search

scratchfoundation / scratch-blocks

Scratch Blocks is a library for building creative computing interfaces.
https://scratch.mit.edu/developers
Apache License 2.0
2.58k stars 1.37k forks source link

chore(deps): update dependency gh-pages to v5 [security] #3233

Open renovate[bot] opened 4 months ago

renovate[bot] commented 4 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
gh-pages 0.12.0 -> 5.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages via the partial variable in util.js.

Release Notes

tschaub/gh-pages (gh-pages) ### [`v5.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v500) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v4.0.0...v5.0.0) Potentially breaking change: the `publish` method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users. Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether. - [#​438](https://togithub.com/tschaub/gh-pages/pull/438) - Remove quotation marks ([@​Vicropht](https://togithub.com/Vicropht)) - [#​459](https://togithub.com/tschaub/gh-pages/pull/459) - Bump async from 2.6.4 to 3.2.4 ([@​tschaub](https://togithub.com/tschaub)) - [#​454](https://togithub.com/tschaub/gh-pages/pull/454) - Bump email-addresses from 3.0.1 to 5.0.0 ([@​tschaub](https://togithub.com/tschaub)) - [#​455](https://togithub.com/tschaub/gh-pages/pull/455) - Bump actions/setup-node from 1 to 3 ([@​tschaub](https://togithub.com/tschaub)) - [#​453](https://togithub.com/tschaub/gh-pages/pull/453) - Bump actions/checkout from 2 to 3 ([@​tschaub](https://togithub.com/tschaub)) - [#​445](https://togithub.com/tschaub/gh-pages/pull/445) - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. ([@​Nezteb](https://togithub.com/Nezteb)) - [#​452](https://togithub.com/tschaub/gh-pages/pull/452) - Assorted updates ([@​tschaub](https://togithub.com/tschaub)) ### [`v4.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v400) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.3...v4.0.0) This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10. - [#​432](https://togithub.com/tschaub/gh-pages/pull/432) - Updated dev dependencies and formatting ([@​tschaub](https://togithub.com/tschaub)) - [#​430](https://togithub.com/tschaub/gh-pages/pull/430) - Bump ansi-regex from 3.0.0 to 3.0.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​431](https://togithub.com/tschaub/gh-pages/pull/431) - Bump path-parse from 1.0.6 to 1.0.7 ([@​tschaub](https://togithub.com/tschaub)) - [#​427](https://togithub.com/tschaub/gh-pages/pull/427) - Bump async from 2.6.1 to 2.6.4 ([@​tschaub](https://togithub.com/tschaub)) - [#​423](https://togithub.com/tschaub/gh-pages/pull/423) - Bump minimist from 1.2.5 to 1.2.6 ([@​tschaub](https://togithub.com/tschaub)) ### [`v3.2.3`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v323) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.2...v3.2.3) - [#​398](https://togithub.com/tschaub/gh-pages/pull/398) - Update glob-parent ([@​tschaub](https://togithub.com/tschaub)) - [#​395](https://togithub.com/tschaub/gh-pages/pull/395) - Switch from filenamify-url to filenamify ([@​tw0517tw](https://togithub.com/tw0517tw)) ### [`v3.2.2`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v322) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.1...v3.2.2) - [#​396](https://togithub.com/tschaub/gh-pages/pull/396) - Revert "security(deps): bump filenamify-url to 2.1.1" ([@​tschaub](https://togithub.com/tschaub)) ### [`v3.2.1`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v321) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.2.0...v3.2.1) - [#​393](https://togithub.com/tschaub/gh-pages/pull/393) - security(deps): bump filenamify-url to 2.1.1 ([@​AviVahl](https://togithub.com/AviVahl)) ### [`v3.2.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v320) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.1.0...v3.2.0) This release updates a few development dependencies and adds a bit of documentation. - [#​391](https://togithub.com/tschaub/gh-pages/pull/391) - Update dev dependencies ([@​tschaub](https://togithub.com/tschaub)) - [#​375](https://togithub.com/tschaub/gh-pages/pull/375) - Add note about domain problem ([@​demee](https://togithub.com/demee)) - [#​390](https://togithub.com/tschaub/gh-pages/pull/390) - Fix little typo in the README ([@​cizordj](https://togithub.com/cizordj)) - [#​388](https://togithub.com/tschaub/gh-pages/pull/388) - Bump hosted-git-info from 2.8.8 to 2.8.9 ([@​tschaub](https://togithub.com/tschaub)) - [#​387](https://togithub.com/tschaub/gh-pages/pull/387) - Bump y18n from 4.0.0 to 4.0.3 ([@​tschaub](https://togithub.com/tschaub)) - [#​378](https://togithub.com/tschaub/gh-pages/pull/378) - Add GitHub Actions tips to readme.md ([@​mickelsonmichael](https://togithub.com/mickelsonmichael)) - [#​386](https://togithub.com/tschaub/gh-pages/pull/386) - Bump lodash from 4.17.14 to 4.17.21 ([@​tschaub](https://togithub.com/tschaub)) ### [`v3.1.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v310) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v3.0.0...v3.1.0) The cache directory used by `gh-pages` is now `node_modules/.cache/gh-pages`. If you want to use a different location, set the `CACHE_DIR` environment variable. - [#​362](https://togithub.com/tschaub/gh-pages/pull/362) - Move the cache directory ([@​tschaub](https://togithub.com/tschaub)) - [#​361](https://togithub.com/tschaub/gh-pages/pull/361) - Update dev dependencies ([@​tschaub](https://togithub.com/tschaub)) ### [`v3.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v300) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v2.2.0...v3.0.0) Breaking changes: None really. But tests are no longer run on Node < 10. Development dependencies were updated to address security warnings, and this meant tests could no longer be run on Node 6 or 8. If you still use these Node versions, you may still be able to use this library, but be warned that tests are no longer run on these versions. All changes: - [#​357](https://togithub.com/tschaub/gh-pages/pull/357) - Dev dependency updates ([@​tschaub](https://togithub.com/tschaub)) - [#​333](https://togithub.com/tschaub/gh-pages/pull/333) - Update readme with command line options ([@​Victoire44](https://togithub.com/Victoire44)) - [#​356](https://togithub.com/tschaub/gh-pages/pull/356) - Test as a GitHub action ([@​tschaub](https://togithub.com/tschaub)) - [#​355](https://togithub.com/tschaub/gh-pages/pull/355) - feat(beforeAdd): allow custom script before git add ([@​Xiphe](https://togithub.com/Xiphe)) - [#​336](https://togithub.com/tschaub/gh-pages/pull/336) - Fix remove not working properly ([@​sunghwan2789](https://togithub.com/sunghwan2789)) - [#​328](https://togithub.com/tschaub/gh-pages/pull/328) - Update .travis.yml ([@​XhmikosR](https://togithub.com/XhmikosR)) - [#​327](https://togithub.com/tschaub/gh-pages/pull/327) - Fix typo ([@​d-tsuji](https://togithub.com/d-tsuji)) ### [`v2.2.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v220) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v2.1.1...v2.2.0) - [#​318](https://togithub.com/tschaub/gh-pages/pull/318) - Allow an absolute path as dist directory ([@​okuryu](https://togithub.com/okuryu)) - [#​319](https://togithub.com/tschaub/gh-pages/pull/319) - Added 'remove' documentation to the readme ([@​Sag-Dev](https://togithub.com/Sag-Dev)) - [#​323](https://togithub.com/tschaub/gh-pages/pull/323) - Update dependencies ([@​tschaub](https://togithub.com/tschaub)) - [#​277](https://togithub.com/tschaub/gh-pages/pull/277) - Add `--no-history` flag not to preserve deploy history ([@​dplusic](https://togithub.com/dplusic)) ### [`v2.1.1`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v211) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v2.1.0...v2.1.1) - [#​312](https://togithub.com/tschaub/gh-pages/pull/312) - Add default for '--git' option ([@​tschaub](https://togithub.com/tschaub)) ### [`v2.1.