LilyWhiteBot
LilyWhiteBot copied to clipboard
fossifer
QQ-Telegram-IRC三群互聯機器人
Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) from 0.4.23 to 0.5.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. Changelog Sourced from qs's changelog. 6.5.3 [Fix] parse: ignore __proto__ keys (#428) [Fix] utils.merge`: avoid a crash with a null target and a truthy...
Bumps [file-type](https://github.com/sindresorhus/file-type) from 16.5.3 to 16.5.4. Release notes Sourced from file-type's releases. v16.5.4 Fix: Malformed MKV could cause an infinite loop https://github.com/sindresorhus/file-type/commit/d86835680f4cccbee1a60628783c36700ec9e254 CVE-2022-36313 Also fixed in 17.1.3 Commits 99cb019 17.1.2...
Bumps [sharp](https://github.com/lovell/sharp) from 0.25.4 to 0.30.5. Changelog Sourced from sharp's changelog. v0.30.5 - 23rd May 2022 Install: pass PKG_CONFIG_PATH via env rather than substitution. @dwisiswant0 Add support for --libc flag...
Bumps [jpeg-js](https://github.com/eugeneware/jpeg-js) from 0.4.3 to 0.4.4. Release notes Sourced from jpeg-js's releases. v0.4.4 v0.4.4 (2022-06-07) feat: add comment tag encoding (#87) (13e1ffa), closes #87 fix: validate sampling factors (#106) (9ccd35f),...
fix: YAMLException: bad indentation of a mapping entry at line 81, column 6.
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. Release notes Sourced from node-fetch's releases. v2.6.7 Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th...
Bumps [simple-get](https://github.com/feross/simple-get) from 3.1.0 to 3.1.1. Commits 496166d 3.1.1 6eb82c0 Bug fix: Thirdparty cookie leak See full diff in compare view Maintainer changes This version was pushed to npm by...
Bumps [async](https://github.com/caolan/async) from 3.2.0 to 3.2.3. Changelog Sourced from async's changelog. v3.2.3 Fix bugs in comment parsing in autoInject. (#1767, #1780) v3.2.2 Fix potential prototype pollution exploit v3.2.1 Use queueMicrotask...
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...