profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/ricardograca/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Ricardo Graรงa ricardograca devius.net Portugal Former architect turned programmer and open sourcer.

knex/knex 14289

A query builder for PostgreSQL, MySQL and SQLite3, designed to be flexible, portable, and fun to use.

ricardograca/gedit-themes 16

Color themes for Gnome's Gedit text editor

ricardograca/android-devices-list 5

A Lua list containing Android device names and some information about them. So far only includes physical screen size. Contributions are very welcome.

bookshelf/case-converter-plugin 4

Bookshelf plugin for handling the conversion between the database's snake_cased and a model's camelCased properties automatically.

bookshelf/processor-plugin 4

Bookshelf plugin that allows defining custom processor functions that handle transformation of values whenever they are set on a model.

bookshelf/virtuals-plugin 3

Allows getting/setting virtual (computed) properties on model instances.

ricardograca/countries 0

World countries in JSON, CSV and XML. Any help is welcome!

ricardograca/documentation 0

Knex Documentation Builder

ricardograca/encoding-selector 0

Pick an encoding for the current editor

PR opened AtomLinter/linter-erb

chore(deps): update dependency trim-newlines to 3.0.1 [security]

WhiteSource Renovate

This PR contains the following updates:

Package Change
trim-newlines 2.0.0 -> 3.0.1

GitHub Vulnerability Alerts

CVE-2021-33623

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.


Configuration

๐Ÿ“… Schedule: "" (UTC).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

+1131 -553

0 comment

2 changed files

pr created time in 6 hours

create barnchAtomLinter/linter-erb

branch : renovate/npm-trim-newlines-vulnerability

created branch time in 6 hours

PR opened AtomLinter/linter-erb

chore(deps): update dependency normalize-url to 5.3.1 [security]

WhiteSource Renovate

This PR contains the following updates:

Package Change
normalize-url 5.0.0 -> 5.3.1

GitHub Vulnerability Alerts

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.


Configuration

๐Ÿ“… Schedule: "" (UTC).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

+3 -3

0 comment

1 changed file

pr created time in 6 hours

create barnchAtomLinter/linter-erb

branch : renovate/npm-normalize-url-vulnerability

created branch time in 6 hours

PR opened AtomLinter/linter-erb

chore(deps): update dependency glob-parent to 5.1.2 [security]

WhiteSource Renovate

This PR contains the following updates:

Package Change
glob-parent 5.1.0 -> 5.1.2

GitHub Vulnerability Alerts

CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.


Configuration

๐Ÿ“… Schedule: "" (UTC).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

+3 -3

0 comment

1 changed file

pr created time in 6 hours

create barnchAtomLinter/linter-erb

branch : renovate/npm-glob-parent-vulnerability

created branch time in 6 hours

startedmikerochip/addressables-training-manual

started time in 18 hours

startedricardograca/gedit-themes

started time in 3 days

PR opened bookshelf/case-converter-plugin

Bump glob-parent from 5.1.1 to 5.1.2

Bumps glob-parent from 5.1.1 to 5.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gulpjs/glob-parent/releases">glob-parent's releases</a>.</em></p> <blockquote> <h2>v5.1.2</h2> <h3>Bug Fixes</h3> <ul> <li>eliminate ReDoS (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/36">#36</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366">f923116</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md">glob-parent's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2">5.1.2</a> (2021-03-06)</h3> <h3>Bug Fixes</h3> <ul> <li>eliminate ReDoS (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/36">#36</a>) (<a href="https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366">f923116</a>)</li> </ul> <h2><a href="https://www.github.com/gulpjs/glob-parent/compare/v5.1.2...v6.0.0">6.0.0</a> (2021-05-03)</h2> <h3>โš  BREAKING CHANGES</h3> <ul> <li>Correct mishandled escaped path separators (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/34">#34</a>)</li> <li>upgrade scaffold, dropping node <10 support</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Correct mishandled escaped path separators (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/34">#34</a>) (<a href="https://www.github.com/gulpjs/glob-parent/commit/32f6d52663b7addac38d0dff570d8127edf03f47">32f6d52</a>), closes <a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/32">#32</a></li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>upgrade scaffold, dropping node <10 support (<a href="https://www.github.com/gulpjs/glob-parent/commit/e83d0c5a411947cf69eb58f36349db80439c606f">e83d0c5</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gulpjs/glob-parent/commit/eb2c439de448c779b450472e591a2bc9e37e9668"><code>eb2c439</code></a> chore: update changelog</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/12bcb6c45c942e2d05fc1e6ff5402e72555b54b6"><code>12bcb6c</code></a> chore: release 5.1.2</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366"><code>f923116</code></a> fix: eliminate ReDoS (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/36">#36</a>)</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/0b014a7962789b2d8f2cf0b6311f40667aecd62c"><code>0b014a7</code></a> chore: add JSDoc returns information (<a href="https://github-redirect.dependabot.com/gulpjs/glob-parent/issues/33">#33</a>)</li> <li><a href="https://github.com/gulpjs/glob-parent/commit/2b24ebd64b2a045aa167c825376335555da139fd"><code>2b24ebd</code></a> chore: generate initial changelog</li> <li>See full diff in <a href="https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 6 days

created repositorygraphql-nexus/nexus-decorators

WIP / Experimental

created time in 6 days

push eventAtomLinter/linter-erb

Renovate Bot

commit sha bfe53a9b8e6fb61047514ddfe769d9df281fcfcb

chore(deps): update dependency eslint to v7

view details

push time in 9 days

push eventAtomLinter/linter-erb

Renovate Bot

commit sha 54acb9e699c7a92189f3138d5f22276bf8e23fc8

chore(deps): update eslint packages

view details

push time in 9 days

startedgofiber/fiber

started time in 15 days

fork rhys-vdw/EasyButtons

Add buttons to your inspector in Unity super easily with this simple attribute

fork in 23 days

startedcolinhacks/zod

started time in a month

PR opened AtomLinter/linter-erb

chore(deps): update dependency husky to v6

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
husky (source) 4.2.3 -> 6.0.0 age adoption passing confidence

Release Notes

<details> <summary>typicode/husky</summary>

v6.0.0

Compare Source

After being in early access for Open Source projects and Sponsors for a limited time, I'm happy to announce that husky 6 is MIT again and can be freely used in commercial projects! ๐ŸŽ‰

Many thanks to the Open Source projects and Companies which have switched to/sponsored the new husky during this period!

OSS is my full-time job, please consider sponsoring the development of husky on GitHub sponsors or Open Collective. Thank you!

Breaking change

  • husky init has been moved to its own package (npx husky-init)

Added

  • Programmatically use husky: require('husky')
  • TypeScript definitions

Migrating from husky 4

Husky 6 contains breaking changes. If you're coming from v4, npm install husky@6 won't be enough.

Recommended: see husky-4-to-6 CLI to automatically migrate your config. There's also a dedicated section in the docs.

If you're curious why config has changed, you may be interested in reading: https://blog.typicode.com/husky-git-hooks-javascript-config/

Also Husky 6 follows official npm and Yarn best practices regarding autoinstall. It's recommended to use prepare script instead (see usage in docs).

v5.2.0

Compare Source

  • Add set command to replace hooks (husky set .husky/pre-commit cmd)
  • Update add command to append command (husky add .husky/pre-commit cmd)
  • Improve error messages

v5.1.3

Compare Source

  • docs: add specific Yarn v2 install/uninstall instructions
  • cli: husky init will detect Yarn v2 and initialize accordingly

v5.1.2

Compare Source

  • docs: recommend prepare script instead of postinstall (#โ€‹890)
  • cli: husky init use prepare script (#โ€‹890)

v5.1.1

Compare Source

  • style(shell): add trailing newlines (#โ€‹870)
  • fix(init): update package.json postinstall

v5.1.0

Compare Source

  • Add husky init

v5.0.9

Compare Source

  • fix(install): do not fail if not inside a Git directory (closes #โ€‹851)

See https://github.com/typicode/husky/releases/tag/v5.0.0 for v5 release notes

v5.0.8

Compare Source

v5.0.7

Compare Source

v5.0.6

Compare Source

  • Remove unused files

v5.0.5

Compare Source

v5.0.4

Compare Source

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

๐Ÿ‘‰ See https://typicode.github.io/husky for breaking changes and new installation instructions.

Note about the license

Husky 5 is released under The Parity Public License.

It doesn't affect you if you're using husky in an Open Source project or if you're a sponsor. You're free to use it as usual and I hope you'll enjoy this new release โค๏ธ

If you're using husky in a commercial project, you may want to consider becoming a sponsor to support the project. You can also try it for 30 days.

This is only for a limited time, husky will be MIT again later.

Migrating

Important Husky v5 brings a lot of improvements but is also very different from v4. Git hooks won't work if you only upgrade husky dependency, existing config needs to be migrated too.

