v2.0.81

Update dependency balena-io/balena-cli to v20

Notable changes

balena-io/balena-cli (balena-io/balena-cli)

v20.0.2

Compare Source

6f30dc0 (Restore ability to cat key into ssh-key add, 2024-10-29)

v20.0.1

Compare Source

bb101de (Update @​oclif/core patch, 2024-10-29)
ca6344b (Deduplicate dependencies, 2024-10-29)
48596fa (Fix sending input to some aliases not working, 2024-10-29)

v20.0.0

Compare Source

07a7bd7 (Deduplicate dependencies, 2024-10-25)
4b3fdcf (device update: Use detached HUP for os updates, 2024-10-21)
d023d0a (Drop -h flag for help and stop manually adding help per command in favor of oclif automatically adding it, 2024-09-30)
de1821d (Stop checking for very old, long-removed commands, 2024-09-26)
12923c9 (Deprecate devices supported command in favor of device-type list, 2024-09-26)
8be069d (Deprecate notes command in favor of device note, 2024-09-26)
9d3f912 (Deprecate tunnel command in favor of device tunnel, 2024-09-26)
61ebf9e (Deprecate env add in favor of env set, 2024-09-26)
8498502 (Deprecate ssh command in favor of device ssh, 2024-09-26)
c5d8f73 (Deprecate logs command in favor of device logs, 2024-09-26)
5db0c71 (Deprecate scan command in favor of device detect, 2024-09-26)
c7a06f7 (Deprecate orgs command in favor of organization list, 2024-09-26)
bc66feb (Deprecate tags command in favor of tag list, 2024-09-25)
bb80311 (Deprecate envs command in favor of env list, 2024-09-24)
3dee7bd (Deprecate key commands in favor of ssh-key, 2024-09-25)
3251f04 (Deprecate keys command in favor of key list, 2024-09-24)
35dce45 (Deprecate releases command in favor of release list, 2024-09-24)
71ef005 (Deprecate fleets command in favor of fleet list, 2024-09-24)
b6f8be2 (Deprecate api-keys command in favor of api-key list, 2024-09-24)
13110cc (Deprecate devices command in favor of device list, 2024-09-24)
d4b554d (Docs: Show whether an alias is deprecated, 2024-10-23)
1275c11 (Update balena-preload to 16.0.0, 2024-09-17)
593233a (Tests: Drop unused my_application resource mock, 2024-10-24)
ec92f21 (Drop the no longer needed __metadata property handling, 2024-09-17)
5adc43b (Update image_size type from number to string, 2024-09-17)
1ee9a68 (Update device.overall_status comments with their respective replacements, 2024-09-17)
56e5daf (Drop the device.is_managed_by__device property from test-data, 2024-09-17)
f0e0c0d (Update all API queries to use the v7 model, 2024-09-17)
afd1479 (git mv v6 test-data api-responses to v7, 2024-09-17)
37e08e4 (Update actor to use PineDeferred type, 2024-09-17)
61af57a (Update release.contract type from string to JsonType, 2024-09-17)
19be0fe (Replace device should_be_running__release with is_pinned_on__release, 2024-09-16)
2b656c2 (Update @balena/compose to 5.0.0, 2024-09-17)
2bf7b81 (Bump balena-sdk to 20.3.0, 2024-09-16)

List of commits

121e152 (Update dependency balena-io/balena-cli to v20, 2024-11-04)

v2.0.80

Update dependency balena-io/balena-cli to v19

Notable changes

• Readme updates
• Readme updates chalk/chalk@89e9e3a
• Support template literals for nested calls (#​392) 09ddbad
• Require Node.js 10 61999a4
• Change the Level TypeScript type to be a union instead of enum f0f4638
• Use Object.setPrototypeOf as __proto__ could potentially be disabled (#​387) 63469d3
  -chalk/chalk (chalk)
  -if (chalk.level > Level.None) {}
• 4eb4c4bc
• a5b03db3
• 037ec2d2
• 3534ab4f
• 912c568d
• 9715798e
• 03e33ec6
• 5a7924ad
• ad6804cd
• 033287bd
• 0c609f95
• da4230a0
• 02542370
• 794cb81a
• 1eb2a254
• 1aa713fd
  -sinonjs/sinon (sinon)
• Update @​​actions/artifact version, bump dependencies by @​​robherley in https://github.com/actions/download-artifact/pull/341
  -actions/download-artifact (actions/download-artifact)
  -apple-actions/import-codesign-certs (apple-actions/import-codesign-certs)

balena-io/balena-cli (balena-io/balena-cli)

v19.16.0

Compare Source

8655b89 (Deduplicate dependencies, 2024-10-23)
09d52c5 (device-type list: Add --all flag for including no longer supported device types in the list, 2024-09-26)
e5cee64 (Add alias device-type list for command devices supported, 2024-09-26)
98a6b43 (git mv devices/supported to device/list, 2024-09-26)

v19.15.0

Compare Source

3eb3b3b (Add alias device note for command notes, 2024-09-26)
8ee5ede (git mv notes/index to device/note, 2024-09-26)

v19.14.0

Compare Source

bff5897 (Add alias device tunnel for command tunnel, 2024-09-26)
22c9fd3 (git mv tunnel/index to device/tunnel, 2024-09-26)

v19.13.1

Compare Source

Update dependency chalk to v4

Notable changes

• Readme updates
• Readme updates chalk/chalk@89e9e3a
• Support template literals for nested calls (#​392) 09ddbad
• Require Node.js 10 61999a4
• Change the Level TypeScript type to be a union instead of enum f0f4638
  -if (chalk.level > Level.None) {}
• Use Object.setPrototypeOf as __proto__ could potentially be disabled (#​387) 63469d3

chalk/chalk (chalk)

v4.1.2

Compare Source

• Readme updates

v4.1.1

Compare Source

• Readme updates chalk/chalk@89e9e3a

v4.1.0

Compare Source

• Support template literals for nested calls (#​392) 09ddbad

v4.0.0

Compare Source

Breaking

• Require Node.js 10 61999a4
• Change the Level TypeScript type to be a union instead of enum f0f4638

-if (chalk.level > Level.None) {}
+if (chalk.level > 0) {}

Improvements

• Use Object.setPrototypeOf as __proto__ could potentially be disabled (#​387) 63469d3

List of commits

8ded517 (Update dependency chalk to v4, 2024-10-21)

v19.13.0

Compare Source

f1924bb (Add alias env set for command env add, 2024-09-26)
44082e2 (git mv env/add to env/set, 2024-09-26)

v19.12.1

Compare Source

147ce80 (Update @oclif/core, 2024-10-21)

v19.12.0

Compare Source

9b1eb57 (Update help.spec per recent help output change, 2024-10-21)
76c08b6 (Add alias device ssh for ssh command, 2024-09-26)
3f82f42 (git mv ssh/index to device/ssh, 2024-09-26)

v19.11.1

Compare Source

Update dependency sinon to v19

Notable changes

• 4eb4c4bc
• a5b03db3
• 037ec2d2
• 3534ab4f
• 912c568d
• 9715798e
• 03e33ec6
• 5a7924ad
• ad6804cd
• 033287bd
• 0c609f95
• [da4230a0](https://togithub.com/sinonjs/sinon...

v2.0.79

Update dependency sinon to v19

Notable changes

• 4eb4c4bc
• a5b03db3
• 037ec2d2
• 3534ab4f
• 912c568d
• 9715798e

sinonjs/sinon (sinon)

v19.0.2

Compare Source

• 4eb4c4bc
  Use fix 13.0.2 version of fake-timers to get Date to pass instanceof checks (Carl-Erik Kopseng)
• a5b03db3
  Add links to code that is affected by the breaking changes (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2024-09-13.

v19.0.1

Compare Source

• 037ec2d2
  Update migration docs (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2024-09-13.

v19.0.0

Compare Source

• 3534ab4f
  Bump samsam and nise to latest versions (#​2617) (Carl-Erik Kopseng)

  Ensures consistency and less breakage when there are "circular" dependencies.

• 912c568d
  upgrade fake timers and others (#​2612) (Carl-Erik Kopseng)

  • Upgrade dependencies (includes breaking API in Fake Timers)
  • fake-timers: no longer creating dates using the original Date class, but a subclass (proxy)

• 9715798e
  Use newer @​mochify/* packages (#​2609) (Carl-Erik Kopseng)

  Co-authored-by: Maximilian Antoni [email protected]

Released by Carl-Erik Kopseng on 2024-09-13.

