tendrils

tendrils copied to clipboard

Bumps [tar](https://github.com/npm/node-tar) from 2.2.1 to 2.2.2. Commits 523c5c7 2.2.2 7ecef07 Bump fstream to fix hardlink overwriting vulnerability 9fc84b9 Use {} for hardlink tracking instead of [] 15e59f1 Only track previously...

dependabot[bot]

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.6.0 to 2.8.9. Changelog Sourced from hosted-git-info's changelog. 2.8.9 (2021-04-07) Bug Fixes backport regex fix from #76 (29adfe5), closes #84 2.8.8 (2020-02-29) Bug Fixes #61 & #65...

dependabot[bot]

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.5 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]

Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. Commits See full diff in compare view Maintainer changes This version was pushed to npm by oss-bot, a new releaser for y18n since your...

dependabot[bot]

Bumps [ini](https://github.com/isaacs/ini) from 1.3.4 to 1.3.7. Commits c74c8af 1.3.7 024b8b5 update deps, add linting 032fbaf Use Object.create(null) to avoid default object property hazards 2da9039 1.3.6 cfea636 better git push script,...

dependabot[bot]

Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. Changelog Sourced from websocket-extensions's changelog. 0.1.4 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin) Change license from...

dependabot[bot]

Bumps [eslint](https://github.com/eslint/eslint) from 3.19.0 to 4.18.2. Release notes *Sourced from [eslint's releases](https://github.com/eslint/eslint/releases).* > ## v4.18.2 > * 6b71fd0 Fix: [email protected], because 4.0.3 needs "ajv": "^6.0.1" ([#10022](https://github-redirect.dependabot.com/eslint/eslint/issues/10022)) (Mathieu Seiler) > *...

dependabot[bot]

Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2. Commits - [`754f0c2`](https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9) 1.3.2 - [`90ee1fa`](https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50) ensure keys are valid when mixing in values - See full diff in [compare view](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2) Maintainer changes This...

dependabot[bot]

Bumps [stringstream](https://github.com/mhart/StringStream) from 0.0.5 to 0.0.6. Commits - [`fee31c5`](https://github.com/mhart/StringStream/commit/fee31c5c4a5efc7c7cc2fde4aee633dedefd6d67) 0.0.6 - [`2f4a9d4`](https://github.com/mhart/StringStream/commit/2f4a9d496f94b0880e01a26857aa266a5a3ef274) Merge pull request [#9](https://github-redirect.dependabot.com/mhart/StringStream/issues/9) from mhart/fix-buffer-constructor-vuln - [`afbc744`](https://github.com/mhart/StringStream/commit/afbc7442220358419e330618e47f3a65fc265b1b) Ensure data is not a number in Buffer constructor -...

dependabot[bot]