profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/sparksp/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

monty5811/postcss-elm-tailwind 90

put some tailwind in your elm

sparksp/laravel-ircbot 42

Laravel IRC Bot (Rommie)

sparksp/laravel-apigen 16

ApiGen Bundle, by Phill Sparks

sparksp/laravel-html-menu 16

Topos Bundle, by Phill Sparks

sparksp/laravel-bootstrap 13

Bootsparks Bundle

sparksp/elm-review-action 11

GitHub action using elm-review to check code quality

sparksp/elm-review-imports 5

elm-review rule to enforce consistent import aliases

sparksp/laravel-gravatar 5

Gravitas Bundle, by Phill Sparks

sparksp/Analog24 3

Slow Watch Face for Garmin ConnectIQ.

sparksp/elm-review-camelcase 2

elm-review rule to ensure your code uses camelCase

push eventsparksp/sling-mountain

dependabot[bot]

commit sha d2369a77b410725b804e5ac0008c32efbf2481f7

Bump typescript from 4.4.2 to 4.4.3 Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.4.2 to 4.4.3. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](https://github.com/Microsoft/TypeScript/compare/v4.4.2...v4.4.3) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha f7247af3d23d3e71b26b074e90bb1e7377a7e967

Merge pull request #134 from sparksp/dependabot/npm_and_yarn/typescript-4.4.3 Bump typescript from 4.4.2 to 4.4.3

view details

push time in 4 days

delete branch sparksp/sling-mountain

delete branch : dependabot/npm_and_yarn/typescript-4.4.3

delete time in 4 days

PR merged sparksp/sling-mountain

Bump typescript from 4.4.2 to 4.4.3 dependencies javascript

Bumps typescript from 4.4.2 to 4.4.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 4.4.3</h2> <p>This patch release contains fix for <a href="https://github-redirect.dependabot.com/microsoft/TypeScript/issues/45633">leaking file watchers on <code>package.json</code></a>, and a <a href="https://github-redirect.dependabot.com/microsoft/TypeScript/issues/45436">minor fix for completions in JavaScript files</a>.</p> <hr /> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-4/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.4.0+%28Beta%29%22+">fixed issues query for Typescript 4.4.0 (Beta)</a>.</li> <li><a href="https://github.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.4.1+%28RC%29%22+">fixed issues query for Typescript 4.4.1 (RC)</a>.</li> <li><a href="https://github.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.4.2%22+">fixed issues query for Typescript 4.4.2</a>.</li> <li><a href="https://github.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.4.3%22+">fixed issues query for Typescript 4.4.3</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/TypeScript/commit/bbb31bb109d8c2366dd24725a34ea9bf2a35f3b1"><code>bbb31bb</code></a> Bump version to 4.4.3 and LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/782c09d783e006a697b4ba6d1e7ec2f718ce8393"><code>782c09d</code></a> Cherry-pick PR <a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/45484">#45484</a> into release-4.4 (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/45564">#45564</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/9eb689e066cf86eddbd60ba7a2459de80d5d5439"><code>9eb689e</code></a> Cherry-pick PR <a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/45642">#45642</a> into release-4.4 (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/45644">#45644</a>)</li> <li>See full diff in <a href="https://github.com/Microsoft/TypeScript/compare/v4.4.2...v4.4.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 4 days

push eventsparksp/lower-off

dependabot[bot]

commit sha ba8bdb24ff77ff35033155560b0adab13e70e812

Bump elm-community/list-extra from 8.3.1 to 8.5.0 in /web Bumps [elm-community/list-extra](https://github.com/elm-community/list-extra) from 8.3.1 to 8.5.0. - [Release notes](https://github.com/elm-community/list-extra/releases) - [Changelog](https://github.com/elm-community/list-extra/blob/master/ChangeLog.md) - [Commits](https://github.com/elm-community/list-extra/compare/8.3.1...8.5.0) --- updated-dependencies: - dependency-name: elm-community/list-extra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha aa4e1d3dba8df88693d8f675a361e921097175fd

Merge pull request #102 from sparksp/dependabot/elm/web/elm-community/list-extra-8.5.0 Bump elm-community/list-extra from 8.3.1 to 8.5.0 in /web

view details

push time in 4 days

delete branch sparksp/lower-off

delete branch : dependabot/elm/web/elm-community/list-extra-8.5.0

delete time in 4 days

PR merged sparksp/lower-off

Bump elm-community/list-extra from 8.3.1 to 8.5.0 in /web dependencies elm

Bumps elm-community/list-extra from 8.3.1 to 8.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-community/list-extra/blob/master/ChangeLog.md">elm-community/list-extra's changelog</a>.</em></p> <blockquote> <h3>8.5.0</h3> <ol> <li><code>unique</code> and <code>uniqueBy</code> functions no longer requires comparable input arguments. This change increased performance for lists sized 0-100 elements by about 40% but decreases performance for lists sized >200 by about 35%. Seems like a worthy trade off.</li> <li><code>isPermutationOf</code> is vastly more performant. <a href="https://github.com/lue-bird"><code>@​lue-bird</code></a> 's benchmarks show cases of being 141,000% more performant.</li> <li>New <code>reverseRange</code>, a more performant combination of <code>reverse</code> and <code>range</code>.</li> </ol> <h3>8.4.0</h3> <ol> <li>New function <code>joinOn</code></li> </ol> <h3>8.3.2</h3> <ol> <li><code>isInfixOf</code> is tail call optimized</li> </ol> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-community/list-extra/commit/bd0889cd306d1743aea42a263f21758c890cc7d9"><code>bd0889c</code></a> Bump package version</li> <li><a href="https://github.com/elm-community/list-extra/commit/9f5f0288a6da562bcf41a56bc14d7707f0a8ca86"><code>9f5f028</code></a> Bump version</li> <li><a href="https://github.com/elm-community/list-extra/commit/2dadfd31266b5349e610f8fa99a8f80ffcb98e77"><code>2dadfd3</code></a> Update changelog</li> <li><a href="https://github.com/elm-community/list-extra/commit/14de38922909871f6bd397378d372afdbcc2a6b3"><code>14de389</code></a> Added reverseRange, a faster way of creating a reversed range (<a href="https://github-redirect.dependabot.com/elm-community/list-extra/issues/134">#134</a>)</li> <li><a href="https://github.com/elm-community/list-extra/commit/69c4867001005966cdabb464e224e09ca114b001"><code>69c4867</code></a> Updated changelog</li> <li><a href="https://github.com/elm-community/list-extra/commit/dfe321c5ff78831ea72b8ccb03de0882fa018228"><code>dfe321c</code></a> remove Set usage in unique functions, drop comparable restriction (<a href="https://github-redirect.dependabot.com/elm-community/list-extra/issues/151">#151</a>)</li> <li><a href="https://github.com/elm-community/list-extra/commit/3f49fca0b1ec883b47e31033c81617e6da35c4f9"><code>3f49fca</code></a> better performing <code>isPermutationOf</code> (<a href="https://github-redirect.dependabot.com/elm-community/list-extra/issues/152">#152</a>)</li> <li><a href="https://github.com/elm-community/list-extra/commit/27a823117f70248caa7043a1114a971786fbe5a0"><code>27a8231</code></a> Change promised response time within readme</li> <li><a href="https://github.com/elm-community/list-extra/commit/064e1794842fcc5507727eba57d45196f3971bdc"><code>064e179</code></a> Bumping version</li> <li><a href="https://github.com/elm-community/list-extra/commit/c9095b6364c5622ba0101186d21222db892b8778"><code>c9095b6</code></a> Adds a joinOn function (<a href="https://github-redirect.dependabot.com/elm-community/list-extra/issues/150">#150</a>)</li> <li>Additional commits viewable in <a href="https://github.com/elm-community/list-extra/compare/8.3.1...8.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 4 days

PR merged sparksp/sling-mountain

Bump tailwindcss from 2.2.9 to 2.2.15 dependencies javascript

Bumps tailwindcss from 2.2.9 to 2.2.15. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v2.2.15</h2> <h3>Fixed</h3> <ul> <li>Ensure using CLI without <code>-i</code> for input file continues to work even though deprecated (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5464">#5464</a>)</li> </ul> <h2>v2.2.14</h2> <h3>Fixed</h3> <ul> <li>Only use <code>@defaults</code> in JIT, switch back to <code>clean-css</code> in case there's any meaningful differences in the output (<a href="https://github.com/tailwindlabs/tailwindcss/commit/bf248cb0de889d48854fbdd26536f4a492556efd">bf248cb</a>)</li> </ul> <h2>v2.2.13</h2> <h3>Fixed</h3> <ul> <li>Fix broken CDN build</li> </ul> <h2>v2.2.12</h2> <h3>Fixed</h3> <ul> <li>Ensure that divide utilities inject a default border color (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5438">#5438</a>)</li> </ul> <h2>v2.2.11</h2> <h3>Fixed</h3> <ul> <li>Rebundle to fix missing CLI peer dependencies</li> </ul> <h2>v2.2.10</h2> <h3>Fixed</h3> <ul> <li>Fix build error when using <code>presets: []</code> in config file (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/4903">#4903</a>)</li> </ul> <h3>Added</h3> <ul> <li>Reintroduce universal selector optimizations under experimental <code>optimizeUniversalDefaults</code> flag (<a href="https://github.com/tailwindlabs/tailwindcss/commit/a9e160cf9acb75a2bbac34f8864568b12940f89a">a9e160c</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/master/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h2>[2.2.15] - 2021-09-10</h2> <h3>Fixed</h3> <ul> <li>Ensure using CLI without <code>-i</code> for input file continues to work even though deprecated (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5464">#5464</a>)</li> </ul> <h2>[2.2.14] - 2021-09-08</h2> <h3>Fixed</h3> <ul> <li>Only use <code>@defaults</code> in JIT, switch back to <code>clean-css</code> in case there's any meaningful differences in the output (<a href="https://github.com/tailwindlabs/tailwindcss/commit/bf248cb0de889d48854fbdd26536f4a492556efd">bf248cb</a>)</li> </ul> <h2>[2.2.13] - 2021-09-08</h2> <h3>Fixed</h3> <ul> <li>Replace <code>clean-css</code> with <code>cssnano</code> for CDN builds to fix minified builds (<a href="https://github.com/tailwindlabs/tailwindcss/commit/75cc3ca305aedddc8a85f3df1a420fefad3fb5c4">75cc3ca</a>)</li> </ul> <h2>[2.2.12] - 2021-09-08</h2> <h3>Fixed</h3> <ul> <li>Ensure that divide utilities inject a default border color (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5438">#5438</a>)</li> </ul> <h2>[2.2.11] - 2021-09-07</h2> <h3>Fixed</h3> <ul> <li>Rebundle to fix missing CLI peer dependencies</li> </ul> <h2>[2.2.10] - 2021-09-06</h2> <h3>Fixed</h3> <ul> <li>Fix build error when using <code>presets: []</code> in config file (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/4903">#4903</a>)</li> </ul> <h3>Added</h3> <ul> <li>Reintroduce universal selector optimizations under experimental <code>optimizeUniversalDefaults</code> flag (<a href="https://github.com/tailwindlabs/tailwindcss/commit/a9e160cf9acb75a2bbac34f8864568b12940f89a">a9e160c</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/0d8be3d330a8efd4d7a1f26d644889cc533ca8f3"><code>0d8be3d</code></a> 2.2.15</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/ab685221af72ec81017c70265ee0c46ad6b91b14"><code>ab68522</code></a> ensure missing -i still works</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/cd15b3e985bd0c7cd8acf816e4afd063ed59033a"><code>cd15b3e</code></a> 2.2.14</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/cbcb50f27b5ab178f83193109ac4ea4c0ebaaceb"><code>cbcb50f</code></a> fix tests for AOT mode</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/bf248cb0de889d48854fbdd26536f4a492556efd"><code>bf248cb</code></a> only add the <code>@defaults</code> for <code>jit</code> mode</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/2122daff419146b1d89851c51e77187a0c0757de"><code>2122daf</code></a> use clean-css again</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/454a189d2f04be7e8523c1c41dbaad1314c75da2"><code>454a189</code></a> 2.2.13</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/75cc3ca305aedddc8a85f3df1a420fefad3fb5c4"><code>75cc3ca</code></a> use <code>cssnano</code> instead of <code>clean-css</code> for the minified CDN build</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/f6b862c2a3dc77ceda2ba46b7a2b950bb8788f28"><code>f6b862c</code></a> 2.2.12</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/df1283a2bc83bafe4d162064ebc5fe3127c4cbcf"><code>df1283a</code></a> update changelog</li> <li>Additional commits viewable in <a href="https://github.com/tailwindlabs/tailwindcss/compare/v2.2.9...v2.2.15">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+7 -6

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

push eventsparksp/sling-mountain

dependabot[bot]

commit sha ff8ced2a39bc20929437fbee914911c2cd8a694c

Bump tailwindcss from 2.2.9 to 2.2.15 Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 2.2.9 to 2.2.15. - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/master/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/compare/v2.2.9...v2.2.15) --- updated-dependencies: - dependency-name: tailwindcss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha 2765f7526126e2cd3ad8a8d220818b0a6393d39b

Merge pull request #133 from sparksp/dependabot/npm_and_yarn/tailwindcss-2.2.15 Bump tailwindcss from 2.2.9 to 2.2.15

view details

push time in 8 days

delete branch sparksp/sling-mountain

delete branch : dependabot/npm_and_yarn/tailwindcss-2.2.15

delete time in 8 days

push eventsparksp/lower-off

dependabot[bot]

commit sha 683370c8bc4e431dea9e27ade7bee6f049e1a229

Bump tailwindcss from 2.2.9 to 2.2.14 in /web Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 2.2.9 to 2.2.14. - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/master/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/compare/v2.2.9...v2.2.14) --- updated-dependencies: - dependency-name: tailwindcss dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha 4d621c792e8085d210c9cc09dd9bb27328237539

Merge pull request #100 from sparksp/dependabot/npm_and_yarn/web/tailwindcss-2.2.14 Bump tailwindcss from 2.2.9 to 2.2.14 in /web

view details

push time in 8 days

delete branch sparksp/lower-off

delete branch : dependabot/npm_and_yarn/web/tailwindcss-2.2.14

delete time in 8 days

PR merged sparksp/lower-off

Bump tailwindcss from 2.2.9 to 2.2.14 in /web dependencies javascript

Bumps tailwindcss from 2.2.9 to 2.2.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's releases</a>.</em></p> <blockquote> <h2>v2.2.13</h2> <h3>Fixed</h3> <ul> <li>Fix broken CDN build</li> </ul> <h2>v2.2.10</h2> <h3>Fixed</h3> <ul> <li>Fix build error when using <code>presets: []</code> in config file (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/4903">#4903</a>)</li> </ul> <h3>Added</h3> <ul> <li>Reintroduce universal selector optimizations under experimental <code>optimizeUniversalDefaults</code> flag (<a href="https://github.com/tailwindlabs/tailwindcss/commit/a9e160cf9acb75a2bbac34f8864568b12940f89a">a9e160c</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/master/CHANGELOG.md">tailwindcss's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2>[Unreleased]</h2> <h3>Changed</h3> <ul> <li>Remove AOT engine, make JIT the default (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5340">#5340</a>)</li> <li>Throw when trying to <code>@apply</code> the <code>group</code> class (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/4666">#4666</a>)</li> <li>Remove dependency on <code>modern-normalize</code>, inline and consolidate with Preflight (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5358">#5358</a>)</li> <li>Enable extended color palette by default with updated color names (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5384">#5384</a>)</li> </ul> <h3>Added</h3> <ul> <li>Add native <code>aspect-ratio</code> utilities (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5359">#5359</a>)</li> <li>Unify config callback helpers into single object (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5382">#5382</a>)</li> <li>Preserve original color format when adding opacity whenever possible (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5154">#5154</a>)</li> <li>Add <code>will-change</code> utilities (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5448">#5448</a>)</li> <li>Add <code>text-indent</code> utilities (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/5449">#5449</a>)</li> </ul> <h2>[2.2.10] - 2021-09-06</h2> <h3>Fixed</h3> <ul> <li>Fix build error when using <code>presets: []</code> in config file (<a href="https://github-redirect.dependabot.com/tailwindlabs/tailwindcss/pull/4903">#4903</a>)</li> </ul> <h3>Added</h3> <ul> <li>Reintroduce universal selector optimizations under experimental <code>optimizeUniversalDefaults</code> flag (<a href="https://github.com/tailwindlabs/tailwindcss/commit/a9e160cf9acb75a2bbac34f8864568b12940f89a">a9e160c</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/cd15b3e985bd0c7cd8acf816e4afd063ed59033a"><code>cd15b3e</code></a> 2.2.14</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/cbcb50f27b5ab178f83193109ac4ea4c0ebaaceb"><code>cbcb50f</code></a> fix tests for AOT mode</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/bf248cb0de889d48854fbdd26536f4a492556efd"><code>bf248cb</code></a> only add the <code>@defaults</code> for <code>jit</code> mode</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/2122daff419146b1d89851c51e77187a0c0757de"><code>2122daf</code></a> use clean-css again</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/454a189d2f04be7e8523c1c41dbaad1314c75da2"><code>454a189</code></a> 2.2.13</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/75cc3ca305aedddc8a85f3df1a420fefad3fb5c4"><code>75cc3ca</code></a> use <code>cssnano</code> instead of <code>clean-css</code> for the minified CDN build</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/f6b862c2a3dc77ceda2ba46b7a2b950bb8788f28"><code>f6b862c</code></a> 2.2.12</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/df1283a2bc83bafe4d162064ebc5fe3127c4cbcf"><code>df1283a</code></a> update changelog</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/2213fd8657fe44eb39fdbbe1929e5be75a7f9512"><code>2213fd8</code></a> ensure that <code>divide</code> utilities inject a default border color</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/ae0d84f7396c2daebf70be3af33efffac7318359"><code>ae0d84f</code></a> bump version to 2.2.11</li> <li>Additional commits viewable in <a href="https://github.com/tailwindlabs/tailwindcss/compare/v2.2.9...v2.2.14">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+7 -6

