Update dependency balena-io/balena-cli to v18.2.33
Notable changes
-actions/setup-node (actions/setup-node)
- patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
- minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
-balena-io-modules/etcher-sdk (etcher-sdk) - patch: use http2 to fix issues with url source [Edwin Joassart]
- patch: remove CI workaround [Edwin Joassart]
- patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
-dominictarr/event-stream (event-stream) - Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. ([
8345030
]auth0/node-jsonwebtoken@8345030) - RSA key size must be 2048 bits or greater. ([
ecdf6cc
]auth0/node-jsonwebtoken@ecdf6cc) - Key types must be valid for the signing / verification algorithm
- security: fixes
Arbitrary File Write via verify function
- CVE-2022-23529 - security: fixes
Insecure default algorithm in jwt.verify() could lead to signature validation bypass
- CVE-2022-23540 - security: fixes
Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
- CVE-2022-23541 - security: fixes
Unrestricted key type could lead to legacy keys usage
- CVE-2022-23539
-auth0/node-jsonwebtoken (jsonwebtoken) - Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325
- updating
@actions/artifact
dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324 - Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
- Update dependencies
@actions/core
to v1.10.1 and@actions/artifact
to v2.1.5 - Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/307
- Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/download-artifact/pull/292
- Update toolkit dependency with updated unzip logic by @bethanyj28 in https://github.com/actions/download-artifact/pull/299
- Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/303
- @bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
- Bump @actions/artifacts to latest version to include updated GHES host check
- Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
- Bump
@actions/artifacts
to latest version
-actions/download-artifact (actions/download-artifact)
balena-io/balena-cli (balena-io/balena-cli)
v18.2.33
v18.2.32
v18.2.31
a39a772
(Deduplicate dependencies, 2024-07-15)
efa0d67
(deploy: Use the sdk's pine instance with balena-compose, 2024-07-15)
232b967
(Update balena-sdk to 19.7.3, 2024-07-13)
v18.2.30
4e101e2
(Omit unicode control character escapes from test logs, 2024-07-13)
9f9fd97
(Deduplicate dependencies, 2024-07-13)
v18.2.29
3c64e13
(Update balena-preload from 15.0.5 to 15.0.6, 2024-07-11)
v18.2.28
79fcd95
(Downgrade pinejs-client-request to 7.4.2 to unblock the sdk update, 2024-07-12)
33199ac
(Update balena-sdk to 19.7.2, 2024-07-12)
v18.2.27
1702f8b
(Update balena-sdk to 19.5.5, 2024-07-12)
v18.2.26
1bc0f74
(Drop unused dependencies, 2024-07-11)
f65215e
(Move dependencies that should be dev only as devDependencies, 2024-07-11)
v18.2.25
b1073ca
(Fix complete generation intermitency, 2024-07-10)
e659e35
(Bump oclif to v4, 2024-07-10)
v18.2.24
19a60bb
(Update mocha from 8.4.0 to 10.6.0, 2024-07-10)
d1a6f75
(Override inline-source-cli with non-vulnerable dependency, 2024-07-10)
v18.2.23
7273656
(Replace resin-discoverable-services with bonjour-service, 2024-07-09)
v18.2.22
1749937
(Remove unused dependency minimatch, 2024-07-10)
v18.2.21
6c89ba4
(Bump resin-discoverable-services from 2.0.4 to 2.0.5, 2024-07-09)
v18.2.20
b6d1afa
(Audit fix dependencies, 2024-07-05)
v18.2.19
93e597a
(Remove unused package publish-release
, 2024-07-05)
v18.2.18
Update actions/setup-node action to v4
Notable changes
List of commits
c30a1dc
(Update actions/setup-node action to v4, 2024-07-02)
v18.2.17
Update dependency etcher-sdk to v9.1.0
Notable changes
- patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
- minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
balena-io-modules/etcher-sdk (etcher-sdk)
v9.1.0
- patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
- minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
List of commits
2d47eb5
(Update dependency etcher-sdk to v9.1.0, 2024-07-02)
v18.2.16
Update dependency etcher-sdk to v9.0.11
Notable changes
- patch: use http2 to fix issues with url source [Edwin Joassart]
- patch: remove CI workaround [Edwin Joassart]
- patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
balena-io-modules/etcher-sdk (etcher-sdk)
v9.0.11
- patch: use http2 to fix issues with url source [Edwin Joassart]
v9.0.10
- patch: remove CI workaround [Edwin Joassart]
v9.0.9
- patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
List of commits
6b56576
(Update dependency etcher-sdk to v9.0.11, 2024-07-02)
v18.2.15
Update dependency event-stream to v3.3.5
Notable changes
List of commits
b518067
(Update dependency event-stream to v3.3.5, 2024-07-02)
v18.2.14
Update dependency jsonwebtoken to v9 [SECURITY]
Notable changes
- Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. ([
8345030
]auth0/node-jsonwebtoken@8345030) - RSA key size must be 2048 bits or greater. ([
ecdf6cc
]auth0/node-jsonwebtoken@ecdf6cc) - Key types must be valid for the signing / verification algorithm
- security: fixes
Arbitrary File Write via verify function
- CVE-2022-23529 - security: fixes
Insecure default algorithm in jwt.verify() could lead to signature validation bypass
- CVE-2022-23540 - security: fixes
Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
- CVE-2022-23541 - security: fixes
Unrestricted key type could lead to legacy keys usage
- CVE-2022-23539
auth0/node-jsonwebtoken (jsonwebtoken)
v9.0.0
Breaking changes: See Migration from v8 to v9
Breaking changes
- Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. ([
8345030
]auth0/node-jsonwebtoken@8345030) - RSA key size must be 2048 bits or greater. ([
ecdf6cc
]auth0/node-jsonwebtoken@ecdf6cc) - Key types must be valid for the signing / verification algorithm
Security fixes
- security: fixes
Arbitrary File Write via verify function
- CVE-2022-23529 - security: fixes
Insecure default algorithm in jwt.verify() could lead to signature validation bypass
- CVE-2022-23540 - security: fixes
Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
- CVE-2022-23541 - security: fixes
Unrestricted key type could lead to legacy keys usage
- CVE-2022-23539
List of commits
f05e499
(Update dependency jsonwebtoken to v9 [SECURITY], 2024-07-02)
v18.2.13
14e1255
(Update dependency @types/prettyjson to ^0.0.33, 2024-07-02)
v18.2.12
7325e8d
(Deduplicate dependencies, 2024-07-01)
v18.2.11
a29bd8d
(Update dependency @types/fast-levenshtein to v0.0.4, 2024-06-21)
v18.2.10
Update actions/download-artifact action to v4.1.7
Notable changes
- Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325
- updating
@actions/artifact
dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324 - Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
- Update dependencies
@actions/core
to v1.10.1 and@actions/artifact
to v2.1.5 - Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/307
- Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/download-artifact/pull/292
- Update toolkit dependency with updated unzip logic by @bethanyj28 in https://github.com/actions/download-artifact/pull/299
- Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/303
- @bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
- Bump @actions/artifacts to latest version to include updated GHES host check
- Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
- Bump
@actions/artifacts
to latest version
actions/download-artifact (actions/download-artifact)
v4.1.7
What's Changed
- Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325
Full Changelog: actions/download-artifact@v4.1.6...v4.1.7
v4.1.6
What's Changed
- updating
@actions/artifact
dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324
Full Changelog: actions/download-artifact@v4.1.5...v4.1.6
v4.1.5
What's Changed
- Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
- Update dependencies
@actions/core
to v1.10.1 and@actions/artifact
to v2.1.5
Full Changelog: actions/download-artifact@v4.1.4...v4.1.5
v4.1.4
What's Changed
- Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/307
Full Changelog: actions/download-artifact@v4...v4.1.4
v4.1.3
What's Changed
- Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/download-artifact/pull/292
- Update toolkit dependency with updated unzip logic by @bethanyj28 in https://github.com/actions/download-artifact/pull/299
- Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/303
New Contributors
- @bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
Full Changelog: actions/download-artifact@v4...v4.1.3
v4.1.2
- Bump @actions/artifacts to latest version to include updated GHES host check
v4.1.1
- Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
- Bump
@actions/artifacts
to latest version
List of commits
15c0c32
(Update actions/download-artifact action to v4.1.7, 2024-06-21)
v18.2.9
7322020
(Update actions/setup-python digest to 65d7f2d
, 2024-06-21)
v18.2.8
2cd455f
(Update actions/upload-artifact digest to 6546280
, 2024-06-21)
v18.2.7
f502878
(Pin dependencies, 2024-06-21)
v18.2.6
75d2d7d
(Update @oclif/core from 3.26.9 to 3.27.0, 2024-06-21)
v18.2.5
5a3f0ea
(Limit @oclif/core to ~3.26 so that npm dedupe doesn't auto-bump it, 2024-06-21)
e1cd300
(Deduplicate dependencies, 2024-06-21)
7959e23
(Update TypeScript to 5.5.2, 2024-06-21)
List of commits
58ee0c4 (Update dependency balena-io/balena-cli to v18.2.33, 2024-07-25)