fix(deps): update all dependencies #77

renovate · 2024-07-04T00:48:53Z

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Type	Update
@aptre/common	`^0.16.1` → `^0.24.0`	devDependencies	minor
@aptre/it-ws	`1.0.1` → `1.1.2`	dependencies	minor
@aptre/protobuf-es-lite	`^0.4.3` → `^0.5.0`	dependencies	minor
actions/cache	`v4` → `v5`	action	major
actions/checkout	`v4.1.7` → `v6.0.1`	action	major
actions/dependency-review-action	`v4.3.3` → `v4.8.2`	action	minor
actions/setup-go	`v5.0.1` → `v6.1.0`	action	major
actions/setup-node	`v4.0.2` → `v6.1.0`	action	major
github.com/aperturerobotics/common	`v0.16.12` → `v0.24.0`	require	minor
github.com/aperturerobotics/protobuf-go-lite	`v0.6.5` → `v0.11.0`	require	minor
github.com/aperturerobotics/starpc	`v0.32.15` → `v0.41.2`	require	minor
github/codeql-action	`v3.25.11` → `v4.31.9`	action	major
google.golang.org/protobuf	`v1.34.2` → `v1.36.11`	require	minor
prettier (source)	`3.3.2` → `3.7.4`	devDependencies	minor
rimraf	`^5.0.7` → `^6.0.0`	devDependencies	major
starpc	`^0.32.8` → `^0.41.0`	dependencies	minor
typescript (source)	`5.5.3` → `5.9.3`	devDependencies	minor

Release Notes

aperturerobotics/common (@aptre/common)

alanshaw/it-ws (@aptre/it-ws)

`v1.1.2`

Compare Source

aperturerobotics/protobuf-es-lite (@aptre/protobuf-es-lite)

`v0.5.2`

Compare Source

`v0.5.1`

Compare Source

`v0.5.0`

Compare Source

`v0.4.9`

Compare Source

`v0.4.8`

Compare Source

`v0.4.7`

Compare Source

actions/cache (actions/cache)

`v5`

Compare Source

actions/checkout (actions/checkout)

`v6.0.1`

Compare Source

`v6.0.0`

Compare Source

`v5.0.1`

Compare Source

What's Changed

Port v6 cleanup to v5 by @ericsciple in #2301

Full Changelog: actions/checkout@v5...v5.0.1

`v5.0.0`

Compare Source

What's Changed

Update actions checkout to use node 24 by @salmanmkc in #2226
Prepare v5.0.0 release by @salmanmkc in #2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

`v4.3.1`

Compare Source

What's Changed

Port v6 cleanup to v4 by @ericsciple in #2305

Full Changelog: actions/checkout@v4...v4.3.1

`v4.3.0`

Compare Source

What's Changed

docs: update README.md by @motss in #1971
Add internal repos for checking out multiple repositories by @mouismail in #1977
Documentation update - add recommended permissions to Readme by @benwells in #2043
Adjust positioning of user email note and permissions heading by @joshmgross in #2044
Update README.md by @nebuk89 in #2194
Update CODEOWNERS for actions by @TingluoHuang in #2224
Update package dependencies by @salmanmkc in #2236
Prepare release v4.3.0 by @salmanmkc in #2237

New Contributors

@motss made their first contribution in #1971
@mouismail made their first contribution in #1977
@benwells made their first contribution in #2043
@nebuk89 made their first contribution in #2194
@salmanmkc made their first contribution in #2236

Full Changelog: actions/checkout@v4...v4.3.0

`v4.2.2`

Compare Source

url-helper.ts now leverages well-known environment variables by @jww3 in #1941
Expand unit test coverage for isGhes by @jww3 in #1946

`v4.2.1`

Compare Source

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in #1924

`v4.2.0`

Compare Source

Add Ref and Commit outputs by @lucacome in #1180
Dependency updates by @dependabot- #1777, #1872

actions/dependency-review-action (actions/dependency-review-action)

`v4.8.2`

Compare Source

Minor fixes:

Fix PURL parsing for scoped packages (#1008 from @danielhardej)
Fix for large summaries (#1007 from @gitulisca)
README includes a working example for allow-dependencies-licenses (#1009 from @danielhardej)

