PR opened hamza-makraz/laravel-web-starter
Bumps symfony/mime from 4.3.3 to 4.4.1. <details> <summary>Changelog</summary>
Sourced from symfony/mime's changelog.
CHANGELOG
4.4.0
- [BC BREAK] Removed
NamedAddress
(Address
now supports a name)- Added PHPUnit constraints
- Added
AbstractPart::asDebugString()
- Added
Address::fromString()
</details> <details> <summary>Commits</summary>
010cc48
bug #34032 [Mime] Fixing multidimensional array structure with FormDataPart (...89da7b6
Merge branch '4.3' into 4.422aecf6
[Mime] fix guessing mime-types of files with leading dashbf6913d
Merge branch '4.3' into 4.43c0e197
[4.3] Remove unused local variables86fe792
minor #33963 Add .gitignore to .gitattributes (reedy)51d5b0e
Changing the multipart form-data behavior to use the form name as an array, w...ae5a66b
Merge branch '4.3' into 4.4a6b152c
Merge branch '3.4' into 4.3592a01c
Add Message-Id to SentMessage when sending an email- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a few seconds
create barnchhamza-makraz/laravel-web-starter
branch : dependabot/composer/symfony/mime-4.4.1
created branch time in a few seconds
create barnchmiahmdrubel/OnlineMedicalShop
branch : dependabot/npm_and_yarn/axios-0.19.0
created branch time in a few seconds
create barnchhamza-makraz/laravel-web-starter
branch : dependabot/composer/symfony/http-foundation-4.4.1
created branch time in a few seconds
PR opened hamza-makraz/laravel-web-starter
Bumps symfony/http-foundation from 4.3.3 to 4.4.1. <details> <summary>Changelog</summary>
Sourced from symfony/http-foundation's changelog.
CHANGELOG
5.1.0
- Deprecate
Response::create()
,JsonResponse::create()
,RedirectResponse::create()
, andStreamedResponse::create()
methods (use__construct()
instead)5.0.0
- made
Cookie
auto-secure and lax by default- removed classes in the
MimeType
namespace, use the Symfony Mime component instead- removed method
UploadedFile::getClientSize()
and the related constructor argument- made
Request::getSession()
throw if the session has not been set before- removed
Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL
- passing a null url when instantiating a
RedirectResponse
is not allowed4.4.0
- passing arguments to
Request::isMethodSafe()
is deprecated.ApacheRequest
is deprecated, use theRequest
class instead.- passing a third argument to
HeaderBag::get()
is deprecated, use methodall()
instead- [BC BREAK]
PdoSessionHandler
with MySQL changed the type of the lifetime column, make sure to runALTER TABLE sessions MODIFY sess_lifetime INTEGER UNSIGNED NOT NULL
to update your database.PdoSessionHandler
now precalculates the expiry timestamp in the lifetime column, make sure to runCREATE INDEX EXPIRY ON sessions (sess_lifetime)
to update your database to speed up garbage collection of expired sessions.- added
SessionHandlerFactory
to create session handlers with a DSN- added
IpUtils::anonymize()
to help with GDPR compliance.4.3.0
- added PHPUnit constraints:
RequestAttributeValueSame
,ResponseCookieValueSame
,ResponseHasCookie
,ResponseHasHeader
,ResponseHeaderSame
,ResponseIsRedirected
,ResponseIsSuccessful
, andResponseStatusCodeSame
- deprecated
MimeTypeGuesserInterface
andExtensionGuesserInterface
in favor ofSymfony\Component\Mime\MimeTypesInterface
.- deprecated
MimeType
andMimeTypeExtensionGuesser
in favor ofSymfony\Component\Mime\MimeTypes
.- deprecated
FileBinaryMimeTypeGuesser
in favor ofSymfony\Component\Mime\FileBinaryMimeTypeGuesser
.- deprecated
FileinfoMimeTypeGuesser
in favor ofSymfony\Component\Mime\FileinfoMimeTypeGuesser
.- added
UrlHelper
that allows to get an absolute URL and a relative path for a given path4.2.0
- the default value of the "$secure" and "$samesite" arguments of Cookie's constructor </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
8bccc59
Merge branch '4.3' into 4.4fcafc7c
Merge branch '3.4' into 4.3d2d0cfe
[HttpFoundation] Fixed typocc09809
[HttpFoundation] Update CHANGELOG for PdoSessionHandler BC BREAK in 4.4c2480b7
Merge branch '3.4' into 4.3f7efd0b
Simpler example for Apache basic auth workaround502040d
Merge branch '4.3' into 4.40ac9ebf
Merge branch '3.4' into 4.3a558b18
feature #34405 [HttpFoundation] Added possibility to configure expiration tim...0c5217a
[HttpFoundation] Added possibility to configure expiration time in redis sess...- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a few seconds
PR opened miahmdrubel/OnlineMedicalShop
Bumps axios from 0.17.1 to 0.19.0. <details> <summary>Release notes</summary>
Sourced from axios's releases.
v0.19.0
Fixes and Functionality:
- Unzip response body only for statuses != 204 (#1129) - drawski
- Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
- Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
- Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
- Allow uppercase methods in typings. (#1781) - Ken Powers
- Fixing .eslintrc without extension (#1789) - Manoel
- Consistent coding style (#1787) - Ali Servet Donmez
- Fixing building url with hash mark (#1771) - Anatoly Ryabov
- This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after
#
, because client cut everything after#
- Preserve HTTP method when following redirect (#1758) - Rikki Gibson
- Add
getUri
signature to TypeScript definition. (#1736) - Alexander Trauzzi- Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
- Fix failing SauceLabs tests by updating configuration - Emily Morehouse
Documentation:
- Add information about auth parameter to README (#2166) - xlaguna
- Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
- Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
- Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
- Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
- Fixing spacing for README.md (#2066) - Josh McCarty
- Update README.md. - Change
.then
to.finally
in example code (#2090) - Omar Cai- Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
- docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
- It seems that
responseType: 'blob'
doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser- Add issue templates - Emily Morehouse
- Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
- Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
- Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer
v0.19.0-beta.1
NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.
New Functionality:
- Add getUri method (#1712)
- Add support for no_proxy env variable (#1693)
- Add toJSON to decorated Axios errors to faciliate serialization (#1625)
- Add second then on axios call (#1623)
- Typings: allow custom return types
- Add option to specify character set in responses (with http adapter)
Fixes:
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from axios's changelog.
0.19.0 (May 30, 2019)
Fixes and Functionality:
- Added support for no_proxy env variable (#434) - Chance Dickson
- Unzip response body only for statuses != 204 (#1129) - drawski
- Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
- Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
- Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
- Allow uppercase methods in typings. (#1781) - Ken Powers
- Fixing building url with hash mark (#1771) - Anatoly Ryabov
- This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after
#
, because client cut everything after#
- Preserve HTTP method when following redirect (#1758) - Rikki Gibson
- Add
getUri
signature to TypeScript definition. (#1736) - Alexander Trauzzi- Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
Internal:
- Fixing .eslintrc without extension (#1789) - Manoel
- Fix failing SauceLabs tests by updating configuration - Emily Morehouse
- Add issue templates - Emily Morehouse
Documentation:
- Consistent coding style in README (#1787) - Ali Servet Donmez
- Add information about auth parameter to README (#2166) - xlaguna
- Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
- Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
- Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
- Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
- Fixing spacing for README.md (#2066) - Josh McCarty
- Update README.md. - Change
.then
to.finally
in example code (#2090) - Omar Cai- Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
- docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
- It seems that
responseType: 'blob'
doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser- Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
- Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
- Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer
0.19.0-beta.1 (Aug 9, 2018)
NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.
New Functionality:
8d0b92b
Releasing 0.19.03f7451c
Update Changelog for release (0.19.0)f28ff93
Add information about auth parameter to README (#2166)5250e6e
Add DELETE to list of methods that allow data as a config option (#2169)6b0ccd1
Update ECOSYSTEM.md - Add Axios Endpoints (#2176)299e827
Add r2curl in ECOSYSTEM (#2141)fd0c959
Unzip response body only for statuses != 204 (#1129)92d2313
Update README.md - Add instructions for installing with yarn (#2036)ddcc2e4
Fixing spacing for README.md (#2066)48c43d5
Update README.md. - Change.then
to.finally
in example code (#2090)- Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>
This version was pushed to npm by emilyemorehouse, a new releaser for axios since your current version. </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a few seconds
push eventkatholiek-onderwijs-vlaanderen/sri-client
commit sha d72338d95f2e24a30ffab5beadf7dbcae957554a
fix call to toLowerCase function
commit sha d1c4318395b0fa2d94d5f3731e782724e9dec320
Merge pull request #14 from katholiek-onderwijs-vlaanderen/fix-fn-call-in-cache fix call to toLowerCase function
commit sha 59d0f6fc6ae664c592b11d7b647331873fce13b8
update version number
commit sha a942af2328ffea9ccdc5b8a915f6915f0937580d
Bump eslint from 4.16.0 to 4.18.2 Bumps [eslint](https://github.com/eslint/eslint) from 4.16.0 to 4.18.2. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v4.16.0...v4.18.2) Signed-off-by: dependabot[bot] <support@github.com>
push time in a few seconds
PR opened heliu199211s/R3-OMS
Bumps jackson-databind from 2.7.5 to 2.9.10.1. <details> <summary>Commits</summary>
- See full diff in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a few seconds
create barnchheliu199211s/R3-OMS
created branch time in a few seconds
delete branch MyklClason/tweetscope
delete branch : dependabot/bundler/sprockets-3.7.2
delete time in a few seconds
PR opened maltewirz/vue-user-input
Bumps webpack-dev-server from 2.1.0-beta.0 to 3.1.11. <details> <summary>Release notes</summary>
Sourced from webpack-dev-server's releases.
v3.1.11
<a name="3.1.11"></a>
3.1.11 (2018-12-21)
Bug Fixes
- bin/options: correct check for color support (
options.color
) (#1555) (55398b5)- package: update
spdy
v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)- Server: correct
node
version checks (#1543) (927a2b3)- Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
- add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
- check origin header for websocket connection (#1603) (b3217ca)
v3.1.10
2018-10-23
Bug Fixes
- options: add
writeToDisk
option to schema (#1520) (d2f4902)- package: update
sockjs-client
v1.1.5...1.3.0 (url-parse
vulnerability) (#1537) (e719959)- Server: set
tls.DEFAULT_ECDH_CURVE
to'auto'
(#1531) (c12def3)v3.1.9
No release notes provided.
v3.1.8
2018-09-06
Bug Fixes
- package:
yargs
security vulnerability (dependencies
) (#1492) (8fb67c9)- utils/createLogger: ensure
quiet
always takes precedence (options.quiet
) (#1486) (7a6ca47)v3.1.7
2018-08-29
Bug Fixes
v3.1.6
2018-08-26
Bug Fixes
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from webpack-dev-server's changelog.
3.1.11 (2018-12-21)
Bug Fixes
- bin/options: correct check for color support (
options.color
) (#1555) (55398b5)- package: update
spdy
v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)- Server: correct
node
version checks (#1543) (927a2b3)- Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
- add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
- check origin header for websocket connection (#1603) (b3217ca)
<a name="3.1.10"></a>
3.1.10 (2018-10-23)
Bug Fixes
- options: add
writeToDisk
option to schema (#1520) (d2f4902)- package: update
sockjs-client
v1.1.5...1.3.0 (url-parse
vulnerability) (#1537) (e719959)- Server: set
tls.DEFAULT_ECDH_CURVE
to'auto'
(#1531) (c12def3)<a name="3.1.9"></a>
3.1.9 (2018-09-24)
<a name="3.1.8"></a>
3.1.8 (2018-09-06)
Bug Fixes
- package:
yargs
security vulnerability (dependencies
) (#1492) (8fb67c9)- utils/createLogger: ensure
quiet
always takes precedence (options.quiet
) (#1486) (7a6ca47)<a name="3.1.7"></a>
3.1.7 (2018-08-29)
Bug Fixes
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
ff2874f
chore(release): 3.1.11b3217ca
fix: check origin header for websocket connection (#1603)68dd49a
fix: add url for compatibility with webpack@5 (#1598) (#1599)fadae5d
fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)7a3a257
fix(package): updatespdy
v3.4.1...4.0.0 (assertion error) (#1491) (#1563)1fe82de
ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)55398b5
fix(bin/options): correct check for color support (options.color
) (#1555)927a2b3
fix(Server): correctnode
version checks (#1543)fa96a76
chore(PULL_REQUEST_TEMPLATE): allow features (#1539)fe3219f
chore(release): 3.1.10- Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>
This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version. </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a few seconds
create barnchmaltewirz/vue-user-input
branch : dependabot/npm_and_yarn/webpack-dev-server-3.1.11
created branch time in a few seconds
delete branch MyklClason/tweetscope
delete branch : dependabot/bundler/loofah-2.3.1
delete time in a minute
push eventDanielDanielDanielDanielDaniel/aucta-framework
commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc
reee
commit sha be947124a7f16fe484b7ce671c44537331778265
Bump eslint-utils from 1.3.1 to 1.4.3 Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.3.1 to 1.4.3. - [Release notes](https://github.com/mysticatea/eslint-utils/releases) - [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.3.1...v1.4.3) Signed-off-by: dependabot[bot] <support@github.com>
push time in a minute
delete branch DanielDanielDanielDanielDaniel/aucta-framework
delete branch : dependabot/npm_and_yarn/safer-eval-1.3.5
delete time in a minute
PR closed DanielDanielDanielDanielDaniel/aucta-framework
Bumps safer-eval from 1.3.2 to 1.3.5. <details> <summary>Commits</summary>
6d5ed4b
1.3.5fbbc623
Merge pull request #7 from commenthol/strict-mode-recommendation1a87237
fix: use strict mode recommendationb81dab9
1.3.4073267a
Merge pull request #6 from commenthol/fix-breakout-console25c3048
docu: Update tested browsers/ node versions25fbbe5
fix: sandbox breakout with console.constructor...1ff9411
chore: bump dependenciesd3167c8
1.3.3ba69286
Merge pull request #5 from commenthol/warning- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in a minute
push eventDanielDanielDanielDanielDaniel/aucta-framework
commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc
reee
commit sha eef9a143b19a0027a7ac94813c7e097cbba56764
Bump mixin-deep from 1.3.1 to 1.3.2 Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/jonschlinkert/mixin-deep/releases) - [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2) Signed-off-by: dependabot[bot] <support@github.com>
push time in a minute
pull request commentDanielDanielDanielDanielDaniel/aucta-framework
Bump safer-eval from 1.3.2 to 1.3.5
Superseded by #7.
comment created time in a minute
PR opened DanielDanielDanielDanielDaniel/aucta-framework
Bumps safer-eval from 1.3.2 to 1.3.6. <details> <summary>Commits</summary>
d79adcf
1.3.6fe26316
docu: THIS MODULE IS HARMFUL6d5ed4b
1.3.5fbbc623
Merge pull request #7 from commenthol/strict-mode-recommendation1a87237
fix: use strict mode recommendationb81dab9
1.3.4073267a
Merge pull request #6 from commenthol/fix-breakout-console25c3048
docu: Update tested browsers/ node versions25fbbe5
fix: sandbox breakout with console.constructor...1ff9411
chore: bump dependencies- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a minute
create barnchDanielDanielDanielDanielDaniel/aucta-framework
branch : dependabot/npm_and_yarn/safer-eval-1.3.6
created branch time in a minute
push eventDanielDanielDanielDanielDaniel/aucta-framework
commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc
reee
commit sha c6e13ce09c453ccd0cdaaea06a87b7e3522b3a62
Bump fstream from 1.0.11 to 1.0.12 Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12. - [Release notes](https://github.com/npm/fstream/releases) - [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12) Signed-off-by: dependabot[bot] <support@github.com>
push time in a minute
push eventDanielDanielDanielDanielDaniel/aucta-framework
commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc
reee
commit sha c35cd4829f3a825b0d0c25c211788b135f22b606
Bump lodash.mergewith from 4.6.1 to 4.6.2 Bumps [lodash.mergewith](https://github.com/lodash/lodash) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/commits) Signed-off-by: dependabot[bot] <support@github.com>
push time in a minute
PR opened gope7010/Online-Book-Store
Bumps axios from 0.17.1 to 0.19.0. <details> <summary>Release notes</summary>
Sourced from axios's releases.
v0.19.0
Fixes and Functionality:
- Unzip response body only for statuses != 204 (#1129) - drawski
- Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
- Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
- Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
- Allow uppercase methods in typings. (#1781) - Ken Powers
- Fixing .eslintrc without extension (#1789) - Manoel
- Consistent coding style (#1787) - Ali Servet Donmez
- Fixing building url with hash mark (#1771) - Anatoly Ryabov
- This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after
#
, because client cut everything after#
- Preserve HTTP method when following redirect (#1758) - Rikki Gibson
- Add
getUri
signature to TypeScript definition. (#1736) - Alexander Trauzzi- Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
- Fix failing SauceLabs tests by updating configuration - Emily Morehouse
Documentation:
- Add information about auth parameter to README (#2166) - xlaguna
- Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
- Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
- Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
- Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
- Fixing spacing for README.md (#2066) - Josh McCarty
- Update README.md. - Change
.then
to.finally
in example code (#2090) - Omar Cai- Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
- docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
- It seems that
responseType: 'blob'
doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser- Add issue templates - Emily Morehouse
- Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
- Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
- Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer
v0.19.0-beta.1
NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.
New Functionality:
- Add getUri method (#1712)
- Add support for no_proxy env variable (#1693)
- Add toJSON to decorated Axios errors to faciliate serialization (#1625)
- Add second then on axios call (#1623)
- Typings: allow custom return types
- Add option to specify character set in responses (with http adapter)
Fixes:
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from axios's changelog.
0.19.0 (May 30, 2019)
Fixes and Functionality:
- Added support for no_proxy env variable (#434) - Chance Dickson
- Unzip response body only for statuses != 204 (#1129) - drawski
- Destroy stream on exceeding maxContentLength (fixes #1098) (#1485) - Gadzhi Gadzhiev
- Makes Axios error generic to use AxiosResponse (#1738) - Suman Lama
- Fixing Mocha tests by locking follow-redirects version to 1.5.10 (#1993) - grumblerchester
- Allow uppercase methods in typings. (#1781) - Ken Powers
- Fixing building url with hash mark (#1771) - Anatoly Ryabov
- This commit fix building url with hash map (fragment identifier) when parameters are present: they must not be added after
#
, because client cut everything after#
- Preserve HTTP method when following redirect (#1758) - Rikki Gibson
- Add
getUri
signature to TypeScript definition. (#1736) - Alexander Trauzzi- Adding isAxiosError flag to errors thrown by axios (#1419) - Ayush Gupta
Internal:
- Fixing .eslintrc without extension (#1789) - Manoel
- Fix failing SauceLabs tests by updating configuration - Emily Morehouse
- Add issue templates - Emily Morehouse
Documentation:
- Consistent coding style in README (#1787) - Ali Servet Donmez
- Add information about auth parameter to README (#2166) - xlaguna
- Add DELETE to list of methods that allow data as a config option (#2169) - Daniela Borges Matos de Carvalho
- Update ECOSYSTEM.md - Add Axios Endpoints (#2176) - Renan
- Add r2curl in ECOSYSTEM (#2141) - 유용우 / CX
- Update README.md - Add instructions for installing with yarn (#2036) - Victor Hermes
- Fixing spacing for README.md (#2066) - Josh McCarty
- Update README.md. - Change
.then
to.finally
in example code (#2090) - Omar Cai- Clarify what values responseType can have in Node (#2121) - Tyler Breisacher
- docs(ECOSYSTEM): add axios-api-versioning (#2020) - Weffe
- It seems that
responseType: 'blob'
doesn't actually work in Node (when I tried using it, response.data was a string, not a Blob, since Node doesn't have Blobs), so this clarifies that this option should only be used in the browser- Update README.md. - Add Querystring library note (#1896) - Dmitriy Eroshenko
- Add react-hooks-axios to Libraries section of ECOSYSTEM.md (#1925) - Cody Chan
- Clarify in README that default timeout is 0 (no timeout) (#1750) - Ben Standefer
0.19.0-beta.1 (Aug 9, 2018)
NOTE: This is a beta version of this release. There may be functionality that is broken in certain browsers, though we suspect that builds are hanging and not erroring. See https://saucelabs.com/u/axios for the most up-to-date information.
New Functionality:
8d0b92b
Releasing 0.19.03f7451c
Update Changelog for release (0.19.0)f28ff93
Add information about auth parameter to README (#2166)5250e6e
Add DELETE to list of methods that allow data as a config option (#2169)6b0ccd1
Update ECOSYSTEM.md - Add Axios Endpoints (#2176)299e827
Add r2curl in ECOSYSTEM (#2141)fd0c959
Unzip response body only for statuses != 204 (#1129)92d2313
Update README.md - Add instructions for installing with yarn (#2036)ddcc2e4
Fixing spacing for README.md (#2066)48c43d5
Update README.md. - Change.then
to.finally
in example code (#2090)- Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>
This version was pushed to npm by emilyemorehouse, a new releaser for axios since your current version. </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a minute
create barnchgope7010/Online-Book-Store
branch : dependabot/npm_and_yarn/axios-0.19.0
created branch time in a minute
delete branch AspenLuoQiang/ohEditor
delete branch : dependabot/npm_and_yarn/lodash-4.17.15
delete time in a minute
PR opened MyklClason/tweetscope
Bumps sprockets from 3.7.0 to 3.7.2. <details> <summary>Changelog</summary>
Sourced from sprockets's changelog.
3.7.2 (June 19, 2018)
- Security release for CVE-2018-3760.
3.7.1 (December 19, 2016)
- Ruby 2.4 support for Sprockets 3.
3.7.0 (July 21, 2016)
- Deprecated interfaces now emit deprecation warnings #345
3.6.3 (July 1, 2016)
- Faster asset lookup in large directories #336
- Faster PathUtils.match_path_extname https://github.com/rails/sprockets/commit/697269cf81e5261fdd7072e32bd489403027fd7e
- Fixed uglifier comment stripping #326
- Error messages now show load path info #313
3.6.2 (June 21, 2016)
- More performance improvements.
3.6.1 (June 17, 2016)
- Some performance improvements.
3.6.0 (April 6, 2016)
- Add
Manifest#find_sources
to return the source of the compiled assets.- Fix the list of compressable mime types.
- Improve performance of the
FileStore
cache.3.5.2 (December 8, 2015)
- Fix JRuby bug with concurrent-ruby.
- Fix disabling gzip generation in cached environments.
3.5.1 (December 5, 2015)
- Fix gzip asset generation for assets already on disk.
3.5.0 (December 3, 2015)
- Reintroduce Gzip file generation for non-binary assets.
3.4.1 (November 25, 2015)
- PathUtils::Entries will no longer error on an empty directory.
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
2f7b7e5
v3.7.29c34fa0
Do not respond to http requests asking for afile://
eb0af6d
Make sure find_sources behaves in the same way when the assets don'tcfae3de
Merge pull request #487 from mcfiredrill/patch-1dbeda82
typo in deprecation message10dada6
v3.7.1a20f35c
Merge pull request #442 from maclover7/jm-ruby-24d47639f
Update Sprockets::Utils#duplicable? for Ruby 2.4+d62bf7b
Add Ruby v2.4.0-rc1 to Travis matrix9c2c5f8
Backport test changes from a4001a4b2f8408f0a87ff44aa21b502c1847f79e- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a minute
PR opened only-vue/vue-admin
Bumps webpack-bundle-analyzer from 2.13.1 to 3.3.2. <details> <summary>Release notes</summary>
Sourced from webpack-bundle-analyzer's releases.
First test with Lerna monorepo
th0r/webpack-bundle-analyzer#98 </details> <details> <summary>Changelog</summary>
Sourced from webpack-bundle-analyzer's changelog.
3.3.2
3.3.1
Improvements
Bug Fix
3.3.0
New Feature
- Show/hide chunks using context menu (#246, @bregenspan)
Internal
- Updated dev dependencies
3.2.0
- Improvements
- Add support for .mjs output files (#252, @jlopezxs)
3.1.0
- Bug Fix
- Properly determine the size of the modules containing special characters (#223, @hulkish)
- Update acorn to v6 (#248, @realityking)
3.0.4
- Bug Fix
- Make webpack's done hook wait until analyzer writes report or stat file (#247, @mareolan)
3.0.3
- Bug Fix
- Disable viewer websocket connection when report is generated in
static
mode (#215, @sebastianhaeni)3.0.2
Improvements
- Drop
@babel/runtime
dependency (#209, @realityking)- Properly specify minimal Node.js version in
.babelrc
(#209, @realityking)Bug Fix </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
345c3f5
v3.3.2a615815
Merge pull request #264 from webpack-contrib/fix-escape-regression20f2b4c
Fix regression with escaping internal assets9836649
v3.3.1d1db526
Remove outdated item from troubleshooting sectionca34279
Merge pull request #261 from webpack-contrib/relative-links-to-assets99818f9
Fix changelog21722d2
Add changelog entryed99c32
Use relative links for serving internal assets3ce1b8c
Merge pull request #262 from webpack-contrib/proper-js-escape- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a minute
create barnchMyklClason/tweetscope
branch : dependabot/bundler/sprockets-3.7.2
created branch time in a minute
create barnchonly-vue/vue-admin
branch : dependabot/npm_and_yarn/webpack-bundle-analyzer-3.3.2
created branch time in a minute
delete branch AspenLuoQiang/ohEditor
delete branch : dependabot/npm_and_yarn/mixin-deep-1.3.2
delete time in a minute
delete branch adayswait/arachn
delete branch : dependabot/npm_and_yarn/mixin-deep-1.3.2
delete time in a minute
push eventMyklClason/tweetscope
commit sha 07b6925ada04f818db92dbe9de1a52a34d276c1f
Bump nokogiri from 1.6.8 to 1.10.5 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.6.8 to 1.10.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.6.8...v1.10.5) Signed-off-by: dependabot[bot] <support@github.com>
commit sha e014abd6e39700a7dd0d73243e6a059d1e62ba18
Merge pull request #4 from MyklClason/dependabot/bundler/nokogiri-1.10.5 Bump nokogiri from 1.6.8 to 1.10.5
commit sha ed5b788b4cc71451ee0da2ef71edcfac1f2e2070
Bump loofah from 2.0.3 to 2.3.1 Bumps [loofah](https://github.com/flavorjones/loofah) from 2.0.3 to 2.3.1. - [Release notes](https://github.com/flavorjones/loofah/releases) - [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md) - [Commits](https://github.com/flavorjones/loofah/compare/v2.0.3...v2.3.1) Signed-off-by: dependabot[bot] <support@github.com>
push time in a minute
PR opened only-vue/vue-admin
Bumps axios from 0.15.3 to 0.18.1. <details> <summary>Release notes</summary>
Sourced from axios's releases.
v0.18.1
Security Fix:
v.0.18.0
- Adding support for UNIX Sockets when running with Node.js (#1070)
- Fixing typings (#1177):
- AxiosRequestConfig.proxy: allows type false
- AxiosProxyConfig: added auth field
- Adding function signature in AxiosInstance interface so AxiosInstance can be invoked (#1192, #1254)
- Allowing maxContentLength to pass through to redirected calls as maxBodyLength in follow-redirects config (#1287)
- Fixing configuration when using an instance - method can now be set (#1342)
0.17.1 (Nov 11, 2017)
- Fixing issue with web workers (#1160)
- Allowing overriding transport (#1080)
- Updating TypeScript typings (#1165, #1125, #1131)
v0.17.1
No release notes provided.
v0.17.0
No release notes provided.
v0.16.2
No release notes provided.
v0.16.1
No release notes provided.
v0.16.0
No release notes provided. </details> <details> <summary>Changelog</summary>
Sourced from axios's changelog.
0.18.1 (May 31, 2019)
Security Fix:
0.18.0 (Feb 19, 2018)
- Adding support for UNIX Sockets when running with Node.js (#1070)
- Fixing typings (#1177):
- AxiosRequestConfig.proxy: allows type false
- AxiosProxyConfig: added auth field
- Adding function signature in AxiosInstance interface so AxiosInstance can be invoked (#1192, #1254)
- Allowing maxContentLength to pass through to redirected calls as maxBodyLength in follow-redirects config (#1287)
- Fixing configuration when using an instance - method can now be set (#1342)
0.17.1 (Nov 11, 2017)
- Fixing issue with web workers (#1160)
- Allowing overriding transport (#1080)
- Updating TypeScript typings (#1165, #1125, #1131)
0.17.0 (Oct 21, 2017)
- BREAKING Fixing issue with
baseURL
and interceptors (#950)- BREAKING Improving handing of duplicate headers (#874)
- Adding support for disabling proxies (#691)
- Updating TypeScript typings with generic type parameters (#1061)
0.16.2 (Jun 3, 2017)
- Fixing issue with including
buffer
in bundle (#887)- Including underlying request in errors (#830)
- Convert
method
to lowercase (#930)0.16.1 (Apr 8, 2017)
- Improving HTTP adapter to return last request in case of redirects (#828)
- Updating
follow-redirects
dependency (#829)- Adding support for passing
Buffer
in node (#773)0.16.0 (Mar 31, 2017)
- BREAKING Removing
Promise
from axios typings in favor of built-in type declarations (#480)- Adding
options
shortcut method (#461)- Fixing issue with using
responseType: 'json'
in browsers incompatible with XHR Level 2 (#654)- Improving React Native detection (#731)
- Fixing
combineURLs
to support emptyrelativeURL
(#581)- Removing
PROTECTION_PREFIX
support (#561) </details> <details> <summary>Commits</summary>
face016
Releasing 0.18.10628763
Update Changelog for release (0.18.1)dc9b29c
adjust README to match IE support16326d5
Remove usages of isOldIE in tests5a4228b
Remove IE10 launcher from karma config695b5f7
Remove isOldIE check in testse314ab0
Remove HTTP 1223 handling7efa822
Remove btoa polyfill testsf3cdcc7
Delete btoa polyfillefc0b58
Remove ie8/9 special CORS treatment and btoa polyfill- Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>
This version was pushed to npm by emilyemorehouse, a new releaser for axios since your current version. </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in a minute
create barnchonly-vue/vue-admin
branch : dependabot/npm_and_yarn/axios-0.18.1
created branch time in a minute
delete branch MyklClason/tweetscope
delete branch : dependabot/bundler/rails-html-sanitizer-1.3.0
delete time in a minute
delete branch MyklClason/tweetscope
delete branch : dependabot/bundler/rack-1.6.11
delete time in a minute
push eventDanielDanielDanielDanielDaniel/aucta-framework
commit sha 09d15598b63c0f7a51aa6ace5ffa8a245cf292dc
reee
commit sha f8ebf7e2d358ae36620b2e8e0e31f7de4f86c9fb
Bump lodash from 4.17.11 to 4.17.13 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.13) Signed-off-by: dependabot[bot] <support@github.com>
push time in a minute
PR closed MyklClason/tweetscope
Bumps rails-html-sanitizer from 1.0.3 to 1.3.0. <details> <summary>Release notes</summary>
Sourced from rails-html-sanitizer's releases.
v1.3.0
Address deprecations in Loofah 2.3.0.
Josh Goodall
v1.2.0
Remove needless
white_list_sanitizer
deprecation.By deprecating this, we were forcing Rails 5.2 to be updated or spew deprecations that users could do nothing about.
That's pointless and I'm sorry for adding that!
Now there's no deprecation warning and Rails 5.2 works out of the box, while Rails 6 can use the updated naming.
Kasper Timm Hansen
v1.1.0
Add
safe_list_sanitizer
and deprecatewhite_list_sanitizer
to be removed in 1.2.0. rails/rails-html-sanitizer#87Juanito Fatas
Remove
href
from LinkScrubber'stags
as it's not an element. rails/rails-html-sanitizer#92Juanito Fatas
Explain that we don't need to bump Loofah here if there's CVEs. https://github.com/rails/rails-html-sanitizer/commit/d4d823c617fdd0064956047f7fbf23fff305a69b
Kasper Timm Hansen
v1.0.4
- Fix CVE-2018-3741. </details> <details> <summary>Changelog</summary>
Sourced from rails-html-sanitizer's changelog.
1.3.0
Address deprecations in Loofah 2.3.0.
Josh Goodall
1.2.0
Remove needless
white_list_sanitizer
deprecation.By deprecating this, we were forcing Rails 5.2 to be updated or spew deprecations that users could do nothing about.
That's pointless and I'm sorry for adding that!
Now there's no deprecation warning and Rails 5.2 works out of the box, while Rails 6 can use the updated naming.
Kasper Timm Hansen
1.1.0
Add
safe_list_sanitizer
and deprecatewhite_list_sanitizer
to be removed in 1.2.0. rails/rails-html-sanitizer#87Juanito Fatas
Remove
href
from LinkScrubber'stags
as it's not an element. rails/rails-html-sanitizer#92Juanito Fatas
Explain that we don't need to bump Loofah here if there's CVEs. https://github.com/rails/rails-html-sanitizer/commit/d4d823c617fdd0064956047f7fbf23fff305a69b
Kasper Timm Hansen
1.0.1
- Added support for Rails 4.2.0.beta2 and above
1.0.0
- First release. </details> <details> <summary>Commits</summary>
51dc564
v1.3.065b9f88
Merge pull request #102 from orien/gem-metadata845da04
Add project metadata to the gemspec43a87f5
Match Loofah's API changes.b8ea80d
Prepare 1.2.05581871
Remove needless white list sanitizer deprecations1a02a14
Merge pull request #96 from olleolleolle/patch-131cf584
CI: Drop unused sudo: false Travis directive0b64e50
Merge pull request #95 from rwojnarowski/patch-121da038
Deprecated warning text, missing space- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 2 minutes
PR closed MyklClason/tweetscope
Bumps rack from 1.6.4 to 1.6.11. <details> <summary>Commits</summary>
2bef132
Bumping version for release97ca63d
Whitelist http/https schemes7b5054e
Merge pull request #1296 from tomelm/fix-prefers-plaintextfdcd03a
Bump version for release2293c6a
Merge pull request #1249 from mclark/handle-invalid-method-parametersb27dd86
handle failure to upcase invalid strings274d934
Stick with a passing version of Rubygems and bundler617aac0
bump version for releasedc017e7
Merge pull request #1237 from eileencodes/backport-11374d6965a
Backport pull request #1137 from unabridged/fix-eof-failure- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 2 minutes
pull request commentMyklClason/tweetscope
Bump rails-html-sanitizer from 1.0.3 to 1.3.0
Looks like rails-html-sanitizer is up-to-date now, so this is no longer needed.
comment created time in 2 minutes
pull request commentMyklClason/tweetscope
Bump rack from 1.6.4 to 1.6.11
Looks like rack is no longer updatable, so this is no longer needed.
comment created time in 2 minutes
push eventUberech/Taskech
commit sha a16bb963dbf18f6df3cce13ff8b0a4a57635d3a2
Bump sprockets from 3.5.2 to 3.7.2 Bumps [sprockets](https://github.com/rails/sprockets) from 3.5.2 to 3.7.2. - [Release notes](https://github.com/rails/sprockets/releases) - [Changelog](https://github.com/rails/sprockets/blob/v3.7.2/CHANGELOG.md) - [Commits](https://github.com/rails/sprockets/compare/v3.5.2...v3.7.2) Signed-off-by: dependabot[bot] <support@github.com>
commit sha 4f3a97c04663e3356fcb9cd3eff062b2adad4e0d
Merge pull request #4 from Uberech/dependabot/bundler/sprockets-3.7.2 Bump sprockets from 3.5.2 to 3.7.2
commit sha ccba5dee3e5b8724752284c8f7a39475f063b4aa
Bump rails-html-sanitizer from 1.0.3 to 1.3.0 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.3.0. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.0.3...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>
commit sha 6fd0fe0dc0090b623356a57be5631668eb4e9695
Merge pull request #2 from Uberech/dependabot/bundler/rails-html-sanitizer-1.3.0 Bump rails-html-sanitizer from 1.0.3 to 1.3.0
commit sha f2360428736f89b04af6f244f0dcea6815d15e89
Bump devise from 3.5.6 to 4.7.1 Bumps [devise](https://github.com/plataformatec/devise) from 3.5.6 to 4.7.1. - [Release notes](https://github.com/plataformatec/devise/releases) - [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md) - [Commits](https://github.com/plataformatec/devise/compare/v3.5.6...v4.7.1) Signed-off-by: dependabot[bot] <support@github.com>
commit sha fe33fd95230bf0f417dc701485491deefd198ca7
Merge pull request #3 from Uberech/dependabot/bundler/devise-4.7.1 Bump devise from 3.5.6 to 4.7.1
commit sha df4fa5d02048b577ac75fa739aa2738f4661703d
Bump ffi from 1.9.10 to 1.11.3 Bumps [ffi](https://github.com/ffi/ffi) from 1.9.10 to 1.11.3. - [Release notes](https://github.com/ffi/ffi/releases) - [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md) - [Commits](https://github.com/ffi/ffi/compare/1.9.10...1.11.3) Signed-off-by: dependabot[bot] <support@github.com>
push time in 2 minutes
create barnchSeongmun-Hong/react_webrtc
branch : dependabot/npm_and_yarn/react_webrtc/mixin-deep-1.3.2
created branch time in 2 minutes
PR opened Seongmun-Hong/react_webrtc
Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary>
754f0c2
1.3.290ee1fa
ensure keys are valid when mixing in values- See full diff in compare view </details> <details> <summary>Maintainer changes</summary>
This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version. </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
PR opened PrajaktaShirke29/productsDetails
Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary>
ab73503
Bump to v4.5.0.a4f7d4c
Rebuild lodash and docs.cca5ac6
Fix npm-test by removing the call to test-docs.9f7f9fc
Adjust heading order. [ci skip]6e2fb92
Remove unusedbaseArity
.4f702e2
Specify utf8 encoding.b188f90
Add fp tests for iteratee shorthands.7b93dc9
Ensure clone methods clone expando properties of boolean, number, & string ob...664d66a
Make string tests more consistent.d9dc0e6
Add_.invertBy
tests.- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
PR opened PrajaktaShirke29/productsDetails
Bumps mixin-deep from 1.3.1 to 1.3.2. <details> <summary>Commits</summary>
754f0c2
1.3.290ee1fa
ensure keys are valid when mixing in values- See full diff in compare view </details> <details> <summary>Maintainer changes</summary>
This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version. </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
create barnchPrajaktaShirke29/productsDetails
branch : dependabot/npm_and_yarn/reactMongodb/lodash.template-4.5.0
created branch time in 2 minutes
PR opened PrajaktaShirke29/productsDetails
Bumps handlebars from 4.0.12 to 4.5.3. <details> <summary>Changelog</summary>
Sourced from handlebars's changelog.
v4.5.3 - November 18th, 2019
Bugfixes:
- fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
- fix: add more properties required to be enumerable - 1988878
Chores / Build:
- fix: use !== 0 instead of != 0 - c02b05f
- add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0
Security:
- The properties
__proto__
,__defineGetter__
,__defineSetter__
and__lookupGetter__
have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate toundefined
. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.Compatibility notes:
- Due to the security-fixes. The semantics of the templates using
__proto__
,__defineGetter__
,__defineSetter__
and__lookupGetter__
in the respect that those expression now returnundefined
rather than their actual value from the proto.- The semantics have not changed in cases where the properties are enumerable, as in:
{ __proto__: 'some string' }
- The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.
v4.5.2 - November 13th, 2019
Bugfixes
- fix: use String(field) in lookup when checking for "constructor" - d541378
- test: add fluent API for testing Handlebars - c2ac79c
Compatibility notes:
- no incompatibility are to be expected </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
c819c8b
v4.5.3827c9d0
Update release notesf7f05d7
fix: add "no-prototype-builtins" eslint-rule and fix all occurences1988878
fix: add more properties required to be enumerable886ba86
test/chore: add chai/expect and sinon to "runtime"-environment0817dad
test: add sinon as global variable to eslint in the specs93516a0
test: add sinon.js for spies, deprecate current assertions93e284e
chore: add chai and dirty-chai for better test assertionsc02b05f
fix: use !== 0 instead of != 08de121d
v4.5.2- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
create barnchPrajaktaShirke29/productsDetails
branch : dependabot/npm_and_yarn/reactMongodb/mixin-deep-1.3.2
created branch time in 2 minutes
PR opened PrajaktaShirke29/productsDetails
Bumps merge from 1.2.0 to 1.2.1. <details> <summary>Commits</summary>
b31e67f
link broken6ad6035
Fix prototype pollution- See full diff in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
create barnchPrajaktaShirke29/productsDetails
branch : dependabot/npm_and_yarn/reactMongodb/handlebars-4.5.3
created branch time in 2 minutes
delete branch adayswait/arachn
delete branch : dependabot/npm_and_yarn/lodash-4.17.15
delete time in 2 minutes
create barnchPrajaktaShirke29/productsDetails
branch : dependabot/npm_and_yarn/reactMongodb/merge-1.2.1
created branch time in 2 minutes
delete branch Uberech/Taskech
delete branch : dependabot/bundler/nokogiri-1.10.7
delete time in 2 minutes
PR closed Uberech/Taskech
Bumps nokogiri from 1.6.7.2 to 1.10.7. <details> <summary>Release notes</summary>
Sourced from nokogiri's releases.
1.10.7 / 2019-12-03
Bug
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. #19541.10.6 / 2019-12-03
Bug
1.10.5 / 2019-10-31
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
1.10.2 / 2019-03-24
Security
Sourced from nokogiri's changelog.
1.10.7 / 2019-12-03
Bug
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. #19541.10.6 / 2019-12-03
Bug
1.10.5 / 2019-10-31
Security
[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:
- CVE-2019-13117
- CVE-2019-13118
- CVE-2019-18197
More details are available at #1943.
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
e6b3229
version bump to v1.10.74f9d443
update CHANGELOG80e67ef
Fix the patch from #1953 to work with bothgit
andpatch
7cf1b85
Fix typo in generated metadatad76180d
add gem metadata13132fc
version bump to v1.10.695e56fd
update CHANGELOG73c53ee
Add a patch to fix libxml2.la's path061d75d
add security note to CHANGELOG1bc2ff9
version bump to v1.10.5- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 2 minutes
PR opened Seongmun-Hong/react_webrtc
Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary>
ab73503
Bump to v4.5.0.a4f7d4c
Rebuild lodash and docs.cca5ac6
Fix npm-test by removing the call to test-docs.9f7f9fc
Adjust heading order. [ci skip]6e2fb92
Remove unusedbaseArity
.4f702e2
Specify utf8 encoding.b188f90
Add fp tests for iteratee shorthands.7b93dc9
Ensure clone methods clone expando properties of boolean, number, & string ob...664d66a
Make string tests more consistent.d9dc0e6
Add_.invertBy
tests.- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
create barnchSeongmun-Hong/react_webrtc
branch : dependabot/npm_and_yarn/react_webrtc/lodash.template-4.5.0
created branch time in 2 minutes
pull request commentUberech/Taskech
Bump nokogiri from 1.6.7.2 to 1.10.7
Looks like nokogiri is up-to-date now, so this is no longer needed.
comment created time in 2 minutes
delete branch MyklClason/tweetscope
delete branch : dependabot/bundler/nokogiri-1.10.5
delete time in 2 minutes
PR opened coolgirls/Travels
Bumps eslint from 4.17.0 to 4.18.2. <details> <summary>Release notes</summary>
Sourced from eslint's releases.
v4.18.2
- 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler)
- 3c697de Chore: fix incorrect comment about linter.verify return value (#10030) (Teddy Katz)
- 9df8653 Chore: refactor parser-loading out of linter.verify (#10028) (Teddy Katz)
- f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis)
- e4f52ce Chore: Simplify dataflow in linter.verify (#10020) (Teddy Katz)
- 33177cd Chore: make library files non-executable (#10021) (Teddy Katz)
- 558ccba Chore: refactor directive comment processing (#10007) (Teddy Katz)
- 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010) (Teddy Katz)
- a1c3759 Chore: refactor populating configs with defaults in linter (#10006) (Teddy Katz)
- aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985) (Rachael Sim)
v4.18.1
- f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993) (Teddy Katz)
- 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987) (Jaid)
- 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986) (Toru Nagashima)
v4.18.0
- 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944) (Kenton Jacobsen)
- 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951) (Teddy Katz)
- 47ac478 Update: add named imports and exports for object-curly-newline (#9876) (Nicholas Chua)
- e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943) (Toru Nagashima)
- f012b8c Fix: support Async iteration (fixes #9891) (#9957) (Toru Nagashima)
- 74fa253 Docs: Clarify no-mixed-operators options (fixes #9962) (#9964) (Ivan Hayes)
- 426868f Docs: clean up key-spacing docs (fixes #9900) (#9963) (Abid Uzair)
- 4a6f22e Update: support eslint-disable-* block comments (fixes #8781) (#9745) (Erin)
- 777283b Docs: Propose fix typo for function (#9965) (John Eismeier)
- bf3d494 Docs: Fix typo in max-len ignorePattern example. (#9956) (Tim Martin)
- d64fbb4 Docs: fix typo in prefer-destructuring.md example (#9930) (Vse Mozhet Byt)
- f8d343f Chore: Fix default issue template (#9946) (Kai Cataldo) </details> <details> <summary>Changelog</summary>
Sourced from eslint's changelog.
v4.18.2 - March 2, 2018
- 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022) (Mathieu Seiler)
- 3c697de Chore: fix incorrect comment about linter.verify return value (#10030) (Teddy Katz)
- 9df8653 Chore: refactor parser-loading out of linter.verify (#10028) (Teddy Katz)
- f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis)
- e4f52ce Chore: Simplify dataflow in linter.verify (#10020) (Teddy Katz)
- 33177cd Chore: make library files non-executable (#10021) (Teddy Katz)
- 558ccba Chore: refactor directive comment processing (#10007) (Teddy Katz)
- 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010) (Teddy Katz)
- a1c3759 Chore: refactor populating configs with defaults in linter (#10006) (Teddy Katz)
- aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985) (Rachael Sim)
v4.18.1 - February 20, 2018
- f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993) (Teddy Katz)
- 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987) (Jaid)
- 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986) (Toru Nagashima)
v4.18.0 - February 16, 2018
- 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944) (Kenton Jacobsen)
- 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951) (Teddy Katz)
- 47ac478 Update: add named imports and exports for object-curly-newline (#9876) (Nicholas Chua)
- e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943) (Toru Nagashima)
- f012b8c Fix: support Async iteration (fixes #9891) (#9957) (Toru Nagashima)
- 74fa253 Docs: Clarify no-mixed-operators options (fixes #9962) (#9964) (Ivan Hayes)
- 426868f Docs: clean up key-spacing docs (fixes #9900) (#9963) (Abid Uzair)
- 4a6f22e Update: support eslint-disable-* block comments (fixes #8781) (#9745) (Erin)
- 777283b Docs: Propose fix typo for function (#9965) (John Eismeier)
- bf3d494 Docs: Fix typo in max-len ignorePattern example. (#9956) (Tim Martin)
- d64fbb4 Docs: fix typo in prefer-destructuring.md example (#9930) (Vse Mozhet Byt)
- f8d343f Chore: Fix default issue template (#9946) (Kai Cataldo) </details> <details> <summary>Commits</summary>
22ff6f3
4.18.2817b84b
Build: changelog update for 4.18.26b71fd0
Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022)3c697de
Chore: fix incorrect comment about linter.verify return value (#10030)9df8653
Chore: refactor parser-loading out of linter.verify (#10028)f6901d0
Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)e4f52ce
Chore: Simplify dataflow in linter.verify (#10020)33177cd
Chore: make library files non-executable (#10021)558ccba
Chore: refactor directive comment processing (#10007)18e15d9
Chore: avoid useless catch clauses that just rethrow errors (#10010)- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
create barnchcoolgirls/Travels
branch : dependabot/npm_and_yarn/eslint-4.18.2
created branch time in 2 minutes
delete branch Uberech/Taskech
delete branch : dependabot/bundler/devise-4.7.1
delete time in 2 minutes
delete branch adayswait/arachn
delete branch : dependabot/npm_and_yarn/lodash.template-4.5.0
delete time in 2 minutes
PR opened hazeke94/ITPTeam9Project
Bumps lodash from 4.17.11 to 4.17.15. <details> <summary>Commits</summary>
ddfd9b1
Bump to v4.17.15.b185fce
Rebuild lodash and docs.be87d30
Bump to v4.17.14.a6fe6b1
Rebuild lodash and docs.e371828
Bump to v4.17.13.357e899
Rebuild lodash and docs.fd9a062
Bump to v4.17.12.e77d681
Rebuild lodash and docs.629d186
Update OpenJS references.2406eac
Fix minified build.- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
create barnchhazeke94/ITPTeam9Project
branch : dependabot/npm_and_yarn/functions/lodash-4.17.15
created branch time in 2 minutes
PR opened YulDewQA/qatest
Bumps eslint-utils from 1.3.1 to 1.4.3. <details> <summary>Commits</summary>
23f4ddc
🔖 1.4.38f9e481
🐛 fix reference tracker false positive6633278
⚒ fix test scripts7c8e67c
⚒ fix build scripts41ff95e
⚒ update dependencies4942012
⚒ fix build scriptsf1c8d02
⚒ update build scriptsa88598a
Create FUNDING.yml4e1bc07
1.4.2e4cb014
🐛 add null test- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 2 minutes
delete branch Uberech/Uberech
delete branch : dependabot/bundler/nokogiri-1.10.7
delete time in 2 minutes
delete branch Uberech/Uberech
delete branch : dependabot/bundler/devise-4.7.1
delete time in 2 minutes
PR closed Uberech/Uberech
Bumps nokogiri from 1.6.7.2 to 1.10.7. <details> <summary>Release notes</summary>
Sourced from nokogiri's releases.
1.10.7 / 2019-12-03
Bug
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. #19541.10.6 / 2019-12-03
Bug
1.10.5 / 2019-10-31
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
1.10.2 / 2019-03-24
Security
Sourced from nokogiri's changelog.
1.10.7 / 2019-12-03
Bug
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. #19541.10.6 / 2019-12-03
Bug
1.10.5 / 2019-10-31
Security
[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:
- CVE-2019-13117
- CVE-2019-13118
- CVE-2019-18197
More details are available at #1943.
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
e6b3229
version bump to v1.10.74f9d443
update CHANGELOG80e67ef
Fix the patch from #1953 to work with bothgit
andpatch
7cf1b85
Fix typo in generated metadatad76180d
add gem metadata13132fc
version bump to v1.10.695e56fd
update CHANGELOG73c53ee
Add a patch to fix libxml2.la's path061d75d
add security note to CHANGELOG1bc2ff9
version bump to v1.10.5- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 2 minutes
pull request commentUberech/Uberech
Bump nokogiri from 1.6.7.2 to 1.10.7
Looks like nokogiri is up-to-date now, so this is no longer needed.
comment created time in 2 minutes
push eventUberech/Taskech
commit sha ccba5dee3e5b8724752284c8f7a39475f063b4aa
Bump rails-html-sanitizer from 1.0.3 to 1.3.0 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.3.0. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.0.3...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>
commit sha 6fd0fe0dc0090b623356a57be5631668eb4e9695
Merge pull request #2 from Uberech/dependabot/bundler/rails-html-sanitizer-1.3.0 Bump rails-html-sanitizer from 1.0.3 to 1.3.0
commit sha f2360428736f89b04af6f244f0dcea6815d15e89
Bump devise from 3.5.6 to 4.7.1 Bumps [devise](https://github.com/plataformatec/devise) from 3.5.6 to 4.7.1. - [Release notes](https://github.com/plataformatec/devise/releases) - [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md) - [Commits](https://github.com/plataformatec/devise/compare/v3.5.6...v4.7.1) Signed-off-by: dependabot[bot] <support@github.com>
push time in 3 minutes
delete branch Uberech/Taskech
delete branch : dependabot/bundler/loofah-2.4.0
delete time in 3 minutes
PR closed Uberech/Taskech
Bumps loofah from 2.0.3 to 2.4.0. <details> <summary>Release notes</summary>
Sourced from loofah's releases.
2.4.0 / 2019-11-25
Features
- Allow CSS property
max-width
#175 (Thanks, @bchaney!)- Allow CSS sizes expressed in
rem
[#176, #177]- Add
frozen_string_literal: true
magic comment to alllib
files. #1182.3.1 / 2019-10-22
Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#171
2.3.0 / 2019-09-28
Features
- Expand set of allowed protocols to include
tel:
andline:
. [#104, #147]- Expand set of allowed CSS functions. [related to #122]
- Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
- Allow CSS property
list-style
#162 (Thanks, @jaredbeck!)- Allow CSS keywords
thick
andthin
#168 (Thanks, @georgeclaghorn!)- Allow HTML property
contenteditable
#167 (Thanks, @andreynering!)Bug fixes
- CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @asok!)
Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
- Deprecate
Loofah::Helpers::ActionView.white_list_sanitizer
, please useLoofah::Helpers::ActionView.safe_list_sanitizer
instead.- Deprecate
Loofah::Helpers::ActionView::WhiteListSanitizer
, please useLoofah::Helpers::ActionView::SafeListSanitizer
instead.- Deprecate
Loofah::HTML5::WhiteList
, please useLoofah::HTML5::SafeList
instead.Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
v2.2.3
Notably, this release addresses CVE-2018-16468.
v2.2.2
2.2.2 / 2018-03-22
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from loofah's changelog.
2.4.0 / 2019-11-25
Features
- Allow CSS property
max-width
#175 (Thanks, @bchaney!)- Allow CSS sizes expressed in
rem
[#176, #177]- Add
frozen_string_literal: true
magic comment to alllib
files. #1182.3.1 / 2019-10-22
Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#171
2.3.0 / 2019-09-28
Features
- Expand set of allowed protocols to include
tel:
andline:
. [#104, #147]- Expand set of allowed CSS functions. [related to #122]
- Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
- Allow CSS property
list-style
#162 (Thanks, @jaredbeck!)- Allow CSS keywords
thick
andthin
#168 (Thanks, @georgeclaghorn!)- Allow HTML property
contenteditable
#167 (Thanks, @andreynering!)Bug fixes
- CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @asok!)
Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
- Deprecate
Loofah::Helpers::ActionView.white_list_sanitizer
, please useLoofah::Helpers::ActionView.safe_list_sanitizer
instead.- Deprecate
Loofah::Helpers::ActionView::WhiteListSanitizer
, please useLoofah::Helpers::ActionView::SafeListSanitizer
instead.- Deprecate
Loofah::HTML5::WhiteList
, please useLoofah::HTML5::SafeList
instead.Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
2.2.3 / 2018-10-30
Security
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
724ac1c
version bump to v2.4.0e808fb6
ci: don't turn on frozen strings until after bundle install0eb9976
update CHANGELOG0783f5b
add magic comment for frozen string literals to all files5ce3a71
add rubocop as dev dep and configure security and frozen string cops82ae384
test suite should check compatibility with frozen string literals8747065
Merge pull request #175 from bchaney/allow-css-max-width2767ae3
Merge pull request #177 from flavorjones/176-allow-rem-css-sizes13f734f
css sanitizer allows "rem" sizes2699b61
Allow CSS property: max-width- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 3 minutes
pull request commentUberech/Taskech
Bump loofah from 2.0.3 to 2.4.0
Looks like loofah is up-to-date now, so this is no longer needed.
comment created time in 3 minutes
delete branch Uberech/Uberech
delete branch : dependabot/bundler/ffi-1.11.3
delete time in 3 minutes
delete branch Uberech/Uberech
delete branch : dependabot/bundler/loofah-2.4.0
delete time in 3 minutes
PR opened Sonfinity-Poland/Odchudzanie__JustSkinny-Second
Bumps lodash from 4.17.11 to 4.17.15. <details> <summary>Commits</summary>
ddfd9b1
Bump to v4.17.15.b185fce
Rebuild lodash and docs.be87d30
Bump to v4.17.14.a6fe6b1
Rebuild lodash and docs.e371828
Bump to v4.17.13.357e899
Rebuild lodash and docs.fd9a062
Bump to v4.17.12.e77d681
Rebuild lodash and docs.629d186
Update OpenJS references.2406eac
Fix minified build.- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchSonfinity-Poland/Odchudzanie__JustSkinny-Second
branch : dependabot/npm_and_yarn/lodash-4.17.15
created branch time in 3 minutes
delete branch Uberech/Taskech
delete branch : dependabot/bundler/rails-html-sanitizer-1.3.0
delete time in 3 minutes
PR closed Uberech/Uberech
Bumps loofah from 2.0.3 to 2.4.0. <details> <summary>Release notes</summary>
Sourced from loofah's releases.
2.4.0 / 2019-11-25
Features
- Allow CSS property
max-width
#175 (Thanks, @bchaney!)- Allow CSS sizes expressed in
rem
[#176, #177]- Add
frozen_string_literal: true
magic comment to alllib
files. #1182.3.1 / 2019-10-22
Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#171
2.3.0 / 2019-09-28
Features
- Expand set of allowed protocols to include
tel:
andline:
. [#104, #147]- Expand set of allowed CSS functions. [related to #122]
- Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
- Allow CSS property
list-style
#162 (Thanks, @jaredbeck!)- Allow CSS keywords
thick
andthin
#168 (Thanks, @georgeclaghorn!)- Allow HTML property
contenteditable
#167 (Thanks, @andreynering!)Bug fixes
- CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @asok!)
Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
- Deprecate
Loofah::Helpers::ActionView.white_list_sanitizer
, please useLoofah::Helpers::ActionView.safe_list_sanitizer
instead.- Deprecate
Loofah::Helpers::ActionView::WhiteListSanitizer
, please useLoofah::Helpers::ActionView::SafeListSanitizer
instead.- Deprecate
Loofah::HTML5::WhiteList
, please useLoofah::HTML5::SafeList
instead.Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
v2.2.3
Notably, this release addresses CVE-2018-16468.
v2.2.2
2.2.2 / 2018-03-22
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from loofah's changelog.
2.4.0 / 2019-11-25
Features
- Allow CSS property
max-width
#175 (Thanks, @bchaney!)- Allow CSS sizes expressed in
rem
[#176, #177]- Add
frozen_string_literal: true
magic comment to alllib
files. #1182.3.1 / 2019-10-22
Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#171
2.3.0 / 2019-09-28
Features
- Expand set of allowed protocols to include
tel:
andline:
. [#104, #147]- Expand set of allowed CSS functions. [related to #122]
- Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
- Allow CSS property
list-style
#162 (Thanks, @jaredbeck!)- Allow CSS keywords
thick
andthin
#168 (Thanks, @georgeclaghorn!)- Allow HTML property
contenteditable
#167 (Thanks, @andreynering!)Bug fixes
- CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @asok!)
Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
- Deprecate
Loofah::Helpers::ActionView.white_list_sanitizer
, please useLoofah::Helpers::ActionView.safe_list_sanitizer
instead.- Deprecate
Loofah::Helpers::ActionView::WhiteListSanitizer
, please useLoofah::Helpers::ActionView::SafeListSanitizer
instead.- Deprecate
Loofah::HTML5::WhiteList
, please useLoofah::HTML5::SafeList
instead.Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
2.2.3 / 2018-10-30
Security
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
724ac1c
version bump to v2.4.0e808fb6
ci: don't turn on frozen strings until after bundle install0eb9976
update CHANGELOG0783f5b
add magic comment for frozen string literals to all files5ce3a71
add rubocop as dev dep and configure security and frozen string cops82ae384
test suite should check compatibility with frozen string literals8747065
Merge pull request #175 from bchaney/allow-css-max-width2767ae3
Merge pull request #177 from flavorjones/176-allow-rem-css-sizes13f734f
css sanitizer allows "rem" sizes2699b61
Allow CSS property: max-width- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 3 minutes
push eventUberech/Uberech
commit sha be1332eebcd5709292d988fcf1bf5cb867252fda
Bump rails-html-sanitizer from 1.0.3 to 1.3.0 Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.3.0. - [Release notes](https://github.com/rails/rails-html-sanitizer/releases) - [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.0.3...v1.3.0) Signed-off-by: dependabot[bot] <support@github.com>
commit sha 66a17cdd502eb87c7a4dfb8f35bdb625c0eee102
Merge pull request #3 from Uberech/dependabot/bundler/rails-html-sanitizer-1.3.0 Bump rails-html-sanitizer from 1.0.3 to 1.3.0
commit sha eff3dc40ad8806d61c281d07f608f45861e5f9c1
Bump devise from 3.5.6 to 4.7.1 Bumps [devise](https://github.com/plataformatec/devise) from 3.5.6 to 4.7.1. - [Release notes](https://github.com/plataformatec/devise/releases) - [Changelog](https://github.com/plataformatec/devise/blob/master/CHANGELOG.md) - [Commits](https://github.com/plataformatec/devise/compare/v3.5.6...v4.7.1) Signed-off-by: dependabot[bot] <support@github.com>
push time in 3 minutes
pull request commentUberech/Uberech
Bump loofah from 2.0.3 to 2.4.0
Looks like loofah is up-to-date now, so this is no longer needed.
comment created time in 3 minutes
PR opened jvhariharan/EJ2-DataGrid-Core-RemoteSaveAdaptor-Editing
Bumps Microsoft.AspNetCore.All from 2.0.3 to 2.0.9. <details> <summary>Commits</summary>
84d6a54
Merge 2.0.9 into release/2.043ec723
Merge branch release/2.0cc0e039
Add required infrastructure improvements to submodules to support NETStandard...9030255
Merge branch 'release/2.0'1895502
Update the LZMA to include NETStandard.Library 2.0.3e7c57af
Upgrade to NETCore.App 2.0.9 (#29)8fd6124
Merge branch 'release/2.0'93f2e99
Fix for uploading blobs to private Azure blob containersaa91b80
Add script used to deploy blobs to Azure storageb1f55ff
Merge branch 'release/2.0' of release/2.0.9- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchjvhariharan/EJ2-DataGrid-Core-RemoteSaveAdaptor-Editing
branch : dependabot/nuget/TestSampleRemoteSave-118452066/TestSample/Microsoft.AspNetCore.All-2.0.9
created branch time in 3 minutes
PR opened singh-arulraj/CarND-Capstone-proj
Bumps pillow from 2.2.1 to 6.2.0. <details> <summary>Release notes</summary>
Sourced from pillow's releases.
6.2.0
https://pillow.readthedocs.io/en/stable/releasenotes/6.2.0.html
6.1.0
https://pillow.readthedocs.io/en/stable/releasenotes/6.1.0.html
6.0.0
No release notes provided.
5.4.1
No release notes provided.
5.4.0
No release notes provided.
5.3.0
No release notes provided.
5.2.0
No release notes provided.
