maniwani

maniwani copied to clipboard

Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.7.2 to 1.7.3. Changelog Sourced from shell-quote's changelog. 1.7.3 Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the...

dependabot[bot]

Bumps [copy-props](https://github.com/gulpjs/copy-props) from 2.0.4 to 2.0.5. Release notes Sourced from copy-props's releases. 2.0.5 Fix Avoids prototype pollution (#7) Doc Update license years. Transfer ownership to Gulp Team (#6) Build Update...

dependabot[bot]

Bumps [axios](https://github.com/axios/axios) from 0.19.0 to 0.21.2. Release notes Sourced from axios's releases. v0.21.2 0.21.2 (September 4, 2021) Fixes and Functionality: Updating axios requests to be delayed by pre-emptive promise creation...

dependabot[bot]

Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19. Commits 9a6faa0 4.4.19 70ef812 drop dirCache for symlink on all platforms 3e35515 4.4.18 52b09e3 fix: prevent path escape using drive-relative paths bb93ba2 fix: reserve...

dependabot[bot]

Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.2.0 to 9.0.1. Release notes Sourced from pillow's releases. 9.0.1 https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html Changes In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@​radarhere, @​hugovk] Restrict builtins within...

dependabot[bot]

Bumps [node-sass](https://github.com/sass/node-sass) from 4.13.1 to 7.0.0. Release notes Sourced from node-sass's releases. v7.0.0 Breaking changes Drop support for Node 15 (@​nschonni) Set rejectUnauthorized to true by default (@​scott-ut, #3149) Features...

dependabot[bot]

Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9. Changelog Sourced from hosted-git-info's changelog. 2.8.9 (2021-04-07) Bug Fixes backport regex fix from #76 (29adfe5), closes #84 2.8.8 (2020-02-29) Bug Fixes #61 & #65...

dependabot[bot]

Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. Commits See full diff in compare view Maintainer changes This version was pushed to npm by oss-bot, a new releaser for y18n since your...

dependabot[bot]