chore(deps): update node dependencies

[ggrossetie]

This PR contains the following updates:

Package	Type	Update	Change
@excalidraw/excalidraw	dependencies	patch	0.17.3 -> 0.17.5
@softwaretechnik/dbml-renderer	dependencies	patch	1.0.27 -> 1.0.30
node	volta	patch	18.20.0 -> 18.20.2
pino (source)	dependencies	minor	8.19.0 -> 8.20.0
vega-lite (source)	dependencies	minor	5.17.0 -> 5.18.0

---

Release Notes

excalidraw/excalidraw

v0.17.5

Compare Source

v0.17.4

Compare Source

softwaretechnik-berlin/dbml-renderer

v1.0.30

Compare Source

Updated dependencies.

No other changes.

v1.0.29

Compare Source

• #​27 Support for array fields, thanks to PR #​33 from @​alexjesp.

v1.0.28

Compare Source

This release brings more parsing resilience.

• #​32 Support for qualified type names.
• PR #​36 from @​pierresouchay addresses #​35, allowing SQL Functions used as indices for tables.
• #​24 Handle spaces at the start of declarations, and comments in more places.
• #​26 Handle enums qualified with a schema name.
• #​28 Handle trailing spaces at the end of lines.
• #​29 Handle types like decimal(1,2).

nodejs/node

v18.20.2

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#​564

v18.20.1

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
• CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
• llhttp version 9.2.1
• undici version 5.28.4

Commits

• [60d24938de] - deps: update undici to v5.28.4 (Matteo Collina) nodejs-private/node-private#​577
• [5d4d5848cf] - http: do not allow OBS fold in headers by default (Paolo Insogna) nodejs-private/node-private#​558
• [0fb816dbcc] - src: ensure to close stream when destroying session (Anna Henningsen) nodejs-private/node-private#​561

pinojs/pino

v8.20.0

Compare Source

What's Changed

• Improve documentation for use with Google Cloud Logging by @​jansauer in https://github.com/pinojs/pino/pull/1915
• docs: remove reference to make-promises-safe by @​10xLaCroixDrinker in https://github.com/pinojs/pino/pull/1921
• docs: spelling corrections by @​10xLaCroixDrinker in https://github.com/pinojs/pino/pull/1920
• Document setBindings by @​alecmev in https://github.com/pinojs/pino/pull/1928
• Add pino-discord-webhook transport information by @​fabulousgk in https://github.com/pinojs/pino/pull/1922
• docs: add pino-test to the ecosystem and help sections by @​ruddenchaux in https://github.com/pinojs/pino/pull/1931
• Added Info about using Grafana Loki by @​janpaepke in https://github.com/pinojs/pino/pull/1934
• Fix deprecated dependency notation by @​mbtools in https://github.com/pinojs/pino/pull/1929
• fix: avoid override mistake by @​erights in https://github.com/pinojs/pino/pull/1939
• chore: fix some typos by @​divdeploy in https://github.com/pinojs/pino/pull/1940

New Contributors

• @​jansauer made their first contribution in https://github.com/pinojs/pino/pull/1915
• @​alecmev made their first contribution in https://github.com/pinojs/pino/pull/1928
• @​fabulousgk made their first contribution in https://github.com/pinojs/pino/pull/1922
• @​ruddenchaux made their first contribution in https://github.com/pinojs/pino/pull/1931
• @​janpaepke made their first contribution in https://github.com/pinojs/pino/pull/1934
• @​mbtools made their first contribution in https://github.com/pinojs/pino/pull/1929
• @​erights made their first contribution in https://github.com/pinojs/pino/pull/1939
• @​divdeploy made their first contribution in https://github.com/pinojs/pino/pull/1940

Full Changelog: pinojs/pino@v8.19.0...v8.20.0

vega/vega-lite

v5.18.0

Compare Source

Bug Fixes

• #​8338,#​8126: make boxplot work with single value per group (#​8339) (4e55836), closes #​8338 #​8126 #​8338 #​8126
• describe how to set a custom scheme by setting the range, reverts #​9262 (#​9266) (e6af641), closes #​9022
• generate unescaped boxplot calculated field aliases (#​9284) (44fbceb)

Features

• add explicit option to control how densities are resolved, change how densities are resolved by default (#​9172) (bf0b8d3)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Renovate Bot.