chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@hazmi35/eslint-config	^8.3.0 -> ^8.4.2					devDependencies	patch
@typescript-eslint/eslint-plugin	^5.27.0 -> ^5.28.0					devDependencies	minor
@typescript-eslint/parser	^5.27.0 -> ^5.28.0					devDependencies	minor
actions/setup-node	v3.2.0 -> v3.3.0					action	minor
esbuild	^0.14.42 -> ^0.14.43					devDependencies	patch
eslint (source)	^8.16.0 -> ^8.17.0					devDependencies	patch
typescript (source)	^4.7.2 -> ^4.7.3					devDependencies	patch
undici (source)	^5.3.0 -> ^5.5.1					dependencies	minor

---

Release Notes

Hazmi35/eslint-config

v8.4.2

Compare Source

Please see the full changes here: Hazmi35/eslint-config@8.4.1...8.4.2

Notable Changes

Features

• Semver @typescript-eslint/eslint-plugin and @typescript-eslint/parser bump to >=5.27.1 6d96728 by @​Hazmi35
  This is done to prevent bug in typescript-eslint with space-infix-ops (see typescript-eslint's changelog)

Fixes

• [eslint/no-extra-parens] Fix no-extra-parens conflict with no-confusing-arrow rule 5f836b6 by @​Hazmi35
• [eslint/no-extra-parens] Set option enforceForNewInMemberExpressions to false 213ed60 by @​Hazmi35

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v5.28.0

Compare Source

Bug Fixes

• [TS4.7] allow visiting of typeParameters in TSTypeQuery (#​5166) (dc1f930)
• eslint-plugin: [space-infix-ops] support for optional property without type (#​5155) (1f25daf)

Features

• eslint-plugin: [consistent-generic-constructors] add rule (#​4924) (921cdf1)

5.27.1 (2022-06-06)

Bug Fixes

• eslint-plugin: [space-infix-ops] correct PropertyDefinition with typeAnnotation (#​5113) (d320174)
• eslint-plugin: [space-infix-ops] regression fix for conditional types (#​5135) (e5238c8)
• eslint-plugin: [space-infix-ops] regression fix for type aliases (#​5138) (4e13deb)

v5.27.1

Compare Source

Bug Fixes

• eslint-plugin: [space-infix-ops] correct PropertyDefinition with typeAnnotation (#​5113) (d320174)
• eslint-plugin: [space-infix-ops] regression fix for conditional types (#​5135) (e5238c8)
• eslint-plugin: [space-infix-ops] regression fix for type aliases (#​5138) (4e13deb)

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v5.28.0

Compare Source

Note: Version bump only for package @​typescript-eslint/parser

5.27.1 (2022-06-06)

Note: Version bump only for package @​typescript-eslint/parser

v5.27.1

Compare Source

Note: Version bump only for package @​typescript-eslint/parser

actions/setup-node

v3.3.0

Compare Source

In scope of this release we added support for lts/-n aliases, improve logic for current, latest and node aliases to handle them from toolcache, update ncc package.

Support of lts/-n aliases

• Related pull request: https://github.com/actions/setup-node/pull/481
• Related issue: https://github.com/actions/setup-node/issues/26

steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
  with:
    node-version: lts/-1
- run: npm ci
- run: npm test

Minor improvements

• Update zeit/ncc to vercel/ncc: https://github.com/actions/setup-node/pull/476
• Get latest version from cache if exists: https://github.com/actions/setup-node/pull/496

evanw/esbuild

v0.14.43

Compare Source

• Fix TypeScript parse error whe a generic function is the first type argument (#​2306)

  In TypeScript, the << token may need to be split apart into two < tokens if it's present in a type argument context. This was already correctly handled for all type expressions and for identifier expressions such as in the following code:

  // These cases already worked in the previous release
  let foo: Array<<T>() => T>;
  bar<<T>() => T>;

  However, normal expressions of the following form were previously incorrectly treated as syntax errors:

  // These cases were broken but have now been fixed
  foo.bar<<T>() => T>;
  foo?.<<T>() => T>();

  With this release, these cases now parsed correctly.