`v4.8.1`: Dependency Review Action v4.8.1

Compare Source

What's Changed

(bug) Fix spamming link test in deprecation warning (again) by @ahpook in #1000
Bump version for 4.8.1 release by @ahpook in #1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

`v4.8.0`

Compare Source

What's Changed

Make Ruby Code Scannable by @ljones140 in #978
Batch some contributions for release by @brrygrdn in #986
- Make license lists collapsable by @jasperkamerling
- feat: add large summary handling with artifact upload by @MattMencel

New Contributors

@ljones140 made their first contribution in #978
@jasperkamerling made their first contribution in #986
@MattMencel made their first contribution in #986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

`v4.7.4`

Compare Source

`v4.7.3`: 4.7.3

Compare Source

What's Changed

Add explicit permissions to workflow files by @AshelyTC in #966
Claire153/fix spamming mentioned issue by @claire153 in #974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

`v4.7.2`: 4.7.2

Compare Source

What's Changed

Add Missing Languages to CodeQL Advanced Configuration by @KyFaSt in #945
Deprecate deny lists by @claire153 in #958
Address discrepancy between docs and reality by @ahpook in #960

New Contributors

@KyFaSt made their first contribution in #945
@claire153 made their first contribution in #958
@ahpook made their first contribution in #960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

`v4.7.1`

Compare Source

Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #889
License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

`v4.7.0`

Compare Source

Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #809 and probably others)
Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

`v4.6.0`

Compare Source

What's Changed

Updating multiple dependency versions by @Ahmed3lmallah in #870
Grouping minor and patch dependabot updates to lessen the number of PRs by @Ahmed3lmallah in #876
Bump actions/stale from 9.0.0 to 9.1.0 by @dependabot in #878
Bump undici from 5.28.4 to 5.28.5 by @dependabot in #877
DR Action should link to the proxima stamp when appropriate in error messages by @AshelyTC in #891
Allow deny package removal by @ellenfieldn in #888
Fix typos by @omahs in #893
Bump esbuild from 0.19.5 to 0.25.0 by @dependabot in #900
Bump octokit and related dependencies by @RomanIakovlev in #904
Bump @babel/helpers from 7.23.2 to 7.26.10 by @dependabot in #905
Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @dependabot in #899
Update transitive dependency spdx-license-ids by @ailox in #855
To not print OpenSSF Scorecard section if no dependencies scanned by @fabasoad in #884
Improve usage of this action in dependency-review.yml by @fabasoad in #883
Clarify comment-summary-in-pr behaviour by @Pantelis-Santorinios in #902
Prepare 4.6.0 Release candidate by @brrygrdn in #910

New Contributors

@AshelyTC made their first contribution in #891
@ellenfieldn made their first contribution in #888
@omahs made their first contribution in #893
@RomanIakovlev made their first contribution in #904
@ailox made their first contribution in #855
@fabasoad made their first contribution in #884
@Pantelis-Santorinios made their first contribution in #902
@brrygrdn made their first contribution in #910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

`v4.5.0`

Compare Source

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in #844
Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in #847
Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in #849
Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in #850
fix: add summary comment on failure when warn-only: true by @ebickle in #827
Prepare for 4.5.0 release by @Ahmed3lmallah in #851

New Contributors

@ebickle made their first contribution in #827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

`v4.4.0`

Compare Source

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in #846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

`v4.3.5`

Compare Source

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in #766
Create pull_request_template.md by @jonjanego in #794
Update CONTRIBUTING.md by @jonjanego in #793
Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in #815
Upgrade transitive micromatch library by @elireisman in #829
Do not list changed dependencies in summary by @hmaurer in #828
Update stale.yaml by @jonjanego in #832
Bump got from 14.4.1 to 14.4.2 by @dependabot in #822
Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in #840

New Contributors

@louis-bompart made their first contribution in #766
@Ahmed3lmallah made their first contribution in #840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

`v4.3.4`

Compare Source

What's Changed

Include all added dependencies in scorecard entries by @elireisman in #783
Update SPDX Expression Parsing by @febuiles in #719
- This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

actions/setup-go (actions/setup-go)

`v6.1.0`

Compare Source

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in #665
Add support for .tool-versions file and update workflow by @priya-kinthali in #673
Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in #674

Dependency updates

Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @dependabot in #617
Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in #641
Upgrade semver and @types/semver by @dependabot in #652

