profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/NickSchimek/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Nick Schimek NickSchimek @Jetbuilt Portland, OR - Tokyo, JP nickschimek.com I like food.

codeforpdx/old_website 2

Code for PDX website

NickSchimek/basic_rights 2

A project to facilitate communications between community agencies to mitigate service shortages

AgileVentures/POODR 1

Working through the POODR

championer-org/championer_one 1

Project repo for championer.org website

NickSchimek/deploy_jamstack_action 1

A GitHub Action for deploying static sites to GitHub pages. Works with any static site generator. Simple, fast, and easy.

AgileVentures/acts_as_follower 0

A Gem to add Follow functionality for models

AgileVentures/algorithms-mob 0

Solutions of Interview Algorithm problems in multiple languages

AgileVentures/pivotal-tracker-api 0

This is a Ruby Gem that can be used to communicate with the Pivotal Tracker API v5

fork dogi/lookaroundrunner

Looking inside github action ubuntu runner

fork in a day

release tj/terminal-table

v3.0.1

released time in 2 days

release tj/terminal-table

v3.0.0

released time in 2 days

pull request commentNickSchimek/recordexpungPDX

[Security] Bump hosted-git-info from 2.7.1 to 2.8.9 in /src/frontend

The following labels could not be found: frontend.

dependabot-preview[bot]

comment created time in 5 days

PR opened NickSchimek/recordexpungPDX

[Security] Bump hosted-git-info from 2.7.1 to 2.8.9 in /src/frontend

Bumps hosted-git-info from 2.7.1 to 2.8.9. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-43f8-2h32-f4cj">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Regular Expression Denial of Service in hosted-git-info</strong> The npm package <code>hosted-git-info</code> before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity</p> <p>Affected versions: < 2.8.9</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md">hosted-git-info's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9">2.8.9</a> (2021-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>backport regex fix from <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/76">#76</a> (<a href="https://github.com/npm/hosted-git-info/commit/29adfe5">29adfe5</a>), closes <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/84">#84</a></li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.7...v2.8.8">2.8.8</a> (2020-02-29)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/61">#61</a> & <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/65">#65</a> addressing issues w/ url.URL implmentation which regressed node 6 support (<a href="https://github.com/npm/hosted-git-info/commit/5038b18">5038b18</a>), closes <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/66">#66</a></li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.6...v2.8.7">2.8.7</a> (2020-02-26)</h2> <h3>Bug Fixes</h3> <ul> <li>Do not attempt to use url.URL when unavailable (<a href="https://github.com/npm/hosted-git-info/commit/2d0bb66">2d0bb66</a>), closes <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/61">#61</a> <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/62">#62</a></li> <li>Do not pass scp-style URLs to the WhatWG url.URL (<a href="https://github.com/npm/hosted-git-info/commit/f2cdfcf">f2cdfcf</a>), closes <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/60">#60</a></li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.6">2.8.6</a> (2020-02-25)</h2> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.4...v2.8.5">2.8.5</a> (2019-10-07)</h2> <h3>Bug Fixes</h3> <ul> <li>updated pathmatch for gitlab (<a href="https://github.com/npm/hosted-git-info/commit/e8325b5">e8325b5</a>), closes <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/51">#51</a></li> <li>updated pathmatch for gitlab (<a href="https://github.com/npm/hosted-git-info/commit/ffe056f">ffe056f</a>)</li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.3...v2.8.4">2.8.4</a> (2019-08-12)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01"><code>8d4b369</code></a> chore(release): 2.8.9</li> <li><a href="https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7"><code>29adfe5</code></a> fix: backport regex fix from <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/76">#76</a></li> <li><a href="https://github.com/npm/hosted-git-info/commit/afeaefdd86ba9bb5044be3c1554a666d007cf19a"><code>afeaefd</code></a> chore(release): 2.8.8</li> <li><a href="https://github.com/npm/hosted-git-info/commit/5038b1891a61ca3cd7453acbf85d7011fe0086bb"><code>5038b18</code></a> fix: <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/61">#61</a> & <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/65">#65</a> addressing issues w/ url.URL implmentation which regressed nod...</li> <li><a href="https://github.com/npm/hosted-git-info/commit/7440afa859162051c191e55d8ecfaf69a193b026"><code>7440afa</code></a> chore(release): 2.8.7</li> <li><a href="https://github.com/npm/hosted-git-info/commit/2d0bb6615ecb8f9ef1019bc0737aab7f6449641f"><code>2d0bb66</code></a> fix: Do not attempt to use url.URL when unavailable</li> <li><a href="https://github.com/npm/hosted-git-info/commit/f2cdfcf33ad2bd3bd1acdba0326281089f53c5b1"><code>f2cdfcf</code></a> fix: Do not pass scp-style URLs to the WhatWG url.URL</li> <li><a href="https://github.com/npm/hosted-git-info/commit/e1b83df5d9cb1f8bb220352e20565560548d2292"><code>e1b83df</code></a> chore(release): 2.8.6</li> <li><a href="https://github.com/npm/hosted-git-info/commit/ff259a6117c62df488e927820e30bec2f7ee453f"><code>ff259a6</code></a> Ensure passwords in hosted Git URLs are correctly escaped</li> <li><a href="https://github.com/npm/hosted-git-info/commit/624fd6f301dd5a1fd7ad1b333d6f8921a12ff98c"><code>624fd6f</code></a> chore(release): 2.8.5</li> <li>Additional commits viewable in <a href="https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~nlf">nlf</a>, a new releaser for hosted-git-info since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -3

0 comment

1 changed file

pr created time in 5 days

release puma/puma

v5.3.0

released time in 5 days

pull request commentNickSchimek/recordexpungPDX

[Security] Bump url-parse from 1.4.7 to 1.5.1 in /src/frontend

The following labels could not be found: frontend.

dependabot-preview[bot]

comment created time in 6 days

PR opened NickSchimek/recordexpungPDX

[Security] Bump url-parse from 1.4.7 to 1.5.1 in /src/frontend

Bumps url-parse from 1.4.7 to 1.5.1. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-9m6j-fcg5-2442">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Path reaversal in url-parse</strong> url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.</p> <p>Affected versions: < 1.5.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/unshiftio/url-parse/commit/eb6d9f51e395b7e47bf2594e457d541db21c713b"><code>eb6d9f5</code></a> [dist] 1.5.1</li> <li><a href="https://github.com/unshiftio/url-parse/commit/750d8e8a9d45dbce9ff09759f0fe4564cdd47d74"><code>750d8e8</code></a> [fix] Fixes relative path resolving <a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/199">#199</a> <a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/200">#200</a> (<a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/201">#201</a>)</li> <li><a href="https://github.com/unshiftio/url-parse/commit/3ac777474ba5dc48a7e33771cbb311fc6f69bef8"><code>3ac7774</code></a> [test] Make test consistent for browser testing</li> <li><a href="https://github.com/unshiftio/url-parse/commit/267a0c6f7ef1a58271be61611c5103daace602c9"><code>267a0c6</code></a> [dist] 1.5.0</li> <li><a href="https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0"><code>d1e7e88</code></a> [security] More backslash fixes (<a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/197">#197</a>)</li> <li><a href="https://github.com/unshiftio/url-parse/commit/d99bf4cf259b7378c855f786edc253e70405ffdc"><code>d99bf4c</code></a> [ignore] Remove npm-debug.log from .gitignore</li> <li><a href="https://github.com/unshiftio/url-parse/commit/422c8b5e4cac6a79cd35b4e86731476dcbeec7e4"><code>422c8b5</code></a> [pkg] Replace nyc with c8</li> <li><a href="https://github.com/unshiftio/url-parse/commit/933809d630c7b21399b4e5df59fccccd80033b21"><code>933809d</code></a> [pkg] Move coveralls to dev dependencies</li> <li><a href="https://github.com/unshiftio/url-parse/commit/190b2168035899a2a88f2dc2625963bf7e2f338f"><code>190b216</code></a> [pkg] Add .npmrc</li> <li><a href="https://github.com/unshiftio/url-parse/commit/ce3783f4ea25753cfa36376769c14e4e2fe6ea80"><code>ce3783f</code></a> [test] Do not test on all available versions of Edge and Safari</li> <li>Additional commits viewable in <a href="https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -3

0 comment

1 changed file

pr created time in 6 days

delete branch NickSchimek/recordexpungPDX

delete branch : dependabot/npm_and_yarn/src/frontend/handlebars-4.7.6

delete time in 6 days

PR closed NickSchimek/recordexpungPDX

[Security] Bump handlebars from 4.4.2 to 4.7.6 in /src/frontend security

Bumps handlebars from 4.4.2 to 4.7.6. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/519.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Denial of Service</strong> Crash Node.js process from handlebars using a small and simple source</p> <p>Affected versions: <4.6.0</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson">@dougwilson</a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo">@aorinevo</a>, <a href="https://api.github.com/users/AviVahl">@AviVahl</a> & <a href="https://api.github.com/users/fabb">@fabb</a>)</li> </ul> <p>Compatibility notes:</p> <ul> <li>No incompatibilities are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.3...v4.7.4">Commits</a></p> <h2>v4.7.3 - February 5th, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1644">#1644</a> - Download links to aws broken on handlebarsjs.com - access denied (<a href="https://api.github.com/users/Tea56">@Tea56</a>)</li> <li>Fix spelling and punctuation in changelog - d78cc73</li> </ul> <p>Bugfixes:</p> <ul> <li>Add Type Definition for Handlebars.VERSION, Fixes <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1647">#1647</a> - 4de51fe</li> <li>Include Type Definition for runtime.js in Package - a32d05f</li> </ul> <p>Compatibility notes:</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/b64202bc9197307bd785a58693e3820eb9bb41a8"><code>b64202b</code></a> Update release-notes.md</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/c2f1e6203178918569f085e12afdb762cae17fb0"><code>c2f1e62</code></a> Switch cmd parser to latest minimist</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/08e9a11a34c3ad8387a0b85b1334f97cab85191a"><code>08e9a11</code></a> Revert "chore: set Node.js compatibility to v6+"</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/1fd2edee2a12fb228061fcde807905c6b14339c4"><code>1fd2ede</code></a> v4.7.5</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/3c9c2f5cf29cf10f54d5fe4daca6b24b65f0adcf"><code>3c9c2f5</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/16487a088e13f4d52c6fd6610b9ec71c4a51be8a"><code>16487a0</code></a> chore: downgrade yargs to v14</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/309d2b49a11628d2a8f052c5587e7459968cd705"><code>309d2b4</code></a> chore: set Node.js compatibility to v6+</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/645ac73844918668f9a2f41e49b7cb18ce5abf36"><code>645ac73</code></a> test: fix integration tests</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.4.2...v4.7.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~erisds">erisds</a>, a new releaser for handlebars since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+11 -26

2 comments

1 changed file

dependabot-preview[bot]

pr closed time in 6 days

pull request commentNickSchimek/recordexpungPDX

[Security] Bump handlebars from 4.4.2 to 4.7.7 in /src/frontend

The following labels could not be found: frontend.

dependabot-preview[bot]

comment created time in 6 days

PR opened NickSchimek/recordexpungPDX

[Security] Bump handlebars from 4.4.2 to 4.7.7 in /src/frontend

Bumps handlebars from 4.4.2 to 4.7.7. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/519.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Denial of Service</strong> Crash Node.js process from handlebars using a small and simple source</p> <p>Affected versions: <4.6.0</p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-f52g-6jhx-586p">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Denial of Service in handlebars</strong> Affected versions of <code>handlebars</code> are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.</p> <h2>Recommendation</h2> <p>Upgrade to version 4.4.5 or later.</p> <p>Affected versions: >= 4.0.0 < 4.4.5</p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-2cf5-4w76-r9qv">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Arbitrary Code Execution in handlebars</strong> Versions of <code>handlebars</code> prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).</p> <p>The following template can be used to demonstrate the vulnerability:</p> <pre lang="{{#with" data-meta=""constructor"}}"><code> {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}``` <h2>Recommendation</h2> <p>Upgrade to version 3.0.8, 4.5.2 or later.</p> <p>Affected versions: >= 4.0.0 < 4.5.2 </code></pre></p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-g9r4-xpmj-mj65">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Prototype Pollution in handlebars</strong> Versions of <code>handlebars</code> prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.</p> <h2>Recommendation</h2> <p>Upgrade to version 3.0.8, 4.5.3 or later.</p> <p>Affected versions: >= 4.0.0 < 4.5.3</p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-f2jv-r9rf-7988">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Remote code execution in handlebars when compiling templates</strong> The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.</p> <p>Affected versions: < 4.7.7</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.7 - February 15th, 2021</h2> <ul> <li>fix weird error in integration tests - eb860c0</li> <li>fix: check prototype property access in strict-mode (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1736">#1736</a>) - b6d3de7</li> <li>fix: escape property names in compat mode (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1736">#1736</a>) - f058970</li> <li>refactor: In spec tests, use expectTemplate over equals and shouldThrow (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1683">#1683</a>) - 77825f8</li> <li>chore: start testing on Node.js 12 and 13 - 3789a30</li> </ul> <p>(POSSIBLY) BREAKING CHANGES:</p> <ul> <li>the changes from version <a href="https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020">4.6.0</a> now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633">#1633</a> for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.</li> </ul> <p>That is why we only bump the patch version despite mentioning breaking changes.</p> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7">Commits</a></p> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson"><code>@​dougwilson</code></a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo"><code>@​aorinevo</code></a>, <a href="https://api.github.com/users/AviVahl"><code>@​AviVahl</code></a> & <a href="https://api.github.com/users/fabb"><code>@​fabb</code></a>)</li> </ul> <p>Compatibility notes:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/a9a8e403213583ca90cb7c872d3a22796c37d961"><code>a9a8e40</code></a> v4.7.7</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e66aed5b99c1b6c93564f37d627e34e5d60eb76e"><code>e66aed5</code></a> Update release notes</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/7d4d170ce46a53084a41920c5c7387c131357989"><code>7d4d170</code></a> disable IE in Saucelabs tests</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/eb860c08998f8f506360d305d89e1f4b40f72a0a"><code>eb860c0</code></a> fix weird error in integration tests</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8"><code>b6d3de7</code></a> fix: check prototype property access in strict-mode (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1736">#1736</a>)</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"><code>f058970</code></a> fix: escape property names in compat mode (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1736">#1736</a>)</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/77825f8d3522356feb8e4160fac16344104d192b"><code>77825f8</code></a> refator: In spec tests, use expectTemplate over equals and shouldThrow (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1683">#1683</a>)</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/3789a309554fd600caeae442f40881cf93eb3b54"><code>3789a30</code></a> chore: start testing on Node.js 12 and 13</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/handlebars-lang/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.4.2...v4.7.7">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+11 -26

