profile
viewpoint

PR closed muhammadtrad/job-listing

Bump mixin-deep from 1.3.1 to 1.3.2 dependencies

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9"><code>754f0c2</code></a> 1.3.2</li> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50"><code>90ee1fa</code></a> ensure keys are valid when mixing in values</li> <li>See full diff in <a href="https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~doowb">doowb</a>, a new releaser for mixin-deep since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+34 -15

1 comment

1 changed file

dependabot[bot]

pr closed time in a few seconds

PR closed muhammadtrad/job-listing

Bump acorn from 5.7.3 to 5.7.4 dependencies

Bumps acorn from 5.7.3 to 5.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/6370e90067552022710190319cbbbd8c43001957"><code>6370e90</code></a> Mark version 5.7.4</li> <li><a href="https://github.com/acornjs/acorn/commit/fbc15b1344f6dfb992f67b4bbf1357436247c8a0"><code>fbc15b1</code></a> More rigorously check surrogate pairs in regexp validator</li> <li>See full diff in <a href="https://github.com/acornjs/acorn/compare/5.7.3...5.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+34 -15

1 comment

1 changed file

dependabot[bot]

pr closed time in a few seconds

pull request commentmuhammadtrad/job-listing

Bump mixin-deep from 1.3.1 to 1.3.2

Looks like mixin-deep is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in a few seconds

pull request commentmuhammadtrad/job-listing

Bump acorn from 5.7.3 to 5.7.4

Looks like acorn is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in a few seconds

PR opened lookskystar/taotao

Bump jackson-databind from 2.4.2 to 2.9.10.3 in /taotao-parent

Bumps jackson-databind from 2.4.2 to 2.9.10.3. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/FasterXML/jackson/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a few seconds

PR opened lookskystar/taotao

Bump commons-fileupload from 1.3.1 to 1.3.3 in /taotao-parent

Bumps commons-fileupload from 1.3.1 to 1.3.3.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a few seconds

PR opened lookskystar/taotao

Bump httpclient from 4.3.5 to 4.3.6 in /taotao-parent

Bumps httpclient from 4.3.5 to 4.3.6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a few seconds

PR opened intuitiva/www-zauru

Bump acorn from 3.3.0 to 5.7.4

Bumps acorn from 3.3.0 to 5.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/6370e90067552022710190319cbbbd8c43001957"><code>6370e90</code></a> Mark version 5.7.4</li> <li><a href="https://github.com/acornjs/acorn/commit/fbc15b1344f6dfb992f67b4bbf1357436247c8a0"><code>fbc15b1</code></a> More rigorously check surrogate pairs in regexp validator</li> <li><a href="https://github.com/acornjs/acorn/commit/910e62bbda199ce7acc5de10d374afa0f6fcf7d6"><code>910e62b</code></a> Mark version 5.7.3</li> <li><a href="https://github.com/acornjs/acorn/commit/3442a80d2cdfa672ae2b6ccd6c2bd5c167914db4"><code>3442a80</code></a> Make generate-identifier-regex capable of rewriting src/identifier.js</li> <li><a href="https://github.com/acornjs/acorn/commit/22b22f36330d41a20225f26aab314d3e9d5452bd"><code>22b22f3</code></a> Raise specific errors for unterminated template literals</li> <li><a href="https://github.com/acornjs/acorn/commit/1461c7c5778933514126216fb3ec22d8dfc57feb"><code>1461c7c</code></a> Fix a lint error</li> <li><a href="https://github.com/acornjs/acorn/commit/0c12f63f171d8a6c8b354de54a7ff4a8d5fa486e"><code>0c12f63</code></a> Fix tokenizing of regexps after .of</li> <li><a href="https://github.com/acornjs/acorn/commit/832c3081da0df0a586cfc3ea96040f64252088b7"><code>832c308</code></a> Fix 404 url</li> <li><a href="https://github.com/acornjs/acorn/commit/95ca55c7863fafd8bf6d446a0098325388ff9f1c"><code>95ca55c</code></a> Mark version 5.7.2</li> <li><a href="https://github.com/acornjs/acorn/commit/bba80abc23ed67337a6502b8b0f22675c4b22303"><code>bba80ab</code></a> Remove another fixed test from the 262 whitelist</li> <li>Additional commits viewable in <a href="https://github.com/acornjs/acorn/compare/3.3.0...5.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+7265 -3924

0 comment

1 changed file

pr created time in a few seconds

create barnchintuitiva/www-zauru

branch : dependabot/npm_and_yarn/acorn-5.7.4

created branch time in a few seconds

PR opened ChumaniBroll/TestingAPI-

Bump bootstrap from 3.3.7 to 3.4.1

Bumps bootstrap from 3.3.7 to 3.4.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a few seconds

create barnchChumaniBroll/TestingAPI-

branch : dependabot/nuget/bootstrap-3.4.1

created branch time in a few seconds

PR opened juksy/about-page

Bump lodash from 4.17.11 to 4.17.13

Bumps lodash from 4.17.11 to 4.17.13. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/e37182845f16715a0d1c391c8662d83c55609cee"><code>e371828</code></a> Bump to v4.17.13.</li> <li><a href="https://github.com/lodash/lodash/commit/357e899e685872b4af5403ecc4b2a928f961ae63"><code>357e899</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/fd9a062d57646450b61f74029315abd4cc834b08"><code>fd9a062</code></a> Bump to v4.17.12.</li> <li><a href="https://github.com/lodash/lodash/commit/e77d68121ff00ba86b53eed5893d35adfe94c9dd"><code>e77d681</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/629d1865793182cd967196716f4beff223aa4a91"><code>629d186</code></a> Update OpenJS references.</li> <li><a href="https://github.com/lodash/lodash/commit/2406eac542b2a1282be8d812a6d8a45433ade80a"><code>2406eac</code></a> Fix minified build.</li> <li><a href="https://github.com/lodash/lodash/commit/17a34bc5854bb982ef333bfe7ae469f4dfcee0ec"><code>17a34bc</code></a> Fix test bootstrap for core build.</li> <li><a href="https://github.com/lodash/lodash/commit/53838a38f8e4f6204ef2f837fecc4e07d09afe77"><code>53838a3</code></a> Fix tests in older browsers.</li> <li><a href="https://github.com/lodash/lodash/commit/29e258497b5ff45494a85cfa58743517aaeeff52"><code>29e2584</code></a> Fix style:test lint nits.</li> <li><a href="https://github.com/lodash/lodash/commit/8f4d3eb018884d96eb57fba3f724bfff494df724"><code>8f4d3eb</code></a> Update deps.</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.11...4.17.13">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+115 -48

0 comment

2 changed files

pr created time in a few seconds

create barnchjuksy/about-page

branch : dependabot/npm_and_yarn/lodash-4.17.13

created branch time in a few seconds

delete branch b97tsk/reactive-tree

delete branch : dependabot/npm_and_yarn/acorn-7.1.1

delete time in a few seconds

PR closed b97tsk/reactive-tree

Bump acorn from 7.1.0 to 7.1.1 dependencies

Bumps acorn from 7.1.0 to 7.1.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/6d194895783b03b2a37441f01857c34302eab4c8"><code>6d19489</code></a> Mark release 7.1.1</li> <li><a href="https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802"><code>793c0e5</code></a> More rigorously check surrogate pairs in regexp validator</li> <li><a href="https://github.com/acornjs/acorn/commit/b5c17877ac0511e31579ea31e7650ba1a5871e51"><code>b5c1787</code></a> Fix incorrect comment in regexp parser</li> <li><a href="https://github.com/acornjs/acorn/commit/12ae8fed7ebc5b7c894c5976575f33cf36a223cc"><code>12ae8fe</code></a> Parameterize dummy value and export <code>isDummy</code></li> <li><a href="https://github.com/acornjs/acorn/commit/fa3ad8cef0f39f5ae0cbd8be0bf65eb0a782133e"><code>fa3ad8c</code></a> Further refine acorn-walk types</li> <li><a href="https://github.com/acornjs/acorn/commit/1d5028637852c2834091739646e25dd6558ee7a8"><code>1d50286</code></a> Fix some errors in walk types</li> <li><a href="https://github.com/acornjs/acorn/commit/97801f0b5835bc93739666b3494c9b49aeb5fc1d"><code>97801f0</code></a> Mark acorn-walk 7.1.1</li> <li><a href="https://github.com/acornjs/acorn/commit/e9372c151f63fe254c7f5e7ffd7a820e34422208"><code>e9372c1</code></a> Further clean up walker types</li> <li><a href="https://github.com/acornjs/acorn/commit/de6edeb654cf665e732d822d95c97e2d2fc879bc"><code>de6edeb</code></a> Remove NarrowNode from walk.d.ts</li> <li><a href="https://github.com/acornjs/acorn/commit/1d85e7ce982a979bb5411cd00fd9156eecf952a5"><code>1d85e7c</code></a> Fix: acorn-walk type work with acorn's</li> <li>Additional commits viewable in <a href="https://github.com/acornjs/acorn/compare/7.1.0...7.1.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in a few seconds

pull request commentb97tsk/reactive-tree

Bump acorn from 7.1.0 to 7.1.1

Looks like acorn is up-to-date now, so this is no longer needed.

dependabot[bot]

comment created time in a few seconds

delete branch marcelsawicki/Practice

delete branch : dependabot/npm_and_yarn/Frontend/Angular/Heroes/angular-tour-of-heroes/tar-2.2.2

delete time in a few seconds

PR opened AlexSenn422/react-redux

Bump lodash-es from 4.17.10 to 4.17.15

Bumps lodash-es from 4.17.10 to 4.17.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/ddfd9b11a0126db2302cb70ec9973b66baec0975"><code>ddfd9b1</code></a> Bump to v4.17.15.</li> <li><a href="https://github.com/lodash/lodash/commit/b185fcee26b2133bd071f4aaca14b455c2ed1008"><code>b185fce</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/be87d303941222b97c482755afc0f4a77ce46c30"><code>be87d30</code></a> Bump to v4.17.14.</li> <li><a href="https://github.com/lodash/lodash/commit/a6fe6b1e174fd02b5e60eb2664405f4c1262c300"><code>a6fe6b1</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/e37182845f16715a0d1c391c8662d83c55609cee"><code>e371828</code></a> Bump to v4.17.13.</li> <li><a href="https://github.com/lodash/lodash/commit/357e899e685872b4af5403ecc4b2a928f961ae63"><code>357e899</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/fd9a062d57646450b61f74029315abd4cc834b08"><code>fd9a062</code></a> Bump to v4.17.12.</li> <li><a href="https://github.com/lodash/lodash/commit/e77d68121ff00ba86b53eed5893d35adfe94c9dd"><code>e77d681</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/629d1865793182cd967196716f4beff223aa4a91"><code>629d186</code></a> Update OpenJS references.</li> <li><a href="https://github.com/lodash/lodash/commit/2406eac542b2a1282be8d812a6d8a45433ade80a"><code>2406eac</code></a> Fix minified build.</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.10...4.17.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+2 -2

0 comment

1 changed file

pr created time in a few seconds

create barnchAlexSenn422/react-redux

branch : dependabot/npm_and_yarn/lodash-es-4.17.15

created branch time in a few seconds

PR opened AlexSenn422/react-redux

Bump handlebars from 4.0.11 to 4.7.6

Bumps handlebars from 4.0.11 to 4.7.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wycats/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson">@dougwilson</a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo">@aorinevo</a>, <a href="https://api.github.com/users/AviVahl">@AviVahl</a> & <a href="https://api.github.com/users/fabb">@fabb</a>)</li> </ul> <p>Compatibility notes:</p> <ul> <li>No incompatibilities are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.3...v4.7.4">Commits</a></p> <h2>v4.7.3 - February 5th, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1644">#1644</a> - Download links to aws broken on handlebarsjs.com - access denied (<a href="https://api.github.com/users/Tea56">@Tea56</a>)</li> <li>Fix spelling and punctuation in changelog - d78cc73</li> </ul> <p>Bugfixes:</p> <ul> <li>Add Type Definition for Handlebars.VERSION, Fixes <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1647">#1647</a> - 4de51fe</li> <li>Include Type Definition for runtime.js in Package - a32d05f</li> </ul> <p>Compatibility notes:</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wycats/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/wycats/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/b64202bc9197307bd785a58693e3820eb9bb41a8"><code>b64202b</code></a> Update release-notes.md</li> <li><a href="https://github.com/wycats/handlebars.js/commit/c2f1e6203178918569f085e12afdb762cae17fb0"><code>c2f1e62</code></a> Switch cmd parser to latest minimist</li> <li><a href="https://github.com/wycats/handlebars.js/commit/08e9a11a34c3ad8387a0b85b1334f97cab85191a"><code>08e9a11</code></a> Revert "chore: set Node.js compatibility to v6+"</li> <li><a href="https://github.com/wycats/handlebars.js/commit/1fd2edee2a12fb228061fcde807905c6b14339c4"><code>1fd2ede</code></a> v4.7.5</li> <li><a href="https://github.com/wycats/handlebars.js/commit/3c9c2f5cf29cf10f54d5fe4daca6b24b65f0adcf"><code>3c9c2f5</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/16487a088e13f4d52c6fd6610b9ec71c4a51be8a"><code>16487a0</code></a> chore: downgrade yargs to v14</li> <li><a href="https://github.com/wycats/handlebars.js/commit/309d2b49a11628d2a8f052c5587e7459968cd705"><code>309d2b4</code></a> chore: set Node.js compatibility to v6+</li> <li><a href="https://github.com/wycats/handlebars.js/commit/645ac73844918668f9a2f41e49b7cb18ce5abf36"><code>645ac73</code></a> test: fix integration tests</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.0.11...v4.7.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~erisds">erisds</a>, a new releaser for handlebars since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+27 -40

0 comment

1 changed file

pr created time in a few seconds

create barnchAlexSenn422/react-redux

branch : dependabot/npm_and_yarn/handlebars-4.7.6

created branch time in a few seconds

PR opened AlexSenn422/react-redux

Bump lodash.template from 4.4.0 to 4.5.0

Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/ab73503859a2d2f7f603bc8a293ce93ecc071e83"><code>ab73503</code></a> Bump to v4.5.0.</li> <li><a href="https://github.com/lodash/lodash/commit/a4f7d4cc2a3b6d3a43f6c27beadbf90410eecdcd"><code>a4f7d4c</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/cca5ac60d61a2f786eeafadb674d6e12fc6179c8"><code>cca5ac6</code></a> Fix npm-test by removing the call to test-docs.</li> <li><a href="https://github.com/lodash/lodash/commit/9f7f9fc3c5f1a4db9a2134950872440c792ee8bb"><code>9f7f9fc</code></a> Adjust heading order. [ci skip]</li> <li><a href="https://github.com/lodash/lodash/commit/6e2fb92e9a2fd29ef630f71bd571afcdf0f2e206"><code>6e2fb92</code></a> Remove unused <code>baseArity</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/4f702e238183444ff392c3c7be5b48f1a7271519"><code>4f702e2</code></a> Specify utf8 encoding.</li> <li><a href="https://github.com/lodash/lodash/commit/b188f903ce41e624d6169f47a0c9e5091c178160"><code>b188f90</code></a> Add fp tests for iteratee shorthands.</li> <li><a href="https://github.com/lodash/lodash/commit/7b93dc9c3253c342a45881392d2308374a8909b3"><code>7b93dc9</code></a> Ensure clone methods clone expando properties of boolean, number, & string ob...</li> <li><a href="https://github.com/lodash/lodash/commit/664d66a89ec553438d5560239eba24d30867e580"><code>664d66a</code></a> Make string tests more consistent.</li> <li><a href="https://github.com/lodash/lodash/commit/d9dc0e6fd13c030029964b5ba468e0df3e2de3b2"><code>d9dc0e6</code></a> Add <code>_.invertBy</code> tests.</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.4.0...4.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+7 -7

0 comment

1 changed file

pr created time in a few seconds

create barnchAlexSenn422/react-redux

branch : dependabot/npm_and_yarn/lodash.template-4.5.0

created branch time in a few seconds

pull request commentmarcelsawicki/Practice

Bump tar from 2.2.1 to 2.2.2 in /Frontend/Angular/Heroes/angular-tour-of-heroes

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a few seconds

PR opened AlexSenn422/react-redux

Bump mixin-deep from 1.3.1 to 1.3.2

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9"><code>754f0c2</code></a> 1.3.2</li> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50"><code>90ee1fa</code></a> ensure keys are valid when mixing in values</li> <li>See full diff in <a href="https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~doowb">doowb</a>, a new releaser for mixin-deep since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+2 -2

0 comment

1 changed file

pr created time in a minute

create barnchAlexSenn422/react-redux

branch : dependabot/npm_and_yarn/mixin-deep-1.3.2

created branch time in a minute

PR opened intuitiva/www-zauru

Bump underscore.string from 3.3.4 to 3.3.5

Bumps underscore.string from 3.3.4 to 3.3.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/esamattis/underscore.string/blob/master/CHANGELOG.markdown">underscore.string's changelog</a>.</em></p> <blockquote> <h3>3.3.5</h3> <ul> <li>Security fix</li> <li><a href="https://github.com/epeli/underscore.string/compare/3.2.4...3.2.5">Full changelog</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/esamattis/underscore.string/commit/87ddc29fab2df47a1bf09c048d2e0ba468159d2f"><code>87ddc29</code></a> Release 3.3.5</li> <li><a href="https://github.com/esamattis/underscore.string/commit/fde7ed699c26d294ed466624f9d843240cd14e94"><code>fde7ed6</code></a> Add 3.3.5 changelog</li> <li><a href="https://github.com/esamattis/underscore.string/commit/f486cd684c94c12db48b45d52b1472a1b9661029"><code>f486cd6</code></a> Try to fix regexp redos</li> <li>See full diff in <a href="https://github.com/epeli/underscore.string/compare/3.3.4...3.3.5">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~esamatti">esamatti</a>, a new releaser for underscore.string since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+7269 -3928

0 comment

1 changed file

pr created time in a minute

PR opened intuitiva/www-zauru

Bump fstream from 1.0.11 to 1.0.12

Bumps fstream from 1.0.11 to 1.0.12. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/fstream/commit/42354590e23bb514eb5c869eea64406be2947c6c"><code>4235459</code></a> 1.0.12</li> <li><a href="https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22"><code>6a77d2f</code></a> Clobber a Link if it's in the way of a File</li> <li>See full diff in <a href="https://github.com/npm/fstream/compare/v1.0.11...v1.0.12">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+7269 -3938

0 comment

1 changed file

pr created time in a minute

create barnchintuitiva/www-zauru

branch : dependabot/npm_and_yarn/fstream-1.0.12

created branch time in a minute

PR opened JavaTeamt/beifen2

Bump jackson-databind from 2.9.6 to 2.9.10.3

Bumps jackson-databind from 2.9.6 to 2.9.10.3. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/FasterXML/jackson/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

delete branch marcelsawicki/Practice

delete branch : dependabot/npm_and_yarn/Frontend/Angular/Heroes/angular-tour-of-heroes/handlebars-4.5.3

delete time in a minute

pull request commentmarcelsawicki/Practice

Bump handlebars from 4.0.12 to 4.5.3 in /Frontend/Angular/Heroes/angular-tour-of-heroes

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump spring-security-oauth2 from 2.0.5-SNAPSHOT to 2.0.18.RELEASE in /spring-source-analysis-parent/spring-source-analysis-security-oauth2

Bumps spring-security-oauth2 from 2.0.5-SNAPSHOT to 2.0.18.RELEASE. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/SpringSource/spring-security-oauth/commits/2.0.18.RELEASE">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump bcprov-jdk14 from 1.38 to 1.64 in /spring-framework-parent/spring-context-support

Bumps bcprov-jdk14 from 1.38 to 1.64. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html">bcprov-jdk14's changelog</a>.</em></p> <blockquote> <html> <head> <title>Bouncy Castle Crypto Package - Release Notes</title> </head> <body bgcolor="#ffffff" text="#000000#"> <center> <h1>Bouncy Castle Crypto Package - Release Notes</h1> <font size=1> <pre> </pre> </font> </center> <h2>1.0 Introduction</h2> <p> The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the J2ME) with the additional infrastructure to conform the algorithms to the JCE framework. </p> <h2>2.0 Release History</h2> <h3>2.1.1 Version</h3> Release: 1.66<br/> Date:      2020, TBD. <h3>2.1.2 Defects Fixed</h3> <ul> <li>EdDSA verifiers now reset correctly after rejecting overly long signatures.</li> <li>BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. This has been fixed.</li> <li>qTESLA-I verifier would reject some valid signatures. This has been fixed.</li> <li>qTESLA verifiers now reject overly long signatures.</li> <li>PGP regression caused failure to preserve existing version header when headers were reset. This has now been fixed.</li> <li>PKIXNameConstraintValidator had a bad cast preventing use of multiple OtherName constraints. This has been fixed.</li> <li>Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. This has been fixed.</li> </ul> <h3>2.1.3 Additional Features and Functionality</h3> <ul> <li>The qTESLA signature algorithm has been updated to v2.8 (20191108).</li> <li>BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.</li> </ul> <h3>2.1.4 Notes</h3> <p> The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions. </p> <h3>2.2.1 Version</h3> Release: 1.65<br/> Date:      2020, March 31st. </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE in /spring-framework-parent/spring-webmvc

Bumps spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">spring-core's releases</a>.</em></p> <blockquote> <h2>4.1.7 Release</h2> <h2>:star: New Features</h2> <ul> <li>Avoid reflection for creating StandardServletAsyncWebRequest [SPR-13112] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17703">#17703</a></li> <li>Provide means to opt out of default annotation based transaction management by bean [SPR-13109] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17700">#17700</a></li> <li>Make PropertyMatches public [SPR-13054] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17646">#17646</a></li> <li><a href="mvc:resources">mvc:resources</a> does not handles directories well [SPR-12999] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17591">#17591</a></li> <li>Same Origin check in both AbstractSockJSService and OriginHandshakeInterceptor is not working with Tyrus client [SPR-12956] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17548">#17548</a></li> <li>MethodJmsListenerEndpoint does not set the DestinationResolver on the MessagingMessageListenerAdapter [SPR-12927] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17520">#17520</a></li> <li>Use higher log level in InvocableHandlerMethod.getMethodArgumentValues() [SPR-12925] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17518">#17518</a></li> <li>Spring logs FactoryBean type check warning in case of factory method with arguments [SPR-12900] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17499">#17499</a></li> <li>AnnotatedElementUtils should leniently ignore TypeNotPresentExceptions (just like AnnotationUtils) [SPR-12889] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17487">#17487</a></li> <li>Support package private annotations with AnnotationUtils [SPR-12858] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17456">#17456</a></li> <li><code>@Aspect</code> aspect not correctly applied to Java 8 lambda-defined <code>@Beans</code> [SPR-11807] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/16427">#16427</a></li> </ul> <h2>:beetle: Bug Fixes</h2> <ul> <li>YAML Processor leaves StreamDecoder open [SPR-13173] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17765">#17765</a></li> <li>GzipResourceResolver has NullPointerException when used with VersionResourceResolver [SPR-13149] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17740">#17740</a></li> <li>AntPathMatcher throws StringIndexOutOfBoundsException [SPR-13139] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17730">#17730</a></li> <li>XML input vulnerability based on DTD declaration [SPR-13136] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17727">#17727</a></li> <li>ObjenesisCglibAopProxy's fallback mode triggers duplicate class definition error [SPR-13131] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17722">#17722</a></li> <li>FileNotFoundException when implementing a nested interface with groovy closure in a <code>@Component</code> [SPR-13115] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17706">#17706</a></li> <li>When use a <code>@args</code> as pointcut, there is case that occur a NPE at calling the unrelated method [SPR-13102] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17693">#17693</a></li> <li>Configuration class parsing may trigger NoClassDefFoundError for nested classes [SPR-13091] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17682">#17682</a></li> <li>H4 SpringSessionSynchronization#beforeCompletion leaves irreparably broken state if exception thrown in session.disconnect() [SPR-13089] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17680">#17680</a></li> <li>Wrong IllegalStateException for <code>@Cacheable</code> without a cache name [SPR-13081] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17672">#17672</a></li> <li>DefaultMockMvcBuilder combined with <code>@ContextHierarchy</code> registers wrong context as ROOT [SPR-13075] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17667">#17667</a></li> <li>ByteBuffer corrupted by ByteBufferConverter when passed through Spring [SPR-13056] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17648">#17648</a></li> <li>Remoting over JMS with receiveTimeout blocks service forever [SPR-13052] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17644">#17644</a></li> <li>NPE in PropertyOrFieldReference due to concurrency issue when caching SpelExpression objects [SPR-13023] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17614">#17614</a></li> <li>Validation of frame content in org.springframework.web.socket.sockjs.frame.SockJsFrame is a NoOp [SPR-13019] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17610">#17610</a></li> <li>StringIndexOutOfBoundsException in ResourceUrlEncodingFilter [SPR-13018] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17609">#17609</a></li> <li>NPE for alias resolved to null in SimpleAliasRegistry [SPR-13016] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17607">#17607</a></li> <li>Commons FileUpload failed after Spring framework upgrade [SPR-13014] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17605">#17605</a></li> <li>CustomBooleanEditor may run into NPE when configured with allowEmpty=false [SPR-13010] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17601">#17601</a></li> <li>ContentCachingResponseWrapper should NOT sendError() before write body [SPR-13004] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17596">#17596</a></li> <li>RequestMapping maps root-controller handler methods with double slashes [SPR-12975] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17566">#17566</a></li> <li>PatternMatchUtils infinite loop bug [SPR-12971] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17563">#17563</a></li> <li>Regression: DLL handled as classpath resource [SPR-12928] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17521">#17521</a></li> <li>ResponseEntity's #equals fails symmetric property. [SPR-12910] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17509">#17509</a></li> <li>Async Execution Aspect compiler error when using ListenableFuture [SPR-12895] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17494">#17494</a></li> <li>CachingResourceResolver + GzipResourceResolver caches different results depending on what is requested first [SPR-12892] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17491">#17491</a></li> <li>Regression in handling of String passed as Types.OTHER to JdbcTemplate [SPR-12890] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17488">#17488</a></li> <li>client-library-url in sockjs config is not working [SPR-12874] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17472">#17472</a></li> <li>CronSequenceGenerator constructor goes into infinite loop with invalid increments [SPR-12871] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17469">#17469</a></li> <li>Incorrect value in InvalidPropertyException message from BeanWrapperImpl.setPropertyValue [SPR-12866] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17464">#17464</a></li> <li>Netty4ClientHttpRequest ignores query parameters [SPR-12779] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17377">#17377</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/spring-projects/spring-framework/commits/v4.3.19.RELEASE">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE in /spring-source-analysis-parent/spring-source-analysis-springmvc

