Skip to content

build: update all non-major dependencies

Common Ground Bot requested to merge renovate/all-minor-patch into main

This MR contains the following updates:

Package Type Update Change
@parcel/core devDependencies minor 2.10.2 -> 2.12.0
@parcel/transformer-sass devDependencies minor 2.10.2 -> 2.12.0
Django (source, changelog) patch ==4.2.7 -> ==4.2.11
Markdown (changelog) patch ==3.5.1 -> ==3.5.2
coverage minor ==7.3.2 -> ==7.4.3
django-debug-toolbar (changelog) minor ==4.2.0 -> ==4.3.0
htmx.org (source) dependencies patch 1.9.8 -> 1.9.10
influxdb patch 2.7.3-alpine -> 2.7.5-alpine
influxdb-client minor ==1.38.0 -> ==1.41.0
influxdb2 (source) patch 2.1.1 -> 2.1.2
jsoneditor (source) dependencies patch 10.0.0 -> 10.0.1
node stage minor 18.18.2 -> 18.19.1
parcel devDependencies minor 2.10.2 -> 2.12.0
pylint-django patch ==2.5.3 -> ==2.5.5
python image minor 3.11.6 -> 3.12.2
python final minor 3.11.6-alpine -> 3.12.2-alpine
python stage minor 3.11.6-alpine -> 3.12.2-alpine
python-frontmatter minor ==1.0.1 -> ==1.1.0
uWSGI (changelog) patch 2.0.23 -> 2.0.24
yaml (source) dependencies minor 2.3.4 -> 2.4.0
yarn (source) packageManager minor 3.6.4 -> 3.8.0

Release Notes

parcel-bundler/parcel (@​parcel/core)

v2.12.0

Compare Source

Added

  • Core

    • Add REPL playground for Parcel to the website – Details
    • Improve package manager detection for auto install – Details

  • JavaScript

    • Add support for JS macros – Details
    • Statically evaluate constants referenced by macros – Details
    • Upgrade to ESLint 8 – Details
    • Bump swc – Details

  • CSS

    • Use lightningcss to implement CSS packager – Details

  • Bundler

    • Rename "parentAsset" to "root" for Manual Shared Bundle config and remove unstable prefix – Details

  • Web Extensions

    • Add content script world property to manifest schema validation – Details

  • Performance

    • Adjacency list optimizations – Details
    • Break up request graph cache serialisation and run after build completion – Details
Fixed

  • Core

    • Drop per-pipeline transformation cache – Details
    • Clippy and use napi's Either3 – Details
    • Add lazy/eager cache key to avoid invalid change when switching modes – Details

  • JavaScript

    • Remove decl_collector pass and use SWC's unresolved_mark instead – Details

  • Bundler

    • Fix multiple css bundles in entry bundle groups issue – Details
    • Allow parallel type change bundles to be reused by async siblings – Details
    • Skip on missing parent asset for manual shared bundles – Details
Unstable
  • Add source map support to the inline-require optimizer – Details

v2.11.0

Compare Source

Added

  • Dev

    • Log build phase times for dev builds Details
    • Progress messages for writing to cache Details
    • VSC Extension JSON schema Details
    • Print phase times on development builds Details
    • Publish bundle-stats-cli and parcel-query Details
Fixed

  • Dev

    • Increase threshold for showing progress bar to 500k nodes Details
    • Fix parcel-query Details
    • FIX[dev-server]: Fix html file matching from URL Details
    • Fix parcel query's inspect cache Details
    • Bug fix for exiting early when identifying requestGraph in loadGraphs Details
    • Fix HMR on .localhost domains Details
    • Modify parcel query to not require all graphs on startup Details
    • Bug fix for async Parcel-query Details
    • Remove reliance on requestTracker in loadGraphs Details

  • Core

    • Reduce redundancy in the RequestGraph's Request, Env, and Option nodes Details
    • Move registerCoreWithSerializer to its own file Details
    • Filter --expose-gc and --max-semi-space-size execArgv Node args from workers Details
    • Optimize Symbol Propagation (propagateSymbolsUp) Details
    • Convert Request Graph node types + request node requestTypes to numbers Details
    • fsFixture: ignore empty lines in fixtures Details
    • Unstable File Invalidations Details
    • Configurable watch root Details

