semantic-release-jira-releases icon indicating copy to clipboard operation
semantic-release-jira-releases copied to clipboard

Published 20 hours ago verified publisher icon UpHabit

chore(deps): update dependency madge to v4 [security]

Open renovate[bot] opened this issue 4 years ago • 1 comments
trafficstars

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
madge ^3.8.0 -> ^4.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Release Notes

pahen/madge

v4.0.1

Compare Source

5 March 2021

  • Fix potential command injection vulnerability da5cbc9

v4.0.0

Compare Source

5 January 2021

  • Upgrade dependencies & raise minimum Node.js version #269
  • Upgrade core dependencies fe8a186
  • Upgrade commander to version 6 5ca410c
  • Require Node.js 10.13 eee3dc0
v3.12.0

2 November 2020

  • Remove pify again #264
  • Update ora to version 5 #262
  • Replace pify with util.promisify #263
  • Update README e4be868
  • Bump dependency-tree to 7.2.2 0eaccb7
v3.11.0

1 October 2020

  • Add support for combining --circular and --dot d2ce3f7
v3.10.0

14 September 2020

  • Add support for combining --image and --circular 7a4bd3b
v3.9.2

16 June 2020

v3.9.1

8 June 2020

  • chore: significant speedup by skipping filing-cabinet ts-config parsing #237
  • Clarification for mixed projects (with JS and TS) #246
v3.9.0

7 May 2020

  • Remove info about Patreon and Open Collective a57eeff
  • Update list of backers 545be08
  • Update dependencies ffa4fdd
v3.8.0

9 March 2020

  • Add leaves option to show modules that do not have dependencies 97ed27f
  • Update README 9c1f7d2
  • Updated list of donations 899f15f
v3.7.0

30 January 2020

v3.6.0

11 November 2019

  • Add test for TypeScript with mixed import syntax 50c1c10
  • Update deps f1125d0
v3.5.1

7 November 2019

  • Add funding to package.json 8ee9126
v3.5.0

28 October 2019

  • Add an .svg public method to the API #171
  • Respect graphVizOptions in DOT output 4edf82a
  • Added credits to README 9287c3c
  • Add .svg() in API to export the svg as a Buffer d01f6f3
v3.4.4

12 February 2019

  • [Fixes #​203] Exclude test folder from npm registry #205
  • Merge pull request #​205 from SethDavenport/chore(exclude-test-folder-from-npm) #203
  • Add NPM releasing from Travis 97f060b
  • Exclude test folder from npm registry 41f94f2
v3.4.3

17 January 2019

  • Add link to my Patreon page in README 9ee722a
  • Add info about --orphans to CLI docs 925c57e
  • Bump dependency-tree c2ce2ac
v3.4.2

10 January 2019

  • Eslint should not be a dev dependency 3165988
v3.4.1

10 January 2019

  • Update eslint (peer dependency for typescript-eslint-parser) 2e6643a
v3.4.0

7 January 2019

  • Support .tsx files and specifying a tsconfig #193
  • README: improve instructions related to Graphviz #183
v3.3.0

31 October 2018

  • Update dependencies & test on Node.js 10 #176
  • Add --no-spinner option b1ad3eb
  • Update dependencies 9b1293e
  • Update dev dependencies 2260b61
v3.2.0

26 June 2018

  • Plot nodes as boxes #165
  • Document new graph settings c6e742f
  • aesthetic changes: plot rounded boxes, prefer left to right. 7a7ed8c
  • fix incorrect hex. 5 -> 6 digits. e8e330c
v3.1.1

24 May 2018

v3.1.0

22 May 2018

  • Bind all dependencies to latest version #161
  • Update ora to version 2 #155
  • Remove mz as a production dependency. Instead use pify for promisifying. #154
  • Remove package-lock.json 8fd1859
  • Bind all dependencies to latest version, It fixes security issue in rc => deep-extend library. And added .idea project files to gitignore 147d431
  • Use caret ranges for all dependencies b0e334a
v3.0.1

5 February 2018

  • Fix broken link #149
  • Update deps 3ba103c
  • Fix issue with short CLI options not working properly f73704d

v3.12.0

Compare Source

2 November 2020

  • Remove pify again #264
  • Update ora to version 5 #262
  • Replace pify with util.promisify #263
  • Update README e4be868
  • Bump dependency-tree to 7.2.2 0eaccb7

v3.11.0

Compare Source

1 October 2020

  • Add support for combining --circular and --dot d2ce3f7

v3.10.0

Compare Source

14 September 2020

  • Add support for combining --image and --circular 7a4bd3b

v3.9.2

Compare Source

16 June 2020

v3.9.1

Compare Source

8 June 2020

  • chore: significant speedup by skipping filing-cabinet ts-config parsing #237
  • Clarification for mixed projects (with JS and TS) #246

v3.9.0

Compare Source

7 May 2020

  • Remove info about Patreon and Open Collective a57eeff
  • Update list of backers 545be08
  • Update dependencies ffa4fdd

Configuration

📅 Schedule: Branch creation - "" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Apr 26 '21 15:04 renovate[bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate[bot] avatar Mar 24 '23 20:03 renovate[bot]