0 comment

1 changed file

pr created time in 6 days

MemberEvent

push eventAgileVentures/pivotal-tracker-api

Thomas

commit sha bd25eba9387b6b318ed03e6b391a1732e4588383

bumpes internal AV version to 1.0.4

view details

push time in 7 days

created repositoryroschaefer/svelte-memory-game

created time in 9 days

delete branch NickSchimek/recordexpungPDX

delete branch : dependabot/npm_and_yarn/src/frontend/types/node-14.14.31

delete time in 11 days

PR closed NickSchimek/recordexpungPDX

Bump @types/node from 12.12.14 to 14.14.31 in /src/frontend

Bumps @types/node from 12.12.14 to 14.14.31. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

2 comments

2 changed files

dependabot-preview[bot]

pr closed time in 11 days

pull request commentNickSchimek/recordexpungPDX

Bump @types/node from 12.12.14 to 15.0.1 in /src/frontend

The following labels could not be found: frontend.

dependabot-preview[bot]

comment created time in 11 days

PR opened NickSchimek/recordexpungPDX

Bump @types/node from 12.12.14 to 15.0.1 in /src/frontend

Bumps @types/node from 12.12.14 to 15.0.1. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

0 comment

2 changed files

pr created time in 11 days

delete branch NickSchimek/recordexpungPDX

delete branch : dependabot/npm_and_yarn/src/frontend/redux-4.0.5

delete time in 11 days

PR closed NickSchimek/recordexpungPDX

Bump redux from 4.0.4 to 4.0.5 in /src/frontend

Bumps redux from 4.0.4 to 4.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/reduxjs/redux/releases">redux's releases</a>.</em></p> <blockquote> <h2>v4.0.5</h2> <p>This release includes a memory leak fix, and a fix for removing reducers with replaceReducer and combineReducers.</p> <p>There are also some TypeScript changes, which require version 3.5 or higher. This also removes our <code>DeepPartial</code> type, which wasn't intended to be a public API. If you need this type, you can find an equivalent of likely higher quality in the <code>utility-types</code> package.</p> <p>Speaking of TypeScript, we are done with converting the code to TypeScript on <code>master</code> and are looking to get some TS improvements in before launching 5.0. If you're interested in helping, feel free to submit a PR with anything you'd like to contribute.</p> <h2><a href="https://github.com/reactjs/redux/compare/v4.0.4...v4.0.5">Changes</a></h2> <ul> <li>Clear current listeners on store unsubscribe (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3475">#3475</a> by <a href="https://github.com/dmitrysteblyuk">@dmitrysteblyuk</a>)</li> <li>Fix for combineReducers when replaceReducers removes a reducer (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3490">#3490</a> by <a href="https://github.com/anubhavgupta">@anubhavgupta</a>)</li> <li><em>TypeScript:</em> Add strict type inference overload for combineReducers (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3484">#3484</a> by <a href="https://github.com/ChrisAckerman">@ChrisAckerman</a>)</li> <li><em>TypeScript:</em> Preloaded state is now selectively partial (instead of deeply partial) (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3485">#3485</a> by <a href="https://github.com/ChrisAckerman">@ChrisAckerman</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/reduxjs/redux/commit/45281b6b3f6bfe69ceb2450c2c48961e2891d2c9"><code>45281b6</code></a> 4.0.5</li> <li><a href="https://github.com/reduxjs/redux/commit/a5739d9455afbed663a4ca1fcac002988c885fcb"><code>a5739d9</code></a> Fixed broken link (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3551">#3551</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/9c9a4d2a1c62c9dbddcbb05488f8bd77d24c81de"><code>9c9a4d2</code></a> Fixed combineReducers changeDetection logic(<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3488">#3488</a>) (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3490">#3490</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/0ac73b52f17e7b91487cd5fa0b80bcdad1b344dc"><code>0ac73b5</code></a> <a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/2808">#2808</a> Preloaded state is now selectively partial (instead of deeply partial)....</li> <li><a href="https://github.com/reduxjs/redux/commit/63dda816402d11766e76f92eb180cfeaba84b4c0"><code>63dda81</code></a> <a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/2979">#2979</a> Add strict type inference overload for combineReducers. (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3484">#3484</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/6afef6ac17c1de8642ea57edc548d52384facd11"><code>6afef6a</code></a> Minor language fix (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3498">#3498</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/39cc043c55a770503bab3daf6026da5340923632"><code>39cc043</code></a> docs: fix store methods link (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3497">#3497</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/14efbe1cccdca915b5bb9ff8ce22da4c4d5d6868"><code>14efbe1</code></a> Update UsingObjectSpreadOperator.md (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3367">#3367</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/42474f38690030f9c853f5ac1aa4959349d7ff15"><code>42474f3</code></a> Remove outdated rule on single quotes in docs (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3495">#3495</a>)</li> <li><a href="https://github.com/reduxjs/redux/commit/7d3c0834f3b5083e65e186b4d522390aee7b2ff5"><code>7d3c083</code></a> Fix links to some headings with special chars (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3494">#3494</a>)</li> <li>Additional commits viewable in <a href="https://github.com/reduxjs/redux/compare/v4.0.4...v4.0.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

2 comments

2 changed files

dependabot-preview[bot]

pr closed time in 11 days

pull request commentNickSchimek/recordexpungPDX

Bump redux from 4.0.4 to 4.0.5 in /src/frontend

Superseded by #77.

dependabot-preview[bot]

comment created time in 11 days

pull request commentNickSchimek/recordexpungPDX

Bump redux from 4.0.4 to 4.1.0 in /src/frontend

The following labels could not be found: frontend.

dependabot-preview[bot]

