chore(deps): update devdependencies-major (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@inpyjamas/scripts	0.1.12-alpha -> 1.0.0
@inpyjamas/scripts	0.1.11-alpha -> 1.0.0
@saithodev/semantic-release-backmerge	2.1.2 -> 3.1.0
@testing-library/react	11.2.6 -> 14.0.0
@​types/ajv-errors	1.0.3 -> 2.0.0
@types/config (source)	0.0.41 -> 3.3.0
@types/jsonwebtoken (source)	8.5.8 -> 9.0.1
@types/mocha (source)	8.2.2 -> 10.0.1
@types/react (source)	17.0.3 -> 18.0.28
@types/react-dom (source)	17.0.3 -> 18.0.11
@types/uuid (source)	8.3.4 -> 9.0.0
dotenv	8.2.0 -> 16.0.3
jest (source)	26.6.3 -> 29.4.3
jest-each	27.5.1 -> 29.4.3
jsonwebtoken	8.5.1 -> 9.0.0
node-fetch	2.6.1 -> 3.3.0
postcss-cli	8.3.1 -> 10.1.0
prisma (source)	2.18.0 -> 4.10.1
semantic-release	19.0.3 -> 20.1.0
tailwindcss (source)	2.0.3 -> 3.2.7
ts-jest (source)	26.5.6 -> 29.0.5
ts-node (source)	9.1.1 -> 10.9.1
ts-node-dev	1.1.6 -> 2.0.0

---

Release Notes

inpyjamas/scripts

v1.0.0

Compare Source

Bug Fixes

• deps: update dependency @​types/jest to v26 (#​14) (23da456)
• deps: update dependency @​types/node to v12.12.43 (d396da2)
• deps: update dependency @​types/node to v12.12.44 (acb7e9a)
• deps: update dependency @​types/node to v12.12.45 (08aec53)
• deps: update dependency eslint to v7.2.0 (43aceee)
• deps: update dependency eslint-config-prettier to v7 (acee3bb)
• deps: update dependency eslint-plugin-jest to v24 (#​34) (7a2d77a)
• deps: update dependency lint-staged to v10.2.8 (5002e8f)
• deps: update dependency lint-staged to v10.2.9 (e1961fc)
• deps: update dependency ts-node to v10 (7b54954)
• deps: update dependency ts-node to v9 (#​30) (b2a0c06)
• deps: update dependency typescript to v3.9.5 (29fe9b7)
• deps: update dependency typescript to v4 (#​31) (f2d4330)
• deps: update typescript-eslint monorepo to v3.2.0 (bc1cbe3)
• deps: update typescript-eslint monorepo to v4 (major) (#​35) (68e1d47)
• exports: Export default objects (2701eeb)
• Prettier config (5bec68f)

saitho/semantic-release-backmerge

v3.1.0

Compare Source

Features

• retry remote Git operations (3138c56), closes #​41

v3.0.0

Compare Source

Bug Fixes

• Compatibility with semantic-release v20 (d8b8332), closes #​38

Features

• remove branchName setting (7a5772d)
• rename branches to backmergeBranches (f84713b)

BREAKING CHANGES

• Setting branches is renamed into backmergeBranches to avoid conflicts with the setting for semantic-release.
• branchName setting is removed. Use backmergeBranches instead.
• Import semantic-release functions via ESM. Loses compatibility with semantic-release before v20.

v2.2.0

Compare Source

Bug Fixes

• message default value (4ada405)

Features

• rename "branches" to "backmergeBranches" (3c16d6a)

2.1.3 (2023-01-11)

Bug Fixes

• limit to semantic-release below 20.0.0 (4dbca4a)
• update dev-dependencies (3771228)

2.1.2 (2022-03-01)

Bug Fixes

• abort process when encountering unrecoverable error (#​33) (5e9b60c)

2.1.1 (2022-02-19)

Bug Fixes

• improve logging (#​31) (e5a04d7)

v2.1.3

Compare Source

Bug Fixes

• limit to semantic-release below 20.0.0 (4dbca4a)
• update dev-dependencies (3771228)

testing-library/react-testing-library

v14.0.0

Compare Source

Bug Fixes

• Prevent "missing act" warning for queued microtasks (#​1137) (f78839b)

Features

• Bump @testing-library/dom to 9.0.0 (#​1177) (6653c23)
• Drop support for Node.js 12.x (#​1169) (9b7a1e2)