5.1.0
No release notes provided.
5.0.0
No release notes provided.
4.3.0
No release notes provided.
4.2.1
No release notes provided.
4.2.0
No release notes provided.
4.1.1
No release notes provided.
4.1.0
No release notes provided.
4.0.0 tag had a typo in the version in setup.py, hence 4.0.0a
3.4.2
No release notes provided.
3.4.1
No release notes provided.
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from pillow's changelog.
6.2.0 (2019-10-01)
Catch buffer overruns #4104 [radarhere]
Initialize rows_per_strip when RowsPerStrip tag is missing #4034 [cgohlke, radarhere]
Raise error if TIFF dimension is a string #4103 [radarhere]
Added decompression bomb checks #4102 [radarhere]
Fix ImageGrab.grab DPI scaling on Windows 10 version 1607+ #4000 [nulano, radarhere]
Corrected negative seeks #4101 [radarhere]
Added argument to capture all screens on Windows #3950 [nulano, radarhere]
Updated warning to specify when Image.frombuffer defaults will change #4086 [radarhere]
Changed WindowsViewer format to PNG #4080 [radarhere]
Use TIFF orientation #4063 [radarhere]
Raise the same error if a truncated image is loaded a second time #3965 [radarhere]
Lazily use ImageFileDirectory_v1 values from Exif #4031 [radarhere]
Improved HSV conversion #4004 [radarhere]
Added text stroking #3978 [radarhere, hugovk]
No more deprecated bdist_wininst .exe installers #4029 [hugovk]
Do not allow floodfill to extend into negative coordinates #4017 [radarhere] </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
8a30d13
Updated CHANGES.rst [ci skip]75602d1
6.2.0 version bump4756af9
Updated CHANGES.rst [ci skip]cc16025
Merge pull request #4104 from radarhere/overrunfb84701
Merge pull request #4034 from cgohlke/patch-1b9693a5
Merge pull request #4103 from radarhere/dimensionf228d0c
Merge pull request #4102 from radarhere/decompressionaaf2c42
Merge pull request #4000 from nulano/dpi_fixb36c1bc
Merge pull request #4101 from radarhere/negative_seek9a977b9
Raise error if dimension is a string- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchsingh-arulraj/CarND-Capstone-proj
branch : dependabot/pip/pillow-6.2.0
created branch time in 3 minutes
PR opened singh-arulraj/CarND-Capstone-proj
Bumps tensorflow from 1.3.0 to 1.12.2. <details> <summary>Release notes</summary>
Sourced from tensorflow's releases.
TensorFlow 1.12.2
Release 1.12.2
Bug Fixes and Other Changes
- Fixes a potential security vulnerability where carefully crafted GIF images can produce a null pointer dereference during decoding
TensorFlow 1.12.0
Release 1.12.0
Major Features and Improvements
- Keras models can now be directly exported to the SavedModel format(
tf.contrib.saved_model.save_keras_model()
) and used with Tensorflow Serving.- Keras models now support evaluating with a
tf.data.Dataset
.- TensorFlow binaries are built with XLA support linked in by default.
- Ignite Dataset added to contrib/ignite that allows to work with Apache Ignite.
Bug Fixes and Other Changes
tf.data
:
tf.data
users can now represent, get, and set options of TensorFlow input pipelines usingtf.data.Options()
,tf.data.Dataset.options()
, andtf.data.Dataset.with_options()
respectively.- New
tf.data.Dataset.reduce()
API allows users to reduce a finite dataset to a single element using a user-provided reduce function.- New
tf.data.Dataset.window()
API allows users to create finite windows of input dataset; when combined with thetf.data.Dataset.reduce()
API, this allows users to implement customized batching.- All C++ code moves to the
tensorflow::data
namespace.- Add support for
num_parallel_calls
totf.data.Dataset.interleave
.tf.contrib
:
- Remove
tf.contrib.linalg
.tf.linalg
should be used instead.- Replace any calls to
tf.contrib.get_signature_def_by_key(metagraph_def, signature_def_key)
withmeta_graph_def.signature_def[signature_def_key]
. Catching a ValueError exception thrown bytf.contrib.get_signature_def_by_key
should be replaced by catching a KeyError exception.tf.contrib.data
- Deprecate, and replace by tf.data.experimental.
- Other:
- Improved XLA stability and performance.
- Fix single replica TensorBoard summary stats in Cloud ML Engine.
- TPUEstimator: Initialize dataset iterators in parallel.
- Keras on TPU model quality and bug fixes.
- Instead of jemalloc, revert back to using system malloc since it simplifies build and has comparable performance.
- Remove integer types from
tf.nn.softplus
andtf.nn.softsign
OpDefs. This is a bugfix; these ops were never meant to support integers.- Allow subslicing Tensors with a single dimension.
- Add option to calculate string length in Unicode characters
- Add functionality to SubSlice a tensor.
- Add searchsorted (ie lower/upper_bound) op.
- Add model explainability to Boosted Trees.
- Support negative positions for tf.substr
- There was previously a bug in the bijector_impl where the _reduce_jacobian_det_over_event does not handle scalar ILDJ implementations properly.
- In tf eager execution, allow re-entering a GradientTape context
- Add tf_api_version flag. If --define=tf_api_version=2 flag is passed in, then bazel will build TensorFlow API version 2.0. Note that TensorFlow 2.0 is under active development and has no guarantees at this point.
- Add additional compression options to TfRecordWriter
- Performance improvements for regex full match operations.
- Replace
tf.GraphKeys.VARIABLES
withtf.GraphKeys.GLOBAL_VARIABLES
- Remove unused dynamic learning rate support.
Thanks to our Contributors
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from tensorflow's changelog.
Release 1.12.2
Bug Fixes and Other Changes
- Fixes a potential security vulnerability where carefully crafted GIF images can produce a null pointer dereference during decoding.
Release 1.13.0
Major Features and Improvements
- TensorFlow Lite has moved from contrib to core. This means that Python modules are under
tf.lite
and source code is now undertensorflow/lite
rather thantensorflow/contrib/lite
.- TensorFlow GPU binaries are now built against CUDA 10 and TensorRT 5.0.
- Support for Python3.7 on all operating systems.
- Moved NCCL to core.
Behavioral changes
- Disallow conversion of python floating types to uint32/64 (matching behavior of other integer types) in
tf.constant
.- Make the
gain
argument of convolutional orthogonal initializers (convolutional_delta_orthogonal
,convolutional_orthogonal_1D
,convolutional_orthogonal_2D
,convolutional_orthogonal_3D
) have consistent behavior with thetf.initializers.orthogonal
initializer, i.e. scale the output l2-norm bygain
and NOT bysqrt(gain)
. (Note that these functions are currently intf.contrib
which is not guaranteed backward compatible).Bug Fixes and Other Changes
- Documentation
- Update the doc with the details about the rounding mode used in quantize_and_dequantize_v2.
- Clarify that tensorflow::port::InitMain() should be called before using the TensorFlow library. Programs failing to do this are not portable to all platforms.
- Deprecations and Symbol renames.
- Removing deprecations for the following endpoints:
tf.acos
,tf.acosh
,tf.add
,tf.as_string
,tf.asin
,tf.asinh
,tf.atan
,tf.atan2
,tf.atanh
,tf.cos
,tf.cosh
,tf.equal
,tf.exp
,tf.floor
,tf.greater
,tf.greater_equal
,tf.less
,tf.less_equal
,tf.log
,tf.logp1
,tf.logical_and
,tf.logical_not
,tf.logical_or
,tf.maximum
,tf.minimum
,tf.not_equal
,tf.sin
,tf.sinh
,tf.tan
- Deprecate
tf.data.Dataset.shard
.- Deprecate
saved_model.loader.load
which is replaced bysaved_model.load
andsaved_model.main_op
, which will be replaced bysaved_model.main_op
in V2.- Deprecate tf.QUANTIZED_DTYPES. The official new symbol is tf.dtypes.QUANTIZED_DTYPES.
- Update sklearn imports for deprecated packages.
- Deprecate
Variable.count_up_to
andtf.count_up_to
in favor ofDataset.range
.- Export
confusion_matrix
op astf.math.confusion_matrix
instead oftf.train.confusion_matrix
.- Add
tf.dtypes.
endpoint for every constant in dtypes.py. Moving endpoints in versions.py to corresponding endpoints intf.sysconfig.
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
6b63465
Merge pull request #27959 from tensorflow/update-release-notes-versione967833
Update header on release notescf74798
Merge pull request #27958 from tensorflow/update-release-version7fba173
Update version to 1.12.2332f080
Merge pull request #27878 from tensorflow/windows-cpuc9fcc49
Fix windows build for CPU too416b4a3
Merge pull request #27873 from tensorflow/more-bazel-incompatible-flags3ebe165
Add --incompatible_disable_cc_toolchain_label_from_crosstool_proto=false flag5ab9466
Reformat bazel invocation lines446d393
Merge pull request #27870 from tensorflow/bazel-http-archive- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchsingh-arulraj/CarND-Capstone-proj
branch : dependabot/pip/tensorflow-1.12.2
created branch time in 3 minutes
PR opened singh-arulraj/CarND-Capstone-proj
Bumps flask from 0.11.1 to 1.0. <details> <summary>Release notes</summary>
Sourced from flask's releases.
1.0
The Pallets team is pleased to release Flask 1.0. [Read the announcement on our blog.](https://www.palletsprojects.com/blog/flask-1-0-released/
There are over a year's worth of changes in this release. Many features have been improved or changed. Read the changelog to understand how your project's code will be affected.
JSON Security Fix
Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.
Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.
Install or Upgrade
Install from PyPI with pip:
pip install -U Flask
0.12.4
This is a repackage of 0.12.3 to fix an issue with how the package was built.
Upgrade
Upgrade from PyPI with pip. Use a version identifier if you want to stay at 0.12:
pip install -U 'Flask~=0.12.4'
0.12.3
This release includes an important security fix for JSON and a minor backport for CLI support in PyCharm. It is provided for projects that cannot update to Flask 1.0 immediately. See the 1.0 announcement and update to it instead if possible.
JSON Security Fix
Flask previously decoded incoming JSON bytes using the content type of the request. Although JSON should only be encoded as UTF-8, Flask was more lenient. However, Python includes non-text related encodings that could result in unexpected memory use by a request.
Flask will now detect the encoding of incoming JSON data as one of the supported UTF encodings, and will not allow arbitrary encodings from the request.
Upgrade
Upgrade from PyPI with pip. Use a version identifier if you want to stay at 0.12:
pip install -U 'Flask~=0.12.3'
</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from flask's changelog.
Version 1.0
Released 2018-04-26
- Python 2.6 and 3.3 are no longer supported.
