profile
viewpoint

aloha/laravel-twilio 369

Laravel 4 & 5 Twillio API Integration

andyfleming/BrowserUpdateWarning 6

Browser Update Warning for MooTools

andyfleming/ALE 0

Another Looping Event - An Event Loop Architecture for C# similar to Node.JS

andyfleming/ansi_up 0

A javascript library that converts text with ANSI terminal codes into colorful HTML

andyfleming/arguing-robots 0

🤖 Watch and hear macOS robots argue live in your terminal 🤖

andyfleming/assistive-keyboarding-app 0

A simple interactive keyboard webpage to help a family member learn the Apple keyboard layout.

andyfleming/ava 0

🚀 JavaScript test runner

andyfleming/awilix 0

Extremely powerful Inversion of Control (IoC) container for Node.JS

andyfleming/babel.github.io 0

:globe_with_meridians: The Babel documentation website

andyfleming/big-list-of-naughty-strings 0

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

issue commentdenoland/deno

proposal: support a comprehensive meta-data file

While TOML is preferable for some people, I believe there's still a lot of javascript users that aren't familiar with the syntax.

I think JSON5 would be a great option. It's more flexible and robust than JSON while still remaining intuitive for javascript users.

kitsonk

comment created time in 3 days

startedbnoordhuis/node-heapdump

started time in 2 months

startedlukejacksonn/perflink

started time in 2 months

startednodegui/react-nodegui

started time in 2 months

PR opened godaddy/javascript

fixes naming mismatch
+0 -0

0 comment

2 changed files

pr created time in 2 months

create barnchandyfleming/javascript

branch : fix-eslint-typescript-bin

created branch time in 2 months

push eventandyfleming/javascript

Fabio M. Costa

commit sha 21493ee50b7ad4c0e04031a89b5dd1b92e137d9f

[proposal] Making most peerDependencies -> dependencies (#88) Remove most peerDependencies and change to dependencies

view details

Andy Fleming

commit sha 48f0652c44ad2c8d6744812aad0e7023f4a68817

Add TypeScript flavor packages for ESLint (#89) Add TypeScript lint packages

view details

push time in 2 months

push eventandyfleming/javascript

Andy Fleming

commit sha 48f0652c44ad2c8d6744812aad0e7023f4a68817

Add TypeScript flavor packages for ESLint (#89) Add TypeScript lint packages

view details

Andy Fleming

commit sha 0113ab0a3e1b612974910f726bc8aaf9cfbb8073

Merge branch 'master' of https://github.com/godaddy/javascript into eslint-typescript

view details

push time in 2 months

push eventandyfleming/javascript

Andy Fleming

commit sha 53f02c627823002fea413691620ff3a197589820

fixes mismatch in name

view details

push time in 2 months

fork andyfleming/ava

🚀 JavaScript test runner

fork in 2 months

PR opened andyfleming/interval-promise

Version 2

Work-in-progress

This PR and its description are a placeholder.

Related Issues

+8 -1

0 comment

2 changed files

pr created time in 2 months

create barnchandyfleming/interval-promise

branch : v2

created branch time in 2 months

issue closedandyfleming/interval-promise

Add interval timeout

A built-in option to stop the current async function execution and try again after a period of time would be useful in applications where the function or promise could hang for a long time or even indefinitely. With a timeout option, the application would be able to stop the execution of the function after a specified number of milliseconds and try the function again or throw a timeout error.

closed time in 2 months

zeladada

issue commentandyfleming/interval-promise

Add interval timeout

I'm not sure if this makes sense to be a feature of this library directly. It might be a better practice to use something like p-timeout (on top of interval-promise) to achieve this.

I'm going to close this for now. If there is significant interest in including this feature directly in the library we can reopen this issue.

zeladada

comment created time in 2 months

startedsindresorhus/promise-fun

started time in 2 months

issue closedandyfleming/interval-promise

Interval Stops when API throw Error

I am getting the rate from the API and if the side is giving the Error then the Interval stops. It should work. this function is defined in the system core file.

function xmlApiHandler(obj) {
	let xmlObject = xmlBuilder(obj);
	return request({
		               url    : process.env.URL,
		               method : "POST",
		               headers: { "Content-Type": "application/xml" },
		               body   : xmlObject
	               })
		.then(function (result) {			
			return xmlParser(result);
		})
		.catch(function (err) {			
			throw err;
		});
}

API can In this function in the reciever file

async function rateUpdate(currency) {	
	try {
		let rateStatus = await systemCore.xmlApiHandler(currency);
	} catch (e) {		
		await systemCore.catchErrorRequest({"file":"receiver", "State":"Getting inside the Rate interval", "error" : e.error, "error_stack" : e.stack, "status" : e.statusCode}); // its going here
	}	
};

Now We are using in the interval file

const interval        = require('interval-promise');
rateUpdateInterval   = 30000;
interval(async function () {
        await recieverJobs.rateUpdate();
    }, rateUpdateInterval);

Once the Server will give any error interval polling stops.

Can you please let me know how to resolve this?

closed time in 2 months

puneet0911

issue commentandyfleming/interval-promise

Interval Stops when API throw Error

Closing this. Please re-open (or open a new issue) if there's a bug or feature request.

puneet0911

comment created time in 2 months

release andyfleming/interval-promise

1.4.0

released time in 2 months

push eventandyfleming/interval-promise

Andy Fleming

commit sha f9fa9d7d4ede56b747047623c2131233935995d9

bumps version to 1.4.0

view details

push time in 2 months

created tagandyfleming/interval-promise

tag1.4.0

setInterval with setTimeout semantics for promises and async/await

created time in 2 months

issue commentandyfleming/interval-promise

Rewrite to Typescript

Hey @hasezoey! I’m working on some cleanup work and getting a maintenance update out so I can get back into v2. Hopefully soon!

hasezoey

comment created time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump mixin-deep from 1.3.1 to 1.3.2 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps mixin-deep from 1.3.1 to 1.3.2. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>High severity vulnerability that affects mixin-deep</strong> mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.</p> <p>Affected versions: < 1.3.2</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9"><code>754f0c2</code></a> 1.3.2</li> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50"><code>90ee1fa</code></a> ensure keys are valid when mixing in values</li> <li>See full diff in <a href="https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~doowb">doowb</a>, a new releaser for mixin-deep since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+38 -19

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump handlebars from 4.0.11 to 4.7.2 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps handlebars from 4.0.11 to 4.7.2. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-w457-6q6x-cgp9">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>High severity vulnerability that affects handlebars</strong> Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's <strong>proto</strong> and <strong>defineGetter</strong> properties, which may allow an attacker to execute arbitrary code through crafted payloads.</p> <p>Affected versions: < 4.3.0</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wycats/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.2 - January 13th, 2020</h2> <p>Bugfixes:</p> <ul> <li>fix: don't wrap helpers that are not functions - 9d5aa36, <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1639">#1639</a></li> </ul> <p>Chore/Build:</p> <ul> <li>chore: execute saucelabs-task only if access-key exists - a4fd391</li> </ul> <p>Compatibility notes:</p> <ul> <li>No breaking changes are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.1...v4.7.2">Commits</a></p> <h2>v4.7.1 - January 12th, 2020</h2> <p>Bugfixes:</p> <ul> <li>fix: fix log output in case of illegal property access - f152dfc</li> <li>fix: log error for illegal property access only once per property - 3c1e252</li> </ul> <p>Compatibility notes:</p> <ul> <li>no incompatibilities are to be expected.</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.0...v4.7.1">Commits</a></p> <h2>v4.7.0 - January 10th, 2020</h2> <p>Features:</p> <ul> <li>feat: default options for controlling proto access - 7af1c12, <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1635">#1635</a> <ul> <li>This makes it possible to disable the prototype access restrictions added in 4.6.0</li> <li>an error is logged in the console, if access to prototype properties is attempted and denied and no explicit configuration has taken place.</li> </ul> </li> </ul> <p>Compatibility notes:</p> <ul> <li>no compatibilities are expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.6.0...v4.7.0">Commits</a></p> <h2>v4.6.0 - January 8th, 2020</h2> <p>Features:</p> <ul> <li>feat: access control to prototype properties via whitelist (<a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633">#1633</a>)- d03b6ec</li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wycats/handlebars.js/commit/586e672c8bba7db787bc9bfe9a9fde4ec98d5b4f"><code>586e672</code></a> v4.7.2</li> <li><a href="https://github.com/wycats/handlebars.js/commit/f0c6c4cc1f9a91371535ad6affe09dfc1880dd9e"><code>f0c6c4c</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/a4fd391ba1c9faa1004e879f314beb80c3afe0b6"><code>a4fd391</code></a> chore: execute saucelabs-task only if access-key exists</li> <li><a href="https://github.com/wycats/handlebars.js/commit/9d5aa363cf3031b586e9945cf990e178f5b370db"><code>9d5aa36</code></a> fix: don't wrap helpers that are not functions</li> <li><a href="https://github.com/wycats/handlebars.js/commit/14ba3d0c43d75bcfcdbfb7c95c9fac99d88a17c8"><code>14ba3d0</code></a> v4.7.1</li> <li><a href="https://github.com/wycats/handlebars.js/commit/4cddfe7017c28235ccad98f3434deb3725258da8"><code>4cddfe7</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/f152dfc89204e8c117605d602dac4fdc174ddcd9"><code>f152dfc</code></a> fix: fix log output in case of illegal property access</li> <li><a href="https://github.com/wycats/handlebars.js/commit/3c1e2521694583bc1d8bade1ed5b162f5bfb065a"><code>3c1e252</code></a> fix: log error for illegal property access only once per property</li> <li><a href="https://github.com/wycats/handlebars.js/commit/0d5c807017f8ba6c6d947f9d6852033c8faa2e49"><code>0d5c807</code></a> v4.7.0</li> <li><a href="https://github.com/wycats/handlebars.js/commit/1f0834b1a2937150923f9de849b9612bd1969d11"><code>1f0834b</code></a> Update release notes</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.0.11...v4.7.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+79 -52

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump lodash.merge from 4.6.1 to 4.6.2 dependencies security

Bumps lodash.merge from 4.6.1 to 4.6.2. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>High severity vulnerability that affects lodash, lodash-es, lodash-amd, lodash.template, lodash.merge, lodash.mergewith, and lodash.defaultsdeep</strong> Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.</p> <p>Affected versions: < 4.6.2</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/lodash/lodash/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -3

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump tough-cookie from 2.3.2 to 2.3.4 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps tough-cookie from 2.3.2 to 2.3.4. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>High severity vulnerability that affects tough-cookie</strong> A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.</p> <p>Affected versions: < 2.3.3</p> </blockquote> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>High severity vulnerability that affects tough-cookie</strong> A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.</p> <p>Affected versions: <2.3.3</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/salesforce/tough-cookie/commit/e4dfb0aec5d25e9e982805417a5d936071badc17"><code>e4dfb0a</code></a> 2.3.4</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/7d66ffde12af5cbad40c3642f3c339fa82e6e381"><code>7d66ffd</code></a> Update public suffix list</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/7564c0637e6674d8847a1b84979536930eb9b170"><code>7564c06</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/100">#100</a> from salesforce/no-re-parser</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/751da6dadfeddb916b7dc5f524715afd4b02969c"><code>751da6d</code></a> Document removal of 256 space limit</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/8452ccdf02853fb011a5f654f206a698a659889a"><code>8452ccd</code></a> Convert date-time parser from regexp, expand tests</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/8614dbf439d3eee71a32ff4a5ae9fad7a562d7c2"><code>8614dbf</code></a> More String#repeat polyfill</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/2a4775c28f88c794b9ca05533b5537b7be6d7395"><code>2a4775c</code></a> Avoid unbounded Regexp parts in date parsing</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/c9bd79dd358ec8bb7ea82bea328b2449168736fc"><code>c9bd79d</code></a> Parse cookie-pair part without regexp</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/12d426678f77bd34dd1234b7acbf47b299f50439"><code>12d4266</code></a> 2.3.3</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/98e0916d7b017669c93855d831c6e0b19c14141e"><code>98e0916</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/97">#97</a> from salesforce/spaces-ReDoS</li> <li>Additional commits viewable in <a href="https://github.com/salesforce/tough-cookie/compare/v2.3.2...v2.3.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+1 -12

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump tar from 2.2.1 to 2.2.2 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps tar from 2.2.1 to 2.2.2. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>High severity vulnerability that affects tar</strong> A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.</p> <p>Affected versions: < 2.2.2</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-tar/commit/523c5c7fef48b10811fccd12b42803c61b6aead8"><code>523c5c7</code></a> 2.2.2</li> <li><a href="https://github.com/npm/node-tar/commit/7ecef07da6a9e72cc0c4d0c9c6a8e85b6b52395d"><code>7ecef07</code></a> Bump fstream to fix hardlink overwriting vulnerability</li> <li><a href="https://github.com/npm/node-tar/commit/9fc84b9c596c3589d4c1ab050843de0eafb002e8"><code>9fc84b9</code></a> Use {} for hardlink tracking instead of []</li> <li><a href="https://github.com/npm/node-tar/commit/15e59f1d671ffbe4ae7c74dafcbec93ea2584e34"><code>15e59f1</code></a> Only track previously seen hardlinks</li> <li><a href="https://github.com/npm/node-tar/commit/4f8585178af78f8f64c5ca38e923c306613278b9"><code>4f85851</code></a> Ignore potentially unsafe files</li> <li>See full diff in <a href="https://github.com/npm/node-tar/compare/v2.2.1...v2.2.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+35 -14

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump stringstream from 0.0.5 to 0.0.6 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps stringstream from 0.0.5 to 0.0.6. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/422.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Out-of-bounds Read</strong> <code>stringstream</code> allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below</p> <p>Affected versions: <=0.0.5</p> </blockquote> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/422.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Out-of-bounds Read</strong> <code>stringstream</code> allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below</p> <p>Affected versions: <=0.0.5</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mhart/StringStream/commit/fee31c5c4a5efc7c7cc2fde4aee633dedefd6d67"><code>fee31c5</code></a> 0.0.6</li> <li><a href="https://github.com/mhart/StringStream/commit/2f4a9d496f94b0880e01a26857aa266a5a3ef274"><code>2f4a9d4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/mhart/StringStream/issues/9">#9</a> from mhart/fix-buffer-constructor-vuln</li> <li><a href="https://github.com/mhart/StringStream/commit/afbc7442220358419e330618e47f3a65fc265b1b"><code>afbc744</code></a> Ensure data is not a number in Buffer constructor</li> <li>See full diff in <a href="https://github.com/mhart/StringStream/compare/v0.0.5...v0.0.6">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -9

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump sshpk from 1.13.0 to 1.16.1 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps sshpk from 1.13.0 to 1.16.1. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>Moderate severity vulnerability that affects sshpk</strong> The sshpk NPM package is vulnerable to ReDoS when parsing crafted invalid public keys.</p> <p>Affected versions: < 1.13.2</p> </blockquote> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/401.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Denial of Service</strong> <code>sshpk</code> is vulnerable to ReDoS when parsing crafted invalid public keys</p> <p>Affected versions: <=1.13.1</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/joyent/node-sshpk/releases">sshpk's releases</a>.</em></p> <blockquote> <h2>v1.16.1</h2> <ul> <li>Fixes for <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/60">#60</a> (correctly encoding certificates with expiry dates >=2050), <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/62">#62</a> (accepting PKCS#8 EC private keys with missing public key parts)</li> </ul> <h2>v1.16.0</h2> <ul> <li>Add support for SPKI fingerprints, PuTTY PPK format (public-key only for now), PKCS#8 PBKDF2 encrypted private keys</li> <li>Fix for <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/48">#48</a></li> </ul> <h2>v1.15.2</h2> <ul> <li>New API for accessing x509 extensions in certificates</li> <li>Fixes for <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/52">#52</a>, <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/50">#50</a></li> </ul> <h2>v1.14.1</h2> <ul> <li>Remove all remaining usage of jodid25519 (abandoned dep)</li> <li>Add support for DNSSEC key format</li> <li>Add support for Ed25519 keys in PEM format (according to draft-curdle-pkix)</li> <li>Fixes for X.509 encoding issues (asn.1 NULLs in RSA certs, cert string type mangling)</li> <li>Performance issues parsing long SSH public keys</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/joyent/node-sshpk/commit/1aece0d1df155e60e4cb0ae42cb3ed7aa043e174"><code>1aece0d</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/60">joyent/node-sshpk#60</a> certs should generate GeneralizedTime values for dates >...</li> <li><a href="https://github.com/joyent/node-sshpk/commit/684dbe66d9615378bdb4d1ac1ede9f901591cb86"><code>684dbe6</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/62">joyent/node-sshpk#62</a> handle pkcs8 ECDSA keys with missing public parts</li> <li><a href="https://github.com/joyent/node-sshpk/commit/574ff21e77117b478baf4664856bfc4b0aa41a12"><code>574ff21</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/18">joyent/node-sshpk#18</a> support for PKCS8 encrypted private keys</li> <li><a href="https://github.com/joyent/node-sshpk/commit/f647cf22c3258ef514d2ba098a4a6aad3492f425"><code>f647cf2</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/27">joyent/node-sshpk#27</a> Add support for PuTTY PPK format</li> <li><a href="https://github.com/joyent/node-sshpk/commit/44aec4ad8bcf7324009c92a52e4c81487cbc24b9"><code>44aec4a</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/59">joyent/node-sshpk#59</a> want support for SPKI fingerprint format</li> <li><a href="https://github.com/joyent/node-sshpk/commit/385ff11efc4edd201c07f2ceee23746c13122f9c"><code>385ff11</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/48">joyent/node-sshpk#48</a> wish: add support for x509 certificates in text form</li> <li><a href="https://github.com/joyent/node-sshpk/commit/c7a6c6833370f69322c47e73e9f4cfdedaf4e8f4"><code>c7a6c68</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/58">joyent/node-sshpk#58</a> des-ede3-cbc encrypted keys broken</li> <li><a href="https://github.com/joyent/node-sshpk/commit/2ab4f2a018766559252f2c3426a3735f0860ac0d"><code>2ab4f2a</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/56">joyent/node-sshpk#56</a> md5 fingerprints not quite right</li> <li><a href="https://github.com/joyent/node-sshpk/commit/026ef4764a55648dd15f45f7f14ff9da5d1fe2ad"><code>026ef47</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/53">joyent/node-sshpk#53</a> stop using optional deps to fix webpack</li> <li><a href="https://github.com/joyent/node-sshpk/commit/53e23feff41226826b45293bc4a9fc45f2e44afe"><code>53e23fe</code></a> <a href="https://github-redirect.dependabot.com/joyent/node-sshpk/issues/50">joyent/node-sshpk#50</a> Support PKCS#5 AES-256-CBC encrypted private keys</li> <li>Additional commits viewable in <a href="https://github.com/joyent/node-sshpk/compare/v1.13.0...v1.16.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+7 -51

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

Bump ava from 0.25.0 to 2.4.0 dependencies

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps ava from 0.25.0 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/avajs/ava/releases">ava's releases</a>.</em></p> <blockquote> <h2>2.4.0</h2> <h2>Experimental <code>t.try()</code> assertions</h2> <p>Thanks to the amazing work and patience of <a href="https://github.com/qlonik">@qlonik</a> we're shipping a new assertion! <code>t.try()</code> lets you perform assertions and decide whether to commit or discard their outcome. All kinds of interesting things can be built on top of this, from fuzzy testers to new test interfaces and more.</p> <p>We're excited to get this out there, but it's not quite done yet. For now you have to <a href="https://github.com/avajs/ava/blob/master/docs/06-configuration.md#experiments"><em>opt in</em></a> to this new feature. Being opt-in, we may make changes (breaking ones even!) until we feel this is stable.</p> <p>To opt in, configure AVA with the following:</p> <p><code>package.json</code>:</p> <pre lang="json"><code>{ "ava": { "nonSemVerExperiments": { "tryAssertion": true } } } </code></pre> <p><code>ava.config.js</code>:</p> <pre lang="js"><code>export default { nonSemVerExperiments: { tryAssertion: true } }; </code></pre> <p>We'd love to hear your feedback. Please join us in this issue: <a href="https://github-redirect.dependabot.com/avajs/ava/issues/2250">avajs/ava#2250</a></p> <p>Also, if you're looking to help out with the remaining issues so that we can ship this <em>without</em> the opt-in, have a look at this project: <a href="https://github.com/orgs/avajs/projects/1">https://github.com/orgs/avajs/projects/1</a></p> <p>Thanks again <a href="https://github.com/qlonik">@qlonik</a>!</p> <h2>Other changes</h2> <ul> <li>We've added the <a href="https://github.com/avajs/ava/blob/master/docs/08-common-pitfalls.md">common pitfall</a> of sharing variables across asynchronous tests 49b202fb5c376e71c1400f6c35043280cf417140</li> <li>We've updated the <a href="https://github.com/avajs/ava/blob/master/docs/recipes/endpoint-testing.md">endpoint testing recipe</a> to focus on the concept, not specific libraries 67e4deac2857503e5fac7d38da2d23014eb29724</li> </ul> <h2>All changes</h2> <p><a href="https://github.com/avajs/ava/compare/v2.3.0...v2.4.0"><code>v2.3.0...v2.4.0</code></a></p> <h2>Thanks</h2> <p>Thank you <a href="https://github.com/jeremenichelli">@jeremenichelli</a>, <a href="https://github.com/jamesgeorge007">@jamesgeorge007</a>, <a href="https://github.com/dongjae93">@dongjae93</a>, <a href="https://github.com/qlonik">@qlonik</a> and <a href="https://github.com/tryzniak">@tryzniak</a>. We couldn't have done this without you!</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/avajs/ava/commit/05f077e805bd1b3d58aa1e539d7e1e6a3f5c7042"><code>05f077e</code></a> 2.4.0</li> <li><a href="https://github.com/avajs/ava/commit/ca4eff74ae715ced49310ce7b40514df9a28eec2"><code>ca4eff7</code></a> Bump dependencies</li> <li><a href="https://github.com/avajs/ava/commit/67e4deac2857503e5fac7d38da2d23014eb29724"><code>67e4dea</code></a> Update endpoint testing recipe to focus on the concept, not libraries</li> <li><a href="https://github.com/avajs/ava/commit/4fdb02dd66b56f0204e09a7970416d5075f49a3f"><code>4fdb02d</code></a> Implement experimental t.try() assertion</li> <li><a href="https://github.com/avajs/ava/commit/782c2d874e466de26b797b1e0972a552a8894eda"><code>782c2d8</code></a> Run some tests on Travis still</li> <li><a href="https://github.com/avajs/ava/commit/4c890d9ae260b03d3240db7fed5367d238b6ca8f"><code>4c890d9</code></a> Add OpenCollective link to README</li> <li><a href="https://github.com/avajs/ava/commit/03c15093772b413ac343cb1c3940338b6dfc4b20"><code>03c1509</code></a> Groundwork to support experimental features</li> <li><a href="https://github.com/avajs/ava/commit/0a5c933b36092ab0f527649cfb83bd97c2bfb2b8"><code>0a5c933</code></a> Remove unnecessary flag from tap invocation</li> <li><a href="https://github.com/avajs/ava/commit/e598c30cd19ea27dccaf2d90c8d5a13a59653a57"><code>e598c30</code></a> Detect whether error source is on a different drive (on Windows)</li> <li><a href="https://github.com/avajs/ava/commit/fb0c536052ade674c58f74c3f54ec6e312ee6478"><code>fb0c536</code></a> Fix serialize-error tests on Windows with GitHub Actions</li> <li>Additional commits viewable in <a href="https://github.com/avajs/ava/compare/v0.25.0...v2.4.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+2574 -2965

