chore(deps-dev): Bump turbo from 1.12.5 to 1.13.3

[dependabot]

Bumps turbo from 1.12.5 to 1.13.3.

Release notes

Sourced from turbo's releases.

Turborepo v1.13.3-canary.3

What's Changed

Changelog

• feat(Turborepo): wire file hashing to grpc server by @​gsoltis in vercel/turbo#7868
• fix(pnpm): correctly parse dependency paths with nested peer dependecies by @​chris-olszewski in vercel/turbo#8003
• feat(turborepo): Watch mode by @​NicholasLYang in vercel/turbo#7613

Full Changelog: vercel/turborepo@v1.13.3-canary.2...v1.13.3-canary.3

Turborepo v1.13.3-canary.2

What's Changed

Docs

• docs(storybook): update documentation to the latest versions available for pnpm installation by @​javiev in vercel/turbo#7953

turbo-ignore

• chore(turbo-ignore): lint test files and fix issues by @​mehulkar in vercel/turbo#7991

Changelog

• feat(Turborepo): file hash watching by @​gsoltis in vercel/turbo#7855
• fix(pnpm): support pnpm lockfile v9 by @​chris-olszewski in vercel/turbo#7994

New Contributors

• @​javiev made their first contribution in vercel/turbo#7953

Full Changelog: vercel/turborepo@v1.13.3-canary.1...v1.13.3-canary.2

Turborepo v1.13.3-canary.1

What's Changed

Docs

• feat: use @repo/ pattern in math-helpers example, consistent with "getting started" and starter repo by @​braden-w in vercel/turbo#7911
• change init script of storybook by @​zsh77 in vercel/turbo#7695

create-turbo

• feat(turbo-ignore): usage metrics by @​tknickman in vercel/turbo#7897

eslint

• chore: pin eslint version by @​chris-olszewski in vercel/turbo#7971

@​turbo/telemetry

• feat(telemetry): defensive config loading by @​tknickman in vercel/turbo#7891

Examples

• fix typo in dev script of a kitchen-sink's package by @​zsh77 in vercel/turbo#7913
• Remove pnpm plugin in Gatsby example. by @​anthonyshew in vercel/turbo#7916

Changelog

• fix(Turborepo): Disable the new corepack notification by @​gsoltis in vercel/turbo#7901
• Update lockfile for compatibility with next.js by @​wbinnssmith in vercel/turbo#7944
• fix(ui): avoid rendering area more than u16::MAX by @​chris-olszewski in vercel/turbo#7867
• chore: add removal warning to deprecated flags by @​chris-olszewski in vercel/turbo#7890

... (truncated)

