search

react-bootstrap / react-overlays

Utilities for creating robust overlay components
https://react-bootstrap.github.io/react-overlays
MIT License
899 stars 222 forks source link

chore(deps): update dependency gh-pages to v5 [security] - autoclosed #1041

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 7 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
gh-pages ^3.1.0 -> ^5.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages via the partial variable in util.js.

Release Notes

tschaub/gh-pages (gh-pages) ### [`v5.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v500) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v4.0.0...v5.0.0) Potentially breaking change: the `publish` method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users. Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether. - [#​438](https://togithub.com/tschaub/gh-pages/pull/438) - Remove quotation marks ([@​Vicropht](https://togithub.com/Vicropht)) - [#​459](https://togithub.com/tschaub/gh-pages/pull/459) - Bump async from 2.6.4 to 3.2.4 ([@​tschaub](https://togithub.com/tschaub)) - [#​454](https://togithub.com/tschaub/gh-pages/pull/454) - Bump email-addresses from 3.0.1 to 5.0.0 ([@​tschaub](https://togithub.com/tschaub)) - [#​455](https://togithub.com/tschaub/gh-pages/pull/455) - Bump actions/setup-node from 1 to 3 ([@​tschaub](https://togithub.com/tschaub)) - [#​453](https://togithub.com/tschaub/gh-pages/pull/453) - Bump actions/checkout from 2 to 3 ([@​tschaub](https://togithub.com/tschaub)) - [#​445](https://togithub.com/tschaub/gh-pages/pull/445) - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. ([@​Nezteb](https://togithub.com/Nezteb)) - [#​452](https://togithub.com/tschaub/gh-pages/pull/452) - Assorted updates ([@​tschaub](https://togithub.com/tschaub)) ### [`v4.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v400) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.3...v4.0.0) This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10. - [#​432](https://togithub.com/tschaub/gh-pages/pull/432) - Updated dev dependencies and formatting ([@​tschaub](https://togithub.com/tschaub)) - [#​430](https://togithub.com/tschaub/gh-pages/pull/430) - Bump ansi-regex from 3.0.0 to 3.0.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​431](https://togithub.com/tschaub/gh-pages/pull/431) - Bump path-parse from 1.0.6 to 1.0.7 ([@​tschaub](https://togithub.com/tschaub)) - [#​427](https://togithub.com/tschaub/gh-pages/pull/427) - Bump async from 2.6.1 to 2.6.4 ([@​tschaub](https://togithub.com/tschaub)) - [#​423](https://togithub.com/tschaub/gh-pages/pull/423) - Bump minimist from 1.2.5 to 1.2.6 ([@​tschaub](https://togithub.com/tschaub)) ### [`v3.2.3`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v323) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.2...v3.2.3) - [#​398](https://togithub.com/tschaub/gh-pages/pull/398) - Update glob-parent ([@​tschaub](https://togithub.com/tschaub)) - [#​395](https://togithub.com/tschaub/gh-pages/pull/395) - Switch from filenamify-url to filenamify ([@​tw0517tw](https://togithub.com/tw0517tw)) ### [`v3.2.2`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v322) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.1...v3.2.2) - [#​396](https://togithub.com/tschaub/gh-pages/pull/396) - Revert "security(deps): bump filenamify-url to 2.1.1" ([@​tschaub](https://togithub.com/tschaub)) ### [`v3.2.1`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v321) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.0...v3.2.1) - [#​393](https://togithub.com/tschaub/gh-pages/pull/393) - security(deps): bump filenamify-url to 2.1.1 ([@​AviVahl](https://togithub.com/AviVahl)) ### [`v3.2.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v320) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.1.0...v3.2.0) This release updates a few development dependencies and adds a bit of documentation. - [#​391](https://togithub.com/tschaub/gh-pages/pull/391) - Update dev dependencies ([@​tschaub](https://togithub.com/tschaub)) - [#​375](https://togithub.com/tschaub/gh-pages/pull/375) - Add note about domain problem ([@​demee](https://togithub.com/demee)) - [#​390](https://togithub.com/tschaub/gh-pages/pull/390) - Fix little typo in the README ([@​cizordj](https://togithub.com/cizordj)) - [#​388](https://togithub.com/tschaub/gh-pages/pull/388) - Bump hosted-git-info from 2.8.8 to 2.8.9 ([@​tschaub](https://togithub.com/tschaub)) - [#​387](https://togithub.com/tschaub/gh-pages/pull/387) - Bump y18n from 4.0.0 to 4.0.3 ([@​tschaub](https://togithub.com/tschaub)) - [#​378](https://togithub.com/tschaub/gh-pages/pull/378) - Add GitHub Actions tips to readme.md ([@​mickelsonmichael](https://togithub.com/mickelsonmichael)) - [#​386](https://togithub.com/tschaub/gh-pages/pull/386) - Bump lodash from 4.17.14 to 4.17.21 ([@​tschaub](https://togithub.com/tschaub))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.