A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.
Fix a potential bug in EventEmitter when used with certain Babel configurations that incorrectly polyfill the spread operator for iterables (9b3bd63723 by @yungsters)
This version was pushed to npm by react-native-bot, a new releaser for react-native since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SAP/risk-explorer-for-software-supply-chains/network/alerts).
Bumps react-devtools-core to 4.28.4 and updates ancestor dependency react-native. These dependencies need to be updated together.
Updates
react-devtools-core
from 4.19.1 to 4.28.4Commits
Maintainer changes
This version was pushed to npm by hoxyq, a new releaser for react-devtools-core since your current version.
Updates
react-native
from 0.67.2 to 0.72.6Release notes
Sourced from react-native's releases.
... (truncated)
Changelog
Sourced from react-native's changelog.
... (truncated)
Commits
4fd3da2
[0.72.6] Bump version numbers6e3a130
[Local] Fix CI for 0.72, with Acitve Support and Xcode15 (#40855)9b3bd63
RN: Switch EventEmitter toArray.from(...)
(#39525)785f91b
Fix Gemfile, setting Active support to < 7.1.0 (#39828)355025d
Update Xcode 15 patches to be more robust (#39710)3c4cc59
Move hermes-engine.podspec and hermes-utils.rb from hermes-engine to hermes f...1e38d4d
[0.72.5] Bump version numbers2a041cb
Add ld_classic flag to Hermes when building for Xcode 15 (#39516)8ccdb2c
Fix Xcode 15 RC issues (#39474)a5e110a
Bump IPHONEOS_DEPLOYMENT_TARGET to 13.4 for 3rd party pods (#39478)Maintainer changes
This version was pushed to npm by react-native-bot, a new releaser for react-native since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show