aidan/aidxnFUN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Bump lilconfig from 2.1.0 to 3.1.3 #31

Merged
dependabot[bot] merged 1 commits from dependabot/npm_and_yarn/lilconfig-3.1.3 into main 2024-12-15 17:20:48 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
dependabot[bot] commented 2024-12-13 20:02:07 +00:00 (Migrated from github.com)
Copy Link

Bumps lilconfig from 2.1.0 to 3.1.3.

Release notes

Sourced from lilconfig's releases.

v3.1.3 Windows friendly

Default javascript loader can now imports absolute paths on Windows OS. Thanks to @​ajiho

v3.1.2 Webpack friendly

The new changes make lilconfig work as expected when a nodejs app is bundled using webpack.

Thanks @​CHC383

v3.1.1 Security release

  1. Fix security vulnerability by migrating from typescript to javascript with TSDoc comments. See #48
  2. Use tabs instead of spaces

Due to how typescript compilation works I had to use eval() to have a dynamic import in project compiled to commonjs in v3.1.0. Eval call introduced a security vulnerability as it was pointed out to me by kind people from Secfault Security. As there is currently no way to make typescript output dynamic import with a commonjs target I migrated the source code to be in javascript. This means that the code in this repository is the code that gets published to npm. The package still includes first party typescript types in index.d.ts file that gets published as well. The runtime code now uses TSDoc annotations to maintain type safety.

v3.1.0 Support ESM config files (async api only)

Lilconfig now supports loading ESM configuration files.

ESM configs can be searched or loaded via async API only.

ESM syntax can be valid in either

  • .js and .mjs files in projects with "type": "module" in package.json
  • .mjs files in projects that use commonjs

Thanks for pushing this feature @​marekdedic

v3.0.0 Cache support

BREAKING CHANGES

  • Cache support enabled by default
  • Drop support for Node v10 & v12

New cache feature

Lilconfig now can cache results in between searches within the same nodejs process. If you are reusing the searcher to look up configuration files, you will get much faster configuration lookups.

