imgix / ember-cli-imgix

Easily add imgix functionality to your Ember application
https://imgix.github.io/ember-cli-imgix
MIT License
26 stars 13 forks source link

chore(deps): [security] bump jquery from 3.3.1 to 3.4.1 #81

Closed dependabot-preview[bot] closed 5 years ago

dependabot-preview[bot] commented 5 years ago

Bumps jquery from 3.3.1 to 3.4.1. This update includes security fixes.

Vulnerabilities fixed *Sourced from The GitHub Security Advisory Database.* > **Moderate severity vulnerability that affects jquery** > jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. > > Affected versions: < 3.4.0 *Sourced from The GitHub Security Advisory Database.* > **Moderate severity vulnerability that affects jquery** > A prototype pollution vulnerability exists in jQuery versions < 3.4.0 that allows an attacker to inject properties on Object.prototype. > > Affected versions: < 3.4.0
Commits - [`75f7e96`](https://github.com/jquery/jquery/commit/75f7e963708b60f37a42b777f35825d33c4f8e7a) 3.4.1 - [`7dddb19`](https://github.com/jquery/jquery/commit/7dddb19ca4bca9685adb734c76dcf72c3f610007) Core: Make isAttached work with iOS 10.0-10.2 - [`6c1e7db`](https://github.com/jquery/jquery/commit/6c1e7dbf7311ae7c0c31ba335fe216185047ae5f) Event: Prevent leverageNative from registering duplicate dummy handlers - [`24d71ac`](https://github.com/jquery/jquery/commit/24d71ac70406f522fc1b09bf7c4025251ec3aee6) Event: Fix handling of multiple async focus events - [`b4fadc9`](https://github.com/jquery/jquery/commit/b4fadc9b5487bc4274f062c39573061969f5e8c9) Build: Test on Node.js 12, stop testing on Node.js 6 & 11 - [`0d4af52`](https://github.com/jquery/jquery/commit/0d4af5293449722fe873bc1a4b462a857dbbe58e) Build: Fix unresolved jQuery reference in finalPropName - [`22caea8`](https://github.com/jquery/jquery/commit/22caea8149fc1049ac05b9fab8242a07f25a580c) Build: Updating the 3.4-stable version to 3.4.1-pre - [`59ea765`](https://github.com/jquery/jquery/commit/59ea7659d433a4a025a25a92c1ed350726e09f76) Release: update AUTHORS.txt - [`7c1ef15`](https://github.com/jquery/jquery/commit/7c1ef1512b3a6e5af177803aca68e268bc4c64b9) Release: update version to 3.4.0-pre - [`d940bc0`](https://github.com/jquery/jquery/commit/d940bc063cd5ae09bf52067bbe046fda88f1f687) Build: Update Sizzle from 2.3.3 to 2.3.4 - Additional commits viewable in [compare view](https://github.com/jquery/jquery/compare/3.3.1...3.4.1)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.