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v210) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v2.0.1...v2.1.0) - [#​307](https://togithub.com/tschaub/gh-pages/pull/307) - Dev dependency updates ([@​tschaub](https://togithub.com/tschaub)) - [#​303](https://togithub.com/tschaub/gh-pages/pull/303) - Support '--git' CLI option ([@​JRJurman](https://togithub.com/JRJurman)) ### [`v2.0.1`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v201) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v2.0.0...v2.0.1) - [#​268](https://togithub.com/tschaub/gh-pages/pull/268) - Continue even if no git configured user. ### [`v2.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v200) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v1.2.0...v2.0.0) Breaking changes: - Requires Node 6 and above. If you require support for Node 4, stick with v1.2.0. - The git user for commits is determined by running `git config user.name` and `git config user.email` in the current working directory when `gh-pages` is run. Ideally, this is what you want. In v1, the git user was determined based on the `gh-pages` install directory. If the package was installed globally, the git user might not have been what you expected when running in a directory with a locally configured git user. - [#​264](https://togithub.com/tschaub/gh-pages/pull/264) - Better user handling (thanks [@​holloway](https://togithub.com/holloway) for getting this going and [@​nuklearfiziks](https://togithub.com/nuklearfiziks) and [@​paulirish](https://togithub.com/paulirish) for pushing it over the edge) - [#​263](https://togithub.com/tschaub/gh-pages/pull/263) - Infra: newer syntax and upgrade deps to latest stable versions ([@​AviVahl](https://togithub.com/AviVahl)) ### [`v1.2.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v120) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v1.1.0...v1.2.0) - [#​252](https://togithub.com/tschaub/gh-pages/pull/252) - Update dependencies ([@​tschaub](https://togithub.com/tschaub)) - [#​245](https://togithub.com/tschaub/gh-pages/pull/245) - Typos ([@​thekevinscott](https://togithub.com/thekevinscott)) - [#​251](https://togithub.com/tschaub/gh-pages/pull/251) - Update async to the latest version 🚀 ([@​tschaub](https://togithub.com/tschaub)) - [#​243](https://togithub.com/tschaub/gh-pages/pull/243) - docs(readme.md): add tips ([@​polyglotm](https://togithub.com/polyglotm)) - [#​241](https://togithub.com/tschaub/gh-pages/pull/241) - Update sinon to the latest version 🚀 ([@​tschaub](https://togithub.com/tschaub)) - [#​240](https://togithub.com/tschaub/gh-pages/pull/240) - Update eslint-config-tschaub to the latest version 🚀 ([@​tschaub](https://togithub.com/tschaub)) - [#​239](https://togithub.com/tschaub/gh-pages/pull/239) - Assorted updates ([@​tschaub](https://togithub.com/tschaub)) - [#​238](https://togithub.com/tschaub/gh-pages/pull/238) - fix(package): update commander to version 2.15.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​237](https://togithub.com/tschaub/gh-pages/pull/237) - chore(package): update mocha to version 5.0.5 ([@​tschaub](https://togithub.com/tschaub)) - [#​232](https://togithub.com/tschaub/gh-pages/pull/232) - Update sinon to the latest version 🚀 ([@​tschaub](https://togithub.com/tschaub)) ### [`v1.1.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v110) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v1.0.0...v1.1.0) - [#​218](https://togithub.com/tschaub/gh-pages/pull/218) - Update dependencies, test on Node 8 ([@​tschaub](https://togithub.com/tschaub)) - [#​211](https://togithub.com/tschaub/gh-pages/pull/211) - Update async to the latest version 🚀 ([@​tschaub](https://togithub.com/tschaub)) - [#​202](https://togithub.com/tschaub/gh-pages/pull/202) - chore(package): update sinon to version 3.2.