Open dependabot[bot] opened 2 years ago
Base: 56.37% // Head: 56.02% // Decreases project coverage by -0.34%
:warning:
Coverage data is based on head (
132184d
) compared to base (26546d0
). Patch coverage: 97.05% of modified lines in pull request are covered.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
Bumps loader-utils to 1.4.2 and updates ancestor dependency html-webpack-plugin. These dependencies need to be updated together.
Updates
loader-utils
from 1.4.0 to 1.4.2Release notes
Sourced from loader-utils's releases.
Changelog
Sourced from loader-utils's changelog.
Commits
331ad50
chore(release): 1.4.217cbf8f
fix: ReDoS problem (#226)8f082b3
chore(release): 1.4.14504e34
fix: security problem (#220)Updates
html-webpack-plugin
from 2.30.1 to 5.5.0Changelog
Sourced from html-webpack-plugin's changelog.
... (truncated)
Commits
873d75b
chore(release): 5.5.0ddeb774
chore: update examples1e42625
feat: Support type=module via scriptLoading option7d3645b
Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-380779be779
[chore] changes actions to run on pull_requestsb7e5859
[chore] fixes CI to avoid race conditions48131d3
chore(release): 5.4.016a841a
[chore] rebuild examples3bb7c17
Update index.jse38ac97
Update index.jsMaintainer changes
This version was pushed to npm by jantimon, a new releaser for html-webpack-plugin since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sfu-db/dataprep/network/alerts).