Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security fixes #1

Open
wants to merge 28 commits into
base: master
Choose a base branch
from
Open

Security fixes #1

wants to merge 28 commits into from

Conversation

smasala
Copy link

@smasala smasala commented Jun 17, 2021

Just a heads up that there have been some versions bumps from dependabot

smasala and others added 25 commits June 23, 2020 10:08
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.19)

Signed-off-by: dependabot[bot] <[email protected]>
…7.19

Bump lodash from 4.17.15 to 4.17.19
…re-1.2.6

Bump @actions/core from 1.2.0 to 1.2.6
…ier-8.0.1

Bump node-notifier from 8.0.0 to 8.0.1
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [ws](https://github.com/websockets/ws) from 7.3.1 to 7.4.6.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.3.1...7.4.6)

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](gulpjs/glob-parent@v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
…7.21

Bump lodash from 4.17.20 to 4.17.21
…-info-2.8.9

Bump hosted-git-info from 2.8.8 to 2.8.9
…t-5.1.2

Bump glob-parent from 5.1.1 to 5.1.2
@smasala
Copy link
Author

smasala commented Jun 17, 2021

FYI: @thomaswiener @kolja-ec

dependabot bot and others added 3 commits August 12, 2021 13:30
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
…e-1.0.7

Bump path-parse from 1.0.6 to 1.0.7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant