Release v2.0.74 · balena-io/deploy-to-balena-action

Update dependency balena-io/balena-cli to v18.2.33

Notable changes

-actions/setup-node (actions/setup-node)

patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
-balena-io-modules/etcher-sdk (etcher-sdk)
patch: use http2 to fix issues with url source [Edwin Joassart]
patch: remove CI workaround [Edwin Joassart]
patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
-dominictarr/event-stream (event-stream)
Removed support for Node versions 11 and below.
The verify() function no longer accepts unsigned tokens by default. ([8345030]auth0/node-jsonwebtoken@8345030)
RSA key size must be 2048 bits or greater. ([ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)
Key types must be valid for the signing / verification algorithm
security: fixes Arbitrary File Write via verify function - CVE-2022-23529
security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
-auth0/node-jsonwebtoken (jsonwebtoken)
Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325
updating @actions/artifact dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324
Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5
Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/307
Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/download-artifact/pull/292
Update toolkit dependency with updated unzip logic by @bethanyj28 in https://github.com/actions/download-artifact/pull/299
Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/303
@bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
Bump @actions/artifacts to latest version to include updated GHES host check
Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
Bump @actions/artifacts to latest version
-actions/download-artifact (actions/download-artifact)

balena-io/balena-cli (balena-io/balena-cli)

a39a772 (Deduplicate dependencies, 2024-07-15)
efa0d67 (deploy: Use the sdk's pine instance with balena-compose, 2024-07-15)
232b967 (Update balena-sdk to 19.7.3, 2024-07-13)

`v18.2.30`

Compare Source

4e101e2 (Omit unicode control character escapes from test logs, 2024-07-13)
9f9fd97 (Deduplicate dependencies, 2024-07-13)

`v18.2.29`

Compare Source

3c64e13 (Update balena-preload from 15.0.5 to 15.0.6, 2024-07-11)

`v18.2.28`

Compare Source

79fcd95 (Downgrade pinejs-client-request to 7.4.2 to unblock the sdk update, 2024-07-12)
33199ac (Update balena-sdk to 19.7.2, 2024-07-12)

`v18.2.27`

Compare Source

1702f8b (Update balena-sdk to 19.5.5, 2024-07-12)

`v18.2.26`

Compare Source

1bc0f74 (Drop unused dependencies, 2024-07-11)
f65215e (Move dependencies that should be dev only as devDependencies, 2024-07-11)

`v18.2.25`

Compare Source

b1073ca (Fix complete generation intermitency, 2024-07-10)
e659e35 (Bump oclif to v4, 2024-07-10)

`v18.2.24`

Compare Source

19a60bb (Update mocha from 8.4.0 to 10.6.0, 2024-07-10)
d1a6f75 (Override inline-source-cli with non-vulnerable dependency, 2024-07-10)

`v18.2.23`

Compare Source

7273656 (Replace resin-discoverable-services with bonjour-service, 2024-07-09)

`v18.2.22`

Compare Source

1749937 (Remove unused dependency minimatch, 2024-07-10)

`v18.2.21`

Compare Source

6c89ba4 (Bump resin-discoverable-services from 2.0.4 to 2.0.5, 2024-07-09)

`v18.2.20`

Compare Source

b6d1afa (Audit fix dependencies, 2024-07-05)

`v18.2.19`

Compare Source

93e597a (Remove unused package publish-release, 2024-07-05)

`v18.2.18`

Compare Source

Update actions/setup-node action to v4

Notable changes

actions/setup-node (actions/setup-node)

`v4`

Compare Source

List of commits

c30a1dc (Update actions/setup-node action to v4, 2024-07-02)

`v18.2.17`

Compare Source

Update dependency etcher-sdk to v9.1.0

Notable changes

patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]

balena-io-modules/etcher-sdk (etcher-sdk)

`v9.1.0`

Compare Source

patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]

List of commits

2d47eb5 (Update dependency etcher-sdk to v9.1.0, 2024-07-02)

`v18.2.16`

Compare Source

Update dependency etcher-sdk to v9.0.11

Notable changes

patch: use http2 to fix issues with url source [Edwin Joassart]
patch: remove CI workaround [Edwin Joassart]
patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]

balena-io-modules/etcher-sdk (etcher-sdk)

`v9.0.11`

Compare Source

patch: use http2 to fix issues with url source [Edwin Joassart]

`v9.0.10`

Compare Source

patch: remove CI workaround [Edwin Joassart]

`v9.0.9`

Compare Source

patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]

List of commits

6b56576 (Update dependency etcher-sdk to v9.0.11, 2024-07-02)

`v18.2.15`

Compare Source

Update dependency event-stream to v3.3.5

Notable changes

dominictarr/event-stream (event-stream)

`v3.3.5`

Compare Source

List of commits

b518067 (Update dependency event-stream to v3.3.5, 2024-07-02)

`v18.2.14`

Compare Source

Update dependency jsonwebtoken to v9 [SECURITY]

Notable changes

Removed support for Node versions 11 and below.
The verify() function no longer accepts unsigned tokens by default. ([8345030]auth0/node-jsonwebtoken@8345030)
RSA key size must be 2048 bits or greater. ([ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)
Key types must be valid for the signing / verification algorithm
security: fixes Arbitrary File Write via verify function - CVE-2022-23529
security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

auth0/node-jsonwebtoken (jsonwebtoken)

`v9.0.0`

Compare Source

Breaking changes: See Migration from v8 to v9

Breaking changes

Removed support for Node versions 11 and below.
The verify() function no longer accepts unsigned tokens by default. ([8345030]auth0/node-jsonwebtoken@8345030)
RSA key size must be 2048 bits or greater. ([ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)
Key types must be valid for the signing / verification algorithm

Security fixes

security: fixes Arbitrary File Write via verify function - CVE-2022-23529
security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

List of commits

f05e499 (Update dependency jsonwebtoken to v9 [SECURITY], 2024-07-02)

Update actions/download-artifact action to v4.1.7

Notable changes

Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325
updating @actions/artifact dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324
Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5
Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/307
Update release-new-action-version.yml by @konradpabjan in https://github.com/actions/download-artifact/pull/292
Update toolkit dependency with updated unzip logic by @bethanyj28 in https://github.com/actions/download-artifact/pull/299
Update @actions/artifact by @bethanyj28 in https://github.com/actions/download-artifact/pull/303
@bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
Bump @actions/artifacts to latest version to include updated GHES host check
Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
Bump @actions/artifacts to latest version

actions/download-artifact (actions/download-artifact)

`v4.1.7`

Compare Source

What's Changed

Update @actions/artifact dependency by @bethanyj28 in https://github.com/actions/download-artifact/pull/325

Full Changelog: actions/download-artifact@v4.1.6...v4.1.7

`v4.1.6`

Compare Source

What's Changed

updating @actions/artifact dependency to v2.1.6 by @eggyhead in https://github.com/actions/download-artifact/pull/324

Full Changelog: actions/download-artifact@v4.1.5...v4.1.6

`v4.1.5`

Compare Source

What's Changed

Update readme with v3/v2/v1 deprecation notice by @robherley in https://github.com/actions/download-artifact/pull/322
Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5

Full Changelog: actions/download-artifact@v4.1.4...v4.1.5