Open dependabot[bot] opened 4 years ago
@rileyjshaw would be great to have this merged... NPM keeps nagging me about security vulns...
@nathanwoulfe sorry, can you give me some context on why you’re mentioning me here?
Saw you were a contributor and assumed you were also a maintainer with merge permissions, my bad.
Looks like this project is pretty much abandoned, which is annoying since it now has security issues with stale dependencies
Bumps bl from 0.7.0 to 4.0.3.
Release notes
Sourced from bl's releases.
Commits
f659836
Bumped v4.0.37a4ae7f
Node v14d3e240e
Fix unintialized memory access1c590ad
add license MIT tag to package.json (#83)5059a24
4.0.29b46588
fix: dont rely in node globals90a713b
Bumped v4.0.172d1624
Merge pull request #80 from annitya/patch-1eb9653c
Remove false-positive apache-exploit.c2b0070
doc: fix travis linkMaintainer changes
This version was pushed to npm by matteo.collina, a new releaser for bl since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hughsk/vinyl-transform/network/alerts).