Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump datatables.net from 1.13.4 to 2.1.8 in /components #10999

Closed
wants to merge 1 commit into from
Closed

Bump datatables.net from 1.13.4 to 2.1.8 in /components #10999

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 4, 2024
edited
Loading

Bumps datatables.net from 1.13.4 to 2.1.8.

Release notes

Sourced from datatables.net's releases.

1.13.11

DataTables 1.13.11

Commits
  • 155c47b Sync tag release - 2.1.8
  • 1150bb1 643377800fbf3b1e050b8d59a843837710aea693 Release 2.1.8
  • 847314e 658b9d4ce42406bea630174635f258d08655df7f Fix: Columns where misaligned from t...
  • 44bc402 c711f949ba6a4f3f1383918d12a9b9600a558d57 Fix: Remove the setting of `role="ro...
  • 8c6985f e86bdad18a2ae35115ee8369bcde9023ad616b35 Fix: Date rendering would always set...
  • d90011a 0b07375e57ac56dd2ce582641115169eccd6340d Typescript: Need to export `ObjectCo...
  • 73d18ed Sync tag release - 2.1.7
  • 3c0bb60 f83a8f4c4c2f0541765632de1c22d11e5a92a54f Release 2.1.7
  • 6be1438 31f2488df2fac6a551a657109c4484fb470401ef Fix: null in a column that is dete...
  • 1cb130d f181926d2ebcb27e3b8004964235d37891778950 Fix: Safari 9 doesn't support `Strin...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump datatables.net from 1.13.4 to 2.1.8 in /components
ea4a327 
Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.13.4 to 2.1.8.
- [Release notes](https://github.com/DataTables/Dist-DataTables/releases)
- [Commits](DataTables/Dist-DataTables@1.13.4...2.1.8)

---
updated-dependencies:
- dependency-name: datatables.net
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 4, 2024
@dependabot dependabot bot mentioned this pull request Oct 4, 2024
Closed
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 4, 2024

DryRun Security Summary

The provided code changes involve updating the datatables.net dependency to a newer major version, which should be reviewed carefully for potential security vulnerabilities and breaking changes, and the code using the library should be thoroughly tested to ensure proper input sanitization and validation.

Expand for full summary

Summary:

The provided code changes involve updating the datatables.net dependency in the project's package.json and yarn.lock files. The datatables.net library is a popular JavaScript library for creating advanced tables and data grids, and the update represents a major version change from 1.13.4 to 2.1.8.

From an application security perspective, this update should be reviewed carefully. Previous versions of DataTables have had security vulnerabilities, such as Cross-Site Scripting (XSS) issues. When updating a dependency like this, it's important to review the release notes and security advisories to ensure that the new version addresses any known vulnerabilities. Additionally, the code using the DataTables library should be reviewed to ensure that it is properly sanitizing and validating user input to prevent potential security issues.

Files Changed:

  1. components/package.json: This file has been updated to change the datatables.net dependency from version ^1.13.4 to ^2.1.8. This is a major version update that may introduce breaking changes or new features, which should be thoroughly tested.
  2. components/yarn.lock: This file has been updated to reflect the change in the datatables.net dependency version from 1.13.4 to 2.1.8. The yarn.lock file is used to ensure consistent dependency versions across different environments, so the changes in this file should also be reviewed to ensure that all other dependencies are also updated to their latest compatible versions.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 7, 2025

Superseded by #11523.

@dependabot dependabot bot closed this Jan 7, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/components/dev/datatables.net-2.1.8 branch January 7, 2025 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants