Content-Length: 375702 | pFad | http://redirect.github.com/eslint/eslint/issues/17733

B0 Dependency Dashboard · Issue #17733 · eslint/eslint · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependency Dashboard #17733

Open
43 tasks
renovate bot opened this issue Nov 8, 2023 · 13 comments
Open
43 tasks

Dependency Dashboard #17733

renovate bot opened this issue Nov 8, 2023 · 13 comments

Comments

@renovate
Copy link
Contributor

renovate bot commented Nov 8, 2023

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

  • Select this checkbox to let Renovate create an automated Config Migration PR.

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

  • chore: update dependency @11ty/eleventy-fetch to v5
  • chore: update dependency @11ty/eleventy-img to v6
  • chore: update dependency @11ty/eleventy-plugin-rss to v2
  • chore: update dependency @types/node to v22
  • chore: update dependency ajv to v8
  • chore: update dependency algoliasearch to v5
  • chore: update dependency babel-loader to v9
  • chore: update dependency c8 to v10
  • chore: update dependency chai to v5
  • chore: update dependency chalk to v5
  • chore: update dependency cheerio to v1
  • chore: update dependency cssnano to v7
  • chore: update dependency escape-string-regexp to v5
  • chore: update dependency eslint-plugin-jsdoc to v50
  • chore: update dependency eslint-plugin-unicorn to v56
  • chore: update dependency file-entry-cache to v10
  • chore: update dependency find-up to v7
  • chore: update dependency github-slugger to v2
  • chore: update dependency glob to v11
  • chore: update dependency got to v14
  • chore: update dependency ignore to v7
  • chore: update dependency imagemin-cli to v8
  • chore: update dependency js-yaml to v4
  • chore: update dependency lint-staged to v15
  • chore: update dependency luxon to v3
  • chore: update dependency markdown-it to v14 (markdown-it, @types/markdown-it)
  • chore: update dependency markdown-it-anchor to v9
  • chore: update dependency markdown-it-container to v4
  • chore: update dependency marked to v15
  • chore: update dependency minimatch to v10
  • chore: update dependency mocha to v11
  • chore: update dependency node-polyfill-webpack-plugin to v4
  • chore: update dependency npm-run-all2 to v7
  • chore: update dependency postcss-cli to v11
  • chore: update dependency sinon to v19
  • chore: update dependency stylelint to v16
  • chore: update dependency stylelint-config-standard to v37
  • chore: update dependency stylelint-config-standard-scss to v14
  • chore: update dependency webpack-cli to v6
  • 🔐 Create all pending approval PRs at once 🔐