Otherwise you can disable it in options using the new cache key

lilconfig('myapp', {cache: false})
Commits
  • 77d7186 3.1.3
  • 672f1da do not duplicate github actions runs, run on push to master or full pull requ...
  • 0158ebe update reusable github actions steps
  • 8eb98d8 use node v22 by default and move node v20 to old node tests
  • bb876c3 run ci checks on pull request
  • 633192e extract coveralls to only run on push to main
  • 686fc79 fix linter
  • 4e892a4 modern setup node step
  • 0bf4aec ignore postinstall scripts for CI jobs that does not require biome
  • 0853887 Comment why we explicitly we need uvu tests
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [lilconfig](https://github.com/antonk52/lilconfig) from 2.1.0 to 3.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/antonk52/lilconfig/releases">lilconfig's releases</a>.</em></p> <blockquote> <h2>v3.1.3 Windows friendly</h2> <p>Default javascript loader can now imports absolute paths on Windows OS. Thanks to <a href="https://github.com/ajiho"><code>@​ajiho</code></a></p> <h2>v3.1.2 Webpack friendly</h2> <p>The new changes make lilconfig work as expected when a nodejs app is bundled using webpack.</p> <p>Thanks <a href="https://github.com/CHC383"><code>@​CHC383</code></a></p> <h2>v3.1.1 Security release</h2> <ol> <li>Fix security vulnerability by migrating from typescript to javascript with TSDoc comments. See <a href="https://redirect.github.com/antonk52/lilconfig/issues/48">#48</a></li> <li>Use tabs instead of spaces</li> </ol> <p>Due to how typescript compilation works I had to use <code>eval()</code> to have a dynamic import in project compiled to commonjs in v3.1.0. Eval call introduced a security vulnerability as it was pointed out to me by kind people from Secfault Security. As there is currently no way to make typescript output dynamic import with a commonjs target I migrated the source code to be in javascript. This means that the code in this repository <strong>is</strong> the code that gets published to npm. The package still includes first party typescript types in <code>index.d.ts</code> file that gets published as well. The runtime code now uses TSDoc annotations to maintain type safety.</p> <h2>v3.1.0 Support ESM config files (async api only)</h2> <p>Lilconfig now supports loading ESM configuration files.</p> <p>ESM configs can be searched or loaded via <strong>async API only</strong>.</p> <p>ESM syntax can be valid in either</p> <ul> <li><code>.js</code> and <code>.mjs</code> files in projects with <code>&quot;type&quot;: &quot;module&quot;</code> in <code>package.json</code></li> <li><code>.mjs</code> files in projects that use commonjs</li> </ul> <p>Thanks for pushing this feature <a href="https://github.com/marekdedic"><code>@​marekdedic</code></a></p> <h2>v3.0.0 Cache support</h2> <h2>BREAKING CHANGES</h2> <ul> <li>Cache support enabled by default</li> <li>Drop support for Node v10 &amp; v12</li> </ul> <h2>New <code>cache</code> feature</h2> <p>Lilconfig now can cache results in between searches within the same nodejs process. If you are reusing the searcher to look up configuration files, you will get much faster configuration lookups.</p> <p>Otherwise you can disable it in options using the new <code>cache</code> key</p> <pre lang="js"><code>lilconfig('myapp', {cache: false}) </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/antonk52/lilconfig/commit/77d7186c37a3838c85d03e126172f82a8a474ece"><code>77d7186</code></a> 3.1.3</li> <li><a href="https://github.com/antonk52/lilconfig/commit/672f1daacbf70cc944588baf45147f1c2465bd68"><code>672f1da</code></a> do not duplicate github actions runs, run on push to master or full pull requ...</li> <li><a href="https://github.com/antonk52/lilconfig/commit/0158ebec1b2335b0db2d273f84c97cf43883523b"><code>0158ebe</code></a> update reusable github actions steps</li> <li><a href="https://github.com/antonk52/lilconfig/commit/8eb98d86616fabed97760c10febb350b0a9ee2ab"><code>8eb98d8</code></a> use node v22 by default and move node v20 to old node tests</li> <li><a href="https://github.com/antonk52/lilconfig/commit/bb876c32b424c32f08c947a86c999d1d74a1dd8f"><code>bb876c3</code></a> run ci checks on pull request</li> <li><a href="https://github.com/antonk52/lilconfig/commit/633192e31edd39e6b10c944e94cfbf429a7a7cbf"><code>633192e</code></a> extract coveralls to only run on push to main</li> <li><a href="https://github.com/antonk52/lilconfig/commit/686fc79cd1a2d9e05703e144047abf5418682e89"><code>686fc79</code></a> fix linter</li> <li><a href="https://github.com/antonk52/lilconfig/commit/4e892a42952f6b4970677c8164feab20067479f6"><code>4e892a4</code></a> modern setup node step</li> <li><a href="https://github.com/antonk52/lilconfig/commit/0bf4aec8c52325defe3bc701662e2ad5b6bd4e17"><code>0bf4aec</code></a> ignore postinstall scripts for CI jobs that does not require biome</li> <li><a href="https://github.com/antonk52/lilconfig/commit/0853887ee2b00f49b7a7858ef812d8a0acfc044d"><code>0853887</code></a> Comment why we explicitly we need uvu tests</li> <li>Additional commits viewable in <a href="https://github.com/antonk52/lilconfig/compare/v2.1.0...v3.1.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lilconfig&package-manager=npm_and_yarn&previous-version=2.1.0&new-version=3.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
dependencies
Pull requests that update a dependency file
documentation
Improvements or additions to documentation
duplicate
This issue or pull request already exists
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
invalid
This doesn't seem right
question
Further information is requested
wontfix
This will not be worked on
No Label
dependencies
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: aidan/aidxnFUN#31
No description provided.
Delete Branch "dependabot/npm_and_yarn/lilconfig-3.1.3"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?