Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update npm (major) #34

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update npm (major) #34

wants to merge 1 commit into from
+491 −1,270

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 19, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@shikijs/langs (source) ^1.25.1 -> ^2.3.0 age adoption passing confidence
@shikijs/rehype (source) ^1.25.1 -> ^2.3.0 age adoption passing confidence
@shikijs/themes (source) ^1.25.1 -> ^2.3.0 age adoption passing confidence
@sveltejs/vite-plugin-svelte (source) ^3.1.2 -> ^5.0.3 age adoption passing confidence
arctic ^1.9.2 -> ^3.2.2 age adoption passing confidence
eslint-config-prettier ^9.1.0 -> ^10.0.1 age adoption passing confidence
pnpm (source) 9.15.2 -> 10.2.0 age adoption passing confidence
shiki (source) ^1.25.1 -> ^2.3.0 age adoption passing confidence
svelte (source) ^4.2.19 -> ^5.19.7 age adoption passing confidence
svelte-exmarkdown (source) ^3.0.5 -> ^4.0.2 age adoption passing confidence
svelte-meta-tags (source) ^3.1.4 -> ^4.1.0 age adoption passing confidence
tailwind-merge ^2.6.0 -> ^3.0.1 age adoption passing confidence
tailwindcss (source) ^3.4.17 -> ^4.0.3 age adoption passing confidence
vite (source) ^5.4.11 -> ^6.0.11 age adoption passing confidence

Release Notes

shikijs/shiki (@​shikijs/langs)

v2.3.0

Compare Source

   🚀 Features
    View changes on GitHub

v2.2.0

Compare Source

   🚨 Breaking Changes
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v2.1.0

Compare Source

   🚀 Features
    View changes on GitHub

v2.0.3

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v2.0.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v2.0.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v2.0.0

Compare Source

Read the announcement: Shiki v2
    View changes on GitHub

v1.29.2

Compare Source

   🚨 Breaking Changes
   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v1.29.1

Compare Source

   🚀 Features
    View changes on GitHub

v1.29.0

Compare Source

   🚀 Features
    View changes on GitHub

v1.28.0

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v1.27.2

Compare Source

No significant changes

    View changes on GitHub

v1.27.1

Compare Source

   🚀 Features
    View changes on GitHub

v1.27.0

Compare Source

   🚀 Features
    View changes on GitHub

v1.26.2

Compare Source

   🚀 Features
    View changes on GitHub

v1.26.1

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v1.26.0

Compare Source

   🚀 Features
    View changes on GitHub
sveltejs/vite-plugin-svelte (@​sveltejs/vite-plugin-svelte)

v5.0.3

Compare Source

Patch Changes
  • fix errorhandling to work with errors that don't have a code property (#​1054)

v5.0.2

Compare Source

Patch Changes
  • adapt internal handling of warning and error code property to changes in svelte5 (#​1044)

v5.0.1

Compare Source

Patch Changes
  • Fix peer dependencies warning (#​1038)

v5.0.0

Compare Source

Major Changes

  • Handle Vite 6 breaking change and remove Vite 5 handling (#​1020)

  • Support Vite 6 (#​1026)

Minor Changes

  • Add esm-env to ssr.noExternal by default to resolve its conditions with Vite (#​1020)

  • Support ?inline query on Svelte style virtual modules (#​1024)

Patch Changes

v4.0.4

Compare Source

Patch Changes
  • fix errorhandling to work with errors that don't have a code property (1a91581)

v4.0.3

Compare Source

Patch Changes
  • adapt internal handling of warning and error code property to changes in svelte5 (#​1046)

v4.0.2

Compare Source

Patch Changes
  • Allow script tags to span multiple lines (5309d7b)

v4.0.1

Compare Source

Patch Changes
  • removed references to compiler options no longer available in svelte5 (#​1010)

v4.0.0

Compare Source

Major Changes

  • only prebundle files with default filenames (.svelte for components, .svelte.(js|ts) for modules) (#​901)

  • remove support for Svelte 4 (#​892)

  • breaking(types): some types that have been unintentionally public are now private (#​934)

  • disable script preprocessing in vitePreprocess() by default because Svelte 5 supports lang=ts out of the box (#​892)

  • replaced svelte-hmr with Svelte 5 compiler hmr integration (#​892)

Minor Changes

  • allow infix notation for svelte modules (#​901)

    Previously, only suffix notation .svelte.js was allowed, now you can also use .svelte.test.js or .svelte.stories.js.
    This helps when writing testcases or other auxillary code where you may want to use runes too.

  • feat(config): dynamically extract list of svelte exports from peer dependency so that new exports work automatically" (#​941)

  • feat(warnings): change default loglevel of warnings originating from files in node_modules to debug. To see them call DEBUG:vite-plugin-svelte:node-modules-onwarn pnpm build. (#​989)

Patch Changes

  • fix: make defaultHandler a required argument for onwarn in plugin options (#​895)

  • prebundle with dev: true by default (#​901)

  • fix(dev): compile with hmr: false for prebundled deps as hmr does not work with that (#​950)

  • fix: ensure svelte modules correctly run in DEV mode (#​906)

  • ensure consistent use of compileOptions.hmr also for prebundling (#​956)

  • fix(optimizeDeps): avoid to optimise server only entrypoints of svelte that are never used on the client (#​941)

  • update peer on workspace packages to avoid packages bumping each other (#​916)

  • export PluginOptions interface (#​976)

  • Remove log about experimental status of Svelte 5. Note that breaking changes can still occur while vite-plugin-svelte 4 is in prerelease mode (#​894)

  • fix: ensure vite config is only resolved once during lazy init of vitePreprocess (#​912)

  • fix(vitePreprocess): default to build config so that svelte-check does not trigger dev-only plugins (#​931)

  • fix: only apply infix filter to basename (#​920)

  • fix: disable hmr when vite config server.hmr is false (#​913)

  • fix(dev): make sure custom cssHash is applied consistently even for prebundled components to avoid hash mismatches during hydration (#​950)

  • Updated dependencies [22baa25, 49324db, e9f048c, 213fedd]:

pilcrowonpaper/arctic (arctic)

v3.2.2

Compare Source

  • Entra ID: Add Origin header to requests (#​260).

v3.2.1

Compare Source

  • Add refreshAccessToken() method to Figma provider (#​258).

v3.2.0

Compare Source

v3.1.3

Compare Source

  • Fix TikTok endpoints and scope parameter.

v3.1.2

Compare Source

  • Export TikTok provider (#​249).

v3.1.1

Compare Source

  • Fix Authentik endpoints (#​244).

v3.1.0

Compare Source

  • Add Battle.net provider (#​241).

v3.0.0

Compare Source

Arctic v3 is here! This is a small major release that adds support for public OAuth clients. There are only a few breaking changes and most breaking changes are small.

npm install arctic@latest

Changes

  • [Breaking] Remove clientSecret parameter from Etsy constructor.
  • [Breaking] Add codeVerifier parameter to createAuthorizationURL() and validateAuthorizationCode() in Auth0, Discord, Spotify, WorkOS.
  • [Breaking] Replaced domain parameter with baseURL parameter for Authentik, GitLab constructor.
  • [Breaking] Replaced poolURL parameter with domain parameter for AmazonCognito constructor.
  • [Breaking] Add scopes parameter to refreshAccessToken() in AmazonCognito, MicrosoftEntraId.
  • [Breaking] Update MyAnimeList constructor.
  • [Breaking] Stricter compliance to RFC 6749 for OAuth2Client.
  • Add UnexpectedResponseError and UnexpectedErrorResponseBodyError errors.
  • Allow null as clientSecret in AmazonCognito, Auth0, Authentik, Bungie, Discord, GitLab, KeyCloak, MicrosoftEntraId, Roblox, Salesforce, Spotify, Twitter, WorkOS constructor.
  • Fix scopes parameter in Strava.createAuthorizationURL().
  • Add TikTok provider.

v2.3.4

  • Add refreshAccessToken() method to Figma provider (#​256).

v2.0.0

Major changes
  • createAuthorizationURL() no longer returns a Promise
  • validateAuthorizationCode() and refreshAccessToken() returns OAuth2Tokens
  • validateAuthorizationCode() and refreshAccessToken() can throw one of OAuth2RequestError, ArcticFetchError, or Error
  • Scopes are no longer set by default, including openid and those required by the provider
  • Updated parameters for Apple, GitHub, GitLab, MicrosoftEntraId, MyAnimeList, Okta, Osu, and Salesforce
  • Removed options.scope parameter from createAuthorizationURL()
  • Removed OAuth2Provider and OAuth2ProviderWithPKCE
  • Update createAuthorizationURL() provider methods
Minor changes
  • Add Polar provider.
  • Add Start.gg provider.
  • Add Bungie.Net provider.
  • Add refreshAccessToken() to GitHub
  • createAuthorizationURL() returns AuthorizationCodeAuthorizationURL
  • Add decodeIdToken()
  • Add token revocation API
Patch changes
  • Remove @oslojs/oauth2 dependency
  • Fix Amazon Cognito provider
prettier/eslint-config-prettier (eslint-config-prettier)

v10.0.1

Compare Source

eslint-config-prettier

10.0.1

What's Changed

New Contributors

Full Changelog: prettier/eslint-config-prettier@v9.1.0...v10.0.1

v10.0.0

Compare Source

Major Changes
pnpm/pnpm (pnpm)

v10.2.0

Compare Source

Minor Changes

  • Packages executed via pnpm dlx and pnpm create are allowed to be built (run postinstall scripts) by default.

    If the packages executed by dlx or create have dependencies that have to be built, they should be listed via the --allow-build flag. For instance, if you want to run a package called bundle that has esbuild in dependencies and want to allow esbuild to run postinstall scripts, run:

    pnpm --allow-build=esbuild dlx bundle

    Related PR: #​9026.

Patch Changes
  • Quote args for scripts with shell-quote to support new lines (on POSIX only) #​8980.
  • Fix a bug in which pnpm deploy fails to read the correct projectId when the deploy source is the same as the workspace directory #​9001.
  • Proxy settings should be respected, when resolving Git-hosted dependencies #​6530.
  • Prevent overrides from adding invalid version ranges to peerDependencies by keeping the peerDependencies and overriding them with prod dependencies #​8978.
  • Sort the package names in the "pnpm.onlyBuiltDependencies" list saved by pnpm approve-builds.

v10.1.0

Compare Source

Minor Changes
  • Added a new command for printing the list of dependencies with ignored build scripts: pnpm ignored-builds #​8963.
  • Added a new command for approving dependencies for running scripts during installation: pnpm approve-builds #​8963.
  • Added a new setting called optimistic-repeat-install. When enabled, a fast check will be performed before proceeding to installation. This way a repeat install or an install on a project with everything up-to-date becomes a lot faster. But some edge cases might arise, so we keep it disabled by default for now #​8977.
  • Added a new field "pnpm.ignoredBuiltDependencies" for explicitly listing packages that should not be built. When a package is in the list, pnpm will not print an info message about that package not being built #​8935.
Patch Changes
  • Verify that the package name is valid when executing the publish command.
  • When running pnpm install, the preprepare and postprepare scripts of the project should be executed #​8989.
  • Allow workspace: and catalog: to be part of wider version range in peerDependencies.
  • pnpm deploy should inherit the pnpm object from the root package.json #​8991.
  • Make sure that the deletion of a node_modules in a sub-project of a monorepo is detected as out-of-date #​8959.
  • Fix infinite loop caused by lifecycle scripts using pnpm to execute other scripts during pnpm install with verify-deps-before-run=install #​8954.
  • Replace strip-ansi with the built-in util.stripVTControlCharacters #​9009.
  • Do not print patched dependencies as ignored dependencies that require a build #​8952.

v10.0.0

Compare Source

Major Changes

  • Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm.onlyBuiltDependencies field of package.json #​8897. For example:

    {
  "pnpm": {
    "onlyBuiltDependencies": ["fsevents"]
  }
}

  • pnpm link behavior updated:

    The pnpm link command now adds overrides to the root package.json.

    • In a workspace: The override is added to the root of the workspace, linking the dependency to all projects in the workspace.
    • Global linking: To link a package globally, run pnpm link from the package’s directory. Previously, you needed to use pnpm link -g.
      Related PR: #​8653

  • Secure hashing with SHA256:

    Various hashing algorithms have been updated to SHA256 for enhanced security and consistency:

    • Long paths inside node_modules/.pnpm are now hashed with SHA256.
    • Long peer dependency hashes in the lockfile now use SHA256 instead of MD5. (This affects very few users since these are only used for long keys.)
    • The hash stored in the packageExtensionsChecksum field of pnpm-lock.yaml is now SHA256.
    • The side effects cache keys now use SHA256.
    • The pnpmfile checksum in the lockfile now uses SHA256 (#​8530).

  • Configuration updates:

    • manage-package-manager-versions: enabled by default. pnpm now manages its own version based on the packageManager field in package.json by default.

