Open dependabot[bot] opened 3 months ago
Latest commit: e91f4ca94085380c2d610e3c43eea10013edc565
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
Bumps the npm_and_yarn group with 3 updates in the / directory: tar, nanoid and mocha.
Updates
tar
from 6.2.0 to 6.2.1Commits
bef7b1e
6.2.1fe8cd57
prevent extraction in excessively deep subfoldersfe7ebfd
remove security.mdRemoves
nanoid
Updates
mocha
from 9.1.3 to 9.2.2Release notes
Sourced from mocha's releases.
... (truncated)
Changelog
Sourced from mocha's changelog.
Commits
24b5243
build(v9.2.2): release22a1560
build(v9.2.2): update CHANGELOG [ci skip]632e602
chore: update dependencies (#4843)241964b
fix: wrong error thrown while loading reporter (#4842)22f9306
fix(dry-run): potential call-stack crash with 'dry-run' option (#4839)547ffd7
build(v9.2.1): releaseca7432a
build(v9.2.1): update CHANGELOG [ci skip]86305cf
fix: wrong error thrown while loading config files (#4832)11c4560
fix: configurable max diff size (#4799)509938d
doc: fix to show sponsors in narrow view (#4793)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show