dd-trace-js icon indicating copy to clipboard operation
dd-trace-js copied to clipboard
verified publisher icon DataDog

Bump json5 from 1.0.1 to 1.0.2

Open dependabot[bot] opened this issue 2 years ago • 2 comments

Bumps json5 from 1.0.1 to 1.0.2.

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Jul 26 '23 19:07 dependabot[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 84.72%. Comparing base (d3c8fbd) to head (d1578f4). Report is 1131 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3466   +/-   ##
=======================================
  Coverage   84.72%   84.72%           
=======================================
  Files         218      218           
  Lines        8583     8583           
  Branches       33       33           
=======================================
  Hits         7272     7272           
  Misses       1311     1311

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jul 26 '23 19:07 codecov[bot]

Benchmarks

Benchmark execution time: 2023-07-26 19:18:54

Comparing candidate commit d1578f4c0b3ed1c39a1e234b9271da8c38bdd6f9 in PR branch dependabot/npm_and_yarn/json5-1.0.2 with baseline commit d3c8fbd534fccfee58028051dd3270103369c8e4 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 474 metrics, 18 unstable metrics.

pr-commenter[bot] avatar Jul 26 '23 19:07 pr-commenter[bot]

Closed as outdated

BridgeAR avatar Feb 19 '25 15:02 BridgeAR

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Feb 19 '25 15:02 dependabot[bot]