php-reflection
php-reflection copied to clipboard
[Security] Bump grunt from 1.0.4 to 1.4.0
Bumps grunt from 1.0.4 to 1.4.0.
Release notes
Sourced from grunt's releases.
v1.4.0
- Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
- Update changelog and util dep 106ed17
- Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
- Update CLI and nodeunit 47cf8b6
- Merge pull request #1722 from gruntjs/update-through e86db1c
- Update deps 4952368
https://github.com/gruntjs/grunt/compare/v1.3.0...v1.4.0
v1.3.0
- Merge pull request #1720 from gruntjs/update-changelog-deps faab6be
- Update Changelog and legacy-util dependency 520fedb
- Merge pull request #1719 from gruntjs/yaml-refactor 7e669ac
- Switch to use
safeLoad
for loading YML files viafile.readYAML
. e350cea- Merge pull request #1718 from gruntjs/legacy-log-bumo 7125f49
- Bump legacy-log 00d5907
https://github.com/gruntjs/grunt/compare/v1.2.1...v1.3.0
v1.2.1
- Changelog update ae11839
- Merge pull request #1715 from sibiraj-s/remove-path-is-absolute 9d23cb6
- Remove path-is-absolute dependency e789b1f
https://github.com/gruntjs/grunt/compare/v1.2.0...v1.2.1
v1.2.0
- Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677)
- Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency. This is considerably more user-friendly than dropping the require entirely, but doing so is feasible with the latest grunt-cli as users may simply use grunt --require coffeescript/register. (PR: gruntjs/grunt#1675)
- Exposes Grunt Option keys for ease of use. (PR: gruntjs/grunt#1570)
- Avoiding infinite loop on very long command names. (PR: gruntjs/grunt#1697)
v1.1.0
- Update to mkdirp ~1.0.3
- Only support versions of Node >= 8
Changelog
Sourced from grunt's changelog.
v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies v1.3.0 date: 2020-08-18 changes: - Switch to use
safeLoad
for loading YML files viafile.readYAML
. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency. This is considerably more user-friendly than dropping the require entirely, but doing so is feasible with the latest grunt-cli as users may simply use grunt --require coffeescript/register. (PR: gruntjs/grunt#1675) - Exposes Grunt Option keys for ease of use. (PR: gruntjs/grunt#1570) - Avoiding infinite loop on very long command names. (PR: gruntjs/grunt#1697) v1.1.0 date: 2020-03-16 changes: - Update to mkdirp ~1.0.3 - Only support versions of Node >= 8
Commits
63b2e89
Merge pull request #1728 from gruntjs/update-deps-changelog106ed17
Update changelog and util dep49de70b
Merge pull request #1727 from gruntjs/update-deps-apr47cf8b6
Update CLI and nodeunite86db1c
Merge pull request #1722 from gruntjs/update-through4952368
Update deps6f49017
1.3.0faab6be
Merge pull request #1720 from gruntjs/update-changelog-deps520fedb
Update Changelog and legacy-util dependency7e669ac
Merge pull request #1719 from gruntjs/yaml-refactor- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language -
@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot dashboard:
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)