[renovate] Update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@semantic-release/git	^9.0.0 -> ^9.0.1					devDependencies	patch
@semantic-release/npm	^7.1.0 -> ^7.1.3					devDependencies	patch
chai (source)	^4.3.4 -> ^4.5.0					devDependencies	minor
eslint (source)	^7.23.0 -> ^7.32.0					devDependencies	minor
eslint-config-airbnb-improved	^5.0.0 -> ^5.0.3					devDependencies	patch
json-schema-faker (source)	^0.5.0-rcv.44 -> ^0.5.8					dependencies	patch
mocha (source)	^8.3.2 -> ^8.4.0					devDependencies	minor
node (source)	16 -> 16.20.2						minor
node (source)	14 -> 14.21.3						minor
semantic-release	19 -> 19.0.5					dependencies	patch
sinon (source)	^14.0.0 -> ^14.0.2					devDependencies	patch

---

Release Notes

semantic-release/git (@​semantic-release/git)

v9.0.1

Compare Source

Bug Fixes

• deps: update dependency execa to v5 (#​228) (f536d60)

semantic-release/npm (@​semantic-release/npm)

v7.1.3

Compare Source

Bug Fixes

• use NPM_CONFIG_USERCONFIG in get-registry to match auth (#​362) (13200ca)

v7.1.2

Compare Source

Bug Fixes

• deps: update dependency fs-extra to v10 (80fde1e)

v7.1.1

Compare Source

Bug Fixes

• deps: update dependency normalize-url to v6 (97ca719)

chaijs/chai (chai)

v4.5.0

Compare Source

v4.4.1

Compare Source

What's Changed

• fix: removes ?? for node compat by @​43081j in https://github.com/chaijs/chai/pull/1574

Full Changelog: chaijs/chai@v4.4.0...v4.4.1

v4.4.0

Compare Source

What's Changed

• Allow deepEqual fonction to be configured globally (4.x.x branch) by @​forty in https://github.com/chaijs/chai/pull/1553

Full Changelog: chaijs/chai@v4.3.10...v4.4.0

v4.3.10

Compare Source

This release simply bumps all dependencies to their latest non-breaking versions.

What's Changed

• upgrade all dependencies by @​keithamus in https://github.com/chaijs/chai/pull/1540

Full Changelog: chaijs/chai@v4.3.9...v4.3.10

v4.3.9

Compare Source

Upgrade dependencies.

This release upgrades dependencies to address CVE-2023-43646 where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang.

Full Changelog: chaijs/chai@v4.3.8...v4.3.9

v4.3.8

Compare Source

What's Changed

• 4.x.x: Fix link to commit logs on GitHub by @​bugwelle in https://github.com/chaijs/chai/pull/1487
• build(deps): bump socket.io-parser from 4.0.4 to 4.0.5 by @​dependabot in https://github.com/chaijs/chai/pull/1488
• Small typo in test.js by @​mavaddat in https://github.com/chaijs/chai/pull/1459
• docs: specify return type of objDisplay by @​scarf005 in https://github.com/chaijs/chai/pull/1490
• Update CONTRIBUTING.md by @​matheus-rodrigues00 in https://github.com/chaijs/chai/pull/1521
• Fix: update exports.version to current version by @​peanutenthusiast in https://github.com/chaijs/chai/pull/1534

New Contributors

• @​bugwelle made their first contribution in https://github.com/chaijs/chai/pull/1487
• @​mavaddat made their first contribution in https://github.com/chaijs/chai/pull/1459
• @​scarf005 made their first contribution in https://github.com/chaijs/chai/pull/1490
• @​matheus-rodrigues00 made their first contribution in https://github.com/chaijs/chai/pull/1521
• @​peanutenthusiast made their first contribution in https://github.com/chaijs/chai/pull/1534

Full Changelog: chaijs/chai@v4.3.7...v4.3.8

v4.3.7

Compare Source

What's Changed

• fix: deep-eql bump package to support symbols comparison by @​snewcomer in https://github.com/chaijs/chai/pull/1483

Full Changelog: chaijs/chai@v4.3.6...v4.3.7

v4.3.6

Compare Source

Update loupe to 2.3.1

v4.3.5

Compare Source

• build chaijs fca5bb1
• build(deps-dev): bump codecov from 3.1.0 to 3.7.1 (#​1446) 747eb4e
• fix package.json exports 022c2fa
• fix: package.json - deprecation warning on exports field (#​1400) 5276af6
• feat: use chaijs/loupe for inspection (#​1401) (#​1407) c8a4e00

eslint/eslint (eslint)

v7.32.0

Compare Source

• 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#​14841) (Bryan Mishkin)
• faecf56 Update: change reporting location for curly rule (refs #​12334) (#​14766) (Nitin Kumar)
• d7dc07a Fix: ignore lines with empty elements (fixes #​12756) (#​14837) (Soufiane Boutahlil)
• 1bfbefd New: Exit on fatal error (fixes #​13711) (#​14730) (Antonios Katopodis)
• ed007c8 Chore: Simplify internal no-invalid-meta rule (#​14842) (Bryan Mishkin)
• d53d906 Docs: Prepare data for website to indicate rules with suggestions (#​14830) (Bryan Mishkin)
• d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#​14805) (Brett Zamir)
• 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#​14823) (Bryan Mishkin)
• f9c164f Docs: New syntax issue template (#​14826) (Nicholas C. Zakas)
• eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #​12334) (#​14809) (Nitin Kumar)
• ed945bd Docs: fix multiple broken links (#​14833) (Sam Chen)
• 60df44c Chore: use actions/setup-node@v2 (#​14816) (Nitin Kumar)
• 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)

v7.31.0

Compare Source

• efdbb12 Upgrade: @​eslint/eslintrc to v0.4.3 (#​14808) (Brandon Mills)
• a96b05f Update: add end location to report in consistent-return (refs #​12334) (#​14798) (Nitin Kumar)
• e0e8e30 Docs: update BUG_REPORT template (#​14787) (Nitin Kumar)
• 39115c8 Docs: provide more context to no-eq-null (#​14801) (gfyoung)
• 9a3c73c Docs: fix a broken link (#​14790) (Sam Chen)
• ddffa8a Update: Indicating the operator in question (#​14764) (Paul Smith)
• bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#​14765) (Paul Smith)
• b0d22e3 Docs: Mention benefit of providing meta.docs.url (#​14774) (Bryan Mishkin)
• 000cc79 Sponsors: Sync README with website (ESLint Jenkins)
• a6a7438 Chore: pin fs-teardown@0.1.1 (#​14771) (Milos Djermanovic)

v7.30.0

Compare Source

• 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #​14744) (#​14748) (Milos Djermanovic)
• 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#​14754) (Bryan Mishkin)
• aa87329 Docs: fix broken links (#​14756) (Sam Chen)
• 278813a Docs: fix and add more examples for new-cap rule (fixes #​12874) (#​14725) (Nitin Kumar)
• ed1da5d Update: ecmaVersion allows "latest" (#​14720) (薛定谔的猫)
• 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #​14715) (#​14718) (Nitin Kumar)
• b08170b Update: Implement FlatConfigArray (refs #​13481) (#​14321) (Nicholas C. Zakas)
• f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#​14738) (薛定谔的猫)
• 1b8997a Docs: Fix getRulesMetaForResults link syntax (#​14723) (Brandon Mills)
• aada733 Docs: fix two broken links (#​14726) (Sam Chen)
• 8972529 Docs: Update README team and sponsors (ESLint Jenkins)

v7.29.0

Compare Source

• bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#73) (#​14677) (Brandon Mills)
• c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #​13654) (#​14716) (Nicholas C. Zakas)
• eea7e0d Chore: remove duplicate code (#​14719) (Nitin Kumar)
• 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #​14701) (#​14702) (Kevin Gibbons)
• a47e5e3 Docs: Add Mega-Linter to the list of integrations (#​14707) (Nicolas Vuillamy)
• 353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#​14699) (薛定谔的猫)
• 757c495 Chore: add some rules to eslint-config-eslint (#​14692) (薛定谔的猫)
• c93a222 Docs: fix a broken link (#​14697) (Sam Chen)
• 655c118 Sponsors: Sync README with website (ESLint Jenkins)
• e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
• 8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
• ddbe877 Sponsors: Sync README with website (ESLint Jenkins)

v7.28.0

Compare Source

• 1237705 Upgrade: @​eslint/eslintrc to 0.4.2 (#​14672) (Milos Djermanovic)
• 123fb86 Docs: Add Feedback Needed triage description (#​14670) (Nicholas C. Zakas)
• c545163 Update: support multiline /eslint-env/ directives (fixes #​14652) (#​14660) (薛定谔的猫)
• 8d1e75a Upgrade: glob-parent version in package.json (#​14658) (Hamza Najeeb)
• 1f048cb Fix: no-implicit-coercion false positive with String() (fixes #​14623) (#​14641) (Milos Djermanovic)
• d709abf Chore: fix comment location in no-unused-vars (#​14648) (Milos Djermanovic)
• e44ce0a Fix: no-duplicate-imports allow unmergeable (fixes #​12758, fixes #​12760) (#​14238) (Soufiane Boutahlil)
• bb66a3d New: add getPhysicalFilename() method to rule context (fixes #​11989) (#​14616) (Nitin Kumar)
• 2e43dac Docs: fix no-sequences example (#​14643) (Nitin Kumar)
• 958ff4e Docs: add note for arrow functions in no-seq rule (#​14578) (Nitin Kumar)
• e4f111b Fix: arrow-body-style crash with object pattern (fixes #​14633) (#​14635) (Milos Djermanovic)
• ec28b5a Chore: upgrade eslint-plugin-eslint-plugin (#​14590) (薛定谔的猫)
• 85a2725 Docs: Update README team and sponsors (ESLint Jenkins)

v7.27.0

Compare Source

• 2c0868c Chore: merge all html formatter files into html.js (#​14612) (Milos Djermanovic)
• 9e9b5e0 Update: no-unused-vars false negative with comma operator (fixes #​14325) (#​14354) (Nitin Kumar)
• afe9569 Chore: use includes instead of indexOf (#​14607) (Mikhail Bodrov)
• c0f418e Chore: Remove lodash (#​14287) (Stephen Wade)
• 52655dd Update: no-restricted-imports custom message for patterns (fixes #​11843) (#​14580) (Alex Holden)
• 967b1c4 Chore: Fix typo in large.js (#​14589) (Ikko Ashimine)
• 2466a05 Sponsors: Sync README with website (ESLint Jenkins)
• fe29f18 Sponsors: Sync README with website (ESLint Jenkins)
• 086c1d6 Chore: add more test cases for no-sequences (#​14579) (Nitin Kumar)
• 6a2ced8 Docs: Update README team and sponsors (ESLint Jenkins)

v7.26.0

Compare Source

• aaf65e6 Upgrade: eslintrc for ModuleResolver fix (#​14577) (Brandon Mills)
• ae6dbd1 Fix: track variables, not names in require-atomic-updates (fixes #​14208) (#​14282) (Patrick Ahmetovic)
• 6a86e50 Chore: remove loose-parser tests (fixes #​14315) (#​14569) (Milos Djermanovic)
• ee3a3ea Fix: create .eslintrc.cjs for module type (#​14304) (Nitin Kumar)
• 6791dec Docs: fix example for require-atomic-updates (#​14562) (Milos Djermanovic)
• 388eb7e Sponsors: Sync README with website (ESLint Jenkins)
• f071d1e Update: Add automated suggestion to radix rule for parsing decimals (#​14291) (Bryan Mishkin)
• 0b6a3f3 New: Include XO style guide in eslint --init (#​14193) (Federico Brigante)

v7.25.0

Compare Source

• 5df5e4a Update: highlight last write reference for no-unused-vars (fixes #​14324) (#​14335) (Nitin Kumar)
• 0023872 Docs: Add deprecated note to working-with-rules-deprecated page (#​14344) (Michael Novotny)
• 36fca70 Chore: Upgrade eslump to 3.0.0 (#​14350) (Stephen Wade)
• 59b689a Chore: add node v16 (#​14355) (薛定谔的猫)
• 35a1f5e Sponsors: Sync README with website (ESLint Jenkins)
• fb0a92b Chore: rename misspelled identifier in test (#​14346) (Tobias Nießen)
• f2babb1 Docs: update pull request template (#​14336) (Nitin Kumar)
• 02dde29 Docs: Fix anchor in 'docs/developer-guide/working-with-rules.md' (#​14332) (Nate-Wilkins)
• 07d14c3 Chore: remove extraneous command from lint-staged config (#​14314) (James George)
• 41b3570 Update: lint code block with same extension but different content (#​14227) (JounQin)
• eb29996 Docs: add more examples with arrow functions for no-sequences rule (#​14313) (Nitin Kumar)

v7.24.0

Compare Source

• 0c346c8 Chore: ignore pnpm-lock.yaml (#​14303) (Nitin Kumar)
• f06ecdf Update: Add disallowTemplateShorthand option in no-implicit-coercion (#​13579) (Remco Haszing)
• 71a80e3 Docs: fix broken links in Node.js API docs toc (#​14296) (u-sho (Shouhei Uechi))
• bd46dc4 Docs: Fix incorrect reference to "braces" in arrow-parens (#​14300) (emclain)
• 0d6235e Docs: update header in max-lines (#​14273) (Shinigami)
• 70c9216 Docs: Update issue triage to include blocked column (#​14275) (Nicholas C. Zakas)
• abca186 Docs: Fix typo in suggestions section (#​14293) (Kevin Partington)
• c4d8b0d Fix: no-unused-vars ignoreRestSiblings check assignments (fixes #​14163) (#​14264) (YeonJuan)
• b51d077 Update: add ignoreNonDeclaration to no-multi-assign rule (fixes #​12545) (#​14185) (t-mangoe)
• c981fb1 Chore: Upgrade mocha to 8.3.2 (#​14278) (Stephen Wade)
• 147fc04 Docs: Fix repro:needed label in bug report template (#​14285) (Milos Djermanovic)
• e1cfde9 Docs: Update bug report template (#​14276) (Nicholas C. Zakas)
• c85c2f1 Docs: Add fatal to Node.js API LintMessage type (#​14251) (Brandon Mills)

oprogramador/eslint-config-airbnb-improved (eslint-config-airbnb-improved)

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

json-schema-faker/json-schema-faker (json-schema-faker)

v0.5.8

Compare Source

v0.5.7

Compare Source

v0.5.6

Compare Source

v0.5.5

Compare Source

v0.5.4

Compare Source

v0.5.3

Compare Source

v0.5.2

Compare Source

v0.5.1

Compare Source

v0.5.0

Compare Source

v0.5.0-rcv.46

Compare Source

v0.5.0-rcv.45

Compare Source

mochajs/mocha (mocha)

v8.4.0

Compare Source

🎉 Enhancements

• #​4502: CLI file parsing errors now have error codes (@​evaline-ju)

🐛 Fixes

• #​4614: Watch: fix crash when reloading files (@​outsideris)

📖 Documentation

• #​4630: Add options.require to Mocha constructor for root hook plugins on parallel runs (@​juergba)
• #​4617: Dynamically generating tests with top-level await and ESM test files (@​juergba)
• #​4608: Update default file extensions (@​outsideris)

Also thanks to @​outsideris for various improvements on our GH actions workflows.

nodejs/node (node)

v16.20.2: 2023-08-09, Version 16.20.2 'Gallium' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-32002: Policies can be bypassed via Module._load (High)
• CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
• CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 14th July.
  • OpenSSL security advisory 19th July.
  • OpenSSL security advisory 31st July