1 comment

2 changed files

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump fstream from 1.0.11 to 1.0.12 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps fstream from 1.0.11 to 1.0.12. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>Moderate severity vulnerability that affects fstream</strong> Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.</p> <p>Affected versions: < 1.0.12</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/fstream/commit/42354590e23bb514eb5c869eea64406be2947c6c"><code>4235459</code></a> 1.0.12</li> <li><a href="https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22"><code>6a77d2f</code></a> Clobber a Link if it's in the way of a File</li> <li>See full diff in <a href="https://github.com/npm/fstream/compare/v1.0.11...v1.0.12">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+14 -15

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

Bump eslint from 4.19.1 to 6.8.0 dependencies

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps eslint from 4.19.1 to 6.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/eslint/eslint/releases">eslint's releases</a>.</em></p> <blockquote> <h2>v6.8.0</h2> <ul> <li><a href="https://github.com/eslint/eslint/commit/c5c708666b450fb69522a55aa375626f9297dc6f"><code>c5c7086</code></a> Fix: ignore aligning single line in key-spacing (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11414">#11414</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12652">#12652</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/9986d9e0baed0d3586bbee472fe2fae2ed625f5d"><code>9986d9e</code></a> Chore: add object option test cases in yield-star-spacing (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12679">#12679</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/1713d0758b083f3840d724505f997a7cb20ff384"><code>1713d07</code></a> New: Add no-error-on-unmatched-pattern flag (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/10587">#10587</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12377">#12377</a>) (ncraley)</li> <li><a href="https://github.com/eslint/eslint/commit/5c25a26608fbd9a1d0127c9a3653609aa4b63e86"><code>5c25a26</code></a> Update: autofix bug in lines-between-class-members (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12391">#12391</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12632">#12632</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/4b3cc5cd2459f04eae149faea0651785d7f9db0b"><code>4b3cc5c</code></a> Chore: enable prefer-regex-literals in eslint codebase (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12268">#12268</a>) (薛定谔的猫)</li> <li><a href="https://github.com/eslint/eslint/commit/05faebb943456ad2b20117f3c8b3eccbe2e2fb03"><code>05faebb</code></a> Update: improve suggestion testing experience (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12602">#12602</a>) (Brad Zacher)</li> <li><a href="https://github.com/eslint/eslint/commit/05f7dd53ed91a6e3be9eb40825fb6d2207f82209"><code>05f7dd5</code></a> Update: Add suggestions for no-unsafe-negation (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12591">#12591</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12609">#12609</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/d3e43f1c10c5e19f40e7b3d3944b87f1b0c9c075"><code>d3e43f1</code></a> Docs: Update no-multi-assign explanation (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12615">#12615</a>) (Yuping Zuo)</li> <li><a href="https://github.com/eslint/eslint/commit/272e4db6074283bc01cc6ec72c9e396bb3c110e6"><code>272e4db</code></a> Fix: no-multiple-empty-lines: Adjust reported <code>loc</code> (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12594">#12594</a>) (Tobias Bieniek)</li> <li><a href="https://github.com/eslint/eslint/commit/a258039e556075d7d1f955a79d094ea103ec165a"><code>a258039</code></a> Fix: no-restricted-imports schema allows multiple paths/patterns objects (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12639">#12639</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/51f9620cc55cc091fe38dbe68e4633de06297b8c"><code>51f9620</code></a> Fix: improve report location for array-bracket-spacing (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12653">#12653</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/45364afc9c7f0251348cd1a7a13656c3816435d7"><code>45364af</code></a> Fix: prefer-numeric-literals doesn't check types of literal arguments (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12655">#12655</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/e3c570eaf3d1d44fb57bf42f1870887856e4c5a0"><code>e3c570e</code></a> Docs: Add example for expression option (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12694">#12694</a>) (Arnaud Barré)</li> <li><a href="https://github.com/eslint/eslint/commit/6b774ef0d849ccf5c1127b25e1fe7c3e438d586b"><code>6b774ef</code></a> Docs: Add spacing in comments for no-console rule (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12696">#12696</a>) (Nikki Nikkhoui)</li> <li><a href="https://github.com/eslint/eslint/commit/7171fca6ef4e0e8f267658fc7d8f603f00eddd84"><code>7171fca</code></a> Chore: refactor regex in config comment parser (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12662">#12662</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/1600648d2880ffb1e9e414b31ff0f66ead7167f9"><code>1600648</code></a> Update: Allow $schema in config (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12612">#12612</a>) (Yordis Prieto)</li> <li><a href="https://github.com/eslint/eslint/commit/acc0e47572a9390292b4e313b4a4bf360d236358"><code>acc0e47</code></a> Update: support .eslintrc.cjs (refs <a href="https://github-redirect.dependabot.com/eslint/rfcs/issues/43">eslint/rfcs#43</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12321">#12321</a>) (Evan Plaice)</li> <li><a href="https://github.com/eslint/eslint/commit/49c1658544ace24b9aaaa301af0fc07a2ef3bf30"><code>49c1658</code></a> Chore: remove bundling of ESLint during release (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12676">#12676</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/257f3d67905a52bf8602a5a5707c893cc90d7ca7"><code>257f3d6</code></a> Chore: complete to move to GitHub Actions (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12625">#12625</a>) (Toru Nagashima)</li> <li><a href="https://github.com/eslint/eslint/commit/ab912f0ef709a916ab9a27ea09d9d7adf046fb2d"><code>ab912f0</code></a> Docs: 1tbs with allowSingleLine edge cases (refs <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12284">#12284</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12314">#12314</a>) (Ari Kardasis)</li> <li><a href="https://github.com/eslint/eslint/commit/dd1c30e35f05ed332e2abbd3d4d53635efde74b8"><code>dd1c30e</code></a> Sponsors: Sync README with website (ESLint Jenkins)</li> <li><a href="https://github.com/eslint/eslint/commit/a230f8404e4f2423dd79378b065d24c12776775b"><code>a230f84</code></a> Update: include node version in cache (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12582">#12582</a>) (Eric Wang)</li> <li><a href="https://github.com/eslint/eslint/commit/8b65f175dfb4fac11ed7184537be400ed14996fb"><code>8b65f17</code></a> Chore: remove references to parser demo (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12644">#12644</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/e9cef99e6ebec1faefdb576ca597e81ae4f04afd"><code>e9cef99</code></a> Docs: wrap {{}} in raw liquid tags to prevent interpolation (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12643">#12643</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/e70745325ff9e085acc6843dd8bfae5550645d4f"><code>e707453</code></a> Docs: Fix configuration example in no-restricted-imports (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11717">#11717</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12638">#12638</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/19194cec724e016df02376bbeae31171be6f0bdf"><code>19194ce</code></a> Chore: Add tests to cover default object options in comma-dangle (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12627">#12627</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/6e36d12d95e76022172fd0ec8a5e85c22fde6a8a"><code>6e36d12</code></a> Update: do not recommend require-atomic-updates (refs <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11899">#11899</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12599">#12599</a>) (Kai Cataldo)</li> </ul> <h2>v6.7.2</h2> <ul> <li><a href="https://github.com/eslint/eslint/commit/bc435a93afd6ba4def1b53993ef7cf8220f3f070"><code>bc435a9</code></a> Fix: isSpaceBetweenTokens() recognizes spaces in JSXText (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12614">#12614</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12616">#12616</a>) (Toru Nagashima)</li> <li><a href="https://github.com/eslint/eslint/commit/4928d513b4fe716c7ed958c294a10ef8517be25e"><code>4928d51</code></a> Fix: don't ignore the entry directory (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12604">#12604</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12607">#12607</a>) (Toru Nagashima)</li> <li><a href="https://github.com/eslint/eslint/commit/b41677ae2a143790b19b0e70391a46ec6c8f5de1"><code>b41677a</code></a> Docs: Clarify suggestion's data in Working with Rules (refs <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12606">#12606</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12617">#12617</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/ea16de4e7c6f661398b0b7843f95e5f307c89551"><code>ea16de4</code></a> Fix: Support tagged template literal generics in no-unexpected-multiline (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11698">#11698</a>) (Brad Zacher)</li> <li><a href="https://github.com/eslint/eslint/commit/fa6415d5b877370374a6a530a5190ab5a411b4dc"><code>fa6415d</code></a> Sponsors: Sync README with website (ESLint Jenkins)</li> <li><a href="https://github.com/eslint/eslint/commit/e1e158b4d7bd61e812723b378d2c391295da43a5"><code>e1e158b</code></a> Sponsors: Sync README with website (ESLint Jenkins)</li> </ul> <h2>v6.7.1</h2> <ul> <li><a href="https://github.com/eslint/eslint/commit/dd1e9f4df2103c43509a54b0ad5f9106557997f9"><code>dd1e9f4</code></a> Fix: revert changes to key-spacing due to regression (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12598">#12598</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/c644b5429e5bc8a050afd70c99ec82035eb611fa"><code>c644b54</code></a> Docs: Update README team and sponsors (ESLint Jenkins)</li> </ul> <h2>v6.7.0</h2> <ul> <li><a href="https://github.com/eslint/eslint/commit/312a88f2230082d898b7d8d82f8af63cb352e55a"><code>312a88f</code></a> New: Add grouped-accessor-pairs rule (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12277">#12277</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12331">#12331</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/5c68f5feeb4a6c0cb53ff76b2fd255b5bfa69c93"><code>5c68f5f</code></a> Update: Add 'lexicalBindings' to no-implicit-globals and change messages (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11996">#11996</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/6eaad964ff159d0a38de96c1104782ffe6858c78"><code>6eaad96</code></a> New: Add suggestions API (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12384">#12384</a>) (Will Douglas)</li> <li><a href="https://github.com/eslint/eslint/commit/b336fbedecd85731611fdc2dfd8edb635a8b1c39"><code>b336fbe</code></a> Fix: indent rule with JSX spread props (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12581">#12581</a>) (Nathan Woltman)</li> <li><a href="https://github.com/eslint/eslint/commit/97c745dc277febbea82552a4d9186e3df847f860"><code>97c745d</code></a> Update: Report assignment expression location in no-cond-assign (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12465">#12465</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/0f01f3d0807c580631c2fdcff29192a64a870637"><code>0f01f3d</code></a> Update: Check member expressions with <code>this</code> in operator-assignment (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12495">#12495</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/62c7038a493d89e4a7b14ac673a063d09d04057b"><code>62c7038</code></a> Fix: invalid token checking in computed-property-spacing (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12198">#12198</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12533">#12533</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/4f8a1ee1c26ccb5882e5e83ea7eab2f406c7476b"><code>4f8a1ee</code></a> Update: Add enforceForClassMembers option to no-useless-computed-key (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12110">#12110</a>) (ark120202)</li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/eslint/eslint/blob/master/CHANGELOG.md">eslint's changelog</a>.