Bump minimatch and mocha in /packages/rdf-parser-csvw#27
Open
dependabot[bot] wants to merge 33 commits into
Open
Bump minimatch and mocha in /packages/rdf-parser-csvw#27dependabot[bot] wants to merge 33 commits into
dependabot[bot] wants to merge 33 commits into
Conversation
Updated source code imports: - @zazuko/vue-graph-layout -> @lindas/vue-graph-layout - @zazuko/env/web -> @lindas/env/web - @zazuko/prefixes -> @lindas/prefixes Files changed: - src/components/data-model/data-model-component.vue - src/components/ResourcesExplorer.vue - src/components/shacl-dialog/modal-shacl-load.vue - src/views/ShaclEditor.vue Published versions: - @lindas/vue-graph-layout@0.1.6 - @lindas/spex@0.2.4
Updated source code imports: - @zazuko/vue-graph-layout -> @lindas/vue-graph-layout - @zazuko/env/web -> @lindas/env/web - @zazuko/prefixes -> @lindas/prefixes Files changed: - src/components/data-model/data-model-component.vue - src/components/ResourcesExplorer.vue - src/components/shacl-dialog/modal-shacl-load.vue - src/views/ShaclEditor.vue - packages/vocabulary-extras-builders/package.json (generate script)
- Add @lindas/rdf-parser-csvw-xlsx package (forked from @zazuko/rdf-parser-csvw-xlsx) - Update clownface package.json: - Rename from lindas-clownface to @lindas/clownface - Point repository to lindas-stack-libraries monorepo - Remove husky configuration (not needed in monorepo) - Add publishConfig for public access
…yout Security fixes: - Replace xlsx library with exceljs in rdf-parser-csvw-xlsx to fix: - Prototype Pollution vulnerability (GHSA-4r6h-8v6p-xvw6) - ReDoS vulnerability (GHSA-5pgg-2g8v-p4x9) - Migrate vue-graph-layout from Vue CLI to Vite to fix: - webpack-dev-server source code theft vulnerability - Multiple other webpack-dev-server vulnerabilities Other improvements: - Fix Windows path handling in tests using fileURLToPath - Bump @lindas/env-node to ^3.0.2 - All 8 tests pass with exceljs implementation
Renamed config files to use .cjs extension for CommonJS compatibility: - postcss.config.js -> postcss.config.cjs - tailwind.config.js -> tailwind.config.cjs - babel.config.js -> Removed (not needed with Vite) This fixes the build failure caused by module.exports being used in an ES module context (package.json has "type": "module"). Build now succeeds with Vite producing: - vue-graph-layout.js (9.90 kB) - vue-graph-layout.umd.cjs (7.12 kB) - vue-graph-layout.css (0.49 kB)
- Added npm override to replace @zazuko/rdf-parser-csvw-xlsx (uses vulnerable xlsx) with @lindas/rdf-parser-csvw-xlsx (uses safe exceljs) - Resolves GHSA-4r6h-8v6p-xvw6 (Prototype Pollution in sheetJS) - Resolves GHSA-5pgg-2g8v-p4x9 (ReDoS in sheetJS) - npm audit now reports 0 vulnerabilities
- Add proper exports with types for @lindas/env subpath exports (./web.js, ./Environment.js, etc.) - Update CI and release workflows to use --legacy-peer-deps - Support both main and master branches - Exclude test directory from TypeScript compilation in rdf-parser-csvw-xlsx - Remove compiled test files from repository
Published to npm with fixed TypeScript module exports.
- Add test suites for prefixes, vocabulary-loader, vocabulary-extras, vocabulary-extras-builders - Add mocha configuration for TypeScript tests - Add placeholder test scripts for UI packages (yasgui, yasr, yasqe, spex, shacl-test) - Configure changesets with README documentation - Add ts-node for TypeScript test support
- Add type assertions for streamToArray results - Fix factory type compatibility - Add eslint-disable comments for necessary any types
- wait-on@6 uses axios internal paths that don't work with Node 22 - Update to wait-on@9.0.3 which is compatible
The cube-hierarchy-query tests require docker-compose to start Fuseki (SPARQL server) for integration tests.
Updated snapshot key from @zazuko/cube-hierarchy-query to @lindas/cube-hierarchy-query to match the renamed package.
Same fix as CI workflow - cube-hierarchy-query tests require docker-compose to start Fuseki for integration tests.
- Tests run first on Node 18, 20, 22 - Security audit runs in parallel (non-blocking) - Release job runs after tests pass (only on push to main/master) - Added concurrency control to cancel outdated runs
Changesets action runs tests internally which need docker-compose for cube-hierarchy-query integration tests.
- Add webpack configuration for building yasgui packages - Add tsconfig files for TypeScript compilation - Increase maxPersistentResponseSize from 100KB to 10MB in yasr defaults - Add build scripts for yasgui bundle generation
- Downgrade get-stream from ^9.0.1 to ^8.0.0 in @lindas/env to fix Angular/esbuild bundler compatibility issue caused by @sec-ant/readable-stream async generator patterns - Add comprehensive proxy traps to extend() function in @lindas/env-core: getPrototypeOf, setPrototypeOf, isExtensible, preventExtensions, defineProperty, deleteProperty - Clean up debug logging from extend.js and Environment.js - Update changelogs
- Fork of @zazuko/formats-lazy v1.0.2 - Provides lazy-loaded RDF parsers and serializers - Uses @rdfjs/parser-n3, @rdfjs/parser-jsonld, rdfxml-streaming-parser - Does not depend on @graphy/* packages which require Node.js crypto - Browser-compatible alternative to @rdfjs-elements/formats-pretty
- Fixed malformed SinkMap generic types in index.d.ts - Properly import EventEmitter from events and Stream from @rdfjs/types - Fixes TS2345 error when using env.formats.import(formats)
Bump all packages to unified version for DevOps guidelines compliance.
Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.5 and updates ancestor dependencies [minimatch](https://github.com/isaacs/minimatch) and [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `minimatch` from 9.0.4 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.5) Updates `mocha` from 10.4.0 to 10.8.2 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.4.0...v10.8.2) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect - dependency-name: mocha dependency-version: 10.8.2 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps minimatch to 3.1.5 and updates ancestor dependencies minimatch and mocha. These dependencies need to be updated together.
Updates
minimatchfrom 3.1.2 to 3.1.5Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
minimatchfrom 9.0.4 to 9.0.9Commits
7bba9783.1.5bd25942docs: add warning about ReDoS1a9c27cfix partial matching of globstar patterns1a2e0843.1.4ae24656update lockfileb100374limit recursion for **, improve perf considerably26ffeaalockfile update9eca892lock node version to 1400c323b3.1.330486b2update CI matrix and actionsUpdates
mochafrom 10.4.0 to 10.8.2Release notes
Sourced from mocha's releases.
... (truncated)
Changelog
Sourced from mocha's changelog.
... (truncated)
Commits
05097dbchore(main): release 10.8.2 (#5239)14e640edocs: indicate 'exports' interface does not work in browsers (#5181)881e3b0chore: fix docs builds by re-adding eleventy and ignoring gitignore again (#5...f054accfix: test link in html reporter (#5224)e536ab2build(deps): bump the github-actions group with 1 update (#5132)ba0fefefix: support errors with circular dependencies in object values with --parall...f44f71bchore(main): release 10.8.1 (#5238)f72bc17fix: handle case of invalid package.json with no explicit config (#5198)68803b6fix: use accurate test links in HTML reporter (#5228)d8ca270fix: Typos on mochajs.org (#5237)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.