puzzle / decidim-zuerich

Mitwirkungsportal für die Stadt Zürich, basierend auf Decidim
https://mitwirken.stadt-zuerich.ch
GNU Affero General Public License v3.0
8 stars 2 forks source link

Bump moment and @decidim/core #303

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps moment and @decidim/core. These dependencies needed to be updated together. Updates moment from 2.29.1 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

Commits


Updates @decidim/core from 0.26.1 to 0.27.0-rc1

Release notes

Sourced from @​decidim/core's releases.

v0.26.2

Upgrade notes

As usual, we recommend that you have a full backup, of the database, application code and static files.

To update, follow these steps:

  1. Update your Gemfile:
gem "decidim", "0.26.2"
gem "decidim-dev", "0.26.2"
  1. Run these commands to upgrade and make sure you get all the latest migrations:
bundle update decidim
bin/rails decidim:upgrade
bin/rails db:migrate

And then follow the steps and commands detailed in these notes.

Changelog

Added

Nothing.

Changed

Nothing.

Fixed

  • decidim-comments, decidim-core, decidim-meetings: Backport "Fix timeout in comment view and during meetings" to v0.26 #9091
  • decidim-core: Backport "Dont add external link container inside editor" to v0.26 #9108
  • decidim-core: Backport "Add base URI to meta image URLs" to v0.26 #9153
  • decidim-initiatives: Backport "Remove 'edit link' in topbar for initiative's authors" to v0.26 #9239
  • decidim-elections: Backport 'Clarify message to user when checking census' to v0.26 #9240
  • decidim-participatory processes: Backport 'Fix processes count in processes group title cell' to v0.26 #9242
  • decidim-elections: Backport 'Improve wording when casting your vote' to v0.26 #9243
  • decidim-proposals: Backport 'Add 'not answered' as a possible answer in proposals' to v0.26 #9246
  • decidim-meetings: Backport 'Fix meetings minutes migration' to v0.26 #9247
  • decidim-assemblies, decidim-proposals: Backport "Fix absolute urls on 'assembly member' and 'collaborative drafts' events" to v0.26 #9248
  • decidim-accountability, decidim-consultations: Backport 'Fix components navbar in consultations mobile ' to v0.26 #9249
  • decidim-meetings: Backport 'Move modal to body and fix condition' to v0.26 #9250
  • decidim-meetings: Backport 'Do not send upcoming meeting notification for hidden or withdrawn meetings' to v0.26 #9251
  • decidim-core: Backport 'Show only current organization in verification conflicts with multitenants' to v0.26 #9252

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by ahukkanen, a new releaser for @​decidim/core since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/puzzle/decidim-zuerich/network/alerts).
Kagemaru commented 2 years ago

@dependabot rebase

dependabot[bot] commented 2 years ago

Looks like these dependencies are updatable in another way, so this is no longer needed.