profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/BrandonE/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Brandon Evans BrandonE Zoom Video Communications Nashville, TN http://www.brandonmevans.com Software Engineer specializing in Application Security

BrandonE/lichocker 48

lichess.org run in a Docker container

BrandonE/mmbno 9

Mega Man Battle Network Online

BrandonE/pixel-puzzles 5

Fill out sections of a grid to reveal pixel art. Inspired by "Pencil Puzzles" from Tips & Tricks Magazine.

BrandonE/hanoi 2

The Towers of Hanoi puzzle with variations and a solver

BrandonE/bliss32 1

bliss32

BrandonE/firebase-react-chat-window 1

An implementation of kingofthestack/react-chat-window with a Firebase backend.

BrandonE/2048-SendGrid 0

A 2048 clone controlled by E-Mail through SendGrid

BrandonE/allthe2048 0

Updated index of all the 2048 variants currently out there

BrandonE/BizHawk 0

BizHawk is a multi-system emulator written in C#. BizHawk provides nice features for casual gamers such as full screen, and joypad support in addition to full rerecording and debugging tools for all system cores.

BrandonE/brandon-evans-homebrew 0

Home for Brandon Evans' homebrew projects.

startednccgroup/GOATCasino

started time in 2 days

startedbregman-arie/devops-exercises

started time in 6 days

starteducsb/nodejs-contagious

started time in 6 days

issue openedBrandonE/pixel-puzzles

Cannot Paint Cells on Mobile

When you touch a cell and move your pointer over other cells, all of those cells should be changed. Right now, you have to click individual cells to change them.

This "painting" functionality works with a mouse because browsers support onMouseEnter. It appears that onTouchEnter is deprecated.

created time in 11 days

issue openedBrandonE/pixel-puzzles

Only Show Unsolved Sub-Grids

There are two ways to make solving puzzles in the browser better:

  1. Hide the coordinates for sub-grids that are already solved, or
  2. Show one unsolved coordinate at a time.

This enhancement should have a toggle that reverts the functionality to the classic view.

I have attempted this previously, but all of my attempts forced the entire game to re-render every time a cell changed, which adds very noticeable lag.

If this is possible, it would also be nice to have a Toast notification show when the entire puzzle is solved.

created time in 11 days

issue openedBrandonE/pixel-puzzles

Printing Issues with Browsers other than Chrome

Firefox has wide cells and none of the coordinates are filled out:

image

Safari's sub-grids are bigger than their cells:

image

created time in 11 days

PR opened pumasecurity/serverless-prey

Reviewers
Explicitly set the Cougar runtime version to ~3

The beta ~4 version is broken. From Azure support:


Reviewing that app in our system, it looks like your function runtime verion is set to beta, which will cause it to use the latest version of the runtime. This means it would use the 4.x version, which came out recently and is in preview. Is that intentional? It might be worth changing this to 3.x to see if that resolves the issue. You can do that in the portal under general settings.

Azure Functions runtime versions overview | Microsoft Docs


My reply:


Yes, I am still experiencing this issue. The App keys page also hangs indefinitely:

image

The recent release of the 4.x runtime is a great thing to point out. That said:

  1. If downgrading the runtime solves this issue, this is a very poor debugging experience. The error message implies that the service is down and that the user can’t do anything about it. Even if the error message were better, it would be very concerning that any publicly available version of the runtime caused the Azure API calls to completely fail.
  2. After setting the runtime to “~3” and restarting the application, the issue persists for several minutes.
  3. However, after waiting about 5 minutes, the function is working and the keys are displaying in the UI!
+1 -1

0 comment

1 changed file

pr created time in 20 days

create barnchpumasecurity/serverless-prey

branch : fix-cougar

created branch time in 20 days

push eventOWASP/www-chapter-nashville

Brandon Evans

commit sha e5cbd2ac44b762c13ce848a2d4bc598fabd6860f

Updated events.

view details

Brandon Evans

commit sha 240c519b852de46500c744f4807b21e95456c58c

Merge branch 'master' of github.com:OWASP/www-chapter-nashville

view details

push time in 23 days

push eventBrandonE/pixel-puzzles

Brandon Evans

commit sha 40c9df2b416f5980316180420d169c6d1e5f948a

Updates

view details

push time in 25 days

push eventBrandonE/pixel-puzzles

Brandon Evans

commit sha fe14cce5674031b6afa522e2fdb62a396d9d8006

Improved cell sizing for print. Support read-only play. Do not render the page when printing manually. Added printing disclaimer. Updated the import example.

view details

push time in 25 days

delete branch pumasecurity/serverless-prey

delete branch : dependabot/npm_and_yarn/panther/jszip-3.7.1

delete time in a month

push eventpumasecurity/serverless-prey

dependabot[bot]

commit sha 1f1454d0b803716bff1f4b293ee7b45c0b999f6e

Bump jszip from 3.6.0 to 3.7.1 in /panther Bumps [jszip](https://github.com/Stuk/jszip) from 3.6.0 to 3.7.1. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/master/CHANGES.md) - [Commits](https://github.com/Stuk/jszip/compare/v3.6.0...v3.7.1) --- updated-dependencies: - dependency-name: jszip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Brandon Evans

commit sha 8d1a45598c4b204a522194c5ae68ad2e11c064ff

Merge pull request #38 from pumasecurity/dependabot/npm_and_yarn/panther/jszip-3.7.1 Bump jszip from 3.6.0 to 3.7.1 in /panther

view details

push time in a month

PR merged pumasecurity/serverless-prey

Bump jszip from 3.6.0 to 3.7.1 in /panther dependencies

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps jszip from 3.6.0 to 3.7.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stuk/jszip/blob/master/CHANGES.md">jszip's changelog</a>.</em></p> <blockquote> <h3>v3.7.1 2021-08-05</h3> <ul> <li>Fix build of <code>dist</code> files. <ul> <li>Note: this version ensures the changes from 3.7.0 are actually included in the <code>dist</code> files. Thanks to Evan W for reporting.</li> </ul> </li> </ul> <h3>v3.7.0 2021-07-23</h3> <ul> <li>Fix: Use a null prototype object for this.files (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/766">#766</a>) <ul> <li>This change might break existing code if it uses prototype methods on the <code>.files</code> property of a zip object, for example <code>zip.files.toString()</code>. This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Stuk/jszip/commit/3f2f0da8b29c2477bca982911caa8392679c13b2"><code>3f2f0da</code></a> 3.7.1</li> <li><a href="https://github.com/Stuk/jszip/commit/9f9c33b66b63914b12c0f4b4d259c22b08243a01"><code>9f9c33b</code></a> Updates for 3.7.1</li> <li><a href="https://github.com/Stuk/jszip/commit/56397458784d2098832301cb11d01a103c72e171"><code>5639745</code></a> Merge branch 'fix-build'</li> <li><a href="https://github.com/Stuk/jszip/commit/e08003ec71bb64677faae808017a2caddbe0508e"><code>e08003e</code></a> Fix lint</li> <li><a href="https://github.com/Stuk/jszip/commit/79f7691e519efaa955097d6e95afa7ef88142dee"><code>79f7691</code></a> Revert "Disable proto assert that fails in browsers"</li> <li><a href="https://github.com/Stuk/jszip/commit/89298b9f26f64d3a2e30c7da1eca303535ab838a"><code>89298b9</code></a> Update gitignore for Mac, and sort</li> <li><a href="https://github.com/Stuk/jszip/commit/81cb5eb244b68131a596959d285cf5c5bcd27e25"><code>81cb5eb</code></a> Temporarily update docs for building dist correctly</li> <li><a href="https://github.com/Stuk/jszip/commit/e5b3f0ddaa8182cd6ea253e97f678b9f36d0d8ac"><code>e5b3f0d</code></a> 3.7.0</li> <li><a href="https://github.com/Stuk/jszip/commit/e88ba4b367a56ba0f87490c231682fa1beacbb19"><code>e88ba4b</code></a> Update for version 3.7.0</li> <li><a href="https://github.com/Stuk/jszip/commit/90464873e370b691882faa28621f796cff6c0fbb"><code>9046487</code></a> Disable proto assert that fails in browsers</li> <li>Additional commits viewable in <a href="https://github.com/Stuk/jszip/compare/v3.6.0...v3.7.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

PullRequestReviewEvent

delete branch pumasecurity/serverless-prey

delete branch : dependabot/npm_and_yarn/cheetah/src/cheetah/jszip-3.7.1

delete time in a month

push eventpumasecurity/serverless-prey

dependabot[bot]

commit sha 272cdd9546556a434d880e02b42ad61a5c9a0a18

Bump jszip from 3.6.0 to 3.7.1 in /cheetah/src/cheetah Bumps [jszip](https://github.com/Stuk/jszip) from 3.6.0 to 3.7.1. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/master/CHANGES.md) - [Commits](https://github.com/Stuk/jszip/compare/v3.6.0...v3.7.1) --- updated-dependencies: - dependency-name: jszip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Brandon Evans

commit sha 180dde0e84c5bf59d3f26741b40223935b44d01b

Merge pull request #37 from pumasecurity/dependabot/npm_and_yarn/cheetah/src/cheetah/jszip-3.7.1 Bump jszip from 3.6.0 to 3.7.1 in /cheetah/src/cheetah

view details

push time in a month

PR merged pumasecurity/serverless-prey

Bump jszip from 3.6.0 to 3.7.1 in /cheetah/src/cheetah dependencies

Bumps jszip from 3.6.0 to 3.7.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stuk/jszip/blob/master/CHANGES.md">jszip's changelog</a>.</em></p> <blockquote> <h3>v3.7.1 2021-08-05</h3> <ul> <li>Fix build of <code>dist</code> files. <ul> <li>Note: this version ensures the changes from 3.7.0 are actually included in the <code>dist</code> files. Thanks to Evan W for reporting.</li> </ul> </li> </ul> <h3>v3.7.0 2021-07-23</h3> <ul> <li>Fix: Use a null prototype object for this.files (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/766">#766</a>) <ul> <li>This change might break existing code if it uses prototype methods on the <code>.files</code> property of a zip object, for example <code>zip.files.toString()</code>. This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Stuk/jszip/commit/3f2f0da8b29c2477bca982911caa8392679c13b2"><code>3f2f0da</code></a> 3.7.1</li> <li><a href="https://github.com/Stuk/jszip/commit/9f9c33b66b63914b12c0f4b4d259c22b08243a01"><code>9f9c33b</code></a> Updates for 3.7.1</li> <li><a href="https://github.com/Stuk/jszip/commit/56397458784d2098832301cb11d01a103c72e171"><code>5639745</code></a> Merge branch 'fix-build'</li> <li><a href="https://github.com/Stuk/jszip/commit/e08003ec71bb64677faae808017a2caddbe0508e"><code>e08003e</code></a> Fix lint</li> <li><a href="https://github.com/Stuk/jszip/commit/79f7691e519efaa955097d6e95afa7ef88142dee"><code>79f7691</code></a> Revert "Disable proto assert that fails in browsers"</li> <li><a href="https://github.com/Stuk/jszip/commit/89298b9f26f64d3a2e30c7da1eca303535ab838a"><code>89298b9</code></a> Update gitignore for Mac, and sort</li> <li><a href="https://github.com/Stuk/jszip/commit/81cb5eb244b68131a596959d285cf5c5bcd27e25"><code>81cb5eb</code></a> Temporarily update docs for building dist correctly</li> <li><a href="https://github.com/Stuk/jszip/commit/e5b3f0ddaa8182cd6ea253e97f678b9f36d0d8ac"><code>e5b3f0d</code></a> 3.7.0</li> <li><a href="https://github.com/Stuk/jszip/commit/e88ba4b367a56ba0f87490c231682fa1beacbb19"><code>e88ba4b</code></a> Update for version 3.7.0</li> <li><a href="https://github.com/Stuk/jszip/commit/90464873e370b691882faa28621f796cff6c0fbb"><code>9046487</code></a> Disable proto assert that fails in browsers</li> <li>Additional commits viewable in <a href="https://github.com/Stuk/jszip/compare/v3.6.0...v3.7.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

PullRequestReviewEvent

delete branch pumasecurity/serverless-prey

delete branch : dependabot/npm_and_yarn/panther/color-string-1.5.5

delete time in a month

push eventpumasecurity/serverless-prey

dependabot[bot]

commit sha dea559477826b2ea00a426260faa8ef60381c2ce

Bump color-string from 1.5.4 to 1.5.5 in /panther Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.4 to 1.5.5. - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/compare/1.5.4...1.5.5) --- updated-dependencies: - dependency-name: color-string dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Brandon Evans

commit sha a6e764aa25dc08e20c8d902b619933a0c99fe32d

Merge pull request #33 from pumasecurity/dependabot/npm_and_yarn/panther/color-string-1.5.5 Bump color-string from 1.5.4 to 1.5.5 in /panther

view details

push time in a month

PR merged pumasecurity/serverless-prey

Bump color-string from 1.5.4 to 1.5.5 in /panther dependencies

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps color-string from 1.5.4 to 1.5.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Qix-/color-string/releases">color-string's releases</a>.</em></p> <blockquote> <h2>1.5.5 (Patch/Security Release) - hwb() ReDos patch (low-severity)</h2> <blockquote> <p>Release notes copied verbatim from the commit message, which can be found here: 0789e21284c33d89ebc4ab4ca6f759b9375ac9d3</p> </blockquote> <pre><code>Discovered by Yeting Li, c/o Colin Ife via Snyk.io. <p>A ReDos (Regular Expression Denial of Service) vulnerability was responsibly disclosed to me via email by Colin on Mar 5 2021 regarding an exponential time complexity for linearly increasing input lengths for <code>hwb()</code> color strings.</p> <p>Strings reaching more than 5000 characters would see several milliseconds of processing time; strings reaching more than 50,000 characters began seeing 1500ms (1.5s) of processing time.</p> <p>The cause was due to a the regular expression that parses hwb() strings - specifically, the hue value - where the integer portion of the hue value used a 0-or-more quantifier shortly thereafter followed by a 1-or-more quantifier.</p> <p>This caused excessive backtracking and a cartesian scan, resulting in exponential time complexity given a linear increase in input length.</p> <p>Thank you Yeting Li and Colin Ife for bringing this to my attention in a secure, responsible and professional manner.</p> <p>A CVE will not be assigned for this vulnerability. </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Qix-/color-string/commit/966ae4d80fc8f237674d099ce6214a9fb6a816bb"><code>966ae4d</code></a> 1.5.5</li> <li><a href="https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3"><code>0789e21</code></a> fix ReDos in hwb() parser (low-severity)</li> <li>See full diff in <a href="https://github.com/Qix-/color-string/compare/1.5.4...1.5.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

PullRequestReviewEvent

delete branch pumasecurity/serverless-prey

delete branch : dependabot/npm_and_yarn/cheetah/src/cheetah/color-string-1.5.5

delete time in a month

push eventpumasecurity/serverless-prey

dependabot[bot]

commit sha 723ccdfb0d864bc60cd6573c8778fba25d2d04c9

Bump color-string from 1.5.4 to 1.5.5 in /cheetah/src/cheetah Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.4 to 1.5.5. - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/compare/1.5.4...1.5.5) --- updated-dependencies: - dependency-name: color-string dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Brandon Evans

commit sha cf55dbd76295d8ab878301bda7ca89362560e503

Merge pull request #34 from pumasecurity/dependabot/npm_and_yarn/cheetah/src/cheetah/color-string-1.5.5 Bump color-string from 1.5.4 to 1.5.5 in /cheetah/src/cheetah

view details

push time in a month

PR merged pumasecurity/serverless-prey

Bump color-string from 1.5.4 to 1.5.5 in /cheetah/src/cheetah dependencies

Bumps color-string from 1.5.4 to 1.5.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Qix-/color-string/releases">color-string's releases</a>.</em></p> <blockquote> <h2>1.5.5 (Patch/Security Release) - hwb() ReDos patch (low-severity)</h2> <blockquote> <p>Release notes copied verbatim from the commit message, which can be found here: 0789e21284c33d89ebc4ab4ca6f759b9375ac9d3</p> </blockquote> <pre><code>Discovered by Yeting Li, c/o Colin Ife via Snyk.io. <p>A ReDos (Regular Expression Denial of Service) vulnerability was responsibly disclosed to me via email by Colin on Mar 5 2021 regarding an exponential time complexity for linearly increasing input lengths for <code>hwb()</code> color strings.</p> <p>Strings reaching more than 5000 characters would see several milliseconds of processing time; strings reaching more than 50,000 characters began seeing 1500ms (1.5s) of processing time.</p> <p>The cause was due to a the regular expression that parses hwb() strings - specifically, the hue value - where the integer portion of the hue value used a 0-or-more quantifier shortly thereafter followed by a 1-or-more quantifier.</p> <p>This caused excessive backtracking and a cartesian scan, resulting in exponential time complexity given a linear increase in input length.</p> <p>Thank you Yeting Li and Colin Ife for bringing this to my attention in a secure, responsible and professional manner.</p> <p>A CVE will not be assigned for this vulnerability. </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Qix-/color-string/commit/966ae4d80fc8f237674d099ce6214a9fb6a816bb"><code>966ae4d</code></a> 1.5.5</li> <li><a href="https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3"><code>0789e21</code></a> fix ReDos in hwb() parser (low-severity)</li> <li>See full diff in <a href="https://github.com/Qix-/color-string/compare/1.5.4...1.5.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

PullRequestReviewEvent

delete branch pumasecurity/serverless-prey

delete branch : dependabot/npm_and_yarn/panther/path-parse-1.0.7

delete time in a month

push eventpumasecurity/serverless-prey

dependabot[bot]

commit sha cb42ab92a2ced0ef2f1cd3c3ad030d3fc6f16c53

Bump path-parse from 1.0.6 to 1.0.7 in /panther Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Brandon Evans

commit sha 9ba76f230323db2080b6a9d9e78d9fdf81dbbb7e

Merge pull request #35 from pumasecurity/dependabot/npm_and_yarn/panther/path-parse-1.0.7 Bump path-parse from 1.0.6 to 1.0.7 in /panther

view details

push time in a month