Bumps spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">spring-core's releases</a>.</em></p> <blockquote> <h2>4.1.7 Release</h2> <h2>:star: New Features</h2> <ul> <li>Avoid reflection for creating StandardServletAsyncWebRequest [SPR-13112] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17703">#17703</a></li> <li>Provide means to opt out of default annotation based transaction management by bean [SPR-13109] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17700">#17700</a></li> <li>Make PropertyMatches public [SPR-13054] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17646">#17646</a></li> <li><a href="mvc:resources">mvc:resources</a> does not handles directories well [SPR-12999] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17591">#17591</a></li> <li>Same Origin check in both AbstractSockJSService and OriginHandshakeInterceptor is not working with Tyrus client [SPR-12956] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17548">#17548</a></li> <li>MethodJmsListenerEndpoint does not set the DestinationResolver on the MessagingMessageListenerAdapter [SPR-12927] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17520">#17520</a></li> <li>Use higher log level in InvocableHandlerMethod.getMethodArgumentValues() [SPR-12925] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17518">#17518</a></li> <li>Spring logs FactoryBean type check warning in case of factory method with arguments [SPR-12900] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17499">#17499</a></li> <li>AnnotatedElementUtils should leniently ignore TypeNotPresentExceptions (just like AnnotationUtils) [SPR-12889] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17487">#17487</a></li> <li>Support package private annotations with AnnotationUtils [SPR-12858] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17456">#17456</a></li> <li><code>@Aspect</code> aspect not correctly applied to Java 8 lambda-defined <code>@Beans</code> [SPR-11807] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/16427">#16427</a></li> </ul> <h2>:beetle: Bug Fixes</h2> <ul> <li>YAML Processor leaves StreamDecoder open [SPR-13173] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17765">#17765</a></li> <li>GzipResourceResolver has NullPointerException when used with VersionResourceResolver [SPR-13149] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17740">#17740</a></li> <li>AntPathMatcher throws StringIndexOutOfBoundsException [SPR-13139] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17730">#17730</a></li> <li>XML input vulnerability based on DTD declaration [SPR-13136] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17727">#17727</a></li> <li>ObjenesisCglibAopProxy's fallback mode triggers duplicate class definition error [SPR-13131] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17722">#17722</a></li> <li>FileNotFoundException when implementing a nested interface with groovy closure in a <code>@Component</code> [SPR-13115] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17706">#17706</a></li> <li>When use a <code>@args</code> as pointcut, there is case that occur a NPE at calling the unrelated method [SPR-13102] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17693">#17693</a></li> <li>Configuration class parsing may trigger NoClassDefFoundError for nested classes [SPR-13091] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17682">#17682</a></li> <li>H4 SpringSessionSynchronization#beforeCompletion leaves irreparably broken state if exception thrown in session.disconnect() [SPR-13089] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17680">#17680</a></li> <li>Wrong IllegalStateException for <code>@Cacheable</code> without a cache name [SPR-13081] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17672">#17672</a></li> <li>DefaultMockMvcBuilder combined with <code>@ContextHierarchy</code> registers wrong context as ROOT [SPR-13075] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17667">#17667</a></li> <li>ByteBuffer corrupted by ByteBufferConverter when passed through Spring [SPR-13056] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17648">#17648</a></li> <li>Remoting over JMS with receiveTimeout blocks service forever [SPR-13052] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17644">#17644</a></li> <li>NPE in PropertyOrFieldReference due to concurrency issue when caching SpelExpression objects [SPR-13023] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17614">#17614</a></li> <li>Validation of frame content in org.springframework.web.socket.sockjs.frame.SockJsFrame is a NoOp [SPR-13019] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17610">#17610</a></li> <li>StringIndexOutOfBoundsException in ResourceUrlEncodingFilter [SPR-13018] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17609">#17609</a></li> <li>NPE for alias resolved to null in SimpleAliasRegistry [SPR-13016] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17607">#17607</a></li> <li>Commons FileUpload failed after Spring framework upgrade [SPR-13014] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17605">#17605</a></li> <li>CustomBooleanEditor may run into NPE when configured with allowEmpty=false [SPR-13010] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17601">#17601</a></li> <li>ContentCachingResponseWrapper should NOT sendError() before write body [SPR-13004] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17596">#17596</a></li> <li>RequestMapping maps root-controller handler methods with double slashes [SPR-12975] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17566">#17566</a></li> <li>PatternMatchUtils infinite loop bug [SPR-12971] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17563">#17563</a></li> <li>Regression: DLL handled as classpath resource [SPR-12928] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17521">#17521</a></li> <li>ResponseEntity's #equals fails symmetric property. [SPR-12910] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17509">#17509</a></li> <li>Async Execution Aspect compiler error when using ListenableFuture [SPR-12895] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17494">#17494</a></li> <li>CachingResourceResolver + GzipResourceResolver caches different results depending on what is requested first [SPR-12892] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17491">#17491</a></li> <li>Regression in handling of String passed as Types.OTHER to JdbcTemplate [SPR-12890] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17488">#17488</a></li> <li>client-library-url in sockjs config is not working [SPR-12874] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17472">#17472</a></li> <li>CronSequenceGenerator constructor goes into infinite loop with invalid increments [SPR-12871] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17469">#17469</a></li> <li>Incorrect value in InvalidPropertyException message from BeanWrapperImpl.setPropertyValue [SPR-12866] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17464">#17464</a></li> <li>Netty4ClientHttpRequest ignores query parameters [SPR-12779] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17377">#17377</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/spring-projects/spring-framework/commits/v4.3.19.RELEASE">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE in /spring-framework-parent/spring-web

Bumps spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">spring-core's releases</a>.</em></p> <blockquote> <h2>4.1.7 Release</h2> <h2>:star: New Features</h2> <ul> <li>Avoid reflection for creating StandardServletAsyncWebRequest [SPR-13112] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17703">#17703</a></li> <li>Provide means to opt out of default annotation based transaction management by bean [SPR-13109] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17700">#17700</a></li> <li>Make PropertyMatches public [SPR-13054] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17646">#17646</a></li> <li><a href="mvc:resources">mvc:resources</a> does not handles directories well [SPR-12999] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17591">#17591</a></li> <li>Same Origin check in both AbstractSockJSService and OriginHandshakeInterceptor is not working with Tyrus client [SPR-12956] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17548">#17548</a></li> <li>MethodJmsListenerEndpoint does not set the DestinationResolver on the MessagingMessageListenerAdapter [SPR-12927] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17520">#17520</a></li> <li>Use higher log level in InvocableHandlerMethod.getMethodArgumentValues() [SPR-12925] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17518">#17518</a></li> <li>Spring logs FactoryBean type check warning in case of factory method with arguments [SPR-12900] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17499">#17499</a></li> <li>AnnotatedElementUtils should leniently ignore TypeNotPresentExceptions (just like AnnotationUtils) [SPR-12889] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17487">#17487</a></li> <li>Support package private annotations with AnnotationUtils [SPR-12858] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17456">#17456</a></li> <li><code>@Aspect</code> aspect not correctly applied to Java 8 lambda-defined <code>@Beans</code> [SPR-11807] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/16427">#16427</a></li> </ul> <h2>:beetle: Bug Fixes</h2> <ul> <li>YAML Processor leaves StreamDecoder open [SPR-13173] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17765">#17765</a></li> <li>GzipResourceResolver has NullPointerException when used with VersionResourceResolver [SPR-13149] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17740">#17740</a></li> <li>AntPathMatcher throws StringIndexOutOfBoundsException [SPR-13139] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17730">#17730</a></li> <li>XML input vulnerability based on DTD declaration [SPR-13136] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17727">#17727</a></li> <li>ObjenesisCglibAopProxy's fallback mode triggers duplicate class definition error [SPR-13131] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17722">#17722</a></li> <li>FileNotFoundException when implementing a nested interface with groovy closure in a <code>@Component</code> [SPR-13115] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17706">#17706</a></li> <li>When use a <code>@args</code> as pointcut, there is case that occur a NPE at calling the unrelated method [SPR-13102] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17693">#17693</a></li> <li>Configuration class parsing may trigger NoClassDefFoundError for nested classes [SPR-13091] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17682">#17682</a></li> <li>H4 SpringSessionSynchronization#beforeCompletion leaves irreparably broken state if exception thrown in session.disconnect() [SPR-13089] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17680">#17680</a></li> <li>Wrong IllegalStateException for <code>@Cacheable</code> without a cache name [SPR-13081] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17672">#17672</a></li> <li>DefaultMockMvcBuilder combined with <code>@ContextHierarchy</code> registers wrong context as ROOT [SPR-13075] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17667">#17667</a></li> <li>ByteBuffer corrupted by ByteBufferConverter when passed through Spring [SPR-13056] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17648">#17648</a></li> <li>Remoting over JMS with receiveTimeout blocks service forever [SPR-13052] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17644">#17644</a></li> <li>NPE in PropertyOrFieldReference due to concurrency issue when caching SpelExpression objects [SPR-13023] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17614">#17614</a></li> <li>Validation of frame content in org.springframework.web.socket.sockjs.frame.SockJsFrame is a NoOp [SPR-13019] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17610">#17610</a></li> <li>StringIndexOutOfBoundsException in ResourceUrlEncodingFilter [SPR-13018] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17609">#17609</a></li> <li>NPE for alias resolved to null in SimpleAliasRegistry [SPR-13016] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17607">#17607</a></li> <li>Commons FileUpload failed after Spring framework upgrade [SPR-13014] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17605">#17605</a></li> <li>CustomBooleanEditor may run into NPE when configured with allowEmpty=false [SPR-13010] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17601">#17601</a></li> <li>ContentCachingResponseWrapper should NOT sendError() before write body [SPR-13004] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17596">#17596</a></li> <li>RequestMapping maps root-controller handler methods with double slashes [SPR-12975] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17566">#17566</a></li> <li>PatternMatchUtils infinite loop bug [SPR-12971] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17563">#17563</a></li> <li>Regression: DLL handled as classpath resource [SPR-12928] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17521">#17521</a></li> <li>ResponseEntity's #equals fails symmetric property. [SPR-12910] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17509">#17509</a></li> <li>Async Execution Aspect compiler error when using ListenableFuture [SPR-12895] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17494">#17494</a></li> <li>CachingResourceResolver + GzipResourceResolver caches different results depending on what is requested first [SPR-12892] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17491">#17491</a></li> <li>Regression in handling of String passed as Types.OTHER to JdbcTemplate [SPR-12890] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17488">#17488</a></li> <li>client-library-url in sockjs config is not working [SPR-12874] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17472">#17472</a></li> <li>CronSequenceGenerator constructor goes into infinite loop with invalid increments [SPR-12871] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17469">#17469</a></li> <li>Incorrect value in InvalidPropertyException message from BeanWrapperImpl.setPropertyValue [SPR-12866] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17464">#17464</a></li> <li>Netty4ClientHttpRequest ignores query parameters [SPR-12779] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17377">#17377</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/spring-projects/spring-framework/commits/v4.3.19.RELEASE">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE in /spring-source-analysis-parent/spring-source-analysis-security-oauth2

Bumps spring-core from 3.2.12-SNAPSHOT to 4.3.19.RELEASE. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-framework/releases">spring-core's releases</a>.</em></p> <blockquote> <h2>4.1.7 Release</h2> <h2>:star: New Features</h2> <ul> <li>Avoid reflection for creating StandardServletAsyncWebRequest [SPR-13112] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17703">#17703</a></li> <li>Provide means to opt out of default annotation based transaction management by bean [SPR-13109] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17700">#17700</a></li> <li>Make PropertyMatches public [SPR-13054] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17646">#17646</a></li> <li><a href="mvc:resources">mvc:resources</a> does not handles directories well [SPR-12999] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17591">#17591</a></li> <li>Same Origin check in both AbstractSockJSService and OriginHandshakeInterceptor is not working with Tyrus client [SPR-12956] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17548">#17548</a></li> <li>MethodJmsListenerEndpoint does not set the DestinationResolver on the MessagingMessageListenerAdapter [SPR-12927] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17520">#17520</a></li> <li>Use higher log level in InvocableHandlerMethod.getMethodArgumentValues() [SPR-12925] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17518">#17518</a></li> <li>Spring logs FactoryBean type check warning in case of factory method with arguments [SPR-12900] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17499">#17499</a></li> <li>AnnotatedElementUtils should leniently ignore TypeNotPresentExceptions (just like AnnotationUtils) [SPR-12889] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17487">#17487</a></li> <li>Support package private annotations with AnnotationUtils [SPR-12858] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17456">#17456</a></li> <li><code>@Aspect</code> aspect not correctly applied to Java 8 lambda-defined <code>@Beans</code> [SPR-11807] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/16427">#16427</a></li> </ul> <h2>:beetle: Bug Fixes</h2> <ul> <li>YAML Processor leaves StreamDecoder open [SPR-13173] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17765">#17765</a></li> <li>GzipResourceResolver has NullPointerException when used with VersionResourceResolver [SPR-13149] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17740">#17740</a></li> <li>AntPathMatcher throws StringIndexOutOfBoundsException [SPR-13139] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17730">#17730</a></li> <li>XML input vulnerability based on DTD declaration [SPR-13136] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17727">#17727</a></li> <li>ObjenesisCglibAopProxy's fallback mode triggers duplicate class definition error [SPR-13131] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17722">#17722</a></li> <li>FileNotFoundException when implementing a nested interface with groovy closure in a <code>@Component</code> [SPR-13115] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17706">#17706</a></li> <li>When use a <code>@args</code> as pointcut, there is case that occur a NPE at calling the unrelated method [SPR-13102] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17693">#17693</a></li> <li>Configuration class parsing may trigger NoClassDefFoundError for nested classes [SPR-13091] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17682">#17682</a></li> <li>H4 SpringSessionSynchronization#beforeCompletion leaves irreparably broken state if exception thrown in session.disconnect() [SPR-13089] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17680">#17680</a></li> <li>Wrong IllegalStateException for <code>@Cacheable</code> without a cache name [SPR-13081] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17672">#17672</a></li> <li>DefaultMockMvcBuilder combined with <code>@ContextHierarchy</code> registers wrong context as ROOT [SPR-13075] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17667">#17667</a></li> <li>ByteBuffer corrupted by ByteBufferConverter when passed through Spring [SPR-13056] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17648">#17648</a></li> <li>Remoting over JMS with receiveTimeout blocks service forever [SPR-13052] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17644">#17644</a></li> <li>NPE in PropertyOrFieldReference due to concurrency issue when caching SpelExpression objects [SPR-13023] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17614">#17614</a></li> <li>Validation of frame content in org.springframework.web.socket.sockjs.frame.SockJsFrame is a NoOp [SPR-13019] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17610">#17610</a></li> <li>StringIndexOutOfBoundsException in ResourceUrlEncodingFilter [SPR-13018] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17609">#17609</a></li> <li>NPE for alias resolved to null in SimpleAliasRegistry [SPR-13016] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17607">#17607</a></li> <li>Commons FileUpload failed after Spring framework upgrade [SPR-13014] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17605">#17605</a></li> <li>CustomBooleanEditor may run into NPE when configured with allowEmpty=false [SPR-13010] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17601">#17601</a></li> <li>ContentCachingResponseWrapper should NOT sendError() before write body [SPR-13004] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17596">#17596</a></li> <li>RequestMapping maps root-controller handler methods with double slashes [SPR-12975] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17566">#17566</a></li> <li>PatternMatchUtils infinite loop bug [SPR-12971] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17563">#17563</a></li> <li>Regression: DLL handled as classpath resource [SPR-12928] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17521">#17521</a></li> <li>ResponseEntity's #equals fails symmetric property. [SPR-12910] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17509">#17509</a></li> <li>Async Execution Aspect compiler error when using ListenableFuture [SPR-12895] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17494">#17494</a></li> <li>CachingResourceResolver + GzipResourceResolver caches different results depending on what is requested first [SPR-12892] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17491">#17491</a></li> <li>Regression in handling of String passed as Types.OTHER to JdbcTemplate [SPR-12890] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17488">#17488</a></li> <li>client-library-url in sockjs config is not working [SPR-12874] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17472">#17472</a></li> <li>CronSequenceGenerator constructor goes into infinite loop with invalid increments [SPR-12871] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17469">#17469</a></li> <li>Incorrect value in InvalidPropertyException message from BeanWrapperImpl.setPropertyValue [SPR-12866] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17464">#17464</a></li> <li>Netty4ClientHttpRequest ignores query parameters [SPR-12779] <a href="https://github-redirect.dependabot.com/spring-projects/spring-framework/issues/17377">#17377</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/spring-projects/spring-framework/commits/v4.3.19.RELEASE">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump httpclient from 4.3.3 to 4.3.6 in /spring-source-analysis-parent/spring-source-analysis-security-oauth2

Bumps httpclient from 4.3.3 to 4.3.6.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

PR opened wulin-challenge/spring-framework-3.2.12

Bump bcprov-jdk14 from 1.38 to 1.64 in /spring-framework-parent/spring-webmvc

Bumps bcprov-jdk14 from 1.38 to 1.64. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bcgit/bc-java/blob/master/docs/releasenotes.html">bcprov-jdk14's changelog</a>.</em></p> <blockquote> <html> <head> <title>Bouncy Castle Crypto Package - Release Notes</title> </head> <body bgcolor="#ffffff" text="#000000#"> <center> <h1>Bouncy Castle Crypto Package - Release Notes</h1> <font size=1> <pre> </pre> </font> </center> <h2>1.0 Introduction</h2> <p> The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the J2ME) with the additional infrastructure to conform the algorithms to the JCE framework. </p> <h2>2.0 Release History</h2> <h3>2.1.1 Version</h3> Release: 1.66<br/> Date:      2020, TBD. <h3>2.1.2 Defects Fixed</h3> <ul> <li>EdDSA verifiers now reset correctly after rejecting overly long signatures.</li> <li>BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. This has been fixed.</li> <li>qTESLA-I verifier would reject some valid signatures. This has been fixed.</li> <li>qTESLA verifiers now reject overly long signatures.</li> <li>PGP regression caused failure to preserve existing version header when headers were reset. This has now been fixed.</li> <li>PKIXNameConstraintValidator had a bad cast preventing use of multiple OtherName constraints. This has been fixed.</li> <li>Serialisation of the non-CRT RSA Private Key could cause a NullPointerException. This has been fixed.</li> </ul> <h3>2.1.3 Additional Features and Functionality</h3> <ul> <li>The qTESLA signature algorithm has been updated to v2.8 (20191108).</li> <li>BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.</li> </ul> <h3>2.1.4 Notes</h3> <p> The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions. </p> <h3>2.2.1 Version</h3> Release: 1.65<br/> Date:      2020, March 31st. </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/bcgit/bc-java/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a minute

push eventAlexSenn422/react-next-website

dependabot[bot]

commit sha 137d34266084ab86fe38bb7d341269a2454fe390

Bump acorn from 6.1.1 to 6.4.1 Bumps [acorn](https://github.com/acornjs/acorn) from 6.1.1 to 6.4.1. - [Release notes](https://github.com/acornjs/acorn/releases) - [Commits](https://github.com/acornjs/acorn/compare/6.1.1...6.4.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in a minute

PR opened AlexSenn422/react-next-website

Bump acorn from 6.1.1 to 6.4.1

Bumps acorn from 6.1.1 to 6.4.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/9a2e9b6678e243d66846b91179d650d28453e70c"><code>9a2e9b6</code></a> Mark version 6.4.1</li> <li><a href="https://github.com/acornjs/acorn/commit/90a9548ea0ce351b54f956e2c4ed27cca9631284"><code>90a9548</code></a> More rigorously check surrogate pairs in regexp validator</li> <li><a href="https://github.com/acornjs/acorn/commit/df0cf1a3e2b1a51a26c14984dc0f5412b7151b10"><code>df0cf1a</code></a> Mark version 6.4.0</li> <li><a href="https://github.com/acornjs/acorn/commit/53034126864b492da4e278628bb972cb2a9313d4"><code>5303412</code></a> Also export Parser via Parser.acorn</li> <li><a href="https://github.com/acornjs/acorn/commit/efe273e70123449a458157dbf578afaf109a49ab"><code>efe273e</code></a> give token types and etc to plugins</li> <li><a href="https://github.com/acornjs/acorn/commit/ac6decb94a3aa4eee99230fdaf5883dfaafe8479"><code>ac6decb</code></a> Mark version 6.3.0</li> <li><a href="https://github.com/acornjs/acorn/commit/7e9817d17639d95cc6dbacfde734a0626b2a7dea"><code>7e9817d</code></a> Allow sourceType: module even with ecmaVersion < 6</li> <li><a href="https://github.com/acornjs/acorn/commit/e2b8cc087386eccc2ad6fd4a02b4257833557cb3"><code>e2b8cc0</code></a> Fix broken parsing of new expressions when allowReserved=="never"</li> <li><a href="https://github.com/acornjs/acorn/commit/1555c528855b10320ce98b4154906d7898c92990"><code>1555c52</code></a> Update acorn.d.ts</li> <li><a href="https://github.com/acornjs/acorn/commit/77c20fa2c2f490e646b67e6a0ff7e75fb54ab6c8"><code>77c20fa</code></a> Mark version 6.2.1</li> <li>Additional commits viewable in <a href="https://github.com/acornjs/acorn/compare/6.1.1...6.4.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+333 -6

0 comment

2 changed files

pr created time in a minute

PR opened RoyerRamirez/radiant-rooms-calendar-sync

Bump pycryptodome from 3.4.3 to 3.6.6

Bumps pycryptodome from 3.4.3 to 3.6.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst">pycryptodome's changelog</a>.</em></p> <blockquote> <p>3.6.6 (17 August 2018) ++++++++++++++++++++++</p> <h2>Resolved issues</h2> <ul> <li>GH#198: Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes (CVE-2018-15560).</li> </ul> <p>3.6.5 (12 August 2018) ++++++++++++++++++++++</p> <h2>Resolved issues</h2> <ul> <li>GH#187: Fixed incorrect AES encryption/decryption with AES acceleration on x86 due to gcc's optimization and strict aliasing rules.</li> <li>GH#188: More prime number candidates than necessary where discarded as composite due to the limited way D values were searched in the Lucas test.</li> <li>Fixed ResouceWarnings and DeprecationWarnings.</li> <li>Workaround for Python 3.7.0 bug on Windows (<a href="https://bugs.python.org/issue34108">https://bugs.python.org/issue34108</a>).</li> </ul> <p>3.6.4 (10 July 2018) +++++++++++++++++++++</p> <h2>New features</h2> <ul> <li>Build Python 3.7 wheels on Linux, Windows and Mac.</li> </ul> <h2>Resolved issues</h2> <ul> <li>GH#178: Rename <code>_cpuid</code> module to make upgrades more robust.</li> <li>More meaningful exceptions in case of mismatch in IV length (CBC/OFB/CFB modes).</li> <li>Fix compilation issues on Solaris 10/11.</li> </ul> <p>3.6.3 (21 June 2018) +++++++++++++++++++++</p> <h2>Resolved issues</h2> <ul> <li>GH#175: Fixed incorrect results for CTR encryption/decryption with more than 8 blocks.</li> </ul> <p>3.6.2 (19 June 2018) +++++++++++++++++++++</p> <h2>New features</h2> <ul> <li>ChaCha20 accepts 96 bit nonces (in addition to 64 bit nonces)</li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Legrandin/pycryptodome/commit/3506836f34b9008ba714e7beab097fecb42832da"><code>3506836</code></a> Update to Changelog</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/d1739c62b9b845f8a5b342de08d6bf6e2722d247"><code>d1739c6</code></a> Fix issue <a href="https://github-redirect.dependabot.com/Legrandin/pycryptodome/issues/198">#198</a>: AESNI breaks with messages shorter than 16 bytes</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/df800357717cc8519d200e4548f410053825cd00"><code>df80035</code></a> Bump version</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/e16bc2263991df6fa304dfd616bbb96185386cb3"><code>e16bc22</code></a> Update to Changelog</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/d97a099faf0de9014d76c16008bd9858a5f51215"><code>d97a099</code></a> Deal with strict aliasing when extracting SSE2 values</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/f25c0e536c5d40275f9140449a8e67219555ac6a"><code>f25c0e5</code></a> Drop mpir.dll from packaging</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/9990033025ee7cc60aa6a4098769afcd4ec9fe88"><code>9990033</code></a> Jacobi symbol not defined for negative n, add more test vectors</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/8bdb02edcd995f49abd2e4d93ed60f9a49a80891"><code>8bdb02e</code></a> Merge branch 'lucas'</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/66fdb1fdd437669513d9ad0095f8023950a8421d"><code>66fdb1f</code></a> Increase testing for primality</li> <li><a href="https://github.com/Legrandin/pycryptodome/commit/4994e3d2e9cdbe203622064fa9f1a7bc6975a948"><code>4994e3d</code></a> Update Changelog</li> <li>Additional commits viewable in <a href="https://github.com/Legrandin/pycryptodome/compare/v3.4.3...v3.6.6">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 minutes

PR opened cjshinning/vue-pop

Bump webpack-dev-server from 2.11.5 to 3.1.11

Bumps webpack-dev-server from 2.11.5 to 3.1.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-server/releases">webpack-dev-server's releases</a>.</em></p> <blockquote> <h2>v3.1.11</h2> <p><a name="3.1.11"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.11">3.1.11</a> (2018-12-21)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>bin/options:</strong> correct check for color support (<code>options.color</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1555">#1555</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/55398b5">55398b5</a>)</li> <li><strong>package:</strong> update <code>spdy</code> v3.4.1...4.0.0 (assertion error) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1491">#1491</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1563">#1563</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a3a257">7a3a257</a>)</li> <li><strong>Server:</strong> correct <code>node</code> version checks (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1543">#1543</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/927a2b3">927a2b3</a>)</li> <li><strong>Server:</strong> mime type for wasm in contentBase directory (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1575">#1575</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1580">#1580</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/fadae5d">fadae5d</a>)</li> <li>add url for compatibility with webpack@5 (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1598">#1598</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1599">#1599</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/68dd49a">68dd49a</a>)</li> <li>check origin header for websocket connection (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1603">#1603</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/b3217ca">b3217ca</a>)</li> </ul> <h2>v3.1.10</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.9...v3.1.10">2018-10-23</a></h2> <h3>Bug Fixes</h3> <ul> <li><strong>options:</strong> add <code>writeToDisk</code> option to schema (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1520">#1520</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/d2f4902">d2f4902</a>)</li> <li><strong>package:</strong> update <code>sockjs-client</code> v1.1.5...1.3.0 (<code>url-parse</code> vulnerability) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1537">#1537</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/e719959">e719959</a>)</li> <li><strong>Server:</strong> set <code>tls.DEFAULT_ECDH_CURVE</code> to <code>'auto'</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1531">#1531</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/c12def3">c12def3</a>)</li> </ul> <h2>v3.1.9</h2> <p>No release notes provided.</p> <h2>v3.1.8</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.7...v3.1.8">2018-09-06</a></h2> <h3>Bug Fixes</h3> <ul> <li><strong>package:</strong> <code>yargs</code> security vulnerability (<code>dependencies</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1492">#1492</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8fb67c9">8fb67c9</a>)</li> <li><strong>utils/createLogger:</strong> ensure <code>quiet</code> always takes precedence (<code>options.quiet</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1486">#1486</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a6ca47">7a6ca47</a>)</li> </ul> <h2>v3.1.7</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.6...v3.1.7">2018-08-29</a></h2> <h3>Bug Fixes</h3> <ul> <li><strong>Server:</strong> don't use <code>spdy</code> on <code>node >= v10.0.0</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1451">#1451</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8ab9eb6">8ab9eb6</a>)</li> </ul> <h2>v3.1.6</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.5...v3.1.6">2018-08-26</a></h2> <h3>Bug Fixes</h3> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md">webpack-dev-server's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.11">3.1.11</a> (2018-12-21)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>bin/options:</strong> correct check for color support (<code>options.color</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1555">#1555</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/55398b5">55398b5</a>)</li> <li><strong>package:</strong> update <code>spdy</code> v3.4.1...4.0.0 (assertion error) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1491">#1491</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1563">#1563</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a3a257">7a3a257</a>)</li> <li><strong>Server:</strong> correct <code>node</code> version checks (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1543">#1543</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/927a2b3">927a2b3</a>)</li> <li><strong>Server:</strong> mime type for wasm in contentBase directory (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1575">#1575</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1580">#1580</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/fadae5d">fadae5d</a>)</li> <li>add url for compatibility with webpack@5 (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1598">#1598</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1599">#1599</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/68dd49a">68dd49a</a>)</li> <li>check origin header for websocket connection (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1603">#1603</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/b3217ca">b3217ca</a>)</li> </ul> <p><a name="3.1.10"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.9...v3.1.10">3.1.10</a> (2018-10-23)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>options:</strong> add <code>writeToDisk</code> option to schema (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1520">#1520</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/d2f4902">d2f4902</a>)</li> <li><strong>package:</strong> update <code>sockjs-client</code> v1.1.5...1.3.0 (<code>url-parse</code> vulnerability) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1537">#1537</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/e719959">e719959</a>)</li> <li><strong>Server:</strong> set <code>tls.DEFAULT_ECDH_CURVE</code> to <code>'auto'</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1531">#1531</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/c12def3">c12def3</a>)</li> </ul> <p><a name="3.1.9"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.8...v3.1.9">3.1.9</a> (2018-09-24)</h2> <p><a name="3.1.8"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.7...v3.1.8">3.1.8</a> (2018-09-06)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>package:</strong> <code>yargs</code> security vulnerability (<code>dependencies</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1492">#1492</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8fb67c9">8fb67c9</a>)</li> <li><strong>utils/createLogger:</strong> ensure <code>quiet</code> always takes precedence (<code>options.quiet</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1486">#1486</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a6ca47">7a6ca47</a>)</li> </ul> <p><a name="3.1.7"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.6...v3.1.7">3.1.7</a> (2018-08-29)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>Server:</strong> don't use <code>spdy</code> on <code>node >= v10.0.0</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1451">#1451</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8ab9eb6">8ab9eb6</a>)</li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/webpack/webpack-dev-server/commits/v3.1.11">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+401 -382

0 comment

2 changed files

pr created time in 2 minutes

PR opened cjshinning/vue-pop

Bump webpack-bundle-analyzer from 2.13.1 to 3.3.2

Bumps webpack-bundle-analyzer from 2.13.1 to 3.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/releases">webpack-bundle-analyzer's releases</a>.</em></p> <blockquote> <h2>First test with Lerna monorepo</h2> <p><a href="https://github-redirect.dependabot.com/th0r/webpack-bundle-analyzer/pull/98">th0r/webpack-bundle-analyzer#98</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md">webpack-bundle-analyzer's changelog</a>.</em></p> <blockquote> <h2>3.3.2</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Fix regression with escaping internal assets (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/264">#264</a>, fixes <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/263">#263</a>)</li> </ul> </li> </ul> <h2>3.3.1</h2> <ul> <li> <p><strong>Improvements</strong></p> <ul> <li>Use relative links for serving internal assets (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/261">#261</a>, fixes <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/254">#254</a>)</li> <li>Properly escape embedded JS/JSON (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/262">#262</a>)</li> </ul> </li> <li> <p><strong>Bug Fix</strong></p> <ul> <li>Fix showing help message on <code>-h</code> flag (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/260">#260</a>, fixes <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/239">#239</a>)</li> </ul> </li> </ul> <h2>3.3.0</h2> <ul> <li> <p><strong>New Feature</strong></p> <ul> <li>Show/hide chunks using context menu (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/246">#246</a>, <a href="https://github.com/bregenspan">@bregenspan</a>)</li> </ul> </li> <li> <p><strong>Internal</strong></p> <ul> <li>Updated dev dependencies</li> </ul> </li> </ul> <h2>3.2.0</h2> <ul> <li><strong>Improvements</strong> <ul> <li>Add support for .mjs output files (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/252">#252</a>, <a href="https://github.com/jlopezxs">@jlopezxs</a>)</li> </ul> </li> </ul> <h2>3.1.0</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Properly determine the size of the modules containing special characters (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/223">#223</a>, <a href="https://github.com/hulkish">@hulkish</a>)</li> <li>Update acorn to v6 (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/248">#248</a>, <a href="https://github.com/realityking">@realityking</a>)</li> </ul> </li> </ul> <h2>3.0.4</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Make webpack's done hook wait until analyzer writes report or stat file (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/247">#247</a>, <a href="https://github.com/mareolan">@mareolan</a>)</li> </ul> </li> </ul> <h2>3.0.3</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Disable viewer websocket connection when report is generated in <code>static</code> mode (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/215">#215</a>, <a href="https://github.com/sebastianhaeni">@sebastianhaeni</a>)</li> </ul> </li> </ul> <h2>3.0.2</h2> <ul> <li> <p><strong>Improvements</strong></p> <ul> <li>Drop <code>@babel/runtime</code> dependency (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/209">#209</a>, <a href="https://github.com/realityking">@realityking</a>)</li> <li>Properly specify minimal Node.js version in <code>.babelrc</code> (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/209">#209</a>, <a href="https://github.com/realityking">@realityking</a>)</li> </ul> </li> <li> <p><strong>Bug Fix</strong></p> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/345c3f5c2cc8cd1a450f155ea989859b110944a0"><code>345c3f5</code></a> v3.3.2</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/a615815d6c6fd276c41198a4351c9d5a9d63e945"><code>a615815</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/264">#264</a> from webpack-contrib/fix-escape-regression</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/20f2b4c553ee343f491faf63e39427fba9908c7c"><code>20f2b4c</code></a> Fix regression with escaping internal assets</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/9836649e870ef2e0a19da1ad4b17bf92c645e536"><code>9836649</code></a> v3.3.1</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/d1db52631d0716fa4a600f4bdd2ad1cea3edfb74"><code>d1db526</code></a> Remove outdated item from troubleshooting section</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/ca342796b9685cb515e364b62c445ebbe1d86c70"><code>ca34279</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/261">#261</a> from webpack-contrib/relative-links-to-assets</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/99818f9238a5f97a63f604bacd13bcd4a1738cc4"><code>99818f9</code></a> Fix changelog</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/21722d28183314c88ca414f2b5c21179adc86875"><code>21722d2</code></a> Add changelog entry</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/ed99c3237f5d1d9d67a2e0a12f72e3f55a47f080"><code>ed99c32</code></a> Use relative links for serving internal assets</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/3ce1b8c3533fb479155a9cdd6a3338b834fde7d6"><code>3ce1b8c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/262">#262</a> from webpack-contrib/proper-js-escape</li> <li>Additional commits viewable in <a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/compare/v2.13.1...v3.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+69 -34

