📦 Update owners packages (major) #2697

renovate · 2024-06-24T16:08:47Z

This PR contains the following updates:

Package	Change	Age	Confidence
@octokit/rest	`20.1.1` -> `22.0.0`
express (source)	`4.21.2` -> `5.1.0`
jest (source)	`29.7.0` -> `30.1.1`
minimatch	`9.0.5` -> `10.0.3`
probot (source)	`13.4.0` -> `14.0.2`
sinon (source)	`18.0.1` -> `21.0.0`
smee-client	`2.0.4` -> `4.3.1`

See all other Renovate PRs on the Dependency Dashboard

Release Notes

octokit/rest.js (@octokit/rest)

`v22.0.0`

Compare Source

Bug Fixes

deps: update octokit monorepo (major) (#504) (77530ab)

BREAKING CHANGES

deps: Drop support for NodeJS v18
deps: Remove deprecated Projects endpoints
deps: Remove deprecated Copilot usage metrics endpoints

`v21.1.1`

Compare Source

Bug Fixes

deps: update Octokit dependencies to mitigate ReDos [security] (#484) (ca256c3)

`v21.1.0`

Compare Source

Features

new endpoints, bump Octokit deps to fix Deno (#477) (908b1c8)

`v21.0.2`

Compare Source

Bug Fixes

docs: update to react 18 and latest gatsby deps (#462) (9a80f06), closes #216 #230 #460

`v21.0.1`

Compare Source

Bug Fixes

update deps (#456) (93d5afb)

`v21.0.0`

Compare Source

Features

v21 (#413) (12b6c65)

BREAKING CHANGES

package is now ESM

`v20.1.2`

Compare Source

Bug Fixes

deps: bump Octokit dependencies to address ReDos vulnerabilities, bump devDependencies (#487) (711f2ee), closes #486

expressjs/express (express)

`v5.1.0`

Compare Source

========================

Add support for Uint8Array in res.send()
Add support for ETag option in res.sendFile()
Add support for multiple links with the same rel in res.links()
Add funding field to package.json
perf: use loop for acceptParams
refactor: prefix built-in node module imports
deps: remove setprototypeof
deps: remove safe-buffer
deps: remove utils-merge
deps: remove methods
deps: remove depd
deps: debug@^4.4.0
deps: body-parser@^2.2.0
deps: router@^2.2.0
deps: content-type@^1.0.5
deps: finalhandler@^2.1.0
deps: qs@^6.14.0
deps: [email protected]
deps: [email protected]

`v5.0.1`

Compare Source

==========

Update cookie semver lock to address CVE-2024-47764

`v5.0.0`

Compare Source

=========================

remove:
- path-is-absolute dependency - use path.isAbsolute instead
breaking:
- res.status() accepts only integers, and input must be greater than 99 and less than 1000
  - will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
  - will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
- deps: send@1.0.0
- res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
change:
- res.clearCookie will ignore user provided maxAge and expires options
deps: cookie-signature@^1.2.1
deps: debug@4.3.6
deps: merge-descriptors@^2.0.0
deps: serve-static@^2.1.0
deps: qs@6.13.0
deps: accepts@^2.0.0
deps: mime-types@^3.0.0
- application/javascript => text/javascript
deps: type-is@^2.0.0
deps: content-disposition@^1.0.0
deps: finalhandler@^2.0.0
deps: fresh@^2.0.0
deps: body-parser@^2.0.1
deps: send@^1.1.0

jestjs/jest (jest)

`v30.1.1`

Compare Source

Fixes

[jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)

Features

[expect] The Inverse type is now exported (#15714)
[expect] feat: support async functions in toBe (#15704)

Fixes

[jest] jest --onlyFailures --listTests now correctly lists only failed tests (#15700)
[jest-snapshot] Handle line endings in snapshots (#15708)

`v30.0.3`

Compare Source

Fixes

[jest-config] Fix ESM TS config loading in a CJS project (#15694)

Features

[jest-diff] Show non-printable control characters to diffs (#15696)

`v30.0.2`

Compare Source

`v30.0.1`

Compare Source

`v30.0.0`

Compare Source

isaacs/minimatch (minimatch)

`v10.0.3`

Compare Source

`v10.0.2`

Compare Source

`v10.0.1`

Compare Source

`v10.0.0`

Compare Source

probot/probot (probot)

`v14.0.2`

Compare Source

Bug Fixes

deps: update @probot/octokit-plugin-config (6f2d021)

`v14.0.1`

Compare Source

Bug Fixes

add explicit undefined to optional types, and update webhooks types (#1979) (05179ff)

`v14.0.0`

Compare Source

feat!: v14 (#2152) (97c4057)

BREAKING CHANGES

Probot is now an ESM only library
drop Node > 20.17 and Node 21 support
Switch to GitHub's OpenAPI specification for Webhooks (from @octokit/webhooks v13)
Remove legacy REST enpoint method access. Users will now have to use the octokit.rest.* methods
Remove express server from within Probot.
All properties marked as private in Typescript, including Probot#state, are now private class fields.
createNodeMiddleware() is now an async function
@sentry/node needs to be installed separately if needed
ioredis needs to be installed separately if needed
The built-in server now listens on localhost by default instead of 0.0.0.0.

Probot v14 Migration Guide

ESM Only Package

Probot is now exclusively an ESM package. Either migrate to ESM (recommended), or use `require(esm).

Migrating to ESM:

Update package.json:

{
  "type": "module"
}

Replace all CommonJS require() statements with ESM import syntax
Update your TypeScript configuration:

{
  "compilerOptions": {
    "module": "node16",
    "moduleResolution": "node16"
  }
}

For require(esm):

For TypeScript 5.7-5.8: Use "module": "nodenext" and "moduleResolution": "nodenext"
For TypeScript 5.9+: Use "module": "node20" and "moduleResolution": "node20"

Node.js Version Requirements

Minimum supported version: Node.js 20.18+ and 22+
Node.js 21 support has been dropped

Webhook Type Definitions

Replace webhook type imports:

// Before
import { WebhookEvent } from "@&#8203;octokit/webhooks-types";

// After
import { WebhookEvent } from "@&#8203;octokit/openapi-webhooks-types-migration";

REST API Access Pattern

Legacy endpoint methods have been removed:

app.on("issues.opened", async (context) => {
  // Before
  // const issue = await context.octokit.issues.get(context.issue());

  // After
  const issue = await context.octokit.rest.issues.get(context.issue());
});

Express Server Removal

The built-in Express server has been removed. To use Express:

Install Express:

npm install express

Update your Probot setup:

import Express from "express";
import { createNodeMiddleware, createProbot } from "probot";

const express = Express();

const app = (probot) => {
  probot.on("push", async () => {
    probot.log.info("Push event received");
  });
};

const middleware = await createNodeMiddleware(app, {
  webhooksPath: "/api/github/webhooks",
  probot: createProbot({
    env: {
      APP_ID,
      PRIVATE_KEY,
      WEBHOOK_SECRET,
    },
  }),
});

express.use(middleware);
express.use(Express.json());
express.get("/custom-route", (req, res) => {
  res.json({ status: "ok" });
});

express.listen(3000, () => {
  console.log(`Server is running at http://localhost:3000`);
});

HTTP Server no longer listens on `0.0.0.0` by default

The built-in HTTP server will now listen on localhost by default, instead of listening on all available interfaces.
If you wish to change this behaviour, you can use the HOST environment variable, or the --host variable for the probot run command.

env HOST=0.0.0.0 <start script>
probot run --host=0.0.0.0 app.js

Asynchronous Middleware Initialization

createNodeMiddleware() is now asynchronous:

import { createNodeMiddleware } from "probot";
import app from "../app.js";

// Before
// const middleware = createNodeMiddleware(app);

// After
const middleware = await createNodeMiddleware(app);

`v13.4.7`

Compare Source

Bug Fixes

update @octokit/webhooks, remove internal rebindLog() function (#2220) (c4c67c3), closes #2062

`v13.4.6`

Compare Source

Bug Fixes

update @octokit/auth-app and @octokit/core to fix logger binding issues (058878b)

`v13.4.5`

Compare Source

Bug Fixes

deps: update dependency express to v5 (#2090) (f6d4c3e)

`v13.4.4`

Compare Source

Bug Fixes

deps: update Octokit dependencies that have ReDos vulnerability (816f2f7)

`v13.4.3`

Compare Source

Bug Fixes

deps: update dependency @probot/pino to v3 (#2140) (7c3a99d)

`v13.4.2`

Compare Source

Bug Fixes

memoryleak of octokit hook (#2129) (2b48a8e)

`v13.4.1`

Compare Source

Bug Fixes

ensure that the logger is always bound (#2119) (cc85a24), closes #2116

sinonjs/sinon (sinon)

`v21.0.0`

Compare Source

fd10f13f
chore!: remove assert.failException property (#2659) (Morgan Roderick)

This was used for allowing customisation of the thrown error between
sandboxes and for customisation for integrations (most likely from the
days of BusterJS).

To my knowledge and what I've been able to find on GitHub, this has
never had any production use by end users.

