profile
viewpoint

foora/we_backAudio 7

微信小程序背景音频

foora/grafana-api-datasource 2

the grafana plugin which can get json data from api and parse data to provide for penals

foora/cnode-WeApp 0

cnode社区小程序

foora/deno 0

A secure TypeScript runtime on V8

foora/dirReader 0

文件夹文件遍历器

foora/eslint-config-foora 0

开发时用的eslint规则

foora/grafana-plugin-repository 0

The plugin repository for plugins that are published on grafana.com.

foora/graphql-easy-demo 0

一个简单的graphql和koa实现的demo

foora/js_algorithm 0

一些基础数据结构和算法的实现

foora/polyfill 0

一些原生API的实现

startedteambit/bit

started time in 4 days

startedgithub/fetch

started time in 6 days

startednode-fetch/node-fetch

started time in 6 days

startedmatthew-andrews/isomorphic-fetch

started time in 6 days

startedmqyqingfeng/Blog

started time in 8 days

starteddexteryy/spellbook-of-modern-webdev

started time in 10 days

startedgraphql/graphiql

started time in 13 days

startedykfe/egg-react-ssr

started time in 13 days

push eventfoora/we_backAudio

dependabot[bot]

commit sha 3568b4689acf2d2630a2bb23ff2417e5e0a9c93a

Bump acorn from 6.2.0 to 6.4.1 (#1) Bumps [acorn](https://github.com/acornjs/acorn) from 6.2.0 to 6.4.1. - [Release notes](https://github.com/acornjs/acorn/releases) - [Commits](https://github.com/acornjs/acorn/compare/6.2.0...6.4.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 14 days

PR merged foora/we_backAudio

Bump acorn from 6.2.0 to 6.4.1 dependencies

Bumps acorn from 6.2.0 to 6.4.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/9a2e9b6678e243d66846b91179d650d28453e70c"><code>9a2e9b6</code></a> Mark version 6.4.1</li> <li><a href="https://github.com/acornjs/acorn/commit/90a9548ea0ce351b54f956e2c4ed27cca9631284"><code>90a9548</code></a> More rigorously check surrogate pairs in regexp validator</li> <li><a href="https://github.com/acornjs/acorn/commit/df0cf1a3e2b1a51a26c14984dc0f5412b7151b10"><code>df0cf1a</code></a> Mark version 6.4.0</li> <li><a href="https://github.com/acornjs/acorn/commit/53034126864b492da4e278628bb972cb2a9313d4"><code>5303412</code></a> Also export Parser via Parser.acorn</li> <li><a href="https://github.com/acornjs/acorn/commit/efe273e70123449a458157dbf578afaf109a49ab"><code>efe273e</code></a> give token types and etc to plugins</li> <li><a href="https://github.com/acornjs/acorn/commit/ac6decb94a3aa4eee99230fdaf5883dfaafe8479"><code>ac6decb</code></a> Mark version 6.3.0</li> <li><a href="https://github.com/acornjs/acorn/commit/7e9817d17639d95cc6dbacfde734a0626b2a7dea"><code>7e9817d</code></a> Allow sourceType: module even with ecmaVersion < 6</li> <li><a href="https://github.com/acornjs/acorn/commit/e2b8cc087386eccc2ad6fd4a02b4257833557cb3"><code>e2b8cc0</code></a> Fix broken parsing of new expressions when allowReserved=="never"</li> <li><a href="https://github.com/acornjs/acorn/commit/1555c528855b10320ce98b4154906d7898c92990"><code>1555c52</code></a> Update acorn.d.ts</li> <li><a href="https://github.com/acornjs/acorn/commit/77c20fa2c2f490e646b67e6a0ff7e75fb54ab6c8"><code>77c20fa</code></a> Mark version 6.2.1</li> <li>Additional commits viewable in <a href="https://github.com/acornjs/acorn/compare/6.2.0...6.4.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 14 days

push eventfoora/dirReader

dependabot[bot]

commit sha 9e21b4863b779fa3271e543ebfd87dac5378e19f

Bump acorn from 5.7.3 to 5.7.4 (#2) Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4. - [Release notes](https://github.com/acornjs/acorn/releases) - [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 14 days

PR merged foora/dirReader

Bump acorn from 5.7.3 to 5.7.4 dependencies

Bumps acorn from 5.7.3 to 5.7.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/acornjs/acorn/commit/6370e90067552022710190319cbbbd8c43001957"><code>6370e90</code></a> Mark version 5.7.4</li> <li><a href="https://github.com/acornjs/acorn/commit/fbc15b1344f6dfb992f67b4bbf1357436247c8a0"><code>fbc15b1</code></a> More rigorously check surrogate pairs in regexp validator</li> <li>See full diff in <a href="https://github.com/acornjs/acorn/compare/5.7.3...5.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 14 days

startedemotion-js/emotion

started time in 17 days

startedStuk/jszip

started time in 19 days

startedkatspaugh/wavesurfer.js

started time in 20 days

startedfinal-form/react-final-form

started time in 21 days

startedant-design/ant-design

started time in 22 days

fork foora/react-eva

Effects+View+Actions(React distributed state management solution with rxjs.)

fork in 23 days

starteddequelabs/react-axe

started time in 23 days

startedevcohen/eslint-plugin-jsx-a11y

started time in 23 days

starteddequelabs/axe-core

started time in 23 days

fork foora/clipanion

Type-safe CLI library with no dependencies

fork in a month

startedfacebookexperimental/rome

started time in a month

startedarcanis/clipanion

started time in a month

startedzertosh/v8-compile-cache

started time in a month

startedrstacruz/nprogress

started time in a month

startedyarnpkg/berry

started time in a month

startedReactTraining/react-router

started time in a month

startedReactTraining/history

started time in a month

push eventfoora/grafana-plugin-repository

Brian Gann

commit sha f1217528874e0a18d91ceaddde275ba8004d7044

allow uppercase names (#515)

view details

Brian Gann

commit sha fba0770fcbfac5d8b59b7af50502f0cf063573a0

allow git username to have capitals (#516)

view details

Chris Kalafarski

commit sha 8b3a5fa036007b845a4b7b9188cb4037ed0249a4

Update Blendstat panel to 1.0.2 (#512) published thanks!

view details

michaeldmoore

commit sha 53a62505fd2017709fdcc83290b8b7b544905b55

Update Multistat to version 1.2.5 (Adding Line/Curve optional feature) (#503) published thanks!

view details

Lars Schmidt

commit sha a0ca6bc2aa547aec7b6b1b8cc00b0ca71471c857

Instana datasource plugin 2.4.4 (#513) published!

view details

Benjamin Reed

commit sha fbc34244074b38877ab3249b7f9d7c4aa3e02d0a

Update OpenNMS Helm Plugin to 4.0.1 (#510) * OpenNMS Helm 4.0.1

view details

Brian Gann

commit sha 42bec8511d836e7a87b3cfa67f70eb8719f83cd6

grafana.com only supports lowercase, reverting (#517)

view details

Šimon Podlipský

commit sha 9016a4faab0bf9acb77c839e894fe1be229528dd

Release v0.1.5 simpod-json-datasource (#518)

view details

LucasArona

commit sha 6737f9fb3d33315e0fbe127b38e1eba81e1fefdd

Updated larona-epict-panel to 1.2.2

view details

avivl

commit sha 711374cf1a59208f6d31dff1c92ddf9a74dc1e77

BIGQuery Data source ver 1.0.3 and 1.0.4

view details

Marcus Efraimsson

commit sha 208a4549d98d9aed02c6dbf05bf134bbb8e48210

Release grafana-image-renderer v1.0.6 (#524) https://github.com/grafana/grafana-image-renderer/releases/tag/v1.0.6

view details

Daniel Lee

commit sha 40dcd23d2f6956a4271c87acf9fba2551c98a840

Merge pull request #514 from doitintl/bigquery-grafana-1.0.3 BIGQuery Data source ver 1.0.3

view details

Daniel Lee

commit sha ed12516f23305526818f37adb2241ddeba204588

Merge pull request #519 from LucasArona/patch-6 Updated larona-epict-panel to 1.2.2

view details

Marcus Efraimsson

commit sha acbc768b7b91adde76127acb82319e4129f47cd3

Release grafana-image-renderer v1.0.7 (#532) https://github.com/grafana/grafana-image-renderer/releases/tag/v1.0.7

view details

JeanBaptisteWATENBERG

commit sha c7635cc541162eb5f8c9294e64b9e4d742bf3c35

Add percent plus panel plugin (#507) * add JeanBaptisteWATENBERG-percent-panel plugin * set plugin id to lowercase

view details

Šimon Podlipský

commit sha 8361f0f94ea87ebecf5214b7a0af555070c7d851

Release v0.1.6 simpod-json-datasource (#526)

view details

corpglory-dev

commit sha e23e31177a85f41aaaf718490abb9b98ef16a434

Update corpglory-progresslist-panel to 1.0.5 (#521)

view details

Ivan Mikheykin

commit sha e2a87388033d444e5bfc7a6413ddf5665ab43ed4

Update flant-statusmap-panel version to 0.2.0 (#531) - migrate to TypeScript - fixes to work in grafana 6.3.0+

