ddzy / blog

Do more thinking
https://yyge.top/blog
4 stars 1 forks source link

⬆️ Bump minimist, hexo, hexo-deployer-git, mkdirp and commitizen #117

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps minimist to 1.2.7 and updates ancestor dependencies minimist, hexo, hexo-deployer-git, mkdirp and commitizen. These dependencies need to be updated together.

Updates minimist from 1.2.0 to 1.2.7

Changelog

Sourced from minimist's changelog.

v1.2.7 - 2022-10-10

Commits

  • [meta] add auto-changelog 0ebf4eb
  • [actions] add reusable workflows e115b63
  • [eslint] add eslint; rules to enable later are warnings f58745b
  • [Dev Deps] switch from covert to nyc ab03356
  • [readme] rename and add badges 236f4a0
  • [meta] create FUNDING.yml; add funding in package.json 783a49b
  • [meta] use npmignore to autogenerate an npmignore file f81ece6
  • Only apps should have lockfiles 56cad44
  • [Dev Deps] update covert, tape; remove unnecessary tap 49c5f9f
  • [Tests] add aud in posttest 228ae93
  • [meta] add safe-publish-latest 01fc23f
  • [meta] update repo URLs 6b164c7

v1.2.6 - 2022-03-21

Commits

  • test from prototype pollution PR bc8ecee
  • isConstructorOrProto adapted from PR c2b9819
  • security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

  • security notice 4cf1354
  • additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

  • more failing proto pollution tests 13c01a5
  • even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

... (truncated)

Commits
  • c590d75 v1.2.7
  • 0ebf4eb [meta] add auto-changelog
  • e115b63 [actions] add reusable workflows
  • 01fc23f [meta] add safe-publish-latest
  • f58745b [eslint] add eslint; rules to enable later are warnings
  • 228ae93 [Tests] add aud in posttest
  • 236f4a0 [readme] rename and add badges
  • ab03356 [Dev Deps] switch from covert to nyc
  • 49c5f9f [Dev Deps] update covert, tape; remove unnecessary tap
  • 783a49b [meta] create FUNDING.yml; add funding in package.json
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.


Updates hexo from 3.8.0 to 6.3.0

Release notes

Sourced from hexo's releases.

6.3.0

New Features

Improvements

Fixes

Refactors

Test

CI/CD

Dependencies

Misc

New Contributors

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by yoshinorin, a new releaser for hexo since your current version.


Updates hexo-deployer-git from 1.0.0 to 4.0.0

Release notes

Sourced from hexo-deployer-git's releases.

v4.0.0

Breaking Changes

Performances

CI/CD

Docs

Dependencies

New Contributors

Full Changelog: https://github.com/hexojs/hexo-deployer-git/compare/3.0.0...v4.0.0

v3.0.0

Changes

Dependencies

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by yoshinorin, a new releaser for hexo-deployer-git since your current version.


Updates mkdirp from 0.5.1 to 0.5.6

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.


Updates commitizen from 4.2.3 to 4.3.0

Release notes

Sourced from commitizen's releases.

v4.3.0

4.3.0 (2023-01-19)

Features

v4.2.6

4.2.6 (2022-12-06)

Bug Fixes

  • sec: upgrade semantic-release to 19.0.3 (#953) (815c69d)

v4.2.5

4.2.5 (2022-07-17)

Bug Fixes

  • deps: update all non-major dependencies (69de704)
  • deps: update all non-major dependencies (3c2553f)
  • deps: update dependencies from renovatebot PRs (#862) (64a8ed6)
  • deps: update dependency glob to v7.1.6 (#861) (2505419)
  • deps: update dependency inquirer to v8 (#874) (9c7e863)
  • do not include .nyc_output in published files (#851) (68c377b), closes 4.2.4#d2h-425221 #730
  • fix the "isFunction" utility to match both "asyncFunction"s and "Function"s (#927) (25dc80c), closes #926
  • git-cz.js,staging.js: check for staged files before running prompt (#818) (fdb73cd), closes #785 #585 #785

v4.2.4

4.2.4 (2021-05-07)

Bug Fixes

  • deps: update find-node-modules to ^2.1.2 (#824) (e434901)
Commits
  • c1f4142 feat(init): add pnpm support (#915)
  • 87138d3 chore(deps) Update all non-major dependencies
  • 815c69d fix(sec): upgrade semantic-release to 19.0.3 (#953)
  • 0939910 ci(release): defined a github workflow to release with semantic-release (#923)
  • 757a806 chore(deps): update all non-major dependencies
  • 25dc80c fix: fix the "isFunction" utility to match both "asyncFunction"s and "Functio...
  • fc283fb chore(deps): update dependency semver to v7.3.7
  • c35a3c7 chore(deps): update all non-major dependencies
  • 69de704 fix(deps): update all non-major dependencies
  • e79f3ee chore(deps): update dependency @​babel/core to v7.17.8
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ddzy/blog/network/alerts).