From d03b53e1d80ce9e45dc6d9b3f37f0f8a4b66eb86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Apr 2024 16:20:26 +0000 Subject: [PATCH 1/4] chore(deps): bump minimatch from 7.4.6 to 9.0.4 Bumps [minimatch](https://github.com/isaacs/minimatch) from 7.4.6 to 9.0.4. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](https://github.com/isaacs/minimatch/compare/v7.4.6...v9.0.4) --- updated-dependencies: - dependency-name: minimatch dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 142aeb27..37fd0e1d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,7 @@ "git-client": "^1.8.3", "hab-client": "^1.1.3", "handlebars": "^4.7.6", - "minimatch": "^7.4.2", + "minimatch": "^9.0.4", "mz": "^2.4.0", "mz-modules": "^2.1.0", "object-squish": "^1.1.0", @@ -3399,14 +3399,14 @@ } }, "node_modules/minimatch": { - "version": "7.4.6", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-7.4.6.tgz", - "integrity": "sha512-sBz8G/YjVniEz6lKPNpKxXwazJe4c19fEfV2GDMX6AjFz+MX9uDWIZW8XreVhkFW3fkIdTv/gxWr/Kks5FFAVw==", + "version": "9.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", "dependencies": { "brace-expansion": "^2.0.1" }, "engines": { - "node": ">=10" + "node": ">=16 || 14 >=14.17" }, "funding": { "url": "https://github.com/sponsors/isaacs" diff --git a/package.json b/package.json index 5e94c8a9..7eb79991 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "git-client": "^1.8.3", "hab-client": "^1.1.3", "handlebars": "^4.7.6", - "minimatch": "^7.4.2", + "minimatch": "^9.0.4", "mz": "^2.4.0", "mz-modules": "^2.1.0", "object-squish": "^1.1.0", From 7f4cf5e97406eab95c5829ac81e59f3db769e4e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Apr 2024 16:26:29 +0000 Subject: [PATCH 2/4] chore(deps): bump parse-url from 8.1.0 to 9.2.0 Bumps [parse-url](https://github.com/IonicaBizau/parse-url) from 8.1.0 to 9.2.0. - [Release notes](https://github.com/IonicaBizau/parse-url/releases) - [Commits](https://github.com/IonicaBizau/parse-url/compare/8.1.0...9.2.0) --- updated-dependencies: - dependency-name: parse-url dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package-lock.json | 17 +++++++++++++---- package.json | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 37fd0e1d..0b36d24d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -27,7 +27,7 @@ "mz": "^2.4.0", "mz-modules": "^2.1.0", "object-squish": "^1.1.0", - "parse-url": "^8.1.0", + "parse-url": "^9.2.0", "shell-quote-word": "^1.0.1", "sort-keys": "^4.2.0", "toposort": "^2.0.2", @@ -1124,6 +1124,11 @@ "undici-types": "~5.26.4" } }, + "node_modules/@types/parse-path": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/@types/parse-path/-/parse-path-7.0.3.tgz", + "integrity": "sha512-LriObC2+KYZD3FzCrgWGv/qufdUy4eXrxcLgQMfYXgPbLIecKIsVBaQgUPmxSSLcjmYbDTQbMgr6qr6l/eb7Bg==" + }, "node_modules/@types/stack-utils": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", @@ -3636,11 +3641,15 @@ } }, "node_modules/parse-url": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-8.1.0.tgz", - "integrity": "sha512-xDvOoLU5XRrcOZvnI6b8zA6n9O9ejNk/GExuz1yBuWUGn9KA97GI6HTs6u02wKara1CeVmZhH+0TZFdWScR89w==", + "version": "9.2.0", + "resolved": "https://registry.npmjs.org/parse-url/-/parse-url-9.2.0.tgz", + "integrity": "sha512-bCgsFI+GeGWPAvAiUv63ZorMeif3/U0zaXABGJbOWt5OH2KCaPHF6S+0ok4aqM9RuIPGyZdx9tR9l13PsW4AYQ==", "dependencies": { + "@types/parse-path": "^7.0.0", "parse-path": "^7.0.0" + }, + "engines": { + "node": ">=14.13.0" } }, "node_modules/path-exists": { diff --git a/package.json b/package.json index 7eb79991..eacb6988 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "mz": "^2.4.0", "mz-modules": "^2.1.0", "object-squish": "^1.1.0", - "parse-url": "^8.1.0", + "parse-url": "^9.2.0", "shell-quote-word": "^1.0.1", "sort-keys": "^4.2.0", "toposort": "^2.0.2", From ad5b9749ad4adf53e5f37f4e10279ccbe8fbb251 Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sat, 6 Apr 2024 13:29:31 -0400 Subject: [PATCH 3/4] chore(deps): upgrade to node20 Using jarvus build until node20 gets merged into core: https://github.com/habitat-sh/core-plans/pull/4708 --- .studiorc | 5 +++-- github-actions/projector/action.yml | 2 +- plan.sh | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.studiorc b/.studiorc index 0c1e406a..d1ecd2ad 100644 --- a/.studiorc +++ b/.studiorc @@ -4,13 +4,14 @@ # install dependencies echo echo "--> Installing project development dependencies..." +# use jarvus/node20 build until merged: https://github.com/habitat-sh/core-plans/pull/4708 hab pkg install \ jarvus/mkdocs-studio \ jarvus/studio-toolkit \ - core/node16 \ + jarvus/node20 \ core/git -hab pkg binlink core/node16 core/git +hab pkg binlink jarvus/node20 core/git hab pkg binlink core/coreutils env --dest /usr/bin diff --git a/github-actions/projector/action.yml b/github-actions/projector/action.yml index e6a5d528..c9202dea 100644 --- a/github-actions/projector/action.yml +++ b/github-actions/projector/action.yml @@ -20,6 +20,6 @@ outputs: commit: description: 'Commit hash for last projection (if commit-to is configured)' runs: - using: 'node16' + using: 'node20' main: 'index.js' post: 'post.js' diff --git a/plan.sh b/plan.sh index 1b85c30a..e83b3dd5 100644 --- a/plan.sh +++ b/plan.sh @@ -10,7 +10,7 @@ pkg_build_deps=( pkg_deps=( core/git - core/node16 + "jarvus/node20" # use jarvus build until merged: https://github.com/habitat-sh/core-plans/pull/4708 core/hab/0.79.0 # last version before new license ) @@ -39,7 +39,7 @@ do_build() { npm install build_line "Fixing interpreter" - sed -e "s#\#\!/usr/bin/env node#\#\!$(pkg_path_for node16)/bin/node#" --in-place "node-bin/cli.js" + sed -e "s#\#\!/usr/bin/env node#\#\!$(pkg_path_for node20)/bin/node#" --in-place "node-bin/cli.js" popd > /dev/null } From 2a2575086c0eb163a6bb2930e3c9b33e5070ca1d Mon Sep 17 00:00:00 2001 From: Chris Alfano Date: Sat, 6 Apr 2024 13:32:24 -0400 Subject: [PATCH 4/4] chore(deps): bump debounce to v2 --- package-lock.json | 14 ++++++++++---- package.json | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0b36d24d..f9be00bb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "async-exit-hook": "^2.0.1", "axios": "^1.3.3", "chokidar": "^3.5.3", - "debounce": "^1.2.1", + "debounce": "^2.0.0", "dockerode": "^4.0.2", "fb-watchman": "^2.0.1", "git-client": "^1.8.3", @@ -1789,9 +1789,15 @@ } }, "node_modules/debounce": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz", - "integrity": "sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug==" + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/debounce/-/debounce-2.0.0.tgz", + "integrity": "sha512-xRetU6gL1VJbs85Mc4FoEGSjQxzpdxRyFhe3lmWFyy2EzydIcD4xzUvRJMD+NPDfMwKNhxa3PvsIOU32luIWeA==", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, "node_modules/debug": { "version": "4.3.4", diff --git a/package.json b/package.json index eacb6988..75574c7e 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "async-exit-hook": "^2.0.1", "axios": "^1.3.3", "chokidar": "^3.5.3", - "debounce": "^1.2.1", + "debounce": "^2.0.0", "dockerode": "^4.0.2", "fb-watchman": "^2.0.1", "git-client": "^1.8.3",