- Bump minimum dependency versions to the latest stable versions: Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1. :issue:
2586
- Skip :meth:
app.run <Flask.run>
when a Flask application is run from the command line. This avoids some behavior that was confusing to debug.- Change the default for :data:
JSONIFY_PRETTYPRINT_REGULAR
toFalse
. :func:~json.jsonify
returns a compact format by default, and an indented format in debug mode. :pr:2193
- :meth:
Flask.__init__ <Flask>
accepts thehost_matching
argument and sets it on :attr:~Flask.url_map
. :issue:1559
- :meth:
Flask.__init__ <Flask>
accepts thestatic_host
argument and passes it as thehost
argument when defining the static route. :issue:1559
- :func:
send_file
supports Unicode inattachment_filename
. :pr:2223
- Pass
_scheme
argument from :func:url_for
to :meth:~Flask.handle_url_build_error
. :pr:2017
- :meth:
~Flask.add_url_rule
accepts theprovide_automatic_options
argument to disable adding theOPTIONS
method. :pr:1489
- :class:
~views.MethodView
subclasses inherit method handlers from base classes. :pr:1936
- Errors caused while opening the session at the beginning of the request are handled by the app's error handlers. :pr:
2254
- Blueprints gained :attr:
~Blueprint.json_encoder
and :attr:~Blueprint.json_decoder
attributes to override the app's encoder and decoder. :pr:1898
- :meth:
Flask.make_response
raisesTypeError
instead ofValueError
for bad response types. The error messages have been improved to describe why the type is invalid. :pr:2256
- Add
routes
CLI command to output routes registered on the application. :pr:2259
- Show warning when session cookie domain is a bare hostname or an IP address, as these may not behave properly in some browsers, such as Chrome. :pr:
2282
- Allow IP address as exact session cookie domain. :pr:
2282
SESSION_COOKIE_DOMAIN
is set if it is detected throughSERVER_NAME
. :pr:2282
- Auto-detect zero-argument app factory called
create_app
ormake_app
fromFLASK_APP
. :pr:2297
- Factory functions are not required to take a
script_info
parameter to work with theflask
command. If they take a single parameter or a parameter namedscript_info
, the </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
291f3c3
Bump version number to 1.036e68a4
release 1.0216151c
Merge branch '0.12-maintenance'23047a7
Bump version number to 0.12.4.dev1a9e58e
Bump version number to 0.12.363deee0
release 0.12.3062745b
Merge pull request #2720 from pallets/setup-link5c8110d
ensure order of project urls10a77a5
Add project_urls so that PyPI will show GitHub stats.22992a0
add donate link- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchsingh-arulraj/CarND-Capstone-proj
branch : dependabot/pip/flask-1.0
created branch time in 3 minutes
PR opened caillou/lean-hr
Bumps lodash.template from 4.4.0 to 4.5.0. <details> <summary>Commits</summary>
ab73503
Bump to v4.5.0.a4f7d4c
Rebuild lodash and docs.cca5ac6
Fix npm-test by removing the call to test-docs.9f7f9fc
Adjust heading order. [ci skip]6e2fb92
Remove unusedbaseArity
.4f702e2
Specify utf8 encoding.b188f90
Add fp tests for iteratee shorthands.7b93dc9
Ensure clone methods clone expando properties of boolean, number, & string ob...664d66a
Make string tests more consistent.d9dc0e6
Add_.invertBy
tests.- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchcaillou/lean-hr
branch : dependabot/npm_and_yarn/app/lodash.template-4.5.0
created branch time in 3 minutes
delete branch Uberech/Taskech
delete branch : dependabot/bundler/nokogiri-1.10.5
delete time in 3 minutes
PR closed Uberech/Taskech
Bumps nokogiri from 1.6.7.2 to 1.10.5. <details> <summary>Release notes</summary>
Sourced from nokogiri's releases.
1.10.5 / 2019-10-31
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
1.10.2 / 2019-03-24
Security
- [MRI] Remove support from vendored libxml2 for future script macros. #1871
- [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877
Bug fixes
- [JRuby] Fix node ownership in duplicated documents. #1060
- [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)
1.10.1 / 2019-01-13
Features
- [MRI] During installation, handle Xcode 10's new library pathOS. [#1801, #1851] (Thanks, @mlj and @deepj!)
- Avoid unnecessary creation of
Proc
s in many methods. #1776 (Thanks, @chopraanmol1!)</tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from nokogiri's changelog.
1.10.5 / 2019-10-31
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
1.10.2 / 2019-03-24
Security
- [MRI] Remove support from vendored libxml2 for future script macros. #1871
- [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877
Bug fixes
- [JRuby] Fix node ownership in duplicated documents. #1060
- [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)
1.10.1 / 2019-01-13
Features
- [MRI] During installation, handle Xcode 10's new library path. [#1801, #1851] (Thanks, @mlj and @deepj!)
- Avoid unnecessary creation of
Proc
s in many methods. #1776 (Thanks, @chopraanmol1!)</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
1bc2ff9
version bump to v1.10.5383c1f8
update CHANGELOG43a1753
dependency: update libxslt to 1.1.34 final99d8a6b
dependency: update libxml to 2.9.10 final2a86496
add suppressions for ruby 2.7dca794a
update CHANGELOG with correct release date for v1.10.4077e010
update rake-compiler commands to install bundlerbeb832e
version bump to v1.10.45d30128
Merge branch '1915-css-tokenizer-load-file-vulnerability_v1.10.x' into v1.10.xc86b5fc
update CHANGELOG- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 3 minutes
pull request commentUberech/Taskech
Bump nokogiri from 1.6.7.2 to 1.10.5
Superseded by #9.
comment created time in 3 minutes
delete branch Uberech/Taskech
delete branch : dependabot/bundler/loofah-2.3.1
delete time in 3 minutes
PR opened Uberech/Taskech
Bumps nokogiri from 1.6.7.2 to 1.10.7. <details> <summary>Release notes</summary>
Sourced from nokogiri's releases.
1.10.7 / 2019-12-03
Bug
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. #19541.10.6 / 2019-12-03
Bug
1.10.5 / 2019-10-31
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
1.10.2 / 2019-03-24
Security
Sourced from nokogiri's changelog.
1.10.7 / 2019-12-03
Bug
- [MRI] Ensure the patch applied in v1.10.6 works with GNU
patch
. #19541.10.6 / 2019-12-03
Bug
1.10.5 / 2019-10-31
Security
[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:
- CVE-2019-13117
- CVE-2019-13118
- CVE-2019-18197
More details are available at #1943.
Dependencies
- [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
- [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
1.10.4 / 2019-08-11
Security
Address CVE-2019-5477 (#1915)
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's
Kernel.open
method. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_file
is being passed untrusted user input.This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
This CVE's public notice is sparklemotion/nokogiri#1915
1.10.3 / 2019-04-22
Security Notes
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
e6b3229
version bump to v1.10.74f9d443
update CHANGELOG80e67ef
Fix the patch from #1953 to work with bothgit
andpatch
7cf1b85
Fix typo in generated metadatad76180d
add gem metadata13132fc
version bump to v1.10.695e56fd
update CHANGELOG73c53ee
Add a patch to fix libxml2.la's path061d75d
add security note to CHANGELOG1bc2ff9
version bump to v1.10.5- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr created time in 3 minutes
create barnchUberech/Taskech
branch : dependabot/bundler/nokogiri-1.10.7
created branch time in 3 minutes
PR closed Uberech/Taskech
Bumps loofah from 2.0.3 to 2.3.1. <details> <summary>Release notes</summary>
Sourced from loofah's releases.
2.3.1 / 2019-10-22
Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#171
2.3.0 / 2019-09-28
Features
- Expand set of allowed protocols to include
tel:
andline:
. [#104, #147]- Expand set of allowed CSS functions. [related to #122]
- Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
- Allow CSS property
list-style
#162 (Thanks, @jaredbeck!)- Allow CSS keywords
thick
andthin
#168 (Thanks, @georgeclaghorn!)- Allow HTML property
contenteditable
#167 (Thanks, @andreynering!)Bug fixes
- CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @asok!)
Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
- Deprecate
Loofah::Helpers::ActionView.white_list_sanitizer
, please useLoofah::Helpers::ActionView.safe_list_sanitizer
instead.- Deprecate
Loofah::Helpers::ActionView::WhiteListSanitizer
, please useLoofah::Helpers::ActionView::SafeListSanitizer
instead.- Deprecate
Loofah::HTML5::WhiteList
, please useLoofah::HTML5::SafeList
instead.Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
v2.2.3
Notably, this release addresses CVE-2018-16468.
v2.2.2
2.2.2 / 2018-03-22
Make public
Loofah::HTML5::Scrub.force_correct_attribute_escaping!
, which was previously a private method. This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048.v2.2.1
Notably, this release mitigates CVE-2018-8048. </tr></table> ... (truncated) </details> <details> <summary>Changelog</summary>
Sourced from loofah's changelog.
2.3.1 / 2019-10-22
Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#171
2.3.0 / 2019-09-28
Features
- Expand set of allowed protocols to include
tel:
andline:
. [#104, #147]- Expand set of allowed CSS functions. [related to #122]
- Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
- Allow CSS property
list-style
#162 (Thanks, @jaredbeck!)- Allow CSS keywords
thick
andthin
#168 (Thanks, @georgeclaghorn!)- Allow HTML property
contenteditable
#167 (Thanks, @andreynering!)Bug fixes
- CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. #165 (Thanks, @asok!)
Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
- Deprecate
Loofah::Helpers::ActionView.white_list_sanitizer
, please useLoofah::Helpers::ActionView.safe_list_sanitizer
instead.- Deprecate
Loofah::Helpers::ActionView::WhiteListSanitizer
, please useLoofah::Helpers::ActionView::SafeListSanitizer
instead.- Deprecate
Loofah::HTML5::WhiteList
, please useLoofah::HTML5::SafeList
instead.Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
2.2.3 / 2018-10-30
Security
Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at flavorjones/loofah#154
Meta / 2018-10-27
The mailing list is now on Google Groups #146:
</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
83df303
version bump to v2.3.1e323a77
Merge pull request #172 from flavorjones/171-xss-vulnerability1d81f91
update CHANGELOG0c6617a
mitigate XSS vulnerability in SVG animate attributesa5bd819
rufo formatting1bdf276
formatting in README1908dc2
update CHANGELOG with release datebcbd7b3
update dev gemspecf6d4c2d
version bump to v2.3.008fee8c
update dev deps- Additional commits viewable in compare view </details> <br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
<details> <summary>Dependabot commands and options</summary> <br />
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
</details>
pr closed time in 3 minutes