jianshu

jianshu copied to clipboard

Bumps [trim-off-newlines](https://github.com/stevemao/trim-off-newlines) from 1.0.1 to 1.0.3. Commits c3b28d3 1.0.3 6226c95 Merge pull request #4 from Trott/fix-it-again c77691d fix: remediate ReDOS further 76ca93c chore: pin mocha to version that works with...

dependabot[bot]

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.3.4. Changelog Sourced from nanoid's changelog. 3.3.4 Fixed --help in CLI (by @​Lete114). 3.3.3 Reduced size (by Anton Khlynovskiy). 3.3.2 Fixed enhanced-resolve support. 3.3.1 Reduced...

dependabot[bot]

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. Release notes Sourced from node-fetch's releases. v2.6.7 Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th...

dependabot[bot]

Bumps [ejs](https://github.com/mde/ejs) from 3.1.6 to 3.1.8. Release notes Sourced from ejs's releases. v3.1.8 Version 3.1.8 v3.1.7 Version 3.1.7 Commits 5126ff5 Version 3.1.8 7d5a1c6 Merge branch 'main' of github.com:mde/ejs into main...

dependabot[bot]

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...

dependabot[bot]

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.1 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...

dependabot[bot]

Update https://registry.npm.taobao.org to https://registry.npmmirror.com, For more info please refer to https://zhuanlan.zhihu.com/p/430580607. This is an automated PR by @npmmirror (Which is a bot maintained by 8d6e8cefe5a7e3202364ec2c48db03fcc544218cf70100bf65d2ed2df5cc83da).

npmmirror

Bumps [tar](https://github.com/npm/node-tar) from 6.1.0 to 6.1.11. Commits e573aee 6.1.11 edb8e9a fix: perf regression on hot string munging path a9d9b05 chore(test): Avoid spurious failures packing node_modules/.cache 24b8bda fix(test): use posix path...

dependabot[bot]

Bumps [validator](https://github.com/validatorjs/validator.js) from 13.6.0 to 13.7.0. Release notes Sourced from validator's releases. 13.7.0 13.7.0 New Features #1706 isISO4217, currency code validator @​jpaya17 Fixes and Enhancements #1647 isFQDN: add allow_wildcard option...

dependabot[bot]

Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]