chirrapp

chirrapp copied to clipboard

Bumps [moment](https://github.com/moment/moment) from 2.18.1 to 2.29.4. Changelog Sourced from moment's changelog. 2.29.4 Release Jul 6, 2022 #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex 2.29.3 Full changelog Release Apr 17, 2022...

dependabot[bot]

Bumps [got](https://github.com/sindresorhus/got) from 7.1.0 to 11.8.5. Release notes Sourced from got's releases. v11.8.5 Backport security fix https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc CVE-2022-33987 https://github.com/sindresorhus/got/compare/v11.8.4...v11.8.5 v11.8.3 Bump cacheable-request dependency (#1921) 9463bb6 Fix HTTPError missing .code property...

dependabot[bot]

Bumps [ejs](https://github.com/mde/ejs) from 2.5.7 to 3.1.7. Release notes Sourced from ejs's releases. v3.1.7 Version 3.1.7 v3.1.6 Version 3.1.6 v3.1.5 Version 3.1.5 v3.0.2 No release notes provided. v2.7.4 Bug fixes Fixed...

dependabot[bot]

Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.1 to 0.1.4. Changelog Sourced from websocket-extensions's changelog. 0.1.4 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin) Change license from...

dependabot[bot]

Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords...

dependabot[bot]

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.5.10 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...

dependabot[bot]

Bumps [i](https://github.com/pksunkara/inflect) from 0.3.6 to 0.3.7. Commits 71961bd Version bump v0.3.7 a9a0a8e Fix CVE-2021-3820 c025e15 Fix formatting dace42b Move away from travis 22fa473 Merge pull request #30 from pksunkara/dependabot/add-v2-config-file e84c23a...

dependabot[bot]

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.5 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [tar](https://github.com/npm/node-tar) from 2.2.1 to 2.2.2. Commits 523c5c7 2.2.2 7ecef07 Bump fstream to fix hardlink overwriting vulnerability 9fc84b9 Use {} for hardlink tracking instead of [] 15e59f1 Only track previously...

dependabot[bot]

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]