</em></p> <blockquote> <p>v6.8.0 - December 20, 2019</p> <ul> <li><a href="https://github.com/eslint/eslint/commit/c5c708666b450fb69522a55aa375626f9297dc6f"><code>c5c7086</code></a> Fix: ignore aligning single line in key-spacing (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11414">#11414</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12652">#12652</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/9986d9e0baed0d3586bbee472fe2fae2ed625f5d"><code>9986d9e</code></a> Chore: add object option test cases in yield-star-spacing (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12679">#12679</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/1713d0758b083f3840d724505f997a7cb20ff384"><code>1713d07</code></a> New: Add no-error-on-unmatched-pattern flag (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/10587">#10587</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12377">#12377</a>) (ncraley)</li> <li><a href="https://github.com/eslint/eslint/commit/5c25a26608fbd9a1d0127c9a3653609aa4b63e86"><code>5c25a26</code></a> Update: autofix bug in lines-between-class-members (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12391">#12391</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12632">#12632</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/4b3cc5cd2459f04eae149faea0651785d7f9db0b"><code>4b3cc5c</code></a> Chore: enable prefer-regex-literals in eslint codebase (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12268">#12268</a>) (薛定谔的猫)</li> <li><a href="https://github.com/eslint/eslint/commit/05faebb943456ad2b20117f3c8b3eccbe2e2fb03"><code>05faebb</code></a> Update: improve suggestion testing experience (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12602">#12602</a>) (Brad Zacher)</li> <li><a href="https://github.com/eslint/eslint/commit/05f7dd53ed91a6e3be9eb40825fb6d2207f82209"><code>05f7dd5</code></a> Update: Add suggestions for no-unsafe-negation (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12591">#12591</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12609">#12609</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/d3e43f1c10c5e19f40e7b3d3944b87f1b0c9c075"><code>d3e43f1</code></a> Docs: Update no-multi-assign explanation (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12615">#12615</a>) (Yuping Zuo)</li> <li><a href="https://github.com/eslint/eslint/commit/272e4db6074283bc01cc6ec72c9e396bb3c110e6"><code>272e4db</code></a> Fix: no-multiple-empty-lines: Adjust reported <code>loc</code> (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12594">#12594</a>) (Tobias Bieniek)</li> <li><a href="https://github.com/eslint/eslint/commit/a258039e556075d7d1f955a79d094ea103ec165a"><code>a258039</code></a> Fix: no-restricted-imports schema allows multiple paths/patterns objects (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12639">#12639</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/51f9620cc55cc091fe38dbe68e4633de06297b8c"><code>51f9620</code></a> Fix: improve report location for array-bracket-spacing (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12653">#12653</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/45364afc9c7f0251348cd1a7a13656c3816435d7"><code>45364af</code></a> Fix: prefer-numeric-literals doesn't check types of literal arguments (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12655">#12655</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/e3c570eaf3d1d44fb57bf42f1870887856e4c5a0"><code>e3c570e</code></a> Docs: Add example for expression option (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12694">#12694</a>) (Arnaud Barré)</li> <li><a href="https://github.com/eslint/eslint/commit/6b774ef0d849ccf5c1127b25e1fe7c3e438d586b"><code>6b774ef</code></a> Docs: Add spacing in comments for no-console rule (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12696">#12696</a>) (Nikki Nikkhoui)</li> <li><a href="https://github.com/eslint/eslint/commit/7171fca6ef4e0e8f267658fc7d8f603f00eddd84"><code>7171fca</code></a> Chore: refactor regex in config comment parser (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12662">#12662</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/1600648d2880ffb1e9e414b31ff0f66ead7167f9"><code>1600648</code></a> Update: Allow $schema in config (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12612">#12612</a>) (Yordis Prieto)</li> <li><a href="https://github.com/eslint/eslint/commit/acc0e47572a9390292b4e313b4a4bf360d236358"><code>acc0e47</code></a> Update: support .eslintrc.cjs (refs <a href="https://github-redirect.dependabot.com/eslint/rfcs/issues/43">eslint/rfcs#43</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12321">#12321</a>) (Evan Plaice)</li> <li><a href="https://github.com/eslint/eslint/commit/49c1658544ace24b9aaaa301af0fc07a2ef3bf30"><code>49c1658</code></a> Chore: remove bundling of ESLint during release (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12676">#12676</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/257f3d67905a52bf8602a5a5707c893cc90d7ca7"><code>257f3d6</code></a> Chore: complete to move to GitHub Actions (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12625">#12625</a>) (Toru Nagashima)</li> <li><a href="https://github.com/eslint/eslint/commit/ab912f0ef709a916ab9a27ea09d9d7adf046fb2d"><code>ab912f0</code></a> Docs: 1tbs with allowSingleLine edge cases (refs <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12284">#12284</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12314">#12314</a>) (Ari Kardasis)</li> <li><a href="https://github.com/eslint/eslint/commit/dd1c30e35f05ed332e2abbd3d4d53635efde74b8"><code>dd1c30e</code></a> Sponsors: Sync README with website (ESLint Jenkins)</li> <li><a href="https://github.com/eslint/eslint/commit/a230f8404e4f2423dd79378b065d24c12776775b"><code>a230f84</code></a> Update: include node version in cache (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12582">#12582</a>) (Eric Wang)</li> <li><a href="https://github.com/eslint/eslint/commit/8b65f175dfb4fac11ed7184537be400ed14996fb"><code>8b65f17</code></a> Chore: remove references to parser demo (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12644">#12644</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/e9cef99e6ebec1faefdb576ca597e81ae4f04afd"><code>e9cef99</code></a> Docs: wrap {{}} in raw liquid tags to prevent interpolation (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12643">#12643</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/e70745325ff9e085acc6843dd8bfae5550645d4f"><code>e707453</code></a> Docs: Fix configuration example in no-restricted-imports (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11717">#11717</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12638">#12638</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/19194cec724e016df02376bbeae31171be6f0bdf"><code>19194ce</code></a> Chore: Add tests to cover default object options in comma-dangle (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12627">#12627</a>) (YeonJuan)</li> <li><a href="https://github.com/eslint/eslint/commit/6e36d12d95e76022172fd0ec8a5e85c22fde6a8a"><code>6e36d12</code></a> Update: do not recommend require-atomic-updates (refs <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11899">#11899</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12599">#12599</a>) (Kai Cataldo)</li> </ul> <p>v6.7.2 - November 30, 2019</p> <ul> <li><a href="https://github.com/eslint/eslint/commit/bc435a93afd6ba4def1b53993ef7cf8220f3f070"><code>bc435a9</code></a> Fix: isSpaceBetweenTokens() recognizes spaces in JSXText (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12614">#12614</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12616">#12616</a>) (Toru Nagashima)</li> <li><a href="https://github.com/eslint/eslint/commit/4928d513b4fe716c7ed958c294a10ef8517be25e"><code>4928d51</code></a> Fix: don't ignore the entry directory (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12604">#12604</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12607">#12607</a>) (Toru Nagashima)</li> <li><a href="https://github.com/eslint/eslint/commit/b41677ae2a143790b19b0e70391a46ec6c8f5de1"><code>b41677a</code></a> Docs: Clarify suggestion's data in Working with Rules (refs <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12606">#12606</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12617">#12617</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/ea16de4e7c6f661398b0b7843f95e5f307c89551"><code>ea16de4</code></a> Fix: Support tagged template literal generics in no-unexpected-multiline (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11698">#11698</a>) (Brad Zacher)</li> <li><a href="https://github.com/eslint/eslint/commit/fa6415d5b877370374a6a530a5190ab5a411b4dc"><code>fa6415d</code></a> Sponsors: Sync README with website (ESLint Jenkins)</li> <li><a href="https://github.com/eslint/eslint/commit/e1e158b4d7bd61e812723b378d2c391295da43a5"><code>e1e158b</code></a> Sponsors: Sync README with website (ESLint Jenkins)</li> </ul> <p>v6.7.1 - November 24, 2019</p> <ul> <li><a href="https://github.com/eslint/eslint/commit/dd1e9f4df2103c43509a54b0ad5f9106557997f9"><code>dd1e9f4</code></a> Fix: revert changes to key-spacing due to regression (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12598">#12598</a>) (Kai Cataldo)</li> <li><a href="https://github.com/eslint/eslint/commit/c644b5429e5bc8a050afd70c99ec82035eb611fa"><code>c644b54</code></a> Docs: Update README team and sponsors (ESLint Jenkins)</li> </ul> <p>v6.7.0 - November 22, 2019</p> <ul> <li><a href="https://github.com/eslint/eslint/commit/312a88f2230082d898b7d8d82f8af63cb352e55a"><code>312a88f</code></a> New: Add grouped-accessor-pairs rule (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12277">#12277</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12331">#12331</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/5c68f5feeb4a6c0cb53ff76b2fd255b5bfa69c93"><code>5c68f5f</code></a> Update: Add 'lexicalBindings' to no-implicit-globals and change messages (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11996">#11996</a>) (Milos Djermanovic)</li> <li><a href="https://github.com/eslint/eslint/commit/6eaad964ff159d0a38de96c1104782ffe6858c78"><code>6eaad96</code></a> New: Add suggestions API (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12384">#12384</a>) (Will Douglas)</li> <li><a href="https://github.com/eslint/eslint/commit/b336fbedecd85731611fdc2dfd8edb635a8b1c39"><code>b336fbe</code></a> Fix: indent rule with JSX spread props (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12581">#12581</a>) (Nathan Woltman)</li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/eslint/eslint/commit/9738f8cc864d769988ccf42bb70f524444df1349"><code>9738f8c</code></a> 6.8.0</li> <li><a href="https://github.com/eslint/eslint/commit/ba59cbf86a89db280aee4e4f8b98c81c3172f514"><code>ba59cbf</code></a> Build: changelog update for 6.8.0</li> <li><a href="https://github.com/eslint/eslint/commit/c5c708666b450fb69522a55aa375626f9297dc6f"><code>c5c7086</code></a> Fix: ignore aligning single line in key-spacing (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/11414">#11414</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12652">#12652</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/9986d9e0baed0d3586bbee472fe2fae2ed625f5d"><code>9986d9e</code></a> Chore: add object option test cases in yield-star-spacing (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12679">#12679</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/1713d0758b083f3840d724505f997a7cb20ff384"><code>1713d07</code></a> New: Add no-error-on-unmatched-pattern flag (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/10587">#10587</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12377">#12377</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/5c25a26608fbd9a1d0127c9a3653609aa4b63e86"><code>5c25a26</code></a> Update: autofix bug in lines-between-class-members (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12391">#12391</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12632">#12632</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/4b3cc5cd2459f04eae149faea0651785d7f9db0b"><code>4b3cc5c</code></a> Chore: enable prefer-regex-literals in eslint codebase (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12268">#12268</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/05faebb943456ad2b20117f3c8b3eccbe2e2fb03"><code>05faebb</code></a> Update: improve suggestion testing experience (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12602">#12602</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/05f7dd53ed91a6e3be9eb40825fb6d2207f82209"><code>05f7dd5</code></a> Update: Add suggestions for no-unsafe-negation (fixes <a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12591">#12591</a>) (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12609">#12609</a>)</li> <li><a href="https://github.com/eslint/eslint/commit/d3e43f1c10c5e19f40e7b3d3944b87f1b0c9c075"><code>d3e43f1</code></a> Docs: Update no-multi-assign explanation (<a href="https://github-redirect.dependabot.com/eslint/eslint/issues/12615">#12615</a>)</li> <li>Additional commits viewable in <a href="https://github.com/eslint/eslint/compare/v4.19.1...v6.8.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~eslintbot">eslintbot</a>, a new releaser for eslint since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+605 -291

1 comment

2 changed files

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump extend from 3.0.1 to 3.0.2 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps extend from 3.0.1 to 3.0.2. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>Low severity vulnerability that affects extend</strong> A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.</p> <p>Affected versions: >= 3.0.0 < 3.0.2</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/justmoon/node-extend/blob/master/CHANGELOG.md">extend's changelog</a>.</em></p> <blockquote> <h1>3.0.2 / 2018-07-19</h1> <ul> <li>[Fix] Prevent merging <code>proto</code> property (<a href="https://github-redirect.dependabot.com/justmoon/node-extend/issues/48">#48</a>)</li> <li>[Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>tape</code></li> <li>[Tests] up to <code>node</code> <code>v10.7</code>, <code>v9.11</code>, <code>v8.11</code>, <code>v7.10</code>, <code>v6.14</code>, <code>v4.9</code>; use <code>nvm install-latest-npm</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/justmoon/node-extend/commit/8d106d23931c0802e8b88188b0aac433e13358d9"><code>8d106d2</code></a> v3.0.2</li> <li><a href="https://github.com/justmoon/node-extend/commit/e97091fa7557e106042e475ef59e654fa9d2c7ab"><code>e97091f</code></a> [Dev Deps] update <code>tape</code></li> <li><a href="https://github.com/justmoon/node-extend/commit/e841aac7ce7119606345b440b0a9e7668e848985"><code>e841aac</code></a> [Tests] up to <code>node</code> <code>v10.7</code></li> <li><a href="https://github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190"><code>0e68e71</code></a> [Fix] Prevent merging <strong>proto</strong> property</li> <li><a href="https://github.com/justmoon/node-extend/commit/a689700740b44846e76f8f1dc4bdf230a2cb5c0d"><code>a689700</code></a> Only apps should have lockfiles</li> <li><a href="https://github.com/justmoon/node-extend/commit/f13c1c4e51c47b90604eb2dc56cc60561e497d36"><code>f13c1c4</code></a> [Dev Deps] update <code>eslint</code>, <code>@ljharb/eslint-config</code>, <code>tape</code></li> <li><a href="https://github.com/justmoon/node-extend/commit/f3570fe5582dbfba47e60c0cd75b4fb6f01cd3fe"><code>f3570fe</code></a> [Tests] up to <code>node</code> <code>v10.0</code>, <code>v9.11</code>, <code>v8.11</code>, <code>v7.10</code>, <code>v6.14</code>, <code>v4.9</code>; use...</li> <li>See full diff in <a href="https://github.com/justmoon/node-extend/compare/v3.0.1...v3.0.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -9

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

Bump coveralls from 3.0.1 to 3.0.9 dependencies

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps coveralls from 3.0.1 to 3.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nickmerwin/node-coveralls/releases">coveralls's releases</a>.</em></p> <blockquote> <h2>Maintenance, dependency refinement</h2> <ul> <li>removed Istanbul, mocha dependencies</li> <li>reverted cobertura-parse support (package dependency archived)</li> <li>removed snyk (automated security updates from GitHub via Dependabot enabled)</li> <li>improved Windows support</li> </ul> <h2>Feature / maintenance updates</h2> <h1>Added:</h1> <ul> <li>Cobertura support (<a href="https://github.com/ly-cultureiq">@ly-cultureiq</a>)</li> </ul> <h1>Fixed:</h1> <ul> <li>flag_name handling (<a href="https://github.com/joscha">@joscha</a>)</li> </ul> <h1>Improved</h1> <ul> <li>ES6-ified codebase (<a href="https://github.com/XhmikosR">@XhmikosR</a>)</li> <li>AppVeyor tests (<a href="https://github.com/XhmikosR">@XhmikosR</a>)</li> <li>GitHub Actions (<a href="https://github.com/XhmikosR">@XhmikosR</a>)</li> </ul> <h2>Dependency Security Updates</h2> <p>No release notes provided.</p> <h2>Dependency security updates</h2> <p>As suggested by NPM and Snyk.</p> <h2>v3.0.2</h2> <h2>Added:</h2> <ul> <li>support for named job flags via <code>COVERALLS_FLAG_NAME</code> (<a href="https://github.com/bytewalls">@bytewalls</a>)</li> </ul> <h2>Maintenance:</h2> <ul> <li>updated request (<a href="https://github.com/epheph">@epheph</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/2e2b108c68ba1b42901846537c60f714235bc78e"><code>2e2b108</code></a> bump version</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/50913edf8fcfb720e73789523b9e5999f508c43d"><code>50913ed</code></a> Remove the now unused istanbul and mocha-lcov-reporter devDependencies</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/1bceeffd92b9c194f7fe0e92200dde9ba4d6a37a"><code>1bceeff</code></a> Revert <a href="https://github-redirect.dependabot.com/nickmerwin/node-coveralls/issues/243">#243</a>.</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/4aa11a25fdf958c42b8b605833d4cd6faea19a2b"><code>4aa11a2</code></a> Remove snyk.</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/33eccc31975a1c692ed1064357150e2b91b91057"><code>33eccc3</code></a> Revert "CI: use <code>npm ci</code> on Node.js >=8."</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/236529bc7bb582a978940147e8e5faabfb87adab"><code>236529b</code></a> Update logger.js</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/3a90b074f6ccefd48b56103d3fd80ca41a7f18e2"><code>3a90b07</code></a> fix equality operator in logger.js</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/bbe2de5f5da546e2af095d00f585b73730bd9205"><code>bbe2de5</code></a> Update package.json</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/07ef87906da62f0b9e65532fb2da511c4f3e162b"><code>07ef879</code></a> Fix logger regression.</li> <li><a href="https://github.com/nickmerwin/node-coveralls/commit/f58f8b91a4ebb1834e03f8ea6de4d85105fa3a0b"><code>f58f8b9</code></a> README.md: Add GitHub Actions CI info.</li> <li>Additional commits viewable in <a href="https://github.com/nickmerwin/node-coveralls/compare/3.0.1...3.0.9">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+152 -147

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

[Security] Bump debug from 2.6.8 to 2.6.9 dependencies security

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps debug from 2.6.8 to 2.6.9. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from The GitHub Security Advisory Database.</em></p> <blockquote> <p><strong>Low severity vulnerability that affects debug</strong> The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.</p> <p>Affected versions: < 2.6.9</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/visionmedia/debug/releases">debug's releases</a>.</em></p> <blockquote> <h2>2.6.9</h2> <h3>Patches</h3> <ul> <li>Remove ReDoS regexp in <code>%o</code> formatter: <a href="https://github-redirect.dependabot.com/visionmedia/debug/issues/504">#504</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/zhuangya">@zhuangya</a> for their help!</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/visionmedia/debug/blob/2.6.9/CHANGELOG.md">debug's changelog</a>.</em></p> <blockquote> <h1>2.6.9 / 2017-09-22</h1> <ul> <li>remove ReDoS regexp in %o formatter (<a href="https://github-redirect.dependabot.com/visionmedia/debug/issues/504">#504</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/visionmedia/debug/commit/13abeae468fea297d0dccc50bc55590809241083"><code>13abeae</code></a> Release 2.6.9</li> <li><a href="https://github.com/visionmedia/debug/commit/f53962e944a87e6ca9bb622a2a12dffc22a9bb5a"><code>f53962e</code></a> remove ReDoS regexp in %o formatter (<a href="https://github-redirect.dependabot.com/visionmedia/debug/issues/504">#504</a>)</li> <li>See full diff in <a href="https://github.com/visionmedia/debug/compare/2.6.8...2.6.9">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+27 -10

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 2 months

PR closed andyfleming/interval-promise

Bump nyc from 11.7.1 to 15.0.0 dependencies

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.


Bumps nyc from 11.7.1 to 15.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/istanbuljs/nyc/blob/master/CHANGELOG.md">nyc's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/istanbuljs/nyc/compare/v14.1.1...v15.0.0">15.0.0</a> (2019-12-20)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>The <code>flow</code> and <code>jsx</code> parser plugins are no longer enabled by default.</li> <li>Node.js 8 is now required to run nyc</li> <li>Remove NYC_ROOT_ID and NYC_INSTRUMENTER environmental variables.</li> <li>The <code>root</code> field has been removed from processinfo files.</li> </ul> <h3>Features</h3> <ul> <li>Add <code>--use-spawn-wrap=true</code> option (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1169">#1169</a>) (<a href="https://github.com/istanbuljs/nyc/commit/df4de4d490f8cd32204fba66a810ed0444c26d0d">df4de4d</a>)</li> <li>Add <code>.cjs</code>, <code>.mjs</code>, <code>.ts</code>, <code>.tsx</code>, <code>.jsx</code> to default extensions (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1110">#1110</a>) (<a href="https://github.com/istanbuljs/nyc/commit/914b776215ad3ea54f0e46b4ba2904a8a9d4dfdd">914b776</a>), closes <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1103">#1103</a></li> <li>Allow <code>nyc instrument</code> to instrument code in place (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1149">#1149</a>) (<a href="https://github.com/istanbuljs/nyc/commit/77832845b85134d21eca3a23c812c4f21f36713f">7783284</a>)</li> <li>Drop node.js 6, upgrade dependencies (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1134">#1134</a>) (<a href="https://github.com/istanbuljs/nyc/commit/00c3b3440a5b2ffe11b9c19ae4e08ad2f5b70e33">00c3b34</a>)</li> <li>Filenames relative to project cwd in coverage reports (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1212">#1212</a>) (<a href="https://github.com/istanbuljs/nyc/commit/5258e9fdb1d9e3d4abd4cc9768bc09cd8040a6be">5258e9f</a>)</li> <li>Use @istanbuljs/schema for yargs setup (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1194">#1194</a>) (<a href="https://github.com/istanbuljs/nyc/commit/fd40d49331665d936b86f30e9a873ba80071b770">fd40d49</a>)</li> <li>Use istanbul-lib-processinfo (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1145">#1145</a>) (<a href="https://github.com/istanbuljs/nyc/commit/7943413dc032f8f98a164fdde88d7344e817bb5e">7943413</a>)</li> <li>Use source base name to prefix cache files (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1144">#1144</a>) (<a href="https://github.com/istanbuljs/nyc/commit/5c1b7a9c43771f3439af44a1104e5426519e1123">5c1b7a9</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Avoid <code>source-map</code> module during <code>signal-exit</code> handler (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1191">#1191</a>) (<a href="https://github.com/istanbuljs/nyc/commit/83eb6294f9492bf98405ee9fdf6281c3bc199a3d">83eb629</a>)</li> <li>Better error handling for main execution, reporting (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1229">#1229</a>) (<a href="https://github.com/istanbuljs/nyc/commit/dfd629d95716e6159aa7216c03e28a7fbbb161e7">dfd629d</a>)</li> <li>Correct handling of source-maps for pre-instrumented files (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1216">#1216</a>) (<a href="https://github.com/istanbuljs/nyc/commit/8411a26c9e520c66251cc8044cde2c81f33f1c5f">8411a26</a>), closes <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1208">#1208</a></li> <li>Drop coverage produced by <code>nyc --all</code> for files that were tested (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1155">#1155</a>) (<a href="https://github.com/istanbuljs/nyc/commit/fc1bbbf490f6ab0272359ce10ceb4987d1716256">fc1bbbf</a>), closes <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1113">#1113</a> <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1124">#1124</a> <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1148">#1148</a></li> <li>Honor eager setting (false by default) (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1179">#1179</a>) (<a href="https://github.com/istanbuljs/nyc/commit/c18fb0a9a8eae5904298d87c62d9934243de8674">c18fb0a</a>)</li> <li>Remove vestigial environment variables (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1078">#1078</a>) (<a href="https://github.com/istanbuljs/nyc/commit/cfd3da05156b98952f03f7be2dd3d23ba328073f">cfd3da0</a>)</li> </ul> <h2><a href="https://github.com/istanbuljs/nyc/compare/v14.1.0...v14.1.1">14.1.1</a> (2019-05-09)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>check-coverage:</strong> make the --temp-dir option visible (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1101">#1101</a>) (<a href="https://github.com/istanbuljs/nyc/commit/b5b67de">b5b67de</a>)</li> <li><strong>cli:</strong> Report error if unwanted positional arguments are received (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1100">#1100</a>) (<a href="https://github.com/istanbuljs/nyc/commit/57debc1">57debc1</a>), closes <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/401">#401</a></li> </ul> <h1><a href="https://github.com/istanbuljs/nyc/compare/v14.0.0...v14.1.0">14.1.0</a> (2019-04-24)</h1> <h3>Bug Fixes</h3> <ul> <li>Do not crash when nyc is run inside itself. (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1068">#1068</a>) (<a href="https://github.com/istanbuljs/nyc/commit/c4fcf5e">c4fcf5e</a>), closes <a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1067">#1067</a></li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/istanbuljs/nyc/commit/bebf4d68c6a2cb0c5fd66ba3513a8e68ad5a284f"><code>bebf4d6</code></a> chore(release): 15.0.0</li> <li><a href="https://github.com/istanbuljs/nyc/commit/293173086b550bf5c78696bf594e7db9b55a1db7"><code>2931730</code></a> chore: Update to final releases of dependencies (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1245">#1245</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/d44ff19105b681ecf4f156cf8a9bc902d1d4234d"><code>d44ff19</code></a> chore: Update node-preload and use process-on-spawn (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1243">#1243</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/5258e9fdb1d9e3d4abd4cc9768bc09cd8040a6be"><code>5258e9f</code></a> feat: Filenames relative to project cwd in coverage reports (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1212">#1212</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/6039f29478e60ecafe0b6eb4554829d5d256869b"><code>6039f29</code></a> chore: Unpin test-exclude, update to latest pre-releases (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1240">#1240</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/f3c9e6c2bb3424d404eb3b49004ec137cf451901"><code>f3c9e6c</code></a> chore: Temporarily pin test-exclude (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1239">#1239</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/28ed74659ddc8826a515d2e6eb570adb606fe549"><code>28ed746</code></a> chore: Lazy load modules that are rarely/never needed in test processes. (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1232">#1232</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/7307626536cb8c4bbb8de1003e16e7b8bd5e4959"><code>7307626</code></a> chore: Remove cp-file module (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1230">#1230</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/dfd629d95716e6159aa7216c03e28a7fbbb161e7"><code>dfd629d</code></a> fix: Better error handling for main execution, reporting (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1229">#1229</a>)</li> <li><a href="https://github.com/istanbuljs/nyc/commit/549c953b04597af81bbaf408441aafaa08e34fc1"><code>549c953</code></a> chore: Update dependencies, pin find-cache-dir (<a href="https://github-redirect.dependabot.com/istanbuljs/nyc/issues/1228">#1228</a>)</li> <li>Additional commits viewable in <a href="https://github.com/istanbuljs/nyc/compare/v11.7.1...v15.0.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~coreyfarrell">coreyfarrell</a>, a new releaser for nyc since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+1285 -2617

1 comment

2 changed files

dependabot-preview[bot]

pr closed time in 2 months

push eventandyfleming/interval-promise

Andy Fleming

commit sha 590eb52a946cb15bcfb0ec3b234ce08e54b409d1

Narrows lint scope

view details

Andy Fleming

commit sha 2e538539e9ecd7bd45e68c01f72cb440f1015d37

Updates dependencies

view details

Andy Fleming

commit sha c9e338694a70e9b33bf14d9800e90e0136579d95

Changes style of check for options passed

view details

Andy Fleming

commit sha a301696973b00ffb5477bfe30eaf5385d3d4257a

Changes function style for consistency

view details

push time in 2 months

push eventandyfleming/interval-promise

Andy Fleming

commit sha b8ef1eb63510baee54dbfe02e2cebcbc5fc6a841

Removing node versions 6 and 7 from CI

view details

push time in 2 months

push eventandyfleming/interval-promise

Andy Fleming

commit sha 8958772c00b3393f798db59b6048edc9e7041c04

Removing broken dependency badges

view details

push time in 2 months

push eventandyfleming/interval-promise

Andy Fleming

commit sha 42027f3a72cfa03fafa73d37a0e8308b64cae512

Adding later node versions

view details

Andy Fleming

commit sha b341accc8f193ec1a21c6f79d8b5d6a127a3a40f

Merge pull request #25 from andyfleming/more-ci-node-versions Adding later node versions to CI

view details

push time in 2 months

create barnchandyfleming/interval-promise

branch : more-ci-node-versions

created branch time in 2 months

push eventandyfleming/interval-promise

dependabot[bot]

commit sha 91eee98dd0f2b9d9501b028d833c9b2b36c7f4da

Bump lodash from 4.17.4 to 4.17.15 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.4 to 4.17.15. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.4...4.17.15) Signed-off-by: dependabot[bot] <support@github.com>

view details

Andy Fleming

commit sha 62a95fcbaa96fc48a8d91de7145724ad424cfa9c

Merge pull request #22 from andyfleming/dependabot/npm_and_yarn/lodash-4.17.15 Bump lodash from 4.17.4 to 4.17.15

view details

push time in 2 months

PR merged andyfleming/interval-promise

Bump lodash from 4.17.4 to 4.17.15 dependencies

Bumps lodash from 4.17.4 to 4.17.15. <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+71 -31

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

push eventandyfleming/interval-promise

​Faizaan

commit sha e7d89ae3592dbfa0a1a0f4771b664d4cf129d678

Modify Promise check, Closes #20

view details

Andy Fleming

commit sha a099d0735066e9defedcfb28bf8d1e7d4d8fe341

Abstracts value check to isPromise (to make it easier to follow)

view details

Andy Fleming

commit sha 2efc2f70d771f1d8fcb24e51e934f99fb900f98b

Updating the comment

view details

Andy Fleming

commit sha f19a69fcb89bc0b9c35c874dc9f114e866fd2909

Merge pull request #21 from aulisius/patch-1 Modify Promise check, Closes #20

view details

push time in 2 months

issue closedandyfleming/interval-promise

"Returns a Promise" check is incorrect

This library currently checks whether the callback returned a Promise by doing returnVal instanceof Promise, but this is incorrect; it only considers the global ES6 Promise implementation in the library's scope/realm, and not any other Promise implementations (including cross-realm Promises, non-global polyfills, and other Promises/A+ compliant Promise implementations such as Bluebird).

The correct check, as per the Promises/A+ specification, would be more something like:

returnVal != null && typeof returnVal.then === "function"

closed time in 2 months

joepie91

PR merged andyfleming/interval-promise

Modify Promise check, Closes #20

Based on discussion in #20 and googling around, I found this

https://stackoverflow.com/questions/27746304/how-do-i-tell-if-an-object-is-a-promise#27746324

It seems checking for the existence of a then on the prototype/instance is the most consistent solution.

I'm still thinking if there is a way to improve on this.

@andyfleming @joepie91 Any thoughts?

