prisma-labs / dripip

Opinionated CLI for continuous delivery of npm packages
100 stars 2 forks source link

chore(deps): bump simple-git from 2.48.0 to 3.5.0 #148

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps simple-git from 2.48.0 to 3.5.0.

Release notes

Sourced from simple-git's releases.

simple-git@3.5.0

Minor Changes

  • 2040de6: Resolves potential command injection vulnerability by preventing use of --upload-pack in git.clone

simple-git@3.4.0

Minor Changes

  • ed412ef: Use null separators in git.status to allow for non-ascii file names

simple-git@3.3.0

Minor Changes

  • d119ec4: Resolves potential command injection vulnerability by preventing use of --upload-pack in git.fetch

simple-git@3.2.6

Patch Changes

  • 80651d5: Resolve issue in prePublish script

simple-git@3.2.4

Patch Changes

  • d35987b: Release with changesets

simple-git simple-git-v3.1.1

Bug Fixes

  • specify repository with directory identifier to be discoverable within monorepo (655e23c)

simple-git simple-git-v3.1.0

Features

  • optionally include ignored files in StatusResult (70e6767), closes #718

simple-git simple-git-v3.0.4

Bug Fixes

  • support parsing empty responses (91eb7fb), closes #713

simple-git simple-git-v3.0.3

Bug Fixes

... (truncated)

Changelog

Sourced from simple-git's changelog.

3.5.0

Minor Changes

  • 2040de6: Resolves potential command injection vulnerability by preventing use of --upload-pack in git.clone

3.4.0

Minor Changes

  • ed412ef: Use null separators in git.status to allow for non-ascii file names

3.3.0

Minor Changes

  • d119ec4: Resolves potential command injection vulnerability by preventing use of --upload-pack in git.fetch

3.2.6

Patch Changes

  • 80651d5: Resolve issue in prePublish script

3.2.5

Patch Changes

  • ac4f38f: Show readme in published package.

3.2.4

Patch Changes

  • d35987b: Release with changesets

3.2.3

Patch Changes

  • 1e4c591: Release with changesets

3.2.2

Patch Changes

  • 497d416: Releasing with changeset

3.2.1

... (truncated)

Commits
  • 4fc3747 Version Packages
  • 2040de6 Prevent use of --upload-pack as a command in git.clone to avoid potential...
  • 64c41db Version Packages
  • ed412ef Status Summary should use null terminators to allow files with spaces in thei...
  • 9113366 Version Packages
  • d119ec4 Prevent use of --upload-pack as a command in git.fetch to avoid potential...
  • fcc7618 Version Packages
  • 80651d5 Remove pre-publish step of copying readme.md, no longer required
  • 6838e24 Version Packages
  • e9f0461 Move workspace readme into the simple-git package, symlink to it from the w...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/prisma-labs/dripip/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #167.