Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update all non-major dependencies #17

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #17

wants to merge 1 commit into from
+245 −206

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 1, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@prefresh/core (source) ^1.5.2 -> ^1.5.3 age adoption passing confidence
@rslib/core (source) ^0.0.16 -> ^0.2.2 age adoption passing confidence
@rspack/core (source) 1.0.14 -> 1.1.8 age adoption passing confidence
@rspack/test-tools (source) 1.0.14 -> 1.1.8 age adoption passing confidence
@swc/helpers (source) 0.5.13 -> 0.5.15 age adoption passing confidence
@swc/plugin-prefresh ^5.0.0 -> ^5.0.2 age adoption passing confidence
@types/node (source) ^22.8.6 -> ^22.10.2 age adoption passing confidence
execa 9.5.1 -> 9.5.2 age adoption passing confidence
pnpm (source) 9.12.3 -> 9.15.1 age adoption passing confidence
preact (source) ^10.24.3 -> ^10.25.3 age adoption passing confidence
typescript (source) 5.6.3 -> 5.7.2 age adoption passing confidence

Release Notes

preactjs/prefresh (@​prefresh/core)

v1.5.3

Compare Source

Patch Changes
web-infra-dev/rslib (@​rslib/core)

v0.2.2

Compare Source

What's Changed

Other Changes

Full Changelog: web-infra-dev/rslib@v0.2.1...v0.2.2

v0.2.1

Compare Source

What's Changed

Bug Fixes 🐞
Other Changes

Full Changelog: web-infra-dev/rslib@v0.2.0...v0.2.1

v0.2.0

Compare Source

What's Changed

Highlights ✨

Comparing with 0.1.0, we have fixed many bugs and added numerous features for common scenarios, including but not limited to:

  • Enhanced support for resolving external modules, improving the redirect of paths for bundleless mode. See lib.redirect. (#​535)
  • Introduced support for loading .env files. See Environment Variables. (#​518)
  • Optimized code compression to retain only essential comments, resulting in smaller output sizes. (#​522)
  • Added support for watching rslib.config to trigger rebuilds. (#​489)
  • Improved documentation and completed the translation of the Chinese documentation. See https://lib.rsbuild.dev/zh/index.
Breaking changes 🚨
  • rslib mf dev has been changed to rslib mf-dev command in #​590, checkout the documentation of mf-dev for more details.
New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.1.5...v0.2.0

v0.1.5

Compare Source

What's Changed
New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.1.4...v0.1.5

v0.1.4

Compare Source

What's Changed

New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.1.3...v0.1.4

v0.1.3

Compare Source

What's Changed

New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.1.2...v0.1.3

v0.1.2

Compare Source

What's Changed
Performance 🚀
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.1.1...v0.1.2

v0.1.1

Compare Source

What's Changed
New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.1.0...v0.1.1

v0.1.0

Compare Source

What's Changed
New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes
New Contributors

Full Changelog: web-infra-dev/rslib@v0.0.18...v0.1.0

v0.0.18

Compare Source

What's Changed
Bug Fixes 🐞
Document 📖
Other Changes

Full Changelog: web-infra-dev/rslib@v0.0.17...v0.0.18

v0.0.17

Compare Source

What's Changed
New Features 🎉
Bug Fixes 🐞
Document 📖
Other Changes
New Contributors

Full Changelog: web-infra-dev/rslib@v0.0.16...v0.0.17

web-infra-dev/rspack (@​rspack/core)

v1.1.8

Security Vulnerability Report

Overview

This is a re-release version of v1.1.6

On 12/19/2024, 02:01 (UTC), we discovered that our npm packages @rspack/core and @rspack/cli were maliciously attacked. The attacker released v1.1.7 using a compromised npm token, which contained malicious code. We took immediate action upon discovering the issue.

Impact

  • Affected versions: @rspack/core and @rspack/cli v1.1.7
  • Duration: 12/19/2024, 02:01 (UTC), lasting approximately 1 hour
  • Malicious code impact: After npm install, the postinstall script in package.json runs malicious code in dist/util/support.js. See Malicious code analysis for more details.

Actions Taken

Upon discovery, we immediately deprecated the affected v1.1.7, redirected the npm latest tag to v1.1.6, and reset all related tokens.
Subsequently, we released a secure new version v1.1.8.

Recommended Actions

If you installed v1.1.7 during the affected period, please:

  1. Update to the latest safe version immediately: @rspack/core and @rspack/cli to >= 1.1.8
  2. Check your system for any unusual activity

Apology and Commitment

We deeply apologize for the risks caused by this incident. To prevent similar incidents from happening again, we will implement stricter token management protocols and enhance our security review processes.

If you have any questions or discover any suspicious activity, please create an issue or send an email to: [email protected]

We will continue to follow and respond to community feedback.

v1.1.6

Compare Source

What's Changed

Highlights 💡

Reduced memory usage

Rspack's memory usage in large projects has been significantly reduced since v1.1.6:

Related PRs:

Performance Improvements ⚡
Exciting New Features 🎉
Bug Fixes 🐞

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from c6d4620 to 751e6f1 Compare December 8, 2024 00:42
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 5e3d79f to 8a9ab44 Compare December 13, 2024 12:05
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 6f7a5d5 to 29c889b Compare December 24, 2024 12:35
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 29c889b to d535439 Compare December 26, 2024 09:48
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from d535439 to e265127 Compare December 26, 2024 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenjiahan chenjiahan chenjiahan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chenjiahan