dependency-submission-toolkit icon indicating copy to clipboard operation
dependency-submission-toolkit copied to clipboard

Published 20 hours ago verified publisher icon github

Bump packageurl-js from 1.2.1 to 2.0.1

Open dependabot[bot] opened this issue 8 months ago • 0 comments
trafficstars

Bumps packageurl-js from 1.2.1 to 2.0.1.

Changelog

Sourced from packageurl-js's changelog.

2.0.1

Bug Fix

  • Fix decoding problems around the % character #75 (fix contributed by @​jdalton)

2.0.0

  • Significant refactor based on code from @​jdalton
  • Numerous bug fixes and improvements the community was asking for
    • See closed issues and PRs for details (too many to list here)
Commits
  • cd1eb4b chore: bump to v2.0.1 (#77)
  • f7dccd6 fix: error on decode with meaningful message
  • 07b818b fix: only decode in parseString
  • c2f576f bump to v2.0.0 (#74)
  • b5660a5 Merge pull request #73 from package-url/jdalton/sync
  • 400de0c Merge pull request #72 from package-url/dependabot/npm_and_yarn/braces-3.0.3
  • b6c8ce8 fix: correct package-url.d.ts readonly type casing
  • 96822af fix: correct param name typos
  • f81a6be fix: use encodeQualifierValue for qualifierKey and qualifierValue
  • ff590d2 feat: encode qualifiers with URLSearchParams
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Mar 11 '25 11:03 dependabot[bot]