Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@nimiq/core-web (source)	2.0.0-alpha.19 -> 2.0.0-alpha.20					dependencies	patch
@nuxtjs/tailwindcss	6.11.3 -> 6.11.4					dependencies	patch
@types/node (source)	20.11.16 -> 20.11.19					devDependencies	patch
node	20.11.0-alpine3.19 -> 20.11.1-alpine3.19					final	patch
node	20.11.0-alpine3.19 -> 20.11.1-alpine3.19					stage	patch
nuxt (source)	3.10.1 -> 3.10.2					dependencies	patch
vite-node (source)	1.2.2 -> 1.3.0					devDependencies	minor

---

Release Notes

nimiq/core-js (@​nimiq/core-web)

v2.0.0-alpha.20

Compare Source

nuxt-modules/tailwindcss (@​nuxtjs/tailwindcss)

v6.11.4

Compare Source

compare changes

🩹 Fixes

• Null check for plugins (8a3b46d)

💅 Refactors

• Move colorette to consola/utils (#​805)

🏡 Chore

• Assign postcss plugins in order (46c2025)

❤️ Contributors

• Inesh Bose [email protected]
• Haruaki OTAKE [email protected]

nodejs/node (node)

v20.11.1: 2024-02-14, Version 20.11.1 'Iron' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes

• CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
• CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
• CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
• CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
• CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
• CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
• CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
• CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
• undici version 5.28.3
• libuv version 1.48.0
• OpenSSL version 3.0.13+quic1

Commits

• [7079c062bb] - crypto: disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525
• [186a6e1ffb] - deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #​51737
• [686da19abb] - deps: disable io_uring support in libuv by default (Tobias Nießen) nodejs-private/node-private#529
• [f7b44bfbce] - deps: update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #​51614
• [7a30fecea2] - deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) #​51614
• [480fc169a8] - fs: protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) nodejs-private/node-private#497
• [77ac7c3153] - http: add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#519
• [ed7d149675] - lib: use cache fs internals against path traversal (RafaelGSS) nodejs-private/node-private#516
• [89bd5fc38f] - lib: update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#539
• [d01dd4291d] - permission: fix wildcard when children > 1 (Rafael Gonzaga) #​51209
• [40ff37dfcc] - src: fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505
• [3f6addd590] - src,deps: disable setuid() etc if io_uring enabled (Tobias Nießen) nodejs-private/node-private#529
• [d6da413aa4] - test,doc: clarify wildcard usage (RafaelGSS) nodejs-private/node-private#517
• [c213910aea] - zlib: pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#541

nuxt/nuxt (nuxt)

v3.10.2

Compare Source

3.10.2 is a regularly-scheduled patch release.

✅ Upgrading

As usual, our recommendation for upgrading is to run:

nuxi upgrade --force

This will refresh your lockfile as well, and ensures that you pull in updates from other dependencies that Nuxt relies on, particularly in the vue and unjs ecosystems.

👉 Changelog

compare changes

🩹 Fixes

• nuxt: Export refreshCookie (#​25635)
• nuxt: Allow prefetching urls with query string (#​25658)
• nuxt: Remove undefined keys in route object (#​25667)
• vite: Treat .pcss extension as a CSS extension (#​25673)
• nuxt: Don't check for layout/page with <ClientOnly> (#​25714)
• vite: Strip query strings for style chunk filenames (#​25764)
• nuxt: Inline entry styles before component styles (#​25749)
• vite: Optimise layer dependencies with vite (#​25752)
• nuxt: Don't add extra baseURL on server useRequestURL (#​25765)
• schema: Use rootDir, not process.cwd, for modulesDir (#​25766)
• nuxt: Only warn for useId if attrs were not rendered (#​25770)
• kit: Don't mutate existing component entry when overriding (#​25786)

📖 Documentation

• Fix typo in useAsyncData docs (#​25644)

• Add quotes to clarify what site title is in example (#​25669)

• Enable twoslash for some code snippets (#​25679)

• Add prepend option docs for addComponentsDir (#​25683)

• Extend auto-scanned layer directories (#​25720)

• Improve wording in seo docs (#​25692)

• Add how to debug nuxt with node inspector (#​25731)

• <script setup> changed to <script setup lang="ts"> ([#​25750](https://togithub.com/docs: <script setup> changed to <script setup lang="ts"> nuxt/nuxt#25750))

• Add missing export defaults for nuxt config (#​25774)

• Add import statement for mountSuspended (#​25783)

• Pass event to useRuntimeConfig (#​25788)

🏡 Chore

• schema: Add missing closing code block (#​25641)

❤️ Contributors

• Sam Blowes (@​blowsie)
• Daniel Roe (@​danielroe)
• yoshihirokurosaki (@​irishkooky)
• Eduardo San Martin Morote (@​posva)
• Mahdi Shah Abbasian (@​shahabbasian)
• João Carmona (@​jpsc)
• Naim Ahmed Shuvo (@​shuvo-me)
• Denis L (@​DenisLug)
• GJSSSS (@​gjssss)
• Anthony Fu (@​antfu)
• Aman Desai (@​amandesai01)
• Stephen Strange (@​byStrange)
• Žan Fras (@​frasza)
• Santiago Morales (@​Aleroms)
• Hendrik Heil (@​hendrikheil)

vitest-dev/vitest (vite-node)

v1.3.0

Compare Source

🚀 Features

• Deprecate watchExclude - by @​patak-dev in https://github.com/vitest-dev/vitest/issues/5171 (82885)
• browser:
  • Run test files in isolated iframes - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5036 (4f401)
• config:
  • Add snapshotSerializers option - by @​fenghan34 in https://github.com/vitest-dev/vitest/issues/5092 (5b102)
• reporters:
  • Support custom options - by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5111 (fec9c)
• runner:
  • Support automatic fixtures - by @​fenghan34 and @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5102 (0441f)
• ui:
  • Save splitpanes size to local storage - by @​posva in https://github.com/vitest-dev/vitest/issues/5166 (c28b4)
• vitest:
  • Add onTestFinished hook - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5128 (6f5b4)
  • Add github actions reporter - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5093 (40afb)
  • Expose jsdom global if jsdom environment is enabled - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5155 (567d2)
  • Add new CLI options - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5163 (4e179)
  • "test" accepts options object as the second parameter - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5142 (7d9b1)
• vm:
  • Support wasm module - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5131 (5ed53)

🐞 Bug Fixes

• Fix sourcemap in vm pools - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5063 (81105)
• Don't optimize react/jsx-runtime by default when running in Node - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5079 (0d2bf)
• Rpc timeout error messages to include caller - by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5103 (a6e04)
• Requires fixed version across the monorepo - by @​antfu in https://github.com/vitest-dev/vitest/issues/5208 (68f51)
• Prevent merging of poolOptions - by @​penalosa in https://github.com/vitest-dev/vitest/issues/5221 (bc5b2)
• browser:
  • Don't exclude node builtins from optimization - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5082 (714c9)
  • Support coverage.reportsDirectory with multiple directories - by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5056 (ae73f)
• cli:
  • Parse --browser=<name> correctly - by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5179 (656e2)
• coverage:
  • .tmp directory conflicts with --shard option - by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/5184 (5749d)
• deps:
  • Update dependency strip-literal to v2 - by @​renovate[bot] inhttps://github.com/vitest-dev/vitest/issues/51366 (ef557)
• reporters:
  • Testsuite name should include project root in Junit output - by @​fenghan34 in https://github.com/vitest-dev/vitest/issues/5116 (2494f)
• typecheck:
  • Fix suite collection while-loop - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5065 (35675)
• ui:
  • Fix tests duration time - by @​vovsemenv in https://github.com/vitest-dev/vitest/issues/5219 (58103)
• utils:
  • Fix asymmetric matcher diff inside array - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5189 (3ffcd)
• vitest:
  • Correctly report failed test files as failures in json reporter, export json reporter types - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5081 (0417b)
  • Don't run typecheck tests in browser if both are enabled - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5080 (1045b)
  • Handle function config inside defineWorkspace - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5089 (0bf52)
  • Remove excessive listeners when running without isolation, don't reset the state - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5132 (b607f)
  • Auto-enable "github-actions" only where users didn't configure reporters - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5158 (ef044)
  • Support more array cli options - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5162 (3afe6)
  • Add types for the new global jsdom variable - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5164 (0f898)
  • Expose onTestFinished globally - by @​sheremet-va (1304f)
  • Disable optimizer by default until it's stable - by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/5156 (e1bd8)
  • Delegate snapshot options to workspace from root config - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5199 (86297)
  • Fix optimizeDeps.disabled warnings on Vite 5.1 - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5215 (1aecd)
• vm:
  • Handle disableConsoleIntercept config - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5074 (a55ad)
  • Improve error when module is not found - by @​hi-ogawa in https://github.com/vitest-dev/vitest/issues/5053 (79a50)

View changes on GitHub

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.