phil-r / react-native-looped-carousel

:carousel_horse: Looped carousel for React Native
MIT License
1.49k stars 306 forks source link

[Security] Bump diff from 3.2.0 to 3.5.0 #451

Open dependabot-preview[bot] opened 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps diff from 3.2.0 to 3.5.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service (ReDoS) A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Affected versions: < 3.5.0

Changelog

Sourced from diff's changelog.

v3.5.0 - March 4th, 2018

  • Omit redundant slice in join method of diffArrays - 1023590
  • Support patches with empty lines - fb0f208
  • Accept a custom JSON replacer function for JSON diffing - 69c7f0a
  • Optimize parch header parser - 2aec429
  • Fix typos - e89c832

Commits

v3.4.0 - October 7th, 2017

  • #183 - Feature request: ability to specify a custom equality checker for diffArrays
  • #173 - Bug: diffArrays gives wrong result on array of booleans
  • #158 - diffArrays will not compare the empty string in array?
  • comparator for custom equality checks - 30e141e
  • count oldLines and newLines when there are conflicts - 53bf384
  • Fix: diffArrays can compare falsey items - 9e24284
  • Docs: Replace grunt with npm test - 00e2f94

Commits

v3.3.1 - September 3rd, 2017

  • #141 - Cannot apply patch because my file delimiter is "/r/n" instead of "/n"
  • #192 - Fix: Bad merge when adding new files (#189)
  • correct spelling mistake - 21fa478

Commits

v3.3.0 - July 5th, 2017

  • #114 - /patch/merge not exported
  • Gracefully accept invalid newStart in hunks, same as patch(1) does. - d8a3635
  • Use regex rather than starts/ends with for parsePatch - 6cab62c
  • Add browser flag - e64f674
  • refactor: simplified code a bit more - 8f8e0f2
  • refactor: simplified code a bit - b094a6f
  • fix: some corrections re ignoreCase option - 3c78fd0
  • ignoreCase option - 3cbfbb5
  • Sanitize filename while parsing patches - 2fe8129
  • Added better installation methods - aced50b
  • Simple export of functionality - 8690f31

Commits

Commits
  • e9ab948 v3.5.0
  • b73884c Update release notes
  • 8953021 Update release notes
  • 1023590 Omit redundant slice in join method of diffArrays
  • c72ef4a Add missing test coverage
  • b9ef24f Support patches with empty lines
  • 10aaabb Support patches with empty lines
  • 196d3aa Support patches with empty lines
  • e24d789 Support patches with empty lines
  • 8616a02 Support patches with empty lines
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)