Closed dependabot[bot] closed 1 year ago
Latest commit: b9d889858648dcf144d3dd412425a92ff54941cd
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
@dependabot merge
2023年1月6日(金) 3:18 dependabot[bot] @.***>:
This automated pull request fixes a security vulnerability https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/security/dependabot/17 (high severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps json5 https://github.com/json5/json5 from 1.0.1 to 1.0.2. Release notes
Sourced from json5's releases https://github.com/json5/json5/releases.
v1.0.2
- Fix: Properties with the name proto are added to objects and arrays. (#199 https://github-redirect.dependabot.com/json5/json5/issues/199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295 https://github-redirect.dependabot.com/json5/json5/issues/295). This has been backported to v1. (#298 https://github-redirect.dependabot.com/json5/json5/issues/298)
Changelog
Sourced from json5's changelog https://github.com/json5/json5/blob/main/CHANGELOG.md.
Unreleased [code https://github.com/json5/json5/tree/main, diff https://github.com/json5/json5/compare/v2.2.3...HEAD] v2.2.3 [code https://github.com/json5/json5/tree/v2.2.3, diff https://github.com/json5/json5/compare/v2.2.2...v2.2.3]
- Fix: @.*** is now the 'latest' release according to npm instead of v1.0.2. (#299 https://github-redirect.dependabot.com/json5/json5/issues/299)
v2.2.2 [code https://github.com/json5/json5/tree/v2.2.2, diff https://github.com/json5/json5/compare/v2.2.1...v2.2.2]
- Fix: Properties with the name proto are added to objects and arrays. (#199 https://github-redirect.dependabot.com/json5/json5/issues/199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295 https://github-redirect.dependabot.com/json5/json5/issues/295).
v2.2.1 [code https://github.com/json5/json5/tree/v2.2.1, diff https://github.com/json5/json5/compare/v2.2.0...v2.2.1]
- Fix: Removed dependence on minimist to patch CVE-2021-44906 https://github.com/advisories/GHSA-xvch-5gv4-984h. (#266 https://github-redirect.dependabot.com/json5/json5/issues/266)
v2.2.0 [code https://github.com/json5/json5/tree/v2.2.0, diff https://github.com/json5/json5/compare/v2.1.3...v2.2.0]
- New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236 https://github-redirect.dependabot.com/json5/json5/issues/236, #244 https://github-redirect.dependabot.com/json5/json5/issues/244)
v2.1.3 [code https://github.com/json5/json5/tree/v2.1.3, diff https://github.com/json5/json5/compare/v2.1.2...v2.1.3]
- Fix: An out of memory bug when parsing numbers has been fixed. (#228 https://github-redirect.dependabot.com/json5/json5/issues/228, #229 https://github-redirect.dependabot.com/json5/json5/issues/229)
v2.1.2 [code https://github.com/json5/json5/tree/v2.1.2, diff https://github.com/json5/json5/compare/v2.1.1...v2.1.2]
... (truncated) Commits
- a62db1e https://github.com/json5/json5/commit/a62db1e51e1031d92ac260f5bb38bbed1fdbc754 1.0.2
- e0c23fe https://github.com/json5/json5/commit/e0c23fe458a77c0b2cdb271376be5d8d0908133c docs: update CHANGELOG for v1.0.2
- 62a6540 https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972 fix: add proto to objects and arrays
- See full diff in compare view https://github.com/json5/json5/compare/v1.0.1...v1.0.2
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/network/alerts .
You can view, comment on, or merge this pull request online at:
https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109 Commit Summary
- b9d8898 https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109/commits/b9d889858648dcf144d3dd412425a92ff54941cd chore(deps): bump json5 from 1.0.1 to 1.0.2 in /example
File Changes
(1 file https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109/files )
- M example/yarn.lock https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109/files#diff-6fbd9e107637e12c2e0db0a78e8e2431a45eefba378c486543e7e989d01b234c (22)
Patch Links:
- https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109.patch
https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109.diff
— Reply to this email directly, view it on GitHub https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/pull/109, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAE2AVINBDUEYKDZBKDL4LWQ4F6DANCNFSM6AAAAAATSHWAC4 . You are receiving this because you are subscribed to this thread.Message ID: @.*** .com>
@dependabot merge
1/6/2023, 12:26:23 PM "textlint-ja/textlint-rule-preset-ja-technical-writing" @.***>
This PR has already been merged! 🎉
Bumps json5 from 1.0.1 to 1.0.2.
Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/textlint-ja/textlint-rule-preset-ja-technical-writing/network/alerts).