+10 -2

5 comments

1 changed file

aulisius

pr closed time in 2 months

pull request commentandyfleming/interval-promise

Modify Promise check, Closes #20

Thanks for your contribution @aulisius!

aulisius

comment created time in 2 months

pull request commentandyfleming/interval-promise

Modify Promise check, Closes #20

@bobvanmanen — I'm not sure about long-term, but initially I'm hesitant to make the assumption that non-promise values should just be resolved.

aulisius

comment created time in 2 months

push eventaulisius/interval-promise

Andy Fleming

commit sha 2efc2f70d771f1d8fcb24e51e934f99fb900f98b

Updating the comment

view details

push time in 2 months

push eventaulisius/interval-promise

Andy Fleming

commit sha a099d0735066e9defedcfb28bf8d1e7d4d8fe341

Abstracts value check to isPromise (to make it easier to follow)

view details

push time in 2 months

push eventandyfleming/javascript

Andy Fleming

commit sha 7f739c0145174debd561fbf8c5ea38c9ca661ba4

set eslint min version to 6 to match other plguins/configs

view details

push time in 3 months

Pull request review commentgodaddy/javascript

Adds TypeScript flavor packages for ESLint

+{+  "name": "eslint-config-godaddy-react-typescript",+  "version": "1.0.0",+  "description": "ESLint config for consistent style in ES6 React projects using TypeScript at GoDaddy.",+  "scripts": {+    "lint": "eslint .",+    "pretest": "npm run --silent lint",+    "test": "echo ok",+    "unused": "eslint-find-rules --unused ./index.js || echo ''"+  },+  "repository": {+    "type": "git",+    "url": "git@github.com:godaddy/javascript.git"+  },+  "keywords": [+    "godaddy",+    "javascript",+    "styleguide",+    "style-guide",+    "eslint",+    "es6",+    "react",+    "typescript"+  ],+  "bin": {+    "eslint-godaddy-react-typescript": "bin/eslint-godaddy-react-typescript"+  },+  "dependencies": {+    "eslint-config-godaddy-react": "^5.0.0"+  },+  "peerDependencies": {+    "@typescript-eslint/eslint-plugin": "^2.3.1",

Take a look at the latest version of this and see if it aligns with what you have in mind.

andyfleming

comment created time in 3 months

push eventandyfleming/javascript

Andy Fleming

commit sha 56a7741b732b2eae0c118eb512b1efc86c6d30ca

adds JSON files and removes unnecessary files for non-react config

view details

push time in 3 months

Pull request review commentgodaddy/javascript

Adds TypeScript flavor packages for ESLint

+module.exports = {+  extends: [+    require('./extends')('eslint-config-godaddy')+  ],+  parser: '@typescript-eslint/parser',+  plugins: ['@typescript-eslint'],+  overrides: [+    {+      files: ['*.js', '*.ts', '*.tsx'],

Probably not. Similarly I can remove the prop types rule below.

andyfleming

comment created time in 3 months

Pull request review commentgodaddy/javascript

Adds TypeScript flavor packages for ESLint

+module.exports = {+  extends: [+    require('./extends')('eslint-config-godaddy-react'),+    'plugin:eslint-plugin-react/recommended'+  ],+  parser: '@typescript-eslint/parser',+  plugins: ['@typescript-eslint'],+  overrides: [+    {+      files: ['*.js', '*.ts', '*.tsx'],

Sure, I'll add those. Good call.

andyfleming

comment created time in 3 months

push eventandyfleming/javascript

Fabio M. Costa

commit sha 21493ee50b7ad4c0e04031a89b5dd1b92e137d9f

[proposal] Making most peerDependencies -> dependencies (#88) Remove most peerDependencies and change to dependencies

view details

Andy Fleming

commit sha 5211382867c85dcc206eeb6fbbc9f84062b18535

merging upstream changes

view details

Andy Fleming

commit sha 1ec333e587013911d01acf22f77c7f02168d6db2

tweaking dependencies to align with #88

view details

push time in 3 months

Pull request review commentgodaddy/javascript

Adds TypeScript flavor packages for ESLint

 module.exports = function (filename) {   // Only force our config file if there is one not in the current   // directory AND not specified by the command line.   //-  fs.readdir(cwd, function (err, files) {-    if (err) { throw err; }+  fs.readdir(cwd, function (readErr, files) {+    if (readErr) { throw readErr; }

Changed this to pass our own lint.

andyfleming

comment created time in 3 months

Pull request review commentgodaddy/javascript

Adds TypeScript flavor packages for ESLint

 # godaddy-style -Official GoDaddy JavaScript styleguide. It includes `eslint` packages for three use-cases and can be used as a standard in any new project.+Official GoDaddy JavaScript styleguide. It includes `eslint` packages for various use-cases and can be used as a standard in any new project.  - [`eslint-config-godaddy`]: Base configuration for _non-React_, ES6 JavaScript applications - [`eslint-config-godaddy-react`]: Configuration for ES6 React JavaScript applications - [`eslint-config-godaddy-es5`]: Configuration for React _and_ non-React ES5 JavaScript applications+- [`eslint-config-godaddy-typescript`]: Configuration for ES6 TypeScript applications+- [`eslint-config-godaddy-react-typescript`]: Configuration for ES6 React JavaScript applications+- [`eslint-config-godaddy-flow`]: Configuration for ES6 React JavaScript applications using Flow

No problem! 🙂

andyfleming

comment created time in 3 months

PR opened godaddy/javascript

Adds TypeScript flavor packages for ESLint
+4644 -8

0 comment

22 changed files

pr created time in 3 months

push eventandyfleming/javascript

Andy Fleming

commit sha 01a38dd26add08a413d6060ee8f80a5db82d6e60

adds initial implementation of typescript lint packages

view details

Andy Fleming

commit sha 979d5e51eb070a93e2e847dc4436c6024596d3af

tweaks dependencies and syntax to pass tests

view details

push time in 3 months

create barnchandyfleming/javascript

branch : eslint-typescript

created branch time in 3 months

fork andyfleming/javascript

The official GoDaddy JavaScript styleguide.

fork in 3 months

startedgodaddy/gasket

started time in 4 months

issue commentreact-static/react-static

[Bug] Import ts files in static.config.js in React Static typescript template

Fair enough. Sounds good. 👍

Is there a milestone or somewhere where RS 8 is being tracked?

HuberttK

comment created time in 4 months

issue commentreact-static/react-static

[Bug] Import ts files in static.config.js in React Static typescript template

@SleeplessByte — ts-node only specifies typescript as a peer dependency so it doesn't limit which version of typescript you use (as far as I know). Similarly, I believe it will respect a tsconfig.json file if it's present.

HuberttK

comment created time in 4 months

issue commentmicrosoft/TypeScript

module name mismatch in declaration

No problem. I went ahead and copied code into the original comment/issue. 👍

andyfleming

comment created time in 5 months

issue commentdenoland/deno

[cli] Remove URL dependencies of std for subcommands

I agree it's nice for the binary to be small, but I'd be curious as to what the size cost is of including the subcommands. It seems strange for them to not ship with them included.

keroxp

comment created time in 5 months

startedcontiamo/restful-react

started time in 5 months

issue commentdenoland/deno

Remove --no-prompt ... require users to explicitly prompt for permission

I think permissions.request() should just fail unless a --prompt flag is present. I don't think we want to be in a situation where we're guessing if a prompt will ask for prompts.

If I'm running a script with the default settings (which is basically an implied non-interactive mode), I don't think a script should be able to override that.

ry

comment created time in 5 months

issue commentmicrosoft/TypeScript

Proposal: Bundling TS module type definitions

Also still looking for support for this.

In addition to outFile, it might be nice to specify outModule if you want the name to be different.

{
  "compilerOptions": {
    "module": "commonjs",
    "declarations": true,
    "out": "./types/lib.js",
    "outModule": "@my-org/example-package"
  }
}

One other alternative to consider would be to declare the module based on the name field in package.json.

weswigham

comment created time in 5 months

issue closedmicrosoft/TypeScript

Declared module name does not match name in package.json

TypeScript Version: 3.7.0-dev.20191021

Search Terms:

  • package.json
  • export
  • modules
  • index
  • package name
  • definition

Code

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro

Expected behavior:

A module @example-org/example-package should be declared matching the name in package.json.

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro/blob/master/package.json#L2

Actual behavior:

The module is declared as index.

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro/blob/master/js/index.d.ts#L8

Steps to reproduce

  1. Clone https://github.com/andyfleming/typescript-module-declaration-mismatch-repro
  2. Run npm install
  3. Run npm run generate-types
  4. Observe declared "index" module

closed time in 5 months

andyfleming

issue commentmicrosoft/TypeScript

Declared module name does not match name in package.json

Ah, yeah, removing outFile exports them properly.

You're right that bundling is part of what I'm looking for. I'm going to add a comment related to the package.json name matching feature in that thread.

I'll go ahead and close this one since it's basically covered over there.

andyfleming

comment created time in 5 months

issue commentdenoland/deno

Subresource integrity for modules

Some thoughts about lock file concepts (from gitter)

discussion permalink (gitter.im)


Ryan Dahl @ry yes we need lock files......

Jed Fox @j-f1 Lockfiles only work if you can get a permanent link to a given file. Deno’s method of pulling data from arbitrary URLs means that there is no way to get a permanent link, so the only ways to implement a lockfile would be to store hashes and prevent the user from running the code if the contents of the URL have changed (like SRI) or to make the lockfile store a copy of every dependency (maybe in a compressed form so it doesn’t waste space?). Unless there’s something I’m not thinking of.

Ryan Dahl @ry @j-f1 storing a hash of every dependency isn't a problem - and, yes, if people link to a master branch they will not have stable code. a permanent link is only permanent until it isn't :P that is, just because "npm.org" or "crates.io" says something is permanent doesn't mean it actually is. Similarly for https://deno.land/std@v0.21.0/examples/cat.ts ...

Jed Fox @j-f1 That’s true, but those registries have a stronger commitment to immutability than we do, since it’s possible to modify a Git tag.

Ryan Dahl @ry deno.land isn't special - unpkg.org or pika.dev can maybe provide those sorts of promises - so lockfiles would be useful. The lockfile just says - "last time i ran this, i had this exact code, and next time i run it i want to error out unless it's this exact code" seems very reasonable feature. the fact that git supports force pushing has nothing to do with that.

Bartek Iwańczuk @bartlomieju seems relatively easy to implement with current infrastructure deno --reload would overwrite lock file I'm not sure how it should interact with dynamic imports tho

Nayeem Rahman @nayeemrmn Where exactly would the lock file go? DENO_DIR?

Ryan Dahl @ry @nayeemrmn hmm - yea I think that would be reasonable. probably we would just ignore the lockfile unless --locked was present ? actually the lockfile needs to be checked into the project - so it shouldn't be in the DENO_DIR.

Nayeem Rahman @nayeemrmn Exactly

Bartek Iwańczuk @bartlomieju deno --lock, deno --lock=.my.deno.lock ?

Ryan Dahl @ry deno generate-lockfile https://deno.land/std/examples/gist.ts ? kinda verbose https://doc.rust-lang.org/cargo/commands/cargo-generate-lockfile.html <--- that's what cargo does tho deno fetch --generate-lockfile https://deno.land/std/examples/gist.ts idk something like that

Nayeem Rahman @nayeemrmn Maybe DENO_DIR could instead locate itself where the lock file is... like how npm uses package.json to locate the project root and puts node_modules there? 😅😅 Then you could implicitly declare a project with touch deno-lock or something

Ryan Dahl @ry I think just explicitly specifying where the lockfile is is fine it's not something you do interactively usually - so it doesn't need to be ergonomic you just have it in CI

Nayeem Rahman @nayeemrmn It needs to be done for any commit with a new dependency., that's if you only care about CI.

Andy Fleming @andyfleming What's the behavior on mismatch with the lock? It seems like the lock file should automatically be used and a flag --ignore-lock and/or --update-lock should be offered.

