Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates #15959

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the npm_and_yarn group across 3 directories with 4 updates #15959

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 20, 2024

Bumps the npm_and_yarn group with 2 updates in the /. directory: @sveltejs/kit and vite.
Bumps the npm_and_yarn group with 2 updates in the /packages/guardian-prover-health-check-ui directory: @sveltejs/kit and vite.
Bumps the npm_and_yarn group with 2 updates in the /packages/protocol directory: @openzeppelin/contracts-upgradeable and @openzeppelin/contracts.

Updates @sveltejs/kit from 1.30.4 to 2.5.0

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.5.0

Minor Changes

  • feat: dev/preview/prerender platform emulation (#11730)

Patch Changes

  • fix: strip /@fs prefix correctly on Windows when invoking read() in dev mode (#11728)

@​sveltejs/kit@​2.4.3

Patch Changes

  • fix: only disallow body with GET/HEAD (#11710)

@​sveltejs/kit@​2.4.2

Patch Changes

  • fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)

@​sveltejs/kit@​2.4.1

Patch Changes

  • fix: use Vite's default value for build.target and respect override supplied by user (#11688)

  • fix: properly decode base64 strings inside read (#11682)

  • fix: default route config to {} for feature checking (#11685)

  • fix: handle onNavigate callbacks correctly (#11678)

@​sveltejs/kit@​2.4.0

Minor Changes

  • feat: add $app/server module with read function for reading assets from filesystem (#11649)

@​sveltejs/kit@​2.3.5

Patch Changes

  • fix: log a warning if fallback page overwrites prerendered page (#11661)

@​sveltejs/kit@​2.3.4

Patch Changes

  • fix: don't stash away original history methods so other libs can monkeypatch it (#11657)

@​sveltejs/kit@​2.3.3

Patch Changes

  • fix: remove internal __sveltekit/ module declarations from types (#11620)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.5.0

Minor Changes

  • feat: dev/preview/prerender platform emulation (#11730)

Patch Changes

  • fix: strip /@fs prefix correctly on Windows when invoking read() in dev mode (#11728)

2.4.3

Patch Changes

  • fix: only disallow body with GET/HEAD (#11710)

2.4.2

Patch Changes

  • fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)

2.4.1

Patch Changes

  • fix: use Vite's default value for build.target and respect override supplied by user (#11688)

  • fix: properly decode base64 strings inside read (#11682)

  • fix: default route config to {} for feature checking (#11685)

  • fix: handle onNavigate callbacks correctly (#11678)

2.4.0

Minor Changes

  • feat: add $app/server module with read function for reading assets from filesystem (#11649)

2.3.5

Patch Changes

  • fix: log a warning if fallback page overwrites prerendered page (#11661)

2.3.4

Patch Changes

... (truncated)

Commits

Updates vite from 4.5.2 to 5.1.3

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.1.3 (2024-02-15)

5.1.2 (2024-02-14)

5.1.1 (2024-02-09)

5.1.0 (2024-02-08)

Vite 5.1 is out! Read the announcement blog post at https://vitejs.dev/blog/announcing-vite5-1!

5.1.0-beta.7 (2024-02-07)

... (truncated)

Commits

Updates @sveltejs/kit from 2.0.4 to 2.4.3

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.5.0

Minor Changes

  • feat: dev/preview/prerender platform emulation (#11730)

Patch Changes

  • fix: strip /@fs prefix correctly on Windows when invoking read() in dev mode (#11728)

@​sveltejs/kit@​2.4.3

Patch Changes

  • fix: only disallow body with GET/HEAD (#11710)

@​sveltejs/kit@​2.4.2

Patch Changes

  • fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)

@​sveltejs/kit@​2.4.1

Patch Changes

  • fix: use Vite's default value for build.target and respect override supplied by user (#11688)

  • fix: properly decode base64 strings inside read (#11682)

  • fix: default route config to {} for feature checking (#11685)

  • fix: handle onNavigate callbacks correctly (#11678)

@​sveltejs/kit@​2.4.0

Minor Changes

  • feat: add $app/server module with read function for reading assets from filesystem (#11649)

@​sveltejs/kit@​2.3.5

Patch Changes

  • fix: log a warning if fallback page overwrites prerendered page (#11661)

@​sveltejs/kit@​2.3.4

Patch Changes

  • fix: don't stash away original history methods so other libs can monkeypatch it (#11657)

@​sveltejs/kit@​2.3.3

Patch Changes

  • fix: remove internal __sveltekit/ module declarations from types (#11620)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.5.0

Minor Changes

  • feat: dev/preview/prerender platform emulation (#11730)

Patch Changes

  • fix: strip /@fs prefix correctly on Windows when invoking read() in dev mode (#11728)

2.4.3

Patch Changes

  • fix: only disallow body with GET/HEAD (#11710)

2.4.2

Patch Changes

  • fix: ignore bodies sent with non-PUT/PATCH/POST requests (#11708)

2.4.1

Patch Changes

  • fix: use Vite's default value for build.target and respect override supplied by user (#11688)

  • fix: properly decode base64 strings inside read (#11682)

  • fix: default route config to {} for feature checking (#11685)

  • fix: handle onNavigate callbacks correctly (#11678)

2.4.0

Minor Changes

  • feat: add $app/server module with read function for reading assets from filesystem (#11649)

2.3.5

Patch Changes

  • fix: log a warning if fallback page overwrites prerendered page (#11661)

2.3.4

Patch Changes

... (truncated)

Commits

Updates vite from 5.0.10 to 5.0.12

Release notes

Sourced from vite's releases.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.1.3 (2024-02-15)

5.1.2 (2024-02-14)

5.1.1 (2024-02-09)

5.1.0 (2024-02-08)

Vite 5.1 is out! Read the announcement blog post at https://vitejs.dev/blog/announcing-vite5-1!

