-
-
Notifications
You must be signed in to change notification settings - Fork 417
Permalink
Loading
Choose a base ref
{{ refName }}
default
Loading
Choose a head ref
{{ refName }}
default
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
base repository: vue-styleguidist/vue-styleguidist
base: [email protected]
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}
default
Loading
...
head repository: vue-styleguidist/vue-styleguidist
compare: dev
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}
default
Loading
- 15 commits
- 59 files changed
- 4 contributors
Commits on Apr 1, 2024
-
Configuration menu - View commit details
-
Copy full SHA for f416615 - Browse repository at this point
Copy the full SHA f416615View commit details
Commits on Apr 3, 2024
-
chore(deps): update dependency vite to v2.9.18 [security] (#1657)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`2.9.17` -> `2.9.18`](https://renovatebot.com/diffs/npm/vite/2.9.17/2.9.18) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/2.9.17/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/2.9.17/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [GHSA-8jhw-289h-jh2g](https://togithub.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g) ### Summary [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`. ### Impact Only apps setting a custom `server.fs.deny` that includes a pattern with directories, and explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Patches Fixed in [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ### Details `server.fs.deny` uses picomatch with the config of `{ matchBase: true }`. [matchBase](https://togithub.com/micromatch/picomatch/blob/master/README.md#options:~:text=Description-,basename,-boolean) only matches the basename of the file, not the path due to a bug ([micromatch/picomatch#89). The vite config docs read like you should be able to set fs.deny to glob with picomatch. Vite also does not set `{ dot: true }` and that causes [dotfiles not to be denied](https://togithub.com/micromatch/picomatch/blob/master/README.md#options:~:text=error%20is%20thrown.-,dot,-boolean) unless they are explicitly defined. **Reproduction** Set fs.deny to `['**/.git/**']` and then curl for `/.git/config`. * with `matchBase: true`, you can get any file under `.git/` (config, HEAD, etc). * with `matchBase: false`, you cannot get any file under `.git/` (config, HEAD, etc). --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v2.9.18`](https://togithub.com/vitejs/vite/releases/tag/v2.9.18) [Compare Source](https://togithub.com/vitejs/vite/compare/v2.9.17...v2.9.18) Please refer to [CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v2.9.18/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoiZGV2In0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 557032e - Browse repository at this point
Copy the full SHA 557032eView commit details
Commits on Jun 30, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 566a701 - Browse repository at this point
Copy the full SHA 566a701View commit details
Commits on Jul 8, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 97cbf2f - Browse repository at this point
Copy the full SHA 97cbf2fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5bcd1f5 - Browse repository at this point
Copy the full SHA 5bcd1f5View commit details -
Configuration menu - View commit details
-
Copy full SHA for dd8bdd1 - Browse repository at this point
Copy the full SHA dd8bdd1View commit details -
Configuration menu - View commit details
-
Copy full SHA for a6d2dbc - Browse repository at this point
Copy the full SHA a6d2dbcView commit details -
ci(changesets): version packages (#1676)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to dev, this PR will be updated. # Releases ## [email protected] ### Patch Changes - [#1672](#1672) [`dd8bdd19`](dd8bdd1) Thanks [@elevatebart](https://github.com/elevatebart)! - - Failed to parse the Props passed to Macro function as Type alias reference, i had a bug on Storybook because of this and the problem it not throwing any exception so hard to detected the origin of bug. No breaking changes it will work properly once consumer update his version - [#1672](#1672) [`dd8bdd19`](dd8bdd1) Thanks [@elevatebart](https://github.com/elevatebart)! - export-all should not skip all extensions - [#1672](#1672) [`dd8bdd19`](dd8bdd1) Thanks [@elevatebart](https://github.com/elevatebart)! - take validExtends into account for typescript reolution too Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for cc30b72 - Browse repository at this point
Copy the full SHA cc30b72View commit details -
chore(deps): update dependency pug to v3.0.3 [security] (#1669)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pug](https://pugjs.org) ([source](https://togithub.com/pugjs/pug/tree/HEAD/packages/pug)) | [`3.0.2` -> `3.0.3`](https://renovatebot.com/diffs/npm/pug/3.0.2/3.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/pug/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pug/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pug/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pug/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-36361](https://nvd.nist.gov/vuln/detail/CVE-2024-36361) Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the `compileClient`, `compileFileClient`, or `compileClientWithDependenciesTracked` function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers. --- ### Release Notes <details> <summary>pugjs/pug (pug)</summary> ### [`v3.0.3`](https://togithub.com/pugjs/pug/releases/tag/pug%403.0.3) [Compare Source](https://togithub.com/pugjs/pug/compare/[email protected]@3.0.3) ##### Bug Fixes - Update pug-code-gen with the following fix: ([#​3438](https://togithub.com/pugjs/pug/issues/3438)) Validate `templateName` and `globals` are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoiZGV2IiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 790545d - Browse repository at this point
Copy the full SHA 790545dView commit details
Commits on Jul 9, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 6e58179 - Browse repository at this point
Copy the full SHA 6e58179View commit details -
Configuration menu - View commit details
-
Copy full SHA for ec41671 - Browse repository at this point
Copy the full SHA ec41671View commit details
Commits on Jul 12, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 5e6acdb - Browse repository at this point
Copy the full SHA 5e6acdbView commit details -
chore(deps): update dependency ejs to v3.1.10 [security] (#1666)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ejs](https://togithub.com/mde/ejs) | [`3.1.8` -> `3.1.10`](https://renovatebot.com/diffs/npm/ejs/3.1.8/3.1.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/ejs/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/ejs/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/ejs/3.1.8/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ejs/3.1.8/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-33883](https://nvd.nist.gov/vuln/detail/CVE-2024-33883) The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. --- ### Release Notes <details> <summary>mde/ejs (ejs)</summary> ### [`v3.1.10`](https://togithub.com/mde/ejs/releases/tag/v3.1.10) [Compare Source](https://togithub.com/mde/ejs/compare/v3.1.9...v3.1.10) Version 3.1.10 ### [`v3.1.9`](https://togithub.com/mde/ejs/releases/tag/v3.1.9) [Compare Source](https://togithub.com/mde/ejs/compare/v3.1.8...v3.1.9) Version 3.1.9 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMzEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjMzMS4wIiwidGFyZ2V0QnJhbmNoIjoiZGV2IiwibGFiZWxzIjpbXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 942c5fb - Browse repository at this point
Copy the full SHA 942c5fbView commit details
Commits on Jul 31, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 8a2ec6f - Browse repository at this point
Copy the full SHA 8a2ec6fView commit details
Commits on Aug 1, 2024
-
Configuration menu - View commit details
-
Copy full SHA for e8670d0 - Browse repository at this point
Copy the full SHA e8670d0View commit details
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff [email protected]