docs-website icon indicating copy to clipboard operation
docs-website copied to clipboard

Published 20 hours ago verified publisher icon newrelic

chore(deps): bump micromatch from 4.0.5 to 4.0.8

Open dependabot[bot] opened this issue 1 year ago • 4 comments

Bumps micromatch from 4.0.5 to 4.0.8.

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.
Commits
  • 8bd704e 4.0.8
  • a0e6841 run verb to generate README documentation
  • 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
  • 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
  • 814f5f7 lint
  • 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
  • 113f2e3 fix: CVE numbers in CHANGELOG
  • d9dbd9a feat: updated CHANGELOG
  • 2ab1315 fix: use actions/setup-node@v4
  • 1406ea3 feat: rework test to work on macos with node 10,12 and 14
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Aug 27 '24 18:08 dependabot[bot]

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Aug 27 '24 18:08 CLAassistant

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Aug 27 '24 18:08 CLAassistant

Hi @dependabot[bot] 👋

Thanks for your pull request! Your PR is in a queue, and a writer will take a look soon. We generally publish small edits within one business day, and larger edits within three days.

We will automatically generate a preview of your request, and will comment with a link when the preview is ready (usually 10 to 20 minutes).

github-actions[bot] avatar Aug 27 '24 18:08 github-actions[bot]

Deploy Preview for docs-website-netlify ready!

Name Link
Latest commit 7d4d3242a6264506bf065599874b1b06190d48e4
Latest deploy log https://app.netlify.com/sites/docs-website-netlify/deploys/66ce1b7ac1f08900081b6a88
Deploy Preview https://deploy-preview-18499--docs-website-netlify.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

netlify[bot] avatar Aug 27 '24 18:08 netlify[bot]

Hi @WriteMayur , this is a pretty old PR, and resolving yarn.lock file manually in this case would be a hassle. We will close this PR, and dependabot should create a new PR from the current develop branch with the dependency's most up-to-date version, when it runs next, which we will merge.

gmanandhar-nr avatar Mar 12 '25 09:03 gmanandhar-nr

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Mar 12 '25 09:03 dependabot[bot]

@dependabot reopen

gmanandhar-nr avatar Mar 12 '25 10:03 gmanandhar-nr

@dependabot rebase

gmanandhar-nr avatar Jun 16 '25 10:06 gmanandhar-nr

Looks like micromatch is up-to-date now, so this is no longer needed.

dependabot[bot] avatar Jun 16 '25 10:06 dependabot[bot]