  • Resolver

    • Add ~ and / support to the glob resolver Details

  • JavaScript

    • Bump swc Details
    • Bumping lightningcss to 1.22.1 Details
    • Fix CI Details
    • Change inline-requires to only run when optimizing Details
    • Fix tsconfig extends from node_modules Details
    • Bump some deps Details
    • Bump swc and napi-rs Details
    • Fix references to packages.atlassian.com Details
    • Fix build-ts step Details
    • Bump rimraf version to ^5.05 Details
    • Use centos image with newer Node 16 Details

v2.10.3

Compare Source

Added
  • Dev
    • Added cacheInfo to Parcel Query - Details
    • Add parcel-link and parcel-unlink dev CLIs - Details
Fixed

  • Core

    • Mark previously deferred assets as dirty for symbol prop - Details
    • Write bundle graph to cache if error occurs during bundling - Details
    • Fixing issues when import * as is used with export * - Details
    • Writing cache in chunks - Details
    • Reduce redundancy in the RequestGraph's file nodes - Details
    • Fix dependency retargeting with ambiguous reexports - Details

  • JavaScript

    • Fixing behavior for hasOwnProperty in modules exporting member with same name - Details

  • WebbExtension

    • Don't crash if WebExt has no content_scripts - Details

  • PostHTML, Pug, Stylus

    • Simplified calls to invalidateOnFileChange - Details
django/django (Django)

v4.2.11

Compare Source

v4.2.10

Compare Source

v4.2.9

Compare Source

v4.2.8

Compare Source

Python-Markdown/markdown (Markdown)

v3.5.2

Compare Source

Fixed
  • Fix type annotations for convertFile - it accepts only bytes-based buffers. Also remove legacy checks from Python 2 (#​1400)
  • Remove legacy import needed only in Python 2 (#​1403)
  • Fix typo that left the attribute AdmonitionProcessor.content_indent unset (#​1404)
  • Fix edge-case crash in InlineProcessor with AtomicString (#​1406).
  • Fix edge-case crash in codehilite with an empty code tag (#​1405).
  • Improve and expand type annotations in the code base (#​1401).
  • Fix handling of bogus comments (#​1425).
nedbat/coveragepy (coverage)

v7.4.3

Compare Source

  • Fix: in some cases, coverage could fail with a RuntimeError: "Set changed size during iteration." This is now fixed, closing issue 1733_.

.. _issue 1733: https://github.com/nedbat/coveragepy/issues/1733

.. _changes_7-4-2:

v7.4.2

Compare Source

  • Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower, thanks Hugo van Kemenade <pull 1747_>_. It now issues a warning that sys.monitoring is not available and falls back to the default core instead.

.. _pull 1747: https://github.com/nedbat/coveragepy/pull/1747

.. _changes_7-4-1:

v7.4.1

Compare Source

  • Python 3.13.0a3 is supported.

  • Fix: the JSON report now includes an explicit format version number, closing issue 1732_.

.. _issue 1732: https://github.com/nedbat/coveragepy/issues/1732

.. _changes_7-4-0:

v7.4.0

Compare Source

  • In Python 3.12 and above, you can try an experimental core based on the new :mod:sys.monitoring <python:sys.monitoring> module by defining a COVERAGE_CORE=sysmon environment variable. This should be faster for line coverage, but not for branch coverage, and plugins and dynamic contexts are not yet supported with it. I am very interested to hear how it works (or doesn't!) for you.

.. _changes_7-3-4:

v7.3.4

Compare Source

  • Fix: the change for multi-line signature exclusions in 7.3.3 broke other forms of nested clauses being excluded properly. This is now fixed, closing issue 1713_.

  • Fix: in the HTML report, selecting code for copying won't select the line numbers also. Thanks, Robert Harris <pull 1717_>_.

