chore(deps): update dependencies-non-major (patch) by renovate[bot] · Pull Request #30 · storm-software/acidic

renovate · 2024-02-19T02:09:48Z

This PR contains the following updates:

Package	Change	Type	Update
@nx/devkit (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/eslint-plugin (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/jest (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/js (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/plugin (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/react (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/storybook (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/vite (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/web (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@nx/workspace (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
@types/node (source)	`20.9.0` → `20.9.5`	pnpm.catalog.default	patch
node (source)	`20.11.0` → `20.11.1`		patch
nx (source)	`22.3.1` → `22.3.3`	pnpm.catalog.default	patch
pnpm (source)	`10.26.0` → `10.26.2`	packageManager	patch
pnpm (source)	`8.10.2` → `8.10.5`	uses-with	patch
pnpm/action-setup	`v2.4.0` → `v2.4.1`	action	patch
ts-jest (source)	`29.4.1` → `29.4.6`	pnpm.catalog.default	patch

Release Notes

nrwl/nx (@nx/devkit)

`v22.3.3`

Compare Source

22.3.3 (2025-12-19)

🩹 Fixes

misc: remove CNW A/B testing flow branching (#33967)

❤️ Thank You

Jack Hsu @jaysoo

`v22.3.2`

Compare Source

22.3.2 (2025-12-19)

🚀 Features

angular: support ngrx v21 (#33940)
angular: support cypress component testing with zoneless projects (#33941)

🩹 Fixes

angular: support @angular/cli package update during nx migrate (#33918)
core: fix vitest test runner options for angular in cnw (#33921)
linter: honor setParserOptionsProject in flat config (#33953, #33944)
module-federation: use localhost as default host #33909 (#33947, #33909)
module-federation: skip non-npm external dependencies in getDependencies (#33951, #32819)
nx-dev: make sure only prod is indexed (#33922)
nx-dev: make sure canonical urls are always nx.dev (#33932)
react: set up module federation with webpack and ts soln correctly #31029 (#33920, #31029)
testing: ensure jest v30 migration is run (#33916)

❤️ Thank You

Caleb Ukle
Colum Ferry @Coly010
Jack Hsu @jaysoo
Leosvel Pérez Espinosa @leosvelperez
leosvelperez @leosvelperez

nodejs/node (node)

`v20.11.1`: 2024-02-14, Version 20.11.1 'Iron' (LTS), @RafaelGSS prepared by @marco-ippolito

Compare Source

Notable changes

This is a security release.

Notable changes

CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
undici version 5.28.3
libuv version 1.48.0
OpenSSL version 3.0.13+quic1

Commits

[7079c062bb] - crypto: disable PKCS#1 padding for privateDecrypt (Michael Dawson) nodejs-private/node-private#525
[186a6e1ffb] - deps: fix GHSA-f74f-cvh7-c6q6/CVE-2024-24806 (Santiago Gimeno) #51737
[686da19abb] - deps: disable io_uring support in libuv by default (Tobias Nießen) nodejs-private/node-private#529
[f7b44bfbce] - deps: update archs files for openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614
[7a30fecea2] - deps: upgrade openssl sources to quictls/openssl-3.0.13+quic1 (Node.js GitHub Bot) #51614
[480fc169a8] - fs: protect against modified Buffer internals in possiblyTransformPath (Tobias Nießen) nodejs-private/node-private#497
[77ac7c3153] - http: add maximum chunk extension size (Paolo Insogna) nodejs-private/node-private#519
[ed7d149675] - lib: use cache fs internals against path traversal (RafaelGSS) nodejs-private/node-private#516
[89bd5fc38f] - lib: update undici to v5.28.3 (Matteo Collina) nodejs-private/node-private#539
[d01dd4291d] - permission: fix wildcard when children > 1 (Rafael Gonzaga) #51209
[40ff37dfcc] - src: fix HasOnly(capability) in node::credentials (Tobias Nießen) nodejs-private/node-private#505
[3f6addd590] - src,deps: disable setuid() etc if io_uring enabled (Tobias Nießen) nodejs-private/node-private#529
[d6da413aa4] - test,doc: clarify wildcard usage (RafaelGSS) nodejs-private/node-private#517
[c213910aea] - zlib: pause stream if outgoing buffer is full (Matteo Collina) nodejs-private/node-private#541

pnpm/pnpm (pnpm)

`v10.26.2`: pnpm 10.26.2

Compare Source

Patch Changes

Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #10307.
Fix installation of Git dependencies using annotated tags #10335.

Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.
Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #10244.
Try to avoid making network calls with preferOffline #10334.

Platinum Sponsors

Gold Sponsors

`v10.26.1`: pnpm 10.26.1

Compare Source

Patch Changes

Don't fail on pnpm add, when blockExoticSubdeps is set to true #10324.
Always resolve git references to full commits and ensure HEAD points to the commit after checkout #10310.

Platinum Sponsors

Gold Sponsors

pnpm/action-setup (pnpm/action-setup)

`v2.4.1`

Compare Source

Updated the bundled pnpm version to v7 to fix the ERR_INVALID_THIS error.

kulshekhar/ts-jest (ts-jest)

`v29.4.6`

Compare Source

Bug Fixes

log hybrid module as warning instead of failing tests (#5144) (528d37c), closes #5130

`v29.4.5`

Compare Source

Bug Fixes

allow filtering modern module warning message with diagnostic code (c290d4d), , closes #5013

`v29.4.4`

Compare Source

Bug Fixes

revert 29.4.3 changes (25cb706), closes #5049

`v29.4.3`

Compare Source

Bug Fixes

revert 29.4.3 changes (25cb706), closes #5049

`v29.4.2`

Compare Source

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

deepsource-io · 2025-12-29T00:45:26Z

Here's the code health analysis summary for commits fb59a67..0319c70. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Shell	✅ Success		View Check ↗

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

socket-security · 2025-12-29T00:45:32Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
@nx/web@22.3.1 ⏵ 22.3.3	⁺¹		⁺¹
@nx/workspace@22.3.1 ⏵ 22.3.3			⁺¹
@nx/storybook@22.3.1 ⏵ 22.3.3
@nx/eslint-plugin@22.3.1 ⏵ 22.3.3
@nx/devkit@22.3.1 ⏵ 22.3.3			⁺¹
@nx/vite@22.3.1 ⏵ 22.3.3			⁺¹
@nx/react@22.3.1 ⏵ 22.3.3	⁺¹	⁺¹	⁺¹
@nx/js@22.3.1 ⏵ 22.3.3			⁺¹
@nx/plugin@22.3.1 ⏵ 22.3.3

View full report

renovate bot requested a review from sullivanpj as a code owner February 19, 2024 02:09

renovate bot enabled auto-merge (rebase) February 19, 2024 02:09

stormie-bot previously approved these changes Feb 19, 2024

View reviewed changes

renovate bot changed the title ~~chore(deps): update dependency node to v20.11.1~~ chore(deps): update dependencies-non-major (patch) Jul 8, 2024

renovate bot dismissed stormie-bot’s stale review via 3367f76 July 8, 2024 01:16

renovate bot force-pushed the renovate/patch-dependencies-non-major branch from 12f61a3 to 3367f76 Compare July 8, 2024 01:16

stormie-bot previously approved these changes Jul 8, 2024

View reviewed changes

renovate bot dismissed stormie-bot’s stale review via 0a17a43 August 11, 2025 00:50

renovate bot force-pushed the renovate/patch-dependencies-non-major branch from 3367f76 to 0a17a43 Compare August 11, 2025 00:50

renovate bot force-pushed the renovate/patch-dependencies-non-major branch from 0a17a43 to 065be16 Compare December 29, 2025 00:44

renovate bot requested a review from a team December 29, 2025 00:44

renovate bot force-pushed the renovate/patch-dependencies-non-major branch 2 times, most recently from a515467 to 83c30f2 Compare January 12, 2026 00:40

renovate bot force-pushed the renovate/patch-dependencies-non-major branch from 83c30f2 to 86fb47c Compare January 26, 2026 02:50

chore(deps): update dependencies-non-major

0319c70

renovate bot force-pushed the renovate/patch-dependencies-non-major branch from 86fb47c to 0319c70 Compare February 9, 2026 01:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependencies-non-major (patch)#30

chore(deps): update dependencies-non-major (patch)#30
renovate[bot] wants to merge 1 commit intomainfrom
renovate/patch-dependencies-non-major

renovate bot commented Feb 19, 2024 •

edited

Loading

Uh oh!

deepsource-io bot commented Dec 29, 2025 •

edited

Loading

Analysis Summary

Uh oh!

socket-security bot commented Dec 29, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

renovate bot commented Feb 19, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

22.3.3 (2025-12-19)

🩹 Fixes

❤️ Thank You

22.3.2 (2025-12-19)

🚀 Features

🩹 Fixes

❤️ Thank You

v20.11.1: 2024-02-14, Version 20.11.1 'Iron' (LTS), @​RafaelGSS prepared by @​marco-ippolito

Notable changes

Notable changes

Commits

v10.26.2: pnpm 10.26.2

Patch Changes

Platinum Sponsors

Gold Sponsors

v10.26.1: pnpm 10.26.1

Patch Changes

Platinum Sponsors

Gold Sponsors

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Configuration

Uh oh!

deepsource-io bot commented Dec 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Analysis Summary

Uh oh!

socket-security bot commented Dec 29, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Feb 19, 2024 •

edited

Loading

`v20.11.1`: 2024-02-14, Version 20.11.1 'Iron' (LTS), @RafaelGSS prepared by @marco-ippolito

`v10.26.2`: pnpm 10.26.2

`v10.26.1`: pnpm 10.26.1

deepsource-io bot commented Dec 29, 2025 •

edited

Loading

socket-security bot commented Dec 29, 2025 •

edited

Loading