Closed dependabot[bot] closed 1 year ago
@dependabot merge
2022年4月10日(日) 19:03 dependabot[bot] @.***>:
This automated pull request fixes a security vulnerability https://github.com/JXA-userland/JXA/security/dependabot/9 (moderate severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps trim-off-newlines https://github.com/stevemao/trim-off-newlines from 1.0.1 to 1.0.3. Commits
- c3b28d3 https://github.com/stevemao/trim-off-newlines/commit/c3b28d395cf249f77803e9e42e302d129e8b8a8f 1.0.3
- 6226c95 https://github.com/stevemao/trim-off-newlines/commit/6226c958cbbac284a840010eb1f6617fb99a5645 Merge pull request #4 https://github-redirect.dependabot.com/stevemao/trim-off-newlines/issues/4 from Trott/fix-it-again
- c77691d https://github.com/stevemao/trim-off-newlines/commit/c77691de9130d5c0021301593a1c7e3b3b0ff5a7 fix: remediate ReDOS further
- 76ca93c https://github.com/stevemao/trim-off-newlines/commit/76ca93c151b89d34b31feb1482434125b2ac45c3 chore: pin mocha to version that works with 0.10.x
- 8cd3f73 https://github.com/stevemao/trim-off-newlines/commit/8cd3f73a138dd479db9cfb1b42d235c71499c297 1.0.2
- fcbb73d https://github.com/stevemao/trim-off-newlines/commit/fcbb73d7065d6332c302e828c6bd215a6cc69748 Merge pull request #3 https://github-redirect.dependabot.com/stevemao/trim-off-newlines/issues/3 from Trott/patch-1
- 6d89476 https://github.com/stevemao/trim-off-newlines/commit/6d894768a492c1f7d1e5e80645c43ed9416432af fix: update regular expression to remove ReDOS
- 0cd87f5 https://github.com/stevemao/trim-off-newlines/commit/0cd87f5414400ab505f867e5a465596ebe61de98 chore: pin xo to latest version that works with current code
- See full diff in compare view https://github.com/stevemao/trim-off-newlines/compare/v1.0.1...v1.0.3
Maintainer changes
This version was pushed to npm by trott https://www.npmjs.com/~trott, a new releaser for trim-off-newlines since your current version.
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/JXA-userland/JXA/network/alerts.
You can view, comment on, or merge this pull request online at:
https://github.com/JXA-userland/JXA/pull/48 Commit Summary
- b940d74 https://github.com/JXA-userland/JXA/pull/48/commits/b940d7442f6330826344758c8aa31ff567efb7e6 chore(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
File Changes
(1 file https://github.com/JXA-userland/JXA/pull/48/files)
- M yarn.lock https://github.com/JXA-userland/JXA/pull/48/files#diff-51e4f558fae534656963876761c95b83b6ef5da5103c4adef6768219ed76c2de (6)
Patch Links:
— Reply to this email directly, view it on GitHub https://github.com/JXA-userland/JXA/pull/48, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAE2AX5OGEVBGHIWM7HXRLVEKRQTANCNFSM5TATEITQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Looks like trim-off-newlines is no longer a dependency, so this is no longer needed.
Bumps trim-off-newlines from 1.0.1 to 1.0.3.
Commits
c3b28d3
1.0.36226c95
Merge pull request #4 from Trott/fix-it-againc77691d
fix: remediate ReDOS further76ca93c
chore: pin mocha to version that works with 0.10.x8cd3f73
1.0.2fcbb73d
Merge pull request #3 from Trott/patch-16d89476
fix: update regular expression to remove ReDOS0cd87f5
chore: pin xo to latest version that works with current codeMaintainer changes
This version was pushed to npm by trott, a new releaser for trim-off-newlines since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot will merge this PR once CI passes on it, as requested by @azu.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JXA-userland/JXA/network/alerts).