5.1.0-beta.7 (2024-02-07)

... (truncated)

Commits

Updates @openzeppelin/contracts-upgradeable from 4.8.2 to 4.9.3

Release notes

Sourced from @​openzeppelin/contracts-upgradeable's releases.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
  • Strings: add toString method for signed integers. (#3773)
  • ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
  • EIP712: add EIP-5267 support for better domain discovery. (#3969)
  • AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
  • SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
  • SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)
  • ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)
  • ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)
  • ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)
  • ERC721URIStorage: Emit ERC-4906 MetadataUpdate in _setTokenURI. (#4012)
  • ShortStrings: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)
  • SignatureChecker: Allow return data length greater than 32 from EIP-1271 signers. (#4038)
  • UUPSUpgradeable: added granular oz-upgrades-unsafe-allow-reachable annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/[email protected]). (#3971)
  • Initializable: optimize _disableInitializers by using != instead of <. (#3787)
  • Ownable2Step: make acceptOwnership public virtual to enable usecases that require overriding it. (#3960)
  • UUPSUpgradeable.sol: Change visibility to the functions upgradeTo and upgradeToAndCall from external to public. (#3959)
  • TimelockController: Add the CallSalt event to emit on operation schedule. (#4001)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts-upgradeable's changelog.

4.9.3 (2023-07-28)

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

4.9.2 (2023-06-16)

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

4.9.1 (2023-06-07)

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

4.9.0 (2023-05-23)

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
  • Strings: add toString method for signed integers. (#3773)
  • ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
  • EIP712: add EIP-5267 support for better domain discovery. (#3969)
  • AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
  • SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
  • SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)
  • ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)
  • ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)
  • ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)
  • ERC721URIStorage: Emit ERC-4906 MetadataUpdate in _setTokenURI. (#4012)
  • ShortStrings: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)
  • SignatureChecker: Allow return data length greater than 32 from EIP-1271 signers. (#4038)
  • UUPSUpgradeable: added granular oz-upgrades-unsafe-allow-reachable annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/[email protected]). (#3971)
  • Initializable: optimize _disableInitializers by using != instead of <. (#3787)
  • Ownable2Step: make acceptOwnership public virtual to enable usecases that require overriding it. (#3960)
  • UUPSUpgradeable.sol: Change visibility to the functions upgradeTo and upgradeToAndCall from external to public. (#3959)
  • TimelockController: Add the CallSalt event to emit on operation schedule. (#4001)
  • Reformatted codebase with latest version of Prettier Solidity. (#3898)
  • Math: optimize log256 rounding check. (#3745)
  • ERC20Votes: optimize by using unchecked arithmetic. (#3748)
  • Multicall: annotate multicall function as upgrade safe to not raise a flag for its delegatecall. (#3961)
  • ERC20Pausable, ERC721Pausable, ERC1155Pausable: Add note regarding missing public pausing functionality (#4007)
  • ECDSA: Add a function toDataWithIntendedValidatorHash that encodes data with version 0x00 following EIP-191. (#4063)
  • MerkleProof: optimize by using unchecked arithmetic. (#3745)

... (truncated)

Commits

Updates @openzeppelin/contracts from 4.8.2 to 4.9.3

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

  • MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

  • Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

  • ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
  • ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
  • EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
  • Governor: add a public cancel(uint256) function. (#3983)
  • Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
  • Strings: add equal method. (#3774)
  • IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
  • IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
  • StorageSlot: Add support for string and bytes. (#4008)
  • Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
  • ERC4626: Add mitigation to the inflation attack through ...

    Description has been truncated

@dependabot
chore(deps): bump the npm_and_yarn group across 3 directories with 4 …
3c88797 
…updates

Bumps the npm_and_yarn group with 2 updates in the /. directory: [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /packages/guardian-prover-health-check-ui directory: [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /packages/protocol directory: [@openzeppelin/contracts-upgradeable](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable) and [@openzeppelin/contracts](https://github.com/OpenZeppelin/openzeppelin-contracts).


Updates `@sveltejs/kit` from 1.30.4 to 2.5.0
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/[email protected]/packages/kit)

Updates `vite` from 4.5.2 to 5.1.3
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.1.3/packages/vite)

Updates `@sveltejs/kit` from 2.0.4 to 2.4.3
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/[email protected]/packages/kit)

Updates `vite` from 5.0.10 to 5.0.12
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.1.3/packages/vite)

Updates `@openzeppelin/contracts-upgradeable` from 4.8.2 to 4.9.3
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/v4.9.3/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts-upgradeable@v4.8.2...v4.9.3)

Updates `@openzeppelin/contracts` from 4.8.2 to 4.9.3
- [Release notes](https://github.com/OpenZeppelin/openzeppelin-contracts/releases)
- [Changelog](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/CHANGELOG.md)
- [Commits](OpenZeppelin/openzeppelin-contracts@v4.8.2...v4.9.3)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: vite
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@sveltejs/kit"
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: vite
  dependency-type: direct:development
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@openzeppelin/contracts-upgradeable"
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
- dependency-name: "@openzeppelin/contracts"
  dependency-type: direct:production
  dependency-group: npm_and_yarn-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 20, 2024
@dionysuzx
Copy link
Collaborator

i think dependabot made an error, it downgraded some packages and didn't commit the pnpm-lock.yaml properly. it's a beta feature.

image

i'll close this for now, if it makes more errors i will disable batched dependabot PRs until it's more stable.

@dionysuzx dionysuzx closed this Feb 21, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 21, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

@dionysuzx dionysuzx deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-6e4a967e51 branch February 21, 2024 00:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidtaikocha davidtaikocha davidtaikocha approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dionysuzx @davidtaikocha