.. _issue 1713: https://github.com/nedbat/coveragepy/issues/1713 .. _pull 1717: https://github.com/nedbat/coveragepy/pull/1717

.. _changes_7-3-3:

v7.3.3

Compare Source

  • Fix: function definitions with multi-line signatures can now be excluded by matching any of the lines, closing issue 684*. Thanks, Jan Rusak, Maciej Kowalczyk and Joanna Ejzel <pull 1705_>*.

  • Fix: XML reports could fail with a TypeError if files had numeric components that were duplicates except for leading zeroes, like file1.py and file001.py. Fixes issue 1709_.

  • The coverage annotate command used to announce that it would be removed in a future version. Enough people got in touch to say that they use it, so it will stay. Don't expect it to keep up with other new features though.

  • Added new :ref:debug options <cmd_run_debug>:

    • pytest writes the pytest test name into the debug output.

    • dataop2 writes the full data being added to CoverageData objects.

.. _issue 684: https://github.com/nedbat/coveragepy/issues/684 .. _pull 1705: https://github.com/nedbat/coveragepy/pull/1705 .. _issue 1709: https://github.com/nedbat/coveragepy/issues/1709

.. _changes_7-3-2:

jazzband/django-debug-toolbar (django-debug-toolbar)

v4.3.0

Compare Source

bigskysoftware/htmx (htmx.org)

v1.9.10

Compare Source

  • hx-on* attributes now support the form hx-on-, with a trailing dash, to better support template systems (such as EJS) that do not like double colons in HTML attributes.
  • Added an htmx.config.triggerSpecsCache configuration property that can be set to an object to cache the trigger spec parsing
  • Added a path-params.js extension for populating request paths with variable values
  • Many smaller bug fixes & improvements

v1.9.9

Compare Source

  • Allow CSS selectors with whitespace in attributes like hx-target by using parens or curly-braces
  • Properly allow users to override the Content-Type request header
  • Added the select option to htmx.ajax()
  • Fixed a race condition in readystate detection that lead to htmx not being initialized in some scenarios with 3rd party script loaders
  • Fixed a bug that caused relative resources to resolve against the wrong base URL when a new URL is pushed
  • Fixed a UI issue that could cause indicators to briefly flash
influxdata/influxdb-client-python (influxdb-client)

v1.41.0

Compare Source

Features
  1. #​643: Add a support for Python 3.12
Bug Fixes
  1. #​636: Handle missing data in data frames
  2. #​638, #​642: Refactor DataFrame operations to avoid chained assignment and resolve FutureWarning in pandas, ensuring compatibility with pandas 3.0.
  3. #​641: Correctly dispose ThreadPoolScheduler in WriteApi
Documentation
  1. #​639: Use Markdown for README

v1.40.0

Compare Source

Features
  1. #​625: Make class Point equatable
Bug Fixes
  1. #​562: Use ThreadPoolScheduler for WriteApi's batch subject instead of TimeoutScheduler to prevent creating unnecessary threads repeatedly
  2. #​631: Logging HTTP requests without query parameters
Documentation
  1. #​635: Fix render README.rst at GitHub

v1.39.0

Compare Source

Features
  1. #​616: Add find_tasks_iter function that allow iterate through all pages of tasks.
influxdata/helm-charts (influxdb2)

v2.1.2

Compare Source

A Helm chart for InfluxDB v2

josdejong/jsoneditor (jsoneditor)

v10.0.1

Compare Source

nodejs/node (node)

v18.19.1: 2024-02-14, Version 18.19.1 'Hydrogen' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes
  • CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
  • CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
  • CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
  • CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
  • undici version 5.28.3
  • npm version 10.2.4
Commits

v18.19.0: 2023-11-29, Version 18.19.0 'Hydrogen' (LTS), @​targos

Compare Source

Notable Changes
npm updated to v10

After two months of baking time in Node.js 20, npm 10 is backported, so that all release lines include a supported version of npm. This release includes npm v10.2.3.

Refer to nodejs/Release#884 for the plan to land npm 10.

