Closed dependabot-preview[bot] closed 4 years ago
dependabot-preview[bot]
commented
4 years ago OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
github-learning-lab[bot]
commented
4 years ago Nice, your log output is no longer showing reference to those previous commits. So, what exactly just happened?
You probably noticed that when you ran the git filter-branch command, Git did some rewriting to some commits in the repository's history. Since we needed to alter the commits that referenced the .env file, it altered the commit ID, and all proceeding commits that point back to those commits.
This is why you need to consider local work and branches that are based on this previous history. This is okay to run, as long as everyone contributing in the repository is aware of the situation and can plan accordingly.
Those commits no longer show in the file contents in your repository history. You can see this by navigating to your repository's commit history and clicking on the "Add .env file" commit. Notice that there are now no referenced files or content recorded.
However, we can still access the cached commit if we know the old commit ID: https://github.com/mikelapierre/security-strategy-essentials/commit/848cd8c2043f6161a4f0043bffee212777281494
This is where we'll need to contact the amazing GitHub Support team for assistance.
Even though we removed these commits, the historical reference to them can still be found if you know the commit ID. In a real world situation, you'll need to contact GitHub Support to perform the following:
For our situation, we can skip contacting GitHub Support for this example! :smile:
Bumps ejs from 2.7.4 to 3.0.1.
Changelog
*Sourced from [ejs's changelog](https://github.com/mde/ejs/blob/master/CHANGELOG.md).* > ## v3.0.1: 2019-11-23 > * Removed require.extensions ([@mde](https://github.com/mde)) > * Removed legacy preprocessor include ([@mde](https://github.com/mde)) > * Removed support for EOL Nodes 4 and 6 ([@mde](https://github.com/mde)) > > ## v2.7.1: 2019-09-02 > * Added deprecation notice for use of require.extensions ([@mde](https://github.com/mde)) > > ## v2.6.2: 2019-06-19 > * Correctly pass custom escape function to includes ([@alecgibson](https://github.com/alecgibson)) > * Fixes for rmWhitespace ([@nwoltman](https://github.com/nwoltman)) > + Examples for client-side EJS compiled with Express middleware ([@mjgs](https://github.com/mjgs)) > + Make Template constructor public ([@ThisNameWasTaken](https://github.com/ThisNameWasTaken)) > + Added `remove` function to cache ([@S2](https://github.com/S2)-) > * Recognize both 'Nix and Windows absolute paths ([@mde](https://github.com/mde)) > > ## v2.6.1: 2018-04-18 > * Async rendering ([@Viko](https://github.com/Viko)) > > ## v2.5.9: 2018-04-18 > * Fixed options-passing for Express ([@mde](https://github.com/mde)) > * Re-enabled performance tests ([@mde](https://github.com/mde)) > > ## v2.5.8: 2018-03-25 > > + Add filename to error when include file cannot be found ([@Leon](https://github.com/Leon)) > + Node v9 in CI ([@Thomas](https://github.com/Thomas)) > * Fixed special case for Express caching ([@mde](https://github.com/mde)) > + Added Promise/async-await support to `renderFile` ([@mde](https://github.com/mde)) > + Added notes on IDE support to README ([@Betanu701](https://github.com/Betanu701)) > > ## v2.5.7: 2017-07-29 > > * Pass configured escape function to `rethrow` ([@straker](https://github.com/straker)) > + Added vulnerabilities info into README ([@mde](https://github.com/mde)) > * Avoid creating function object in hot execution path ([@User4martin](https://github.com/User4martin)) > + Added benchmark ([@User4martin](https://github.com/User4martin)) > + Tests for looped includes ([@User4martin](https://github.com/User4martin)) > > ## v2.5.6: 2017-02-16 > > * Use configured escape function for filenames in errors ([@mde](https://github.com/mde)) > + Make file-loader configurable to allow template pre-processing ([@hacke2](https://github.com/hacke2)) > * Improved `renderFile` performance ([@nwoltman](https://github.com/nwoltman)) > > ## v2.5.5: 2016-12-06 > > * Allow 'filename' for opts-in-data, but sanitize when rendered ([@mde](https://github.com/mde)) > > ## v2.5.4: 2016-12-05 > ... (truncated)Commits
- [`8ed8589`](https://github.com/mde/ejs/commit/8ed85896bf2c2d6bd7e26a3f1b25028d81530e05) Version 3.0.1 - [`e6fd45d`](https://github.com/mde/ejs/commit/e6fd45d2c48be1c379a6cdb29c5af3527bf1f245) Cleanup after removing preprocessor include - [`4836295`](https://github.com/mde/ejs/commit/4836295f30beac1698ff6508da93682ee7c4f812) Major version bump, v3 - [`2b56f6e`](https://github.com/mde/ejs/commit/2b56f6ee8278c7d7af10050fb7c0a9606b344d2a) Removed support for ancient Nodes - [`c6bca15`](https://github.com/mde/ejs/commit/c6bca15b0ac56f7e9f97a15afae4dd9a759dc1e0) Removed legacy preprocessor include - [`a8be7ec`](https://github.com/mde/ejs/commit/a8be7ecb8a47fd8e58f0a30a7ae0c3f81eefef14) Removed test for hacky require - [`18c03ab`](https://github.com/mde/ejs/commit/18c03ab52a943f22dbd72522d444b8b687bffb3f) Merge branch 'master' of github.com:mde/ejs - [`7c15b78`](https://github.com/mde/ejs/commit/7c15b781638f775561134eb608ecb9cfe2f761f2) Removed hacky require support - See full diff in [compare view](https://github.com/mde/ejs/compare/v2.7.4...v3.0.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking
Bump nowin your Dependabot dashboard.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)