Comparing changes

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`2.9.17` -> `2.9.18`](https://renovatebot.com/diffs/npm/vite/2.9.17/2.9.18) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/2.9.17/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/2.9.17/2.9.18?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [GHSA-8jhw-289h-jh2g](https://togithub.com/vitejs/vite/security/advisories/GHSA-8jhw-289h-jh2g) ### Summary [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`. ### Impact Only apps setting a custom `server.fs.deny` that includes a pattern with directories, and explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Patches Fixed in [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ### Details `server.fs.deny` uses picomatch with the config of `{ matchBase: true }`. [matchBase](https://togithub.com/micromatch/picomatch/blob/master/README.md#options:~:text=Description-,basename,-boolean) only matches the basename of the file, not the path due to a bug ([micromatch/picomatch#89). The vite config docs read like you should be able to set fs.deny to glob with picomatch. Vite also does not set `{ dot: true }` and that causes [dotfiles not to be denied](https://togithub.com/micromatch/picomatch/blob/master/README.md#options:~:text=error%20is%20thrown.-,dot,-boolean) unless they are explicitly defined. **Reproduction** Set fs.deny to `['**/.git/**']` and then curl for `/.git/config`. * with `matchBase: true`, you can get any file under `.git/` (config, HEAD, etc). * with `matchBase: false`, you cannot get any file under `.git/` (config, HEAD, etc). --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v2.9.18`](https://togithub.com/vitejs/vite/releases/tag/v2.9.18) [Compare Source](https://togithub.com/vitejs/vite/compare/v2.9.17...v2.9.18) Please refer to [CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v2.9.18/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

closes #1653

@elevatebart

This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to dev, this PR will be updated. # Releases ## [email protected] ### Patch Changes - [#1672](#1672) [`dd8bdd19`](dd8bdd1) Thanks [@elevatebart](https://github.com/elevatebart)! - - Failed to parse the Props passed to Macro function as Type alias reference, i had a bug on Storybook because of this and the problem it not throwing any exception so hard to detected the origin of bug. No breaking changes it will work properly once consumer update his version - [#1672](#1672) [`dd8bdd19`](dd8bdd1) Thanks [@elevatebart](https://github.com/elevatebart)! - export-all should not skip all extensions - [#1672](#1672) [`dd8bdd19`](dd8bdd1) Thanks [@elevatebart](https://github.com/elevatebart)! - take validExtends into account for typescript reolution too Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [pug](https://pugjs.org) ([source](https://togithub.com/pugjs/pug/tree/HEAD/packages/pug)) | [`3.0.2` -> `3.0.3`](https://renovatebot.com/diffs/npm/pug/3.0.2/3.0.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/pug/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pug/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pug/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pug/3.0.2/3.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-36361](https://nvd.nist.gov/vuln/detail/CVE-2024-36361) Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the `compileClient`, `compileFileClient`, or `compileClientWithDependenciesTracked` function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers. --- ### Release Notes <details> <summary>pugjs/pug (pug)</summary> ### [`v3.0.3`](https://togithub.com/pugjs/pug/releases/tag/pug%403.0.3) [Compare Source](https://togithub.com/pugjs/pug/compare/[email protected]@3.0.3) ##### Bug Fixes - Update pug-code-gen with the following fix: ([#3438](https://togithub.com/pugjs/pug/issues/3438)) Validate `templateName` and `globals` are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ejs](https://togithub.com/mde/ejs) | [`3.1.8` -> `3.1.10`](https://renovatebot.com/diffs/npm/ejs/3.1.8/3.1.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/ejs/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/ejs/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/ejs/3.1.8/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ejs/3.1.8/3.1.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-33883](https://nvd.nist.gov/vuln/detail/CVE-2024-33883) The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. --- ### Release Notes <details> <summary>mde/ejs (ejs)</summary> ### [`v3.1.10`](https://togithub.com/mde/ejs/releases/tag/v3.1.10) [Compare Source](https://togithub.com/mde/ejs/compare/v3.1.9...v3.1.10) Version 3.1.10 ### [`v3.1.9`](https://togithub.com/mde/ejs/releases/tag/v3.1.9) [Compare Source](https://togithub.com/mde/ejs/compare/v3.1.8...v3.1.9) Version 3.1.9 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/vue-styleguidist/vue-styleguidist).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

closes #1678

Commits on Jun 30, 2024

use the latest pnpm

elevatebart committed Jun 30, 2024

Configuration menu

View commit details

Copy full SHA for 566a701

Browse repository at this point

Copy the full SHA

566a701 View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Apr 1, 2024

Commits on Apr 3, 2024

Commits on Jun 30, 2024

Commits on Jul 8, 2024

Commits on Jul 9, 2024

Commits on Jul 12, 2024

Commits on Jul 31, 2024

Commits on Aug 1, 2024

This comparison is taking too long to generate.