@karpathy What do you think? We get lots of requests for this from arXiv Vanity users. An email today reminded me of this issue...

This looks good to me!

Bumps pylint-django from 2.0.11 to 2.0.12. <details> <summary>Release notes</summary>

Sourced from pylint-django's releases.

Version 2.0.12 (04 Nov 2019)

• Fix too broad suppression of unused-argument warnings for functions and methods where the first argument is named request. Now issues warnings for the rest of the arguments if they are unused. Fix #249 (Pascal Urban)
• Pass arguments of scripts/test.sh to test_func/pytest to ease development (Pascal Urban)
• Document behavior when ForeignKey fields are referenced as strings. Fix #241 </details> <details> <summary>Changelog</summary>

Sourced from pylint-django's changelog.

Version 2.0.12 (04 Nov 2019)

• Fix too broad suppression of unused-argument warnings for functions and methods where the first argument is named request. Now issues warnings for the rest of the arguments if they are unused. Fix #249 (Pascal Urban)
• Pass arguments of scripts/test.sh to test_func/pytest to ease development (Pascal Urban)
• Document behavior when ForeignKey fields are referenced as strings. Fix #241 </details> <details> <summary>Commits</summary>

• d9147ab Forgot to update version to 2.0.12
• 0df77f0 Changelog for v2.0.12
• 5f752b6 Ignore unused-argument warning for request arguments (Fixes #249)
• d2ad9ff Load pylint plugin configuration in test case
• f75962f Pass arguments of test.sh to test_func/pytest
• 85430c5 Add SECURITY.md for Tidelift
• f1cce09 Disable new pylint warning
• 11181aa tests: clone pylint locally for CI. Fixes #250
• 695d1b6 Update expected test message for new pylint
• d00dafb Document FK-string-reference behavior. Fixes #241
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps python-dateutil from 2.8.0 to 2.8.1. <details> <summary>Release notes</summary>

Sourced from python-dateutil's releases.

2.8.1

Version 2.8.1 (2019-11-03)

Data updates

• Updated tzdata version to 2019c.

Bugfixes

• Fixed a race condition in the tzoffset and tzstr "strong" caches on Python 2.7. Reported by [@​kainjow](https://github.com/kainjow) (gh issue #901).
• Parsing errors will now raise ParserError, a subclass of ValueError, which has a nicer string representation. Patch by [@​gfyoung](https://github.com/gfyoung) (gh pr #881).
• parser.parse will now raise TypeError when tzinfos is passed a type that cannot be interpreted as a time zone. Prior to this change, it would raise an UnboundLocalError instead. Patch by [@​jbrockmendel](https://github.com/jbrockmendel) (gh pr #891).
• Changed error message raised when when passing a bytes object as the time zone name to gettz in Python 3. Reported and fixed by [@​labrys](https://github.com/labrys) () (gh issue #927, gh pr #935).
• Changed compatibility logic to support a potential Python 4.0 release. Patch by Hugo van Kemenade (gh pr #950).
• Updated many modules to use tz.UTC in favor of tz.tzutc() internally, to avoid an unnecessary function call. (gh pr #910).
• Fixed issue where dateutil.tz was using a backported version of contextlib.nullcontext even in Python 3.7 due to a malformed import statement. (gh pr #963).

Tests

• Switched from using assertWarns to using pytest.warns in the test suite. (gh pr #969).
• Fix typo in setup.cfg causing PendingDeprecationWarning to not be explicitly specified as an error in the warnings filter. (gh pr #966)
• Fixed issue where test_tzlocal_offset_equal would fail in certain environments (such as FreeBSD) due to an invalid assumption about what time zone names are provided. Reported and fixed by Kubilay Kocak (gh issue #918, pr #928).
• Fixed a minor bug in test_isoparser related to bytes/str handling. Fixed by [@​fhuang5](https://github.com/fhuang5) (gh issue #776, gh pr #879).
• Explicitly listed all markers used in the pytest configuration. (gh pr #915)
• Extensive improvements to the parser test suite, including the adoption of pytest-style tests and the addition of parametrization </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from python-dateutil's changelog.

Version 2.8.1 (2019-11-03)

Data updates

• Updated tzdata version to 2019c.

Bugfixes

• Fixed a race condition in the tzoffset and tzstr "strong" caches on Python 2.7. Reported by @​kainjow (gh issue #901).
• Parsing errors will now raise ParserError, a subclass of ValueError, which has a nicer string representation. Patch by @​gfyoung (gh pr #881).
• parser.parse will now raise TypeError when tzinfos is passed a type that cannot be interpreted as a time zone. Prior to this change, it would raise an UnboundLocalError instead. Patch by @​jbrockmendel (gh pr #891).
• Changed error message raised when when passing a bytes object as the time zone name to gettz in Python 3. Reported and fixed by @​labrys () (gh issue #927, gh pr #935).
• Changed compatibility logic to support a potential Python 4.0 release. Patch by Hugo van Kemenade (gh pr #950).
• Updated many modules to use tz.UTC in favor of tz.tzutc() internally, to avoid an unnecessary function call. (gh pr #910).
• Fixed issue where dateutil.tz was using a backported version of contextlib.nullcontext even in Python 3.7 due to a malformed import statement. (gh pr #963).

Tests

• Switched from using assertWarns to using pytest.warns in the test suite. (gh pr #969).
• Fix typo in setup.cfg causing PendingDeprecationWarning to not be explicitly specified as an error in the warnings filter. (gh pr #966)
• Fixed issue where test_tzlocal_offset_equal would fail in certain environments (such as FreeBSD) due to an invalid assumption about what time zone names are provided. Reported and fixed by Kubilay Kocak (gh issue #918, pr #928).
• Fixed a minor bug in test_isoparser related to bytes/str handling. Fixed by @​fhuang5 (gh issue #776, gh pr #879).
• Explicitly listed all markers used in the pytest configuration. (gh pr #915)
• Extensive improvements to the parser test suite, including the adoption of pytest-style tests and the addition of parametrization of several test cases. Patches by @​jbrockmendel (gh prs #735, #890, #892, #894).
• Added tests for tzinfos input types. Patch by @​jbrockmendel (gh pr #891). </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• fc9b162 Merge pull request #974 from pganssle/release_2.8.1
• 4ccc8bb Update changelog for 2.8.1 release.
• 5fdbdbb Merge pull request #971 from pganssle/update_releasing
• e0f0b7e Add changelog for PR #971
• 9390c88 Update RELEASING documentation
• 3c9ccaa Change "Misc" to showcontent=True
• 58a4e46 Add "news" environment to tox
• 55301cd Fix Travis test for build command.
• e03f1de Add working build and release tox environments.
• 357c62c Merge pull request #973 from pganssle/strong_cache_race
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps django from 2.2.6 to 2.2.7. <details> <summary>Commits</summary>

• 27f2b44 [2.2.x] Bumped version for 2.2.7 release.
• 1cbf607 [2.2.x] Updated man page for Django 2.2.
• 6f26693 [2.2.x] Added release dates for 2.2.7, 2.1.14, and 1.11.26.
• 785d170 [2.2.x] Fixed #30931 -- Restored ability to override Model.get_FIELD_display().
• eb8a53c [2.2.x] Fixed typo in docs/ref/signals.txt.
• 3ca4457 [2.2.x] Corrected error message in Many-to-many relationships docs.
• 972eef6 [2.2.x] Fixed #30927 -- Simplified an example of test for the deprecation war...
• 9d15f1e [2.2.x] Fixed #30917 -- Clarified formsets topic documentation.
• 4cc1549 [2.2.x] Fixed #13750 -- Clarified need to reopen models.ImageField.image file...
• 4d992bc [2.2.x] Fixed typo in docs/topics/files.txt.
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

@greigs no I've been very busy, sorry! Would this be useful for you?

Beep boop. Your images are optimized!

Your image file size has been reduced!

<details> <summary> Details </summary>

</details>

📝docs | :octocat: repo | 🙋issues | 🏅swag | 🏪marketplace

Bumps dotenv from 8.1.0 to 8.2.0. <details> <summary>Changelog</summary>

Sourced from dotenv's changelog.

8.2.0 (2019-10-16)

</details> <details> <summary>Commits</summary>

• 70425a9 chore(release): 8.2.0
• 75986d3 TypeScript types (#430)
• ba6b34d optimize dotenv.png (#424)
• See full diff in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps eslint from 6.3.0 to 6.5.1. <details> <summary>Release notes</summary>

Sourced from eslint's releases.

v6.5.1

• 0d3d7d9 Docs: fix typo in no-magic-numbers (#12345) (Josiah Rooney)
• 447ac87 Fix: no-useless-rename handles ExperimentalRestProperty (fixes #12335) (#12339) (Kai Cataldo)
• b6ff73c Sponsors: Sync README with website (ESLint Jenkins)

v6.5.0

• 73596cb Update: Add enforceForSwitchCase option to use-isnan (#12106) (Milos Djermanovic)
• d592a24 Fix: exclude \u000d so new line won't convert to text (fixes #12027) (#12031) (zamboney)
• e85d27a Fix: no-regex-spaces false positives and invalid autofix (fixes #12226) (#12231) (Milos Djermanovic)
• b349bf7 Fix: prefer-named-capture-group incorrect locations (fixes #12233) (#12247) (Milos Djermanovic)
• 7dc1ea9 Fix: no-useless-return autofix removes comments (#12292) (Milos Djermanovic)
• 0e68677 Fix: no-extra-bind autofix removes comments (#12293) (Milos Djermanovic)
• 6ad7e86 Fix: no-extra-label autofix removes comments (#12298) (Milos Djermanovic)
• acec201 Fix: no-undef-init autofix removes comments (#12299) (Milos Djermanovic)
• d89390b Fix: use async reading of stdin in bin/eslint.js (fixes #12212) (#12230) (Barrie Treloar)
• 334ca7c Update: no-useless-rename also reports default values (fixes #12301) (#12322) (Kai Cataldo)
• 41bfe91 Update: Fix handling of chained new expressions in new-parens (#12303) (Milos Djermanovic)
• 160b7c4 Chore: add autofix npm script (#12330) (Kai Cataldo)
• 04b6adb Chore: enable eslint-plugin-jsdoc (refs #11146) (#12332) (Kai Cataldo)
• 9b86167 Docs: Add new ES environments to Configuring ESLint (#12289) (Milos Djermanovic)
• c9aeab2 Docs: Add supported ECMAScript version to README (#12290) (Milos Djermanovic)
• 8316e7b Fix: no-useless-rename autofix removes comments (#12300) (Milos Djermanovic)
• 29c12f1 Chore: cache results in runtime-info (#12320) (Kai Cataldo)
• f5537b2 Fix: prefer-numeric-literals autofix removes comments (#12313) (Milos Djermanovic)
• 11ae6fc Update: Fix call, new and member expressions in no-extra-parens (#12302) (Milos Djermanovic)
• a7894eb New: add --env-info flag to CLI (#12270) (Kai Cataldo)
• 61392ff Sponsors: Sync README with website (ESLint Jenkins)
• 2c6bf8e Docs: English fix (#12306) (Daniel Nixon)
• 6f11877 Sponsors: Sync README with website (ESLint Jenkins)
• 2e202ca Docs: fix links in array-callback-return (#12288) (Milos Djermanovic)
• e39c631 Docs: add example for CLIEngine#executeOnText 3rd arg (#12286) (Kai Cataldo)
• d4f9a16 Update: add support for JSXFragments in indent rule (fixes #12208) (#12210) (Kai Cataldo)
• c6af95f Sponsors: Sync README with website (ESLint Jenkins)
• 8cadd52 Sponsors: Sync README with website (ESLint Jenkins)
• f9fc695 Chore: enable default-param-last (#12244) (薛定谔的猫)
• 9984c3e Docs: Update README team and sponsors (ESLint Jenkins)

v6.4.0

• e915fff Docs: Improve examples and clarify default option (#12067) (Yuping Zuo)
• 540296f Update: enforceForClassMembers option to accessor-pairs (fixes #12063) (#12192) (Milos Djermanovic)
• d3c2334 Update: flag nested block with declaration as error (#12193) (David Waller)
• b2498d2 Update: Fix handling of property names in no-self-assign (#12105) (Milos Djermanovic)
• 1ee61b0 Update: enforceForClassMembers computed-property-spacing (fixes #12049) (#12214) (Milos Djermanovic)
• 520c922 Docs: Added naming convention details to plugin usage (#12202) (Henrique Barcelos)
• f826eab Fix: Allow line comment exception in object-curly-spacing (fixes #11902) (#12216) (Milos Djermanovic)
• db2a29b Update: indentation of comment followed by semicolon (fixes #12232) (#12243) (Kai Cataldo)
• ae17d1c Fix: no-sequences is reporting incorrect locations (#12241) (Milos Djermanovic)
• 365331a Fix: object-shorthand providing invalid fixes for typescript (#12260) (Brad Zacher)
• 1c921c6 New: add no-import-assign (fixes #12237) (#12252) (Toru Nagashima)
• 3be04fd New: Add prefer-regex-literals rule (fixes #12238) (#12254) (Milos Djermanovic) </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from eslint's changelog.

v6.5.1 - September 30, 2019

• 0d3d7d9 Docs: fix typo in no-magic-numbers (#12345) (Josiah Rooney)
• 447ac87 Fix: no-useless-rename handles ExperimentalRestProperty (fixes #12335) (#12339) (Kai Cataldo)
• b6ff73c Sponsors: Sync README with website (ESLint Jenkins)

v6.5.0 - September 29, 2019

• 73596cb Update: Add enforceForSwitchCase option to use-isnan (#12106) (Milos Djermanovic)
• d592a24 Fix: exclude \u000d so new line won't convert to text (fixes #12027) (#12031) (zamboney)
• e85d27a Fix: no-regex-spaces false positives and invalid autofix (fixes #12226) (#12231) (Milos Djermanovic)
• b349bf7 Fix: prefer-named-capture-group incorrect locations (fixes #12233) (#12247) (Milos Djermanovic)
• 7dc1ea9 Fix: no-useless-return autofix removes comments (#12292) (Milos Djermanovic)
• 0e68677 Fix: no-extra-bind autofix removes comments (#12293) (Milos Djermanovic)
• 6ad7e86 Fix: no-extra-label autofix removes comments (#12298) (Milos Djermanovic)
• acec201 Fix: no-undef-init autofix removes comments (#12299) (Milos Djermanovic)
• d89390b Fix: use async reading of stdin in bin/eslint.js (fixes #12212) (#12230) (Barrie Treloar)
• 334ca7c Update: no-useless-rename also reports default values (fixes #12301) (#12322) (Kai Cataldo)
• 41bfe91 Update: Fix handling of chained new expressions in new-parens (#12303) (Milos Djermanovic)
• 160b7c4 Chore: add autofix npm script (#12330) (Kai Cataldo)
• 04b6adb Chore: enable eslint-plugin-jsdoc (refs #11146) (#12332) (Kai Cataldo)
• 9b86167 Docs: Add new ES environments to Configuring ESLint (#12289) (Milos Djermanovic)
• c9aeab2 Docs: Add supported ECMAScript version to README (#12290) (Milos Djermanovic)
• 8316e7b Fix: no-useless-rename autofix removes comments (#12300) (Milos Djermanovic)
• 29c12f1 Chore: cache results in runtime-info (#12320) (Kai Cataldo)
• f5537b2 Fix: prefer-numeric-literals autofix removes comments (#12313) (Milos Djermanovic)
• 11ae6fc Update: Fix call, new and member expressions in no-extra-parens (#12302) (Milos Djermanovic)
• a7894eb New: add --env-info flag to CLI (#12270) (Kai Cataldo)
• 61392ff Sponsors: Sync README with website (ESLint Jenkins)
• 2c6bf8e Docs: English fix (#12306) (Daniel Nixon)
• 6f11877 Sponsors: Sync README with website (ESLint Jenkins)
• 2e202ca Docs: fix links in array-callback-return (#12288) (Milos Djermanovic)
• e39c631 Docs: add example for CLIEngine#executeOnText 3rd arg (#12286) (Kai Cataldo)
• d4f9a16 Update: add support for JSXFragments in indent rule (fixes #12208) (#12210) (Kai Cataldo)
• c6af95f Sponsors: Sync README with website (ESLint Jenkins)
• 8cadd52 Sponsors: Sync README with website (ESLint Jenkins)
• f9fc695 Chore: enable default-param-last (#12244) (薛定谔的猫)
• 9984c3e Docs: Update README team and sponsors (ESLint Jenkins)

v6.4.0 - September 13, 2019

• e915fff Docs: Improve examples and clarify default option (#12067) (Yuping Zuo)
• 540296f Update: enforceForClassMembers option to accessor-pairs (fixes #12063) (#12192) (Milos Djermanovic)
• d3c2334 Update: flag nested block with declaration as error (#12193) (David Waller)
• b2498d2 Update: Fix handling of property names in no-self-assign (#12105) (Milos Djermanovic)
• 1ee61b0 Update: enforceForClassMembers computed-property-spacing (fixes #12049) (#12214) (Milos Djermanovic)
• 520c922 Docs: Added naming convention details to plugin usage (#12202) (Henrique Barcelos)
• f826eab Fix: Allow line comment exception in object-curly-spacing (fixes #11902) (#12216) (Milos Djermanovic)
• db2a29b Update: indentation of comment followed by semicolon (fixes #12232) (#12243) (Kai Cataldo)
• ae17d1c Fix: no-sequences is reporting incorrect locations (#12241) (Milos Djermanovic) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• f150f7f 6.5.1
• 571307f Build: changelog update for 6.5.1
• 0d3d7d9 Docs: fix typo in no-magic-numbers (#12345)
• 447ac87 Fix: no-useless-rename handles ExperimentalRestProperty (fixes #12335) (#12339)
• b6ff73c Sponsors: Sync README with website
• 76fb571 6.5.0
• 7359a80 Build: changelog update for 6.5.0
• 73596cb Update: Add enforceForSwitchCase option to use-isnan (#12106)
• d592a24 Fix: exclude \u000d so new line won't convert to text (fixes #12027) (#12031)
• e85d27a Fix: no-regex-spaces false positives and invalid autofix (fixes #12226) (#12231)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps debian from testing-20190812 to testing-20190910.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps djangorestframework from 3.10.2 to 3.10.3. <details> <summary>Commits</summary>

• 89ac0a1 Version 3.10.3 (#6908)
• 4b30b32 Default OpenAPI version to the empty string (#6907)
• c0cf37e Update tutorial links (#6890)
• e57c150 Replaced 'TODO' hardcoded version info by a parameter with default '0.1.0' (#...
• b3f032f Fixed #6875 -- Made OpenAPI Schema operationId casing consistent. (#6876)
• 1cc4be4 Fixed min/max attributes for serializers.ListField (#6866)
• f8c1644 Add support for pagination in OpenAPI response schemas (#6867)
• ec1b141 Fixed typos (#6872)
• 5a8736a Handle 'None' return value of wait() properly during throttling. (#6837)
• a142467 Fixed incorrect OpenAPI response schema generation for a DELETE method in gen...
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.

Bumps sentry-sdk from 0.11.2 to 0.12.3. <details> <summary>Release notes</summary>

Sourced from sentry-sdk's releases.

0.12.3

• Various performance improvements to event sending.
• Avoid crashes when scope or hub is racy.
• Revert a change that broke applications using gevent and channels (in the same virtualenv, but different processes).
• Fix a bug that made the SDK crash on unicode in SQL.

0.12.2

• Fix a crash with ASGI (Django Channels) when the ASGI request type is neither HTTP nor Websockets.

0.12.1

• Temporarily remove sending of SQL parameters (as part of breadcrumbs or spans for APM) to Sentry to avoid memory consumption issues.

0.12.0

• Sentry now has a Discord server! Join the server to get involved into SDK development and ask questions.
• Fix a bug where the response object for httplib (or requests) was held onto for an unnecessarily long amount of time.
• APM: Add spans for more methods on subprocess.Popen objects.
• APM: Add spans for Django middlewares.
• APM: Add spans for ASGI requests.
• Automatically inject the ASGI middleware for Django Channels 2.0. This will break your Channels 2.0 application if it is running on Python 3.5 or 3.6 (while previously it would "only" leak a lot of memory for each ASGI request). Install aiocontextvars from PyPI to make it work again. </details> <details> <summary>Changelog</summary>

Sourced from sentry-sdk's changelog.

0.12.3

• Various performance improvements to event sending.
• Avoid crashes when scope or hub is racy.
• Revert a change that broke applications using gevent and channels (in the same virtualenv, but different processes).
• Fix a bug that made the SDK crash on unicode in SQL.

0.12.2

• Fix a crash with ASGI (Django Channels) when the ASGI request type is neither HTTP nor Websockets.

0.12.1

• Temporarily remove sending of SQL parameters (as part of breadcrumbs or spans for APM) to Sentry to avoid memory consumption issues.

0.12.0

• Sentry now has a Discord server! Join the server to get involved into SDK development and ask questions.
• Fix a bug where the response object for httplib (or requests) was held onto for an unnecessarily long amount of time.
• APM: Add spans for more methods on subprocess.Popen objects.
• APM: Add spans for Django middlewares.
• APM: Add spans for ASGI requests.
• Automatically inject the ASGI middleware for Django Channels 2.0. This will break your Channels 2.0 application if it is running on Python 3.5 or 3.6 (while previously it would "only" leak a lot of memory for each ASGI request). Install aiocontextvars from PyPI to make it work again. </details> <details> <summary>Commits</summary>

• 5346c8b release: 0.12.3
• b85bd7c doc: Changelog for 0.12.3
• b9df7f8 fix: Do not crash on unicode queries
• fa06bcb fix: Do not raise if channels could not be instrumented
• fb15e13 fix: Actually run tests for fast_serialize (#521)
• 3da615b ref: Remove serializer class (#518)
• de4afa9 fix: Swap method and URL
• 9659e4f fix: Fix sample dsn
• 33473b8 fix: Fix azure build
• fae46f6 fix: Avoid crashes when scope or hub is racy (#517)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps whitenoise from 4.1.3 to 4.1.4. <details> <summary>Changelog</summary>

Sourced from whitenoise's changelog.

v4.1.4

• Make tests more deterministic and easier to run outside of tox.
• Fix Fedora packaging issue.
• Use Black to format all code. </details> <details> <summary>Commits</summary>

• fb95c45 Release v4.1.4
• 4bb52af Support running tests with newer versions of requests
• 06f1369 Enforce Black code style in lint step
• 895f9ac Format entire codebase with Black
• 2e8ef77 Run lint step under Python 3.7
• 0ff5a91 Update utility script for Python 3 compatibility
• 2a64e7a Pin exact versions of test dependencies
• 1eb6f0a Pin the version of tox used in CI
• 5595618 Merge pull request #226 from therumbler/patch-1
• 454101e minor typo fix
• See full diff in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps pylint from 2.4.1 to 2.4.2. <details> <summary>Changelog</summary>

Sourced from pylint's changelog.

What's New in Pylint 2.4.2?

Release date: 2019-09-30

• ignored-modules can skip submodules. Close #3135

• self-assigning-variable skips class level assignments.

  Close #2930

• consider-using-sys-exit is exempted when exit() is imported from sys

  Close #3145

• Exempt annotated assignments without variable from class-variable-slots-conflict

  Close #3141

• Fix utils.is_error to account for functions returning early.

  This fixes a false negative with unused-variable which was no longer triggered when a function raised an exception as the last instruction, but the body of the function still had unused variables.

  Close #3028 </details> <details> <summary>Commits</summary>

• f7850aa Prepare 2.4.2
• 6198797 Pin mypy and typed-ast to fix the CI
• aa587ec Add the missing rc file for class_variable_slots_conflict
• 552fa8a Fix utils.is_error to account for functions returning early.
• 4ec293c Exempt annotated assignments without variable from ``class-variable-slots-con...
• 1d3b07a consider-using-sys-exit is exempted when exit() is imported from sys
• ae3d421 Pin astroid to the latest minor release
• 2777743 Rename attributes to prepare for the astroid dataclass transform
• fde732e Bump master to 2.4.2
• d8fae01 self-assigning-variable skips class level assignments.
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps docker from 4.0.2 to 4.1.0. <details> <summary>Release notes</summary>

Sourced from docker's releases.

4.1.0

List of PRs / issues for this release

Bugfixes

• Correct INDEX_URL logic in build.py _set_auth_headers
• Fix for empty auth keys in config.json

Features

• Add NetworkAttachmentConfig for service create/update

Miscellaneous

• Bump pytest to 4.3.1
• Adjust --platform tests for changes in docker engine
• Update credentials-helpers to v0.6.3 </details> <details> <summary>Commits</summary>

• 6649587 Merge pull request #2443 from docker/4.1.0-release
• 2bb08b3 Bump 4.1.0
• 88219c6 Bump pytest to 4.3.1
• bc89de6 Fix broken test due to BUSYBOX -> TEST_IMG rename
• 7c8264c Correctly reference SecretReference
• ec63237 Correctly reference ConfigReference
• 934072a Add NetworkAttachmentConfig type
• 0be550d Jenkinsfile: update python 3.6 -> 3.7
• 38fe398 Jenkinsfile: update API version matrix; set default to v1.40
• c88205c Amends the docs concerning multiple label filters
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps sentry-sdk from 0.12.2 to 0.12.3. <details> <summary>Release notes</summary>

Sourced from sentry-sdk's releases.

0.12.3

• Various performance improvements to event sending.
• Avoid crashes when scope or hub is racy.
• Revert a change that broke applications using gevent and channels (in the same virtualenv, but different processes).
• Fix a bug that made the SDK crash on unicode in SQL. </details> <details> <summary>Changelog</summary>

Sourced from sentry-sdk's changelog.

0.12.3

• Various performance improvements to event sending.
• Avoid crashes when scope or hub is racy.
• Revert a change that broke applications using gevent and channels (in the same virtualenv, but different processes).
• Fix a bug that made the SDK crash on unicode in SQL. </details> <details> <summary>Commits</summary>

• 5346c8b release: 0.12.3
• b85bd7c doc: Changelog for 0.12.3
• b9df7f8 fix: Do not crash on unicode queries
• fa06bcb fix: Do not raise if channels could not be instrumented
• fb15e13 fix: Actually run tests for fast_serialize (#521)
• 3da615b ref: Remove serializer class (#518)
• de4afa9 fix: Swap method and URL
• 9659e4f fix: Fix sample dsn
• 33473b8 fix: Fix azure build
• fae46f6 fix: Avoid crashes when scope or hub is racy (#517)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps parcel-bundler from 1.12.3 to 1.12.4. <details> <summary>Changelog</summary>

Sourced from parcel-bundler's changelog.

[1.12.4] - 2019-10-06

• BUG: postcss module generates wrong hashes Details
• Shake exports with pure property assignments Details
• Clear scope cache before crawling to fix scope hoisting classes Details
• Replace module.require in scope hoisting Details
• Define __esModule interop flag when requiring ES module from CommonJS Details
• Fix assigning to exports from inside a function in scope hoisting Details
• Added new parcel info command Details
• Fix Scope hoisting destructuring Details
• HMR update breaks in webworker Details
• Update dotenv-expand to allow overriding with falsy values Details
• bump chokidar to get a reload fix for linux Details
• Upgrading serialize-to-js from 1.1.1 to 3.0.0 Details
• Fix source map on CoffeeScript assets Details </details> <details> <summary>Commits</summary>

• d9ec7af Publish
• 430679c Update yarn.lock
• fe08980 fix source maps on coffeescript assets (#3423)
• dc393bf Fixes #3133 by upgrading serialize-to-js from 1.1.1 to 3.0.0 (#3451)
• 96119be Fix up misleading usage information (#3158)
• a92e9b2 bump chokidar to get a reload fix for linux (#2878)
• 75a891e Use uppercase for the first letter of the issue template (#3192)
• 6fbfe96 Update dotenv-expand to allow overriding of falsy values (#2971)
• 7ad25fd Fixes 3076: HMR update breaks in webworker due to window (and location.reload...
• 4b50182 Scope hoisting destructuring (#2742)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

Bumps beautifulsoup4 from 4.8.0 to 4.8.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

</details>

The restore command doesn't really work at the moment. What it should do is restore the latest backup to the current connected app, for the use-case where you want to bootstrap an app from backups.

Bumps django from 2.2.5 to 2.2.6. <details> <summary>Commits</summary>

• b0654fd [2.2.x] Bumped version for 2.2.6 release.
• e1a75db [2.2.x] Added release dates for 2.2.6, 2.1.13, and 1.11.25.
• 43c894f [2.2.x] Doc'd that migrate commmand accepts a unique migration name prefix.
• 4116b36 [2.2.x] Fixed #30597 -- Clarified how to unapply migrations.
• 1ac2f25 [2.2.x] Refs #30597 -- Added a warning about dependent apps when unapplying m...
• a6972e8 [2.2.x] Fixed #30216 -- Doc'd that BooleanField is no longer blank=True in Dj...
• b1eea8a [2.2.x] Fixed #27921 -- Clarified usage of make_aware() with is_dst argument.
• 38af257 [2.2.x] Fixed #30810 -- Fixed WatchmanReloaderTests.test_setting_timeout_from...
• 80d78fd [2.2.x] Documented admonition on when to use custom signals
• acc0d99 [2.2.x] Refs #30350 -- Doc'd support for range serialization in migrations.
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps pylint from 2.3.1 to 2.4.1. <details> <summary>Changelog</summary>

Sourced from pylint's changelog.

What's New in Pylint 2.4.1?

Release date: 2019-09-25

• Exempt type checking definitions defined in both clauses of a type checking guard

  Close #3127

• Exempt type checking definitions inside the type check guard

  In a7f236528bb3758886b97285a56f3f9ce5b13a99 we added basic support for emitting used-before-assignment if a variable was only defined inside a type checking guard (using TYPE_CHECKING variable from typing) Unfortunately that missed the case of using those type checking imports inside the guard itself, which triggered spurious used-before-assignment errors.

