major-dependencies branch 5 times, most recently from 5149721 to a9369ad Compare November 11, 2024 02:05
@renovate renovate bot force-pushed the renovate/major-dependencies branch 4 times, most recently from 71a57c6 to 93ab924 Compare November 24, 2024 13:39
@renovate renovate bot force-pushed the renovate/major-dependencies branch from 93ab924 to 4bcb220 Compare November 25, 2024 01:25
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Nov 25, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@shuuji3 shuuji3 added this pull request to the merge queue Nov 25, 2024
Merged via the queue into main with commit beeb30f Nov 25, 2024
15 checks passed
@shuuji3 shuuji3 deleted the renovate/major-dependencies branch November 25, 2024 03:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shuuji3 shuuji3 shuuji3 left review comments

Assignees
No one assigned
Labels
c: dependencies Pull requests that adds/updates a dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@shuuji3