Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps-dev): bump @eslint/json from 0.9.1 to 0.10.0 #77

Merged
merged 1 commit into from
Jan 27, 2025
Merged

chore(deps-dev): bump @eslint/json from 0.9.1 to 0.10.0 #77

merged 1 commit into from
Jan 27, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 24, 2025
edited
Loading

PR-77 Powered by Pull Request Badge

Bumps @eslint/json from 0.9.1 to 0.10.0.

Release notes

Sourced from @​eslint/json's releases.

json: v0.10.0

0.10.0 (2025-01-19)

Features

Changelog

Sourced from @​eslint/json's changelog.

0.10.0 (2025-01-19)

Features

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by Sourcery

构建:

  • 将 @eslint/json 从 0.9.1 升级到 0.10.0。
Original summary in English

Summary by Sourcery

Build:

  • Bump @eslint/json from 0.9.1 to 0.10.0.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 24, 2025
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Jan 24, 2025
edited
Loading

Deploying qinwuyuan with  Cloudflare Pages  Cloudflare Pages

Latest commit: 512c5c1
Status: ✅  Deploy successful!
Preview URL: https://d76472ee.qinwuyuan.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-esli-7g1b.qinwuyuan.pages.dev

View logs

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 24, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 512c5c1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@labels-and-badges labels-and-badges bot added NO JIRA This PR does not have a Jira Ticket PR:size/S Denotes a Pull Request that changes 10-29 lines. release This PR is a release labels Jan 24, 2025
@pr-code-reviewer PR Code Reviewer
Copy link

pr-code-reviewer bot commented Jan 24, 2025
edited
Loading

👋 Hi there!

Everything looks good!


Automatically generated with the help of gpt-3.5-turbo.
Feedback? Please don't hesitate to drop me an email at [email protected].

@instapr InstaPR
Copy link

instapr bot commented Jan 24, 2025

Feedback:

👍 Everything looks good. The dependency has been updated from 0.9.1 to 0.10.0 successfully. Make sure to test the changes locally.

Thank you for the contribution! Keep up the good work! 🚀

@github-actions github-actions bot requested a review from ChinaGodMan January 24, 2025 18:27
@github-actions GitHub Actions
Copy link
Contributor

@dependabot[bot] 你好,人民的勤务员将尽快审查合并此次请求!🚀 [自动回复,请勿跟帖]

sourcery-ai[bot]
sourcery-ai bot reviewed Jan 24, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

我们跳过了对这个拉取请求的审查。看起来这是由机器人创建的(嘿,dependabot[bot]!)。我们假设它知道自己在做什么!

Original comment in English

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Jan 24, 2025
edited
Loading

审阅者指南 by Sourcery

此拉取请求将 @eslint/json 依赖从版本 0.9.1 更新到 0.10.0。此更新包括一个新的 'sort-keys' 规则。

ESLint JSON 依赖更新流程图

flowchart LR
    subgraph Before
      old["@eslint/json v0.9.1"]
    end
    subgraph After
      new["@eslint/json v0.10.0"]
      rules["新的 sort-keys 规则"]
      new --> rules
    end
    old -->|更新| new
Loading

文件级变更

变更 详情 文件
将 @eslint/json 依赖更新到版本 0.10.0。
  • 在 package.json 中更新 @eslint/json 版本。
  • 在 package-lock.json 中更新 @eslint/json 版本。
 package.json
package-lock.json
提示和命令

与 Sourcery 交互

  • 触发新的审阅: 在拉取请求中评论 @sourcery-ai review
  • 继续讨论: 直接回复 Sourcery 的审阅评论。
  • 从审阅评论生成 GitHub 问题: 通过回复审阅评论要求 Sourcery 创建问题。您也可以回复审阅评论并输入 @sourcery-ai issue 来创建问题。
  • 生成拉取请求标题: 在拉取请求标题的任何位置写 @sourcery-ai 以随时生成标题。您也可以在拉取请求中评论 @sourcery-ai title 以(重新)生成标题。
  • 生成拉取请求摘要: 在拉取请求正文的任何位置写 @sourcery-ai summary 以在您想要的确切位置生成 PR 摘要。您也可以在拉取请求中评论 @sourcery-ai summary 以(重新)生成摘要。
  • 生成审阅者指南: 在拉取请求中评论 @sourcery-ai guide 以随时(重新)生成审阅者指南。
  • 解决所有 Sourcery 评论: 在拉取请求中评论 @sourcery-ai resolve 以解决所有 Sourcery 评论。如果您已经处理了所有评论并且不想再看到它们,这将很有用。
  • 取消所有 Sourcery 审阅: 在拉取请求中评论 @sourcery-ai dismiss 以取消所有现有的 Sourcery 审阅。特别适用于您想重新开始审阅的情况 - 别忘了评论 @sourcery-ai review 以触发新的审阅!
  • 为问题生成行动计划: 在问题中评论 @sourcery-ai plan 以生成该问题的行动计划。

自定义您的体验

访问您的仪表板以:

  • 启用或禁用审阅功能,如 Sourcery 生成的拉取请求摘要、审阅者指南等。
  • 更改审阅语言。
  • 添加、删除或编辑自定义审阅说明。
  • 调整其他审阅设置。

获取帮助

Original review guide in English

Reviewer's Guide by Sourcery

This pull request updates the @eslint/json dependency from version 0.9.1 to 0.10.0. This update includes a new 'sort-keys' rule.

Flow diagram for ESLint JSON dependency update

flowchart LR
    subgraph Before
      old["@eslint/json v0.9.1"]
    end
    subgraph After
      new["@eslint/json v0.10.0"]
      rules["New sort-keys rule"]
      new --> rules
    end
    old -->|Update| new
Loading

File-Level Changes

Change Details Files
Updated the @eslint/json dependency to version 0.10.0.
  • Updated the @eslint/json version in package.json.
  • Updated the @eslint/json version in package-lock.json.
 package.json
package-lock.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@codethreat-sast-cloud CodeThreat SAST Cloud
Copy link

🚀 CodeThreat Security Scan Completed for UserScripts

Hello Team,

Great news! We've just completed a thorough security scan for UserScripts, and here's what we found:

Quick Overview

  • Duration: 00:00:42
  • Risk Score: F (This reflects the overall security posture based on the identified issues.)
  • Issues Fixed: 0 (The number of vulnerabilities resolved during this scan.)

🛠 Detailed Vulnerability Analysis

We've identified vulnerabilities across the codebase. Here's a detailed look:

Weakness Name Severity Count
Insecure Random Number Generator High 2
Detect Potential Xss In Template Literals Medium 39
Dynamic Code Execution Alert Critical 10
Redirection Input Validation Medium 1
Missing Timeout In Http Request Calls Low 3

🔗 Software Composition Analysis (SCA) Insights

package-lock.json

Severity Summary: Critical: 0 High: 0 Medium: 0 Low: 0

📈 Next Steps & Full Report

To dive deeper, click here to view the full report. It's essential to review these findings and plan the necessary fixes. If any of the critical/high issues need more discussion, let's set up a quick meeting to strategize our next steps.

🔒 Security isn't just a feature; it's a responsibility. Let's keep our codebase rock solid!

llamapreview[bot]
llamapreview bot reviewed Jan 24, 2025
View reviewed changes
Copy link

@llamapreview llamapreview bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto Pull Request Review from LlamaPReview

Review Status: Automated Review Skipped

Dear contributor,

Thank you for your Pull Request. LlamaPReview has analyzed your changes and determined that this PR does not require an automated code review.

Analysis Result:

PR contains only dependency version updates, specifically bumping @eslint/json from 0.9.1 to 0.10.0, requiring no automated code review

We're continuously improving our PR analysis capabilities. Have thoughts on when and how LlamaPReview should perform automated reviews? Share your insights in our GitHub Discussions.

Best regards,
LlamaPReview Team

@labels-and-badges labels-and-badges bot added the PR:CONFLICT This PR has a conflict label Jan 24, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 24, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 24, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/eslint/json-0.10.0 branch January 24, 2025 23:30
@ChinaGodMan ChinaGodMan restored the dependabot/npm_and_yarn/eslint/json-0.10.0 branch January 24, 2025 23:30
@ChinaGodMan ChinaGodMan reopened this Jan 24, 2025
@dependabot
chore(deps-dev): bump @eslint/json from 0.9.1 to 0.10.0
512c5c1 
Bumps [@eslint/json](https://github.com/eslint/json) from 0.9.1 to 0.10.0.
- [Release notes](https://github.com/eslint/json/releases)
- [Changelog](https://github.com/eslint/json/blob/main/CHANGELOG.md)
- [Commits](eslint/json@json-v0.9.1...json-v0.10.0)

---
updated-dependencies:
- dependency-name: "@eslint/json"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/eslint/json-0.10.0 branch from fd6f089 to 512c5c1 Compare January 27, 2025 22:13
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codethreat-sast-cloud CodeThreat SAST Cloud
Copy link

🚀 CodeThreat Security Scan Completed for UserScripts

Hello Team,

Great news! We've just completed a thorough security scan for UserScripts, and here's what we found:

Quick Overview

  • Duration: 00:00:41
  • Risk Score: F (This reflects the overall security posture based on the identified issues.)
  • Issues Fixed: 0 (The number of vulnerabilities resolved during this scan.)

🛠 Detailed Vulnerability Analysis

We've identified vulnerabilities across the codebase. Here's a detailed look:

Weakness Name Severity Count
Insecure Random Number Generator High 2
Detect Potential Xss In Template Literals Medium 39
Dynamic Code Execution Alert Critical 10
Redirection Input Validation Medium 1
Missing Timeout In Http Request Calls Low 3

🔗 Software Composition Analysis (SCA) Insights

package-lock.json

Severity Summary: Critical: 0 High: 0 Medium: 0 Low: 0

📈 Next Steps & Full Report

To dive deeper, click here to view the full report. It's essential to review these findings and plan the necessary fixes. If any of the critical/high issues need more discussion, let's set up a quick meeting to strategize our next steps.

🔒 Security isn't just a feature; it's a responsibility. Let's keep our codebase rock solid!

@ChinaGodMan ChinaGodMan merged commit f80169c into main Jan 27, 2025
17 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/eslint/json-0.10.0 branch January 27, 2025 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@llamapreview llamapreview[bot] llamapreview[bot] left review comments

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@ChinaGodMan ChinaGodMan Awaiting requested review from ChinaGodMan

Assignees

@ChinaGodMan ChinaGodMan

Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code NO JIRA This PR does not have a Jira Ticket PR:CONFLICT This PR has a conflict PR:size/S Denotes a Pull Request that changes 10-29 lines. release This PR is a release size/XS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ChinaGodMan