  Close #3119

• Require astroid >= 2.3 to avoid any compatibility issues.

What's New in Pylint 2.4.0?

Release date: 2019-09-24

• New check: import-outside-toplevel

  This check warns when modules are imported from places other than a module toplevel, e.g. inside a function or a class.

• Handle inference ambiguity for invalid-format-index

  Close #2752

• Removed Python 2 specific checks such as relative-import, invalid-encoded-data, missing-super-argument.

• Support forward references for function-redefined check.

  Close #2540

• Handle redefinitions in case of type checking imports.

  Close #2834

• Added a new check, consider-using-sys-exit </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• 5d2fbaf Prepare 2.4.1
• 3159b17 Exempt type checking definitions defined in both clauses of a type checking g...
• 2fa5d43 Exempt type checking definitions inside the type check guard
• 2600815 Require astroid >= 2.3
• fce8bff Try again to do a release
• 6775a00 use a token for travis releases
• 15209f6 Prepare release
• d9ed7d1 Simplify and improve the logic of consider-iterating-dictionary
• d23a16e Add regression test for old-division and floats. Close #3039
• 3e1f61d Squash multiple checks for special classes into a single function
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps whitenoise from 4.1.3 to 4.1.4. <details> <summary>Changelog</summary>

Sourced from whitenoise's changelog.

v4.1.4

• Make tests more deterministic and easier to run outside of tox.
• Fix Fedora packaging issue.
• Use Black to format all code. </details> <details> <summary>Commits</summary>

• fb95c45 Release v4.1.4
• 4bb52af Support running tests with newer versions of requests
• 06f1369 Enforce Black code style in lint step
• 895f9ac Format entire codebase with Black
• 2e8ef77 Run lint step under Python 3.7
• 0ff5a91 Update utility script for Python 3 compatibility
• 2a64e7a Pin exact versions of test dependencies
• 1eb6f0a Pin the version of tox used in CI
• 5595618 Merge pull request #226 from therumbler/patch-1
• 454101e minor typo fix
• See full diff in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps sentry-sdk from 0.11.2 to 0.12.2. <details> <summary>Release notes</summary>

Sourced from sentry-sdk's releases.

0.12.2

• Fix a crash with ASGI (Django Channels) when the ASGI request type is neither HTTP nor Websockets.

0.12.1

• Temporarily remove sending of SQL parameters (as part of breadcrumbs or spans for APM) to Sentry to avoid memory consumption issues.

0.12.0

• Sentry now has a Discord server! Join the server to get involved into SDK development and ask questions.
• Fix a bug where the response object for httplib (or requests) was held onto for an unnecessarily long amount of time.
• APM: Add spans for more methods on subprocess.Popen objects.
• APM: Add spans for Django middlewares.
• APM: Add spans for ASGI requests.
• Automatically inject the ASGI middleware for Django Channels 2.0. This will break your Channels 2.0 application if it is running on Python 3.5 or 3.6 (while previously it would "only" leak a lot of memory for each ASGI request). Install aiocontextvars from PyPI to make it work again. </details> <details> <summary>Changelog</summary>

Sourced from sentry-sdk's changelog.

0.12.2

• Fix a crash with ASGI (Django Channels) when the ASGI request type is neither HTTP nor Websockets.

0.12.1

• Temporarily remove sending of SQL parameters (as part of breadcrumbs or spans for APM) to Sentry to avoid memory consumption issues.

0.12.0

• Sentry now has a Discord server! Join the server to get involved into SDK development and ask questions.
• Fix a bug where the response object for httplib (or requests) was held onto for an unnecessarily long amount of time.
• APM: Add spans for more methods on subprocess.Popen objects.
• APM: Add spans for Django middlewares.
• APM: Add spans for ASGI requests.
• Automatically inject the ASGI middleware for Django Channels 2.0. This will break your Channels 2.0 application if it is running on Python 3.5 or 3.6 (while previously it would "only" leak a lot of memory for each ASGI request). Install aiocontextvars from PyPI to make it work again. </details> <details> <summary>Commits</summary>

• 7422b08 release: 0.12.2
• 2a4f06d doc: Changelog for 0.12.2
• 44c43a8 fix: Do not attempt to access headers for all asgi requests (#506)
• da399d6 Merge release/0.12.1 into master
• 79985b2 release: 0.12.1
• d7d63e3 doc: Changelog for 0.12.1
• 36b88ff fix: Do not capture SQL params for now (#503)
• 5731fa3 Merge release/0.12.0 into master
• 3667e2e release: 0.12.0
• 304d7f6 doc: Changelog for 0.12.0
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps @babel/runtime from 7.5.5 to 7.6.0. <details> <summary>Release notes</summary>

Sourced from @babel/runtime's releases.

v7.6.0 (2019-09-06)

:eyeglasses: Spec Compliance

• babel-generator, babel-parser
  • #10269 Fix parenthesis for nullish coalescing (@​vivek12345)
• babel-helpers, babel-plugin-transform-block-scoping, babel-traverse
  • #9498 Fix tdz checks in transform-block-scoping plugin (@​nicolo-ribaudo)

:rocket: New Feature

• babel-core
  • #10181 feat(errors): validate preset when filename is absent (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-private-methods
  • #10217 Class Private Static Accessors (@​tim-mc)
• babel-generator, babel-parser, babel-types
  • #10148 V8intrinsic syntax plugin (@​JLHwung)
• babel-preset-typescript
  • #10382 Allow setting 'allowNamespaces' in typescript preset (@​dsgkirkby)
• babel-parser
  • #10352 Do not register ambient classes to the TS scope (@​nicolo-ribaudo)
• babel-types
  • #10248 Add static to class property builder (@​yuri-karadzhov)

:bug: Bug Fix

• babel-helpers, babel-plugin-transform-destructuring, babel-plugin-transform-modules-commonjs, babel-preset-env
  • #10396 fix: early return when instance is not iterable (@​JLHwung)
• babel-plugin-transform-runtime
  • #10398 Add supports for polyfill computed methods (@​rhyzx)
• babel-preset-env
  • #10397 Don't polyfill when evaluation is not confident (@​rhyzx)
  • #10218 [preset-env] Include / exclude module plugins properly (@​AdamRamberg)
  • #10284 Replace es.string.reverse with es.array.reverse (@​epicfaace)
• babel-plugin-transform-named-capturing-groups-regex
  • #10395 fix: transform name capturing regex once (@​JLHwung)
• babel-types
  • #10098 fix typescript for babel-types (@​tanhauhau)
  • #10319 Add a builder definition including name for tsTypeParameter (@​deificx)
• babel-parser
  • #10380 Refactor trailing comment adjustment (@​banga)
  • #10369 Retain trailing comments in array expressions (@​banga)
  • #10292 fix: assign trailing comment to ObjectProperty only when inside an ObjectExpression (@​JLHwung)
• babel-parser, babel-types
  • #10366 Don't allow JSXNamespacedName to chain (@​jridgewell)
• babel-generator, babel-plugin-transform-typescript, babel-types
  • #10341 Add TSBigIntKeyword to @babel/types (@​nicolo-ribaudo)
• babel-core, babel-types
  • #9960 Do not delete "fake" source map comments from strings (@​nicolo-ribaudo)
• babel-plugin-transform-flow-comments
  • #10329 Fix flow comments plugin issues (@​zaygraveyard)
• babel-helpers, babel-plugin-transform-react-constant-elements </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from @babel/runtime's changelog.

v7.6.0 (2019-09-06)

:eyeglasses: Spec Compliance

• babel-generator, babel-parser
  • #10269 Fix parenthesis for nullish coalescing (@​vivek12345)
• babel-helpers, babel-plugin-transform-block-scoping, babel-traverse
  • #9498 Fix tdz checks in transform-block-scoping plugin (@​nicolo-ribaudo)

:rocket: New Feature

• babel-core
  • #10181 feat(errors): validate preset when filename is absent (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-private-methods
  • #10217 Class Private Static Accessors (@​tim-mc)
• babel-generator, babel-parser, babel-types
  • #10148 V8intrinsic syntax plugin (@​JLHwung)
• babel-preset-typescript
  • #10382 Allow setting 'allowNamespaces' in typescript preset (@​dsgkirkby)
• babel-parser
  • #10352 Do not register ambient classes to the TS scope (@​nicolo-ribaudo)
• babel-types
  • #10248 Add static to class property builder (@​yuri-karadzhov)

:bug: Bug Fix

• babel-helpers, babel-plugin-transform-destructuring, babel-plugin-transform-modules-commonjs, babel-preset-env
  • #10396 fix: early return when instance is not iterable (@​JLHwung)
• babel-plugin-transform-runtime
  • #10398 Add supports for polyfill computed methods (@​rhyzx)
• babel-preset-env
  • #10397 Don't polyfill when evaluation is not confident (@​rhyzx)
  • #10218 [preset-env] Include / exclude module plugins properly (@​AdamRamberg)
  • #10284 Replace es.string.reverse with es.array.reverse (@​epicfaace)
• babel-plugin-transform-named-capturing-groups-regex
  • #10395 fix: transform name capturing regex once (@​JLHwung)
• babel-types
  • #10098 fix typescript for babel-types (@​tanhauhau)
  • #10319 Add a builder definition including name for tsTypeParameter (@​deificx)
• babel-parser
  • #10380 Refactor trailing comment adjustment (@​banga)
  • #10369 Retain trailing comments in array expressions (@​banga)
  • #10292 fix: assign trailing comment to ObjectProperty only when inside an ObjectExpression (@​JLHwung)
• babel-parser, babel-types
  • #10366 Don't allow JSXNamespacedName to chain (@​jridgewell)
• babel-generator, babel-plugin-transform-typescript, babel-types
  • #10341 Add TSBigIntKeyword to @babel/types (@​nicolo-ribaudo)
• babel-core, babel-types
  • #9960 Do not delete "fake" source map comments from strings (@​nicolo-ribaudo)
• babel-plugin-transform-flow-comments
  • #10329 Fix flow comments plugin issues (@​zaygraveyard)
• babel-helpers, babel-plugin-transform-react-constant-elements
  • #10307 [fix] jsx helper calls order (@​Sinewyk) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• cbd5a26 v7.6.0
• 42e5974 Remove old uglify option
• 735abc0 Update lerna
• aa7678f Remove core-js from @babel/register. (#9847)
• b64cb9a fix: early return when instance is not iterable (#10396)
• 8da9d8b feat(errors): validate preset when filename is absent (#10181)
• 3e4889d Class Private Static Accessors (#10217)
• da0af5f V8intrinsic syntax plugin (#10148)
• b02e35c Fix parenthesis for nullish coalescing (#10269)
• 3e8a5c5 Use "validateLogs" for preset-env's debug fixtures (#10401)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps django-storages from 1.7.1 to 1.7.2. <details> <summary>Changelog</summary>

Sourced from django-storages's changelog.

1.7.2 (2019-09-10)

S3

• Avoid misleading AWS_DEFAULT_ACL warning for insecure default_acl when overridden as a class variable (#591)
• Propagate file deletion to cache when preload_metadata is True, (not the default) (#743, #749)
• Fix exception raised on closed file (common if using ManifestFilesMixin or collectstatic. (#382, #754)

Azure

• Pare down the required packages in extra_requires when installing the azure extra to only azure-storage-blob (#680, #684)
• Fix compatability with generate_blob_shared_access_signature updated signature (#705, #723)
• Fetching a file now uses the configured timeout rather than hardcoding one (#727)
• Add support for configuring all blobservice options: AZURE_EMULATED_MODE, AZURE_ENDPOINT_SUFFIX, AZURE_CUSTOM_DOMAIN, AZURE_CONNECTION_STRING, AZURE_CUSTOM_CONNECTION_STRING, AZURE_TOKEN_CREDENTIAL. See the docs for more info. Huge thanks once again to @​nitely. (#750)
• Fix filename handling to not strip special characters (#609, #752)

Google Cloud

• Set the file acl in the same call that uploads it (#698)
• Reduce the number of queries and required permissions when GS_AUTO_CREATE_BUCKET is False (the default) (#412, #718)
• Set the predefined_acl when creating a GoogleCloudFile using .write (#640, #756)
• Add GS_BLOB_CHUNK_SIZE setting to enable efficient uploading of large files (#757)

Dropbox

• Complete migration to v2 api with file fetching and metadata fixes (#724)
• Add DROPBOX_TIMEOUT to configure client timeout defaulting to 100 seconds to match the underlying sdk. (#419, #747)

SFTP

• Fix reopening a file (#746) </details> <details> <summary>Commits</summary>

• 7c7a299 Release version 1.7.2
• f9f6116 Update CHANGELOG with improvements for the new release
• 5d29ac6 Minor docs fixes
• 6237948 GoogleCloud: Add GS_BLOB_CHUNK_SIZE setting (#757)
• 4b7c278 GoogleCloud: Set predefined_acl when using file write operations (#756)
• 1cf9b59 S3Boto3: Fix ValueError I/O operation on closed file (#754)
• b1d8e82 Azure: remove unnecessary check (#753)
• 2fbaa70 Azure: improve handling of special characters in filenames (#752)
• c175abf Use tox configuration option "extras" (#751)
• 0951906 Azure: Support all blobstorage settings (#750)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Nice!! :tada:

Bumps eslint from 6.1.0 to 6.3.0. <details> <summary>Release notes</summary>

Sourced from eslint's releases.

v6.3.0

• 0acdefb Chore: refactor code (#12113) (James George)
• 52e2cf5 New: reportUnusedDisableDirectives in config (refs eslint/rfcs#22) (#12151) (Toru Nagashima)
• 020f952 Update: enforceForSequenceExpressions to no-extra-parens (fixes #11916) (#12142) (Milos Djermanovic)
• aab1b84 Fix: reset to the default color (#12174) (Ricardo Gobbo de Souza)
• 4009d39 Fix: yoda rule produces invalid autofix with preceding yield (#12166) (Milos Djermanovic)
• febb660 Fix: no-extra-boolean-cast invalid autofix with yield before negation (#12164) (Milos Djermanovic)
• 4c0b70b New: support TypeScript at config initializer (fixes #11789) (#12172) (Pig Fang)
• 94e39d9 Chore: use GitHub Actions (#12144) (Toru Nagashima)
• e88f305 Chore: support es2020 in fuzz (#12180) (薛定谔的猫)
• 00d2c5b Docs: corrected class extension example (#12176) (Marius M)
• 31e5428 Chore: Fix wrong error object keys in test files (#12162) (Milos Djermanovic)
• 197f443 Fix: func-name-matching crash on descriptor-like arguments (#12100) (Milos Djermanovic)
• 644ce33 Fix: no-self-assign false positive with rest and spread in array (#12099) (Milos Djermanovic)
• a81d263 Fix: fix message of function-paren-newline (#12136) (Pig Fang)
• 77f8ed1 Chore: update blogpost template (#12154) (Toru Nagashima)
• 6abc7b7 Docs: Document the exception in no-unsafe-negation (#12161) (Milos Djermanovic)

v6.2.2

• 0e0b784 Upgrade: espree@^6.1.1 (#12158) (Kevin Partington)
• 04e859f Sponsors: Sync README with website (ESLint Jenkins)
• 34783d1 Sponsors: Sync README with website (ESLint Jenkins)
• b809e72 Docs: Update README team and sponsors (ESLint Jenkins)

v6.2.1

• 8c021b5 Upgrade: eslint-utils 1.4.2 (#12131) (Toru Nagashima)
• e82388b Sponsors: Sync README with website (ESLint Jenkins)
• 4aeeeed Docs: update docs for ecmaVersion 2020 (#12120) (silverwind)
• 6886148 Docs: Add duplicate keys limitation to accessor-pairs (#12124) (Milos Djermanovic)

v6.2.0

• fee6acb Update: support bigint and dynamic import (refs #11803) (#11983) (Toru Nagashima)
• afd8012 New: noInlineConfig setting (refs eslint/rfcs#22) (#12091) (Toru Nagashima)
• 3d12378 Update: Fix accessor-pairs to enforce pairs per property in literals (#12062) (Milos Djermanovic)
• 8cd00b3 New: function-call-argument-newline (#12024) (finico)
• 30ebf92 Fix: prefer-template autofix produces syntax error with octal escapes (#12085) (Milos Djermanovic)
• 13c3988 Fix: Check literal type explicitly in dot-notation (#12095) (Milos Djermanovic)
• 3e5ceca Fix: Handle empty string property names in getFunctionNameWithKind (#12104) (Milos Djermanovic)
• 9a043ff Fix: no-duplicate-case false positives on Object.prototype keys (#12107) (Milos Djermanovic)
• fe631af Chore: minor typo fix (#12112) (James George)
• 4cb7877 Fix: fix no-extra-parens ignores some nodes (#11909) (Pig Fang)
• 2dc23b8 Update: fix no-dupe-keys false negatives on empty string names (#12069) (Milos Djermanovic)
• 19ab666 Fix: yoda exceptRange false positives on empty string property names (#12071) (Milos Djermanovic)
• d642150 Update: Check empty string property names in sort-keys (#12073) (Milos Djermanovic)
• acce6de Fix: class-methods-use-this reports 'undefined' names (#12103) (Milos Djermanovic)
• 92ec2cb Fix: Allow bind call with a single spread element in no-extra-bind (#12088) (Milos Djermanovic)
• bfdb0c9 Fix: no-extra-boolean-cast invalid autofix for Boolean() without args (#12076) (Milos Djermanovic)
• 34ccc0c Chore: Remove TDZ scope type condition from no-unused-vars (#12055) (Milos Djermanovic)
• 01d38ce Docs: Remove TDZ scope from the scope manager interface documentation (#12054) (Milos Djermanovic)
• 1aff8fc Update: warn about mixing ternary and logical operators (fixes #11704) (#12001) (Karthik Priyadarshan) </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from eslint's changelog.

v6.3.0 - August 30, 2019

• 0acdefb Chore: refactor code (#12113) (James George)
• 52e2cf5 New: reportUnusedDisableDirectives in config (refs eslint/rfcs#22) (#12151) (Toru Nagashima)
• 020f952 Update: enforceForSequenceExpressions to no-extra-parens (fixes #11916) (#12142) (Milos Djermanovic)
• aab1b84 Fix: reset to the default color (#12174) (Ricardo Gobbo de Souza)
• 4009d39 Fix: yoda rule produces invalid autofix with preceding yield (#12166) (Milos Djermanovic)
• febb660 Fix: no-extra-boolean-cast invalid autofix with yield before negation (#12164) (Milos Djermanovic)
• 4c0b70b New: support TypeScript at config initializer (fixes #11789) (#12172) (Pig Fang)
• 94e39d9 Chore: use GitHub Actions (#12144) (Toru Nagashima)
• e88f305 Chore: support es2020 in fuzz (#12180) (薛定谔的猫)
• 00d2c5b Docs: corrected class extension example (#12176) (Marius M)
• 31e5428 Chore: Fix wrong error object keys in test files (#12162) (Milos Djermanovic)
• 197f443 Fix: func-name-matching crash on descriptor-like arguments (#12100) (Milos Djermanovic)
• 644ce33 Fix: no-self-assign false positive with rest and spread in array (#12099) (Milos Djermanovic)
• a81d263 Fix: fix message of function-paren-newline (#12136) (Pig Fang)
• 77f8ed1 Chore: update blogpost template (#12154) (Toru Nagashima)
• 6abc7b7 Docs: Document the exception in no-unsafe-negation (#12161) (Milos Djermanovic)

v6.2.2 - August 23, 2019

• 0e0b784 Upgrade: espree@^6.1.1 (#12158) (Kevin Partington)
• 04e859f Sponsors: Sync README with website (ESLint Jenkins)
• 34783d1 Sponsors: Sync README with website (ESLint Jenkins)
• b809e72 Docs: Update README team and sponsors (ESLint Jenkins)

v6.2.1 - August 20, 2019

• 8c021b5 Upgrade: eslint-utils 1.4.2 (#12131) (Toru Nagashima)
• e82388b Sponsors: Sync README with website (ESLint Jenkins)
• 4aeeeed Docs: update docs for ecmaVersion 2020 (#12120) (silverwind)
• 6886148 Docs: Add duplicate keys limitation to accessor-pairs (#12124) (Milos Djermanovic)

v6.2.0 - August 18, 2019

• fee6acb Update: support bigint and dynamic import (refs #11803) (#11983) (Toru Nagashima)
• afd8012 New: noInlineConfig setting (refs eslint/rfcs#22) (#12091) (Toru Nagashima)
• 3d12378 Update: Fix accessor-pairs to enforce pairs per property in literals (#12062) (Milos Djermanovic)
• 8cd00b3 New: function-call-argument-newline (#12024) (finico)
• 30ebf92 Fix: prefer-template autofix produces syntax error with octal escapes (#12085) (Milos Djermanovic)
• 13c3988 Fix: Check literal type explicitly in dot-notation (#12095) (Milos Djermanovic)
• 3e5ceca Fix: Handle empty string property names in getFunctionNameWithKind (#12104) (Milos Djermanovic)
• 9a043ff Fix: no-duplicate-case false positives on Object.prototype keys (#12107) (Milos Djermanovic)
• fe631af Chore: minor typo fix (#12112) (James George)
• 4cb7877 Fix: fix no-extra-parens ignores some nodes (#11909) (Pig Fang)
• 2dc23b8 Update: fix no-dupe-keys false negatives on empty string names (#12069) (Milos Djermanovic)
• 19ab666 Fix: yoda exceptRange false positives on empty string property names (#12071) (Milos Djermanovic)
• d642150 Update: Check empty string property names in sort-keys (#12073) (Milos Djermanovic)
• acce6de Fix: class-methods-use-this reports 'undefined' names (#12103) (Milos Djermanovic)
• 92ec2cb Fix: Allow bind call with a single spread element in no-extra-bind (#12088) (Milos Djermanovic) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• 329e295 6.3.0
• 94180da Build: changelog update for 6.3.0
• 0acdefb Chore: refactor code (#12113)
• 52e2cf5 New: reportUnusedDisableDirectives in config (refs eslint/rfcs#22) (#12151)
• 020f952 Update: enforceForSequenceExpressions to no-extra-parens (fixes #11916) (#12142)
• aab1b84 Fix: reset to the default color (#12174)
• 4009d39 Fix: yoda rule produces invalid autofix with preceding yield (#12166)
• febb660 Fix: no-extra-boolean-cast invalid autofix with yield before negation (#12164)
• 4c0b70b New: support TypeScript at config initializer (fixes #11789) (#12172)
• 94e39d9 Chore: use GitHub Actions (#12144)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps @babel/core from 7.5.5 to 7.6.0. <details> <summary>Release notes</summary>

Sourced from @babel/core's releases.

v7.6.0 (2019-09-06)

:eyeglasses: Spec Compliance

• babel-generator, babel-parser
  • #10269 Fix parenthesis for nullish coalescing (@​vivek12345)
• babel-helpers, babel-plugin-transform-block-scoping, babel-traverse
  • #9498 Fix tdz checks in transform-block-scoping plugin (@​nicolo-ribaudo)

:rocket: New Feature

• babel-core
  • #10181 feat(errors): validate preset when filename is absent (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-private-methods
  • #10217 Class Private Static Accessors (@​tim-mc)
• babel-generator, babel-parser, babel-types
  • #10148 V8intrinsic syntax plugin (@​JLHwung)
• babel-preset-typescript
  • #10382 Allow setting 'allowNamespaces' in typescript preset (@​dsgkirkby)
• babel-parser
  • #10352 Do not register ambient classes to the TS scope (@​nicolo-ribaudo)
• babel-types
  • #10248 Add static to class property builder (@​yuri-karadzhov)

:bug: Bug Fix

• babel-helpers, babel-plugin-transform-destructuring, babel-plugin-transform-modules-commonjs, babel-preset-env
  • #10396 fix: early return when instance is not iterable (@​JLHwung)
• babel-plugin-transform-runtime
  • #10398 Add supports for polyfill computed methods (@​rhyzx)
• babel-preset-env
  • #10397 Don't polyfill when evaluation is not confident (@​rhyzx)
  • #10218 [preset-env] Include / exclude module plugins properly (@​AdamRamberg)
  • #10284 Replace es.string.reverse with es.array.reverse (@​epicfaace)
• babel-plugin-transform-named-capturing-groups-regex
  • #10395 fix: transform name capturing regex once (@​JLHwung)
• babel-types
  • #10098 fix typescript for babel-types (@​tanhauhau)
  • #10319 Add a builder definition including name for tsTypeParameter (@​deificx)
• babel-parser
  • #10380 Refactor trailing comment adjustment (@​banga)
  • #10369 Retain trailing comments in array expressions (@​banga)
  • #10292 fix: assign trailing comment to ObjectProperty only when inside an ObjectExpression (@​JLHwung)
• babel-parser, babel-types
  • #10366 Don't allow JSXNamespacedName to chain (@​jridgewell)
• babel-generator, babel-plugin-transform-typescript, babel-types
  • #10341 Add TSBigIntKeyword to @babel/types (@​nicolo-ribaudo)
• babel-core, babel-types
  • #9960 Do not delete "fake" source map comments from strings (@​nicolo-ribaudo)
• babel-plugin-transform-flow-comments
  • #10329 Fix flow comments plugin issues (@​zaygraveyard)
• babel-helpers, babel-plugin-transform-react-constant-elements </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from @babel/core's changelog.

v7.6.0 (2019-09-06)

:eyeglasses: Spec Compliance

• babel-generator, babel-parser
  • #10269 Fix parenthesis for nullish coalescing (@​vivek12345)
• babel-helpers, babel-plugin-transform-block-scoping, babel-traverse
  • #9498 Fix tdz checks in transform-block-scoping plugin (@​nicolo-ribaudo)

:rocket: New Feature

• babel-core
  • #10181 feat(errors): validate preset when filename is absent (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-private-methods
  • #10217 Class Private Static Accessors (@​tim-mc)
• babel-generator, babel-parser, babel-types
  • #10148 V8intrinsic syntax plugin (@​JLHwung)
• babel-preset-typescript
  • #10382 Allow setting 'allowNamespaces' in typescript preset (@​dsgkirkby)
• babel-parser
  • #10352 Do not register ambient classes to the TS scope (@​nicolo-ribaudo)
• babel-types
  • #10248 Add static to class property builder (@​yuri-karadzhov)

:bug: Bug Fix

• babel-helpers, babel-plugin-transform-destructuring, babel-plugin-transform-modules-commonjs, babel-preset-env
  • #10396 fix: early return when instance is not iterable (@​JLHwung)
• babel-plugin-transform-runtime
  • #10398 Add supports for polyfill computed methods (@​rhyzx)
• babel-preset-env
  • #10397 Don't polyfill when evaluation is not confident (@​rhyzx)
  • #10218 [preset-env] Include / exclude module plugins properly (@​AdamRamberg)
  • #10284 Replace es.string.reverse with es.array.reverse (@​epicfaace)
• babel-plugin-transform-named-capturing-groups-regex
  • #10395 fix: transform name capturing regex once (@​JLHwung)
• babel-types
  • #10098 fix typescript for babel-types (@​tanhauhau)
  • #10319 Add a builder definition including name for tsTypeParameter (@​deificx)
• babel-parser
  • #10380 Refactor trailing comment adjustment (@​banga)
  • #10369 Retain trailing comments in array expressions (@​banga)
  • #10292 fix: assign trailing comment to ObjectProperty only when inside an ObjectExpression (@​JLHwung)
• babel-parser, babel-types
  • #10366 Don't allow JSXNamespacedName to chain (@​jridgewell)
• babel-generator, babel-plugin-transform-typescript, babel-types
  • #10341 Add TSBigIntKeyword to @babel/types (@​nicolo-ribaudo)
• babel-core, babel-types
  • #9960 Do not delete "fake" source map comments from strings (@​nicolo-ribaudo)
• babel-plugin-transform-flow-comments
  • #10329 Fix flow comments plugin issues (@​zaygraveyard)
• babel-helpers, babel-plugin-transform-react-constant-elements
  • #10307 [fix] jsx helper calls order (@​Sinewyk) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• cbd5a26 v7.6.0
• 42e5974 Remove old uglify option
• 735abc0 Update lerna
• aa7678f Remove core-js from @babel/register. (#9847)
• b64cb9a fix: early return when instance is not iterable (#10396)
• 8da9d8b feat(errors): validate preset when filename is absent (#10181)
• 3e4889d Class Private Static Accessors (#10217)
• da0af5f V8intrinsic syntax plugin (#10148)
• b02e35c Fix parenthesis for nullish coalescing (#10269)
• 3e8a5c5 Use "validateLogs" for preset-env's debug fixtures (#10401)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Thank you for the reminder to fix this! Deploying now, and all caches should be cleared in an hour or so...

https://arxiv.org/help/email-protection

We do obfuscate with Cloudflare, but that doesn't protect against just rendering the page in a browser. We could just strip emails entirely.

@wonjininfo Looks like the latest version of your paper doesn't have latex source, so I've re-rendered and I accidentally fixed the problem. 😂

In the meantime I will have a go at filtering out email addresses from all other papers. I think it is unexpected behaviour -- an email address in a PDF feels safer from spammers somehow.

@wonjininfo Ah – this is a tough one because it shows up in an error message! Hmm. Let me see if I can write a regexp to filter out email addresses. If not I might have to disable your paper completely, if you don't mind...

Bumps sentry-sdk from 0.10.2 to 0.11.2. <details> <summary>Release notes</summary>

Sourced from sentry-sdk's releases.

0.11.2

• Fix a bug where the SDK would throw an exception on shutdown when running under eventlet.
• Add missing data to Redis breadcrumbs.

0.11.1

• Remove a faulty assertion (observed in environment with Django Channels and ASGI).

0.11.0

• Fix type hints for the logging integration. Thansk Steven Dignam!
• Fix an issue where scope/context data would leak in applications that use gevent with its threading monkeypatch. The fix is to avoid usage of contextvars in such environments. Thanks Ran Benita!
• Fix a reference cycle in the ThreadingIntegration that led to exceptions on interpreter shutdown. Thanks Guang Tian Li!
• Fix a series of bugs in the stdlib integration that broke usage of subprocess.
• More instrumentation for APM.
• New integration for SQLAlchemy (creates breadcrumbs from queries).
• New (experimental) integration for Apache Beam.
• Fix a bug in the LoggingIntegration that would send breadcrumbs timestamps in the wrong timezone.
• The AiohttpIntegration now sets the event's transaction name.
• Fix a bug that caused infinite recursion when serializing local variables that logged errors or otherwise created Sentry events. </details> <details> <summary>Changelog</summary>

Sourced from sentry-sdk's changelog.

0.11.2

• Fix a bug where the SDK would throw an exception on shutdown when running under eventlet.
• Add missing data to Redis breadcrumbs.

0.11.1

• Remove a faulty assertion (observed in environment with Django Channels and ASGI).

0.11.0

• Fix type hints for the logging integration. Thansk Steven Dignam!
• Fix an issue where scope/context data would leak in applications that use gevent with its threading monkeypatch. The fix is to avoid usage of contextvars in such environments. Thanks Ran Benita!
• Fix a reference cycle in the ThreadingIntegration that led to exceptions on interpreter shutdown. Thanks Guang Tian Li!
• Fix a series of bugs in the stdlib integration that broke usage of subprocess.
• More instrumentation for APM.
• New integration for SQLAlchemy (creates breadcrumbs from queries).
• New (experimental) integration for Apache Beam.
• Fix a bug in the LoggingIntegration that would send breadcrumbs timestamps in the wrong timezone.
• The AiohttpIntegration now sets the event's transaction name.
• Fix a bug that caused infinite recursion when serializing local variables that logged errors or otherwise created Sentry events. </details> <details> <summary>Commits</summary>

• 5f9f7c4 release: 0.11.2
• 9f64c04 doc: Add more changelog entries
• fb9135d fix: Add breadcrumb description (#489)
• fff3f5a doc: Changelog for 0.11.2
• cdee59c fix: Do not store modules in transaction events (#490)
• 87e5749 fix(transport): Detect eventlet's Queue monkeypatch and work around it (#484)
• ebc00b2 test(django): Add tests for permission denied handling (#482)
• 1042ecb build(deps): bump werkzeug from 0.14.1 to 0.15.3 (#477)
• 2dc260c fix: Add more stuff to integrations checklist
• de97048 Merge release/0.11.1 into master
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps django from 1.11.22 to 1.11.23. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary>

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.

Affected versions: >= 1.11.0, < 1.11.23

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.

Affected versions: >= 1.11.0, < 1.11.23

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.

Affected versions: >= 1.11.0, < 1.11.23

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects django An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.

Affected versions: >= 1.11.0, < 1.11.23

</details> <details> <summary>Commits</summary>

• 9748977 [1.11.x] Bumped version for 1.11.23 release.
• 869b34e [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django....
• ed682a2 [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and inde...
• 52479ac [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ...
• 42a66e9 [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ...
• 693046e [1.11.x] Added stub release notes for security releases.
• 6d054b5 [1.11.x] Added CVE-2019-12781 to the security release archive.
• 7c849b9 [1.11.x] Post-release version bump.
• See full diff in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps django from 2.2.4 to 2.2.5. <details> <summary>Commits</summary>

• ce97960 [2.2.x] Bumped version for 2.2.5 release.
• 8514c6f [2.2.x] Updated man page for Django 2.2.
• 4ed59db [2.2.x] Added release dates for 2.2.5, 2.1.12, and 1.11.24.
• 11cdfb3 [2.2.x] Fixed #30738 -- Fixed typo in docs/ref/forms/widgets.txt.
• 16e5e8f [2.2.x] Fixed #30733 -- Doc'd that datetime lookups require time zone definit...
• 6402855 [2.2.x] Fixed #30500 -- Fixed race condition in loading URLconf module.
• 6c17b86 [2.2.x] Doc'd for_save argument of Expression.resolve_expression().
• 56f7a62 [2.2.x] Fixed typo in docs/ref/applications.txt.
• 9b7c5a9 [2.2.x] Fixed broken links and redirects in documentation.
• 0dc3ad1 [2.2.x] Fixed #30695 -- Used relative path in default_storage docs example.
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps sentry-sdk from 0.10.2 to 0.11.2. <details> <summary>Release notes</summary>

Sourced from sentry-sdk's releases.

0.11.2

• Fix a bug where the SDK would throw an exception on shutdown when running under eventlet.
• Add missing data to Redis breadcrumbs.

0.11.1

• Remove a faulty assertion (observed in environment with Django Channels and ASGI).

0.11.0

• Fix type hints for the logging integration. Thansk Steven Dignam!
• Fix an issue where scope/context data would leak in applications that use gevent with its threading monkeypatch. The fix is to avoid usage of contextvars in such environments. Thanks Ran Benita!
• Fix a reference cycle in the ThreadingIntegration that led to exceptions on interpreter shutdown. Thanks Guang Tian Li!
• Fix a series of bugs in the stdlib integration that broke usage of subprocess.
• More instrumentation for APM.
• New integration for SQLAlchemy (creates breadcrumbs from queries).
• New (experimental) integration for Apache Beam.
• Fix a bug in the LoggingIntegration that would send breadcrumbs timestamps in the wrong timezone.
• The AiohttpIntegration now sets the event's transaction name.
• Fix a bug that caused infinite recursion when serializing local variables that logged errors or otherwise created Sentry events. </details> <details> <summary>Changelog</summary>

Sourced from sentry-sdk's changelog.

0.11.2

• Fix a bug where the SDK would throw an exception on shutdown when running under eventlet.
• Add missing data to Redis breadcrumbs.

0.11.1

• Remove a faulty assertion (observed in environment with Django Channels and ASGI).

0.11.0

• Fix type hints for the logging integration. Thansk Steven Dignam!
• Fix an issue where scope/context data would leak in applications that use gevent with its threading monkeypatch. The fix is to avoid usage of contextvars in such environments. Thanks Ran Benita!
• Fix a reference cycle in the ThreadingIntegration that led to exceptions on interpreter shutdown. Thanks Guang Tian Li!
• Fix a series of bugs in the stdlib integration that broke usage of subprocess.
• More instrumentation for APM.
• New integration for SQLAlchemy (creates breadcrumbs from queries).
• New (experimental) integration for Apache Beam.
• Fix a bug in the LoggingIntegration that would send breadcrumbs timestamps in the wrong timezone.
• The AiohttpIntegration now sets the event's transaction name.
• Fix a bug that caused infinite recursion when serializing local variables that logged errors or otherwise created Sentry events. </details> <details> <summary>Commits</summary>

• 5f9f7c4 release: 0.11.2
• 9f64c04 doc: Add more changelog entries
• fb9135d fix: Add breadcrumb description (#489)
• fff3f5a doc: Changelog for 0.11.2
• cdee59c fix: Do not store modules in transaction events (#490)
• 87e5749 fix(transport): Detect eventlet's Queue monkeypatch and work around it (#484)
• ebc00b2 test(django): Add tests for permission denied handling (#482)
• 1042ecb build(deps): bump werkzeug from 0.14.1 to 0.15.3 (#477)
• 2dc260c fix: Add more stuff to integrations checklist
• de97048 Merge release/0.11.1 into master
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps sass-loader from 7.2.0 to 8.0.0. <details> <summary>Release notes</summary>

Sourced from sass-loader's releases.

v8.0.0

⚠ BREAKING CHANGES

• minimum required webpack version is 4.36.0
• minimum required node.js version is 8.9.0
• move all sass (includePaths, importer, functions) options to the sassOptions option. The functions option can't be used as Function, you should use sassOption as Function to achieve this.
• the data option was renamed to the prependData option
• default value of the sourceMap option depends on the devtool value (eval/false values don't enable source map generation)

Features

• automatically use the fibers package if it is possible (#744) (96184e1)
• source map generation depends on the devtool option (#743) (fcea88e)
• validate loader options (#737) (7b543fc)
• reworked error handling from node-sass/sass
• improve resolution for @import (including support _index and index files in a directory)

Bug Fixes

• compatibility with pnp

v7.3.1

7.3.1 (2019-08-20)

Bug Fixes

• minimum node version in package.json (#733) (1175920)

v7.3.0

7.3.0 (2019-08-20)

Bug Fixes

• handle module import ending / as module (#728) (997a255)
• resolution algorithm (#720) (0e94940)
• use "compressed" output when mode is "production" (#723) (b2af379)

Features

• webpackImporter option (#732) (6f4ea37) </details> <details> <summary>Changelog</summary>

Sourced from sass-loader's changelog.

8.0.0 (2019-08-29)

⚠ BREAKING CHANGES

• minimum required webpack version is 4.36.0
• minimum required node.js version is 8.9.0
• move all sass (includePaths, importer, functions) options to the sassOptions option. The functions option can't be used as Function, you should use sassOption as Function to achieve this.
• the data option was renamed to the prependData option
• default value of the sourceMap option depends on the devtool value (eval/false values don't enable source map generation)

Features

• automatically use the fibers package if it is possible (#744) (96184e1)
• source map generation depends on the devtool option (#743) (fcea88e)
• validate loader options (#737) (7b543fc)
• reworked error handling from node-sass/sass
• improve resolution for @import (including support _index and index files in a directory)

Bug Fixes

• compatibility with pnp

7.3.1 (2019-08-20)

Bug Fixes

• minimum node version in package.json (#733) (1175920)

7.3.0 (2019-08-20)

Bug Fixes

• handle module import ending / as module (#728) (997a255)
• resolution algorithm (#720) (0e94940)
• use "compressed" output when mode is "production" (#723) (b2af379)

Features

• webpackImporter option (#732) (6f4ea37)

<a name="7.2.0"></a> </details> <details> <summary>Commits</summary>

• aa9b53b chore(release): 8.0.0
• 45ad0be chore: next (#748)
• 194fea4 chore(release): 7.3.1
• 1175920 fix: minimum node version in package.json (#733)
• a3ac649 chore(release): 7.3.0
• 6f4ea37 feat: webpackImporter option (#732)
• 0330253 docs: standardize readme (#730)
• 997a255 fix: handle module import ending / as module (#728)
• 071fa88 test: alias on directory with _index file (#727)
• 6be93c8 test: import without quotes (#726)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps eslint-utils from 1.3.1 to 1.4.2. This update includes a security fix. <details> <summary>Vulnerabilities fixed</summary>

Sourced from The GitHub Security Advisory Database.