view details

Eugene Lazin

commit sha 31be7909d0937fb19860b2812535b4ca8b22705f

Update akumuli-datasource to 1.3.10 (#535)

view details

Benjamin Reed

commit sha 6c1b88eb15ec9e57b2592d44f7da6392986ded4e

OpenNMS Helm 4.0.2 (#522) This release fixes a bug with the Flow datasource and Grafana 6.4, as well as some other cosmetic changes to the Flow query interface. * [HELM-190: TypeError: Cannot read property 'toBits' of undefined](https://issues.opennms.org/browse/HELM-190) * [HELM-192: Rendering Bug in Flow Query Builder](https://issues.opennms.org/browse/HELM-192) * [HELM-193: Conversation Flow Histogram show "null" instead of Unknown/Other in legend](https://issues.opennms.org/browse/HELM-193)

view details

push time in 2 months

startedRicbet/panel-magic

started time in 2 months

startedbasarat/typescript-book

started time in 2 months

startedtransloadit/uppy

started time in 2 months

startedryanmcdermott/clean-code-javascript

started time in 2 months

startedjvilk/BrowserFS

started time in 2 months

startedzhaoolee/ChromeAppHeroes

started time in 2 months

startedweolar/miniblink49

started time in 2 months

startedstrapi/strapi

started time in 2 months

startedapache/openwhisk

started time in 2 months

startedopenfaas/faas

started time in 2 months

startedCanopyTax/single-spa

started time in 2 months

startedfitzgen/dodrio

started time in 2 months

startedwebtorrent/webtorrent

started time in 2 months

startedmicrosoft/tsdoc

started time in 3 months

startedesdoc/esdoc

started time in 3 months

startedopenlayers/openlayers

started time in 3 months

starteddoodlewind/beam

started time in 3 months

startedjimmywarting/StreamSaver.js

started time in 3 months

startedeligrey/FileSaver.js

started time in 3 months

startedrehooks/awesome-react-hooks

started time in 3 months

startedavwo/whistle

started time in 3 months

startednohosts/nohost

started time in 3 months

push eventfoora/dirReader

dependabot[bot]

commit sha bcdee4f4351cb34acb931c2b704cad91c5627329

Bump handlebars from 4.1.2 to 4.5.3 (#1) Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.2 to 4.5.3. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 months

PR merged foora/dirReader

Bump handlebars from 4.1.2 to 4.5.3 dependencies

Bumps handlebars from 4.1.2 to 4.5.3. <details> <summary>Changelog</summary>

Sourced from handlebars's changelog.

v4.5.3 - November 18th, 2019

Bugfixes:

  • fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
  • fix: add more properties required to be enumerable - 1988878

Chores / Build:

  • fix: use !== 0 instead of != 0 - c02b05f
  • add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

Security:

  • The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

Compatibility notes:

  • Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
  • The semantics have not changed in cases where the properties are enumerable, as in:
{
  __proto__: 'some string'
}
  • The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

Commits

v4.5.2 - November 13th, 2019

Bugfixes

  • fix: use String(field) in lookup when checking for "constructor" - d541378
  • test: add fluent API for testing Handlebars - c2ac79c

Compatibility notes:

  • no incompatibility are to be expected </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • c819c8b v4.5.3
  • 827c9d0 Update release notes
  • f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
  • 1988878 fix: add more properties required to be enumerable
  • 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
  • 0817dad test: add sinon as global variable to eslint in the specs
  • 93516a0 test: add sinon.js for spies, deprecate current assertions
  • 93e284e chore: add chai and dirty-chai for better test assertions
  • c02b05f fix: use !== 0 instead of != 0
  • 8de121d v4.5.2
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+16 -16

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

push eventfoora/grafana-api-datasource

dependabot[bot]

commit sha fa754d571f9c8e5b2c76c458a0c178c7b7832a79

Bump handlebars from 4.1.2 to 4.5.3 (#1) Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.2 to 4.5.3. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 months

PR merged foora/grafana-api-datasource

Bump handlebars from 4.1.2 to 4.5.3 dependencies

Bumps handlebars from 4.1.2 to 4.5.3. <details> <summary>Changelog</summary>

Sourced from handlebars's changelog.

v4.5.3 - November 18th, 2019

Bugfixes:

  • fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
  • fix: add more properties required to be enumerable - 1988878

Chores / Build:

  • fix: use !== 0 instead of != 0 - c02b05f
  • add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

Security:

  • The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

Compatibility notes:

  • Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
  • The semantics have not changed in cases where the properties are enumerable, as in:
{
  __proto__: 'some string'
}
  • The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

Commits

v4.5.2 - November 13th, 2019

Bugfixes

  • fix: use String(field) in lookup when checking for "constructor" - d541378
  • test: add fluent API for testing Handlebars - c2ac79c

Compatibility notes:

  • no incompatibility are to be expected </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • c819c8b v4.5.3
  • 827c9d0 Update release notes
  • f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
  • 1988878 fix: add more properties required to be enumerable
  • 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
  • 0817dad test: add sinon as global variable to eslint in the specs
  • 93516a0 test: add sinon.js for spies, deprecate current assertions
  • 93e284e chore: add chai and dirty-chai for better test assertions
  • c02b05f fix: use !== 0 instead of != 0
  • 8de121d v4.5.2
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+16 -16

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

push eventfoora/graphql-easy-demo

dependabot[bot]

commit sha 01fe0a9d064f6f39601a1d1be3a220bd026f1ccf

Bump handlebars from 4.1.2 to 4.5.3 (#1) Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.2 to 4.5.3. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.5.3) Signed-off-by: dependabot[bot] <support@github.com>

view details

push time in 3 months

PR merged foora/graphql-easy-demo

Bump handlebars from 4.1.2 to 4.5.3 dependencies

Bumps handlebars from 4.1.2 to 4.5.3. <details> <summary>Changelog</summary>

Sourced from handlebars's changelog.

v4.5.3 - November 18th, 2019

Bugfixes:

  • fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
  • fix: add more properties required to be enumerable - 1988878

Chores / Build:

  • fix: use !== 0 instead of != 0 - c02b05f
  • add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

Security:

  • The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

Compatibility notes:

  • Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
  • The semantics have not changed in cases where the properties are enumerable, as in:
{
  __proto__: 'some string'
}
  • The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

Commits

v4.5.2 - November 13th, 2019

Bugfixes

  • fix: use String(field) in lookup when checking for "constructor" - d541378
  • test: add fluent API for testing Handlebars - c2ac79c

Compatibility notes:

  • no incompatibility are to be expected </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>
  • c819c8b v4.5.3
  • 827c9d0 Update release notes
  • f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
  • 1988878 fix: add more properties required to be enumerable
  • 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
  • 0817dad test: add sinon as global variable to eslint in the specs
  • 93516a0 test: add sinon.js for spies, deprecate current assertions
  • 93e284e chore: add chai and dirty-chai for better test assertions
  • c02b05f fix: use !== 0 instead of != 0
  • 8de121d v4.5.2
  • Additional commits viewable in compare view </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+16 -16

0 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

startedmicrosoft/monaco-editor

started time in 3 months

startedjustadudewhohacks/face-api.js

started time in 3 months

startedLingDong-/wenyan-lang

started time in 3 months

startedtypestack/typedi

started time in 3 months

startedstrukturag/libde265.js

started time in 4 months

startedIanLunn/Hover

started time in 4 months

starteddaneden/animate.css

started time in 4 months

startedmattboldt/typed.js

started time in 4 months

startedPopmotion/popmotion

started time in 4 months

startedjulianshapiro/velocity

started time in 4 months

startedmojs/mojs

started time in 4 months

startedjuliangarnier/anime

started time in 4 months

startedmrdoob/three.js

started time in 4 months

startedplopjs/plop

started time in 4 months

startedreact-hook-form/react-hook-form

started time in 4 months

startedBin-Huang/prray

started time in 4 months

startedcarloscuesta/gitmoji-cli

started time in 4 months

startedcarloscuesta/gitmoji-cli

started time in 4 months

startedpatorjk/figlet.js

started time in 4 months

startedsindresorhus/boxen

started time in 4 months

startedsindresorhus/ora

started time in 4 months

startedsindresorhus/ora

started time in 4 months

startedbenmosher/eslint-plugin-import

started time in 4 months

startediamturns/eslint-config-airbnb-typescript

started time in 4 months

startedantvis/G2Plot

started time in 4 months

startedantvis/Graphin

started time in 4 months

startedantvis/L7

started time in 4 months

startedvortesnail/qier-player

started time in 4 months

startedalibaba/kiwi

started time in 4 months

startedregl-project/regl

started time in 4 months

startedghosh/uiGradients

started time in 4 months

startedsemantic-release/semantic-release

started time in 4 months

startedconventional-changelog/standard-version

started time in 4 months

startedokonet/lint-staged

started time in 4 months

startedHubSpot/pace

started time in 4 months

startedDavidAnson/markdownlint

started time in 4 months

startedicindy/wxParse

started time in 4 months

startedzeit/swr

started time in 5 months

startedvkalinichev/postcss-rtl

started time in 5 months

startedrsuite/rsuite

started time in 5 months

more