Commits

• 3f46456 publish 1.13.3 to registry
• 326b541 fix(telemetry): correctly parse alerted date (#8042)
• 5e5f7d9 feat(turborepo): Process package change events asynchronously (#8036)
• 09b266c chore: remove repetitive words (#8032)
• db0eaf2 feat(Turborepo): support inputs for file hash watching (#7907)
• 9783846 Remove can_be_in_same_chunk (#8029)
• e63b1a8 chore: fix turborepo-repository MUSL release (#8028)
• ef3b09b chore(ci): bump protoc version (#8025)
• ab004db chore(ci): pin Github Actions runner that builds turborepo to macos-12 (#8024)
• da53c14 feat(turborepo): Persistent Tasks in Watch Mode (#7922)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@mdx-js/react@3.0.1	None	0	14.6 kB	wooorm
npm/@mdx-js/rollup@3.0.1	None	+20	919 kB	wooorm
npm/@radix-ui/react-slot@1.0.2	None	+2	301 kB	benoitgrelard
npm/@remix-run/cloudflare-pages@2.8.1	environment	0	46.5 kB	mjackson
npm/@remix-run/cloudflare@2.8.1	Transitive: network	+6	2.88 MB	mjackson
npm/@remix-run/dev@2.8.1	environment, filesystem Transitive: eval, network, shell, unsafe	+152	27.5 MB	mjackson
npm/@remix-run/react@2.8.1	environment, network	+5	3.07 MB	mjackson
npm/@storybook/addon-essentials@8.0.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+102	24.3 MB	shilman
npm/@storybook/addon-interactions@8.0.0	Transitive: environment, filesystem	+19	5.88 MB	shilman
npm/@storybook/addon-links@8.0.0	None	+2	60.8 kB	shilman
npm/@storybook/addon-onboarding@8.0.0	None	0	4.97 MB	shilman
npm/@storybook/blocks@8.0.0	eval Transitive: environment, filesystem, network, shell, unsafe	+90	19.3 MB	shilman
npm/@storybook/react-vite@8.0.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+106	14.3 MB	shilman
npm/@storybook/react@8.0.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+94	16.8 MB	shilman
npm/@storybook/test@8.0.0	environment, eval Transitive: filesystem, network	+75	10 MB	shilman
npm/@types/mdx@2.0.11	None	0	9.71 kB	types
npm/@types/node@20.11.28	None	0	2.01 MB	types
npm/@types/react-dom@18.2.22	None	0	34 kB	types
npm/@types/react@18.2.66	None	+3	1.69 MB	types
npm/@types/service-worker-mock@2.0.4	None	0	5.78 kB	types
npm/@typescript-eslint/eslint-plugin@7.2.0	Transitive: environment, filesystem	+23	6.45 MB	jameshenry
npm/@typescript-eslint/parser@7.2.0	Transitive: environment, filesystem	+16	1.74 MB	jameshenry
npm/@vitejs/plugin-react@4.2.1	Transitive: environment, filesystem, unsafe	+46	10.6 MB	vitebot
npm/autoprefixer@10.4.18	environment Transitive: filesystem	+4	2.62 MB	ai
npm/chromatic@11.0.8	None	0	4.3 MB	ghengeveld
npm/class-variance-authority@0.7.0	None	+1	15.7 kB	joebell93
npm/commitlint@19.2.0	None	+3	89.8 kB	escapedcat
npm/drizzle-kit@0.20.14	Transitive: environment, eval, filesystem, network, shell, unsafe	+17	8.1 MB	dankochetov
npm/drizzle-orm@0.30.2	None	0	5.32 MB	dankochetov
npm/eslint-import-resolver-typescript@3.6.1	Transitive: environment, filesystem, unsafe	+16	823 kB	jounqin
npm/eslint-plugin-import@2.29.1	filesystem, unsafe Transitive: environment, eval	+38	4.11 MB	ljharb
npm/eslint-plugin-jsx-a11y@6.8.0	Transitive: eval	+44	8.87 MB	ljharb
npm/eslint-plugin-react-hooks@4.6.0	environment	0	118 kB	gnoff
npm/eslint-plugin-react@7.34.1	filesystem Transitive: eval	+42	6.21 MB	ljharb
npm/eslint-plugin-storybook@0.8.0	Transitive: environment, filesystem	+25	2.95 MB	yannbf
npm/eslint@8.57.0	environment, filesystem Transitive: eval, shell, unsafe	+41	8.93 MB	eslintbot
npm/husky@9.0.11	environment, filesystem, shell	0	3.61 kB	typicode

🚮 Removed packages: npm/jest-junit@16.0.0, npm/node-fetch@3.3.2, npm/react-dom@18.2.0, npm/react-test-renderer@18.2.0, npm/react@18.2.0, npm/typescript@5.4.2

View full report↗︎

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Protestware/Troll package	npm/es5-ext@0.10.64	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	orphan: npm/es5-ext@0.10.64
Install scripts	npm/es5-ext@0.10.64	Install script: postinstall Source: node -e "try{require('./_postinstall')}catch(e){}" || exit 0	orphan: npm/es5-ext@0.10.64

View full report↗︎

Next steps

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package my come along with functionality unrelated to its primary purpose.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/es5-ext@0.10.64

[dependabot]

Superseded by #221.