wayfair-incubator / aux-eng-playbook

Wayfair Tech's playbook for building and supporting an Auxiliary Engineering program.
BSD Zero Clause License
4 stars 1 forks source link

Update dependency gh-pages to v5 [SECURITY] #86

Open renovate[bot] opened 6 months ago

renovate[bot] commented 6 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
gh-pages 4.0.0 -> 5.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages via the partial variable in util.js.


Release Notes

tschaub/gh-pages (gh-pages) ### [`v5.0.0`](https://redirect.github.com/tschaub/gh-pages/blob/HEAD/changelog.md#v500) [Compare Source](https://redirect.github.com/tschaub/gh-pages/compare/v4.0.0...v5.0.0) Potentially breaking change: the `publish` method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users. Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether. - [#​438](https://redirect.github.com/tschaub/gh-pages/pull/438) - Remove quotation marks ([@​Vicropht](https://redirect.github.com/Vicropht)) - [#​459](https://redirect.github.com/tschaub/gh-pages/pull/459) - Bump async from 2.6.4 to 3.2.4 ([@​tschaub](https://redirect.github.com/tschaub)) - [#​454](https://redirect.github.com/tschaub/gh-pages/pull/454) - Bump email-addresses from 3.0.1 to 5.0.0 ([@​tschaub](https://redirect.github.com/tschaub)) - [#​455](https://redirect.github.com/tschaub/gh-pages/pull/455) - Bump actions/setup-node from 1 to 3 ([@​tschaub](https://redirect.github.com/tschaub)) - [#​453](https://redirect.github.com/tschaub/gh-pages/pull/453) - Bump actions/checkout from 2 to 3 ([@​tschaub](https://redirect.github.com/tschaub)) - [#​445](https://redirect.github.com/tschaub/gh-pages/pull/445) - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. ([@​Nezteb](https://redirect.github.com/Nezteb)) - [#​452](https://redirect.github.com/tschaub/gh-pages/pull/452) - Assorted updates ([@​tschaub](https://redirect.github.com/tschaub))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.