search

hyperledger / indy-did-method

Indy DID Method Specification
https://hyperledger.github.io/indy-did-method/
Creative Commons Attribution 4.0 International
18 stars 14 forks source link

Bump the npm_and_yarn group with 4 updates #90

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the npm_and_yarn group with 4 updates: glob-parent, decode-uri-component, yargs-parser and yargs.

Updates glob-parent from 5.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

v5.1.1

Bug Fixes

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

6.0.2 (2021-09-29)

Bug Fixes

6.0.1 (2021-07-20)

Bug Fixes

  • Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

  • Correct mishandled escaped path separators (#34)
  • upgrade scaffold, dropping node <10 support

Bug Fixes

  • Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

  • upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

Commits
  • eb2c439 chore: update changelog
  • 12bcb6c chore: release 5.1.2
  • f923116 fix: eliminate ReDoS (#36)
  • 0b014a7 chore: add JSDoc returns information (#33)
  • 2b24ebd chore: generate initial changelog
  • 9b6e874 chore: release 5.1.1
  • 749c35e ci: try wrapping the JOB_ID in a string
  • 5d39def ci: attempt to switch to published coveralls
  • 0b5b37f ci: put the npm step back in for only Windows
  • 473f5d8 ci: update azure build images
  • Additional commits viewable in compare view


Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits


Updates yargs-parser from 5.0.0-security.0 to 5.0.1

Changelog

Sourced from yargs-parser's changelog.

5.0.1 (2021-03-10)

Bug Fixes

  • security: address GHSA-p9pc-299p-vxgp (#362) (1c417bd)

4.2.1 (2017-01-02)

Bug Fixes

4.2.0 (2016-12-01)

Bug Fixes

  • inner objects in configs had their keys appended to top-level key when dot-notation was disabled (#72) (0b1b5f9)

Features

  • allow multiple arrays to be provided, rather than always combining (#71) (0f0fb2d)

4.1.0 (2016-11-07)

Features

  • apply coercions to default options (#65) (c79052b)
  • handle dot notation boolean options (#63) (02c3545)

4.0.2 (2016-09-30)

Bug Fixes

  • whoops, let's make the assign not change the Object key order (29d069a)

... (truncated)

Commits


Updates yargs from 7.1.1 to 16.2.0

Release notes

Sourced from yargs's releases.

yargs yargs-v7.1.2

Bug Fixes

Changelog

Sourced from yargs's changelog.

17.1.1 (2021-08-13)

Bug Fixes

  • positional array defaults should not be combined with provided values (#2006) (832222d)

17.1.0 (2021-08-04)

Features

  • update Levenshtein to Damerau-Levenshtein (#1973) (d2c121b)

Bug Fixes

  • coerce middleware should be applied once (#1978) (14bd6be)
  • implies should not fail when implied key's value is 0, false or empty string (#1985) (8010472)
  • positionals should not overwrite options (#1992) (9d84309)
  • strict should fail unknown arguments (#1977) (c804f0d)
  • wrap(null) no longer causes strange indentation behavior (#1988) (e1871aa)

17.0.1 (2021-05-03)

Bug Fixes

17.0.0 (2021-05-02)

⚠ BREAKING CHANGES

  • node: drop Node 10 (#1919)
  • implicitly private methods are now actually private
  • deprecated reset() method is now private (call yargs() instead).
  • yargs-factory: refactor yargs-factory to use class (#1895)
  • .positional() now allowed at root level of yargs.
  • coerce: coerce is now applied before validation.
  • async: yargs now returns a promise if async or check are asynchronous.
  • middleware: global middleware now applied when no command is configured.
  • #1823 contains the following breaking API changes:
    • now returns a promise if handler is async.
    • onFinishCommand removed, in favor of being able to await promise.
    • getCompletion now invokes callback with err and `completions, returns promise of completions.

Features

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/indy-did-method/network/alerts).