Andy Fleming @andyfleming Also, @ry, I disagree about the lockfile only being needed for CI. Even locally when developing, dependencies should be deterministic by default. I should be aware if I’m pulling a different version/content than expected. Dev teams commonly use npm ci for this reason now. I could be won over on it being a warning by default. That's reasonable. Then we could have another flag like --strict or --strict-lock that would cause the script to exit immediately on mismatch (which would be used for CI/production)

Andy Hayden @hayd strict with a descriptive error message seems a better default.

Nayeem Rahman @nayeemrmn

It seems like the lock file should automatically be used and a flag --ignore-lock and/or --update-lock should be offered.

The problem with this was that there isn't an obvious answer to where the lock file should go by default and whose dependencies populate it, that's what spurred the discussion. I agree that using lock files shouldn't require a flag every time... this should be thought through more.

Andy Fleming @andyfleming The SRI approach (denoland/deno#200) would address that. Locks would effectively be inline. Then it could fail with a descriptive error message (like you are saying @hayd) by default unless --ignore-sri is on The only thing that would get a little uglier is generating/updating "locks". Do we modify the import lines for users with a command?

Nayeem Rahman @nayeemrmn To be clear, I still like lock files being optional. My suggestion was to have deno scan your directory tree for a lock file and use it if and only if it exists... somehow build a solution around that.

Yeah I haven't looked much into it but SRI seems like it would work too. Lock files are probably more convenient.

Andy Fleming @andyfleming A challenge of the SRI approach is if you wanted to lock someone else's files. You might be able to lock the contents of the first file that you are importing from a URL, but if it imports another URL without SRI, we don't really have a guarantee about that 2nd file's contents.

Nayeem Rahman @nayeemrmn Oh... yeah that's definitely a deal breaker. SRI doesn't substitute a lock file.

Andy Hayden @hayd yeah, I guess my point was IF you have a lock file it THEN you should error if there's a mismatch.

other questions seem very much open...

nknapp

comment created time in 5 months

issue closeddenoland/deno

Deno should have a lock file

Opening this issue to make it easier to find #200

Search terms

  • deno lock
  • deno-lock.json
  • deno.lock
  • lock file
  • package-lock.json
  • security

closed time in 5 months

andyfleming

issue openeddenoland/deno

Deno should have a lock file

Opening this issue to make it easier to find #200

Search terms

  • deno lock
  • deno-lock.json
  • deno.lock
  • lock file
  • package-lock.json
  • security

created time in 5 months

issue commentdenoland/deno

Remove --no-prompt ... require users to explicitly prompt for permission

Would we consider adding the inverse, --prompt if we make --no-prompt the default?

My fear is that if some projects have to instruct users to use a number of specific flags, they might get lazy and start suggesting --allow-all, which would default the whole purpose.


(copied this comment from https://github.com/denoland/deno/issues/3162 since it's more relevant over here)

ry

comment created time in 5 months

issue openedmicrosoft/TypeScript

module name mismatch in declaration

TypeScript Version: 3.7.0-dev.20191021

Search Terms:

  • declaration
  • modules

Code

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro

Expected behavior:

A valid index.d.ts file should be emitted.

Actual behavior:

The module is declared as "versions.static" on line 1, but is imported below as "versions.static.js" on line 10 (and not found).

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro/blob/master/js/index.d.ts#L1

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro/blob/master/js/index.d.ts#L10

Steps to reproduce

  1. Clone https://github.com/andyfleming/typescript-module-declaration-mismatch-repro
  2. Run npm install
  3. Run npm run generate-types
  4. Observe declared "versions.static" module and import attempt as "versions.static.js".

created time in 5 months

issue openedmicrosoft/TypeScript

Declared module name does not match name in package.json

TypeScript Version: 3.7.0-dev.20191021

Search Terms:

  • package.json
  • export
  • modules
  • index
  • package name
  • definition

Code

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro

Expected behavior:

A module @example-org/example-package should be declared matching the name in package.json.

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro/blob/master/package.json#L2

Actual behavior:

The module is declared as index.

https://github.com/andyfleming/typescript-module-declaration-mismatch-repro/blob/master/js/index.d.ts#L8

Steps to reproduce

  1. Clone https://github.com/andyfleming/typescript-module-declaration-mismatch-repro
  2. Run npm install
  3. Run npm run generate-types
  4. Observe declared "index" module

created time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha 831dd750d8109b96aaf96f94d179a57336ea31b1

Fixes typo

view details

push time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha 5742d04c0101831f6b87a0d72701af3e7b6e6214

Update package.json

view details

push time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha ab9edbbe7bd8010a2118a96d987a2bfcf228f7d3

Create versions.static.js

view details

push time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha 2dc12b9c0202a7e909c81b36b33a877ccf9f78b8

Create index.d.ts

view details

push time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha af3ee35c9a11187e9b0d87d43228a014cf89e406

Create index.js

view details

push time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha 1dd06141f171dc8bb469b2d28c2a7d07cb10522a

Create tsconfig.json

view details

push time in 5 months

push eventandyfleming/typescript-module-declaration-mismatch-repro

Andy Fleming

commit sha 0faf13c14503c12b422aa855a394f239cd3104d1

Create package.json

view details

push time in 5 months

create barnchandyfleming/typescript-module-declaration-mismatch-repro

branch : master

created branch time in 5 months

created repositoryandyfleming/typescript-module-declaration-mismatch-repro

created time in 5 months

created repositoryandyfleming/typescript-module-declaration-mismatch-repro

created time in 5 months

issue commentdenoland/deno

Feature Request: quiet or silent flag

@ry — That sounds like a better default.

Would we consider adding the inverse, --prompt?

My fear is that if some projects have to instruct users to use a number of specific flags, they might get lazy and start suggesting --allow-all, which would default the whole purpose.

qwerasd205

comment created time in 5 months

issue commentdenoland/deno

Feature: Require a minimum deno and typescript version

When they don't user a prompt to upgrade, they target an older version of javascript.

I'm not really sure that is true. Most of the "legacy" stuff in Node.js eco-system are authors who just don't care about refactoring their code.

I was talking about browser use cases specifically there. I don't think that's as common for node.js modules.


In general, I agree with your thoughts and don't think this is priority.

After some more thought too, I think the more common use case is going to be users running a newer version of deno with an older script (which wouldn't be a problem).

andyfleming

comment created time in 5 months

push eventandyfleming/deno

Andy Fleming

commit sha 96b37899a179c1da92d8107658df20577becb856

fixes formatting

view details

push time in 5 months

push eventandyfleming/deno

Andy Fleming

commit sha abb745dfc27f7d8d34618a3cf08666c4abd8399f

Removes outdated note Co-Authored-By: Nayeem Rahman <muhammed.9939@gmail.com>

view details

push time in 5 months

Pull request review commentdenoland/deno

docs(website/manual): Manual introduction improvements

 program, it is runnable with nothing more than Deno explicitly takes on the role of both runtime and package manager. It uses a standard browser-compatible protocol for loading modules: URLs. -Deno provides security guarantees about how programs can access your system with-the default being the most restrictive secure sandbox.--Deno provides <a href="https://github.com/denoland/deno/tree/master/std">a set-of reviewed (audited) standard modules</a> that are guaranteed to work with-Deno.+Among other things, Deno is a great replacement for utility scripts that may+have been historically written with bash or python.  ### Goals -- Support TypeScript out of the box.-+1. Only ship a single executable (`deno`).+2. Provide Secure Defaults+   - Unless specifically allowed, scripts can't access files, the environment,+     or the network.+3. Browser compatible: The subset of Deno programs which are written completely+   in JavaScript and do not use the global `Deno` namespace (or feature test for+   it), ought to also be able to be run in a modern web browser without change.+4. Be able to serve HTTP efficiently+5. Provide a great developer experience include built-in tooling.+6. Does not leak browser or V8 concepts into user land.++### Comparison to Node.js++- Deno does not use `npm`+  - It uses modules referenced as URLs or file paths+- Deno does not use a `package.json`+  - This is a non-goal. There are effective patterns [citation needed] for+    managing dependencies.+- Deno provides different APIs than node.+- Deno requires explicit permissions for file, network, and environment access.+  - Node is less secure out of the box.+- Deno always dies on uncaught errors. - Uses "ES Modules" and does not support `require()`. Like the browser, allows   imports from URLs: -  ```ts-  import * as log from "https://deno.land/std/log/mod.ts";-  ```+```ts+import * as log from "https://deno.land/std/log/mod.ts";+```++### Other key behaviors  - Remote code is fetched and cached on first execution, and never updated until   the code is run with the `--reload` flag. (So, this will still work on an   airplane. See `~/.deno/src` for details on the cache.)+- Modules/files loaded from remote URLs are intended to be immutable and+  cacheable. -- File system and network access can be controlled in order to run sandboxed-  code. Access between V8 (unprivileged) and Rust (privileged) is only done via-  serialized messages. This makes it easy to audit. For example, to enable write-  access use the flag `--allow-write` or for network access `--allow-net`.--- Only ship a single executable.--- Always dies on uncaught errors.--- Browser compatible: The subset of Deno programs which are written completely-  in JavaScript and do not use the global `Deno` namespace (or feature test for-  it), ought to also be able to be run in a modern web browser without change.--- [Aims to support top-level `await`.](https://github.com/denoland/deno/issues/471)

Forgot to mention that I purposely deleted this since it's (most likely) going to be standard in javascript anyway.

andyfleming

comment created time in 5 months

issue openedmaxmcd/deno-docker

The default command should silent compiling notifications

If a silent/quiet flag is added (https://github.com/denoland/deno/issues/3162), the default command should utilize it.

created time in 5 months

PR opened maxmcd/deno-docker

The default command should turn off prompts
+1 -1

0 comment

1 changed file

pr created time in 5 months

push eventandyfleming/deno-docker

Andy Fleming

commit sha 5cc44a89ca6feee5610b70e0df2d679726b39a58

The default command should turn off prompts

view details

push time in 5 months

issue commentdenoland/deno

Feature Request: quiet or silent flag

One use case where I imagine this being useful would be in a docker deployment.

  • I'd want my script to only output its own output (without compile messages).
  • I wouldn't want it to prompt for permissions. (I'd want it to fail fast.)
  • I'd want to disable pulling any scripts (and only use local or cached scripts) with a flag like --no-fetch. (This would be a useful tool for ensuring a deterministic build.)

I'd basically imagine running with:

deno --quiet --no-prompt --no-fetch

I'd be fine calling it deno --production, but I think that would be more controversial. 😝

qwerasd205

comment created time in 5 months

issue commentdenoland/deno

Feature: Require a minimum deno and typescript version

Applications do often have prompts for users to upgrade/switch browsers if their browser is unsupported / old.

Aside from that, developers have to worry about it. When they don't user a prompt to upgrade, they target an older version of javascript. That's why we have so much tooling for transpiling, polyfilling, and targeting browser compatibility. There's babel, typescript's target option, lint rules, browserlist and preset-env, etc etc.

On the node/npm side of things you have the engines field, which is more the approach of having a minimum version.

andyfleming

comment created time in 5 months

more