profile
viewpoint
Daniel Schalla DSchalla Mattermost, Inc. Germany

DSchalla/Claptrap 14

Rule-based Bot Engine for Mattermost

DSchalla/cakephp-controllerinfo 2

[WIP] CakePHP Plugin which provides information about all CakePHP Controllers used

timconner/mattermost-server 1

Open source Slack-alternative in Golang and React - Mattermost

DSchalla/cakephp-rbac 0

[WIP] RBAC Plugin for CakePHP

DSchalla/cheatsheets 0

random brain dumps

DSchalla/docs 0

Mattermost documentation

DSchalla/go-twitch 0

Go library for accessing the Twitch-API.

PR opened DSchalla/mattermost-webapp

[Snyk] Security upgrade highlight.js from 9.15.6 to 9.18.2

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 576/1000 <br/> Why? Recently disclosed, Has a fix available, CVSS 5.8 Prototype Pollution <br/>SNYK-JS-HIGHLIGHTJS-1045326 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmZGFlYTA2YS0wNWRjLTRmZGItYjM2Mi04OTdkMGI4YzU1YWYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImZkYWVhMDZhLTA1ZGMtNGZkYi1iMzYyLTg5N2QwYjhjNTVhZiJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+34 -15

0 comment

2 changed files

pr created time in 6 days

startedHID-Technologies/Skeleton-Dactyl-Mini

started time in 22 days

startedgo-critic/go-critic

started time in a month

PR opened DSchalla/mattermost-webapp

[Snyk] Security upgrade chart.js from 2.8.0 to 2.9.4

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000 <br/> Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 Prototype Pollution <br/>SNYK-JS-CHARTJS-1018716 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>chart.js</b></summary> The new version differs by 115 commits.</br> <ul> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/1d92605aa6c29add400c4c551413fc2306c15e8d">1d92605</a> Use Object.create(null) as `merge` target (#7920)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/dff7140070c4e68731f17d577cca9fd82fe55498">dff7140</a> When objects are merged together, the target prototype can be polluted. (#7918)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/d9191889255ceaad120c793906e1463fad382075">d919188</a> Bump verison number to v2.9.4</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/42ed5895b28fcfd10d43e1ce7a54bfa7e060998b">42ed589</a> Fix Maximum call stack size exception in computeLabelSizes (#7883)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/063b7dc075e87eeec6334808bcc90af165f7421e">063b7dc</a> [2.9] FitBoxes recursion when dimensions are NaN (#7853)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/2493cb5a2f65ce5e5afc031eb067d3769f06a3e7">2493cb5</a> Use node v12.18.2 on Travis CI (#7864)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/679ec4acc5b669ebf6b0f45c4b508dfce22cacea">679ec4a</a> docs: fix rollup external moment (#7587)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/484f0d1e518963436d5013f61001558ef9788edf">484f0d1</a> Preserve object prototypes when cloning (#7404)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/2df6986fbe466c1a4009014bf7ed3b91442f97ad">2df6986</a> Look for any branch starting with release (#7087) (#7089)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/26ea9f0bbc4ceb3076e65b89a62295babcbc42d1">26ea9f0</a> Update version number to 2.9.3 (#6725)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/a307a2a63d60440f9c6c6ce37319a16ba1e1e53d">a307a2a</a> Don't make legend empty when fill is false (#6719)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/c44229fb9669ed927615cae5def45734bef52aa8">c44229f</a> Fix undefined variable (#6698)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/a985fecc98c00ebef3f6a0413992899d5397b8ad">a985fec</a> Stop unnecessary line calculations (#6671)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/1cce8a54c0503b8381226aab803bdf556b521779">1cce8a5</a> Backward compatible default `fill` for radar charts (#6655)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/a920bfe34f3cb5abe51eb73315fc060c7240a2dd">a920bfe</a> Hide correct dataset from legend (#6661)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/201fe46f4aee461da42868a587b055afb43e5b3d">201fe46</a> Versatile clipping for lines (#6660)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/ad26311058990e9d71cfefb31043455bb2b5377b">ad26311</a> Refresh package-lock to pick up new version of chartjs-colors (#6663)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/8abfbcb5e982928371f9ae9c4095de32a2b1165f">8abfbcb</a> Update version number to v2.9.2 (#6657)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/45550ed7c2d80fc68658d26c6cc533627f2bd66b">45550ed</a> Combine performance docs (#6643)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/65421bbed9c98c289c379bc4efef72fc9fa6fce3">65421bb</a> Use `document` when `getRootNode` is unsupported (#6641)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/a92dd7b97fb6adef4ae9b5b8f86e37dc9be854df">a92dd7b</a> Release v2.9.1 (#6618)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/26b9d1f6ad0abceb27acae2c5835250588748eff">26b9d1f</a> Merge pull request #6601 from chartjs/master</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/ea100d400e47877aaee29c4549536238549983a1">ea100d4</a> Bump version number to 2.9.0 (#6600)</li> <li><a href="https://snyk.io/redirect/github/chartjs/Chart.js/commit/333118bff64b3f0d750b94e9dc09792b974dbdd3">333118b</a> Hover styling for dataset in 'dataset' mode (#6527)</li> </ul>

<a href="https://snyk.io/redirect/github/chartjs/Chart.js/compare/947d8a7ccfbfc76dd9d384ea75436fa4a7aeefb1...1d92605aa6c29add400c4c551413fc2306c15e8d">See the full diff</a> </details> </details>

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI5MDUyZDQ5MS1kMzc1LTQ3YjktYjllYS00MTBkYjRiYjY2YTEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjkwNTJkNDkxLWQzNzUtNDdiOS1iOWVhLTQxMGRiNGJiNjZhMSJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+51 -22

0 comment

2 changed files

pr created time in a month

startedclarkerubber/irwin

started time in 2 months

startedDSchalla/Claptrap

started time in 2 months

startedbrickbots/aball

started time in 2 months

PR opened DSchalla/mattermost-webapp

[Snyk] Security upgrade react-router-dom from 5.0.0 to 5.0.1

<h3>Snyk has created this PR to fix one or more vulnerable packages in the npm dependencies of this project.</h3>

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 591/1000 <br/> Why? Recently disclosed, Has a fix available, CVSS 5.9 Denial of Service <br/>SNYK-JS-NODEFETCH-674311 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

<details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>react-router-dom</b></summary> The new version differs by 37 commits.</br> <ul> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/0c9a10d9807b879912f2dff2fbebffe0aa7048ed">0c9a10d</a> v5.0.1</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/b0bb9590dcccd5c455770d75b3559431fdfd67ed">b0bb959</a> Update package locks</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/8ed894fbce683a23ab109dd633322958897fdcf5">8ed894f</a> add hooks option to scroll restoration docs (#6762)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/0f5d701648568cf95bef66c9be0798c15eef6d50">0f5d701</a> Small code change in matchPath.md (#6761)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/caa9950c752386ab1b4db71e322b452d2f72dfca">caa9950</a> esModule: false fix read only TypeError in expors (#6758)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/bd436ce9aa09213c86ff2554e5b3d9bd512150cc">bd436ce</a> Merge branch 'website'</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/a38ef042697ccc1c70bcdaf07d05ad994a31594d">a38ef04</a> Don't override path in NavLink component. Fixes #6613 (#6623)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/97f0eee29509463f9166de9455b2fc8dcdc0b1c0">97f0eee</a> Removing "update blocking" content (#6652)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/56c829bfad227ac8c096610e089871d231bf89ea">56c829b</a> fix(react-router): Allow string and object refs in withRouter (#6680)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/aeccaebad0fe4de66e96867a2aef3e82774a26fa">aeccaeb</a> Updated some devDependencies to fix audit warnings (#6741)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/48a97bf9b6af0da8f80093c23ea468fd47cadc5a">48a97bf</a> Fix build on windows. (#6740)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/82ce94c3b4e74f71018d104df6dc999801fa9ab2">82ce94c</a> prevent reload of page if an error occurs in onClick event handler (#6711)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/7bd1407803ba8fbec8283f12a27128b8bd4bde75">7bd1407</a> matchPath: Fixed exception thrown if `path` is undefined (#6715)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/67df6466d3379d1ac859de904d9e1f88d12003af">67df646</a> use huskyrc file (#6706)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/29155fc090788c5edfd21b55bf185f2bdf25e41e">29155fc</a> Update matchPath docs (#6703)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/3ccbd191328d4a5ecf6651bae62283cf1aa1c477">3ccbd19</a> Add a default value for context in StaticRouter.navigateTo (#6698)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/f7c8e564c112742efa3eb89e4f9c062c93f43900">f7c8e56</a> Fix website internal links not prepended with public path (#6678)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/992af489b886764cf5c21c7edf4d4615aabecf7c">992af48</a> Switch to mini-create-router-context (#6692)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/2ce1d329b0384e69adc1ec23249d7f4b261c5f0b">2ce1d32</a> call createLocation on 'to' regardless of type (#6690)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/10d78bbaaae70657f00154481e717b3c8c65b3a2">10d78bb</a> withRouter: Directly use RouterContext instead of Route. (#6685)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/017f692af74f5797c65d86265c063bc0ea829e13">017f692</a> Fixed maximum update depth exceeded caused by Redirect. (#6674)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/f9849c832a83eb2802d6b934b51bef4a2cb7f880">f9849c8</a> Pin create-react-context to 0.2.2 (#6682)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/6a99c9362d46f768d93bbf9b9bc657ca7ce683be">6a99c93</a> fix: set DisplayName correctly for Named Context (#6677)</li> <li><a href="https://snyk.io/redirect/github/ReactTraining/react-router/commit/13b044a240d469738bf78ab044f6da8f63639773">13b044a</a> Document Redirect sensitive prop. (#6676)</li> </ul>

<a href="https://snyk.io/redirect/github/ReactTraining/react-router/compare/ea8eba843bf899daf8a51c2617d05c179b38369d...0c9a10d9807b879912f2dff2fbebffe0aa7048ed">See the full diff</a> </details> </details>

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJjODVlYmU5Ni0zNTk5LTQ3ZjUtYjQzMC02YTQwMDRiYjJmNWYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImM4NWViZTk2LTM1OTktNDdmNS1iNDMwLTZhNDAwNGJiMmY1ZiJ9fQ==" width="0" height="0"/> 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

+92 -50

0 comment

2 changed files

pr created time in 2 months

push eventNetSec-Focus/netsec-focus.github.io

tjnull

commit sha d3859dbe406ad951b8e797ac945182f2cd23e239

Create 2020-09-21-Tjnulls_guide_to_building_a_Home_Lab.markdown

view details

push time in 2 months

startededbentley/ts-validate-type

started time in 3 months

startedcaddyserver/certmagic

started time in 3 months

delete branch mattermost/mattermost-metrics-server

delete branch : dependabot/npm_and_yarn/decompress-4.2.1

delete time in 3 months

push eventmattermost/mattermost-metrics-server

dependabot[bot]

commit sha ce65e0eac5a6e28c3fe525946206d393a7e8358f

Bump decompress from 4.2.0 to 4.2.1 (#16) Bumps [decompress](https://github.com/kevva/decompress) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/kevva/decompress/releases) - [Commits](https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 3 months

PR merged mattermost/mattermost-metrics-server

Bump decompress from 4.2.0 to 4.2.1 dependencies

Bumps decompress from 4.2.0 to 4.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kevva/decompress/releases">decompress's releases</a>.</em></p> <blockquote> <h2>v4.2.1</h2> <ul> <li>Prevent directory traversal (<a href="https://github-redirect.dependabot.com/kevva/decompress/issues/73">#73</a>) 967146e</li> </ul> <p><a href="https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1">https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kevva/decompress/commit/84a8c1046946add1a6ae01c54dbebf312e4ffc85"><code>84a8c10</code></a> 4.2.1</li> <li><a href="https://github.com/kevva/decompress/commit/fafff47880cb5b47b022cd7be5542d576448603a"><code>fafff47</code></a> Meta tweaks</li> <li><a href="https://github.com/kevva/decompress/commit/967146e70f48be32ed1a69daa3941d681944d513"><code>967146e</code></a> Prevent directory traversal (<a href="https://github-redirect.dependabot.com/kevva/decompress/issues/73">#73</a>)</li> <li><a href="https://github.com/kevva/decompress/commit/74a462a139cc2561b6695e696266c8dc31562d3d"><code>74a462a</code></a> Meta tweaks</li> <li><a href="https://github.com/kevva/decompress/commit/7ddadd92139079e520cb822a03fe4260b7db7676"><code>7ddadd9</code></a> Add note about <code>filter</code> option</li> <li>See full diff in <a href="https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

push eventmattermost/mattermost-metrics-server

dependabot[bot]

commit sha 51e96d4c310a134b2bb90fb183b9ccf7aeeba562

Bump handlebars from 4.4.3 to 4.7.6 (#17) Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.4.3 to 4.7.6. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.4.3...v4.7.6) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 3 months

delete branch mattermost/mattermost-metrics-server

delete branch : dependabot/npm_and_yarn/handlebars-4.7.6

delete time in 3 months

PR merged mattermost/mattermost-metrics-server

Bump handlebars from 4.4.3 to 4.7.6 dependencies

Bumps handlebars from 4.4.3 to 4.7.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson">@dougwilson</a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo">@aorinevo</a>, <a href="https://api.github.com/users/AviVahl">@AviVahl</a> & <a href="https://api.github.com/users/fabb">@fabb</a>)</li> </ul> <p>Compatibility notes:</p> <ul> <li>No incompatibilities are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.3...v4.7.4">Commits</a></p> <h2>v4.7.3 - February 5th, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1644">#1644</a> - Download links to aws broken on handlebarsjs.com - access denied (<a href="https://api.github.com/users/Tea56">@Tea56</a>)</li> <li>Fix spelling and punctuation in changelog - d78cc73</li> </ul> <p>Bugfixes:</p> <ul> <li>Add Type Definition for Handlebars.VERSION, Fixes <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1647">#1647</a> - 4de51fe</li> <li>Include Type Definition for runtime.js in Package - a32d05f</li> </ul> <p>Compatibility notes:</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/b64202bc9197307bd785a58693e3820eb9bb41a8"><code>b64202b</code></a> Update release-notes.md</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/c2f1e6203178918569f085e12afdb762cae17fb0"><code>c2f1e62</code></a> Switch cmd parser to latest minimist</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/08e9a11a34c3ad8387a0b85b1334f97cab85191a"><code>08e9a11</code></a> Revert "chore: set Node.js compatibility to v6+"</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/1fd2edee2a12fb228061fcde807905c6b14339c4"><code>1fd2ede</code></a> v4.7.5</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/3c9c2f5cf29cf10f54d5fe4daca6b24b65f0adcf"><code>3c9c2f5</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/16487a088e13f4d52c6fd6610b9ec71c4a51be8a"><code>16487a0</code></a> chore: downgrade yargs to v14</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/309d2b49a11628d2a8f052c5587e7459968cd705"><code>309d2b4</code></a> chore: set Node.js compatibility to v6+</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/645ac73844918668f9a2f41e49b7cb18ce5abf36"><code>645ac73</code></a> test: fix integration tests</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.4.3...v4.7.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~erisds">erisds</a>, a new releaser for handlebars since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+18 -29

