Update all non-major dependencies #264

renovate · 2024-11-15T23:00:00Z

This PR contains the following updates:

Package	Change	Type	Update
@vitejs/plugin-vue (source)	`5.2.0` -> `5.2.1`	devDependencies	patch
async	`2.20.0` -> `2.21.1`		minor
awscli	`2.21.2` -> `2.22.8`		minor
browser-tools	`1.4.8` -> `1.4.9`	orb	patch
lux-design-system	`5.11.0` -> `5.11.1`	dependencies	patch
pry	`0.14.2` -> `0.15.0`		minor
puma	`6.4.3` -> `6.5.0`		minor
selenium-webdriver (source, changelog)	`4.26.0` -> `4.27.0`		minor
vite (source)	`6.0.0` -> `6.0.2`	devDependencies	patch

Release Notes

vitejs/vite-plugin-vue (@vitejs/plugin-vue)

`v5.2.1`

chore: add vite 6 peer dep (#481) (4288652), closes #481
chore: fix lint (378aea3)
chore(deps): update dependency rollup to ^4.27.2 (#476) (b2df95e), closes #476

socketry/async (async)

`v2.21.1`

Compare Source

Worker Pool

Ruby 3.4 will feature a new fiber scheduler hook, blocking_operation_wait which allows the scheduler to redirect the work given to rb_nogvl to a worker pool.

The Async scheduler optionally supports this feature using a worker pool, by using the following environment variable:

ASYNC_SCHEDULER_DEFAULT_WORKER_POOL=true

This will cause the scheduler to use a worker pool for general blocking operations, rather than blocking the event loop.

It should be noted that this isn't a net win, as the overhead of using a worker pool can be significant compared to the rb_nogvl work. As such, it is recommended to benchmark your application with and without the worker pool to determine if it is beneficial.

`v2.21.0`

Compare Source

aws/aws-cli (awscli)

SeleniumHQ/selenium (selenium-webdriver)

`v4.27.0`

=========================

Add CDP for Chrome 131 and remove 128
Add Firefox CDP deprecation warnings (#14763)
Add Bidi network commands for authentication and interception (#14523)
Handle graceful webdriver shutdown (#14430)
Reduce RBS errors to 0 (#14661)
Resolve uri gem deprecation warning (#14770)
Update minimum Ruby to 3.1 (#14685)
Implement navigation commands with BiDi (#14094)

vitejs/vite (vite)

`v6.0.2`

Compare Source

chore: run typecheck in unit tests (#18858) (49f20bb), closes #18858
chore: update broken links in changelog (#18802) (cb754f8), closes #18802
chore: update broken links in changelog (#18804) (47ec49f), closes #18804
fix: don't store temporary vite config file in node_modules if deno (#18823) (a20267b), closes #18823
fix(css): referencing aliased svg asset with lightningcss enabled errored (#18819) (ae68958), closes #18819
fix(manifest): use style.css as a key for the style file for cssCodesplit: false (#18820) (ec51115), closes #18820
fix(optimizer): resolve all promises when cancelled (#18826) (d6e6194), closes #18826
fix(resolve): don't set builtinModules to external by default (#18821) (2250ffa), closes #18821
fix(ssr): set ssr.target: 'webworker' defaults as fallback (#18827) (b39e696), closes #18827
feat(css): format lightningcss error (#18818) (dac7992), closes #18818
refactor: make properties of ResolvedServerOptions and ResolvedPreviewOptions required (#18796) (51a5569), closes #18796

`v6.0.1`

Compare Source

fix: default empty server proxy prevents starting http2 server (#18788) (bbaf514), closes #18788
fix(manifest): do not override existing js manifest entry (#18776) (3b0837e), closes #18776
fix(server): close _ssrCompatModuleRunner on server close (#18784) (9b4c410), closes #18784
fix(server): skip hot channel client normalization for wsServer (#18782) (cc7670a), closes #18782
fix(worker): fix applyToEnvironment hooks on worker build (#18793) (0c6cdb0), closes #18793
chore: flat v6 config file (#18777) (c7b3308), closes #18777
chore: split changelog (#18787) (8542632), closes #18787
chore: update changelog for v6 (#18773) (b254fac), closes #18773
revert: update moduleResolution value casing (#18409) (#18774) (b0fc6e3), closes #18409 #18774

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-11-15T23:02:35Z

Container Scanning Status: ❌ Failure


ghcr.io/pulibrary/imagecat-rails:pr-264 (debian 12.8)
=====================================================
Total: 33 (HIGH: 33, CRITICAL: 0)

┌────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│    Library     │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                             │
├────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ linux-libc-dev │ CVE-2024-26952 │ HIGH     │ fixed  │ 6.1.115-1         │ 6.1.119-1     │ kernel: ksmbd: fix potencial out-of-bounds when buffer       │
│                │                │          │        │                   │               │ offset is invalid                                            │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-26952                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-44949 │          │        │                   │               │ kernel: parisc: fix a possible DMA corruption                │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-44949                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-49950 │          │        │                   │               │ kernel: Bluetooth: L2CAP: Fix uaf in l2cap_connect           │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-49950                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-49960 │          │        │                   │               │ kernel: ext4: fix timer use-after-free on failed mount       │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-49960                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-49986 │          │        │                   │               │ kernel: platform/x86: x86-android-tablets: Fix use after     │
│                │                │          │        │                   │               │ free on platform_device_register() errors                    │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-49986                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-49991 │          │        │                   │               │ kernel: drm/amdkfd: amdkfd_free_gtt_mem clear the correct    │
│                │                │          │        │                   │               │ pointer                                                      │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-49991                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50036 │          │        │                   │               │ kernel: net: do not delay dst_entries_add() in dst_release() │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50036                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50067 │          │        │                   │               │ kernel: uprobe: avoid out-of-bounds memory access of         │
│                │                │          │        │                   │               │ fetching args                                                │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50067                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50126 │          │        │                   │               │ kernel: net: sched: use RCU read-side critical section in    │
│                │                │          │        │                   │               │ taprio_dump()                                                │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50126                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50215 │          │        │                   │               │ kernel: nvmet-auth: assign dh_key to NULL after              │
│                │                │          │        │                   │               │ kfree_sensitive                                              │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50215                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50230 │          │        │                   │               │ kernel: nilfs2: fix kernel bug due to missing clearing of    │
│                │                │          │        │                   │               │ checked flag...                                              │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50230                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50234 │          │        │                   │               │ kernel: wifi: iwlegacy: Clear stale interrupts before        │
│                │                │          │        │                   │               │ resuming device                                              │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50234                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50235 │          │        │                   │               │ kernel: wifi: cfg80211: clear wdev->cqm_config pointer on    │
│                │                │          │        │                   │               │ free                                                         │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50235                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50242 │          │        │                   │               │ kernel: fs/ntfs3: Additional check in ntfs_file_release      │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50242                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50247 │          │        │                   │               │ kernel: fs/ntfs3: Check if more than chunk-size bytes are    │
│                │                │          │        │                   │               │ written                                                      │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50247                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50250 │          │        │                   │               │ kernel: fsdax: dax_unshare_iter needs to copy entire blocks  │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50250                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50257 │          │        │                   │               │ kernel: netfilter: Fix use-after-free in get_info()          │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50257                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50261 │          │        │                   │               │ kernel: macsec: Fix use-after-free while sending the         │
│                │                │          │        │                   │               │ offloading packet                                            │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50261                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50262 │          │        │                   │               │ kernel: bpf: Fix out-of-bounds write in trie_get_next_key()  │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50262                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50264 │          │        │                   │               │ kernel: vsock/virtio: Initialization of the dangling pointer │
│                │                │          │        │                   │               │ occurring in vsk->trans                                      │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50264                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50267 │          │        │                   │               │ kernel: USB: serial: io_edgeport: fix use after free in      │
│                │                │          │        │                   │               │ debug printk                                                 │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50267                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50268 │          │        │                   │               │ kernel: usb: typec: fix potential out of bounds in           │
│                │                │          │        │                   │               │ ucsi_ccg_update_set_new_cam_cmd()                            │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50268                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50269 │          │        │                   │               │ kernel: usb: musb: sunxi: Fix accessing an released usb phy  │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50269                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50276 │          │        │                   │               │ kernel: net: vertexcom: mse102x: Fix possible double free of │
│                │                │          │        │                   │               │ TX skb                                                       │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50276                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50278 │          │        │                   │               │ kernel: dm cache: fix potential out-of-bounds access on the  │
│                │                │          │        │                   │               │ first resume                                                 │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50278                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50279 │          │        │                   │               │ kernel: dm cache: fix out-of-bounds access to the dirty      │
│                │                │          │        │                   │               │ bitset when resizing...                                      │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50279                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50282 │          │        │                   │               │ kernel: drm/amdgpu: add missing size check in                │
│                │                │          │        │                   │               │ amdgpu_debugfs_gprwave_read()                                │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50282                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50283 │          │        │                   │               │ kernel: ksmbd: fix slab-use-after-free in                    │
│                │                │          │        │                   │               │ smb3_preauth_hash_rsp                                        │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50283                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50286 │          │        │                   │               │ kernel: ksmbd: fix slab-use-after-free in                    │
│                │                │          │        │                   │               │ ksmbd_smb2_session_create                                    │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50286                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-50301 │          │        │                   │               │ kernel: security/keys: fix slab-out-of-bounds in             │
│                │                │          │        │                   │               │ key_task_permission                                          │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-50301                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-53057 │          │        │                   │               │ kernel: net/sched: stop qdisc_tree_reduce_backlog on         │
│                │                │          │        │                   │               │ TC_H_ROOT                                                    │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-53057                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-53061 │          │        │                   │               │ kernel: media: s5p-jpeg: prevent buffer overflows            │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-53061                   │
│                ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
│                │ CVE-2024-53082 │          │        │                   │               │ kernel: virtio_net: Add hash_key_length check                │
│                │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-53082                   │
└────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from a319849 to 968ed44 Compare November 25, 2024 15:44

renovate bot force-pushed the renovate/all-minor-patch branch 9 times, most recently from 4840eb4 to 1789fa6 Compare December 2, 2024 09:17

Update all non-major dependencies

5ba8adf

renovate bot force-pushed the renovate/all-minor-patch branch from 1789fa6 to 5ba8adf Compare December 2, 2024 22:23

tpendragon temporarily deployed to staging December 2, 2024 22:33 Inactive

tpendragon approved these changes Dec 2, 2024

View reviewed changes

tpendragon merged commit 4135996 into main Dec 2, 2024
5 checks passed

tpendragon deleted the renovate/all-minor-patch branch December 2, 2024 22:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update all non-major dependencies #264

Update all non-major dependencies #264

renovate bot commented Nov 15, 2024 •

edited

Loading

github-actions bot commented Nov 15, 2024 •

edited

Loading

Update all non-major dependencies #264

Update all non-major dependencies #264

Conversation

renovate bot commented Nov 15, 2024 • edited Loading

Release Notes

Worker Pool

Configuration

github-actions bot commented Nov 15, 2024 • edited Loading

Container Scanning Status: ❌ Failure

renovate bot commented Nov 15, 2024 •

edited

Loading

github-actions bot commented Nov 15, 2024 •

edited

Loading