• Fix minification regression with pure IIFEs (#​2279)

  An Immediately Invoked Function Expression (IIFE) is a function call to an anonymous function, and is a way of introducing a new function-level scope in JavaScript since JavaScript lacks a way to do this otherwise. And a pure function call is a function call with the special /* @​__PURE__ */ comment before it, which tells JavaScript build tools that the function call can be considered to have no side effects (and can be removed if it's unused).

  Version 0.14.9 of esbuild introduced a regression that changed esbuild's behavior when these two features were combined. If the IIFE body contains a single expression, the resulting output still contained that expression instead of being empty. This is a minor regression because you normally wouldn't write code like this, so this shouldn't come up in practice, and it doesn't cause any correctness issues (just larger-than-necessary output). It's unusual that you would tell esbuild "remove this if the result is unused" and then not store the result anywhere, since the result is unused by construction. But regardless, the issue has now been fixed.

  For example, the following code is a pure IIFE, which means it should be completely removed when minification is enabled. Previously it was replaced by the contents of the IIFE but it's now completely removed:

  // Original code
  /* @​__PURE__ */ (() => console.log(1))()
  
  // Old output (with --minify)
  console.log(1);
  
  // New output (with --minify)

• Add log messages for indirect require references (#​2231)

  A long time ago esbuild used to warn about indirect uses of require because they break esbuild's ability to analyze the dependencies of the code and cause dependencies to not be bundled, resulting in a potentially broken bundle. However, this warning was removed because many people wanted the warning to be removed. Some packages have code that uses require like this but on a code path that isn't used at run-time, so their code still happens to work even though the bundle is incomplete. For example, the following code will not bundle bindings:

  // Prevent React Native packager from seeing modules required with this
  const nodeRequire = require;
  
  function getRealmConstructor(environment) {
    switch (environment) {
      case "node.js":
      case "electron":
        return nodeRequire("bindings")("realm.node").Realm;
    }
  }

  Version 0.11.11 of esbuild removed this warning, which means people no longer have a way to know at compile time whether their bundle is broken in this way. Now that esbuild has custom log message levels, this warning can be added back in a way that should make both people happy. With this release, there is now a log message for this that defaults to the debug log level, which normally isn't visible. You can either do --log-override:indirect-require=warning to make this log message a warning (and therefore visible) or use --log-level=debug to see this and all other debug log messages.

nodejs/undici

v5.5.1

Compare Source

⚠️ v5.5.1 - Security release

This releases fixes CVE CVE-2022-32210. See GHSA-pgw7-wx7w-2w33 for more details:

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.

Full Changelog: nodejs/undici@v5.5.0...v5.5.1

v5.5.0

Compare Source

What's Changed

• ci: skip automerge job if user is not dependabot by @​Fdawgs in https://github.com/nodejs/undici/pull/1478
• test: skip IPv6 tests if not supported by @​LiviaMedeiros in https://github.com/nodejs/undici/pull/1476
• ci: remove git credentials after checkout by @​Fdawgs in https://github.com/nodejs/undici/pull/1477
• fix(fetch): typo by @​KhafraDev in https://github.com/nodejs/undici/pull/1474
• fix: support TypedArray and DataView as Request body by @​LiviaMedeiros in https://github.com/nodejs/undici/pull/1472
• fix: connector types by @​S222em in https://github.com/nodejs/undici/pull/1362
• fix(tests): broken node-fetch tests by @​KhafraDev in https://github.com/nodejs/undici/pull/1486
• fix: readme example codestyle by @​mainarthur in https://github.com/nodejs/undici/pull/1488
• feat: implement FormData Iterator by @​KhafraDev in https://github.com/nodejs/undici/pull/1473

New Contributors

• @​LiviaMedeiros made their first contribution in https://github.com/nodejs/undici/pull/1476
• @​S222em made their first contribution in https://github.com/nodejs/undici/pull/1362
• @​mainarthur made their first contribution in https://github.com/nodejs/undici/pull/1488

Full Changelog: nodejs/undici@v5.4.0...v5.5.0

---

Configuration

📅 Schedule: Branch creation - "before 6am" in timezone Asia/Jakarta, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Mend Renovate. View repository job log here.