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

push eventsparksp/elm-review-config

dependabot[bot]

commit sha 99b921d04ae440a128928a350f137761b025b4db

Bump elm-tooling from 1.4.1 to 1.5.0 Bumps [elm-tooling](https://github.com/elm-tooling/elm-tooling-cli) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/elm-tooling/elm-tooling-cli/releases) - [Changelog](https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/elm-tooling/elm-tooling-cli/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: elm-tooling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha d56e7b1c39616799e0c9d2d6d9e9723ff51f139a

Merge pull request #47 from sparksp/dependabot/npm_and_yarn/elm-tooling-1.5.0 Bump elm-tooling from 1.4.1 to 1.5.0

view details

push time in 8 days

delete branch sparksp/elm-review-config

delete branch : dependabot/npm_and_yarn/elm-tooling-1.5.0

delete time in 8 days

PR merged sparksp/elm-review-config

Bump elm-tooling from 1.4.1 to 1.5.0 dependencies javascript

Bumps elm-tooling from 1.4.1 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md">elm-tooling's changelog</a>.</em></p> <blockquote> <h3>Version 1.5.0 (2021-09-08)</h3> <ul> <li>Added: elm-test-rs 1.2.1.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/1acf3b5b11108b417211f3e778a3f4b5420da919"><code>1acf3b5</code></a> elm-tooling-cli v1.5.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/70">#70</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b24102098762321d4979dfd196f67bc3d0033536"><code>b241020</code></a> Add elm-test-rs 1.2.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/69">#69</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/813265672660fadfadf148966241397428cae0d9"><code>8132656</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/68">#68</a>)</li> <li>See full diff in <a href="https://github.com/elm-tooling/elm-tooling-cli/compare/v1.4.1...v1.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

push eventsparksp/elm-review-always

dependabot[bot]

commit sha 634c3be9c37f652f2e99d043a2ae3017d7b93bec

Bump elm-tooling from 1.3.0 to 1.5.0 Bumps [elm-tooling](https://github.com/elm-tooling/elm-tooling-cli) from 1.3.0 to 1.5.0. - [Release notes](https://github.com/elm-tooling/elm-tooling-cli/releases) - [Changelog](https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0) --- updated-dependencies: - dependency-name: elm-tooling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha 889ee295a107325081f0a9dd4aa6256c77c63fb9

Merge pull request #46 from sparksp/dependabot/npm_and_yarn/elm-tooling-1.5.0 Bump elm-tooling from 1.3.0 to 1.5.0

view details

push time in 8 days

delete branch sparksp/elm-review-always

delete branch : dependabot/npm_and_yarn/elm-tooling-1.5.0

delete time in 8 days

PR merged sparksp/elm-review-always

Bump elm-tooling from 1.3.0 to 1.5.0 dependencies javascript

Bumps elm-tooling from 1.3.0 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md">elm-tooling's changelog</a>.</em></p> <blockquote> <h3>Version 1.5.0 (2021-09-08)</h3> <ul> <li>Added: elm-test-rs 1.2.1.</li> </ul> <h3>Version 1.4.1 (2021-08-22)</h3> <ul> <li>Fixed: The package build improvements in 1.4.0 accidentally broke the package exports. (<code>exports['default'] = elmToolingCli;</code> was shipped instead of the correct <code>module.exports = elmToolingCli;</code>.) This is fixed in 1.4.1, and I’ve added a regression test so it won’t happen again.</li> </ul> <h3>Version 1.4.0 (2021-08-11)</h3> <p><strong>🚨 Note:</strong> The package exports of this version are broken, so this version is deprecated. Update to 1.4.1.</p> <ul> <li> <p>Fixed: Some people <a href="https://stackoverflow.com/a/14614203/2010616">configure <code>curl</code> to output an extra newline</a>. The way <code>elm-tooling</code> uses <code>curl</code>, that results in an extra newline added to downloaded executables. While an extra newline doesn’t seem to break executables, it fails <code>elm-tooling</code>’s SHA256 verification, causing <code>elm-tooling</code> to abort with an error message like this:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm The downloaded file does not have the expected hash! Expected: e44af52bb27f725a973478e589d990a6428e115fe1bb14f03833134d6c0f155c Actual: e8b796172746fc7e2cd4edfd2e5a72d49ae38ddd89624caf16c6fa7226cb43c3 </code></pre> <p>It’s usually a good thing that the user’s <code>curl</code> config file (<code>~/.curlrc</code>) is respected, because it allows people to configure a proxy. But in this case it’s bad.</p> <p>To solve this problem, <code>elm-tooling</code> now overrides the option (<code>-w</code>, <code>--write-out</code>) that lets you add a newline (or anything, really) to the output. Thanks to Zach Rose (<a href="https://github.com/windmountain"><code>@​windmountain</code></a>) for reporting initially, and to Jakub Waszczuk (<a href="https://github.com/kawu"><code>@​kawu</code></a>) and Tomáš Látal (<a href="https://github.com/kraklin">kraklin</a>) for re-reporting and figuring out what the problem was!</p> </li> <li> <p>Improved: If something like the above happens in the future, the error message is better:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm <p>The downloaded file does not have the expected number of bytes! Expected: 6034617 Actual: 6034616</p> <ul> <li>Probably, something in your environment messes with the download.</li> <li>Worst case, someone has replaced the executable with something malicious!</li> </ul> <p>This happened when executing: curl -#fLw "" <a href="https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz">https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz</a></p> <p>Do you have a config file or environment variables set for curl? </code></pre></p> <p>There are a number of improvements here:</p> <ul> <li><code>elm-tooling</code> now not only verifies the SHA256 hash, but first also <em>the number of bytes.</em> That’s much easier to debug than a hash mismatch. And potentially more secure: An attacker would not just need to find a hash collision, but a hash collision using this exact number of bytes.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/1acf3b5b11108b417211f3e778a3f4b5420da919"><code>1acf3b5</code></a> elm-tooling-cli v1.5.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/70">#70</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b24102098762321d4979dfd196f67bc3d0033536"><code>b241020</code></a> Add elm-test-rs 1.2.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/69">#69</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/813265672660fadfadf148966241397428cae0d9"><code>8132656</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/68">#68</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b292a8169019e5ef5b348a0d006807ca8472c5d8"><code>b292a81</code></a> elm-tooling-cli v1.4.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/67">#67</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/30d1ccf6336fdc7c56648f6e6aae89fa6731bafa"><code>30d1ccf</code></a> Fix faulty exports in v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/66">#66</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/782123b1e2a2d24032a3450a3f38aacb6031ff9d"><code>782123b</code></a> Update docs (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/65">#65</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/401abd93f87d0e91cdc97e7d931acc430933ebfd"><code>401abd9</code></a> elm-tooling-cli v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/64">#64</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/d07b2ed4776bf802eeac8c9710e3bac82f9a44e4"><code>d07b2ed</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/63">#63</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/6e7be10a8cfd853d052c1f1bc486c5d279af0793"><code>6e7be10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/62">#62</a> from elm-tooling/curl-issue</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/11c540a7d6b7f9ede78e8c1bf4cdb3c70e343881"><code>11c540a</code></a> binary -> executable</li> <li>Additional commits viewable in <a href="https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

push eventsparksp/elm-review-camelcase

dependabot[bot]

commit sha fcfca76c00e016417c19da577fd9b82abfe393dd

Bump elm-tooling from 1.3.0 to 1.5.0 Bumps [elm-tooling](https://github.com/elm-tooling/elm-tooling-cli) from 1.3.0 to 1.5.0. - [Release notes](https://github.com/elm-tooling/elm-tooling-cli/releases) - [Changelog](https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0) --- updated-dependencies: - dependency-name: elm-tooling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha 9db96a40a46e6f2a8178f4318b06ed5ff5d383d7

Merge pull request #46 from sparksp/dependabot/npm_and_yarn/elm-tooling-1.5.0 Bump elm-tooling from 1.3.0 to 1.5.0

view details

push time in 8 days

delete branch sparksp/elm-review-camelcase

delete branch : dependabot/npm_and_yarn/elm-tooling-1.5.0

delete time in 8 days

PR merged sparksp/elm-review-camelcase

Bump elm-tooling from 1.3.0 to 1.5.0 dependencies javascript

Bumps elm-tooling from 1.3.0 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md">elm-tooling's changelog</a>.</em></p> <blockquote> <h3>Version 1.5.0 (2021-09-08)</h3> <ul> <li>Added: elm-test-rs 1.2.1.</li> </ul> <h3>Version 1.4.1 (2021-08-22)</h3> <ul> <li>Fixed: The package build improvements in 1.4.0 accidentally broke the package exports. (<code>exports['default'] = elmToolingCli;</code> was shipped instead of the correct <code>module.exports = elmToolingCli;</code>.) This is fixed in 1.4.1, and I’ve added a regression test so it won’t happen again.</li> </ul> <h3>Version 1.4.0 (2021-08-11)</h3> <p><strong>🚨 Note:</strong> The package exports of this version are broken, so this version is deprecated. Update to 1.4.1.</p> <ul> <li> <p>Fixed: Some people <a href="https://stackoverflow.com/a/14614203/2010616">configure <code>curl</code> to output an extra newline</a>. The way <code>elm-tooling</code> uses <code>curl</code>, that results in an extra newline added to downloaded executables. While an extra newline doesn’t seem to break executables, it fails <code>elm-tooling</code>’s SHA256 verification, causing <code>elm-tooling</code> to abort with an error message like this:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm The downloaded file does not have the expected hash! Expected: e44af52bb27f725a973478e589d990a6428e115fe1bb14f03833134d6c0f155c Actual: e8b796172746fc7e2cd4edfd2e5a72d49ae38ddd89624caf16c6fa7226cb43c3 </code></pre> <p>It’s usually a good thing that the user’s <code>curl</code> config file (<code>~/.curlrc</code>) is respected, because it allows people to configure a proxy. But in this case it’s bad.</p> <p>To solve this problem, <code>elm-tooling</code> now overrides the option (<code>-w</code>, <code>--write-out</code>) that lets you add a newline (or anything, really) to the output. Thanks to Zach Rose (<a href="https://github.com/windmountain"><code>@​windmountain</code></a>) for reporting initially, and to Jakub Waszczuk (<a href="https://github.com/kawu"><code>@​kawu</code></a>) and Tomáš Látal (<a href="https://github.com/kraklin">kraklin</a>) for re-reporting and figuring out what the problem was!</p> </li> <li> <p>Improved: If something like the above happens in the future, the error message is better:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm <p>The downloaded file does not have the expected number of bytes! Expected: 6034617 Actual: 6034616</p> <ul> <li>Probably, something in your environment messes with the download.</li> <li>Worst case, someone has replaced the executable with something malicious!</li> </ul> <p>This happened when executing: curl -#fLw "" <a href="https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz">https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz</a></p> <p>Do you have a config file or environment variables set for curl? </code></pre></p> <p>There are a number of improvements here:</p> <ul> <li><code>elm-tooling</code> now not only verifies the SHA256 hash, but first also <em>the number of bytes.</em> That’s much easier to debug than a hash mismatch. And potentially more secure: An attacker would not just need to find a hash collision, but a hash collision using this exact number of bytes.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/1acf3b5b11108b417211f3e778a3f4b5420da919"><code>1acf3b5</code></a> elm-tooling-cli v1.5.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/70">#70</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b24102098762321d4979dfd196f67bc3d0033536"><code>b241020</code></a> Add elm-test-rs 1.2.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/69">#69</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/813265672660fadfadf148966241397428cae0d9"><code>8132656</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/68">#68</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b292a8169019e5ef5b348a0d006807ca8472c5d8"><code>b292a81</code></a> elm-tooling-cli v1.4.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/67">#67</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/30d1ccf6336fdc7c56648f6e6aae89fa6731bafa"><code>30d1ccf</code></a> Fix faulty exports in v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/66">#66</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/782123b1e2a2d24032a3450a3f38aacb6031ff9d"><code>782123b</code></a> Update docs (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/65">#65</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/401abd93f87d0e91cdc97e7d931acc430933ebfd"><code>401abd9</code></a> elm-tooling-cli v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/64">#64</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/d07b2ed4776bf802eeac8c9710e3bac82f9a44e4"><code>d07b2ed</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/63">#63</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/6e7be10a8cfd853d052c1f1bc486c5d279af0793"><code>6e7be10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/62">#62</a> from elm-tooling/curl-issue</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/11c540a7d6b7f9ede78e8c1bf4cdb3c70e343881"><code>11c540a</code></a> binary -> executable</li> <li>Additional commits viewable in <a href="https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

push eventsparksp/elm-review-forbidden-words

dependabot[bot]

commit sha 5117bd28a77a61e113d3b835ef3ef28801ff55e3

Bump elm-tooling from 1.3.0 to 1.5.0 Bumps [elm-tooling](https://github.com/elm-tooling/elm-tooling-cli) from 1.3.0 to 1.5.0. - [Release notes](https://github.com/elm-tooling/elm-tooling-cli/releases) - [Changelog](https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0) --- updated-dependencies: - dependency-name: elm-tooling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha 9d45288bbc2e4f1f7fb5c3ba1c42c5278e365263

Merge pull request #46 from sparksp/dependabot/npm_and_yarn/elm-tooling-1.5.0 Bump elm-tooling from 1.3.0 to 1.5.0

view details

push time in 8 days

delete branch sparksp/elm-review-forbidden-words

delete branch : dependabot/npm_and_yarn/elm-tooling-1.5.0

delete time in 8 days

PR merged sparksp/elm-review-forbidden-words

Bump elm-tooling from 1.3.0 to 1.5.0 dependencies javascript

Bumps elm-tooling from 1.3.0 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md">elm-tooling's changelog</a>.</em></p> <blockquote> <h3>Version 1.5.0 (2021-09-08)</h3> <ul> <li>Added: elm-test-rs 1.2.1.</li> </ul> <h3>Version 1.4.1 (2021-08-22)</h3> <ul> <li>Fixed: The package build improvements in 1.4.0 accidentally broke the package exports. (<code>exports['default'] = elmToolingCli;</code> was shipped instead of the correct <code>module.exports = elmToolingCli;</code>.) This is fixed in 1.4.1, and I’ve added a regression test so it won’t happen again.</li> </ul> <h3>Version 1.4.0 (2021-08-11)</h3> <p><strong>🚨 Note:</strong> The package exports of this version are broken, so this version is deprecated. Update to 1.4.1.</p> <ul> <li> <p>Fixed: Some people <a href="https://stackoverflow.com/a/14614203/2010616">configure <code>curl</code> to output an extra newline</a>. The way <code>elm-tooling</code> uses <code>curl</code>, that results in an extra newline added to downloaded executables. While an extra newline doesn’t seem to break executables, it fails <code>elm-tooling</code>’s SHA256 verification, causing <code>elm-tooling</code> to abort with an error message like this:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm The downloaded file does not have the expected hash! Expected: e44af52bb27f725a973478e589d990a6428e115fe1bb14f03833134d6c0f155c Actual: e8b796172746fc7e2cd4edfd2e5a72d49ae38ddd89624caf16c6fa7226cb43c3 </code></pre> <p>It’s usually a good thing that the user’s <code>curl</code> config file (<code>~/.curlrc</code>) is respected, because it allows people to configure a proxy. But in this case it’s bad.</p> <p>To solve this problem, <code>elm-tooling</code> now overrides the option (<code>-w</code>, <code>--write-out</code>) that lets you add a newline (or anything, really) to the output. Thanks to Zach Rose (<a href="https://github.com/windmountain"><code>@​windmountain</code></a>) for reporting initially, and to Jakub Waszczuk (<a href="https://github.com/kawu"><code>@​kawu</code></a>) and Tomáš Látal (<a href="https://github.com/kraklin">kraklin</a>) for re-reporting and figuring out what the problem was!</p> </li> <li> <p>Improved: If something like the above happens in the future, the error message is better:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm <p>The downloaded file does not have the expected number of bytes! Expected: 6034617 Actual: 6034616</p> <ul> <li>Probably, something in your environment messes with the download.</li> <li>Worst case, someone has replaced the executable with something malicious!</li> </ul> <p>This happened when executing: curl -#fLw "" <a href="https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz">https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz</a></p> <p>Do you have a config file or environment variables set for curl? </code></pre></p> <p>There are a number of improvements here:</p> <ul> <li><code>elm-tooling</code> now not only verifies the SHA256 hash, but first also <em>the number of bytes.</em> That’s much easier to debug than a hash mismatch. And potentially more secure: An attacker would not just need to find a hash collision, but a hash collision using this exact number of bytes.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/1acf3b5b11108b417211f3e778a3f4b5420da919"><code>1acf3b5</code></a> elm-tooling-cli v1.5.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/70">#70</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b24102098762321d4979dfd196f67bc3d0033536"><code>b241020</code></a> Add elm-test-rs 1.2.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/69">#69</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/813265672660fadfadf148966241397428cae0d9"><code>8132656</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/68">#68</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b292a8169019e5ef5b348a0d006807ca8472c5d8"><code>b292a81</code></a> elm-tooling-cli v1.4.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/67">#67</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/30d1ccf6336fdc7c56648f6e6aae89fa6731bafa"><code>30d1ccf</code></a> Fix faulty exports in v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/66">#66</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/782123b1e2a2d24032a3450a3f38aacb6031ff9d"><code>782123b</code></a> Update docs (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/65">#65</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/401abd93f87d0e91cdc97e7d931acc430933ebfd"><code>401abd9</code></a> elm-tooling-cli v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/64">#64</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/d07b2ed4776bf802eeac8c9710e3bac82f9a44e4"><code>d07b2ed</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/63">#63</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/6e7be10a8cfd853d052c1f1bc486c5d279af0793"><code>6e7be10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/62">#62</a> from elm-tooling/curl-issue</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/11c540a7d6b7f9ede78e8c1bf4cdb3c70e343881"><code>11c540a</code></a> binary -> executable</li> <li>Additional commits viewable in <a href="https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

push eventsparksp/elm-review-imports

dependabot[bot]

commit sha 61c3929e9f147b0d9c6e3efd3dcb92332a7da1a4

Bump elm-tooling from 1.3.0 to 1.5.0 Bumps [elm-tooling](https://github.com/elm-tooling/elm-tooling-cli) from 1.3.0 to 1.5.0. - [Release notes](https://github.com/elm-tooling/elm-tooling-cli/releases) - [Changelog](https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0) --- updated-dependencies: - dependency-name: elm-tooling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha bcda7855073cc56a33dd852fdc822daecdc81ef9

Merge pull request #63 from sparksp/dependabot/npm_and_yarn/elm-tooling-1.5.0 Bump elm-tooling from 1.3.0 to 1.5.0

view details

push time in 8 days

delete branch sparksp/elm-review-imports

delete branch : dependabot/npm_and_yarn/elm-tooling-1.5.0

delete time in 8 days

PR merged sparksp/elm-review-imports

Bump elm-tooling from 1.3.0 to 1.5.0 dependencies javascript

Bumps elm-tooling from 1.3.0 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md">elm-tooling's changelog</a>.</em></p> <blockquote> <h3>Version 1.5.0 (2021-09-08)</h3> <ul> <li>Added: elm-test-rs 1.2.1.</li> </ul> <h3>Version 1.4.1 (2021-08-22)</h3> <ul> <li>Fixed: The package build improvements in 1.4.0 accidentally broke the package exports. (<code>exports['default'] = elmToolingCli;</code> was shipped instead of the correct <code>module.exports = elmToolingCli;</code>.) This is fixed in 1.4.1, and I’ve added a regression test so it won’t happen again.</li> </ul> <h3>Version 1.4.0 (2021-08-11)</h3> <p><strong>🚨 Note:</strong> The package exports of this version are broken, so this version is deprecated. Update to 1.4.1.</p> <ul> <li> <p>Fixed: Some people <a href="https://stackoverflow.com/a/14614203/2010616">configure <code>curl</code> to output an extra newline</a>. The way <code>elm-tooling</code> uses <code>curl</code>, that results in an extra newline added to downloaded executables. While an extra newline doesn’t seem to break executables, it fails <code>elm-tooling</code>’s SHA256 verification, causing <code>elm-tooling</code> to abort with an error message like this:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm The downloaded file does not have the expected hash! Expected: e44af52bb27f725a973478e589d990a6428e115fe1bb14f03833134d6c0f155c Actual: e8b796172746fc7e2cd4edfd2e5a72d49ae38ddd89624caf16c6fa7226cb43c3 </code></pre> <p>It’s usually a good thing that the user’s <code>curl</code> config file (<code>~/.curlrc</code>) is respected, because it allows people to configure a proxy. But in this case it’s bad.</p> <p>To solve this problem, <code>elm-tooling</code> now overrides the option (<code>-w</code>, <code>--write-out</code>) that lets you add a newline (or anything, really) to the output. Thanks to Zach Rose (<a href="https://github.com/windmountain"><code>@​windmountain</code></a>) for reporting initially, and to Jakub Waszczuk (<a href="https://github.com/kawu"><code>@​kawu</code></a>) and Tomáš Látal (<a href="https://github.com/kraklin">kraklin</a>) for re-reporting and figuring out what the problem was!</p> </li> <li> <p>Improved: If something like the above happens in the future, the error message is better:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm <p>The downloaded file does not have the expected number of bytes! Expected: 6034617 Actual: 6034616</p> <ul> <li>Probably, something in your environment messes with the download.</li> <li>Worst case, someone has replaced the executable with something malicious!</li> </ul> <p>This happened when executing: curl -#fLw "" <a href="https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz">https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz</a></p> <p>Do you have a config file or environment variables set for curl? </code></pre></p> <p>There are a number of improvements here:</p> <ul> <li><code>elm-tooling</code> now not only verifies the SHA256 hash, but first also <em>the number of bytes.</em> That’s much easier to debug than a hash mismatch. And potentially more secure: An attacker would not just need to find a hash collision, but a hash collision using this exact number of bytes.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/1acf3b5b11108b417211f3e778a3f4b5420da919"><code>1acf3b5</code></a> elm-tooling-cli v1.5.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/70">#70</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b24102098762321d4979dfd196f67bc3d0033536"><code>b241020</code></a> Add elm-test-rs 1.2.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/69">#69</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/813265672660fadfadf148966241397428cae0d9"><code>8132656</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/68">#68</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b292a8169019e5ef5b348a0d006807ca8472c5d8"><code>b292a81</code></a> elm-tooling-cli v1.4.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/67">#67</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/30d1ccf6336fdc7c56648f6e6aae89fa6731bafa"><code>30d1ccf</code></a> Fix faulty exports in v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/66">#66</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/782123b1e2a2d24032a3450a3f38aacb6031ff9d"><code>782123b</code></a> Update docs (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/65">#65</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/401abd93f87d0e91cdc97e7d931acc430933ebfd"><code>401abd9</code></a> elm-tooling-cli v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/64">#64</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/d07b2ed4776bf802eeac8c9710e3bac82f9a44e4"><code>d07b2ed</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/63">#63</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/6e7be10a8cfd853d052c1f1bc486c5d279af0793"><code>6e7be10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/62">#62</a> from elm-tooling/curl-issue</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/11c540a7d6b7f9ede78e8c1bf4cdb3c70e343881"><code>11c540a</code></a> binary -> executable</li> <li>Additional commits viewable in <a href="https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days

delete branch sparksp/elm-review-rules-to-avoid

delete branch : dependabot/npm_and_yarn/elm-tooling-1.5.0

delete time in 8 days

push eventsparksp/elm-review-rules-to-avoid

dependabot[bot]

commit sha 7e4943f6799a9d197324d9b3723a6d094657fe6e

Bump elm-tooling from 1.3.0 to 1.5.0 Bumps [elm-tooling](https://github.com/elm-tooling/elm-tooling-cli) from 1.3.0 to 1.5.0. - [Release notes](https://github.com/elm-tooling/elm-tooling-cli/releases) - [Changelog](https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md) - [Commits](https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0) --- updated-dependencies: - dependency-name: elm-tooling dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Phill Sparks

commit sha 06c67888ba2451e17582772c41d7aa4f9aef2b24

Merge pull request #24 from sparksp/dependabot/npm_and_yarn/elm-tooling-1.5.0 Bump elm-tooling from 1.3.0 to 1.5.0

view details

push time in 8 days

PR merged sparksp/elm-review-rules-to-avoid

Bump elm-tooling from 1.3.0 to 1.5.0 dependencies javascript

Bumps elm-tooling from 1.3.0 to 1.5.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elm-tooling/elm-tooling-cli/blob/main/CHANGELOG.md">elm-tooling's changelog</a>.</em></p> <blockquote> <h3>Version 1.5.0 (2021-09-08)</h3> <ul> <li>Added: elm-test-rs 1.2.1.</li> </ul> <h3>Version 1.4.1 (2021-08-22)</h3> <ul> <li>Fixed: The package build improvements in 1.4.0 accidentally broke the package exports. (<code>exports['default'] = elmToolingCli;</code> was shipped instead of the correct <code>module.exports = elmToolingCli;</code>.) This is fixed in 1.4.1, and I’ve added a regression test so it won’t happen again.</li> </ul> <h3>Version 1.4.0 (2021-08-11)</h3> <p><strong>🚨 Note:</strong> The package exports of this version are broken, so this version is deprecated. Update to 1.4.1.</p> <ul> <li> <p>Fixed: Some people <a href="https://stackoverflow.com/a/14614203/2010616">configure <code>curl</code> to output an extra newline</a>. The way <code>elm-tooling</code> uses <code>curl</code>, that results in an extra newline added to downloaded executables. While an extra newline doesn’t seem to break executables, it fails <code>elm-tooling</code>’s SHA256 verification, causing <code>elm-tooling</code> to abort with an error message like this:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm The downloaded file does not have the expected hash! Expected: e44af52bb27f725a973478e589d990a6428e115fe1bb14f03833134d6c0f155c Actual: e8b796172746fc7e2cd4edfd2e5a72d49ae38ddd89624caf16c6fa7226cb43c3 </code></pre> <p>It’s usually a good thing that the user’s <code>curl</code> config file (<code>~/.curlrc</code>) is respected, because it allows people to configure a proxy. But in this case it’s bad.</p> <p>To solve this problem, <code>elm-tooling</code> now overrides the option (<code>-w</code>, <code>--write-out</code>) that lets you add a newline (or anything, really) to the output. Thanks to Zach Rose (<a href="https://github.com/windmountain"><code>@​windmountain</code></a>) for reporting initially, and to Jakub Waszczuk (<a href="https://github.com/kawu"><code>@​kawu</code></a>) and Tomáš Látal (<a href="https://github.com/kraklin">kraklin</a>) for re-reporting and figuring out what the problem was!</p> </li> <li> <p>Improved: If something like the above happens in the future, the error message is better:</p> <pre><code>elm 0.19.1 < https://github.com/elm/compiler/releases/download/0.19.1/binary-for-linux-64-bit.gz > /home/you/.elm/elm-tooling/elm/0.19.1/elm <p>The downloaded file does not have the expected number of bytes! Expected: 6034617 Actual: 6034616</p> <ul> <li>Probably, something in your environment messes with the download.</li> <li>Worst case, someone has replaced the executable with something malicious!</li> </ul> <p>This happened when executing: curl -#fLw "" <a href="https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz">https://github.com/elm/compiler/releases/download/0.19.1/binary-for-mac-64-bit.gz</a></p> <p>Do you have a config file or environment variables set for curl? </code></pre></p> <p>There are a number of improvements here:</p> <ul> <li><code>elm-tooling</code> now not only verifies the SHA256 hash, but first also <em>the number of bytes.</em> That’s much easier to debug than a hash mismatch. And potentially more secure: An attacker would not just need to find a hash collision, but a hash collision using this exact number of bytes.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/1acf3b5b11108b417211f3e778a3f4b5420da919"><code>1acf3b5</code></a> elm-tooling-cli v1.5.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/70">#70</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b24102098762321d4979dfd196f67bc3d0033536"><code>b241020</code></a> Add elm-test-rs 1.2.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/69">#69</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/813265672660fadfadf148966241397428cae0d9"><code>8132656</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/68">#68</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/b292a8169019e5ef5b348a0d006807ca8472c5d8"><code>b292a81</code></a> elm-tooling-cli v1.4.1 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/67">#67</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/30d1ccf6336fdc7c56648f6e6aae89fa6731bafa"><code>30d1ccf</code></a> Fix faulty exports in v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/66">#66</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/782123b1e2a2d24032a3450a3f38aacb6031ff9d"><code>782123b</code></a> Update docs (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/65">#65</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/401abd93f87d0e91cdc97e7d931acc430933ebfd"><code>401abd9</code></a> elm-tooling-cli v1.4.0 (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/64">#64</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/d07b2ed4776bf802eeac8c9710e3bac82f9a44e4"><code>d07b2ed</code></a> Update npm packages (<a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/63">#63</a>)</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/6e7be10a8cfd853d052c1f1bc486c5d279af0793"><code>6e7be10</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/elm-tooling/elm-tooling-cli/issues/62">#62</a> from elm-tooling/curl-issue</li> <li><a href="https://github.com/elm-tooling/elm-tooling-cli/commit/11c540a7d6b7f9ede78e8c1bf4cdb3c70e343881"><code>11c540a</code></a> binary -> executable</li> <li>Additional commits viewable in <a href="https://github.com/elm-tooling/elm-tooling-cli/compare/v1.3.0...v1.5.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 8 days