BREAKING CHANGES

• See https://github.com/testing-library/dom-testing-library/releases/tag/v9.0.0
• Minimum supported Node.js version is now 14.x

v13.4.0

Compare Source

Features

• renderHook: allow passing of all render options to renderHook (#​1118) (27a9584)

v13.3.0

Compare Source

Features

• Use globalThis if available (#​1070) (c80809a)

v13.2.0

Compare Source

Features

• Export RenderHookOptions type (#​1062) (46b28ad)

v13.1.1

Compare Source

Bug Fixes

• TS: export interface RenderHookResult (#​1049) (9171163)

v13.1.0

Compare Source

Features

• Add renderHook (#​991) (9535eff)

v13.0.1

Compare Source

Bug Fixes

• Specify a non-* version for @​types/react-dom (#​1040) (2a889e8)

v13.0.0

Compare Source

Features

• Add support for React 18 (#​1031) (ccd8a0d)

BREAKING CHANGES

• Drop support for React 17 and earlier. We'll use the new createRoot API by default which comes with a set of changes while also enabling support for concurrent features.
  To opt-out of this change you can use render(ui, { legacyRoot: true } ). But be aware that the legacy root API is deprecated in React 18 and its usage will trigger console warnings.

v12.1.5

Compare Source

Bug Fixes

• Only supports React < 18 (#​1041) (9e2b5db)

v12.1.4

Compare Source

Bug Fixes

• Match runtime type of baseElement in TypeScript types (#​1023) (96ed8da)

v12.1.3

Compare Source

Bug Fixes

• Add @types/react-dom as a direct dependency (#​1001) (149d9a9)

v12.1.2

Compare Source

Bug Fixes

• render: Don't reject wrapper types based on statics (#​973) (7f53b56)

v12.1.1

Compare Source

Bug Fixes

• TS: make wrapper allow a simple function comp (#​966) (cde904c)

v12.1.0

Compare Source

Features

• improve JSDocs for RenderOptions (#​909) (fbacb0d)

v12.0.0

Compare Source

Bug Fixes

• Bump testing-library/dom to v8 alpha (#​923) (770246e)
• Update @​testing-library/dom (#​931) (05c7421)

Features

• Bump @​testing-library/dom (6e6bf85)
• Drop support for node 10 (#​930) (42dad78)

BREAKING CHANGES

• Bump @testing-library/dom to 8.0.0. Please check out the @testing-library/dom@8.0.0 release page for a detailed list of breaking changes.
• node 10 is no longer supported. It reached its end-of-life on 30.04.2021.

v11.2.7

Compare Source

Bug Fixes

• Guard against process not being defined (#​911) (8a1c8e9)

motdotla/dotenv

v16.0.3

Compare Source

Changed

• Added library version to debug logs (#​682)

v16.0.2

Compare Source

Added

• Export env-options.js and cli-options.js in package.json for use with downstream dotenv-expand module

v16.0.1

Compare Source

Changed

• Minor README clarifications
• Development ONLY: updated devDependencies as recommended for development only security risks (#​658)

v16.0.0

Compare Source

Added

• Breaking: Backtick support 🎉 (#​615)

If you had values containing the backtick character, please quote those values with either single or double quotes.

v15.0.1

Compare Source

Changed

• Properly parse empty single or double quoted values 🐞 (#​614)

v15.0.0

Compare Source

v15.0.0 is a major new release with some important breaking changes.

Added

• Breaking: Multiline parsing support (just works. no need for the flag.)

Changed

• Breaking: # marks the beginning of a comment (UNLESS the value is wrapped in quotes. Please update your .env files to wrap in quotes any values containing #. For example: SECRET_HASH="something-with-a-#-hash").

..Understandably, (as some teams have noted) this is tedious to do across the entire team. To make it less tedious, we recommend using dotenv cli going forward. It's an optional plugin that will keep your .env files in sync between machines, environments, or team members.

Removed

• Breaking: Remove multiline option (just works out of the box now. no need for the flag.)

v14.3.2

Compare Source

Changed

• Preserve backwards compatibility on values containing # 🐞 (#​603)

v14.3.1

Compare Source

Changed

• Preserve backwards compatibility on exports by re-introducing the prior in-place exports 🐞 (#​606)

v14.3.0

Compare Source

Added

• Add multiline option 🎉 (#​486)

v14.2.0

Compare Source

Added

• Add dotenv_config_override cli option
• Add DOTENV_CONFIG_OVERRIDE command line env option

v14.1.1

Compare Source

Added

• Add React gotcha to FAQ on README

v14.1.0

Compare Source

Added

• Add override option 🎉 (#​595)

v14.0.1

Compare Source

Added

• Log error on failure to load .env file (#​594)

v14.0.0

Compare Source

Added

• Breaking: Support inline comments for the parser 🎉 (#​568)

v13.0.1

Compare Source

Changed

• Hide comments and newlines from debug output (#​404)

v13.0.0

Compare Source

Added

• Breaking: Add type file for config.js (#​539)

v12.0.4

Compare Source

Changed

• README updates
• Minor order adjustment to package json format

v12.0.3

Compare Source

Changed

• Simplified jsdoc for consistency across editors

v12.0.2

Compare Source

Changed

• Improve embedded jsdoc type documentation

v12.0.1

Compare Source

Changed

• README updates and clarifications

v12.0.0

Compare Source

Removed

• Breaking: drop support for Flow static type checker (#​584)

Changed

• Move types/index.d.ts to lib/main.d.ts (#​585)
• Typescript cleanup (#​587)
• Explicit typescript inclusion in package.json (#​566)

v11.0.0

Compare Source

Changed

• Breaking: drop support for Node v10 (#​558)
• Patch debug option (#​550)

v10.0.0

Compare Source

Added

• Add generic support to parse function
• Allow for import "dotenv/config.js"
• Add support to resolve home directory in path via ~

v9.0.2

Compare Source

Changed

• Support windows newlines with debug mode

v9.0.1

Compare Source

Changed

• Updates to README

v9.0.0

Compare Source

Changed

• Breaking: drop support for Node v8

v8.6.0

Compare Source

Added

• define package.json in exports

v8.5.1

Compare Source

Changed

• updated dev dependencies via npm audit

v8.5.0

Compare Source

Added

• allow for import "dotenv/config"

v8.4.0

Compare Source

Changed

• point to exact types file to work with VS Code

v8.3.0

Compare Source

Changed

• Breaking: drop support for Node v8 (mistake to be released as minor bump. later bumped to 9.0.0. see above.)

facebook/jest

v29.4.3

Compare Source

Features

• [expect] Update toThrow() to be able to use error causes (#​13606)
• [jest-core] allow to use workerIdleMemoryLimit with only 1 worker or runInBand option (#​13846)
• [jest-message-util] Add support for error causes (#​13868 & #​13912)
• [jest-runtime] Revert import assertions for JSON modules as it's been relegated to Stage 2 (#​13911)

Fixes

• [@jest/expect-utils] subsetEquality should consider also an object's inherited string keys (#​13824)
• [jest-mock] Clear mock state when jest.restoreAllMocks() is called (#​13867)
• [jest-mock] Prevent mockImplementationOnce and mockReturnValueOnce bleeding into withImplementation (#​13888)
• [jest-mock] Do not restore mocks when jest.resetAllMocks() is called (#​13866)

v29.4.2

Compare Source

Features

• [@jest/core] Instrument significant lifecycle events with performance.mark() (#​13859)

Fixes

• [expect, @​jest/expect] Provide type of actual as a generic argument to Matchers to allow better-typed extensions (#​13848)
• [jest-circus] Added explicit mention of test failing because done() is not being called in error message (#​13847)
• [jest-runtime] Handle CJS re-exports of node core modules from ESM (#​13856)
• [jest-transform] Downgrade write-file-atomic to v4 (#​13853)
• [jest-worker] Ignore IPC messages not intended for Jest (#​13543)

Chore & Maintenance

• [*] make sure to exclude .eslintcache from published module (#​13832)
• [docs] Cleanup incorrect links in CHANGELOG.md (#​13857)

v29.4.1

Compare Source

Features

• [expect, jest-circus, @​jest/types] Implement numPassingAsserts of testResults to track the number of passing asserts in a test (#​13795)
• [jest-core] Add newlines to JSON output (#​13817)
• [@jest/reporters] Automatic log folding in GitHub Actions Reporter (#​13626)

Fixes

• [@jest/expect-utils] toMatchObject diffs should include Symbol properties (#​13810)
• [jest-runtime] Handle missing replaceProperty (#​13823)
• [@jest/types] Add partial support for done callbacks in typings of each (#​13756)

v29.4.0

Compare Source

Features

• [expect, @​jest/expect-utils] Support custom equality testers (#​13654)
• [jest-config, jest-worker] Use os.availableParallelism if available to calculate number of workers to spawn (#​13738)
• [@jest/globals, jest-mock] Add jest.replaceProperty() that replaces property value (#​13496)
• [jest-haste-map] ignore Sapling vcs directories (.sl/) (#​13674)
• [jest-resolve] Support subpath imports (#​13705, #​13723, #​13777)
• [jest-runtime] Add jest.isolateModulesAsync for scoped module initialization of asynchronous functions (#​13680)
• [jest-runtime] Add jest.isEnvironmentTornDown function (#​13741)
• [jest-test-result] Added skipped and focused status to FormattedTestResult (#​13700)
• [jest-transform] Support for asynchronous createTransformer (#​13762)

Fixes

• [jest-environment-node] Fix non-configurable globals (#​13687)
• [@jest/expect-utils] toMatchObject should handle Symbol properties (#​13639)
• [jest-mock] Fix mockReset and resetAllMocks undefined return value(#​13692)
• [jest-resolve] Add global paths to require.resolve.paths (#​13633)
• [jest-resolve] Correct node core module detection when using node: specifiers (#​13806)
• [jest-runtime] Support WASM files that import JS resources (#​13608)
• [jest-runtime] Use the scriptTransformer cache in jest-runner (#​13735)
• [jest-runtime] Enforce import assertions when importing JSON in ESM (#​12755 & #​13805)
• [jest-snapshot] Make sure to import babel outside of the sandbox (#​13694)
• [jest-transform] Ensure the correct configuration is passed to preprocessors specified multiple times in the transform option (#​13770)

Chore & Maintenance

• [@jest/fake-timers] Update @sinonjs/fake-timers (#​13612)
• [docs] Improve custom puppeteer example to prevent worker warnings (#​13619)

v29.3.1

Compare Source

Fixes

• [jest-config] Do not warn about preset in ProjectConfig (#​13583)

Performance

• [jest-transform] Defer creation of cache directory (#​13420)

v29.3.0

Compare Source

Features

• [jest-runtime] Support WebAssembly (Wasm) imports in ESM modules (#​13505)

Fixes

• [jest-config] Add config validation for projects option (#​13565)
• [jest-mock] Treat cjs modules as objects so they can be mocked (#​13513)
• [jest-worker] Throw an error instead of hanging when jest workers terminate unexpectedly (#​13566)

Chore & Maintenance

• [@jest/transform] Update convert-source-map (#​13509)
• [docs] Mention toStrictEqual in UsingMatchers docs. (#​13560)

v29.2.2

Compare Source

Fixes

• [@jest/test-sequencer] Make sure sharding does not produce empty groups (#​13476)
• [jest-circus] Test marked as todo are shown as todo when inside a focussed describe (#​13504)
• [jest-mock] Ensure mock resolved and rejected values are promises from correct realm (#​13503)
• [jest-snapshot] Don't highlight passing asymmetric property matchers in snapshot diff (#​13480)

Chore & Maintenance

• [docs] Update link to Jest 28 upgrade guide in error message (#​13483)
• [jest-runner, jest-watcher] Update emittery (#​13490)

v29.2.1

Compare Source

Features

• [@jest/globals, jest-mock] Add jest.Spied* utility types (#​13440)

Fixes

• [jest-environment-node] make globalThis.performance writable for Node 19 and fake timers (#​13467)
• [jest-mock] Revert #​13398 to restore mocking of setters (#​13472)

Performance

• [*] Use sha1 instead of sha256 for hashing (#​13421)

v29.2.0

Compare Source

Features

• [@jest/cli, jest-config] A seed for the test run will be randomly generated, or set by a CLI option (#​13400)
• [@jest/cli, jest-config] --show-seed will display the seed value in the report, and can be set via a CLI flag or through the config file (#​13400)
• [jest-config] Add readInitialConfig utility function (#​13356)
• [jest-core] Allow testResultsProcessor to be async (#​13343)
• [@jest/environment, jest-environment-node, jest-environment-jsdom, jest-runtime] Add getSeed() to the jest object (#​13400)
• `[expec

