Skip to content

fix(deps): update all major dependencies (major) #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all major dependencies (major) #18

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@neondatabase/serverless (source) 0.10.4 -> 1.0.1 age adoption passing confidence
eslint-import-resolver-typescript 3.8.0 -> 4.4.3 age adoption passing confidence
wrangler (source) 3.109.1 -> 4.20.5 age adoption passing confidence

Release Notes

neondatabase/serverless (@​neondatabase/serverless)

v1.0.1

Compare Source

The package now prints a security warning to the console when a connection is made in a web browser. This behaviour can be suppressed with a new configuration option: disableWarningInBrowsers. There are a few other very minor fixes.

v1.0.0

Compare Source

Breaking change: the HTTP query template function can now only be called as a template function, not as a conventional function. This improves safety from accidental SQL-injection vulnerabilities. For example:

import { neon } from '@​neondatabase/serverless';
const sql = neon(process.env.DATABASE_URL);
const id = 1;

// this is safe and convenient, as before
const result = await sql`SELECT * FROM table WHERE id = ${id}`;

// this looks very similar and was previously allowed, but was open to SQL
// injection attacks because it uses ordinary string interpolation -- it's now
// both a TypeScript type error and a runtime error
const throws = await sql(`SELECT * FROM table WHERE id = ${id}`);

To fill the gap left by this change, the template function has two new properties: a query() function that allows manually parameterized queries, and an unsafe() function that lets you interpolate trusted arbitrary string values. For example:

// this was previously allowed, and was safe, but is now also an error so as to
// prevent the vulnerability seen above
const throws = await sql('SELECT * FROM table WHERE id = $1', [id]);

// the `query()` function is the new way to manually specify placeholders and
// values (the same way it's done by `client.query()` and `pool.query()`)
const result = await sql.query('SELECT * FROM table WHERE id = $1', [id]);

// to interpolate strings like column or table names, **only** if you know
// they're safe, use the `unsafe()` function
const table = condition ? 'table1' : 'table2'; // known-safe string values
const result = await sql`SELECT * FROM ${sql.unsafe(table)} WHERE id = ${id}`;

// but in the above case, you might prefer to do this instead
const table = condition ? sql`table1` : sql`table2`;
const result = await sql`SELECT * FROM ${table} WHERE id = ${id}`;

In addition, HTTP template queries are now fully composable, including those with parameters. For example:

const name = 'Olivia';
const limit = 1;
const whereClause = sql`WHERE name = ${name}`;
const limitClause = sql`LIMIT ${limit}`;

// compilation to raw SQL now happens lazily, at query time, so that parameter
// placeholders can be numbered appropriately
const result = await sql`SELECT * FROM table ${whereClause} ${limitClause}`;

The minimum supported version of Node is now v19 (this avoids having to do dynamic crypto imports, which can cause trouble with bundlers).

Lastly: the repository has been rearranged and refactored, .d.ts files are now generated automatically, packages are published via npm version, and comprehensive tests have been put in place. This should ease the way for future enhancements and contributions.

import-js/eslint-import-resolver-typescript (eslint-import-resolver-typescript)

v4.4.3

Compare Source

Patch Changes

v4.4.2

Compare Source

Patch Changes

v4.4.1

Compare Source

Patch Changes

v4.4.0

Compare Source

Minor Changes

v4.3.5

Compare Source

Patch Changes

v4.3.4

Compare Source

Patch Changes

v4.3.3

Compare Source

Patch Changes

v4.3.2

Compare Source

Patch Changes

v4.3.1

Compare Source

Patch Changes

v4.3.0

Compare Source

Minor Changes

v4.2.7

Compare Source

Patch Changes

v4.2.6

Compare Source

Patch Changes

v4.2.5

Compare Source

Patch Changes

v4.2.4

Compare Source

Patch Changes

  • #​407 6b183ff Thanks @​JounQin! - chore: migrate to rebranding unrs-resolver with new targets supported:

    • i686-pc-windows-msvc
    • armv7-unknown-linux-musleabihf
    • powerpc64le-unknown-linux-gnu
    • s390x-unknown-linux-gnu

v4.2.3

Compare Source

Patch Changes

  • #​402 f21bf15 Thanks @​SunsetTechuila! - fix: don't resolve not implemented node modules in bun

    is-bun-module is marked as dependency, again, for correctness, see isBunImplementedNodeModule for more details

    For Bun users: you don't need to install is-bun-module any more but bun: true option is still required if you're running without bun --bun nor run#bun enabled

v4.2.2

Compare Source

Patch Changes

  • #​397 14a7688 Thanks @​JounQin! - chore: bump rspack-resolver for better P'n'P support

    Now rspack-resolver resolves pnpapi natively.

v4.2.1

Compare Source

Patch Changes

v4.2.0

Compare Source

Minor Changes

  • #​391 c8121e5 Thanks @​JounQin! - feat: make is-bun-module as optional peer dependency

    Technically this is a BREAKING CHANGE, but considering we just raise out v4 recently and this only affects bun users, bun --bun eslint even works without this dependency, so I'd consider this as a minor change.

    So for bun users, there are three options:

    1. install is-bun-module dependency manually and use bun: true option
    2. run eslint with bun --bun eslint w/o bun: true option
    3. enable run#bun in bunfig.toml w/o bun: true option

v4.1.1

Compare Source

Patch Changes

v4.1.0

Compare Source

Minor Changes

  • #​387 ef5cd10 Thanks @​JounQin! - feat: add a new bun?: boolean option for bun users - close #​386

    process.versions.bun is unavailable even with bun eslint due to its own design,
    but checking bun modules for non-bun users is incorrect behavior and just wasting time,
    so a new option is added for such case, you can still run with bun --bun eslint without this option enabled

v4.0.0

Compare Source

Major Changes

  • #​368 2fd7c2e Thanks @​JounQin! - feat!: rewrite, speed up by using rspack-resolver which supports references natively under the hood

    BREAKING CHANGES:

    • drop Node 14 support, Node ^16.17.0 || >=18.6 is now required
    • alwaysTryTypes is enabled by default, you can set it as false to opt-out
    • array type of project is discouraged but still supported, single project with references are encouraged for better performance, you can enable noWarnOnMultipleProjects option to supress the warning message
    • root tsconfig.json or jsconfig.json will be used automatically if no project provided

v3.10.1

Compare Source

v3.10.0

Compare Source

Minor Changes

Full Changelog: import-js/eslint-import-resolver-typescript@v3.9.1...v3.10.0

v3.9.1

Compare Source

Patch Changes

v3.9.0

Compare Source

Minor Changes

v3.8.7

Compare Source

Patch Changes

v3.8.6

Compare Source

Patch Changes

v3.8.5

Compare Source

Patch Changes

v3.8.4

Compare Source

Patch Changes

v3.8.3

Compare Source

Patch Changes

v3.8.2

Compare Source

Patch Changes

v3.8.1

Compare Source

Patch Changes
cloudflare/workers-sdk (wrangler)

v4.20.5

Compare Source

Patch Changes

  • #​9688 086e29d Thanks @​dario-piotrowicz! - add remote bindings support to getPlatformProxy

    Example:

    // wrangler.jsonc
{
	"name": "get-platform-proxy-test",
	"services": [
		{
			"binding": "MY_WORKER",
			"service": "my-worker",
			"experimental_remote": true
		}
	]
}
    // index.mjs
import { getPlatformProxy } from "wrangler";

const { env } = await getPlatformProxy({
	experimental: {
		remoteBindings: true,
	},
});

// env.MY_WORKER.fetch() fetches from the remote my-worker service

  • #​9558 d5edf52 Thanks @​ichernetsky-cf! - wrangler containers apply uses observability configuration.

  • #​9678 24b2c66 Thanks @​dario-piotrowicz! - remove warnings during config validations on experimental_remote fields

    wrangler commands, run without the --x-remote-bindings flag, parsing config files containing experimental_remote fields currently show warnings stating that the field is not recognized. This is usually more cumbersome than helpful so here we're loosening up this validation and making wrangler always recognize the field even when no --x-remote-bindings flag is provided

  • #​9633 3f478af Thanks @​nikitassharma! - Add support for setting an instance type for containers in wrangler. This allows users to configure memory, disk, and vCPU by setting instance type when interacting with containers.

  • #​9596 5162c51 Thanks @​CarmenPopoviciu! - add ability to pull images for containers local dev

  • Updated dependencies [bfb791e, 5162c51]:

v4.20.4

Compare Source

Patch Changes

v4.20.3

Compare Source

Patch Changes

v4.20.2

Compare Source

Patch Changes

v4.20.1

Compare Source

Patch Changes

v4.20.0

Compare Source

Minor Changes
Patch Changes

v4.19.2

Compare Source

Patch Changes

  • #​9461 66edd2f Thanks @​skepticfx! - Enforce disk limits on container builds

  • #​9481 d1a1787 Thanks @​WillTaylorDev! - Force autogenerated aliases to be fully lowercased.

  • #​9480 1f84092 Thanks @​dario-piotrowicz! - add experimentalMixedMode dev option to unstable_startWorker

    add an new experimentalMixedMode dev option to unstable_startWorker
    that allows developers to programmatically start a new mixed mode
    session using startWorker.

    Example usage:

    // index.mjs
import { unstable_startWorker } from "wrangler";

await unstable_startWorker({
	dev: {
		experimentalMixedMode: true,
	},
});
    // wrangler.jsonc
{
	"$schema": "node_modules/wrangler/config-schema.json",
	"name": "programmatic-start-worker-example",
	"main": "src/index.ts",
	"compatibility_date": "2025-06-01",
	"services": [
		{ "binding": "REMOTE_WORKER", "service": "remote-worker", "remote": true }
	]
}

  • Updated dependencies [4ab5a40, 485cd08, e3b3ef5, 3261957]:

v4.19.1

Compare Source

Patch Changes

v4.19.0

Compare Source

Minor Changes
Patch Changes

v4.18.0

Compare Source

Minor Changes
Patch Changes

  • #​9308 d3a6eb3 Thanks @​dario-piotrowicz! - expose new utilities and types to aid consumers of the programmatic mixed-mode API

    Specifically the exports have been added:

    • Experimental_MixedModeSession: type representing a mixed-mode session
    • Experimental_ConfigBindingsOptions: type representing config-bindings
    • experimental_pickRemoteBindings: utility for picking only the remote bindings from a record of start-worker bindings.
    • unstable_convertConfigBindingsToStartWorkerBindings: utility for converting config-bindings into start-worker bindings (that can be passed to startMixedModeSession)

  • #​9347 b8f058c Thanks @​penalosa! - Improve binding display on narrower terminals

  • Updated dependencies [d9d937a, e39a45f, fdae3f7]:

v4.17.0

Compare Source

Minor Changes

  • #​9321 6c03bde Thanks @​petebacondarwin! - Add support for FedRAMP High compliance region

    Now it is possible to target Wrangler at the FedRAMP High compliance region.
    There are two ways to signal to Wrangler to run in this mode:

    • set "compliance_region": "fedramp_high" in a Wrangler configuration
    • set CLOUDFLARE_COMPLIANCE_REGION=fedramp_high environment variable when running Wrangler

    If both are provided and the values do not match then Wrangler will exit with an error.

    When in this mode OAuth authentication is not supported.
    It is necessary to authenticate using a Cloudflare API Token acquired from the Cloudflare FedRAMP High dashboard.

    Most bindings and commands are supported in this mode.

    • Unsupported commands may result in API requests that are not supported - possibly 422 Unprocessable Entity responses.
    • Unsupported bindings may work in local dev, as there is no local validation, but will fail at Worker deployment time.

    Resolves DEVX-1921.

  • #​9330 34c71ce Thanks @​edmundhung! - Updated internal configuration to use Miniflare’s new defaultPersistRoot instead of per-plugin persist flags

  • #​8973 cc7fae4 Thanks @​Caio-Nogueira! - Show latest instance by default on workflows instances describe command

Patch Changes

v4.16.1

Compare Source

Patch Changes
  • [#​9268

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from adrianmjim as a code owner March 13, 2025 13:36
@codecov Codecov
Copy link

codecov bot commented Mar 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (988a527) to head (b5eb1e1).

Additional details and impacted files 
@@            Coverage Diff            @@
##              main       #18   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            4         4           
  Lines           35        36    +1     
  Branches         2         6    +4     
=========================================
+ Hits            35        36    +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from b432869 to c73e737 Compare March 17, 2025 03:39
@renovate renovate bot changed the title chore(deps): update dependency wrangler to v4 chore(deps): update all major dependencies to v4 (major) Mar 17, 2025
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 9 times, most recently from abbb8c3 to 8987ddf Compare March 22, 2025 17:50
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 8987ddf to 601ac75 Compare March 25, 2025 12:01
@renovate renovate bot changed the title chore(deps): update all major dependencies to v4 (major) fix(deps): update all major dependencies (major) Mar 25, 2025
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 6 times, most recently from 09d4f75 to 0bb9bbc Compare March 29, 2025 22:03
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 7 times, most recently from f52cbd3 to a2e6329 Compare April 8, 2025 23:05
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 4 times, most recently from da1bd6a to d7f6776 Compare May 1, 2025 22:47
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 4 times, most recently from b966dc1 to 1fe3e24 Compare May 8, 2025 15:05
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 6 times, most recently from 8ce96c8 to 02f8338 Compare May 20, 2025 12:59
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 5 times, most recently from 422cf77 to 6f4f135 Compare May 29, 2025 15:01
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 3 times, most recently from f7d8c8b to 4d5f0c3 Compare June 6, 2025 21:32
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 5 times, most recently from 528f238 to 3824f73 Compare June 18, 2025 16:37
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 3824f73 to 4918ea3 Compare June 20, 2025 15:02
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 4918ea3 to b5eb1e1 Compare June 20, 2025 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrianmjim adrianmjim Awaiting requested review from adrianmjim adrianmjim is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
breaking dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants