chore(deps): update minor dependency updates - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@schemastore/package (source)	^0.0.6 -> ^0.0.8					devDependencies	patch
alpine	3.14 -> 3.17					container	minor
aquasecurity/trivy-action	ac8de07 -> 1f0aa58					action	digest
argon2	^0.28.0 -> ^0.30.0					dependencies	minor
codercom/code-server	3.11.0 -> 3.12.0						minor
prettier-plugin-sh (source)	^0.7.1 -> ^0.12.0					devDependencies	minor
qs	6.7.0 -> 6.11.1					dependencies	minor

---

Release Notes

ffflorian/schemastore-updater

v0.0.8

Compare Source

ranisalt/node-argon2

v0.30.3

Compare Source

What's Changed

• Change binding resolution to mitigate "Module parse failed" errors by @​Voltra in https://github.com/ranisalt/node-argon2/pull/366

New Contributors

• @​Voltra made their first contribution in https://github.com/ranisalt/node-argon2/pull/366

Full Changelog: ranisalt/node-argon2@v0.30.2...v0.30.3

v0.30.2

Compare Source

Fixes #​362

v0.30.1

Compare Source

Defaults have been updated to use RFC recommended values, see #​360

v0.29.1

Compare Source

Added builds for FreeBSD, closes #​320 and hopefully fixes coder/code-server#​4669 coder/code-server#​4670

v0.29.0

Compare Source

MacOS M1 builds are here! We are finally closing #​305

New Contributors

• @​EmmanouilSpitaliorakis made their first contribution in https://github.com/ranisalt/node-argon2/pull/346
• @​gunwd made their first contribution in https://github.com/ranisalt/node-argon2/pull/348

Full Changelog: ranisalt/node-argon2@v0.28.7...v0.29.0

v0.28.7

Compare Source

Previous release did not build due to Node 18 not supporting Ubuntu 18. Please stop using Ubuntu 18.

v0.28.5

Compare Source

• Fixes packaging issues reported in #​261 and #​337
• Fixed handling non-argon2 hashes on verify (#​336)

v0.28.4

Compare Source

Upgrades dependencies with vulnerabilities and fixes build on FreeBSD (#​335)

v0.28.3

Compare Source

• Reduce minimum memory cost from 2048 to 1024 (#​304)
• Fix potential UB (#​318)
• Scrub plaintext password from memory after hashing (#​323)
• Upgrade several dependencies to curb ReDoS

un-ts/prettier

v0.12.8

Compare Source

Patch Changes

• #​212 d5cc092 Thanks @​JounQin! - build: languages from package linguist-languages instead

v0.12.7

Compare Source

Patch Changes

• #​209 4b37afd Thanks @​JounQin! - feat: new experimentalWasm option to use sh-syntax

• #​209 4b37afd Thanks @​JounQin! - chore(types): migrate to type import

v0.12.6

Compare Source

Patch Changes

• #​197 591f812 Thanks @​JounQin! - feat!: add donate field support

v0.12.5

Compare Source

v0.12.4

Compare Source

Patch Changes

• #​192 e827f8e Thanks @​JounQin! - fix!: revert back to mvdan-sh for now

v0.12.3

Compare Source

Patch Changes

• #​188 537ca77 Thanks @​JounQin! - fix: add missing filepath param for printer

v0.12.2

Compare Source

Patch Changes

• #​185 a6c699e Thanks @​JounQin! - docs(sh): update plugin description

v0.12.1

Compare Source

Patch Changes

• #​183 97cf9c2 Thanks @​JounQin! - fix: construct ShParseError correctly

v0.12.0

Compare Source

Minor Changes

• #​180 702f44a Thanks @​JounQin! - feat(sh): use sh-syntax + synckit which is stable and faster

Patch Changes

• #​180 702f44a Thanks @​JounQin! - chore: update node engine setting

v0.11.0

Compare Source

Minor Changes

• #​169 ea8ad8d Thanks @​JounQin! - feat: use mvdan-sh again due to sh-syntax unstable yet

v0.10.2

Compare Source

Patch Changes

• 6b0d5d9 Thanks @​JounQin! - refactor: use appropriate module for worker

• #​168 f686714 Thanks @​JounQin! - fix: types should always come first in exports

v0.10.1

Compare Source

Patch Changes

• #​163 2242e88 Thanks @​JounQin! - fix: upgrade sh-syntax

v0.10.0

Compare Source

Minor Changes

• #​159 c1b25e5 Thanks @​JounQin! - feat: migrate whole project to native ESM with cjs fallback

v0.9.1

Compare Source

Patch Changes

• #​157 4ddbb0b Thanks @​JounQin! - feat: upgrade sh-syntax, parse as AST

v0.9.0

Compare Source

Minor Changes

• #​154 fd19f3a Thanks @​JounQin! - feat: use wasm for plugin sh

• #​154 fd19f3a Thanks @​JounQin! - feat: drop umd format support

v0.8.2

Compare Source

Patch Changes

• 3cadfe7 Thanks @​JounQin! - fix: correct module path with .js extension for ESM

v0.8.1

Compare Source

Patch Changes

• #​138 184ff13 Thanks @​JounQin! - fix: cjs outputs via rollup

v0.8.0

Compare Source

Minor Changes

• 96626a2 Thanks @​JounQin! - feat: support native esm with exports field

ljharb/qs

v6.11.1

Compare Source

• [Fix] stringify: encode comma values more consistently (#​463)
• [readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#​447)
• [meta] remove extraneous code backticks (#​457)
• [meta] fix changelog markdown
• [actions] update checkout action
• [actions] restrict action permissions
• [Dev Deps] update @ljharb/eslint-config, aud, object-inspect, tape

v6.11.0

Compare Source

• [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#​442)
• [readme] fix version badge

v6.10.5

Compare Source

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#​434)

v6.10.4

Compare Source

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#​441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

v6.10.3

Compare Source

• [Fix] parse: ignore __proto__ keys (#​428)
• [Robustness] stringify: avoid relying on a global undefined (#​427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

v6.10.2

Compare Source

• [Fix] stringify: actually fix cyclic references (#​426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#​424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#​408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

v6.10.1

Compare Source

• [Fix] stringify: avoid exception on repeated object values (#​402)

v6.10.0

Compare Source

• [New] stringify: throw on cycles, instead of an infinite loop (#​395, #​394, #​393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#​312)
• [meta] fix README.md (#​399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

v6.9.7

Compare Source

• [Fix] parse: ignore __proto__ keys (#​428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#​424)
• [Robustness] stringify: avoid relying on a global undefined (#​427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#​408)
• [Tests] clean up stringify tests slightly
• [meta] fix README.md (#​399)
• Revert "[meta] ignore eclint transitive audit warning"
• [actions] backport actions from main
• [Dev Deps] backport updates from main

v6.9.6

Compare Source

• [Fix] restore dist dir; mistakenly removed in d4f6c32

v6.9.5

Compare Source

• [Fix] stringify: do not encode parens for RFC1738
• [Fix] stringify: fix arrayFormat comma with empty array/objects (#​350)
• [Refactor] format: remove util.assign call
• [meta] add "Allow Edits" workflow; update rebase workflow
• [actions] switch Automatic Rebase workflow to pull_request_target event
• [Tests] stringify: add tests for #​378
• [Tests] migrate tests to Github Actions
• [Tests] run nyc on all tests; use tape runner
• [Dev Deps] update eslint, @ljharb/eslint-config, browserify, mkdirp, object-inspect, tape; add aud

v6.9.4

Compare Source

• [Fix] stringify: when arrayFormat is comma, respect serializeDate (#​364)
• [Refactor] stringify: reduce branching (part of #​350)
• [Refactor] move maybeMap to utils
• [Dev Deps] update browserify, tape

v6.9.3

Compare Source

• [Fix] proper comma parsing of URL-encoded commas (#​361)
• [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#​336)

v6.9.2

Compare Source

• [Fix] parse: Fix parsing array from object with comma true (#​359)
• [Fix] parse: throw a TypeError instead of an Error for bad charset (#​349)
• [meta] ignore eclint transitive audit warning
• [meta] fix indentation in package.json
• [meta] add tidelift marketing copy
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, has-symbols, tape, mkdirp, iconv-lite
• [actions] add automatic rebasing / merge commit blocking

v6.9.1

Compare Source

• [Fix] parse: with comma true, handle field that holds an array of arrays (#​335)
• [Fix] parse: with comma true, do not split non-string values (#​334)
• [meta] add funding field
• [Dev Deps] update eslint, @ljharb/eslint-config
• [Tests] use shared travis-ci config

v6.9.0

Compare Source

• [New] parse/stringify: Pass extra key/value argument to decoder (#​333)
• [Dev Deps] update eslint, @ljharb/eslint-config, evalmd
• [Tests] parse: add passing arrayFormat tests
• [Tests] add posttest using npx aud to run npm audit without a lockfile
• [Tests] up to node v12.10, v11.15, v10.16, v8.16
• [Tests] Buffer.from in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray

v6.8.3

Compare Source

• [Fix] parse: ignore __proto__ keys (#​428)
• [Robustness] stringify: avoid relying on a global undefined (#​427)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#​424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Tests] clean up stringify tests slightly
• [Docs] add note and links for coercing primitive values (#​408)
• [meta] fix README.md (#​399)
• [actions] backport actions from main
• [Dev Deps] backport updates from main
• [Refactor] stringify: reduce branching
• [meta] do not publish workflow files

v6.8.2

Compare Source

• [Fix] proper comma parsing of URL-encoded commas (#​361)
• [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#​336)

v6.8.1

Compare Source

• [Fix] parse: Fix parsing array from object with comma true (#​359)
• [Fix] parse: throw a TypeError instead of an Error for bad charset (#​349)
• [Fix] parse: with comma true, handle field that holds an array of arrays (#​335)
• [fix] parse: with comma true, do not split non-string values (#​334)
• [meta] add tidelift marketing copy
• [meta] add funding field
• [Dev Deps] update eslint, @ljharb/eslint-config, tape, safe-publish-latest, evalmd, has-symbols, iconv-lite, mkdirp, object-inspect
• [Tests] parse: add passing arrayFormat tests
• [Tests] use shared travis-ci configs
• [Tests] Buffer.from in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
• [actions] add automatic rebasing / merge commit blocking

v6.8.0

Compare Source

• [New] add depth=false to preserve the original key; [Fix] depth=0 should preserve the original key (#​326)
• [New] [Fix] stringify symbols and bigints
• [Fix] ensure node 0.12 can stringify Symbols
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Refactor] formats: tiny bit of cleanup.
• [Dev Deps] update eslint, @ljharb/eslint-config, browserify, safe-publish-latest, iconv-lite, tape
• [Tests] add tests for depth=0 and depth=false behavior, both current and intuitive/intended (#​326)
• [Tests] use eclint instead of editorconfig-tools
• [docs] readme: add security note
• [meta] add github sponsorship
• [meta] add FUNDING.yml
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause

v6.7.3

Compare Source

• [Fix] parse: ignore __proto__ keys (#​428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#​424)
• [Robustness] stringify: avoid relying on a global undefined (#​427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#​408)
• [meta] fix README.md (#​399)
• [meta] do not publish workflow files
• [actions] backport actions from main
• [Dev Deps] backport updates from main
• [Tests] use nyc for coverage
• [Tests] clean up stringify tests slightly

v6.7.2

Compare Source

• [Fix] proper comma parsing of URL-encoded commas (#​361)
• [Fix] parses comma delimited array while having percent-encoded comma treated as normal text (#​336)

v6.7.1

Compare Source

• [Fix] parse: Fix parsing array from object with comma true (#​359)
• [Fix] parse: with comma true, handle field that holds an array of arrays (#​335)
• [fix] parse: with comma true, do not split non-string values (#​334)
• [Fix] parse: throw a TypeError instead of an Error for bad charset (#​349)
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Refactor] formats: tiny bit of cleanup.
• readme: add security note
• [meta] add tidelift marketing copy
• [meta] add funding field
• [meta] add FUNDING.yml
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• [Dev Deps] update eslint, @ljharb/eslint-config, tape, safe-publish-latest, evalmd, iconv-lite, mkdirp, object-inspect, browserify
• [Tests] parse: add passing arrayFormat tests
• [Tests] use shared travis-ci configs
• [Tests] Buffer.from in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
• [Tests] add tests for depth=0 and depth=false behavior, both current and intuitive/intended
• [Tests] use eclint instead of editorconfig-tools
• [actions] add automatic rebasing / merge commit blocking

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-advanced-security]

You have successfully added a new Trivy configuration .github/workflows/ci.yaml:trivy-scan-repo. As part of the setup process, we have scanned this repository and found 93 existing alerts. Please check the repository Security tab to see all alerts.

[github-advanced-security]

You have successfully added a new CodeQL configuration .github/workflows/codeql-analysis.yml:analyze. As part of the setup process, we have scanned this repository and found 31 existing alerts. Please check the repository Security tab to see all alerts.