Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump convict, @antora/cli and @antora/site-generator-default #333

Open
wants to merge 1 commit into
base: publish
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 2, 2024

Bumps convict to 6.2.4 and updates ancestor dependencies convict, @antora/cli and @antora/site-generator-default. These dependencies need to be updated together.

Updates convict from 6.0.1 to 6.2.4

Changelog

Sourced from convict's changelog.

6.2.4 (2023-01-07)

Bug Fixes

  • Fix imperfect prototype pollution fix (#410) (#411). Thanks to Captain-K-101

[6.2.3] - 2022-05-07

Fixed

  • More more complete fix for prototype pollution vulnerability first addressed in #384 (Marc-Aurèle Darche @​madarche, Snyk Security team)

[6.2.2] - 2022-03-27

Fixed

  • More complete fix for prototype pollution vulnerability first addressed in #384 (Marc-Aurèle Darche @​madarche)

[6.2.1] - 2021-10-20

Fixed

[6.2.0] - 2021-05-21

Changed

  • Update dependency: validator ^11.1.0^13.6.0 (#390)
  • Update dependency: parser ^18.1.3^20.2.7 (#390)
  • Update dependency: moment ^2.24.0^2.29.1 (#390)

[6.1.0] - 2021-05-03

Added

  • Add new "nullable" option to allow "null" additionally to any format #386 (maxwrlr)
Commits
Maintainer changes

This version was pushed to npm by madarche, a new releaser for convict since your current version.


Updates @antora/cli from 2.3.4 to 3.1.9

Changelog

Sourced from @​antora/cli's changelog.

== 3.1.9 (2024-07-05)

=== Changed

  • site-generator: Detect and warn when an AsciiDoc extension is registered as an Antora extension, but do no skip it (#1141)
  • Replace "AsciiDoc extension" with "Asciidoctor extension" in log messages

=== Fixed

  • file-publisher: Wrap legacy stream on file when preparing files for output providers; remove listeners limit (#1139)

== 3.1.8 (2024-06-25)

=== Added

  • asciidoc-loader: Detect (and skip) Antora extension that's been registered as an AsciiDoc extension and log a warning (#1084)
  • site-generator: Detect (and skip) AsciiDoc extension registered as an Antora extension and log a warning (#1104)

=== Changed

  • content-aggregator: Replace new fs.Stats() with plain JavaScript object (#1121)
  • ui-loader: Replace @​vscode/gulp-vinyl-zip with low-level zip file reader using yauzl (#1128)
  • content-classifier: Log warning if nav entry cannot be resolved (#1088)
  • ui-loader: Replace new fs.Stats() with plain JavaScript object (#1121)
  • page-composer: Fix page.role assignment to read value from role attribute instead of from (non-existent) docrole attribute (#1109)
  • file-publisher: Replace @​vscode/gulp-vinyl-zip with low-level zip file writer using yazl (#1129)
  • file-publisher: Assign empty object to stat property of output file if file does not have stat property (#1121)
  • file-publisher: Replace vinyl-fs#dest with internal implementation (#1131)
  • file-publisher: Replace dependency on cloneable-readable with internal implementation
  • file-publisher: Don't include file in archive (zip) if contents property is null; matches behavior of fs publisher
  • cli: Update description for extension option to clarify it may be specified multiple times.
  • Upgrade vinyl and vinyl-fs to address security and deprecation warnings (#1133)

=== Fixed

  • content-aggregator: Throw clearer error if antora.yml is empty or the data is not an object (#1112)
  • asciidoc-loader: Apply include tag filtering update from Asciidoctor (see asciidoctor/asciidoctor#4233) to ported logic in Antora (#1110)
  • redirect-producer: Filter out cyclic aliases (i.e., redirect loops) (#1114)
  • file-publisher: Create files streams for file publishers to process eagerly to avoid race condition (#1134)
  • cli: Use raw value if attribute value set using --attribute option cannot be parsed as YAML (#1137)

== 3.1.7 (2024-01-02)

=== Changed

  • content-aggregator: Don't retry failed clone/fetch operation if playbook only has one content source URL
  • content-aggregator: Preserve all information in wrapped error (#1099)
  • content-aggregator: Upgrade isomorphic-git to incorporate patch for properly handling network error (#1098)
  • content-aggregator: Add cause in log message when retrying failed fetch/clone operations in series (#1098)
  • content-aggregator: Clear timeout and keep-alive settings on git HTTP connections that don't use custom agent (#1101)

... (truncated)

Commits
  • 5673513 release 3.1.9
  • 588374a update what's new page for upcoming 3.1.9 release
  • b3cc520 replace "AsciiDoc extension" with "Asciidoctor extension" in log messages
  • 6bd133a merge !1051
  • adbcc8e resolves #1141 detect and warn when an AsciiDoc extension is registered as an...
  • c843cc8 backport fix for #1139 wrap legacy stream on file when preparing files for ou...
  • 4a54d84 add test to verify file with stream when there is a single output destination
  • 315dcfa use public methods to access object mode and destroyed on readable
  • 0ec1adb remove environment variable in CI workflow to suppress Node.js warnings
  • 42d3089 clarify that page attributes cannot be referenced in antora.yml
  • Additional commits viewable in compare view

Updates @antora/site-generator-default from 2.3.4 to 3.1.9

Changelog

Sourced from @​antora/site-generator-default's changelog.

== 3.1.9 (2024-07-05)

=== Changed

  • site-generator: Detect and warn when an AsciiDoc extension is registered as an Antora extension, but do no skip it (#1141)
  • Replace "AsciiDoc extension" with "Asciidoctor extension" in log messages

=== Fixed

  • file-publisher: Wrap legacy stream on file when preparing files for output providers; remove listeners limit (#1139)

== 3.1.8 (2024-06-25)

=== Added

  • asciidoc-loader: Detect (and skip) Antora extension that's been registered as an AsciiDoc extension and log a warning (#1084)
  • site-generator: Detect (and skip) AsciiDoc extension registered as an Antora extension and log a warning (#1104)

=== Changed

  • content-aggregator: Replace new fs.Stats() with plain JavaScript object (#1121)
  • ui-loader: Replace @​vscode/gulp-vinyl-zip with low-level zip file reader using yauzl (#1128)
  • content-classifier: Log warning if nav entry cannot be resolved (#1088)
  • ui-loader: Replace new fs.Stats() with plain JavaScript object (#1121)
  • page-composer: Fix page.role assignment to read value from role attribute instead of from (non-existent) docrole attribute (#1109)
  • file-publisher: Replace @​vscode/gulp-vinyl-zip with low-level zip file writer using yazl (#1129)
  • file-publisher: Assign empty object to stat property of output file if file does not have stat property (#1121)
  • file-publisher: Replace vinyl-fs#dest with internal implementation (#1131)
  • file-publisher: Replace dependency on cloneable-readable with internal implementation
  • file-publisher: Don't include file in archive (zip) if contents property is null; matches behavior of fs publisher
  • cli: Update description for extension option to clarify it may be specified multiple times.
  • Upgrade vinyl and vinyl-fs to address security and deprecation warnings (#1133)

=== Fixed

  • content-aggregator: Throw clearer error if antora.yml is empty or the data is not an object (#1112)
  • asciidoc-loader: Apply include tag filtering update from Asciidoctor (see asciidoctor/asciidoctor#4233) to ported logic in Antora (#1110)
  • redirect-producer: Filter out cyclic aliases (i.e., redirect loops) (#1114)
  • file-publisher: Create files streams for file publishers to process eagerly to avoid race condition (#1134)
  • cli: Use raw value if attribute value set using --attribute option cannot be parsed as YAML (#1137)

== 3.1.7 (2024-01-02)

=== Changed

  • content-aggregator: Don't retry failed clone/fetch operation if playbook only has one content source URL
  • content-aggregator: Preserve all information in wrapped error (#1099)
  • content-aggregator: Upgrade isomorphic-git to incorporate patch for properly handling network error (#1098)
  • content-aggregator: Add cause in log message when retrying failed fetch/clone operations in series (#1098)
  • content-aggregator: Clear timeout and keep-alive settings on git HTTP connections that don't use custom agent (#1101)

... (truncated)

Commits
  • 5673513 release 3.1.9
  • 588374a update what's new page for upcoming 3.1.9 release
  • b3cc520 replace "AsciiDoc extension" with "Asciidoctor extension" in log messages
  • 6bd133a merge !1051
  • adbcc8e resolves #1141 detect and warn when an AsciiDoc extension is registered as an...
  • c843cc8 backport fix for #1139 wrap legacy stream on file when preparing files for ou...
  • 4a54d84 add test to verify file with stream when there is a single output destination
  • 315dcfa use public methods to access object mode and destroyed on readable
  • 0ec1adb remove environment variable in CI workflow to suppress Node.js warnings
  • 42d3089 clarify that page attributes cannot be referenced in antora.yml
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [convict](https://github.com/mozilla/node-convict) to 6.2.4 and updates ancestor dependencies [convict](https://github.com/mozilla/node-convict), [@antora/cli](https://gitlab.com/antora/antora) and [@antora/site-generator-default](https://gitlab.com/antora/antora). These dependencies need to be updated together.


Updates `convict` from 6.0.1 to 6.2.4
- [Changelog](https://github.com/mozilla/node-convict/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mozilla/node-convict/commits)

Updates `@antora/cli` from 2.3.4 to 3.1.9
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v2.3.4...v3.1.9)

Updates `@antora/site-generator-default` from 2.3.4 to 3.1.9
- [Changelog](https://gitlab.com/antora/antora/blob/main/CHANGELOG.adoc)
- [Commits](https://gitlab.com/antora/antora/compare/v2.3.4...v3.1.9)

---
updated-dependencies:
- dependency-name: convict
  dependency-type: indirect
- dependency-name: "@antora/cli"
  dependency-type: direct:production
- dependency-name: "@antora/site-generator-default"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants