azu
commented
1 year ago @dependabot merge
2022年12月4日(日) 1:17 dependabot[bot] @.***>:
This automated pull request fixes a security vulnerability https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/security/dependabot/17 (high severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps moment https://github.com/moment/moment from 2.29.2 to 2.29.4. Changelog
Sourced from moment's changelog https://github.com/moment/moment/blob/develop/CHANGELOG.md.
2.29.4
- Release Jul 6, 2022
6015
https://github-redirect.dependabot.com/moment/moment/pull/6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex
2.29.3 Full changelog https://gist.github.com/ichernev/edebd440f49adcaec72e5e77b791d8be
- Release Apr 17, 2022
5995
https://github-redirect.dependabot.com/moment/moment/pull/5995 [bugfix] Remove const usage
5990
https://github-redirect.dependabot.com/moment/moment/pull/5990 misc: fix advisory link
Commits
- 000ac18 https://github.com/moment/moment/commit/000ac1800e620f770f4eb31b5ae908f6167b0ab2 Build 2.24.4
- f2006b6 https://github.com/moment/moment/commit/f2006b647939466f4f403721b8c7816d844c038c Bump version to 2.24.4
- 536ad0c https://github.com/moment/moment/commit/536ad0c348f2f99009755698f491080757a48221 Update changelog for 2.29.4
- 9a3b589 https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 [bugfix] Fix redos in preprocessRFC2822 regex (#6015 https://github-redirect.dependabot.com/moment/moment/issues/6015)
- 6374fd8 https://github.com/moment/moment/commit/6374fd860aeff75e6c9d9d11540c6b22bc7ef175 Merge branch 'master' into develop
- b4e6153 https://github.com/moment/moment/commit/b4e615307ee350b58ac9899e3587ce43972b0753 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015 https://github-redirect.dependabot.com/moment/moment/issues/6015)"
- 7aebb16 https://github.com/moment/moment/commit/7aebb1617fc9bced87ab6bc4c317644019b23ce7 [bugfix] Fix redos in preprocessRFC2822 regex (#6015 https://github-redirect.dependabot.com/moment/moment/issues/6015)
- 57c9062 https://github.com/moment/moment/commit/57c90622e402c929504cc6d6f3de4ebe2a9ffc73 Build 2.29.3
- aaf50b6 https://github.com/moment/moment/commit/aaf50b6bca4075f40a3372c291ae8072fb4e9dcf Fixup release complaints
- 26f4aef https://github.com/moment/moment/commit/26f4aef9ca0b4c998107bf7e2cf1c33c30368d44 Bump version to 2.29.3
- Additional commits viewable in compare view https://github.com/moment/moment/compare/2.29.2...2.29.4
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/network/alerts .
You can view, comment on, or merge this pull request online at:
https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/pull/35 Commit Summary
- bac21ac https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/pull/35/commits/bac21ac3c104b9d60b392ac1c5e3db0885474c9a chore(deps): bump moment from 2.29.2 to 2.29.4
File Changes
(1 file https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/pull/35/files )
Patch Links:
- https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/pull/35.patch
https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/pull/35.diff
— Reply to this email directly, view it on GitHub https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/pull/35, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAE2AVD6IX2DZJUJ2QMS43WLNW7ZANCNFSM6AAAAAASS2PESU . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Bumps moment from 2.29.2 to 2.29.4.
Changelog
Sourced from moment's changelog.
Commits
000ac18Build 2.24.4f2006b6Bump version to 2.24.4536ad0cUpdate changelog for 2.29.49a3b589[bugfix] Fix redos in preprocessRFC2822 regex (#6015)6374fd8Merge branch 'master' into developb4e6153Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"7aebb16[bugfix] Fix redos in preprocessRFC2822 regex (#6015)57c9062Build 2.29.3aaf50b6Fixup release complaints26f4aefBump version to 2.29.3Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/textlint-ja/textlint-rule-no-mix-dearu-desumasu/network/alerts).