search

capJavert / clippy

Clippy MS Word Office asistant is now back to assist inside your browser!
https://clippy.kickass.website
MIT License
24 stars 6 forks source link

build(deps): bump shell-quote and web-ext #28

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps shell-quote to 1.7.3 and updates ancestor dependency web-ext. These dependencies need to be updated together.

Updates shell-quote from 1.6.1 to 1.7.3

Changelog

Sourced from shell-quote's changelog.

1.7.3

  • Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)

1.7.2

  • Fix a regression introduced in 1.6.3. This reverts the Windows path quoting fix. (144e1c2)

1.7.1

  • Fix $ being removed when not part of an environment variable name. (@​Adman in #32)

1.7.0

  • Add support for parsing >> and >& redirection operators. (@​forivall in #16)
  • Add support for parsing <( process substitution operator. (@​cuonglm in #15)

1.6.3

  • Fix Windows path quoting problems. (@​dy in #34)

v1.6.2 - 2019-08-13

Merged

Commits

Commits


Updates web-ext from 3.2.1 to 7.3.0

Release notes

Sourced from web-ext's releases.

7.3.0

Features

  • web-ext lint: added support for the --firefox-preview option (#2505)
  • web-ext lint: updated to use addons-linter v5.18.0 (#2500, #2518, #2524, #2526)
    • Firefox 106.0b10 schema has been imported
    • The linter now verifies that all locale directories have messages.json files
    • The linter now validates CSP values set for the new script-src-elem/script-src-attr directives
  • web-ext run: added new CLI flag --devtools to open DevTools for the installed add-on right away. (#2488) (requires Firefox 106 and above)
  • web-ext sign: added new experimental CLI flag --use-submission-api to use the new AMO add-on submission API (#2489). See also: mozilla/web-ext#2503

Bug Fixes

  • Other dependencies updated:
    • jose to v4.10.0 (#2496)
    • sign-addon to v5.1.0 (#2522)
    • ws to v8.9.0 (#2519)
    • yargs to v17.6.0 (#2520)

See all changes https://github.com/mozilla/web-ext/compare/7.2.0...7.3.0

7.2.0

Features

  • web-ext run: Added support for flatpak packaged Firefox builds (#2477), as an example web-ext run --firefox flatpak:org.mozilla.firefox will now run the target extension on the org.mozilla.firefox flatpak package.

  • web-ex lint: Updated to use addons-linter v5.14.0 (#2457, #2463, #2479):

    • Imported Firefox 104.0b8 API Schema data
    • Fixed parsing error on import.meta uses from .js files
    • Updated @​mdn/browser-compat-data to v5.1.8
    • Updated eslint to v8.21.0
    • Updated espree to v9.3.3
    • See all addons-linter changes: 5.10.0...5.14.0

See all changes 7.1.1...7.2.0

7.1.1

Bug Fixes

  • web-ext run: Fixed issue related to the "extensions.manifestV3.enabled" custom pref being set to true by default even when no --firefox-preview option was explicitly part of the command line options or config file. (#2454)

  • web-ext lint: Updated to use addons-linter v5.10.0 (#2448)

    • transitive peer dependencies inherited through addons-linter are now all marked as optional
    • See all addons-linter changes: 5.9.0...5.10.0

  • updated dependency update-notifier to v6 (#2444) (fixes CVE-2022-33987 sec advisory)

See all changes 7.1.0...7.1.1

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/capJavert/clippy/network/alerts).
dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.