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

PR opened mattermost/mattermost-metrics-server

Bump handlebars from 4.4.3 to 4.7.6

Bumps handlebars from 4.4.3 to 4.7.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson">@dougwilson</a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo">@aorinevo</a>, <a href="https://api.github.com/users/AviVahl">@AviVahl</a> & <a href="https://api.github.com/users/fabb">@fabb</a>)</li> </ul> <p>Compatibility notes:</p> <ul> <li>No incompatibilities are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.3...v4.7.4">Commits</a></p> <h2>v4.7.3 - February 5th, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1644">#1644</a> - Download links to aws broken on handlebarsjs.com - access denied (<a href="https://api.github.com/users/Tea56">@Tea56</a>)</li> <li>Fix spelling and punctuation in changelog - d78cc73</li> </ul> <p>Bugfixes:</p> <ul> <li>Add Type Definition for Handlebars.VERSION, Fixes <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1647">#1647</a> - 4de51fe</li> <li>Include Type Definition for runtime.js in Package - a32d05f</li> </ul> <p>Compatibility notes:</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/b64202bc9197307bd785a58693e3820eb9bb41a8"><code>b64202b</code></a> Update release-notes.md</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/c2f1e6203178918569f085e12afdb762cae17fb0"><code>c2f1e62</code></a> Switch cmd parser to latest minimist</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/08e9a11a34c3ad8387a0b85b1334f97cab85191a"><code>08e9a11</code></a> Revert "chore: set Node.js compatibility to v6+"</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/1fd2edee2a12fb228061fcde807905c6b14339c4"><code>1fd2ede</code></a> v4.7.5</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/3c9c2f5cf29cf10f54d5fe4daca6b24b65f0adcf"><code>3c9c2f5</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/16487a088e13f4d52c6fd6610b9ec71c4a51be8a"><code>16487a0</code></a> chore: downgrade yargs to v14</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/309d2b49a11628d2a8f052c5587e7459968cd705"><code>309d2b4</code></a> chore: set Node.js compatibility to v6+</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/645ac73844918668f9a2f41e49b7cb18ce5abf36"><code>645ac73</code></a> test: fix integration tests</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.4.3...v4.7.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~erisds">erisds</a>, a new releaser for handlebars since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+18 -29

0 comment

1 changed file

pr created time in 3 months

PR opened mattermost/mattermost-metrics-server

Bump decompress from 4.2.0 to 4.2.1

Bumps decompress from 4.2.0 to 4.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/kevva/decompress/releases">decompress's releases</a>.</em></p> <blockquote> <h2>v4.2.1</h2> <ul> <li>Prevent directory traversal (<a href="https://github-redirect.dependabot.com/kevva/decompress/issues/73">#73</a>) 967146e</li> </ul> <p><a href="https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1">https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kevva/decompress/commit/84a8c1046946add1a6ae01c54dbebf312e4ffc85"><code>84a8c10</code></a> 4.2.1</li> <li><a href="https://github.com/kevva/decompress/commit/fafff47880cb5b47b022cd7be5542d576448603a"><code>fafff47</code></a> Meta tweaks</li> <li><a href="https://github.com/kevva/decompress/commit/967146e70f48be32ed1a69daa3941d681944d513"><code>967146e</code></a> Prevent directory traversal (<a href="https://github-redirect.dependabot.com/kevva/decompress/issues/73">#73</a>)</li> <li><a href="https://github.com/kevva/decompress/commit/74a462a139cc2561b6695e696266c8dc31562d3d"><code>74a462a</code></a> Meta tweaks</li> <li><a href="https://github.com/kevva/decompress/commit/7ddadd92139079e520cb822a03fe4260b7db7676"><code>7ddadd9</code></a> Add note about <code>filter</code> option</li> <li>See full diff in <a href="https://github.com/kevva/decompress/compare/v4.2.0...v4.2.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 3 months

startedvlang/v

started time in 3 months

startedzmkfirmware/zmk

started time in 3 months

startedboldport/pcbmode

started time in 3 months

startedfranko/lite-xl

started time in 3 months

startedMaartenwut/plain60-c

started time in 3 months

more