BREAKING CHANGE: this removes assert.failException from the API

Released by Morgan Roderick on 2025-06-13.

`v20.0.0`

Compare Source

b6daed26
chore!: remove usingPromise (Morgan Roderick)

Everyone should be using native promises by now, or should know how to stub natives
95d4b8fc
chore!: remove fakeXMLHttpRequest and fakeServer (Morgan Roderick)

BREAKING CHANGE: remove fakeXMLHttpRequest and fakeServer from the API

Released by Morgan Roderick on 2025-03-24.

`v19.0.5`

Compare Source

67d19ff0
chore: deprecate usingPromise (#2651) (Morgan Roderick)
598dddb6
chore: deprecate useFakeXMLHttpRequest and useFakeServer (Morgan Roderick)

Released by Morgan Roderick on 2025-03-23.

`v19.0.4`

Compare Source

The release script failed half-way in 19.0.3, so re-releasing.

da67311a
Revert "Add version 19.0.3 to releases" (Carl-Erik Kopseng)
84d5c82a
Add version 19.0.3 to releases (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2025-03-19.

`v19.0.3`

Compare Source

Basically just documentation updates

1f1d3706
Verifying links procedure (Carl-Erik Kopseng)
37623efc
Catch latest two missing redirects (Carl-Erik Kopseng)
2404a45f
Ignore ancient deadlinks to Sinon child projects in previous releases (Carl-Erik Kopseng)
fba6f877
Ignore historic links in changelog (Carl-Erik Kopseng)
e3950d9b
Fix external link (Carl-Erik Kopseng)
0be40825
Fix the missing redirects to the migration guide (Carl-Erik Kopseng)
108fbca0
Fix internal ../assertions link in source (Carl-Erik Kopseng)
bb10e53a
Fix spy-call reference in source (Carl-Erik Kopseng)
ef582e31
Remove bash-ism from Makefile (use POSIX) (Carl-Erik Kopseng)
7af1d235
chore: remove .unimportedrc.json (Morgan Roderick)
dfcad710
chore: fix codecov upload (Morgan Roderick)
We are seeing errors uploading coverage reports to codecov:
```
Rate limit reached. Please upload with the Codecov repository upload token to resolve issue
```
I've added a repository token, as instructed in https://docs.codecov.com/docs/adding-the-codecov-token.

This changeset should fix the upload issue.
0ca2e49e
fix: browser-test job fails in ubuntu-latest (Morgan Roderick)
e9eb2eb2
chore: remove unused unused job (Morgan Roderick)

This crucial part of this workflow was removed in
278e667, we should have removed the entire job.
278e667e
chore: remove unimported (Morgan Roderick)

The repository has been archived. See https://github.com/smeijer/unimported
9e30835b
npm audit (Morgan Roderick)
a74301cf
chore: remove RunKit (Morgan Roderick)

This service is dead.
80bc1d96
Fix out-of-date fake-timers docs (#2628) (Carl-Erik Kopseng)
- Fix documentation issue for fake-timers mentioned in #2625
The docs were out of sync with the fake-timers docs.
- Update dependencies before new patch version
527568cc
Bump rexml from 3.3.7 to 3.3.9 (#2626) (dependabot[bot])
Bumps rexml from 3.3.7 to 3.3.9.
updated-dependencies:
- dependency-name: rexml
  
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] [email protected]

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ed029725
Bump webrick from 1.8.1 to 1.8.2 (#2623) (dependabot[bot])
Bumps webrick from 1.8.1 to 1.8.2.
- Release notes
- Commits
updated-dependencies:
- dependency-name: webrick
  
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] [email protected]

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Released by Carl-Erik Kopseng on 2025-03-19.

`v19.0.2`

Compare Source

4eb4c4bc
Use fix 13.0.2 version of fake-timers to get Date to pass instanceof checks (Carl-Erik Kopseng)
a5b03db3
Add links to code that is affected by the breaking changes (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2024-09-13.

`v19.0.1`

Compare Source

037ec2d2
Update migration docs (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2024-09-13.

`v19.0.0`

Compare Source

3534ab4f
Bump samsam and nise to latest versions (#2617) (Carl-Erik Kopseng)

Ensures consistency and less breakage when there are "circular" dependencies.
912c568d
upgrade fake timers and others (#2612) (Carl-Erik Kopseng)
- Upgrade dependencies (includes breaking API in Fake Timers)
- fake-timers: no longer creating dates using the original Date class, but a subclass (proxy)
9715798e
Use newer @mochify/* packages (#2609) (Carl-Erik Kopseng)

Co-authored-by: Maximilian Antoni [email protected]