More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Commits

• [40c3958a5a] - deps: update archs files for OpenSSL-1.1.1v (RafaelGSS) #​49043
• [a9ac9da89a] - deps: fix openssl crypto clean (RafaelGSS) #​49043
• [362d4c7494] - deps: upgrade openssl sources to OpenSSL_1_1_1v (RafaelGSS) #​49043
• [d8ccfe9ad4] - policy: handle Module.constructor and main.extensions bypass (RafaelGSS) nodejs-private/node-private#445
• [242aaa0caa] - policy: disable process.binding() when enabled (Tobias Nießen) nodejs-private/node-private#459

v16.20.1: 2023-06-20, Version 16.20.1 'Gallium' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
• CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
• CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
• CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
• CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
• OpenSSL Security Releases
  • OpenSSL security advisory 28th March.
  • OpenSSL security advisory 20th April.
  • OpenSSL security advisory 30th May
• c-ares vulnerabilities:
  • GHSA-9g78-jv2r-p7vc
  • GHSA-8r8p-23f3-64c2
  • GHSA-54xr-f67r-4pc4
  • GHSA-x6mf-cxr9-8q6v

More detailed information on each of the vulnerabilities can be found in June 2023 Security Releases blog post.

Commits

• [5a92ea7a3b] - crypto: handle cert with invalid SPKI gracefully (Tobias Nießen)
• [5df04e893a] - deps: set CARES_RANDOM_FILE for c-ares (Richard Lau) #​48156
• [c171cbd124] - deps: update c-ares to 1.19.1 (RafaelGSS) #​48115
• [155d3aac02] - deps: update archs files for OpenSSL-1.1.1u+quic (RafaelGSS) #​48369
• [8d4c8f8ebe] - deps: upgrade openssl sources to OpenSSL_1_1_1u (RafaelGSS) #​48369
• [1a5c9284eb] - doc,test: clarify behavior of DH generateKeys (Tobias Nießen) nodejs-private/node-private#426
• [e42ff4b018] - http: disable request smuggling via empty headers (Paolo Insogna) nodejs-private/node-private#429
• [10042683c8] - msi: do not create AppData\Roaming\npm (Tobias Nießen) nodejs-private/node-private#408
• [a6f4e87bc9] - policy: handle mainModule.__proto__ bypass (RafaelGSS) nodejs-private/node-private#416
• [b77000f4d7] - test: allow SIGBUS in signal-handler abort test (Michaël Zasso) #​47851

v16.20.0: 2023-03-29, Version 16.20.0 'Gallium' (LTS), @​BethGriggs

Compare Source

Notable Changes

• deps:
  • update undici to 5.20.0 (Node.js GitHub Bot) #​46711
  • update c-ares to 1.19.0 (Michaël Zasso) #​46415
  • upgrade npm to 8.19.4 (npm team) #​46677
  • update corepack to 0.17.0 (Node.js GitHub Bot) #​46842
• (SEMVER-MINOR) src: add support for externally shared js builtins (Michael Dawson) #​44376

Commits

• [de6dd67790] - crypto: avoid hang when no algorithm available (Richard Lau) #​46237
• [4617512788] - crypto: ensure auth tag set for chacha20-poly1305 (Ben Noordhuis) #​46185
• [24972164fc] - deps: update undici to 5.20.0 (Node.js GitHub Bot) #​46711
• [85f88c6a8d] - deps: V8: cherry-pick 90be99f (Michaël Zasso) #​46646
• [b4ebe6d47b] - deps: update c-ares to 1.19.0 (Michaël Zasso) #​46415
• [56cbc7fdda] - deps: V8: cherry-pick c2792e5 (Jiawen Geng) #​44961
• [7af9bdb31e] - deps: upgrade npm to 8.19.4 (npm team) #​46677
• [962a7471b5] - deps: update corepack to 0.17.0 (Node.js GitHub Bot) #​46842
• [748bc96e35] - deps: update corepack to 0.16.0 (Node.js GitHub Bot) #​46710
• [a467782499] - deps: update corepack to 0.15.3 (Node.js GitHub Bot) #​46037
• [1913b6763d] - deps: update corepack to 0.15.2 (Node.

---

Configuration

📅 Schedule: Branch creation - "after 7am on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.