List of commits

852c56c (Update dependency sinon to v19, 2024-11-04)

v2.0.78

d120f11 (Lock file maintenance, 2024-11-04)

v2.0.77

Update dependency balena-io/balena-cli to v18.2.34

Notable changes

balena-io/balena-cli (balena-io/balena-cli)

v18.2.34

Compare Source

1d70e6b (Run npm dedupe commands, 2024-07-24)
d345837 (Switch to self-hosted, 2024-07-23)

List of commits

fd2c2ba (Update dependency balena-io/balena-cli to v18.2.34, 2024-11-03)

v2.0.76

Update dependency rimraf to v6

Notable changes

isaacs/rimraf (rimraf)

v6.0.1

Compare Source

v6.0.0

Compare Source

v5.0.10

Compare Source

v5.0.9

Compare Source

v5.0.8

Compare Source

List of commits

593da74 (Update dependency rimraf to v6, 2024-11-03)

v2.0.75

Update dependency sinon to v18

Notable changes

• 03e33ec6
• 5a7924ad
• ad6804cd
• 033287bd
• 0c609f95
• da4230a0
• 02542370
• 794cb81a
• 1eb2a254
• 1aa713fd
• 01d45312
• c618edc5
• f6dca0ba
• 5025d001
• ed068a88
• ec4d592e
• 9972e1e3
• 52e6e4c5
• 08da1235
• 404ef47e
• fd79612c
• 1fbc812a
• fc8f6c3e
• c57e38ae
• 754bf7a9
• 87eed9d2
• cbae6997
• adcf936d
• 30ad2372
• 45c4d6b9
• 6c9f5c2a
• 93db3ef3

sinonjs/sinon (sinon)

v18.0.1

Compare Source

Basically a patch release to update a transitive dependency in Nise.

• 03e33ec6
  Pin [email protected] to avoid breaking change (Carl-Erik Kopseng)
• 5a7924ad
  Add createStubInstance header in stubs.md (Daniel Kaplan)
• ad6804cd
  Bump elliptic from 6.5.5 to 6.5.7 (#​2608) (dependabot[bot])
• 033287bd
  Bump path-to-regexp and nise (#​2611) (dependabot[bot])

  Bumps path-to-regexp to 8.1.0 and updates ancestor dependency nise. These dependencies need to be updated together.

  Updates path-to-regexp from 6.2.2 to 8.1.0

  • Release notes
  • Changelog
  • Commits

  Updates nise from 6.0.0 to 6.0.1

  • Changelog
  • Commits

  ---

  updated-dependencies:

  • dependency-name: path-to-regexp

    dependency-type: indirect

  • dependency-name: nise

    dependency-type: direct:production

  ...

  Signed-off-by: dependabot[bot] [email protected]

  Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com>

• 0c609f95
  re-add testing of esm browser builds (Carl-Erik Kopseng)

  It seems unclear why it was removed in the first place: I have tested extensively that it
  does work and it does fail the build if changing any assertion in the script

• da4230a0
  Bump braces from 3.0.2 to 3.0.3 (#​2605) (dependabot[bot])

  Bumps braces from 3.0.2 to 3.0.3.

  • Changelog
  • Commits

  ---

  updated-dependencies:

  • dependency-name: braces

    dependency-type: indirect

  ...

  Signed-off-by: dependabot[bot] [email protected]

  Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com>

• 02542370
  feat(ci): add node v22 (#​2600) (Rotzbua)
• 794cb81a
  fix(tests): typo (#​2603) (Rotzbua)
• 1eb2a254
  Use NodeJS 22.2.0 as base development version (Carl-Erik Kopseng)
• 1aa713fd
  Bump rexml from 3.2.5 to 3.2.8 (#​2599) (dependabot[bot])

  Bumps rexml from 3.2.5 to 3.2.8. >

  • Release notes >
  • Changelog >
  • Commits > >
    --- >
    updated-dependencies: >
  • dependency-name: rexml >
    dependency-type: indirect >
    ... > >
    Signed-off-by: dependabot[bot] [email protected] >
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@​users.noreply.github.com>

Released by Carl-Erik Kopseng on 2024-09-10.

v18.0.0

Compare Source

This is what 17.0.2 should have been, as that contained two breaking changes. After updating
Nise we are down to one breaking change, which only affects sinon-test (which has been updated),
so most people are not affected. The legacyRoutes flag that is currently enabled in Nise by default
will at some later version be disabled. We will then issue a little migration note.

• 01d45312
  Use Nise 6 with legacyRoutes flag enabled (Carl-Erik Kopseng)

  This should be disabled in a future Sinon version by default.

• c618edc5
  fix #​2594: remove needless sandbox creation (Carl-Erik Kopseng)

Released by Carl-Erik Kopseng on 2024-05-15.

v17.0.2

Compare Source

• [f6dca0ba](http...

v2.0.74

Update dependency balena-io/balena-cli to v18.2.33

Notable changes

-actions/setup-node (actions/setup-node)

• patch: etcher-sdk is not yet compatible with node22 [JOASSART Edwin]
• minor: allow passing custom assets to start SB protected CM4 [Edwin Joassart]
  -balena-io-modules/etcher-sdk (etcher-sdk)
• patch: use http2 to fix issues with url source [Edwin Joassart]
• patch: remove CI workaround [Edwin Joassart]
• patch: add option to allow listing virtual drive on Mac [JOASSART Edwin]
  -dominictarr/event-stream (event-stream)
• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([8345030]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm
• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
  -auth0/node-jsonwebtoken (jsonwebtoken)
• Update @​​actions/artifact dependency by @​​bethanyj28 in https://github.com/actions/download-artifact/pull/325
• updating @actions/artifact dependency to v2.1.6 by @​​eggyhead in https://github.com/actions/download-artifact/pull/324
• Update readme with v3/v2/v1 deprecation notice by @​​robherley in https://github.com/actions/download-artifact/pull/322
• Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5
• Update @​​actions/artifact by @​​bethanyj28 in https://github.com/actions/download-artifact/pull/307
• Update release-new-action-version.yml by @​​konradpabjan in https://github.com/actions/download-artifact/pull/292
• Update toolkit dependency with updated unzip logic by @​​bethanyj28 in https://github.com/actions/download-artifact/pull/299
• Update @​​actions/artifact by @​​bethanyj28 in https://github.com/actions/download-artifact/pull/303
• @​​bethanyj28 made their first contribution in https://github.com/actions/download-artifact/pull/299
• Bump @​​actions/artifacts to latest version to include updated GHES host check
• Fix transient request timeouts https://github.com/actions/download-artifact/issues/249
• Bump @actions/artifacts to latest version
  -actions/download-artifact (actions/download-artifact)

balena-io/balena-cli (balena-io/balena-cli)

v18.2.33

Compare Source

v18.2.32

Compare Source

v18.2.31

Compare Source

a39a772 (Deduplicate dependencies, 2024-07-15)
efa0d67 (deploy: Use the sdk's pine instance with balena-compose, 2024-07-15)
232b967 (Update balena-sdk to 19.7.3, 2024-07-13)

v18.2.30

Compare Source

4e101e2 (Omit unicode control character escapes from test logs, 2024-07-13)
9f9fd97 (Deduplicate dependencies, 2024-07-13)

v18.2.29

Compare Source

3c64e13 (Update balena-preload from 15.0.5 to 15.0.6, 2024-07-11)

v18.2.28

Compare Source

79fcd95 (Downgrade pinejs-client-request to 7.4.2 to unblock the sdk update, 2024-07-12)
33199ac (Update balena-sdk to 19.7.2, 2024-07-12)

v18.2.27

Compare Source

1702f8b (Update balena-sdk to 19.5.5, 2024-07-12)

v18.2.26

Compare Source

1bc0f74 (Drop unused dependencies, 2024-07-11)
f65215e (Move dependencies that should be dev only as devDependencies, 2024-07-11)

v18.2.25

Compare Source

b1073ca (Fix complete generation intermitency, 2024-07-10)
e659e35 (Bump oclif to v4, 2024-07-10)

v18.2.24

Compare Source

19a60bb (Update mocha from 8.4.0 to 10.6.0, 2024-07-10)
d1a6f75 (Override inline-source-cli with non-vulnerable dependency, 2024-07-10)

v18.2.23

Compare Source

7273656 (Replace resin-discoverable-services with bonjour-service, 2024-07-09)

v18.2.22

Compare Source

1749937 (Remove unused dependency minimatch, 2024-07-10)

v18.2.21

Compare Source

6c89ba4 (Bump resin-discoverable-services from 2.0.4 to 2.0.5, 2024-07-09)

v18.2.20

Compare Source

b6d1afa (Audit fix dependencies, 2024-07-05)

v18.2.19

Compare Source

93e597a (Remove unused package publish-release, 2024-07-05)

v18.2.18

Compare Source

Update actions/setup-node action to v4

Notable changes

actions/setup-node (actions/setup-node)

v4

Compare Source

List of commits

c30a1dc (Update actions/setup-node action to v4, 2024-07-02)

v18.2.17

[Compare Source](https://togithub.com/balena-i...

v2.0.73

Update Node.js to v18.20.4

Notable changes

• CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
• CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
• [85abedf1ff] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
• [eccd63b865] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596

nodejs/node (node)

v18.20.4: 2024-07-08, Version 18.20.4 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
• CVE-2024-22020 - Bypass network import restriction via data URL (Medium)

Commits

• [85abedf1ff] - lib,esm: handle bypass network-import via data: (RafaelGSS) nodejs-private/node-private#522
• [eccd63b865] - src: handle permissive extension on cmd check (RafaelGSS) nodejs-private/node-private#596

List of commits

45ef26f (Update Node.js to v18.20.4, 2024-07-25)

v2.0.72

66f6534 (Lock file maintenance, 2024-06-17)