Fix regex catastrophic backtracking 6baf2cc
Working around this meant accepting some obscure false-positives. I don't think it will affect any real code, but it's good to be aware of. See the disabled tests in the commit.
Should any issues arise please submit PRs there. I don't have the bandwidth to maintain the forks actively, I just wanted to get rid of the current npm vulnerabilities.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mwtaylor/recipes/network/alerts).
Bumps semver-regex to 4.0.5 and updates ancestor dependency hugo-bin. These dependencies need to be updated together.
Updates
semver-regex
from 2.0.0 to 4.0.5Release notes
Sourced from semver-regex's releases.
... (truncated)
Commits
0409850
4.0.529842b4
Improve regex1d451a6
Add readme notee7a2410
4.0.44bb055f
Meta tweakse93d9c8
Fix some false positive matches (#23)ddfeb8b
Fix CI65fc4a4
4.0.3d8ba39a
Fix ReDoS vulnerabilityb5894c1
4.0.2Updates
hugo-bin
from 0.99.2 to 0.102.0Release notes
Sourced from hugo-bin's releases.
Commits
8a4c478
0.102.04d85c73
Remove rimraf dependency (#133)c45ccfe
0.101.5299d80b
Downgrade rimraf to v3 since most projects still use this versiondcad2f1
0.101.40f23c2e
Remove picocolors and useconsole.log
(#132)9af5be6
0.101.323657d6
Update dependencies2140d2d
README.md: update npm badge313c355
0.101.2Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mwtaylor/recipes/network/alerts).