profile
viewpoint

PR opened hamza-makraz/laravel-web-starter

Bump symfony/mime from 4.3.3 to 4.4.1

Bumps symfony/mime from 4.3.3 to 4.4.1. <details> <summary>Changelog</summary>

Sourced from symfony/mime's changelog.

CHANGELOG

4.4.0

  • [BC BREAK] Removed NamedAddress (Address now supports a name)
  • Added PHPUnit constraints
  • Added AbstractPart::asDebugString()
  • Added Address::fromString() </details> <details> <summary>Commits</summary>
  • 010cc48 bug #34032 [Mime] Fixing multidimensional array structure with FormDataPart (...
  • 89da7b6 Merge branch '4.3' into 4.4
  • 22aecf6 [Mime] fix guessing mime-types of files with leading dash
  • bf6913d Merge branch '4.3' into 4.4
  • 3c0e197 [4.3] Remove unused local variables
  • 86fe792 minor #33963 Add .gitignore to .gitattributes (reedy)
  • 51d5b0e Changing the multipart form-data behavior to use the form name as an array, w...
  • ae5a66b Merge branch '4.3' into 4.4
  • a6b152c Merge branch '3.4' into 4.3
  • 592a01c Add Message-Id to SentMessage when sending an email
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+59 -56

0 comment

1 changed file

pr created time in a few seconds

create barnchhamza-makraz/laravel-web-starter

branch : dependabot/composer/symfony/mime-4.4.1

created branch time in a few seconds

create barnchmiahmdrubel/OnlineMedicalShop

branch : dependabot/npm_and_yarn/axios-0.19.0

created branch time in a few seconds

PR opened hamza-makraz/laravel-web-starter

Bump symfony/http-foundation from 4.3.3 to 4.4.1

Bumps symfony/http-foundation from 4.3.3 to 4.4.1. <details> <summary>Changelog</summary>

Sourced from symfony/http-foundation's changelog.

CHANGELOG

5.1.0

  • Deprecate Response::create(), JsonResponse::create(), RedirectResponse::create(), and StreamedResponse::create() methods (use __construct() instead)

5.0.0

  • made Cookie auto-secure and lax by default
  • removed classes in the MimeType namespace, use the Symfony Mime component instead
  • removed method UploadedFile::getClientSize() and the related constructor argument
  • made Request::getSession() throw if the session has not been set before
  • removed Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL
  • passing a null url when instantiating a RedirectResponse is not allowed

4.4.0

  • passing arguments to Request::isMethodSafe() is deprecated.
  • ApacheRequest is deprecated, use the Request class instead.
  • passing a third argument to HeaderBag::get() is deprecated, use method all() instead
  • [BC BREAK] PdoSessionHandler with MySQL changed the type of the lifetime column, make sure to run ALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL to update your database.
  • PdoSessionHandler now precalculates the expiry timestamp in the lifetime column, make sure to run CREATE INDEX EXPIRY ON sessions (sess_lifetime) to update your database to speed up garbage collection of expired sessions.
  • added SessionHandlerFactory to create session handlers with a DSN
  • added IpUtils::anonymize() to help with GDPR compliance.

4.3.0

  • added PHPUnit constraints: RequestAttributeValueSame, ResponseCookieValueSame, ResponseHasCookie, ResponseHasHeader, ResponseHeaderSame, ResponseIsRedirected, ResponseIsSuccessful, and ResponseStatusCodeSame
  • deprecated MimeTypeGuesserInterface and ExtensionGuesserInterface in favor of Symfony\Component\Mime\MimeTypesInterface.
  • deprecated MimeType and MimeTypeExtensionGuesser in favor of Symfony\Component\Mime\MimeTypes.
  • deprecated FileBinaryMimeTypeGuesser in favor of Symfony\Component\Mime\FileBinaryMimeTypeGuesser.
  • deprecated FileinfoMimeTypeGuesser in favor of Symfony\Component\Mime\FileinfoMimeTypeGuesser.
  • added UrlHelper that allows to get an absolute URL and a relative path for a given path

4.2.0

  • the default value of the "$secure" and "$samesite" arguments of Cookie's constructor </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 8bccc59 Merge branch '4.3' into 4.4
  • fcafc7c Merge branch '3.4' into 4.3
  • d2d0cfe [HttpFoundation] Fixed typo
  • cc09809 [HttpFoundation] Update CHANGELOG for PdoSessionHandler BC BREAK in 4.4
  • c2480b7 Merge branch '3.4' into 4.3
  • f7efd0b Simpler example for Apache basic auth workaround
  • 502040d Merge branch '4.3' into 4.4
  • 0ac9ebf Merge branch '3.4' into 4.3
  • a558b18 feature #34405 [HttpFoundation] Added possibility to configure expiration tim...
  • 0c5217a [HttpFoundation] Added possibility to configure expiration time in redis sess...
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+67 -64

0 comment

1 changed file

pr created time in a few seconds

PR opened miahmdrubel/OnlineMedicalShop

Bump axios from 0.17.1 to 0.19.0

Bumps axios from 0.17.1 to 0.19.0. <details> <summary>Release notes</summary>

Sourced from axios's releases.

v0.19.0

Fixes and Functionality:

  • Unzip response body only for statuses != 204 (#1129) - drawski
  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
  • Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
  • Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
  • Allow uppercase methods in typings. (#1781) - Ken Powers
  • Fixing .eslintrc without extension (#1789) - Manoel
  • Consistent coding style (#1787) - Ali Servet Donmez
  • Fixing building url with hash mark (#1771) - Anatoly Ryabov
  • This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after #, because client cut everything after #
  • Preserve HTTP method when following redirect (#1758) - Rikki Gibson
  • Add getUri signature to TypeScript definition. (#1736) - Alexander Trauzzi
  • Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
  • Fix failing SauceLabs tests by updating configuration - Emily Morehouse

Documentation:

  • Add information about auth parameter to README (#2166) - xlaguna
  • Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
  • Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
  • Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
  • Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
  • Fixing spacing for README.md (#2066) - Josh McCarty
  • Update README.md. - Change .then to .finally in example code (#2090) - Omar Cai
  • Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
  • docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
  • It seems that responseType: 'blob' doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
  • Add issue templates - Emily Morehouse
  • Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
  • Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
  • Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer

v0.19.0-beta.1

NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.

New Functionality:

  • Add getUri method (#1712)
  • Add support for no_proxy env variable (#1693)
  • Add toJSON to decorated Axios errors to faciliate serialization (#1625)
  • Add second then on axios call (#1623)
  • Typings: allow custom return types
  • Add option to specify character set in responses (with http adapter)

Fixes:

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from axios's changelog.

0.19.0 (May 30, 2019)

Fixes and Functionality:

  • Added support for no_proxy env variable (#434) - Chance Dickson
  • Unzip response body only for statuses != 204 (#1129) - drawski
  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
  • Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
  • Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
  • Allow uppercase methods in typings. (#1781) - Ken Powers
  • Fixing building url with hash mark (#1771) - Anatoly Ryabov
  • This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after #, because client cut everything after #
  • Preserve HTTP method when following redirect (#1758) - Rikki Gibson
  • Add getUri signature to TypeScript definition. (#1736) - Alexander Trauzzi
  • Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta

Internal:

  • Fixing .eslintrc without extension (#1789) - Manoel
  • Fix failing SauceLabs tests by updating configuration - Emily Morehouse
  • Add issue templates - Emily Morehouse

Documentation:

  • Consistent coding style in README (#1787) - Ali Servet Donmez
  • Add information about auth parameter to README (#2166) - xlaguna
  • Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
  • Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
  • Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
  • Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
  • Fixing spacing for README.md (#2066) - Josh McCarty
  • Update README.md. - Change .then to .finally in example code (#2090) - Omar Cai
  • Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
  • docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
  • It seems that responseType: 'blob' doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
  • Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
  • Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
  • Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer

0.19.0-beta.1 (Aug 9, 2018)

NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.

New Functionality:

  • Add getUri method (#1712)
  • Add support for no_proxy env variable (#1693)
  • Add toJSON to decorated Axios errors to faciliate serialization (#1625) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 8d0b92b Releasing 0.19.0
  • 3f7451c Update Changelog for release (0.19.0)
  • f28ff93 Add information about auth parameter to README (#2166)
  • 5250e6e Add DELETE to list of methods that allow data as a config option (#2169)
  • 6b0ccd1 Update ECOSYSTEM.md - Add Axios Endpoints (#2176)
  • 299e827 Add r2curl in ECOSYSTEM (#2141)
  • fd0c959 Unzip response body only for statuses != 204 (#1129)
  • 92d2313 Update README.md - Add instructions for installing with yarn (#2036)
  • ddcc2e4 Fixing spacing for README.md (#2066)
  • 48c43d5 Update README.md. - Change .then to .finally in example code (#2090)
  • Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by emilyemorehouse, a new releaser for axios since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a few seconds

push eventkatholiek-onderwijs-vlaanderen/sri-client

Ezequiel B

commit sha d72338d95f2e24a30ffab5beadf7dbcae957554a

fix call to toLowerCase function

view details

matthiassnellings

commit sha d1c4318395b0fa2d94d5f3731e782724e9dec320

Merge pull request #14 from katholiek-onderwijs-vlaanderen/fix-fn-call-in-cache fix call to toLowerCase function

view details

Matthias Snellings

commit sha 59d0f6fc6ae664c592b11d7b647331873fce13b8

update version number

view details

dependabot[bot]

commit sha a942af2328ffea9ccdc5b8a915f6915f0937580d

Bump eslint from 4.16.0 to 4.18.2 Bumps [eslint](https://github.com/eslint/eslint) from 4.16.0 to 4.18.2. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v4.16.0...v4.18.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a few seconds

PR opened heliu199211s/R3-OMS

Bump jackson-databind from 2.7.5 to 2.9.10.1 in /R3-Basic-DataCompensate

Bumps jackson-databind from 2.7.5 to 2.9.10.1. <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a few seconds

delete branch MyklClason/tweetscope

delete branch : dependabot/bundler/sprockets-3.7.2

delete time in a few seconds

PR opened maltewirz/vue-user-input

Bump webpack-dev-server from 2.1.0-beta.0 to 3.1.11

Bumps webpack-dev-server from 2.1.0-beta.0 to 3.1.11. <details> <summary>Release notes</summary>

Sourced from webpack-dev-server's releases.

v3.1.11

<a name="3.1.11"></a>

3.1.11 (2018-12-21)

Bug Fixes

v3.1.10

2018-10-23

Bug Fixes

  • options: add writeToDisk option to schema (#1520) (d2f4902)
  • package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
  • Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

v3.1.9

No release notes provided.

v3.1.8

2018-09-06

Bug Fixes

  • package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
  • utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

v3.1.7

2018-08-29

Bug Fixes

  • Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

v3.1.6

2018-08-26

Bug Fixes

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from webpack-dev-server's changelog.

3.1.11 (2018-12-21)

Bug Fixes

<a name="3.1.10"></a>

3.1.10 (2018-10-23)

Bug Fixes

  • options: add writeToDisk option to schema (#1520) (d2f4902)
  • package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
  • Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

<a name="3.1.9"></a>

3.1.9 (2018-09-24)

<a name="3.1.8"></a>

3.1.8 (2018-09-06)

Bug Fixes

  • package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
  • utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

<a name="3.1.7"></a>

3.1.7 (2018-08-29)

Bug Fixes

  • Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • ff2874f chore(release): 3.1.11
  • b3217ca fix: check origin header for websocket connection (#1603)
  • 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
  • fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
  • 7a3a257 fix(package): update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
  • 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
  • 55398b5 fix(bin/options): correct check for color support (options.color) (#1555)
  • 927a2b3 fix(Server): correct node version checks (#1543)
  • fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
  • fe3219f chore(release): 3.1.10
  • Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1085 -360

0 comment

2 changed files

pr created time in a few seconds

delete branch MyklClason/tweetscope

delete branch : dependabot/bundler/loofah-2.3.1

delete time in a minute

push eventDanielDanielDanielDanielDaniel/aucta-framework

Daniel

commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc

reee

view details

dependabot[bot]

commit sha be947124a7f16fe484b7ce671c44537331778265

Bump eslint-utils from 1.3.1 to 1.4.3 Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.3.1 to 1.4.3. - [Release notes](https://github.com/mysticatea/eslint-utils/releases) - [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.3.1...v1.4.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

delete branch DanielDanielDanielDanielDaniel/aucta-framework

delete branch : dependabot/npm_and_yarn/safer-eval-1.3.5

delete time in a minute

PR closed DanielDanielDanielDanielDaniel/aucta-framework

Bump safer-eval from 1.3.2 to 1.3.5 dependencies

Bumps safer-eval from 1.3.2 to 1.3.5. <details> <summary>Commits</summary>

  • 6d5ed4b 1.3.5
  • fbbc623 Merge pull request #7 from commenthol/strict-mode-recommendation
  • 1a87237 fix: use strict mode recommendation
  • b81dab9 1.3.4
  • 073267a Merge pull request #6 from commenthol/fix-breakout-console
  • 25c3048 docu: Update tested browsers/ node versions
  • 25fbbe5 fix: sandbox breakout with console.constructor...
  • 1ff9411 chore: bump dependencies
  • d3167c8 1.3.3
  • ba69286 Merge pull request #5 from commenthol/warning
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+5 -5

1 comment

2 changed files

dependabot[bot]

pr closed time in a minute

push eventDanielDanielDanielDanielDaniel/aucta-framework

Daniel

commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc

reee

view details

dependabot[bot]

commit sha eef9a143b19a0027a7ac94813c7e097cbba56764

Bump mixin-deep from 1.3.1 to 1.3.2 Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/jonschlinkert/mixin-deep/releases) - [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

pull request commentDanielDanielDanielDanielDaniel/aucta-framework

Bump safer-eval from 1.3.2 to 1.3.5

Superseded by #7.

dependabot[bot]

comment created time in a minute

PR opened DanielDanielDanielDanielDaniel/aucta-framework

Bump safer-eval from 1.3.2 to 1.3.6

Bumps safer-eval from 1.3.2 to 1.3.6. <details> <summary>Commits</summary>

  • d79adcf 1.3.6
  • fe26316 docu: THIS MODULE IS HARMFUL
  • 6d5ed4b 1.3.5
  • fbbc623 Merge pull request #7 from commenthol/strict-mode-recommendation
  • 1a87237 fix: use strict mode recommendation
  • b81dab9 1.3.4
  • 073267a Merge pull request #6 from commenthol/fix-breakout-console
  • 25c3048 docu: Update tested browsers/ node versions
  • 25fbbe5 fix: sandbox breakout with console.constructor...
  • 1ff9411 chore: bump dependencies
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in a minute

push eventDanielDanielDanielDanielDaniel/aucta-framework

Daniel

commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc

reee

view details

dependabot[bot]

commit sha c6e13ce09c453ccd0cdaaea06a87b7e3522b3a62

Bump fstream from 1.0.11 to 1.0.12 Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12. - [Release notes](https://github.com/npm/fstream/releases) - [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

push eventDanielDanielDanielDanielDaniel/aucta-framework

Daniel

commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc

reee

view details

dependabot[bot]

commit sha c35cd4829f3a825b0d0c25c211788b135f22b606

Bump lodash.mergewith from 4.6.1 to 4.6.2 Bumps [lodash.mergewith](https://github.com/lodash/lodash) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/commits) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

PR opened gope7010/Online-Book-Store

Bump axios from 0.17.1 to 0.19.0

Bumps axios from 0.17.1 to 0.19.0. <details> <summary>Release notes</summary>

Sourced from axios's releases.

v0.19.0

Fixes and Functionality:

  • Unzip response body only for statuses != 204 (#1129) - drawski
  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
  • Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
  • Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
  • Allow uppercase methods in typings. (#1781) - Ken Powers
  • Fixing .eslintrc without extension (#1789) - Manoel
  • Consistent coding style (#1787) - Ali Servet Donmez
  • Fixing building url with hash mark (#1771) - Anatoly Ryabov
  • This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after #, because client cut everything after #
  • Preserve HTTP method when following redirect (#1758) - Rikki Gibson
  • Add getUri signature to TypeScript definition. (#1736) - Alexander Trauzzi
  • Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
  • Fix failing SauceLabs tests by updating configuration - Emily Morehouse

Documentation:

  • Add information about auth parameter to README (#2166) - xlaguna
  • Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
  • Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
  • Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
  • Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
  • Fixing spacing for README.md (#2066) - Josh McCarty
  • Update README.md. - Change .then to .finally in example code (#2090) - Omar Cai
  • Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
  • docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
  • It seems that responseType: 'blob' doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
  • Add issue templates - Emily Morehouse
  • Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
  • Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
  • Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer

v0.19.0-beta.1

NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.

New Functionality:

  • Add getUri method (#1712)
  • Add support for no_proxy env variable (#1693)
  • Add toJSON to decorated Axios errors to faciliate serialization (#1625)
  • Add second then on axios call (#1623)
  • Typings: allow custom return types
  • Add option to specify character set in responses (with http adapter)

Fixes:

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from axios's changelog.

0.19.0 (May 30, 2019)

Fixes and Functionality:

  • Added support for no_proxy env variable (#434) - Chance Dickson
  • Unzip response body only for statuses != 204 (#1129) - drawski
  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
  • Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
  • Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
  • Allow uppercase methods in typings. (#1781) - Ken Powers
  • Fixing building url with hash mark (#1771) - Anatoly Ryabov
  • This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after #, because client cut everything after #
  • Preserve HTTP method when following redirect (#1758) - Rikki Gibson
  • Add getUri signature to TypeScript definition. (#1736) - Alexander Trauzzi
  • Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta

Internal:

  • Fixing .eslintrc without extension (#1789) - Manoel
  • Fix failing SauceLabs tests by updating configuration - Emily Morehouse
  • Add issue templates - Emily Morehouse

Documentation:

  • Consistent coding style in README (#1787) - Ali Servet Donmez
  • Add information about auth parameter to README (#2166) - xlaguna
  • Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
  • Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
  • Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
  • Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
  • Fixing spacing for README.md (#2066) - Josh McCarty
  • Update README.md. - Change .then to .finally in example code (#2090) - Omar Cai
  • Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
  • docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
  • It seems that responseType: 'blob' doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser
  • Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
  • Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
  • Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer

0.19.0-beta.1 (Aug 9, 2018)

NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.

New Functionality:

  • Add getUri method (#1712)
  • Add support for no_proxy env variable (#1693)
  • Add toJSON to decorated Axios errors to faciliate serialization (#1625) </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 8d0b92b Releasing 0.19.0
  • 3f7451c Update Changelog for release (0.19.0)
  • f28ff93 Add information about auth parameter to README (#2166)
  • 5250e6e Add DELETE to list of methods that allow data as a config option (#2169)
  • 6b0ccd1 Update ECOSYSTEM.md - Add Axios Endpoints (#2176)
  • 299e827 Add r2curl in ECOSYSTEM (#2141)
  • fd0c959 Unzip response body only for statuses != 204 (#1129)
  • 92d2313 Update README.md - Add instructions for installing with yarn (#2036)
  • ddcc2e4 Fixing spacing for README.md (#2066)
  • 48c43d5 Update README.md. - Change .then to .finally in example code (#2090)
  • Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by emilyemorehouse, a new releaser for axios since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

create barnchgope7010/Online-Book-Store

branch : dependabot/npm_and_yarn/axios-0.19.0

created branch time in a minute

delete branch Uberech/Taskech

delete branch : dependabot/bundler/ffi-1.11.3

delete time in a minute

delete branch AspenLuoQiang/ohEditor

delete branch : dependabot/npm_and_yarn/lodash-4.17.15

delete time in a minute

PR opened MyklClason/tweetscope

Bump sprockets from 3.7.0 to 3.7.2

Bumps sprockets from 3.7.0 to 3.7.2. <details> <summary>Changelog</summary>

Sourced from sprockets's changelog.

3.7.2 (June 19, 2018)

3.7.1 (December 19, 2016)

  • Ruby 2.4 support for Sprockets 3.

3.7.0 (July 21, 2016)

  • Deprecated interfaces now emit deprecation warnings #345

3.6.3 (July 1, 2016)

  • Faster asset lookup in large directories #336
  • Faster PathUtils.match_path_extname https://github.com/rails/sprockets/commit/697269cf81e5261fdd7072e32bd489403027fd7e
  • Fixed uglifier comment stripping #326
  • Error messages now show load path info #313

3.6.2 (June 21, 2016)

  • More performance improvements.

3.6.1 (June 17, 2016)

  • Some performance improvements.

3.6.0 (April 6, 2016)

  • Add Manifest#find_sources to return the source of the compiled assets.
  • Fix the list of compressable mime types.
  • Improve performance of the FileStore cache.

3.5.2 (December 8, 2015)

  • Fix JRuby bug with concurrent-ruby.
  • Fix disabling gzip generation in cached environments.

3.5.1 (December 5, 2015)

  • Fix gzip asset generation for assets already on disk.

3.5.0 (December 3, 2015)

  • Reintroduce Gzip file generation for non-binary assets.

3.4.1 (November 25, 2015)

  • PathUtils::Entries will no longer error on an empty directory.

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 2f7b7e5 v3.7.2
  • 9c34fa0 Do not respond to http requests asking for a file://
  • eb0af6d Make sure find_sources behaves in the same way when the assets don't
  • cfae3de Merge pull request #487 from mcfiredrill/patch-1
  • dbeda82 typo in deprecation message
  • 10dada6 v3.7.1
  • a20f35c Merge pull request #442 from maclover7/jm-ruby-24
  • d47639f Update Sprockets::Utils#duplicable? for Ruby 2.4+
  • d62bf7b Add Ruby v2.4.0-rc1 to Travis matrix
  • 9c2c5f8 Backport test changes from a4001a4b2f8408f0a87ff44aa21b502c1847f79e
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+2 -2

0 comment

1 changed file

pr created time in a minute

PR opened only-vue/vue-admin

Bump webpack-bundle-analyzer from 2.13.1 to 3.3.2

Bumps webpack-bundle-analyzer from 2.13.1 to 3.3.2. <details> <summary>Release notes</summary>

Sourced from webpack-bundle-analyzer's releases.

First test with Lerna monorepo

th0r/webpack-bundle-analyzer#98 </details> <details> <summary>Changelog</summary>

Sourced from webpack-bundle-analyzer's changelog.

3.3.2

  • Bug Fix
    • Fix regression with escaping internal assets (#264, fixes #263)

3.3.1

  • Improvements

    • Use relative links for serving internal assets (#261, fixes #254)
    • Properly escape embedded JS/JSON (#262)
  • Bug Fix

    • Fix showing help message on -h flag (#260, fixes #239)

3.3.0

  • New Feature

  • Internal

    • Updated dev dependencies

3.2.0

3.1.0

3.0.4

  • Bug Fix
    • Make webpack's done hook wait until analyzer writes report or stat file (#247, @​mareolan)

3.0.3

  • Bug Fix

3.0.2

  • Improvements

  • Bug Fix </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 345c3f5 v3.3.2
  • a615815 Merge pull request #264 from webpack-contrib/fix-escape-regression
  • 20f2b4c Fix regression with escaping internal assets
  • 9836649 v3.3.1
  • d1db526 Remove outdated item from troubleshooting section
  • ca34279 Merge pull request #261 from webpack-contrib/relative-links-to-assets
  • 99818f9 Fix changelog
  • 21722d2 Add changelog entry
  • ed99c32 Use relative links for serving internal assets
  • 3ce1b8c Merge pull request #262 from webpack-contrib/proper-js-escape
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+77 -56

0 comment

2 changed files

pr created time in a minute

create barnchMyklClason/tweetscope

branch : dependabot/bundler/sprockets-3.7.2

created branch time in a minute

delete branch AspenLuoQiang/ohEditor

delete branch : dependabot/npm_and_yarn/mixin-deep-1.3.2

delete time in a minute

delete branch adayswait/arachn

delete branch : dependabot/npm_and_yarn/mixin-deep-1.3.2

delete time in a minute

push eventMyklClason/tweetscope

dependabot[bot]

commit sha 07b6925ada04f818db92dbe9de1a52a34d276c1f

Bump nokogiri from 1.6.8 to 1.10.5 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.6.8 to 1.10.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.6.8...v1.10.5) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mykl Clason

commit sha e014abd6e39700a7dd0d73243e6a059d1e62ba18

Merge pull request #4 from MyklClason/dependabot/bundler/nokogiri-1.10.5 Bump nokogiri from 1.6.8 to 1.10.5

view details

dependabot[bot]

commit sha ed5b788b4cc71451ee0da2ef71edcfac1f2e2070

Bump loofah from 2.0.3 to 2.3.1 Bumps [loofah](https://github.com/flavorjones/loofah) from 2.0.3 to 2.3.1. - [Release notes](https://github.com/flavorjones/loofah/releases) - [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md) - [Commits](https://github.com/flavorjones/loofah/compare/v2.0.3...v2.3.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

PR opened only-vue/vue-admin

Bump axios from 0.15.3 to 0.18.1

Bumps axios from 0.15.3 to 0.18.1. <details> <summary>Release notes</summary>

Sourced from axios's releases.

v0.18.1

Security Fix:

  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev

v.0.18.0

  • Adding support for UNIX Sockets when running with Node.js (#1070)
  • Fixing typings (#1177):
    • AxiosRequestConfig.proxy: allows type false
    • AxiosProxyConfig: added auth field
  • Adding function signature in AxiosInstance interface so AxiosInstance can be invoked (#1192, #1254)
  • Allowing maxContentLength to pass through to redirected calls as maxBodyLength in follow-redirects config (#1287)
  • Fixing configuration when using an instance - method can now be set (#1342)

0.17.1 (Nov 11, 2017)

  • Fixing issue with web workers (#1160)
  • Allowing overriding transport (#1080)
  • Updating TypeScript typings (#1165, #1125, #1131)

v0.17.1

No release notes provided.

v0.17.0

No release notes provided.

v0.16.2

No release notes provided.

v0.16.1

No release notes provided.

v0.16.0

No release notes provided. </details> <details> <summary>Changelog</summary>

Sourced from axios's changelog.

0.18.1 (May 31, 2019)

Security Fix:

  • Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev

0.18.0 (Feb 19, 2018)

  • Adding support for UNIX Sockets when running with Node.js (#1070)
  • Fixing typings (#1177):
    • AxiosRequestConfig.proxy: allows type false
    • AxiosProxyConfig: added auth field
  • Adding function signature in AxiosInstance interface so AxiosInstance can be invoked (#1192, #1254)
  • Allowing maxContentLength to pass through to redirected calls as maxBodyLength in follow-redirects config (#1287)
  • Fixing configuration when using an instance - method can now be set (#1342)

0.17.1 (Nov 11, 2017)

  • Fixing issue with web workers (#1160)
  • Allowing overriding transport (#1080)
  • Updating TypeScript typings (#1165, #1125, #1131)

0.17.0 (Oct 21, 2017)

  • BREAKING Fixing issue with baseURL and interceptors (#950)
  • BREAKING Improving handing of duplicate headers (#874)
  • Adding support for disabling proxies (#691)
  • Updating TypeScript typings with generic type parameters (#1061)

0.16.2 (Jun 3, 2017)

  • Fixing issue with including buffer in bundle (#887)
  • Including underlying request in errors (#830)
  • Convert method to lowercase (#930)

0.16.1 (Apr 8, 2017)

  • Improving HTTP adapter to return last request in case of redirects (#828)
  • Updating follow-redirects dependency (#829)
  • Adding support for passing Buffer in node (#773)

0.16.0 (Mar 31, 2017)

  • BREAKING Removing Promise from axios typings in favor of built-in type declarations (#480)
  • Adding options shortcut method (#461)
  • Fixing issue with using responseType: 'json' in browsers incompatible with XHR Level 2 (#654)
  • Improving React Native detection (#731)
  • Fixing combineURLs to support empty relativeURL (#581)
  • Removing PROTECTION_PREFIX support (#561) </details> <details> <summary>Commits</summary>
  • face016 Releasing 0.18.1
  • 0628763 Update Changelog for release (0.18.1)
  • dc9b29c adjust README to match IE support
  • 16326d5 Remove usages of isOldIE in tests
  • 5a4228b Remove IE10 launcher from karma config
  • 695b5f7 Remove isOldIE check in tests
  • e314ab0 Remove HTTP 1223 handling
  • 7efa822 Remove btoa polyfill tests
  • f3cdcc7 Delete btoa polyfill
  • efc0b58 Remove ie8/9 special CORS treatment and btoa polyfill
  • Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by emilyemorehouse, a new releaser for axios since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+24 -11

0 comment

2 changed files

pr created time in a minute

create barnchonly-vue/vue-admin

branch : dependabot/npm_and_yarn/axios-0.18.1

created branch time in a minute

delete branch MyklClason/tweetscope

delete branch : dependabot/bundler/rails-html-sanitizer-1.3.0

delete time in a minute

delete branch MyklClason/tweetscope

delete branch : dependabot/bundler/rack-1.6.11

delete time in a minute

push eventDanielDanielDanielDanielDaniel/aucta-framework

Daniel

commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc

reee

view details

dependabot[bot]

commit sha f8ebf7e2d358ae36620b2e8e0e31f7de4f86c9fb

Bump lodash from 4.17.11 to 4.17.13 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

PR closed MyklClason/tweetscope

Bump rails-html-sanitizer from 1.0.3 to 1.3.0 dependencies

Bumps rails-html-sanitizer from 1.0.3 to 1.3.0. <details> <summary>Release notes</summary>

Sourced from rails-html-sanitizer's releases.

v1.3.0

  • Address deprecations in Loofah 2.3.0.

    Josh Goodall

v1.2.0

  • Remove needless white_list_sanitizer deprecation.

    By deprecating this, we were forcing Rails 5.2 to be updated or spew deprecations that users could do nothing about.

    That's pointless and I'm sorry for adding that!

    Now there's no deprecation warning and Rails 5.2 works out of the box, while Rails 6 can use the updated naming.

    Kasper Timm Hansen

v1.1.0

  • Add safe_list_sanitizer and deprecate white_list_sanitizer to be removed in 1.2.0. rails/rails-html-sanitizer#87

    Juanito Fatas

  • Remove href from LinkScrubber's tags as it's not an element. rails/rails-html-sanitizer#92

    Juanito Fatas

  • Explain that we don't need to bump Loofah here if there's CVEs. https://github.com/rails/rails-html-sanitizer/commit/d4d823c617fdd0064956047f7fbf23fff305a69b

    Kasper Timm Hansen

v1.0.4

  • Fix CVE-2018-3741. </details> <details> <summary>Changelog</summary>

Sourced from rails-html-sanitizer's changelog.

1.3.0

  • Address deprecations in Loofah 2.3.0.

    Josh Goodall

1.2.0

  • Remove needless white_list_sanitizer deprecation.

    By deprecating this, we were forcing Rails 5.2 to be updated or spew deprecations that users could do nothing about.

    That's pointless and I'm sorry for adding that!

    Now there's no deprecation warning and Rails 5.2 works out of the box, while Rails 6 can use the updated naming.

    Kasper Timm Hansen

1.1.0

  • Add safe_list_sanitizer and deprecate white_list_sanitizer to be removed in 1.2.0. rails/rails-html-sanitizer#87

    Juanito Fatas

  • Remove href from LinkScrubber's tags as it's not an element. rails/rails-html-sanitizer#92

    Juanito Fatas

  • Explain that we don't need to bump Loofah here if there's CVEs. https://github.com/rails/rails-html-sanitizer/commit/d4d823c617fdd0064956047f7fbf23fff305a69b

    Kasper Timm Hansen

1.0.1

  • Added support for Rails 4.2.0.beta2 and above

1.0.0

  • First release. </details> <details> <summary>Commits</summary>
  • 51dc564 v1.3.0
  • 65b9f88 Merge pull request #102 from orien/gem-metadata
  • 845da04 Add project metadata to the gemspec
  • 43a87f5 Match Loofah's API changes.
  • b8ea80d Prepare 1.2.0
  • 5581871 Remove needless white list sanitizer deprecations
  • 1a02a14 Merge pull request #96 from olleolleolle/patch-1
  • 31cf584 CI: Drop unused sudo: false Travis directive
  • 0b64e50 Merge pull request #95 from rwojnarowski/patch-1
  • 21da038 Deprecated warning text, missing space
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 minutes

PR closed MyklClason/tweetscope

Bump rack from 1.6.4 to 1.6.11 dependencies

Bumps rack from 1.6.4 to 1.6.11. <details> <summary>Commits</summary>

  • 2bef132 Bumping version for release
  • 97ca63d Whitelist http/https schemes
  • 7b5054e Merge pull request #1296 from tomelm/fix-prefers-plaintext
  • fdcd03a Bump version for release
  • 2293c6a Merge pull request #1249 from mclark/handle-invalid-method-parameters
  • b27dd86 handle failure to upcase invalid strings
  • 274d934 Stick with a passing version of Rubygems and bundler
  • 617aac0 bump version for release
  • dc017e7 Merge pull request #1237 from eileencodes/backport-1137
  • 4d6965a Backport pull request #1137 from unabridged/fix-eof-failure
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 minutes

pull request commentMyklClason/tweetscope

Bump rails-html-sanitizer from 1.0.3 to 1.3.0

Looks like rails-html-sanitizer is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 2 minutes

pull request commentMyklClason/tweetscope

Bump rack from 1.6.4 to 1.6.11

Looks like rack is no longer updatable, so this is no longer needed.

dependabot[bot]

comment created time in 2 minutes

push eventUberech/Taskech

dependabot[bot]

commit sha a16bb963dbf18f6df3cce13ff8b0a4a57635d3a2

Bump sprockets from 3.5.2 to 3.7.2 Bumps [sprockets](https://github.com/rails/sprockets) from 3.5.2 to 3.7.2. - [Release notes](https://github.com/rails/sprockets/releases) - [Changelog](https://github.com/rails/sprockets/blob/v3.7.2/CHANGELOG.md) - [Commits](https://github.com/rails/sprockets/compare/v3.5.2...v3.7.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mykl Clason

commit sha 4f3a97c04663e3356fcb9cd3eff062b2adad4e0d

Merge pull request #4 from Uberech/dependabot/bundler/sprockets-3.7.2 Bump sprockets from 3.5.2 to 3.7.2

view details

dependabot[bot]

commit sha ccba5dee3e5b8724752284c8f7a39475f063b4aa

Bump rails-html-sanitizer from 1.0.3 to 1.3.0 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.3.0. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.0.3...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mykl Clason

commit sha 6fd0fe0dc0090b623356a57be5631668eb4e9695

Merge pull request #2 from Uberech/dependabot/bundler/rails-html-sanitizer-1.3.0 Bump rails-html-sanitizer from 1.0.3 to 1.3.0

view details

dependabot[bot]

commit sha f2360428736f89b04af6f244f0dcea6815d15e89

Bump devise from 3.5.6 to 4.7.1 Bumps [devise](https://github.com/plataformatec/devise) from 3.5.6 to 4.7.1. - [Release notes](https://github.com/plataformatec/devise/releases) - [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md) - [Commits](https://github.com/plataformatec/devise/compare/v3.5.6...v4.7.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mykl Clason

commit sha fe33fd95230bf0f417dc701485491deefd198ca7

Merge pull request #3 from Uberech/dependabot/bundler/devise-4.7.1 Bump devise from 3.5.6 to 4.7.1

view details

dependabot[bot]

commit sha df4fa5d02048b577ac75fa739aa2738f4661703d

Bump ffi from 1.9.10 to 1.11.3 Bumps [ffi](https://github.com/ffi/ffi) from 1.9.10 to 1.11.3. - [Release notes](https://github.com/ffi/ffi/releases) - [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md) - [Commits](https://github.com/ffi/ffi/compare/1.9.10...1.11.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 2 minutes

PR opened Seongmun-Hong/react_webrtc

Bump mixin-deep from 1.3.1 to 1.3.2 in /react_webrtc

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary>

  • 754f0c2 1.3.2
  • 90ee1fa ensure keys are valid when mixing in values
  • See full diff in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 2 minutes

PR opened PrajaktaShirke29/productsDetails

Bump lodash.template from 4.4.0 to 4.5.0 in /reactMongodb

Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary>

  • ab73503 Bump to v4.5.0.
  • a4f7d4c Rebuild lodash and docs.
  • cca5ac6 Fix npm-test by removing the call to test-docs.
  • 9f7f9fc Adjust heading order. [ci skip]
  • 6e2fb92 Remove unused baseArity.
  • 4f702e2 Specify utf8 encoding.
  • b188f90 Add fp tests for iteratee shorthands.
  • 7b93dc9 Ensure clone methods clone expando properties of boolean, number, & string ob...
  • 664d66a Make string tests more consistent.
  • d9dc0e6 Add _.invertBy tests.
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+548 -66

0 comment

1 changed file

pr created time in 2 minutes

PR opened PrajaktaShirke29/productsDetails

Bump mixin-deep from 1.3.1 to 1.3.2 in /reactMongodb

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary>

  • 754f0c2 1.3.2
  • 90ee1fa ensure keys are valid when mixing in values
  • See full diff in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+543 -61

0 comment

1 changed file

pr created time in 2 minutes

PR opened PrajaktaShirke29/productsDetails

Bump handlebars from 4.0.12 to 4.5.3 in /reactMongodb

Bumps handlebars from 4.0.12 to 4.5.3. <details> <summary>Changelog</summary>

Sourced from handlebars's changelog.

v4.5.3 - November 18th, 2019

Bugfixes:

  • fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
  • fix: add more properties required to be enumerable - 1988878

Chores / Build:

  • fix: use !== 0 instead of != 0 - c02b05f
  • add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

Security:

  • The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

Compatibility notes:

  • Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
  • The semantics have not changed in cases where the properties are enumerable, as in:
{
  __proto__: 'some string'
}
  • The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

Commits

v4.5.2 - November 13th, 2019

Bugfixes

  • fix: use String(field) in lookup when checking for "constructor" - d541378
  • test: add fluent API for testing Handlebars - c2ac79c

Compatibility notes:

  • no incompatibility are to be expected </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • c819c8b v4.5.3
  • 827c9d0 Update release notes
  • f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
  • 1988878 fix: add more properties required to be enumerable
  • 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
  • 0817dad test: add sinon as global variable to eslint in the specs
  • 93516a0 test: add sinon.js for spies, deprecate current assertions
  • 93e284e chore: add chai and dirty-chai for better test assertions
  • c02b05f fix: use !== 0 instead of != 0
  • 8de121d v4.5.2
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+560 -67

0 comment

1 changed file

pr created time in 2 minutes

PR opened PrajaktaShirke29/productsDetails

Bump merge from 1.2.0 to 1.2.1 in /reactMongodb

Bumps merge from 1.2.0 to 1.2.1. <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+543 -61

0 comment

1 changed file

pr created time in 2 minutes

delete branch adayswait/arachn

delete branch : dependabot/npm_and_yarn/lodash-4.17.15

delete time in 2 minutes

delete branch Uberech/Taskech

delete branch : dependabot/bundler/nokogiri-1.10.7

delete time in 2 minutes

PR closed Uberech/Taskech

Bump nokogiri from 1.6.7.2 to 1.10.7 dependencies

Bumps nokogiri from 1.6.7.2 to 1.10.7. <details> <summary>Release notes</summary>

Sourced from nokogiri's releases.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2 / 2019-03-24

Security

  • [MRI] Remove support from vendored libxml2 for future script macros. #1871
  • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877 </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from nokogiri's changelog.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

  • CVE-2019-13117
  • CVE-2019-13118
  • CVE-2019-18197

More details are available at #1943.

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+14 -13

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 minutes

PR opened Seongmun-Hong/react_webrtc

Bump lodash.template from 4.4.0 to 4.5.0 in /react_webrtc

Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary>

  • ab73503 Bump to v4.5.0.
  • a4f7d4c Rebuild lodash and docs.
  • cca5ac6 Fix npm-test by removing the call to test-docs.
  • 9f7f9fc Adjust heading order. [ci skip]
  • 6e2fb92 Remove unused baseArity.
  • 4f702e2 Specify utf8 encoding.
  • b188f90 Add fp tests for iteratee shorthands.
  • 7b93dc9 Ensure clone methods clone expando properties of boolean, number, & string ob...
  • 664d66a Make string tests more consistent.
  • d9dc0e6 Add _.invertBy tests.
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+9 -9

0 comment

1 changed file

pr created time in 2 minutes

pull request commentUberech/Taskech

Bump nokogiri from 1.6.7.2 to 1.10.7

Looks like nokogiri is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 2 minutes

delete branch MyklClason/tweetscope

delete branch : dependabot/bundler/nokogiri-1.10.5

delete time in 2 minutes

PR opened coolgirls/Travels

Bump eslint from 4.17.0 to 4.18.2

Bumps eslint from 4.17.0 to 4.18.2. <details> <summary>Release notes</summary>

Sourced from eslint's releases.

v4.18.2

  • 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler)
  • 3c697de Chore: fix incorrect comment about linter.verify return value (#10030) (Teddy Katz)
  • 9df8653 Chore: refactor parser-loading out of linter.verify (#10028) (Teddy Katz)
  • f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis)
  • e4f52ce Chore: Simplify dataflow in linter.verify (#10020) (Teddy Katz)
  • 33177cd Chore: make library files non-executable (#10021) (Teddy Katz)
  • 558ccba Chore: refactor directive comment processing (#10007) (Teddy Katz)
  • 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010) (Teddy Katz)
  • a1c3759 Chore: refactor populating configs with defaults in linter (#10006) (Teddy Katz)
  • aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985) (Rachael Sim)

v4.18.1

  • f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993) (Teddy Katz)
  • 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987) (Jaid)
  • 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986) (Toru Nagashima)

v4.18.0

  • 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944) (Kenton Jacobsen)
  • 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951) (Teddy Katz)
  • 47ac478 Update: add named imports and exports for object-curly-newline (#9876) (Nicholas Chua)
  • e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943) (Toru Nagashima)
  • f012b8c Fix: support Async iteration (fixes #9891) (#9957) (Toru Nagashima)
  • 74fa253 Docs: Clarify no-mixed-operators options (fixes #9962) (#9964) (Ivan Hayes)
  • 426868f Docs: clean up key-spacing docs (fixes #9900) (#9963) (Abid Uzair)
  • 4a6f22e Update: support eslint-disable-* block comments (fixes #8781) (#9745) (Erin)
  • 777283b Docs: Propose fix typo for function (#9965) (John Eismeier)
  • bf3d494 Docs: Fix typo in max-len ignorePattern example. (#9956) (Tim Martin)
  • d64fbb4 Docs: fix typo in prefer-destructuring.md example (#9930) (Vse Mozhet Byt)
  • f8d343f Chore: Fix default issue template (#9946) (Kai Cataldo) </details> <details> <summary>Changelog</summary>

Sourced from eslint's changelog.

v4.18.2 - March 2, 2018

  • 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler)
  • 3c697de Chore: fix incorrect comment about linter.verify return value (#10030) (Teddy Katz)
  • 9df8653 Chore: refactor parser-loading out of linter.verify (#10028) (Teddy Katz)
  • f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis)
  • e4f52ce Chore: Simplify dataflow in linter.verify (#10020) (Teddy Katz)
  • 33177cd Chore: make library files non-executable (#10021) (Teddy Katz)
  • 558ccba Chore: refactor directive comment processing (#10007) (Teddy Katz)
  • 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010) (Teddy Katz)
  • a1c3759 Chore: refactor populating configs with defaults in linter (#10006) (Teddy Katz)
  • aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985) (Rachael Sim)

v4.18.1 - February 20, 2018

  • f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993) (Teddy Katz)
  • 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987) (Jaid)
  • 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986) (Toru Nagashima)

v4.18.0 - February 16, 2018

  • 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944) (Kenton Jacobsen)
  • 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951) (Teddy Katz)
  • 47ac478 Update: add named imports and exports for object-curly-newline (#9876) (Nicholas Chua)
  • e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943) (Toru Nagashima)
  • f012b8c Fix: support Async iteration (fixes #9891) (#9957) (Toru Nagashima)
  • 74fa253 Docs: Clarify no-mixed-operators options (fixes #9962) (#9964) (Ivan Hayes)
  • 426868f Docs: clean up key-spacing docs (fixes #9900) (#9963) (Abid Uzair)
  • 4a6f22e Update: support eslint-disable-* block comments (fixes #8781) (#9745) (Erin)
  • 777283b Docs: Propose fix typo for function (#9965) (John Eismeier)
  • bf3d494 Docs: Fix typo in max-len ignorePattern example. (#9956) (Tim Martin)
  • d64fbb4 Docs: fix typo in prefer-destructuring.md example (#9930) (Vse Mozhet Byt)
  • f8d343f Chore: Fix default issue template (#9946) (Kai Cataldo) </details> <details> <summary>Commits</summary>
  • 22ff6f3 4.18.2
  • 817b84b Build: changelog update for 4.18.2
  • 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022)
  • 3c697de Chore: fix incorrect comment about linter.verify return value (#10030)
  • 9df8653 Chore: refactor parser-loading out of linter.verify (#10028)
  • f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)
  • e4f52ce Chore: Simplify dataflow in linter.verify (#10020)
  • 33177cd Chore: make library files non-executable (#10021)
  • 558ccba Chore: refactor directive comment processing (#10007)
  • 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010)
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+239 -227

0 comment

2 changed files

pr created time in 2 minutes

create barnchcoolgirls/Travels

branch : dependabot/npm_and_yarn/eslint-4.18.2

created branch time in 2 minutes

delete branch Uberech/Taskech

delete branch : dependabot/bundler/devise-4.7.1

delete time in 2 minutes

delete branch adayswait/arachn

delete branch : dependabot/npm_and_yarn/lodash.template-4.5.0

delete time in 2 minutes

PR opened hazeke94/ITPTeam9Project

Bump lodash from 4.17.11 to 4.17.15 in /functions

Bumps lodash from 4.17.11 to 4.17.15. <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 2 minutes

PR opened YulDewQA/qatest

Bump eslint-utils from 1.3.1 to 1.4.3

Bumps eslint-utils from 1.3.1 to 1.4.3. <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+13 -3

0 comment

1 changed file

pr created time in 2 minutes

delete branch Uberech/Uberech

delete branch : dependabot/bundler/nokogiri-1.10.7

delete time in 2 minutes

delete branch Uberech/Uberech

delete branch : dependabot/bundler/devise-4.7.1

delete time in 2 minutes

PR closed Uberech/Uberech

Bump nokogiri from 1.6.7.2 to 1.10.7 dependencies

Bumps nokogiri from 1.6.7.2 to 1.10.7. <details> <summary>Release notes</summary>

Sourced from nokogiri's releases.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2 / 2019-03-24

Security

  • [MRI] Remove support from vendored libxml2 for future script macros. #1871
  • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877 </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from nokogiri's changelog.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

  • CVE-2019-13117
  • CVE-2019-13118
  • CVE-2019-18197

More details are available at #1943.

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+13 -11

1 comment

1 changed file

dependabot[bot]

pr closed time in 2 minutes

pull request commentUberech/Uberech

Bump nokogiri from 1.6.7.2 to 1.10.7

Looks like nokogiri is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 2 minutes

push eventUberech/Taskech

dependabot[bot]

commit sha ccba5dee3e5b8724752284c8f7a39475f063b4aa

Bump rails-html-sanitizer from 1.0.3 to 1.3.0 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.3.0. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.0.3...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mykl Clason

commit sha 6fd0fe0dc0090b623356a57be5631668eb4e9695

Merge pull request #2 from Uberech/dependabot/bundler/rails-html-sanitizer-1.3.0 Bump rails-html-sanitizer from 1.0.3 to 1.3.0

view details

dependabot[bot]

commit sha f2360428736f89b04af6f244f0dcea6815d15e89

Bump devise from 3.5.6 to 4.7.1 Bumps [devise](https://github.com/plataformatec/devise) from 3.5.6 to 4.7.1. - [Release notes](https://github.com/plataformatec/devise/releases) - [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md) - [Commits](https://github.com/plataformatec/devise/compare/v3.5.6...v4.7.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 minutes

delete branch Uberech/Taskech

delete branch : dependabot/bundler/loofah-2.4.0

delete time in 3 minutes

PR closed Uberech/Taskech

Bump loofah from 2.0.3 to 2.4.0 dependencies

Bumps loofah from 2.0.3 to 2.4.0. <details> <summary>Release notes</summary>

Sourced from loofah's releases.

2.4.0 / 2019-11-25

Features

  • Allow CSS property max-width #175 (Thanks, @​bchaney!)
  • Allow CSS sizes expressed in rem [#176, #177]
  • Add frozen_string_literal: true magic comment to all lib files. #118

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

Bug fixes

  • CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @​asok!)

Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

  • Deprecate Loofah::Helpers::ActionView.white_list_sanitizer, please use Loofah::Helpers::ActionView.safe_list_sanitizer instead.
  • Deprecate Loofah::Helpers::ActionView::WhiteListSanitizer, please use Loofah::Helpers::ActionView::SafeListSanitizer instead.
  • Deprecate Loofah::HTML5::WhiteList, please use Loofah::HTML5::SafeList instead.

Thanks to @​JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

v2.2.3

Notably, this release addresses CVE-2018-16468.

v2.2.2

2.2.2 / 2018-03-22

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from loofah's changelog.

2.4.0 / 2019-11-25

Features

  • Allow CSS property max-width #175 (Thanks, @​bchaney!)
  • Allow CSS sizes expressed in rem [#176, #177]
  • Add frozen_string_literal: true magic comment to all lib files. #118

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

Bug fixes

  • CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @​asok!)

Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

  • Deprecate Loofah::Helpers::ActionView.white_list_sanitizer, please use Loofah::Helpers::ActionView.safe_list_sanitizer instead.
  • Deprecate Loofah::Helpers::ActionView::WhiteListSanitizer, please use Loofah::Helpers::ActionView::SafeListSanitizer instead.
  • Deprecate Loofah::HTML5::WhiteList, please use Loofah::HTML5::SafeList instead.

Thanks to @​JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

2.2.3 / 2018-10-30

Security

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 724ac1c version bump to v2.4.0
  • e808fb6 ci: don't turn on frozen strings until after bundle install
  • 0eb9976 update CHANGELOG
  • 0783f5b add magic comment for frozen string literals to all files
  • 5ce3a71 add rubocop as dev dep and configure security and frozen string cops
  • 82ae384 test suite should check compatibility with frozen string literals
  • 8747065 Merge pull request #175 from bchaney/allow-css-max-width
  • 2767ae3 Merge pull request #177 from flavorjones/176-allow-rem-css-sizes
  • 13f734f css sanitizer allows "rem" sizes
  • 2699b61 Allow CSS property: max-width
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -4

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 minutes

pull request commentUberech/Taskech

Bump loofah from 2.0.3 to 2.4.0

Looks like loofah is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 3 minutes

delete branch Uberech/Uberech

delete branch : dependabot/bundler/ffi-1.11.3

delete time in 3 minutes

delete branch Uberech/Uberech

delete branch : dependabot/bundler/loofah-2.4.0

delete time in 3 minutes

PR opened Sonfinity-Poland/Odchudzanie__JustSkinny-Second

Bump lodash from 4.17.11 to 4.17.15

Bumps lodash from 4.17.11 to 4.17.15. <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 3 minutes

delete branch Uberech/Taskech

delete branch : dependabot/bundler/rails-html-sanitizer-1.3.0

delete time in 3 minutes

PR closed Uberech/Uberech

Bump loofah from 2.0.3 to 2.4.0 dependencies

Bumps loofah from 2.0.3 to 2.4.0. <details> <summary>Release notes</summary>

Sourced from loofah's releases.

2.4.0 / 2019-11-25

Features

  • Allow CSS property max-width #175 (Thanks, @​bchaney!)
  • Allow CSS sizes expressed in rem [#176, #177]
  • Add frozen_string_literal: true magic comment to all lib files. #118

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

Bug fixes

  • CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @​asok!)

Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

  • Deprecate Loofah::Helpers::ActionView.white_list_sanitizer, please use Loofah::Helpers::ActionView.safe_list_sanitizer instead.
  • Deprecate Loofah::Helpers::ActionView::WhiteListSanitizer, please use Loofah::Helpers::ActionView::SafeListSanitizer instead.
  • Deprecate Loofah::HTML5::WhiteList, please use Loofah::HTML5::SafeList instead.

Thanks to @​JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

v2.2.3

Notably, this release addresses CVE-2018-16468.

v2.2.2

2.2.2 / 2018-03-22

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from loofah's changelog.

2.4.0 / 2019-11-25

Features

  • Allow CSS property max-width #175 (Thanks, @​bchaney!)
  • Allow CSS sizes expressed in rem [#176, #177]
  • Add frozen_string_literal: true magic comment to all lib files. #118

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

Bug fixes

  • CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @​asok!)

Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

  • Deprecate Loofah::Helpers::ActionView.white_list_sanitizer, please use Loofah::Helpers::ActionView.safe_list_sanitizer instead.
  • Deprecate Loofah::Helpers::ActionView::WhiteListSanitizer, please use Loofah::Helpers::ActionView::SafeListSanitizer instead.
  • Deprecate Loofah::HTML5::WhiteList, please use Loofah::HTML5::SafeList instead.

Thanks to @​JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

2.2.3 / 2018-10-30

Security

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 724ac1c version bump to v2.4.0
  • e808fb6 ci: don't turn on frozen strings until after bundle install
  • 0eb9976 update CHANGELOG
  • 0783f5b add magic comment for frozen string literals to all files
  • 5ce3a71 add rubocop as dev dep and configure security and frozen string cops
  • 82ae384 test suite should check compatibility with frozen string literals
  • 8747065 Merge pull request #175 from bchaney/allow-css-max-width
  • 2767ae3 Merge pull request #177 from flavorjones/176-allow-rem-css-sizes
  • 13f734f css sanitizer allows "rem" sizes
  • 2699b61 Allow CSS property: max-width
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -4

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 minutes

push eventUberech/Uberech

dependabot[bot]

commit sha be1332eebcd5709292d988fcf1bf5cb867252fda

Bump rails-html-sanitizer from 1.0.3 to 1.3.0 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.3.0. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.0.3...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mykl Clason

commit sha 66a17cdd502eb87c7a4dfb8f35bdb625c0eee102

Merge pull request #3 from Uberech/dependabot/bundler/rails-html-sanitizer-1.3.0 Bump rails-html-sanitizer from 1.0.3 to 1.3.0

view details

dependabot[bot]

commit sha eff3dc40ad8806d61c281d07f608f45861e5f9c1

Bump devise from 3.5.6 to 4.7.1 Bumps [devise](https://github.com/plataformatec/devise) from 3.5.6 to 4.7.1. - [Release notes](https://github.com/plataformatec/devise/releases) - [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md) - [Commits](https://github.com/plataformatec/devise/compare/v3.5.6...v4.7.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 minutes

pull request commentUberech/Uberech

Bump loofah from 2.0.3 to 2.4.0

Looks like loofah is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in 3 minutes

PR opened jvhariharan/EJ2-DataGrid-Core-RemoteSaveAdaptor-Editing

Bump Microsoft.AspNetCore.All from 2.0.3 to 2.0.9 in /TestSampleRemoteSave-118452066/TestSample

Bumps Microsoft.AspNetCore.All from 2.0.3 to 2.0.9. <details> <summary>Commits</summary>

  • 84d6a54 Merge 2.0.9 into release/2.0
  • 43ec723 Merge branch release/2.0
  • cc0e039 Add required infrastructure improvements to submodules to support NETStandard...
  • 9030255 Merge branch 'release/2.0'
  • 1895502 Update the LZMA to include NETStandard.Library 2.0.3
  • e7c57af Upgrade to NETCore.App 2.0.9 (#29)
  • 8fd6124 Merge branch 'release/2.0'
  • 93f2e99 Fix for uploading blobs to private Azure blob containers
  • aa91b80 Add script used to deploy blobs to Azure storage
  • b1f55ff Merge branch 'release/2.0' of release/2.0.9
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

PR opened singh-arulraj/CarND-Capstone-proj

Bump pillow from 2.2.1 to 6.2.0

Bumps pillow from 2.2.1 to 6.2.0. <details> <summary>Release notes</summary>

Sourced from pillow's releases.

6.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/6.2.0.html

6.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/6.1.0.html

6.0.0

No release notes provided.

5.4.1

No release notes provided.

5.4.0

No release notes provided.

5.3.0

No release notes provided.

5.2.0

No release notes provided.

5.1.0

No release notes provided.

5.0.0

No release notes provided.

4.3.0

No release notes provided.

4.2.1

No release notes provided.

4.2.0

No release notes provided.

4.1.1

No release notes provided.

4.1.0

No release notes provided.

4.0.0 tag had a typo in the version in setup.py, hence 4.0.0a

3.4.2

No release notes provided.

3.4.1

No release notes provided.

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from pillow's changelog.

6.2.0 (2019-10-01)

  • Catch buffer overruns #4104 [radarhere]

  • Initialize rows_per_strip when RowsPerStrip tag is missing #4034 [cgohlke, radarhere]

  • Raise error if TIFF dimension is a string #4103 [radarhere]

  • Added decompression bomb checks #4102 [radarhere]

  • Fix ImageGrab.grab DPI scaling on Windows 10 version 1607+ #4000 [nulano, radarhere]

  • Corrected negative seeks #4101 [radarhere]

  • Added argument to capture all screens on Windows #3950 [nulano, radarhere]

  • Updated warning to specify when Image.frombuffer defaults will change #4086 [radarhere]

  • Changed WindowsViewer format to PNG #4080 [radarhere]

  • Use TIFF orientation #4063 [radarhere]

  • Raise the same error if a truncated image is loaded a second time #3965 [radarhere]

  • Lazily use ImageFileDirectory_v1 values from Exif #4031 [radarhere]

  • Improved HSV conversion #4004 [radarhere]

  • Added text stroking #3978 [radarhere, hugovk]

  • No more deprecated bdist_wininst .exe installers #4029 [hugovk]

  • Do not allow floodfill to extend into negative coordinates #4017 [radarhere] </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

create barnchsingh-arulraj/CarND-Capstone-proj

branch : dependabot/pip/pillow-6.2.0

created branch time in 3 minutes

PR opened singh-arulraj/CarND-Capstone-proj

Bump tensorflow from 1.3.0 to 1.12.2

Bumps tensorflow from 1.3.0 to 1.12.2. <details> <summary>Release notes</summary>

Sourced from tensorflow's releases.

TensorFlow 1.12.2

Release 1.12.2

Bug Fixes and Other Changes

  • Fixes a potential security vulnerability where carefully crafted GIF images can produce a null pointer dereference during decoding

TensorFlow 1.12.0

Release 1.12.0

Major Features and Improvements

  • Keras models can now be directly exported to the SavedModel format(tf.contrib.saved_model.save_keras_model()) and used with Tensorflow Serving.
  • Keras models now support evaluating with a tf.data.Dataset.
  • TensorFlow binaries are built with XLA support linked in by default.
  • Ignite Dataset added to contrib/ignite that allows to work with Apache Ignite.

Bug Fixes and Other Changes

  • tf.data:
    • tf.data users can now represent, get, and set options of TensorFlow input pipelines using tf.data.Options(), tf.data.Dataset.options(), and tf.data.Dataset.with_options() respectively.
    • New tf.data.Dataset.reduce() API allows users to reduce a finite dataset to a single element using a user-provided reduce function.
    • New tf.data.Dataset.window() API allows users to create finite windows of input dataset; when combined with the tf.data.Dataset.reduce() API, this allows users to implement customized batching.
    • All C++ code moves to the tensorflow::data namespace.
    • Add support for num_parallel_calls to tf.data.Dataset.interleave.
  • tf.contrib:
    • Remove tf.contrib.linalg. tf.linalg should be used instead.
    • Replace any calls to tf.contrib.get_signature_def_by_key(metagraph_def, signature_def_key) with meta_graph_def.signature_def[signature_def_key]. Catching a ValueError exception thrown by tf.contrib.get_signature_def_by_key should be replaced by catching a KeyError exception.
  • tf.contrib.data
    • Deprecate, and replace by tf.data.experimental.
  • Other:
    • Improved XLA stability and performance.
    • Fix single replica TensorBoard summary stats in Cloud ML Engine.
    • TPUEstimator: Initialize dataset iterators in parallel.
    • Keras on TPU model quality and bug fixes.
    • Instead of jemalloc, revert back to using system malloc since it simplifies build and has comparable performance.
    • Remove integer types from tf.nn.softplus and tf.nn.softsign OpDefs. This is a bugfix; these ops were never meant to support integers.
    • Allow subslicing Tensors with a single dimension.
    • Add option to calculate string length in Unicode characters
    • Add functionality to SubSlice a tensor.
    • Add searchsorted (ie lower/upper_bound) op.
    • Add model explainability to Boosted Trees.
    • Support negative positions for tf.substr
    • There was previously a bug in the bijector_impl where the _reduce_jacobian_det_over_event does not handle scalar ILDJ implementations properly.
    • In tf eager execution, allow re-entering a GradientTape context
    • Add tf_api_version flag. If --define=tf_api_version=2 flag is passed in, then bazel will build TensorFlow API version 2.0. Note that TensorFlow 2.0 is under active development and has no guarantees at this point.
    • Add additional compression options to TfRecordWriter
    • Performance improvements for regex full match operations.
    • Replace tf.GraphKeys.VARIABLES with tf.GraphKeys.GLOBAL_VARIABLES
    • Remove unused dynamic learning rate support.

Thanks to our Contributors

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from tensorflow's changelog.

Release 1.12.2

Bug Fixes and Other Changes

  • Fixes a potential security vulnerability where carefully crafted GIF images can produce a null pointer dereference during decoding.

Release 1.13.0

Major Features and Improvements

  • TensorFlow Lite has moved from contrib to core. This means that Python modules are under tf.lite and source code is now under tensorflow/lite rather than tensorflow/contrib/lite.
  • TensorFlow GPU binaries are now built against CUDA 10 and TensorRT 5.0.
  • Support for Python3.7 on all operating systems.
  • Moved NCCL to core.

Behavioral changes

  • Disallow conversion of python floating types to uint32/64 (matching behavior of other integer types) in tf.constant.
  • Make the gain argument of convolutional orthogonal initializers (convolutional_delta_orthogonal, convolutional_orthogonal_1D, convolutional_orthogonal_2D, convolutional_orthogonal_3D) have consistent behavior with the tf.initializers.orthogonal initializer, i.e. scale the output l2-norm by gain and NOT by sqrt(gain). (Note that these functions are currently in tf.contrib which is not guaranteed backward compatible).

Bug Fixes and Other Changes

  • Documentation
    • Update the doc with the details about the rounding mode used in quantize_and_dequantize_v2.
    • Clarify that tensorflow::port::InitMain() should be called before using the TensorFlow library. Programs failing to do this are not portable to all platforms.
  • Deprecations and Symbol renames.
    • Removing deprecations for the following endpoints: tf.acos, tf.acosh, tf.add, tf.as_string, tf.asin, tf.asinh, tf.atan, tf.atan2, tf.atanh, tf.cos, tf.cosh, tf.equal, tf.exp, tf.floor, tf.greater, tf.greater_equal, tf.less, tf.less_equal, tf.log, tf.logp1, tf.logical_and, tf.logical_not, tf.logical_or, tf.maximum, tf.minimum, tf.not_equal, tf.sin, tf.sinh, tf.tan
    • Deprecate tf.data.Dataset.shard.
    • Deprecate saved_model.loader.load which is replaced by saved_model.load and saved_model.main_op, which will be replaced by saved_model.main_op in V2.
    • Deprecate tf.QUANTIZED_DTYPES. The official new symbol is tf.dtypes.QUANTIZED_DTYPES.
    • Update sklearn imports for deprecated packages.
    • Deprecate Variable.count_up_to and tf.count_up_to in favor of Dataset.range.
    • Export confusion_matrix op as tf.math.confusion_matrix instead of tf.train.confusion_matrix.
    • Add tf.dtypes. endpoint for every constant in dtypes.py. Moving endpoints in versions.py to corresponding endpoints in tf.sysconfig. </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 6b63465 Merge pull request #27959 from tensorflow/update-release-notes-version
  • e967833 Update header on release notes
  • cf74798 Merge pull request #27958 from tensorflow/update-release-version
  • 7fba173 Update version to 1.12.2
  • 332f080 Merge pull request #27878 from tensorflow/windows-cpu
  • c9fcc49 Fix windows build for CPU too
  • 416b4a3 Merge pull request #27873 from tensorflow/more-bazel-incompatible-flags
  • 3ebe165 Add --incompatible_disable_cc_toolchain_label_from_crosstool_proto=false flag
  • 5ab9466 Reformat bazel invocation lines
  • 446d393 Merge pull request #27870 from tensorflow/bazel-http-archive
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

PR opened singh-arulraj/CarND-Capstone-proj

Bump flask from 0.11.1 to 1.0

Bumps flask from 0.11.1 to 1.0. <details> <summary>Release notes</summary>

Sourced from flask's releases.

1.0

The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/

There are over a year's worth of changes in this release. Many features have been improved or changed. Read the changelog to understand how your project's code will be affected.

JSON Security Fix

Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.

Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.

Install or Upgrade

Install from PyPI with pip:

pip install -U Flask

0.12.4

This is a repackage of 0.12.3 to fix an issue with how the package was built.

Upgrade

Upgrade from PyPI with pip. Use a version identifier if you want to stay at 0.12:

pip install -U 'Flask~=0.12.4'

0.12.3

This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the 1.0 announcement and update to it instead if possible.

JSON Security Fix

Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.

Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.

Upgrade

Upgrade from PyPI with pip. Use a version identifier if you want to stay at 0.12:

pip install -U 'Flask~=0.12.3'

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from flask's changelog.

Version 1.0

Released 2018-04-26

  • Python 2.6 and 3.3 are no longer supported.
  • Bump minimum dependency versions to the latest stable versions: Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. :issue:2586
  • Skip :meth:app.run <Flask.run> when a Flask application is run from the command line. This avoids some behavior that was confusing to debug.
  • Change the default for :data:JSONIFY_PRETTYPRINT_REGULAR to False. :func:~json.jsonify returns a compact format by default, and an indented format in debug mode. :pr:2193
  • :meth:Flask.__init__ <Flask> accepts the host_matching argument and sets it on :attr:~Flask.url_map. :issue:1559
  • :meth:Flask.__init__ <Flask> accepts the static_host argument and passes it as the host argument when defining the static route. :issue:1559
  • :func:send_file supports Unicode in attachment_filename. :pr:2223
  • Pass _scheme argument from :func:url_for to :meth:~Flask.handle_url_build_error. :pr:2017
  • :meth:~Flask.add_url_rule accepts the provide_automatic_options argument to disable adding the OPTIONS method. :pr:1489
  • :class:~views.MethodView subclasses inherit method handlers from base classes. :pr:1936
  • Errors caused while opening the session at the beginning of the request are handled by the app's error handlers. :pr:2254
  • Blueprints gained :attr:~Blueprint.json_encoder and :attr:~Blueprint.json_decoder attributes to override the app's encoder and decoder. :pr:1898
  • :meth:Flask.make_response raises TypeError instead of ValueError for bad response types. The error messages have been improved to describe why the type is invalid. :pr:2256
  • Add routes CLI command to output routes registered on the application. :pr:2259
  • Show warning when session cookie domain is a bare hostname or an IP address, as these may not behave properly in some browsers, such as Chrome. :pr:2282
  • Allow IP address as exact session cookie domain. :pr:2282
  • SESSION_COOKIE_DOMAIN is set if it is detected through SERVER_NAME. :pr:2282
  • Auto-detect zero-argument app factory called create_app or make_app from FLASK_APP. :pr:2297
  • Factory functions are not required to take a script_info parameter to work with the flask command. If they take a single parameter or a parameter named script_info, the </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • 291f3c3 Bump version number to 1.0
  • 36e68a4 release 1.0
  • 216151c Merge branch '0.12-maintenance'
  • 23047a7 Bump version number to 0.12.4.dev
  • 1a9e58e Bump version number to 0.12.3
  • 63deee0 release 0.12.3
  • 062745b Merge pull request #2720 from pallets/setup-link
  • 5c8110d ensure order of project urls
  • 10a77a5 Add project_urls so that PyPI will show GitHub stats.
  • 22992a0 add donate link
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 3 minutes

create barnchsingh-arulraj/CarND-Capstone-proj

branch : dependabot/pip/flask-1.0

created branch time in 3 minutes

PR opened caillou/lean-hr

Bump lodash.template from 4.4.0 to 4.5.0 in /app

Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary>

  • ab73503 Bump to v4.5.0.
  • a4f7d4c Rebuild lodash and docs.
  • cca5ac6 Fix npm-test by removing the call to test-docs.
  • 9f7f9fc Adjust heading order. [ci skip]
  • 6e2fb92 Remove unused baseArity.
  • 4f702e2 Specify utf8 encoding.
  • b188f90 Add fp tests for iteratee shorthands.
  • 7b93dc9 Ensure clone methods clone expando properties of boolean, number, & string ob...
  • 664d66a Make string tests more consistent.
  • d9dc0e6 Add _.invertBy tests.
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+5 -5

0 comment

1 changed file

pr created time in 3 minutes

create barnchcaillou/lean-hr

branch : dependabot/npm_and_yarn/app/lodash.template-4.5.0

created branch time in 3 minutes

delete branch Uberech/Taskech

delete branch : dependabot/bundler/nokogiri-1.10.5

delete time in 3 minutes

PR closed Uberech/Taskech

Bump nokogiri from 1.6.7.2 to 1.10.5 dependencies

Bumps nokogiri from 1.6.7.2 to 1.10.5. <details> <summary>Release notes</summary>

Sourced from nokogiri's releases.

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2 / 2019-03-24

Security

  • [MRI] Remove support from vendored libxml2 for future script macros. #1871
  • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877

Bug fixes

  • [JRuby] Fix node ownership in duplicated documents. #1060
  • [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @​adjam!)

1.10.1 / 2019-01-13

Features

</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from nokogiri's changelog.

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2 / 2019-03-24

Security

  • [MRI] Remove support from vendored libxml2 for future script macros. #1871
  • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877

Bug fixes

  • [JRuby] Fix node ownership in duplicated documents. #1060
  • [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @​adjam!)

1.10.1 / 2019-01-13

Features

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 1bc2ff9 version bump to v1.10.5
  • 383c1f8 update CHANGELOG
  • 43a1753 dependency: update libxslt to 1.1.34 final
  • 99d8a6b dependency: update libxml to 2.9.10 final
  • 2a86496 add suppressions for ruby 2.7
  • dca794a update CHANGELOG with correct release date for v1.10.4
  • 077e010 update rake-compiler commands to install bundler
  • beb832e version bump to v1.10.4
  • 5d30128 Merge branch '1915-css-tokenizer-load-file-vulnerability_v1.10.x' into v1.10.x
  • c86b5fc update CHANGELOG
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+20 -17

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 minutes

pull request commentUberech/Taskech

Bump nokogiri from 1.6.7.2 to 1.10.5

Superseded by #9.

dependabot[bot]

comment created time in 3 minutes

delete branch Uberech/Taskech

delete branch : dependabot/bundler/loofah-2.3.1

delete time in 3 minutes

PR opened Uberech/Taskech

Bump nokogiri from 1.6.7.2 to 1.10.7

Bumps nokogiri from 1.6.7.2 to 1.10.7. <details> <summary>Release notes</summary>

Sourced from nokogiri's releases.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2 / 2019-03-24

Security

  • [MRI] Remove support from vendored libxml2 for future script macros. #1871
  • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877 </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from nokogiri's changelog.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

1.10.5 / 2019-10-31

Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

  • CVE-2019-13117
  • CVE-2019-13118
  • CVE-2019-18197

More details are available at #1943.

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is sparklemotion/nokogiri#1915

1.10.3 / 2019-04-22

Security Notes

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+19 -16

0 comment

1 changed file

pr created time in 3 minutes

create barnchUberech/Taskech

branch : dependabot/bundler/nokogiri-1.10.7

created branch time in 3 minutes

PR closed Uberech/Taskech

Bump loofah from 2.0.3 to 2.3.1 dependencies

Bumps loofah from 2.0.3 to 2.3.1. <details> <summary>Release notes</summary>

Sourced from loofah's releases.

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

Bug fixes

  • CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @​asok!)

Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

  • Deprecate Loofah::Helpers::ActionView.white_list_sanitizer, please use Loofah::Helpers::ActionView.safe_list_sanitizer instead.
  • Deprecate Loofah::Helpers::ActionView::WhiteListSanitizer, please use Loofah::Helpers::ActionView::SafeListSanitizer instead.
  • Deprecate Loofah::HTML5::WhiteList, please use Loofah::HTML5::SafeList instead.

Thanks to @​JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

v2.2.3

Notably, this release addresses CVE-2018-16468.

v2.2.2

2.2.2 / 2018-03-22

Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method. This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048.

v2.2.1

Notably, this release mitigates CVE-2018-8048. </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>

Sourced from loofah's changelog.

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

Bug fixes

  • CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @​asok!)

Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

  • Deprecate Loofah::Helpers::ActionView.white_list_sanitizer, please use Loofah::Helpers::ActionView.safe_list_sanitizer instead.
  • Deprecate Loofah::Helpers::ActionView::WhiteListSanitizer, please use Loofah::Helpers::ActionView::SafeListSanitizer instead.
  • Deprecate Loofah::HTML5::WhiteList, please use Loofah::HTML5::SafeList instead.

Thanks to @​JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

2.2.3 / 2018-10-30

Security

Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#154

Meta / 2018-10-27

The mailing list is now on Google Groups #146:

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -4

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 minutes

more