0 comment

2 changed files

pr created time in 2 minutes

PR opened MinhRieckermann/BSPORT

Bump bootstrap from 3.3.7 to 3.4.1 in /SharedCode/Bsportteamproject/BSportProject.Core

Bumps bootstrap from 3.3.7 to 3.4.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 minutes

PR opened MinhRieckermann/BSPORT

Bump Microsoft.Data.OData from 5.2.0 to 5.8.4 in /SharedCode/Bsportteamproject/BSportProject

Bumps Microsoft.Data.OData from 5.2.0 to 5.8.4.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 minutes

PR opened MinhRieckermann/BSPORT

Bump bootstrap from 3.3.0 to 3.4.1 in /SharedCode/Bsportteamproject/BSportProject

Bumps bootstrap from 3.3.0 to 3.4.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 minutes

PR opened lchli/lottery-vuejs

Bump minimist from 1.2.0 to 1.2.5 in /src-cordova

Bumps minimist from 1.2.0 to 1.2.5. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/substack/minimist/commit/aeb3e27dae0412de5c0494e9563a5f10c82cc7a9"><code>aeb3e27</code></a> 1.2.5</li> <li><a href="https://github.com/substack/minimist/commit/278677b171d956b46613a158c6c486c3ef979b20"><code>278677b</code></a> 1.2.4</li> <li><a href="https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f"><code>4cf1354</code></a> security notice</li> <li><a href="https://github.com/substack/minimist/commit/1043d212c3caaf871966e710f52cfdf02f9eea4b"><code>1043d21</code></a> additional test for constructor prototype pollution</li> <li><a href="https://github.com/substack/minimist/commit/6457d7440a47f329c12c4a5abfbce211c4235b93"><code>6457d74</code></a> 1.2.3</li> <li><a href="https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab"><code>38a4d1c</code></a> even more aggressive checks for protocol pollution</li> <li><a href="https://github.com/substack/minimist/commit/13c01a5327736903704984b7f65616b8476850cc"><code>13c01a5</code></a> more failing proto pollution tests</li> <li><a href="https://github.com/substack/minimist/commit/f34df077a6b2bee1344188849a95e66777109e89"><code>f34df07</code></a> 1.2.2</li> <li><a href="https://github.com/substack/minimist/commit/67d3722413448d00a62963d2d30c34656a92d7e2"><code>67d3722</code></a> cleanup</li> <li><a href="https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94"><code>63e7ed0</code></a> don't assign onto <strong>proto</strong></li> <li>Additional commits viewable in <a href="https://github.com/substack/minimist/compare/1.2.0...1.2.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 2 minutes

push eventDraghiciStefan1984/Angular-Maximilian

DraghiciStefan1984

commit sha 161d87b44d6810b46761f88c6122c39fdcc0701f

recipe observables

view details

DraghiciStefan1984

commit sha 02d98c2ad7c98f420f26e85ce216d2e425af0028

forms start

view details

dependabot[bot]

commit sha 365db669a10201d21576ecb6411c0f80d231b8e5

Bump bootstrap from 3.3.7 to 3.4.1 in /services-start Bumps [bootstrap](https://github.com/twbs/bootstrap) from 3.3.7 to 3.4.1. - [Release notes](https://github.com/twbs/bootstrap/releases) - [Commits](https://github.com/twbs/bootstrap/compare/v3.3.7...v3.4.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 2 minutes

push eventwangweicoder/Erp

wangweicoder

commit sha f5aa057ab63742ab5e14735fb9fa1660f18f5182

修改周次可多选,增加缓存公共方法

view details

wangweicoder

commit sha b014a4617259e63dc6d9d69ef167b6fd7a5e3597

修改不能统一结束养护的问题

view details

wangweicoder

commit sha 3d7e604ebbc07b0965d8efde90ae81cee229b5f8

修改二微码误读率

view details

wangweicoder

commit sha cf9bfc804bb545629f449469b48be04d169f9b40

0410增加养护记录排序,增加记录帐号功能

view details

dependabot[bot]

commit sha 0065e4f80f34c0ac2a2e1e850abb30aed178fc14

Bump bootstrap from 3.0.0 to 3.4.1 in /ERP Bumps bootstrap from 3.0.0 to 3.4.1. Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 2 minutes

delete branch happyCoding1024/huisiblog

delete branch : dependabot/npm_and_yarn/acorn-5.7.4

delete time in 2 minutes

PR opened DraghiciStefan1984/Angular-Maximilian

Bump bootstrap from 3.3.7 to 3.4.1 in /forms-td-start

Bumps bootstrap from 3.3.7 to 3.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/twbs/bootstrap/releases">bootstrap's releases</a>.</em></p> <blockquote> <h2>v3.4.1</h2> <ul> <li><strong>Security:</strong> Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer</li> <li>Handle bad selectors (<code>#</code>) in <code>data-target</code> for Dropdowns</li> <li>Clarified tooltip selector documentation</li> <li>Added support for NuGet contentFiles</li> </ul> <h2>v3.4.0</h2> <ul> <li><strong>New:</strong> Added a <code>.row-no-gutters</code> class.</li> <li><strong>New:</strong> Added docs searching via Algolia.</li> <li><strong>Fixed:</strong> Resolved an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. See <a href="https://snyk.io/vuln/npm:bootstrap:20160627">https://snyk.io/vuln/npm:bootstrap:20160627</a> for details.</li> <li><strong>Fixed:</strong> Added padding to <code>.navbar-fixed-*</code> on modal open</li> <li><strong>Fixed:</strong> Removed the double border on <code><abbr></code> elements.</li> <li>Removed Gist creation in web-based Customizer since anonymous gists were disabled long ago by GitHub.</li> <li>Removed drag and drop support from Customizer since it didn't work anymore.</li> <li>Added a dropdown to the docs nav for newer and previous versions.</li> <li>Update the docs to use a new <code>baseurl</code>, <code>/docs/3.4/</code>, to version the v3.x documentation like we do with v4.</li> <li>Reorganized the v3 docs CSS to use Less.</li> <li>Switched to BrowserStack for tests.</li> <li>Updated links to always use https and fix broken URLs.</li> <li>Replaced ZeroClipboard with clipboard.js</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twbs/bootstrap/commit/68b0d231a13201eb14acd3dc84e51543d16e5f7e"><code>68b0d23</code></a> Dist</li> <li><a href="https://github.com/twbs/bootstrap/commit/2ccfa57467c0e31ec2016d1be03c55184ce8a69d"><code>2ccfa57</code></a> handle # selector for dropdown</li> <li><a href="https://github.com/twbs/bootstrap/commit/a43077d3c3b3ef9b2afc426a573b40daeff788fe"><code>a43077d</code></a> Bump version to 3.4.1.</li> <li><a href="https://github.com/twbs/bootstrap/commit/d821de271297a74a8d6a309de1d4cd9113dd77ed"><code>d821de2</code></a> Backport sanitize docs from v4.</li> <li><a href="https://github.com/twbs/bootstrap/commit/5cd9ef47f60113212b7afcdfe8d8a4883376b464"><code>5cd9ef4</code></a> Add wdm gem for Windows.</li> <li><a href="https://github.com/twbs/bootstrap/commit/d6b8501e4c2e20b6b50303c10c6a2d3ef2ac5c3b"><code>d6b8501</code></a> ES5 fixes.</li> <li><a href="https://github.com/twbs/bootstrap/commit/2c8abb9a4393addc5ffb39e649e09391c2fee701"><code>2c8abb9</code></a> Add sanitize for tooltips and popovers html content.</li> <li><a href="https://github.com/twbs/bootstrap/commit/d4129dff60d4c0c1d4ce300a485086dfe4c79cf3"><code>d4129df</code></a> Bump year.</li> <li><a href="https://github.com/twbs/bootstrap/commit/0d64d6aee646a5167d5b94217cdbd32888cf1218"><code>0d64d6a</code></a> less/modals.less: Add missing semicolon.</li> <li><a href="https://github.com/twbs/bootstrap/commit/48c5d7b8e9f65c6339390469ef6fe18b5ee6b8c3"><code>48c5d7b</code></a> Use https.</li> <li>Additional commits viewable in <a href="https://github.com/twbs/bootstrap/compare/v3.3.7...v3.4.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~xhmikosr">xhmikosr</a>, a new releaser for bootstrap since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+4 -4

0 comment

2 changed files

pr created time in 2 minutes

pull request commenthappyCoding1024/huisiblog

Bump acorn from 5.7.3 to 5.7.4

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in 2 minutes

delete branch AbelPark/Blog

delete branch : dependabot/npm_and_yarn/acorn-6.4.1

delete time in 2 minutes

PR opened hiramzamorano/react-hangman

Bump lodash from 4.17.11 to 4.17.15

Bumps lodash from 4.17.11 to 4.17.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/ddfd9b11a0126db2302cb70ec9973b66baec0975"><code>ddfd9b1</code></a> Bump to v4.17.15.</li> <li><a href="https://github.com/lodash/lodash/commit/b185fcee26b2133bd071f4aaca14b455c2ed1008"><code>b185fce</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/be87d303941222b97c482755afc0f4a77ce46c30"><code>be87d30</code></a> Bump to v4.17.14.</li> <li><a href="https://github.com/lodash/lodash/commit/a6fe6b1e174fd02b5e60eb2664405f4c1262c300"><code>a6fe6b1</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/e37182845f16715a0d1c391c8662d83c55609cee"><code>e371828</code></a> Bump to v4.17.13.</li> <li><a href="https://github.com/lodash/lodash/commit/357e899e685872b4af5403ecc4b2a928f961ae63"><code>357e899</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/fd9a062d57646450b61f74029315abd4cc834b08"><code>fd9a062</code></a> Bump to v4.17.12.</li> <li><a href="https://github.com/lodash/lodash/commit/e77d68121ff00ba86b53eed5893d35adfe94c9dd"><code>e77d681</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/629d1865793182cd967196716f4beff223aa4a91"><code>629d186</code></a> Update OpenJS references.</li> <li><a href="https://github.com/lodash/lodash/commit/2406eac542b2a1282be8d812a6d8a45433ade80a"><code>2406eac</code></a> Fix minified build.</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.11...4.17.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 2 minutes

PR opened hiramzamorano/react-hangman

Bump lodash.template from 4.4.0 to 4.5.0

Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/ab73503859a2d2f7f603bc8a293ce93ecc071e83"><code>ab73503</code></a> Bump to v4.5.0.</li> <li><a href="https://github.com/lodash/lodash/commit/a4f7d4cc2a3b6d3a43f6c27beadbf90410eecdcd"><code>a4f7d4c</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/cca5ac60d61a2f786eeafadb674d6e12fc6179c8"><code>cca5ac6</code></a> Fix npm-test by removing the call to test-docs.</li> <li><a href="https://github.com/lodash/lodash/commit/9f7f9fc3c5f1a4db9a2134950872440c792ee8bb"><code>9f7f9fc</code></a> Adjust heading order. [ci skip]</li> <li><a href="https://github.com/lodash/lodash/commit/6e2fb92e9a2fd29ef630f71bd571afcdf0f2e206"><code>6e2fb92</code></a> Remove unused <code>baseArity</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/4f702e238183444ff392c3c7be5b48f1a7271519"><code>4f702e2</code></a> Specify utf8 encoding.</li> <li><a href="https://github.com/lodash/lodash/commit/b188f903ce41e624d6169f47a0c9e5091c178160"><code>b188f90</code></a> Add fp tests for iteratee shorthands.</li> <li><a href="https://github.com/lodash/lodash/commit/7b93dc9c3253c342a45881392d2308374a8909b3"><code>7b93dc9</code></a> Ensure clone methods clone expando properties of boolean, number, & string ob...</li> <li><a href="https://github.com/lodash/lodash/commit/664d66a89ec553438d5560239eba24d30867e580"><code>664d66a</code></a> Make string tests more consistent.</li> <li><a href="https://github.com/lodash/lodash/commit/d9dc0e6fd13c030029964b5ba468e0df3e2de3b2"><code>d9dc0e6</code></a> Add <code>_.invertBy</code> tests.</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.4.0...4.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+4 -4

0 comment

1 changed file

pr created time in 2 minutes

PR opened hiramzamorano/react-hangman

Bump handlebars from 4.0.12 to 4.7.6

Bumps handlebars from 4.0.12 to 4.7.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wycats/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson">@dougwilson</a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo">@aorinevo</a>, <a href="https://api.github.com/users/AviVahl">@AviVahl</a> & <a href="https://api.github.com/users/fabb">@fabb</a>)</li> </ul> <p>Compatibility notes:</p> <ul> <li>No incompatibilities are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.3...v4.7.4">Commits</a></p> <h2>v4.7.3 - February 5th, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1644">#1644</a> - Download links to aws broken on handlebarsjs.com - access denied (<a href="https://api.github.com/users/Tea56">@Tea56</a>)</li> <li>Fix spelling and punctuation in changelog - d78cc73</li> </ul> <p>Bugfixes:</p> <ul> <li>Add Type Definition for Handlebars.VERSION, Fixes <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1647">#1647</a> - 4de51fe</li> <li>Include Type Definition for runtime.js in Package - a32d05f</li> </ul> <p>Compatibility notes:</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wycats/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/wycats/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/b64202bc9197307bd785a58693e3820eb9bb41a8"><code>b64202b</code></a> Update release-notes.md</li> <li><a href="https://github.com/wycats/handlebars.js/commit/c2f1e6203178918569f085e12afdb762cae17fb0"><code>c2f1e62</code></a> Switch cmd parser to latest minimist</li> <li><a href="https://github.com/wycats/handlebars.js/commit/08e9a11a34c3ad8387a0b85b1334f97cab85191a"><code>08e9a11</code></a> Revert "chore: set Node.js compatibility to v6+"</li> <li><a href="https://github.com/wycats/handlebars.js/commit/1fd2edee2a12fb228061fcde807905c6b14339c4"><code>1fd2ede</code></a> v4.7.5</li> <li><a href="https://github.com/wycats/handlebars.js/commit/3c9c2f5cf29cf10f54d5fe4daca6b24b65f0adcf"><code>3c9c2f5</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/16487a088e13f4d52c6fd6610b9ec71c4a51be8a"><code>16487a0</code></a> chore: downgrade yargs to v14</li> <li><a href="https://github.com/wycats/handlebars.js/commit/309d2b49a11628d2a8f052c5587e7459968cd705"><code>309d2b4</code></a> chore: set Node.js compatibility to v6+</li> <li><a href="https://github.com/wycats/handlebars.js/commit/645ac73844918668f9a2f41e49b7cb18ce5abf36"><code>645ac73</code></a> test: fix integration tests</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.7.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~erisds">erisds</a>, a new releaser for handlebars since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+14 -22

0 comment

1 changed file

pr created time in 2 minutes

PR opened hiramzamorano/react-hangman

Bump mixin-deep from 1.3.1 to 1.3.2

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9"><code>754f0c2</code></a> 1.3.2</li> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50"><code>90ee1fa</code></a> ensure keys are valid when mixing in values</li> <li>See full diff in <a href="https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~doowb">doowb</a>, a new releaser for mixin-deep since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 2 minutes

PR opened dsnguon-1541830/dsnguon-1541830.github.io

Bump lodash from 4.17.11 to 4.17.15

Bumps lodash from 4.17.11 to 4.17.15. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/ddfd9b11a0126db2302cb70ec9973b66baec0975"><code>ddfd9b1</code></a> Bump to v4.17.15.</li> <li><a href="https://github.com/lodash/lodash/commit/b185fcee26b2133bd071f4aaca14b455c2ed1008"><code>b185fce</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/be87d303941222b97c482755afc0f4a77ce46c30"><code>be87d30</code></a> Bump to v4.17.14.</li> <li><a href="https://github.com/lodash/lodash/commit/a6fe6b1e174fd02b5e60eb2664405f4c1262c300"><code>a6fe6b1</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/e37182845f16715a0d1c391c8662d83c55609cee"><code>e371828</code></a> Bump to v4.17.13.</li> <li><a href="https://github.com/lodash/lodash/commit/357e899e685872b4af5403ecc4b2a928f961ae63"><code>357e899</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/fd9a062d57646450b61f74029315abd4cc834b08"><code>fd9a062</code></a> Bump to v4.17.12.</li> <li><a href="https://github.com/lodash/lodash/commit/e77d68121ff00ba86b53eed5893d35adfe94c9dd"><code>e77d681</code></a> Rebuild lodash and docs.</li> <li><a href="https://github.com/lodash/lodash/commit/629d1865793182cd967196716f4beff223aa4a91"><code>629d186</code></a> Update OpenJS references.</li> <li><a href="https://github.com/lodash/lodash/commit/2406eac542b2a1282be8d812a6d8a45433ade80a"><code>2406eac</code></a> Fix minified build.</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.11...4.17.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 3 minutes

PR opened dsnguon-1541830/dsnguon-1541830.github.io

Bump mixin-deep from 1.3.1 to 1.3.2

Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9"><code>754f0c2</code></a> 1.3.2</li> <li><a href="https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50"><code>90ee1fa</code></a> ensure keys are valid when mixing in values</li> <li>See full diff in <a href="https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~doowb">doowb</a>, a new releaser for mixin-deep since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 3 minutes

PR opened luxurer/vue-demo

Bump webpack-dev-server from 2.11.5 to 3.1.11

Bumps webpack-dev-server from 2.11.5 to 3.1.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-server/releases">webpack-dev-server's releases</a>.</em></p> <blockquote> <h2>v3.1.11</h2> <p><a name="3.1.11"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.11">3.1.11</a> (2018-12-21)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>bin/options:</strong> correct check for color support (<code>options.color</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1555">#1555</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/55398b5">55398b5</a>)</li> <li><strong>package:</strong> update <code>spdy</code> v3.4.1...4.0.0 (assertion error) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1491">#1491</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1563">#1563</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a3a257">7a3a257</a>)</li> <li><strong>Server:</strong> correct <code>node</code> version checks (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1543">#1543</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/927a2b3">927a2b3</a>)</li> <li><strong>Server:</strong> mime type for wasm in contentBase directory (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1575">#1575</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1580">#1580</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/fadae5d">fadae5d</a>)</li> <li>add url for compatibility with webpack@5 (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1598">#1598</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1599">#1599</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/68dd49a">68dd49a</a>)</li> <li>check origin header for websocket connection (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1603">#1603</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/b3217ca">b3217ca</a>)</li> </ul> <h2>v3.1.10</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.9...v3.1.10">2018-10-23</a></h2> <h3>Bug Fixes</h3> <ul> <li><strong>options:</strong> add <code>writeToDisk</code> option to schema (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1520">#1520</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/d2f4902">d2f4902</a>)</li> <li><strong>package:</strong> update <code>sockjs-client</code> v1.1.5...1.3.0 (<code>url-parse</code> vulnerability) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1537">#1537</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/e719959">e719959</a>)</li> <li><strong>Server:</strong> set <code>tls.DEFAULT_ECDH_CURVE</code> to <code>'auto'</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1531">#1531</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/c12def3">c12def3</a>)</li> </ul> <h2>v3.1.9</h2> <p>No release notes provided.</p> <h2>v3.1.8</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.7...v3.1.8">2018-09-06</a></h2> <h3>Bug Fixes</h3> <ul> <li><strong>package:</strong> <code>yargs</code> security vulnerability (<code>dependencies</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1492">#1492</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8fb67c9">8fb67c9</a>)</li> <li><strong>utils/createLogger:</strong> ensure <code>quiet</code> always takes precedence (<code>options.quiet</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1486">#1486</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a6ca47">7a6ca47</a>)</li> </ul> <h2>v3.1.7</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.6...v3.1.7">2018-08-29</a></h2> <h3>Bug Fixes</h3> <ul> <li><strong>Server:</strong> don't use <code>spdy</code> on <code>node >= v10.0.0</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1451">#1451</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8ab9eb6">8ab9eb6</a>)</li> </ul> <h2>v3.1.6</h2> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.5...v3.1.6">2018-08-26</a></h2> <h3>Bug Fixes</h3> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md">webpack-dev-server's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.11">3.1.11</a> (2018-12-21)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>bin/options:</strong> correct check for color support (<code>options.color</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1555">#1555</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/55398b5">55398b5</a>)</li> <li><strong>package:</strong> update <code>spdy</code> v3.4.1...4.0.0 (assertion error) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1491">#1491</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1563">#1563</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a3a257">7a3a257</a>)</li> <li><strong>Server:</strong> correct <code>node</code> version checks (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1543">#1543</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/927a2b3">927a2b3</a>)</li> <li><strong>Server:</strong> mime type for wasm in contentBase directory (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1575">#1575</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1580">#1580</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/fadae5d">fadae5d</a>)</li> <li>add url for compatibility with webpack@5 (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1598">#1598</a>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1599">#1599</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/68dd49a">68dd49a</a>)</li> <li>check origin header for websocket connection (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1603">#1603</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/b3217ca">b3217ca</a>)</li> </ul> <p><a name="3.1.10"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.9...v3.1.10">3.1.10</a> (2018-10-23)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>options:</strong> add <code>writeToDisk</code> option to schema (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1520">#1520</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/d2f4902">d2f4902</a>)</li> <li><strong>package:</strong> update <code>sockjs-client</code> v1.1.5...1.3.0 (<code>url-parse</code> vulnerability) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1537">#1537</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/e719959">e719959</a>)</li> <li><strong>Server:</strong> set <code>tls.DEFAULT_ECDH_CURVE</code> to <code>'auto'</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1531">#1531</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/c12def3">c12def3</a>)</li> </ul> <p><a name="3.1.9"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.8...v3.1.9">3.1.9</a> (2018-09-24)</h2> <p><a name="3.1.8"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.7...v3.1.8">3.1.8</a> (2018-09-06)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>package:</strong> <code>yargs</code> security vulnerability (<code>dependencies</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1492">#1492</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8fb67c9">8fb67c9</a>)</li> <li><strong>utils/createLogger:</strong> ensure <code>quiet</code> always takes precedence (<code>options.quiet</code>) (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1486">#1486</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/7a6ca47">7a6ca47</a>)</li> </ul> <p><a name="3.1.7"></a></p> <h2><a href="https://github.com/webpack/webpack-dev-server/compare/v3.1.6...v3.1.7">3.1.7</a> (2018-08-29)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>Server:</strong> don't use <code>spdy</code> on <code>node >= v10.0.0</code> (<a href="https://github-redirect.dependabot.com/webpack/webpack-dev-server/issues/1451">#1451</a>) (<a href="https://github.com/webpack/webpack-dev-server/commit/8ab9eb6">8ab9eb6</a>)</li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/webpack/webpack-dev-server/commits/v3.1.11">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+416 -194

0 comment

2 changed files

pr created time in 3 minutes

PR opened luxurer/vue-demo

Bump webpack-bundle-analyzer from 2.13.1 to 3.3.2

Bumps webpack-bundle-analyzer from 2.13.1 to 3.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/releases">webpack-bundle-analyzer's releases</a>.</em></p> <blockquote> <h2>First test with Lerna monorepo</h2> <p><a href="https://github-redirect.dependabot.com/th0r/webpack-bundle-analyzer/pull/98">th0r/webpack-bundle-analyzer#98</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/blob/master/CHANGELOG.md">webpack-bundle-analyzer's changelog</a>.</em></p> <blockquote> <h2>3.3.2</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Fix regression with escaping internal assets (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/264">#264</a>, fixes <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/263">#263</a>)</li> </ul> </li> </ul> <h2>3.3.1</h2> <ul> <li> <p><strong>Improvements</strong></p> <ul> <li>Use relative links for serving internal assets (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/261">#261</a>, fixes <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/254">#254</a>)</li> <li>Properly escape embedded JS/JSON (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/262">#262</a>)</li> </ul> </li> <li> <p><strong>Bug Fix</strong></p> <ul> <li>Fix showing help message on <code>-h</code> flag (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/260">#260</a>, fixes <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/239">#239</a>)</li> </ul> </li> </ul> <h2>3.3.0</h2> <ul> <li> <p><strong>New Feature</strong></p> <ul> <li>Show/hide chunks using context menu (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/246">#246</a>, <a href="https://github.com/bregenspan">@bregenspan</a>)</li> </ul> </li> <li> <p><strong>Internal</strong></p> <ul> <li>Updated dev dependencies</li> </ul> </li> </ul> <h2>3.2.0</h2> <ul> <li><strong>Improvements</strong> <ul> <li>Add support for .mjs output files (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/252">#252</a>, <a href="https://github.com/jlopezxs">@jlopezxs</a>)</li> </ul> </li> </ul> <h2>3.1.0</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Properly determine the size of the modules containing special characters (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/223">#223</a>, <a href="https://github.com/hulkish">@hulkish</a>)</li> <li>Update acorn to v6 (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/248">#248</a>, <a href="https://github.com/realityking">@realityking</a>)</li> </ul> </li> </ul> <h2>3.0.4</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Make webpack's done hook wait until analyzer writes report or stat file (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/247">#247</a>, <a href="https://github.com/mareolan">@mareolan</a>)</li> </ul> </li> </ul> <h2>3.0.3</h2> <ul> <li><strong>Bug Fix</strong> <ul> <li>Disable viewer websocket connection when report is generated in <code>static</code> mode (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/215">#215</a>, <a href="https://github.com/sebastianhaeni">@sebastianhaeni</a>)</li> </ul> </li> </ul> <h2>3.0.2</h2> <ul> <li> <p><strong>Improvements</strong></p> <ul> <li>Drop <code>@babel/runtime</code> dependency (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/209">#209</a>, <a href="https://github.com/realityking">@realityking</a>)</li> <li>Properly specify minimal Node.js version in <code>.babelrc</code> (<a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/pull/209">#209</a>, <a href="https://github.com/realityking">@realityking</a>)</li> </ul> </li> <li> <p><strong>Bug Fix</strong></p> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/345c3f5c2cc8cd1a450f155ea989859b110944a0"><code>345c3f5</code></a> v3.3.2</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/a615815d6c6fd276c41198a4351c9d5a9d63e945"><code>a615815</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/264">#264</a> from webpack-contrib/fix-escape-regression</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/20f2b4c553ee343f491faf63e39427fba9908c7c"><code>20f2b4c</code></a> Fix regression with escaping internal assets</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/9836649e870ef2e0a19da1ad4b17bf92c645e536"><code>9836649</code></a> v3.3.1</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/d1db52631d0716fa4a600f4bdd2ad1cea3edfb74"><code>d1db526</code></a> Remove outdated item from troubleshooting section</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/ca342796b9685cb515e364b62c445ebbe1d86c70"><code>ca34279</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/261">#261</a> from webpack-contrib/relative-links-to-assets</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/99818f9238a5f97a63f604bacd13bcd4a1738cc4"><code>99818f9</code></a> Fix changelog</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/21722d28183314c88ca414f2b5c21179adc86875"><code>21722d2</code></a> Add changelog entry</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/ed99c3237f5d1d9d67a2e0a12f72e3f55a47f080"><code>ed99c32</code></a> Use relative links for serving internal assets</li> <li><a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/3ce1b8c3533fb479155a9cdd6a3338b834fde7d6"><code>3ce1b8c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack-contrib/webpack-bundle-analyzer/issues/262">#262</a> from webpack-contrib/proper-js-escape</li> <li>Additional commits viewable in <a href="https://github.com/webpack-contrib/webpack-bundle-analyzer/compare/v2.13.1...v3.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+69 -34

0 comment

2 changed files

pr created time in 3 minutes

delete branch bitbeast18/portfolio

delete branch : dependabot/npm_and_yarn/acorn-6.4.1

delete time in 3 minutes

PR opened yeraassyl/webdev2019

Bump acorn from 6.1.1 to 6.4.1 in /WEEK11/todo-front

Bumps acorn from 6.1.1 to 6.4.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/9a2e9b6678e243d66846b91179d650d28453e70c"><code>9a2e9b6</code></a> Mark version 6.4.1</li> <li><a href="https://github.com/acornjs/acorn/commit/90a9548ea0ce351b54f956e2c4ed27cca9631284"><code>90a9548</code></a> More rigorously check surrogate pairs in regexp validator</li> <li><a href="https://github.com/acornjs/acorn/commit/df0cf1a3e2b1a51a26c14984dc0f5412b7151b10"><code>df0cf1a</code></a> Mark version 6.4.0</li> <li><a href="https://github.com/acornjs/acorn/commit/53034126864b492da4e278628bb972cb2a9313d4"><code>5303412</code></a> Also export Parser via Parser.acorn</li> <li><a href="https://github.com/acornjs/acorn/commit/efe273e70123449a458157dbf578afaf109a49ab"><code>efe273e</code></a> give token types and etc to plugins</li> <li><a href="https://github.com/acornjs/acorn/commit/ac6decb94a3aa4eee99230fdaf5883dfaafe8479"><code>ac6decb</code></a> Mark version 6.3.0</li> <li><a href="https://github.com/acornjs/acorn/commit/7e9817d17639d95cc6dbacfde734a0626b2a7dea"><code>7e9817d</code></a> Allow sourceType: module even with ecmaVersion < 6</li> <li><a href="https://github.com/acornjs/acorn/commit/e2b8cc087386eccc2ad6fd4a02b4257833557cb3"><code>e2b8cc0</code></a> Fix broken parsing of new expressions when allowReserved=="never"</li> <li><a href="https://github.com/acornjs/acorn/commit/1555c528855b10320ce98b4154906d7898c92990"><code>1555c52</code></a> Update acorn.d.ts</li> <li><a href="https://github.com/acornjs/acorn/commit/77c20fa2c2f490e646b67e6a0ff7e75fb54ab6c8"><code>77c20fa</code></a> Mark version 6.2.1</li> <li>Additional commits viewable in <a href="https://github.com/acornjs/acorn/compare/6.1.1...6.4.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+61 -22

0 comment

1 changed file

pr created time in 3 minutes

push eventshivamrai/datavizproject

Abeer

commit sha 3d192fee11712b4597aa7e53ee98fae895b723df

screenshot layout

view details

dependabot[bot]

commit sha 6815cd048dbde91f7b2f11ad13ddd994fc57d9e1

Bump lodash in /us-accidents-data-vis/client/src/USAMap/react-usa-map Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 minutes

PR opened yeraassyl/webdev2019

Bump handlebars from 4.1.1 to 4.7.6 in /WEEK11/todo-front

Bumps handlebars from 4.1.1 to 4.7.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/wycats/handlebars.js/blob/master/release-notes.md">handlebars's changelog</a>.</em></p> <blockquote> <h2>v4.7.6 - April 3rd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1672">#1672</a> - Switch cmd parser to latest minimist (<a href="https://api.github.com/users/dougwilson">@dougwilson</a></li> </ul> <p>Compatibility notes:</p> <ul> <li>Restored Node.js compatibility</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.5...v4.7.6">Commits</a></p> <h2>v4.7.5 - April 2nd, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><del>Node.js version support has been changed to v6+</del> Reverted in 4.7.6</li> </ul> <p>Compatibility notes:</p> <ul> <li><del>Node.js < v6 is no longer supported</del> Reverted in 4.7.6</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.4...v4.7.5">Commits</a></p> <h2>v4.7.4 - April 1st, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1666">#1666</a> - Replaced minimist with yargs for handlebars CLI (<a href="https://api.github.com/users/aorinevo">@aorinevo</a>, <a href="https://api.github.com/users/AviVahl">@AviVahl</a> & <a href="https://api.github.com/users/fabb">@fabb</a>)</li> </ul> <p>Compatibility notes:</p> <ul> <li>No incompatibilities are to be expected</li> </ul> <p><a href="https://github.com/wycats/handlebars.js/compare/v4.7.3...v4.7.4">Commits</a></p> <h2>v4.7.3 - February 5th, 2020</h2> <p>Chore/Housekeeping:</p> <ul> <li><a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1644">#1644</a> - Download links to aws broken on handlebarsjs.com - access denied (<a href="https://api.github.com/users/Tea56">@Tea56</a>)</li> <li>Fix spelling and punctuation in changelog - d78cc73</li> </ul> <p>Bugfixes:</p> <ul> <li>Add Type Definition for Handlebars.VERSION, Fixes <a href="https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1647">#1647</a> - 4de51fe</li> <li>Include Type Definition for runtime.js in Package - a32d05f</li> </ul> <p>Compatibility notes:</p> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/wycats/handlebars.js/commit/e6ad93ea01bcde1f8ddaa4b4ebe572dd616abfaa"><code>e6ad93e</code></a> v4.7.6</li> <li><a href="https://github.com/wycats/handlebars.js/commit/2bf4fc6fd3ae3d8f076d628653f284d85faebeb4"><code>2bf4fc6</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/b64202bc9197307bd785a58693e3820eb9bb41a8"><code>b64202b</code></a> Update release-notes.md</li> <li><a href="https://github.com/wycats/handlebars.js/commit/c2f1e6203178918569f085e12afdb762cae17fb0"><code>c2f1e62</code></a> Switch cmd parser to latest minimist</li> <li><a href="https://github.com/wycats/handlebars.js/commit/08e9a11a34c3ad8387a0b85b1334f97cab85191a"><code>08e9a11</code></a> Revert "chore: set Node.js compatibility to v6+"</li> <li><a href="https://github.com/wycats/handlebars.js/commit/1fd2edee2a12fb228061fcde807905c6b14339c4"><code>1fd2ede</code></a> v4.7.5</li> <li><a href="https://github.com/wycats/handlebars.js/commit/3c9c2f5cf29cf10f54d5fe4daca6b24b65f0adcf"><code>3c9c2f5</code></a> Update release notes</li> <li><a href="https://github.com/wycats/handlebars.js/commit/16487a088e13f4d52c6fd6610b9ec71c4a51be8a"><code>16487a0</code></a> chore: downgrade yargs to v14</li> <li><a href="https://github.com/wycats/handlebars.js/commit/309d2b49a11628d2a8f052c5587e7459968cd705"><code>309d2b4</code></a> chore: set Node.js compatibility to v6+</li> <li><a href="https://github.com/wycats/handlebars.js/commit/645ac73844918668f9a2f41e49b7cb18ce5abf36"><code>645ac73</code></a> test: fix integration tests</li> <li>Additional commits viewable in <a href="https://github.com/wycats/handlebars.js/compare/v4.1.1...v4.7.6">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~erisds">erisds</a>, a new releaser for handlebars since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+77 -25

0 comment

1 changed file

pr created time in 3 minutes

PR opened yeraassyl/webdev2019

Bump lodash.mergewith from 4.6.1 to 4.6.2 in /WEEK11/todo-front

Bumps lodash.mergewith from 4.6.1 to 4.6.2. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/lodash/lodash/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+61 -22

0 comment

1 changed file

pr created time in 3 minutes

more