---

Configuration

📅 Schedule: Branch creation - "every 2 weeks on Monday before 7am" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[socket-security]

Socket Security Pull Request Report

Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
prisma@4.10.1 (upgraded)	install	dev-tools/dev-client/package-lock.json, dev-tools/dev-client/package.json
prisma@4.10.1 (upgraded)	preinstall	dev-tools/dev-client/package-lock.json, dev-tools/dev-client/package.json
@prisma/engines@4.10.1 (upgraded)	postinstall	dev-tools/dev-client/package-lock.json via prisma@4.10.1
esbuild@0.14.48 (added)	postinstall	package-lock.json, package.json
esbuild@0.9.7 (added)	postinstall	dev-tools/dev-client/package-lock.json via @snowpack/web-test-runner-plugin@0.2.2, snowpack@3.3.3

😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package	Bin script	Source
semver@6.3.0 (added)	semver	package-lock.json via @inpyjamas/scripts@1.0.0, @saithodev/semantic-release-backmerge@3.1.0, @semantic-release/changelog@6.0.1, @semantic-release/commit-analyzer@9.0.2, @semantic-release/git@10.0.1, @semantic-release/github@8.0.4, @semantic-release/npm@9.0.1, @semantic-release/release-notes-generator@10.0.3, @technologiestiftung/semantic-release-config@1.2.0, bcrypt@5.0.1, nodemon@2.0.18, semantic-release@20.1.0, ts-jest@29.0.5, dev-tools/dev-client/package-lock.json via @snowpack/plugin-react-refresh@2.4.2, dev-tools/dev-mqtt/package.json via @inpyjamas/scripts@1.0.0, jest@29.4.3
semver@7.3.5 (added)	semver	package-lock.json via @saithodev/semantic-release-backmerge@3.1.0, @semantic-release/changelog@6.0.1, @semantic-release/commit-analyzer@9.0.2, @semantic-release/git@10.0.1, @semantic-release/github@8.0.4, @semantic-release/npm@9.0.1, @semantic-release/release-notes-generator@10.0.3, @technologiestiftung/semantic-release-config@1.2.0, semantic-release@20.1.0, dev-tools/dev-client/package-lock.json via @snowpack/web-test-runner-plugin@0.2.2, snowpack@3.3.3
semver@7.3.7 (added)	semver	package-lock.json via @inpyjamas/scripts@1.0.0, @saithodev/semantic-release-backmerge@3.1.0, @semantic-release/changelog@6.0.1, @semantic-release/commit-analyzer@9.0.2, @semantic-release/git@10.0.1, @semantic-release/github@8.0.4, @semantic-release/npm@9.0.1, @semantic-release/release-notes-generator@10.0.3, @technologiestiftung/semantic-release-config@1.2.0, bcrypt@5.0.1, fastify@4.2.0, nodemon@2.0.18, semantic-release@20.1.0, ts-jest@29.0.5, dev-tools/dev-mqtt/package.json via @inpyjamas/scripts@1.0.0, jest@29.4.3, ts-node-dev@2.0.0
semver@7.3.8 (added)	semver	package-lock.json via jsonwebtoken@9.0.0
jest@28.1.2 (upgraded)	jest	package-lock.json via @inpyjamas/scripts@1.0.0, dev-tools/dev-mqtt/package.json via @inpyjamas/scripts@1.0.0
jest@29.4.3 (upgraded)	jest	package-lock.json via ts-jest@29.0.5, dev-tools/dev-mqtt/package.json
jest-cli@28.1.3 (upgraded)	jest	package-lock.json via @inpyjamas/scripts@1.0.0, dev-tools/dev-mqtt/package.json via @inpyjamas/scripts@1.0.0
jest-cli@29.4.3 (upgraded)	jest	package-lock.json via ts-jest@29.0.5, dev-tools/dev-mqtt/package.json via jest@29.4.3

Pull request report summary

Issue	Status
Install scripts	⚠️ 5 issues
Native code	✅ 0 issues
Bin script confusion	⚠️ 8 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore prisma@4.10.1
• @SocketSecurity ignore @prisma/engines@4.10.1
• @SocketSecurity ignore esbuild@0.14.48
• @SocketSecurity ignore esbuild@0.9.7
• @SocketSecurity ignore semver@6.3.0

Powered by socket.dev