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​201](https://togithub.com/tschaub/gh-pages/pull/201) - chore(package): update chai to version 4.1.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​196](https://togithub.com/tschaub/gh-pages/pull/196) - fix(package): update fs-extra to version 4.0.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​199](https://togithub.com/tschaub/gh-pages/pull/199) - Update tmp to the latest version 🚀 ([@​tschaub](https://togithub.com/tschaub)) - [#​193](https://togithub.com/tschaub/gh-pages/pull/193) - Return the promise in the publish function ([@​Ambyjkl](https://togithub.com/Ambyjkl)) - [#​188](https://togithub.com/tschaub/gh-pages/pull/188) - chore(package): update sinon to version 2.3.3 ([@​tschaub](https://togithub.com/tschaub)) - [#​185](https://togithub.com/tschaub/gh-pages/pull/185) - fix(package): update commander to version 2.11.0 ([@​tschaub](https://togithub.com/tschaub)) - [#​186](https://togithub.com/tschaub/gh-pages/pull/186) - chore(package): update eslint to version 4.1.1 ([@​tschaub](https://togithub.com/tschaub)) - [#​187](https://togithub.com/tschaub/gh-pages/pull/187) - fix(package): update async to version 2.5.0 ([@​tschaub](https://togithub.com/tschaub)) - [#​175](https://togithub.com/tschaub/gh-pages/pull/175) - Removed unnecessary path require ([@​antialias](https://togithub.com/antialias)) ### [`v1.0.0`](https://togithub.com/tschaub/gh-pages/blob/HEAD/changelog.md#v100) [Compare Source](https://togithub.com/tschaub/gh-pages/compare/v0.12.0...v1.0.0) This release includes a couple breaking changes: - Node 4+ is required. - The `logger` option has been removed. Set `NODE_DEBUG=gh-pages` to see debug output. If you are using Node 4+ and not using the `logger` option, upgrades should be painless. See below for a full list of changes: - [#​174](https://togithub.com/tschaub/gh-pages/pull/174) - Remove the logger option and use util.debuglog() ([@​tschaub](https://togithub.com/tschaub)) - [#​173](https://togithub.com/tschaub/gh-pages/pull/173) - Dedicated cache directory per repo ([@​tschaub](https://togithub.com/tschaub)) - [#​172](https://togithub.com/tschaub/gh-pages/pull/172) - Provision for root path when splitting ([@​esarbanis](https://togithub.com/esarbanis)) - [#​171](https://togithub.com/tschaub/gh-pages/pull/171) - Add a dest option ([@​lelandmiller](https://togithub.com/lelandmiller)) - [#​73](https://togithub.com/tschaub/gh-pages/pull/73) - feat(plugin): add plugin support for semantic-release ([@​tusharmath](https://togithub.com/tusharmath)) - [#​170](https://togithub.com/tschaub/gh-pages/pull/170) - Integration tests ([@​tschaub](https://togithub.com/tschaub)) - [#​21](https://togithub.com/tschaub/gh-pages/pull/21) - Document that git 1.9+ is required. ([@​warmhug](https://togithub.com/warmhug)) - [#​169](https://togithub.com/tschaub/gh-pages/pull/169) - Fix noPush command argument and include regression tests for the CLI ([@​thiagofelix](https://togithub.com/thiagofelix)) - [#​168](https://togithub.com/tschaub/gh-pages/pull/168) - Clone with depth 1 by default ([@​tschaub](https://togithub.com/tschaub)) - [#​167](https://togithub.com/tschaub/gh-pages/pull/167) - Require Node 4+ ([@​tschaub](https://togithub.com/tschaub)) - [#​166](https://togithub.com/tschaub/gh-pages/pull/166) - Updates ([@​tschaub](https://togithub.com/tschaub)) - [#​158](https://togithub.com/tschaub/gh-pages/pull/158) - Update dependencies to enable Greenkeeper 🌴 ([@​tschaub](https://togithub.com/tschaub)) - [#​150](https://togithub.com/tschaub/gh-pages/pull/150) - Fix small typo ([@​mandeldl](https://togithub.com/mandeldl))

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.