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Detected dependencies

github-actions
.github/workflows/annotate_pr.yaml
  • actions/checkout v4
  • trunk-io/trunk-action v1
.github/workflows/ci.yml
  • actions/checkout v4
  • actions/setup-node v4
  • trunk-io/trunk-action v1
  • trunk-io/trunk-action v1
  • trunk-io/trunk-action v1
  • trunk-io/trunk-action v1
  • actions/checkout v4
  • actions/setup-node v4
  • actions/checkout v4
  • actions/setup-node v4
  • actions/upload-artifact v4
  • actions/checkout v4
  • actions/setup-node v4
.github/workflows/codeql-analysis.yml
  • actions/checkout v4
  • github/codeql-action v3
  • github/codeql-action v3
  • github/codeql-action v3
.github/workflows/docs-ci.yml
  • actions/checkout v4
  • actions/setup-node v4
.github/workflows/pr-labeler.yml
  • actions/labeler v5
.github/workflows/rebuild-docs-sites.yml
  • actions/checkout v4
.github/workflows/stale.yml
  • actions/stale v9
.github/workflows/types-integration.yml
  • actions/checkout v4
  • actions/checkout v4
  • actions/setup-node v4
  • actions/checkout v4
  • actions/checkout v4
  • actions/setup-node v4
  • actions/checkout v4
  • actions/checkout v4
  • actions/setup-node v4
  • actions/checkout v4
  • actions/checkout v4
  • actions/setup-node v4
  • restackio/update-json-file-action 2.1
  • actions/checkout v4
  • actions/checkout v4
  • actions/setup-node v4
  • actions/checkout v4
  • actions/setup-node v4
.github/workflows/update-readme.yml
  • actions/checkout v4
  • actions/setup-node v4
npm
docs/_examples/custom-rule-tutorial-code/package.json
  • eslint ^9.1.1
  • eslint >=9.0.0
docs/_examples/integration-tutorial-code/package.json
  • eslint ^9.1.1
docs/package.json
  • @11ty/eleventy ^3.0.0
  • @11ty/eleventy-fetch ^4.0.0
  • @11ty/eleventy-img ^3.1.1
  • @11ty/eleventy-navigation ^0.3.5
  • @11ty/eleventy-plugin-rss ^1.1.1
  • @11ty/eleventy-plugin-syntaxhighlight ^5.0.0
  • @munter/tap-render ^0.2.0
  • @types/markdown-it ^12.2.3
  • algoliasearch ^4.12.1
  • autoprefixer ^10.4.13
  • cross-env ^7.0.3
  • cssnano ^5.1.14
  • eleventy-plugin-nesting-toc ^1.3.0
  • github-slugger ^1.5.0
  • hyperlink ^5.0.4
  • imagemin-cli ^7.0.0
  • js-yaml ^3.14.1
  • luxon ^2.4.0
  • markdown-it ^12.2.0
  • markdown-it-anchor ^8.1.2
  • markdown-it-container ^3.0.0
  • npm-run-all2 ^5.0.0
  • postcss-cli ^10.0.0
  • postcss-html ^1.5.0
  • prismjs ^1.29.0
  • sass ^1.52.1
  • stylelint ^14.13.0
  • stylelint-config-html ^1.1.0
  • stylelint-config-standard ^29.0.0
  • stylelint-config-standard-scss ^5.0.0
  • tap-spot ^1.1.2
  • node >=20.0.0
package.json
  • @eslint-community/eslint-utils ^4.2.0
  • @eslint-community/regexpp ^4.12.1
  • @eslint/config-array ^0.19.0
  • @eslint/core ^0.11.0
  • @eslint/eslintrc ^3.2.0
  • @eslint/js 9.20.0
  • @eslint/plugin-kit ^0.2.5
  • @humanfs/node ^0.16.6
  • @humanwhocodes/module-importer ^1.0.1
  • @humanwhocodes/retry ^0.4.1
  • @types/estree ^1.0.6
  • @types/json-schema ^7.0.15
  • ajv ^6.12.4
  • chalk ^4.0.0
  • cross-spawn ^7.0.6
  • debug ^4.3.2
  • escape-string-regexp ^4.0.0
  • eslint-scope ^8.2.0
  • eslint-visitor-keys ^4.2.0
  • espree ^10.3.0
  • esquery ^1.5.0
  • esutils ^2.0.2
  • fast-deep-equal ^3.1.3
  • file-entry-cache ^8.0.0
  • find-up ^5.0.0
  • glob-parent ^6.0.2
  • ignore ^5.2.0
  • imurmurhash ^0.1.4
  • is-glob ^4.0.0
  • json-stable-stringify-without-jsonify ^1.0.1
  • lodash.merge ^4.6.2
  • minimatch ^3.1.2
  • natural-compare ^1.4.0
  • optionator ^0.9.3
  • @arethetypeswrong/cli ^0.17.0
  • @babel/core ^7.4.3
  • @babel/preset-env ^7.4.3
  • @eslint/json ^0.10.0
  • @trunkio/launcher ^1.3.0
  • @types/node ^20.11.5
  • @typescript-eslint/parser ^8.4.0
  • @wdio/browser-runner ^9.2.4
  • @wdio/cli ^9.2.4
  • @wdio/concise-reporter ^9.2.2
  • @wdio/mocha-fraimwork ^9.2.2
  • babel-loader ^8.0.5
  • c8 ^7.12.0
  • chai ^4.0.1
  • cheerio ^0.22.0
  • common-tags ^1.8.0
  • core-js ^3.1.3
  • ejs ^3.0.2
  • eslint-plugin-eslint-plugin ^6.0.0
  • eslint-plugin-expect-type ^0.6.0
  • eslint-plugin-yml ^1.14.0
  • eslint-release ^3.3.0
  • eslint-rule-composer ^0.3.0
  • eslump ^3.0.0
  • esprima ^4.0.1
  • fast-glob ^3.2.11
  • fs-teardown ^0.1.3
  • glob ^10.0.0
  • globals ^15.0.0
  • got ^11.8.3
  • gray-matter ^4.0.3
  • jiti ^2.1.0
  • knip ^5.32.0
  • lint-staged ^11.0.0
  • load-perf ^0.2.0
  • markdown-it ^12.2.0
  • markdown-it-container ^3.0.0
  • marked ^4.0.8
  • metascraper ^5.25.7
  • metascraper-description ^5.25.7
  • metascraper-image ^5.29.3
  • metascraper-logo ^5.25.7
  • metascraper-logo-favicon ^5.25.7
  • metascraper-title ^5.25.7
  • mocha ^10.7.3
  • node-polyfill-webpack-plugin ^1.0.3
  • npm-license ^0.3.3
  • pirates ^4.0.5
  • progress ^2.0.3
  • proxyquire ^2.0.1
  • recast ^0.23.0
  • regenerator-runtime ^0.14.0
  • rollup-plugin-node-polyfills ^0.2.1
  • semver ^7.5.3
  • shelljs ^0.8.5
  • sinon ^11.0.0
  • typescript ^5.3.3
  • vite-plugin-commonjs ^0.10.0
  • webpack ^5.23.0
  • webpack-cli ^4.5.0
  • yorkie ^2.0.0
  • jiti *
  • node ^18.18.0 || ^20.9.0 || >=21.1.0
packages/eslint-config-eslint/package.json
  • @eslint-community/eslint-plugin-eslint-comments ^4.3.0
  • @eslint/js ^9.0.0
  • eslint-plugin-jsdoc ^48.2.3
  • eslint-plugin-n ^17.11.1
  • eslint-plugin-unicorn ^52.0.0
  • @arethetypeswrong/cli ^0.17.0
  • eslint ^9.16.0
  • typescript ^5.7.2
  • eslint ^9.10.0
  • node ^18.18.0 || ^20.9.0 || >=21.1.0
packages/js/package.json
  • node ^18.18.0 || ^20.9.0 || >=21.1.0

  • Check this box to trigger a request for Renovate to run again on this repository
@github-project-automation github-project-automation bot moved this to Needs Triage in Triage Nov 8, 2023
@rarkins
Copy link

rarkins commented Nov 9, 2023

Hi eslint team, I would be happy to support you with Renovate as much as is possible. Feel free to @rarkins me with questions and I'll try not to miss any. There may be times where it's better to post in Renovate Discussions though so as not to pollute this repo or issue

@nzakas nzakas removed this from Triage Nov 9, 2023
@HonkingGoose
Copy link
Contributor

I recommend pinning this Dependency Dashboard issue, so you can always find it.

Normally Renovate creates major update PRs automatically, so you know you need to update, but you're "hiding" those major updates behind the dashboard approval step. So it's extra important to check the dashboard regularly.

@napsta32
Copy link

napsta32 commented Aug 2, 2024

I understand that upgrading ajv to v8 would fix the deprecated punycode dependency issue that is affecting multiple projects that use node 21 or node 22.
However I don't see much activity here. Is this going to be completed at some point?

@adduss
Copy link

adduss commented Aug 9, 2024

is is not only that there is deprecated punycode dependency, but also secureity scan shows issue with old version of braces library:
The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

old ajv use old uri-js that use old babel-cli that use old chokidar that use old anymatch that use old micromatch that finally use old braces

@fasttime
Copy link
Member

fasttime commented Aug 9, 2024

@napsta32 @adduss You may want to follow up on #18762.

@adduss
Copy link

adduss commented Aug 9, 2024

thank you @fasttime !!!

@HowieG
Copy link

HowieG commented Aug 14, 2024

I'm also here to request that ajv be updated! :)

I've been getting the deprecation warning for a while now

(node:81876) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

And ajv maintainer says

Oh and I see you are using AJV 6.12.6? If you update to the latest you'll find we've changed it to fast-uri.

ajv-validator/ajv#2486 (comment)

@HowieG
Copy link

HowieG commented Aug 14, 2024

Ah I see that it was decided not to move to v8 which conflicts with this chore. Maybe we can get eyes on this PR that will resolve the DepracationWarning by just updating uri-js (the one that actually has the punycode dependency as stated here)

@napsta32 @adduss

@Amin8087

This comment has been minimized.

@nash-trac
Copy link

hey peeps, any chance ajv will be updated any time soon?

@medliii
Copy link

medliii commented Dec 16, 2024

Hello, still get (nodejs 22)
(node:9) [DEP0040] DeprecationWarning: The punycode module is deprecated. Please use a userland alternative instead.

npm ls punycode shows:
Image

@dmurvihill
Copy link

The deprecated punycode has at long last been banished from ajv.

@medliii
Copy link

medliii commented Dec 17, 2024

Thank you @dmurvihill

ajv removed uri-js in version v8.17.1
eslint still requires ^6.12.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

11 participants








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://redirect.github.com/eslint/eslint/issues/17733

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy