Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency svelte-check to v4 #382

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency svelte-check to v4 #382

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 2, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
svelte-check ^3.0.1 -> ^4.0.0 age adoption passing confidence

Release Notes

sveltejs/language-tools (svelte-check)

v4.1.1

Compare Source

  • fix: support each without as (#​2615)

v4.1.0

Compare Source

  • fix: don't move appended content from previous node while hoisting interface (#​2596)
  • fix: ensure hoisted interfaces are moved after hoisted imports (#​2597)
  • fix: preserve bind:... mapping on elements for better source maps
  • feat: prepare for some upcoming features of Svelte 5

v4.0.9

Compare Source

  • fix: detect shadowed variables/types during type hoisting (#​2590)

v4.0.8

Compare Source

  • fix: fall back to any instead of unknown for untyped $props (#​2582)
  • fix: robustify and fix file writing (#​2584)
  • fix: hoist types related to $props rune if possible (#​2571)

v4.0.7

Compare Source

  • fix: $props: infer types for $bindable, infer function type from arrow function

v4.0.6

Compare Source

  • chore: autotype const load = ... declarations (#​2540)
  • chore: provide component instance type in Svelte 5 (#​2553)
  • chore: support typescript 5.6 (#​2545)
  • fix: infer object and array shapes from fallback types (#​2562)

v4.0.5

Compare Source

  • fix: include named exports in svelte 5 type (#​2528)

v4.0.4

Compare Source

  • fix: relax component constructor type (#​2524)

v4.0.3

Compare Source

  • breaking(svelte5): only generate function component shape in runes mode (#​2517). This means you can no longer just do Component in type positions. Instead you need to prepend it with typeof. Here's how you do it:
    • ...when typing a component instance: Before: let x: Component. After: let x: ReturnType<typeof Component>
    • ...when typing a component constructor/function: Before let x: typeof Component. After let x: typeof Component (no change)
  • fix: revert additional two-way-binding checks as they were causing bugs (#​2508)
  • fix: include files indirectly belonging to a project into correct project (#​2488)
  • fix: check project files update more aggressively before assigning service (#​2518)
  • chore: upgrade to chokidar 4 (#​2502)

v4.0.2

Compare Source

  • fix: ensure components typed through Svelte 5's Component interface get proper intellisense

v4.0.1

Compare Source

  • fix: remove ancient process augmentation from internal d.ts file

v4.0.0

Compare Source

  • chore: bump magic-string (#​2476)
  • chore: switch from fast-glob to fdir (#​2433)
  • fix: detect <script module> tag (#​2482)
  • feat: better type checking for bindings in Svelte 5 (#​2477)
  • feat: replace svelte-preprocess with barebones TS preprocessor (#​2452)
  • feat: project reference support (#​2463)
Breaking changes
  • require Svelte 4 or later (#​2453)
  • make TypeScript a peer dependency, require TS 5 or later (#​2453)
  • require node 18 or later (#​2453)
  • process augmentation (declaring a process.browser field) was removed
  • slight changes to how files are assigned to which tsconfig.json (#​1234, #​2463)
  • slight changes to how Svelte module resolution works; .svelte files now take precedence over .svelte.js/ts files (if both exist) (#​2481)
  • language-server now forces fewer TypeScript options. Most notably skipLibCheck is no longer forced to true, which may result in d.ts files now being checked in your project, which they were not before, revealing type errors. Either fix those or add "skipLibCheck": true to your tsconfig.json (#​1976, #​2463)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security Socket Security
Copy link

socket-security bot commented Sep 2, 2024
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
High CVE npm/cross-spawn@6.0.6 🚫

View full report↗︎

Next steps

What is a CVE?

Contains a high severity Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/cross-spawn@6.0.6

@renovate renovate bot force-pushed the renovate/svelte-check-4.x branch from 9a7ec35 to 06ed10f Compare September 25, 2024 12:30
@renovate renovate bot force-pushed the renovate/svelte-check-4.x branch from 06ed10f to b88432b Compare October 10, 2024 20:15
@renovate renovate bot force-pushed the renovate/svelte-check-4.x branch from b88432b to 87553ae Compare October 23, 2024 14:03
@socket-security Socket Security
Copy link

socket-security bot commented Oct 23, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/istanbul-lib-coverage@2.0.6 None 0 5.45 kB types
npm/@types/istanbul-lib-report@3.0.3 None 0 7.92 kB types
npm/@types/istanbul-reports@1.1.2 None 0 4.02 kB types
npm/@types/node@18.19.64 None 0 2.03 MB types
npm/@types/semver@7.5.8 None 0 23.3 kB types
npm/@types/yargs-parser@21.0.3 None 0 8.65 kB types
npm/@types/yargs@13.0.12 None 0 50.4 kB types
npm/ansi-regex@4.1.1 None 0 5.17 kB qix
npm/array.prototype.flat@1.3.2 None +15 2.64 MB ljharb
npm/array.prototype.flatmap@1.3.2 None +15 2.64 MB ljharb
npm/ava@6.2.0 Transitive: environment, eval, filesystem, network, unsafe +32 1.93 MB novemberborn
npm/bluebird@3.7.2 environment, eval, unsafe 0 632 kB esailija
npm/camelcase@5.3.1 None 0 7.45 kB sindresorhus
npm/cliui@5.0.0 None 0 14.8 kB bcoe
npm/cross-spawn@6.0.6 None 0 18.3 kB satazor
npm/decamelize@1.2.0 None 0 2.94 kB sindresorhus
npm/emoji-regex@7.0.3 None 0 36.3 kB mathias
npm/end-of-stream@1.4.4 None 0 6.23 kB mafintosh
npm/execa@1.0.0 environment, shell 0 19.9 kB sindresorhus
npm/find-up@3.0.0 None 0 4.84 kB sindresorhus
npm/get-stream@4.1.0 None 0 7.88 kB sindresorhus
npm/is-stream@1.1.0 None 0 3.23 kB sindresorhus
npm/jest-changed-files@24.9.0 environment +1 27.3 kB scotthovestadt
npm/jszip@3.10.1 None 0 762 kB stuk
npm/locate-path@3.0.0 None 0 3.87 kB sindresorhus
npm/nice-try@1.0.5 None 0 3.75 kB electerious
npm/npm-run-path@2.0.2 environment +1 7.55 kB sindresorhus
npm/p-finally@1.0.0 None 0 3.11 kB sindresorhus
npm/p-limit@2.3.0 None 0 7.39 kB sindresorhus
npm/p-locate@3.0.0 None 0 5.05 kB sindresorhus
npm/p-try@2.2.0 None 0 4.37 kB sindresorhus
npm/path-exists@3.0.0 filesystem 0 3.32 kB sindresorhus
npm/pump@3.0.2 None 0 8.76 kB mafintosh
npm/require-main-filename@2.0.0 None 0 3.93 kB bcoe
npm/rimraf@5.0.10 environment, filesystem 0 281 kB isaacs
npm/set-blocking@2.0.0 None 0 4.22 kB bcoe
npm/shebang-command@1.2.0 None 0 2.69 kB kevva
npm/shebang-regex@1.0.0 None 0 2.3 kB sindresorhus
npm/signal-exit@3.0.7 None 0 9.96 kB isaacs
npm/solidity-ast@0.4.59 None 0 237 kB frangio
npm/split@1.0.1 None 0 12.3 kB dominictarr
npm/string-width@3.1.0 None +1 8.18 kB sindresorhus
npm/strip-eof@1.0.0 None 0 2.64 kB sindresorhus
npm/through@2.3.8 None 0 12.5 kB dominictarr
npm/typescript@4.9.5 None 0 66.8 MB typescript-bot
npm/which-module@2.0.1 None 0 4.04 kB nexdrew
npm/wrap-ansi@5.1.0 None 0 9.62 kB sindresorhus
npm/wsrun@5.2.4 environment, filesystem, shell 0 70.5 kB ivasilov
npm/y18n@4.0.3 filesystem 0 11 kB oss-bot
npm/yargs-parser@13.1.2 environment 0 57.1 kB oss-bot
npm/yargs@13.3.2 environment, filesystem 0 229 kB oss-bot

🚮 Removed packages: npm/@openzeppelin/hardhat-upgrades@3.5.0

View full report↗︎

@renovate renovate bot force-pushed the renovate/svelte-check-4.x branch from 87553ae to a5321ea Compare November 18, 2024 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants