Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using @dependabot's dependencyabot[bot] feature to reduce the number of security vulnerabilities #46

Open
wants to merge 31 commits into
base: master
Choose a base branch
from
Open

Using @dependabot's dependencyabot[bot] feature to reduce the number of security vulnerabilities #46

wants to merge 31 commits into from

Commits on Oct 3, 2024

  1. Bump json5 from 2.1.1 to 2.2.3 

    Bumps [json5](https://github.com/json5/json5) from 2.1.1 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.1...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    2b21170 View commit details
    Browse the repository at this point in the history

  2. Bump @babel/traverse from 7.7.4 to 7.25.7 

    Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.7.4 to 7.25.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.25.7/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    03940e1 View commit details
    Browse the repository at this point in the history

  3. Bump decode-uri-component from 0.2.0 to 0.2.2 

    Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

---
updated-dependencies:
- dependency-name: decode-uri-component
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    2c2fa0b View commit details
    Browse the repository at this point in the history

  4. Bump ansi-regex 

    Bumps  and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together.

Updates `ansi-regex` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v4.1.0...v4.1.1)

Updates `ansi-regex` from 3.0.0 to 4.1.1
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    b448de2 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #9 from LOQ-burh/dependabot/npm_and_yarn/multi-fc5… 

    …787f004

Bump ansi-regex
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    38817e2 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #5 from LOQ-burh/dependabot/npm_and_yarn/babel/tra… 

    …verse-7.25.7

Bump @babel/traverse from 7.7.4 to 7.25.7
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    91dc907 View commit details
    Browse the repository at this point in the history

  7. Bump url-parse from 1.5.7 to 1.5.10 

    Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.7 to 1.5.10.
- [Commits](unshiftio/url-parse@1.5.7...1.5.10)

---
updated-dependencies:
- dependency-name: url-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    f6e1214 View commit details
    Browse the repository at this point in the history

  8. Bump fsevents from 1.2.9 to 1.2.13 

    Bumps [fsevents](https://github.com/fsevents/fsevents) from 1.2.9 to 1.2.13.
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.2.9...v1.2.13)

---
updated-dependencies:
- dependency-name: fsevents
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    246a436 View commit details
    Browse the repository at this point in the history

  9. Merge pull request #3 from LOQ-burh/dependabot/npm_and_yarn/fsevents-… 

    …1.2.13

Bump fsevents from 1.2.9 to 1.2.13
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    6c01d93 View commit details
    Browse the repository at this point in the history

  10. .

    @LOQ-burh
    LOQ-burh committed Oct 3, 2024
    Configuration menu
    Copy the full SHA
    eeb3823 View commit details
    Browse the repository at this point in the history

  11. Merge pull request #10 from LOQ-burh/dependabot/npm_and_yarn/url-pars… 

    …e-1.5.10

Bump url-parse from 1.5.7 to 1.5.10
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    ff05703 View commit details
    Browse the repository at this point in the history

  12. Bump qs from 6.5.2 to 6.5.3 

    Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    a1f67fc View commit details
    Browse the repository at this point in the history

  13. Bump ws from 5.2.3 to 5.2.4 

    Bumps [ws](https://github.com/websockets/ws) from 5.2.3 to 5.2.4.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@5.2.3...5.2.4)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    5d52252 View commit details
    Browse the repository at this point in the history

  14. Bump braces and jest 

    Bumps [braces](https://github.com/micromatch/braces) to 3.0.3 and updates ancestor dependency [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest). These dependencies need to be updated together.


Updates `braces` from 2.3.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.3)

Updates `jest` from 24.9.0 to 29.7.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/jest)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
- dependency-name: jest
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    a2aa7b2 View commit details
    Browse the repository at this point in the history

  15. Bump json-schema and jsprim 

    Bumps [json-schema](https://github.com/kriszyp/json-schema) and [jsprim](https://github.com/joyent/node-jsprim). These dependencies needed to be updated together.

Updates `json-schema` from 0.2.3 to 0.4.0
- [Commits](kriszyp/json-schema@v0.2.3...v0.4.0)

Updates `jsprim` from 1.4.1 to 1.4.2
- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)
- [Commits](TritonDataCenter/node-jsprim@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
- dependency-name: jsprim
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    de812b9 View commit details
    Browse the repository at this point in the history

  16. Bump ajv from 6.10.2 to 6.12.6 

    Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.10.2...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    df50433 View commit details
    Browse the repository at this point in the history

  17. Merge pull request #11 from LOQ-burh/dependabot/npm_and_yarn/multi-97… 

    …8db22d76

Bump json-schema and jsprim
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    4201b91 View commit details
    Browse the repository at this point in the history

  18. Merge pull request #4 from LOQ-burh/dependabot/npm_and_yarn/ws-5.2.4 

    Bump ws from 5.2.3 to 5.2.4
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    5439aa4 View commit details
    Browse the repository at this point in the history

  19. Bump yargs-parser and ts-jest 

    Bumps [yargs-parser](https://github.com/yargs/yargs-parser) to 13.1.2 and updates ancestor dependency [ts-jest](https://github.com/kulshekhar/ts-jest). These dependencies need to be updated together.


Updates `yargs-parser` from 13.1.1 to 13.1.2
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md)
- [Commits](https://github.com/yargs/yargs-parser/commits)

Updates `ts-jest` from 24.2.0 to 29.2.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](kulshekhar/ts-jest@v24.2.0...v29.2.5)

---
updated-dependencies:
- dependency-name: yargs-parser
  dependency-type: indirect
- dependency-name: ts-jest
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
    @dependabot
    dependabot[bot] authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    d1d9612 View commit details
    Browse the repository at this point in the history

  20. Merge branch 'master' into dependabot/npm_and_yarn/multi-2e9cc7d425

    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    b401f59 View commit details
    Browse the repository at this point in the history

  21. Merge pull request #8 from LOQ-burh/dependabot/npm_and_yarn/multi-2e9… 

    …cc7d425

Bump braces and jest
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    99c3aeb View commit details
    Browse the repository at this point in the history

  22. Merge pull request #1 from LOQ-burh/dependabot/npm_and_yarn/json5-2.2.3 

    Bump json5 from 2.1.1 to 2.2.3
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    0c9543d View commit details
    Browse the repository at this point in the history

  23. Merge pull request #2 from LOQ-burh/dependabot/npm_and_yarn/qs-6.5.3 

    Bump qs from 6.5.2 to 6.5.3
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    41726d2 View commit details
    Browse the repository at this point in the history

  24. Merge branch 'master' into dependabot/npm_and_yarn/decode-uri-compone… 

    …nt-0.2.2
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    4dedd42 View commit details
    Browse the repository at this point in the history

  25. Merge pull request #6 from LOQ-burh/dependabot/npm_and_yarn/decode-ur… 

    …i-component-0.2.2

Bump decode-uri-component from 0.2.0 to 0.2.2
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    f5f5757 View commit details
    Browse the repository at this point in the history

  26. Merge branch 'master' into dependabot/npm_and_yarn/ajv-6.12.6

    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    7ce935e View commit details
    Browse the repository at this point in the history

  27. Merge pull request #12 from LOQ-burh/dependabot/npm_and_yarn/ajv-6.12.6 

    Bump ajv from 6.10.2 to 6.12.6
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    3c94dda View commit details
    Browse the repository at this point in the history

  28. Merge branch 'master' into dependabot/npm_and_yarn/multi-aaa0c11211

    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    d9e793b View commit details
    Browse the repository at this point in the history

  29. Merge pull request #14 from LOQ-burh/dependabot/npm_and_yarn/multi-aa… 

    …a0c11211

Bump yargs-parser and ts-jest
    @LOQ-burh
    LOQ-burh authored Oct 3, 2024
    Configuration menu
    Copy the full SHA
    188efbc View commit details
    Browse the repository at this point in the history

  30. Merge branch 'master' of https://github.com/LOQ-burh/vscode-github-ac… 

    …tions
    @LOQ-burh
    LOQ-burh committed Oct 3, 2024
    Configuration menu
    Copy the full SHA
    e60a43f View commit details
    Browse the repository at this point in the history

  31. .

    @LOQ-burh
    LOQ-burh committed Oct 3, 2024
    Configuration menu
    Copy the full SHA
    502a661 View commit details
    Browse the repository at this point in the history