comment created time in 11 days

PR opened NickSchimek/recordexpungPDX

Bump redux from 4.0.4 to 4.1.0 in /src/frontend

Bumps redux from 4.0.4 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/reduxjs/redux/releases">redux's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <p>This release shrinks our bundle size via error message extraction, updates several error messages for clarity, and optimizes our list of runtime dependencies.</p> <p>Overall, version 4.1 shrinks from 2.6K min+gz to 1.6K min+gz thanks to these changes.</p> <p>Be sure to check out <a href="https://github.com/reduxjs/redux-toolkit/releases/tag/v1.6.0-alpha.1">the Redux Toolkit 1.6 alpha containing our new "RTK Query" data fetching APIs!</a> It also includes Redux 4.1 as a dependency.</p> <h2>Changelog</h2> <h3>Error Message Extraction and Improvements</h3> <p>We now extract all of our error messages from production builds in order to save on bundle size, using <a href="https://reactjs.org/blog/2016/07/11/introducing-reacts-error-code-system.html">a technique inspired from React's error code extraction</a>. The error messages will still show as normal in development, but in production they will reference a specific numeric error code and provide a link to a Redux docs page that has the full error message.</p> <p>An example of this is: <a href="https://redux.js.org/errors?code=5">https://redux.js.org/errors?code=5</a> , which shows the "can't subscribe while reducers are executing" error.</p> <p>The error code extraction saves about 800 bytes out of a production build.</p> <p>Thanks to <a href="https://github.com/andrewmcgivery"><code>@​andrewmcgivery</code></a> for doing all the hard work on implementing the error extraction!</p> <p>We've also updated many of our error messages to provide additional details at runtime about what happened, especially runtime type checks such as "actions must be plain objects". They now provide a more specific type for the unexpected value, such as indicating <code>promise</code> or <code>function</code>:</p> <pre lang="js"><code> expect(() => store.dispatch(() => {})).toThrow( /the actual type was: 'function'/ ) <pre><code>expect(() =&gt; store.dispatch(new Date())).toThrow( /the actual type was: 'date'/ ) </code></pre> <p></code></pre></p> <h3>Dependency Updates</h3> <p>We've updated the list of runtime dependencies for Redux:</p> <ul> <li>We inlined the <code>symbol-observable</code> polyfill. This shrinks bundle size by a few bytes,</li> <li>We've removed the legacy <code>loose-envify</code> dependency, which was only ever needed by Browserify users. If you still happen to be using Browserify, please review your build settings and see if you need to make any updates.</li> <li>We now explicitly depend on <code>@babel/runtime</code> to extract some additional helpers out of our bundle. It's likely that your app already is pulling in those helpers anyway, so that removes some potential duplication.</li> </ul> <h3>Typing Tweaks</h3> <p>We've merged fixes for a couple edge cases in the 4.x TS typings related to state types.</p> <h2>Changes</h2> <ul> <li>Remove symbol-observable and loose-envify deps (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/4058">#4058</a> - <a href="https://github.com/markerikson"><code>@​markerikson</code></a>)</li> <li>Port error extraction setup from master (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/4057">#4057</a> - <a href="https://github.com/markerikson"><code>@​markerikson</code></a>)</li> <li>Port build dependencies from master into 4.x (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/4056">#4056</a> - <a href="https://github.com/markerikson"><code>@​markerikson</code></a>)</li> <li>Rewrite Redux core error messages (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/4055">#4055</a> - <a href="https://github.com/markerikson"><code>@​markerikson</code></a>)</li> <li>feat: mangle error codes to error indexes (<a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/3920">#3920</a> - <a href="https://github.com/andrewmcgivery"><code>@​andrewmcgivery</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/reduxjs/redux/commit/97a7798e8379aec0d682ae99b49ef65062a56ecf"><code>97a7798</code></a> 4.1.0</li> <li><a href="https://github.com/reduxjs/redux/commit/32f368a2f16d93585703ea46067e2f52d7672d07"><code>32f368a</code></a> 4.1.0-alpha.0</li> <li><a href="https://github.com/reduxjs/redux/commit/9445d3ab3a57d5f38ad9cbb76f724b05aaf1f05d"><code>9445d3a</code></a> Ignore Docusaurus output</li> <li><a href="https://github.com/reduxjs/redux/commit/9a1d065ecfc8dd974e54e0c84a80fa6b0f1d6bd7"><code>9a1d065</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/4058">#4058</a> from reduxjs/feature/4x-remove-legacy-deps</li> <li><a href="https://github.com/reduxjs/redux/commit/d29cbfaf5711aaa773ec9d107c4d2578c6b2a59c"><code>d29cbfa</code></a> Include ESM .mjs file in size comparisons</li> <li><a href="https://github.com/reduxjs/redux/commit/fb5abcccc2e4c9b36d1459504ed0bd289ddbc930"><code>fb5abcc</code></a> Formatting</li> <li><a href="https://github.com/reduxjs/redux/commit/0d7d94d8181ff2e6482d8884360726bd098458ba"><code>0d7d94d</code></a> Inline the symbol-observable polyfill</li> <li><a href="https://github.com/reduxjs/redux/commit/b882d9afee944977fcc85afe22043bb8ce9f6696"><code>b882d9a</code></a> Remove symbol-observable and loose-envify deps</li> <li><a href="https://github.com/reduxjs/redux/commit/f3680b5bf9908e23c3e2760c35b9efab84b0194e"><code>f3680b5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/reduxjs/redux/issues/4057">#4057</a> from reduxjs/feature/4x-error-messages</li> <li><a href="https://github.com/reduxjs/redux/commit/3ce88ddbe72be0cbf101421b6837bb29518a880a"><code>3ce88dd</code></a> Formatting</li> <li>Additional commits viewable in <a href="https://github.com/reduxjs/redux/compare/v4.0.4...v4.1.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~acemarke">acemarke</a>, a new releaser for redux since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+20 -6

0 comment

2 changed files

pr created time in 11 days