profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/thomasin/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

thomasin/accessible-html 0

view helpers enforcing accessible practices

thomasin/body-scroll-lock 0

Body scroll locking that just works with everything 😏

thomasin/budgeter.rs 0

2 minute noodles

thomasin/contentful-apps 0

Apps on the Contentful Marketplace and resources to build them

thomasin/core 0

Elm's core libraries

thomasin/dragonfly-website 0

Dragonfly Public Website

delete branch thomasin/t-elm-tailwind

delete branch : dependabot/npm_and_yarn/color-string-1.6.0

delete time in a month

push eventthomasin/t-elm-tailwind

dependabot[bot]

commit sha 5772e51335421eb39d760c0148686841e9dbef67

Bump color-string from 1.5.3 to 1.6.0 Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0. - [Release notes](https://github.com/Qix-/color-string/releases) - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md) - [Commits](https://github.com/Qix-/color-string/commits/1.6.0) --- updated-dependencies: - dependency-name: color-string dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

thomasin

commit sha a43d876618247c54fe1e4113cab50bb59b0cb93a

Merge pull request #7 from thomasin/dependabot/npm_and_yarn/color-string-1.6.0 Bump color-string from 1.5.3 to 1.6.0

view details

push time in a month

PR merged thomasin/t-elm-tailwind

Bump color-string from 1.5.3 to 1.6.0 dependencies

Bumps color-string from 1.5.3 to 1.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Qix-/color-string/releases">color-string's releases</a>.</em></p> <blockquote> <h2>1.6.0</h2> <h1>Minor release 1.6.0</h1> <ul> <li><a href="https://github.com/Qix-/color-string/issues/55">#55</a> - Add support for space-separated HSL</li> </ul> <p>Thanks <a href="https://github.com/htunnicliff"><code>@​htunnicliff</code></a> for the contribution :)</p> <h2>1.5.5 (Patch/Security Release) - hwb() ReDos patch (low-severity)</h2> <blockquote> <p>Release notes copied verbatim from the commit message, which can be found here: 0789e21284c33d89ebc4ab4ca6f759b9375ac9d3</p> </blockquote> <pre><code>Discovered by Yeting Li, c/o Colin Ife via Snyk.io. <p>A ReDos (Regular Expression Denial of Service) vulnerability was responsibly disclosed to me via email by Colin on Mar 5 2021 regarding an exponential time complexity for linearly increasing input lengths for <code>hwb()</code> color strings.</p> <p>Strings reaching more than 5000 characters would see several milliseconds of processing time; strings reaching more than 50,000 characters began seeing 1500ms (1.5s) of processing time.</p> <p>The cause was due to a the regular expression that parses hwb() strings - specifically, the hue value - where the integer portion of the hue value used a 0-or-more quantifier shortly thereafter followed by a 1-or-more quantifier.</p> <p>This caused excessive backtracking and a cartesian scan, resulting in exponential time complexity given a linear increase in input length.</p> <p>Thank you Yeting Li and Colin Ife for bringing this to my attention in a secure, responsible and professional manner.</p> <p>A CVE will not be assigned for this vulnerability. </code></pre></p> <h2>1.5.4 (Patch Release)</h2> <ul> <li>Removes rounding of alpha values in RGBA hex (<code>#rrggbbaa</code>) and condensed-hex (<code>#rgba</code>) parsers, which caused certain unique inputs to result in identical outputs (see <a href="https://github.com/qix-/color/issues/174">https://github.com/qix-/color/issues/174</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Qix-/color-string/commits/1.6.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

delete branch thomasin/t-elm-tailwind

delete branch : dependabot/npm_and_yarn/ws-5.2.3

delete time in a month

push eventthomasin/t-elm-tailwind

dependabot[bot]

commit sha 73d59990e57afd7dfc0ab779009dde01a55d26f9

Bump ws from 5.2.2 to 5.2.3 Bumps [ws](https://github.com/websockets/ws) from 5.2.2 to 5.2.3. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/5.2.2...5.2.3) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

thomasin

commit sha 61ace7c38f49f9287d345341816d50172fc7b28d

Merge pull request #6 from thomasin/dependabot/npm_and_yarn/ws-5.2.3 Bump ws from 5.2.2 to 5.2.3

view details

push time in a month

PR merged thomasin/t-elm-tailwind

Bump ws from 5.2.2 to 5.2.3 dependencies

Bumps ws from 5.2.2 to 5.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>5.2.3</h2> <h1>Bug fixes</h1> <ul> <li>Backported 00c425ec to the 5.x release line (76d47c14).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/websockets/ws/commit/6dd88e7e968ef2416445d8f8620c17d99b15c77c"><code>6dd88e7</code></a> [dist] 5.2.3</li> <li><a href="https://github.com/websockets/ws/commit/76d47c1479002022a3e4357b3c9f0e23a68d4cd2"><code>76d47c1</code></a> [security] Fix ReDoS vulnerability</li> <li>See full diff in <a href="https://github.com/websockets/ws/compare/5.2.2...5.2.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

delete branch thomasin/t-elm-tailwind

delete branch : dependabot/npm_and_yarn/path-parse-1.0.7

delete time in a month

push eventthomasin/t-elm-tailwind

dependabot[bot]

commit sha 0d1cef237c2d6e221af975d06209a98348777fc1

Bump path-parse from 1.0.6 to 1.0.7 Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

view details

thomasin

commit sha c60483c95bb65819c98bbb8cc454804beb058215

Merge pull request #5 from thomasin/dependabot/npm_and_yarn/path-parse-1.0.7 Bump path-parse from 1.0.6 to 1.0.7

view details

push time in a month

PR merged thomasin/t-elm-tailwind

Bump path-parse from 1.0.6 to 1.0.7 dependencies

Bumps path-parse from 1.0.6 to 1.0.7. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jbgutierrez/path-parse/commits/v1.0.7">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

delete branch thomasin/dragonfly-website

delete branch : patch-2

delete time in 3 months

push eventthomasin/dragonfly-website

thomasin

commit sha 1fa9cda0bc3775ba1c91778c64a9a9cd8c7efda9

Update content.md

view details

push time in 3 months

push eventthomasin/dragonfly-website

thomasin

commit sha 425854018ddfaab8c5b7d43a7ed0d97163f2352e

Update content.md

view details

push time in 3 months