ESM and customization hook changes
Leverage loaders when resolving subsequent loaders

Loaders now apply to subsequent loaders, for example: --experimental-loader ts-node --experimental-loader loader-written-in-typescript.

Contributed by Maël Nison in #​43772.

New node:module API register for module customization hooks; new initialize hook

There is a new API register available on node:module to specify a file that exports module customization hooks, and pass data to the hooks, and establish communication channels with them. The “define the file with the hooks” part was previously handled by a flag --experimental-loader, but when the hooks moved into a dedicated thread in 20.0.0 there was a need to provide a way to communicate between the main (application) thread and the hooks thread. This can now be done by calling register from the main thread and passing data, including MessageChannel instances.

We encourage users to migrate to an approach that uses --import with register, such as:

node --import ./file-that-calls-register.js ./app.js

Using --import ensures that the customization hooks are registered before any application code runs, even the entry point.

Contributed by João Lenon and Jacob Smith in #​46826, Izaak Schroeder and Jacob Smith in #​48842 and #​48559.

import.meta.resolve unflagged

In ES modules, import.meta.resolve(specifier) can be used to get an absolute URL string to which specifier resolves, similar to require.resolve in CommonJS. This aligns Node.js with browsers and other server-side runtimes.

Contributed by Guy Bedford in #​49028.

--experimental-default-type flag to flip module defaults

The new flag --experimental-default-type can be used to flip the default module system used by Node.js. Input that is already explicitly defined as ES modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs file extension or the --input-type flag, is unaffected. What is currently implicitly CommonJS would instead be interpreted as ES modules under --experimental-default-type=module:

  • String input provided via --eval or STDIN, if --input-type is unspecified.

  • Files ending in .js or with no extension, if there is no package.json file present in the same folder or any parent folder.

  • Files ending in .js or with no extension, if the nearest parent package.json field lacks a type field; unless the folder is inside a node_modules folder.

In addition, extensionless files are interpreted as Wasm if --experimental-wasm-modules is passed and the file contains the "magic bytes" Wasm header.

Contributed by Geoffrey Booth in #​49869.

Other ESM-related changes
  • [ed2d46f4cc] - doc: move and rename loaders section (Geoffrey Booth) #​49261
  • [92734d4480] - esm: use import attributes instead of import assertions (Antoine du Hamel) #​50140
  • [e96f7ef881] - (SEMVER-MINOR) vm: use import attributes instead of import assertions (Antoine du Hamel) #​50141
Test runner changes

Many changes to the built-in test runner have been backported. This includes the following additions:

Other notable changes
  • [0c4a84e8e9] - (SEMVER-MINOR) deps: update uvwasi to 0.0.19 (Node.js GitHub Bot) #​49908
  • [fae60c5841] - stream: use bitmap in readable state (Benjamin Gruenbaum) #​49745
  • [17246be158] - (SEMVER-MINOR) lib: add api to detect whether source-maps are enabled (翠 / green) #​46391
  • [2e9f7284a1] - (SEMVER-MINOR) lib: add tracing channel to diagnostics_channel (Stephen Belanger) #​44943
  • [cc7bf1f641] - (SEMVER-MINOR) src: add cjs_module_lexer_version base64_version (Jithil P Ponnan) #​45629
  • [b5d16cd8f0] - (SEMVER-MINOR) tls: add ALPNCallback server option for dynamic ALPN negotiation (Tim Perry) #​45190
Commits
PyCQA/pylint-django (pylint-django)

v2.5.4: Version 2.5.4 (10 Oct 2023)

Compare Source

This is a small release to introduce pylint 3 functionality.

eyeseast/python-frontmatter (python-frontmatter)

v1.1.0: Now with type checking

Compare Source

What's Changed

New Contributors

Full Changelog: https://github.com/eyeseast/python-frontmatter/compare/v1.0.1...v1.1.0

eemeli/yaml (yaml)

v2.4.0

Compare Source

  • Add a command-line tool (#​523)
  • Use the lineWidth option for line breaking in flow collections (#​522)
yarnpkg/berry (yarn)

v3.8.0

Compare Source

v3.7.0

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Common Ground Bot

Merge request reports