search

pythactuary / dash-reactgrid

Dash wrapper around the ReactGrid library
MIT License
0 stars 0 forks source link

[Snyk] Upgrade ramda from 0.26.1 to 0.29.1 #1

Closed pythactuary closed 4 months ago

pythactuary commented 5 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade ramda from 0.26.1 to 0.29.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **4 months ago**, on 2023-10-05. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-RAMDA-1582370](https://snyk.io/vuln/SNYK-JS-RAMDA-1582370) | **490/1000**
**Why?** Has a fix available, CVSS 5.3 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: ramda
  • 0.29.1 - 2023-10-05

    Upgrade guide: #3415

      </li>
  <li>
    <b>0.29.0</b> - <a href="https://snyk.io/redirect/github/ramda/ramda/releases/tag/v0.29.0">2023-04-02</a></br><h1>Added</h1>

    πŸ†• addIndexRight
    πŸ†• isNotNil
    πŸ†• swap
    πŸ†• dropRepeatsBy

    Removed

    Deprecated

    Changes

    ⚠️ propEq/pathEq parameter order

    • Documentation improvements
    • Transducer updates
    • Some support for types
    • Many more!

    Thank you to everyone who contributed to this release!

      </li>
  <li>
    <b>0.28.0</b> - <a href="https://snyk.io/redirect/github/ramda/ramda/releases/tag/v0.28.0">2022-01-16</a></br><p>A long-overdue release with many updates, documented in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1105187435" data-permission-text="Title is private" data-url="https://github.com/ramda/ramda/issues/3218" data-hovercard-type="issue" data-hovercard-url="/ramda/ramda/issues/3218/hovercard" href="https://snyk.io/redirect/github/ramda/ramda/issues/3218">#3218</a>.</p>
  </li>
  <li>
    <b>0.27.2</b> - <a href="https://snyk.io/redirect/github/ramda/ramda/releases/tag/v0.27.2">2022-01-11</a></br><p>This release patches a security vulnerability in the implementation of <code>trim</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1095222310" data-permission-text="Title is private" data-url="https://github.com/ramda/ramda/issues/3212" data-hovercard-type="pull_request" data-hovercard-url="/ramda/ramda/pull/3212/hovercard" href="https://snyk.io/redirect/github/ramda/ramda/pull/3212">#3212</a>).</p>
  </li>
  <li>
    <b>0.27.1</b> - <a href="https://snyk.io/redirect/github/ramda/ramda/releases/tag/v0.27.1">2020-07-30</a></br><p>Let's pretend v0.27.0 never happened. πŸ˜‰</p>
  </li>
  <li>
    <b>0.27.0</b> - <a href="https://snyk.io/redirect/github/ramda/ramda/releases/tag/v0.27.0">2020-02-02</a></br><p>Merge pull request <a class="issue-link js-issue-link" href="https://snyk.io/redirect/github/ramda/ramda/pull/2832">#2832</a> from kibertoad/chore/update-dependencies-2</p>

    Update dependencies

      </li>
  <li>
    <b>0.26.1</b> - <a href="https://snyk.io/redirect/github/ramda/ramda/releases/tag/0.26.1">2018-11-28</a></br><p>BREAKING CHANGE</p>

    The addition of R.then in Ramda 0.26 made the R object
    a Promise-like object, and meant that Promise.resolve() will attempt
    to resolve it by calling the then() method. R is not a Promise, and
    to reassure JavaScript of this fact, R.then is renamed to R.andThen.

      </li>
</ul>
from <a href="https://snyk.io/redirect/github/ramda/ramda/releases">ramda GitHub release notes</a>

Commit messages
Package name: ramda
  • acbf91a Version 0.29.1
  • 677bff4 fix: _curryN receive enough args (#3410)
  • 2df3b95 remove broken link to bitsrc in readme (#3402)
  • e07a0d5 fix: modify curry doc (#3398)
  • de77106 fix: add sideEffects flag for es package.json (#3399)
  • 165d2ae fix: make swap work when swapped items are arrays (#3394)
  • 6dd4ac9 add AsyncFunction example (#3391)
  • 9c2310c version es dist folder (#3382)
  • 241f811 ramda#3340: support empty path in modifyPath (#3376)
  • de5803d update docs for propEq (#3373)
  • 7ed79b4 Fix for #3367: Documentation errors in R.swap examples (#3368)
  • d67552d update license year (#3366)
  • afe98b0 Version 0.29.0
  • cb73de9 Make traverse and sequence Fantasy-Land compliant (#3360)
  • 171b34e Replace "the the" -> "the" (#3291)
  • 50c6b57 extract Just related duplicated code (#3276)
  • dec329d refactor: `of` now works with Applicatives (#3272)
  • a4998cf change propEq/pathEq parameters order (#2938)
  • a5aea90 add/modify tests which can act as a transducer (#3269)
  • d009984 update package.json exports section to support node version 10 to 17 (#3270)
  • 6d38d5a feat: using npm-run-all -p to run scripts parallel (#3100)
  • e6b0047 revert(times): **replacing while loop with for loop**
  • 3141d1a chore(times): using `push` method instead of direct assignment
  • 82cc5d5 chore(times): using `var` instead of `let` for loop variable
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

πŸ›  Adjust upgrade PR settings

πŸ”• Ignore this dependency or unsubscribe from future upgrade PRs