Critical severity vulnerability that affects eslint-utils

'getStaticValue' function can execute arbitrary code

Impact

getStaticValue function can execute arbitrary code.

Patches

This problem has been patched in 1.4.1. Please update eslint-utils.

Workarounds

Don't use getStaticValue function, getStringIfConstant function, and getPropertyName function.

For more information

If you have any questions or comments about this advisory:

• Open an issue in eslint-utils

Affected versions: >= 1.2.0 < 1.4.1

</details> <details> <summary>Commits</summary>

• 4e1bc07 1.4.2
• e4cb014 🐛 add null test
• 230a4e2 1.4.1
• 08158db 🐛 fix getStaticValue security issue
• 587cca2 🐛 fix getStringIfConstant to handle literals correctly
• c119e83 🐛 fix getStaticValue to handle bigint correctly
• 531b16f 🔖 1.4.0
• 276303d ⚒ upgrade rollup
• cb518c7 🐛 fix hasSideEffect false negative
• aac472e 🐛 fix isParenthesized had false positive on ImportExpression (fixes #1)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps dotenv from 8.0.0 to 8.1.0. <details> <summary>Changelog</summary>

Sourced from dotenv's changelog.

8.1.0 (2019-08-18)

⚠ BREAKING CHANGES

• dropping Node v6 support because end-of-life

• Drop support for Node v6 (#392) (2e9636a), closes #392 </details> <details> <summary>Commits</summary>

• 349ff7b chore(release): 8.1.0
• e4aa64d Upgrade dependencies (#416)
• 52fe318 Parse \r and \r\n line endings (#414)
• eba176b chore(release): 8.0.0
• See full diff in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Bumps jest from 24.8.0 to 24.9.0. <details> <summary>Release notes</summary>

Sourced from jest's releases.

24.9.0

Features

• [expect] Highlight substring differences when matcher fails, part 1 (#8448)
• [expect] Highlight substring differences when matcher fails, part 2 (#8528)
• [expect] Improve report when mock-spy matcher fails, part 1 (#8640)
• [expect] Improve report when mock-spy matcher fails, part 2 (#8649)
• [expect] Improve report when mock-spy matcher fails, part 3 (#8697)
• [expect] Improve report when mock-spy matcher fails, part 4 (#8710)
• [expect] Throw matcher error when received cannot be jasmine spy (#8747)
• [expect] Improve report when negative CalledWith assertion fails (#8755)
• [expect] Improve report when positive CalledWith assertion fails (#8771)
• [expect] Display equal values for ReturnedWith similar to CalledWith (#8791)
• [expect, jest-snapshot] Change color from green for some args in matcher hints (#8812)
• [jest-snapshot] Highlight substring differences when matcher fails, part 3 (#8569)
• [jest-core] Improve report when snapshots are obsolete (#8448)
• [jest-cli] Improve chai support (with detailed output, to match jest exceptions) (#8454)
• [*] Manage the global timeout with --testTimeout command line argument. (#8456)
• [pretty-format] Render custom displayName of memoized components
• [jest-validate] Allow maxWorkers as part of the jest.config.js (#8565)
• [jest-runtime] Allow passing configuration objects to transformers (#7288)
• [@jest/core, @jest/test-sequencer] Support async sort in custom testSequencer (#8642)
• [jest-runtime, @jest/fake-timers] Add jest.advanceTimersToNextTimer (#8713)
• [@​jest-transform] Extract transforming require logic within jest-core into @jest-transform (#8756)
• [jest-matcher-utils] Add color options to matcherHint (#8795)
• [jest-circus/jest-jasmine2] Give clearer output for Node assert errors (#8792)
• [jest-runner] Export all types in the type signature of jest-runner (#8825)`

Fixes

• [jest-cli] Detect side-effect only imports when running --onlyChanged or --changedSince (#8670)
• [jest-cli] Allow --maxWorkers to work with % input again (#8565)
• [babel-plugin-jest-hoist] Expand list of whitelisted globals in global mocks (#8429
• [jest-core] Make watch plugin initialization errors look nice (#8422)
• [jest-snapshot] Prevent inline snapshots from drifting when inline snapshots are updated (#8492)
• [jest-haste-map] Don't throw on missing mapper in Node crawler (#8558)
• [jest-core] Fix incorrect passWithNoTests warning (#8595)
• [jest-snapshots] Fix test retries that contain snapshots (#8629)
• [jest-mock] Fix incorrect assignments when restoring mocks in instances where they originally didn't exist (#8631)
• [expect] Fix stack overflow when matching objects with circular references (#8687)
• [jest-haste-map] Workaround a node >=12.5.0 bug that causes the process not to exit after tests have completed and cancerous memory growth (#8787)

Chore & Maintenance

• [jest-leak-detector] remove code repeat (#8438
• [docs] Add example to jest.requireActual (#8482
• [docs] Add example to jest.mock for mocking ES6 modules with the factory parameter (#8550)
• [docs] Add information about using jest.doMock with ES6 imports (#8573)
• [docs] Fix variable name in custom-matcher-api code example (#8582)
• [docs] Fix example used in custom environment docs (#8617) </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from jest's changelog.

24.9.0

Features

• [expect] Highlight substring differences when matcher fails, part 1 (#8448)
• [expect] Highlight substring differences when matcher fails, part 2 (#8528)
• [expect] Improve report when mock-spy matcher fails, part 1 (#8640)
• [expect] Improve report when mock-spy matcher fails, part 2 (#8649)
• [expect] Improve report when mock-spy matcher fails, part 3 (#8697)
• [expect] Improve report when mock-spy matcher fails, part 4 (#8710)
• [expect] Throw matcher error when received cannot be jasmine spy (#8747)
• [expect] Improve report when negative CalledWith assertion fails (#8755)
• [expect] Improve report when positive CalledWith assertion fails (#8771)
• [expect] Display equal values for ReturnedWith similar to CalledWith (#8791)
• [expect, jest-snapshot] Change color from green for some args in matcher hints (#8812)
• [jest-snapshot] Highlight substring differences when matcher fails, part 3 (#8569)
• [jest-core] Improve report when snapshots are obsolete (#8448)
• [jest-cli] Improve chai support (with detailed output, to match jest exceptions) (#8454)
• [*] Manage the global timeout with --testTimeout command line argument. (#8456)
• [pretty-format] Render custom displayName of memoized components
• [jest-validate] Allow maxWorkers as part of the jest.config.js (#8565)
• [jest-runtime] Allow passing configuration objects to transformers (#7288)
• [@jest/core, @jest/test-sequencer] Support async sort in custom testSequencer (#8642)
• [jest-runtime, @jest/fake-timers] Add jest.advanceTimersToNextTimer (#8713)
• [@​jest-transform] Extract transforming require logic within jest-core into @jest-transform (#8756)
• [jest-matcher-utils] Add color options to matcherHint (#8795)
• [jest-circus/jest-jasmine2] Give clearer output for Node assert errors (#8792)
• [jest-runner] Export all types in the type signature of jest-runner (#8825)`

Fixes

• [jest-cli] Detect side-effect only imports when running --onlyChanged or --changedSince (#8670)
• [jest-cli] Allow --maxWorkers to work with % input again (#8565)
• [babel-plugin-jest-hoist] Expand list of whitelisted globals in global mocks (#8429
• [jest-core] Make watch plugin initialization errors look nice (#8422)
• [jest-snapshot] Prevent inline snapshots from drifting when inline snapshots are updated (#8492)
• [jest-haste-map] Don't throw on missing mapper in Node crawler (#8558)
• [jest-core] Fix incorrect passWithNoTests warning (#8595)
• [jest-snapshots] Fix test retries that contain snapshots (#8629)
• [jest-mock] Fix incorrect assignments when restoring mocks in instances where they originally didn't exist (#8631)
• [expect] Fix stack overflow when matching objects with circular references (#8687)
• [jest-haste-map] Workaround a node >=12.5.0 bug that causes the process not to exit after tests have completed and cancerous memory growth (#8787)

Chore & Maintenance

• [jest-leak-detector] remove code repeat (#8438
• [docs] Add example to jest.requireActual (#8482
• [docs] Add example to jest.mock for mocking ES6 modules with the factory parameter (#8550)
• [docs] Add information about using jest.doMock with ES6 imports (#8573)
• [docs] Fix variable name in custom-matcher-api code example (#8582) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• 3cdbd55 Release 24.9.0
• 9ad0f4b Workaround a node >=12.5.0 bug that causes the process not to exit after test...
• 4df0070 Add timeout to prevent notifier from locking CPU on MacOS (#8831)
• 3ab2fc1 chore: export types from jest-runner (#8825)
• d610c9a chore: Delete obsolete link and simplify structure in pretty-format README (#...
• abb760a feat: add sync way of requiring and transpiling module (#8808)
• 0d48344 chore: Check copyright and license as one joined substring (#8815)
• 9406708 expect, jest-snapshot: Change color from green for some args in matcher hints...
• 86e73f5 chore: enforce LF line endings (#8809)
• d9b43a8 remove unreleased --testTimeout feature from versioned_docs (#8811)
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

I'll set up pingdom to force render a paper so we actually hear about this...

Hmm thanks. Not sure why that cron job is broken again.