search

testground / sdk-js

Other
1 stars 3 forks source link

chore(deps): bump semver-regex and aegir #37

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps semver-regex to 4.0.5 and updates ancestor dependency aegir. These dependencies need to be updated together.

Updates semver-regex from 2.0.0 to 4.0.5

Release notes

Sourced from semver-regex's releases.

v4.0.5

  • Improve regex b4ff333

Tip: If you use it in a server context, it's a good idea to give the regex a timeout.

https://github.com/sindresorhus/semver-regex/compare/v4.0.4...v4.0.5

v4.0.4

  • Fix some false positive matches (#23) e93d9c8

Tip: If you use it in a server context, it's a good idea to give the regex a timeout.

https://github.com/sindresorhus/semver-regex/compare/v4.0.3...v4.0.4

v4.0.3

  • Fix ReDoS vulnerability d8ba39a
    • This only affects you if you run the regex on untrusted user input in a server context.
    • Also back-ported to v3 in 3.1.4.
    • CVE pending

https://github.com/sindresorhus/semver-regex/compare/v4.0.2...v4.0.3

v4.0.2

  • No changes. Just fixing a npm dist tag.

v4.0.1

  • Fix ReDoS vulnerability 11c6624
    • This only affects you if you run the regex on untrusted user input in a server context.
    • Also back-ported to v3 in 3.1.3.
    • CVE-2021-3795

https://github.com/sindresorhus/semver-regex/compare/v4.0.0...v4.0.1

v4.0.0

Breaking

  • Require Node.js 12 7b785e3
  • This package is now pure ESM. Please read this.

https://github.com/sindresorhus/semver-regex/compare/v3.1.2...v4.0.0

v3.1.4

v3.1.2

  • Fix regex catastrophic backtracking 6baf2cc Working around this meant accepting some obscure false-positives. I don't think it will affect any real code, but it's good to be aware of. See the disabled tests in the commit.

https://github.com/sindresorhus/semver-regex/compare/v3.1.1...v3.1.2

... (truncated)

Commits


Updates aegir from 35.1.1 to 38.1.6

Release notes

Sourced from aegir's releases.

v38.1.6

38.1.6 (2023-02-20)

Dependencies

v38.1.5

38.1.5 (2023-02-17)

Bug Fixes

  • revert pinning of esquery dep (8d37a9a)

v38.1.4

38.1.4 (2023-02-16)

Bug Fixes

  • allow not overwriting files (1cefa04)
  • do not create .gitignore files for monorepo workspace projects (2dad5f2)
  • pin esquery version temporarily (eff8550)

v38.1.3

38.1.3 (2023-02-15)

Bug Fixes

  • do not create .gitignore in monorepo workspaces (0eace6c)

v38.1.2

38.1.2 (2023-02-07)

Bug Fixes

v38.1.1

38.1.1 (2023-02-06)

Trivial Changes

... (truncated)

Changelog

Sourced from aegir's changelog.

38.1.6 (2023-02-20)

Dependencies

38.1.5 (2023-02-17)

Bug Fixes

  • revert pinning of esquery dep (8d37a9a)

38.1.4 (2023-02-16)

Bug Fixes

  • allow not overwriting files (1cefa04)
  • do not create .gitignore files for monorepo workspace projects (2dad5f2)
  • pin esquery version temporarily (eff8550)

38.1.3 (2023-02-15)

Bug Fixes

  • do not create .gitignore in monorepo workspaces (0eace6c)

38.1.2 (2023-02-07)

Bug Fixes

38.1.1 (2023-02-06)

Trivial Changes

38.1.0 (2023-01-12)

... (truncated)

Commits
  • 72a9f4e chore(release): 38.1.6 [skip ci]
  • c103f37 deps: bump gh-pages from 4.0.0 to 5.0.0 (#1173)
  • 8761e36 deps: bump esbuild from 0.16.17 to 0.17.9 (#1194)
  • 5a71818 deps: bump execa from 6.1.0 to 7.0.0 (#1191)
  • 6e58c9e deps(dev): bump electron from 22.3.0 to 23.1.0 (#1193)
  • f2611aa chore(release): 38.1.5 [skip ci]
  • 8d37a9a fix: revert pinning of esquery dep
  • e39e245 chore(release): 38.1.4 [skip ci]
  • eff8550 fix: pin esquery version temporarily
  • 2dad5f2 fix: do not create .gitignore files for monorepo workspace projects
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by npm-service-account-ipfs, a new releaser for aegir since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/testground/sdk-js/network/alerts).