The best way to switch to v5 is to follow the new installation instructions and migrate existing hooks command using husky add.

v4.3.8

Compare Source

  • Fix Cannot read property 'toString' of null
  • Improve error messages

v4.3.7

Compare Source

v4.3.6

Compare Source

v4.3.5

Compare Source

  • Rollback and do not throw error if husky install fails

v4.3.4

Compare Source

  • Throw error if husky install fails
  • Add workaround for npm 7 currently missing INIT_CWD environment variable

v4.3.3

Compare Source

v4.3.2

Compare Source

v4.3.1

Compare Source

v4.3.0

Compare Source

v4.2.5

Compare Source

v4.2.4

Compare Source

  • When Node version is unsupported, log actual version in addition to the error message #โ€‹701
  • Fix: support cnpm package manager #โ€‹687
  • Fix: always use sh to run scripts and avoid inconsistencies #โ€‹707
  • Fix: don't throw error if files are already removed during uninstall #โ€‹708

</details>


Configuration

๐Ÿ“… Schedule: At any time (no schedule defined).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป๏ธ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

+5 -197

0 comment

2 changed files

pr created time in a month

push eventAtomLinter/linter-erb

Renovate Bot

commit sha 4cec6ac6198350a76f1195d6d617670c9c79f0bb

chore(deps): update commitlint monorepo to v12

view details

push time in a month

push eventAtomLinter/linter-erb

Renovate Bot

commit sha b15b4118be287f1f4c68885c56d71c14c836dbc3

chore(deps): update eslint packages

view details

push time in a month

PR closed bookshelf/case-converter-plugin

Bump lodash from 4.17.15 to 4.17.19 dependencies

Bumps lodash from 4.17.15 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

delete branch bookshelf/case-converter-plugin

delete branch : dependabot/npm_and_yarn/lodash-4.17.19

delete time in a month

pull request commentbookshelf/case-converter-plugin

Bump lodash from 4.17.15 to 4.17.19

Superseded by #16.

dependabot[bot]

comment created time in a month

PR opened bookshelf/case-converter-plugin

Bump lodash from 4.17.15 to 4.17.21

Bumps lodash from 4.17.15 to 4.17.21. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538"><code>f299b52</code></a> Bump to v4.17.21</li> <li><a href="https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a"><code>c4847eb</code></a> Improve performance of <code>toNumber</code>, <code>trim</code> and <code>trimEnd</code> on large input strings</li> <li><a href="https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"><code>3469357</code></a> Prevent command injection through <code>_.template</code>'s <code>variable</code> option</li> <li><a href="https://github.com/lodash/lodash/commit/ded9bc66583ed0b4e3b7dc906206d40757b4a90a"><code>ded9bc6</code></a> Bump to v4.17.20.</li> <li><a href="https://github.com/lodash/lodash/commit/63150ef7645ac07961b63a86490f419f356429aa"><code>63150ef</code></a> Documentation fixes.</li> <li><a href="https://github.com/lodash/lodash/commit/00f0f62a979d2f5fa0287c06eae70cf9a62d8794"><code>00f0f62</code></a> test.js: Remove trailing comma.</li> <li><a href="https://github.com/lodash/lodash/commit/846e434c7a5b5692c55ebf5715ed677b70a32389"><code>846e434</code></a> Temporarily use a custom fork of <code>lodash-cli</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/5d046f39cbd27f573914768e3b36eeefcc4f1229"><code>5d046f3</code></a> Re-enable Travis tests on <code>4.17</code> branch.</li> <li><a href="https://github.com/lodash/lodash/commit/aa816b36d402a1ad9385142ce7188f17dae514fd"><code>aa816b3</code></a> Remove <code>/npm-package</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.21">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~bnjmnt4n">bnjmnt4n</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in a month

push eventAtomLinter/linter-erb

Renovate Bot

commit sha 571cf3d6bef19abcfd0879abe426ba6ce7f45f0a

chore(deps): update dependency eslint to v7

view details

push time in a month

PR opened AtomLinter/linter-erb

chore(deps): update dependency hosted-git-info to 2.8.9 [security]

WhiteSource Renovate

This PR contains the following updates:

Package Change
hosted-git-info 2.7.1 -> 2.8.9

GitHub Vulnerability Alerts

CVE-2021-23362

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity


Configuration

๐Ÿ“… Schedule: "" (UTC).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป๏ธ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

+3 -3

0 comment

1 changed file

pr created time in a month

PR opened AtomLinter/linter-erb

chore(deps): update dependency handlebars to 4.7.7 [security]

WhiteSource Renovate

This PR contains the following updates:

Package Change
handlebars 4.7.2 -> 4.7.7

GitHub Vulnerability Alerts

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.


Configuration

๐Ÿ“… Schedule: "" (UTC).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป๏ธ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

+18 -27

0 comment

1 changed file

pr created time in a month

create barnchAtomLinter/linter-erb

branch : renovate/npm-handlebars-vulnerability

created branch time in a month

delete branch AtomLinter/linter-erb

delete branch : renovate/husky-5.x

delete time in 2 months