    • public-hoist-pattern: nothing is hoisted by default. Packages containing eslint or prettier in their name are no longer hoisted to the root of node_modules. Related Issue: #​8378

    • Upgraded @yarnpkg/extensions to v2.0.3. This may alter your lockfile.

    • virtual-store-dir-max-length: the default value on Windows has been reduced to 60 characters.

    • Reduced environment variables for scripts:
      During script execution, fewer npm_package_* environment variables are set. Only name, version, bin, engines, and config remain.
      Related Issue: #​8552

    • All dependencies are now installed even if NODE_ENV=production. Related Issue: #​8827

  • Changes to the global store:

    • Store version bumped to v10.

    • Some registries allow identical content to be published under different package names or versions. To accommodate this, index files in the store are now stored using both the content hash and package identifier.

      This approach ensures that we can:

      1. Validate that the integrity in the lockfile corresponds to the correct package, which might not be the case after a poorly resolved Git conflict.
      2. Allow the same content to be referenced by different packages or different versions of the same package.
        Related PR: #​8510
        Related Issue: #​8204

    • More efficient side effects indexing. The structure of index files in the store has changed. Side effects are now tracked more efficiently by listing only file differences rather than all files.
      Related PR: #​8636

    • A new index directory stores package content mappings. Previously, these files were in files.

  • Other breaking changes:

    • The # character is now escaped in directory names within node_modules/.pnpm.
      Related PR: #​8557
    • Running pnpm add --global pnpm or pnpm add --global @​pnpm/exe now fails with an error message, directing you to use pnpm self-update instead.
      Related PR: #​8728
    • Dependencies added via a URL now record the final resolved URL in the lockfile, ensuring that any redirects are fully captured.
      Related Issue: #​8833
    • The pnpm deploy command now only works in workspaces that have inject-workspace-packages=true. This limitation is introduced to allow us to create a proper lockfile for the deployed project using the workspace lockfile.
    • Removed conversion from lockfile v6 to v9. If you need v6-to-v9 conversion, use pnpm CLI v9.
    • pnpm test now passes all parameters after the test keyword directly to the underlying script. This matches the behavior of pnpm run test. Previously you needed to use the -- prefix.
      Related PR: #​8619

  • node-gyp updated to version 11.

  • pnpm deploy now tries creating a dedicated lockfile from a shared lockfile for deployment. It will fallback to deployment without a lockfile if there is no shared lockfile or force-legacy-deploy is set to true.

Minor Changes

  • Added support for a new type of dependencies called "configurational dependencies". These dependencies are installed before all the other types of dependencies (before "dependencies", "devDependencies", "optionalDependencies").

    Configurational dependencies cannot have dependencies of their own or lifecycle scripts. They should be added using exact version and the integrity checksum. Example:

    {
  "pnpm": {
    "configDependencies": {
      "my-configs": "1.0.0+sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="
    }
  }
}

    Related RFC: #​8.
    Related PR: #​8915.

  • New settings:

    • New verify-deps-before-run setting. This setting controls how pnpm checks node_modules before running scripts:

      • install: Automatically run pnpm install if node_modules is outdated.
      • warn: Print a warning if node_modules is outdated.
      • prompt: Prompt the user to confirm running pnpm install if node_modules is outdated.
      • error: Throw an error if node_modules is outdated.
      • false: Disable dependency checks.
        Related Issue: #​8585

    • New inject-workspace-packages setting enables hard-linking all local workspace dependencies instead of symlinking them. Previously, this could be achieved using dependenciesMeta[].injected, which remains supported.
      Related PR: #​8836

  • Faster repeat installs:

    On repeated installs, pnpm performs a quick check to ensure node_modules is up to date.
    Related PR: #​8838

  • pnpm add integrates with default workspace catalog:

    When adding a dependency, pnpm add checks the default workspace catalog. If the dependency and version requirement match the catalog, pnpm add uses the catalog: protocol. Without a specified version, it matches the catalog’s version. If it doesn’t match, it falls back to standard behavior.
    Related Issue: #​8640

  • pnpm dlx now resolves packages to their exact versions and uses these exact versions for cache keys. This ensures pnpm dlx always installs the latest requested packages.
    Related PR: #​8811

  • No node_modules validation on certain commands. Commands that should not modify node_modules (e.g., pnpm install --lockfile-only) no longer validate or purge node_modules.
    Related PR: #​8657

v9.15.5: pnpm 9.15.5

Compare Source

Patch Changes

  • Verify that the package name is valid when executing the publish command.
  • When running pnpm install, the preprepare and postprepare scripts of the project should be executed #​8989.
  • Quote args for scripts with shell-quote to support new lines (on POSIX only) #​8980.
  • Proxy settings should be respected, when resolving Git-hosted dependencies #​6530.
  • Replace strip-ansi with the built-in util.stripVTControlCharacters #​9009.

Platinum Sponsors

Bit Bit Figma

Gold Sponsors

Discord config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@vercel Vercel
Copy link

vercel bot commented Oct 19, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
svelte-changelog ❌ Failed (Inspect) Feb 4, 2025 9:23am

@renovate renovate bot force-pushed the renovate/major-npm branch from 57010ef to ac44906 Compare October 19, 2024 21:27
@renovate renovate bot force-pushed the renovate/major-npm branch from ac44906 to e8253ca Compare October 20, 2024 01:58
@renovate renovate bot force-pushed the renovate/major-npm branch from e8253ca to faca8b4 Compare October 20, 2024 03:13
@renovate renovate bot force-pushed the renovate/major-npm branch from faca8b4 to aec59ef Compare October 20, 2024 10:15
@renovate renovate bot force-pushed the renovate/major-npm branch from aec59ef to b35df82 Compare October 20, 2024 12:20
@renovate renovate bot force-pushed the renovate/major-npm branch from b35df82 to 816b667 Compare October 21, 2024 10:58
@renovate renovate bot force-pushed the renovate/major-npm branch from 816b667 to b3e59fc Compare October 21, 2024 15:24
@renovate renovate bot force-pushed the renovate/major-npm branch from b3e59fc to 69d80bd Compare October 21, 2024 18:50
@renovate renovate bot force-pushed the renovate/major-npm branch from 69d80bd to 804ef0d Compare October 23, 2024 13:05
@renovate renovate bot force-pushed the renovate/major-npm branch from 804ef0d to 46fe535 Compare October 23, 2024 17:10
@renovate renovate bot force-pushed the renovate/major-npm branch from 46fe535 to ee35641 Compare October 23, 2024 22:02
@renovate renovate bot force-pushed the renovate/major-npm branch from ee35641 to a80cf80 Compare October 24, 2024 10:14
@renovate renovate bot force-pushed the renovate/major-npm branch from a80cf80 to 51b3027 Compare October 24, 2024 22:46
@renovate renovate bot force-pushed the renovate/major-npm branch from ec3e5bc to 08f23ea Compare January 22, 2025 17:05
@renovate renovate bot force-pushed the renovate/major-npm branch from 08f23ea to 766b30f Compare January 23, 2025 01:05
@renovate renovate bot force-pushed the renovate/major-npm branch from 766b30f to 0e45d4a Compare January 25, 2025 01:09
@renovate renovate bot force-pushed the renovate/major-npm branch from 0e45d4a to 00a4f4f Compare January 28, 2025 14:31
@renovate renovate bot force-pushed the renovate/major-npm branch from 00a4f4f to d29c21e Compare January 29, 2025 16:26
@renovate renovate bot force-pushed the renovate/major-npm branch from d29c21e to 2a9b7fa Compare January 30, 2025 12:44
@renovate renovate bot force-pushed the renovate/major-npm branch from 2a9b7fa to 08eab18 Compare January 30, 2025 18:02
@renovate renovate bot force-pushed the renovate/major-npm branch from 08eab18 to 11ce9ca Compare January 30, 2025 22:03
@renovate renovate bot force-pushed the renovate/major-npm branch from 11ce9ca to 3e3fb04 Compare January 31, 2025 20:33
@renovate renovate bot force-pushed the renovate/major-npm branch from 3e3fb04 to e3d8dba Compare February 1, 2025 04:54
@renovate renovate bot force-pushed the renovate/major-npm branch from e3d8dba to dc5a832 Compare February 1, 2025 20:38
@renovate renovate bot force-pushed the renovate/major-npm branch from dc5a832 to 681232c Compare February 3, 2025 17:55
@renovate renovate bot force-pushed the renovate/major-npm branch from 681232c to fe05549 Compare February 3, 2025 21:44
@renovate renovate bot force-pushed the renovate/major-npm branch from fe05549 to d885bdc Compare February 4, 2025 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies npm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@WarningImHack3r