New Contributors

@nicholasngai made their first contribution in #665
@priya-kinthali made their first contribution in #673
@mahabaleshwars made their first contribution in #674

Full Changelog: actions/setup-go@v6...v6.1.0

`v6.0.0`

Compare Source

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in #460
Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in #624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in #589
Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in #591
Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in #590
Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in #594
Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in #538
Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in #603
Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in #618
Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in #631

New Contributors

@matthewhughes934 made their first contribution in #618
@salmanmkc made their first contribution in #624

Full Changelog: actions/setup-go@v5...v6.0.0

`v5.6.0`

Compare Source

What's Changed

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @aparnajyothi-y in #689

Full Changelog: actions/setup-go@v5...v5.6.0

`v5.5.0`

Compare Source

What's Changed

Bug fixes:

Update self-hosted environment validation by @priyagupta108 in #556
Add manifest validation and improve error handling by @priyagupta108 in #586
Update template link by @jsoref in #527

Dependency updates:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in #574
Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in #573
Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in #582
Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in #537

New Contributors

@jsoref made their first contribution in #527

Full Changelog: actions/setup-go@v5...v5.5.0

`v5.4.0`

Compare Source

What's Changed

Dependency updates :

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in #535
Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @dependabot in #536
Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in #568
Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in #541

New Contributors

@aparnajyothi-y made their first contribution in #568

Full Changelog: actions/setup-go@v5...v5.4.0

`v5.3.0`

Compare Source

What's Changed

Use the new cache service: upgrade @actions/cache to ^4.0.0 by @Link- in #531
Configure Dependabot settings by @HarithaVattikuti in #530
Document update - permission section by @HarithaVattikuti in #533
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in #534

New Contributors

@Link- made their first contribution in #531

Full Changelog: actions/setup-go@v5...v5.3.0

`v5.2.0`

Compare Source

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in #496

New Contributors

@Shegox made their first contribution in #496

Full Changelog: actions/setup-go@v5...v5.2.0

`v5.1.0`

Compare Source

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in #500
Upgrade IA Publish by @Jcambass in #502
Add architecture to cache key by @Zxilly in #493
This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
Note: This change may break previous cache keys as they will no longer be compatible with the new format.
Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in #510

Bug Fixes

Revise isGhes logic by @jww3 in #511

New Contributors

@Zxilly made their first contribution in #493
@Jcambass made their first contribution in #500
@jww3 made their first contribution in #511
@priyagupta108 made their first contribution in #510

Full Changelog: actions/setup-go@v5...v5.1.0

`v5.0.2`

Compare Source

What's Changed

Bug fixes:

Fix versions check failure by @HarithaVattikuti in #479

Dependency updates:

Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @dependabot in #487

New Contributors

[@

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2025-12-12T03:59:20Z

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

13 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.22` -> `1.25`
`github.com/aperturerobotics/util`	`v1.23.7` -> `v1.31.4`
`github.com/aperturerobotics/json-iterator-lite`	`v1.0.0` -> `v1.0.1-0.20240713111131-be6bf89c3008`
`github.com/decred/dcrd/dcrec/secp256k1/v4`	`v4.3.0` -> `v4.4.0`
`github.com/ipfs/go-cid`	`v0.4.1` -> `v0.5.0`
`github.com/klauspost/cpuid/v2`	`v2.2.7` -> `v2.2.10`
`github.com/libp2p/go-libp2p`	`v0.35.1` -> `v0.46.0`
`github.com/multiformats/go-multiaddr`	`v0.12.4` -> `v0.16.0`
`github.com/multiformats/go-multicodec`	`v0.9.0` -> `v0.9.1`
`github.com/multiformats/go-multistream`	`v0.5.0` -> `v0.6.1`
`golang.org/x/crypto`	`v0.23.0` -> `v0.41.0`
`golang.org/x/exp`	`v0.0.0-20240613232115-7f521ea00fb8` -> `v0.0.0-20250606033433-dcc06ee1d476`
`golang.org/x/sys`	`v0.20.0` -> `v0.35.0`
`lukechampine.com/blake3`	`v1.2.1` -> `v1.4.1`

socket-security · 2025-12-16T19:46:41Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
npm/@aptre/common@0.16.12 ⏵ 0.24.0	⁺²	⁺¹	⁺¹
npm/@aptre/it-ws@1.0.1 ⏵ 1.1.2
npm/starpc@0.32.15 ⏵ 0.41.2	⁺²	⁺¹	⁺¹
npm/@aptre/protobuf-es-lite@0.4.6 ⏵ 0.5.2	⁺²	⁺¹	^-4
npm/rimraf@3.0.2 ⏵ 6.1.2		⁺¹	⁺³⁵
npm/typescript@5.5.3 ⏵ 5.9.3		⁺¹
npm/prettier@3.3.2 ⏵ 3.7.4
golang/github.com/aperturerobotics/starpc@v0.32.15 ⏵ v0.41.2	⁺¹
golang/github.com/aperturerobotics/protobuf-go-lite@v0.6.5 ⏵ v0.11.0	⁺¹
golang/github.com/aperturerobotics/common@v0.16.12 ⏵ v0.24.0

View full report

socket-security · 2025-12-17T12:59:57Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `vite` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@aptre/common@0.24.0` → `npm/vite@7.3.0` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/vite@7.3.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

renovate bot force-pushed the renovate/all branch 8 times, most recently from 66e408e to 9641ec2 Compare July 11, 2024 01:37

renovate bot force-pushed the renovate/all branch 7 times, most recently from 10acd47 to 5306151 Compare July 16, 2024 08:18

renovate bot force-pushed the renovate/all branch 9 times, most recently from cd427d5 to 3cb31cd Compare July 26, 2024 17:02

renovate bot force-pushed the renovate/all branch 4 times, most recently from 7f59f3f to aa36101 Compare August 5, 2024 13:21

renovate bot force-pushed the renovate/all branch 2 times, most recently from 4d598be to 7c01319 Compare August 6, 2024 20:23

renovate bot force-pushed the renovate/all branch 7 times, most recently from 5ea9ade to a420d00 Compare November 20, 2025 16:35

renovate bot force-pushed the renovate/all branch 8 times, most recently from 6730b60 to df0fe41 Compare December 1, 2025 10:36

renovate bot force-pushed the renovate/all branch 4 times, most recently from 73aaafe to 1e6608a Compare December 5, 2025 18:05

renovate bot force-pushed the renovate/all branch from 1e6608a to 7035325 Compare December 12, 2025 03:59

renovate bot force-pushed the renovate/all branch 3 times, most recently from a16f9ea to cfdc933 Compare December 16, 2025 19:46

renovate bot force-pushed the renovate/all branch from cfdc933 to 9f0e9ca Compare December 17, 2025 12:59

renovate bot force-pushed the renovate/all branch from 9f0e9ca to bb15df2 Compare December 18, 2025 03:32

fix(deps): update all dependencies

064033a

renovate bot force-pushed the renovate/all branch from bb15df2 to 064033a Compare December 31, 2025 15:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update all dependencies #77

fix(deps): update all dependencies #77

Uh oh!

renovate bot commented Jul 4, 2024 •

edited

Loading

Uh oh!

renovate bot commented Dec 12, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 16, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 17, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

fix(deps): update all dependencies #77

Are you sure you want to change the base?

fix(deps): update all dependencies #77

Uh oh!

Conversation

renovate bot commented Jul 4, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

What's Changed

⚠️ Minimum Compatible Runner Version

What's Changed

What's Changed

New Contributors

v4.8.1: Dependency Review Action v4.8.1

What's Changed

What's Changed

New Contributors

v4.7.3: 4.7.3

What's Changed

v4.7.2: 4.7.2

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

What's Changed

Enhancements

Dependency updates

New Contributors

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

What's Changed

What's Changed

Bug fixes:

Dependency updates:

New Contributors

What's Changed

Dependency updates :

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

Bug fixes:

Dependency updates:

New Contributors

Configuration

Uh oh!

renovate bot commented Dec 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ️ Artifact update notice

File name: go.mod

Uh oh!

socket-security bot commented Dec 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Dec 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

renovate bot commented Jul 4, 2024 •

edited

Loading

`v4.8.1`: Dependency Review Action v4.8.1

`v4.7.3`: 4.7.3

`v4.7.2`: 4.7.2

renovate bot commented Dec 12, 2025 •

edited

Loading

socket-security bot commented Dec 16, 2025 •

edited

Loading

socket-security bot commented Dec 17, 2025 •

edited

Loading