nforce-metadata

nforce-metadata copied to clipboard

Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. Changelog Sourced from qs's changelog. 6.5.3 [Fix] parse: ignore __proto__ keys (#428) [Fix] utils.merge: avoid a crash with a null target and a truthy...

dependabot[bot]

Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. Release notes Sourced from decode-uri-component's releases. v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode...

dependabot[bot]

Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.2 and updates ancestor dependencies [minimatch](https://github.com/isaacs/minimatch), [archiver](https://github.com/archiverjs/node-archiver), [gulp](https://github.com/gulpjs/gulp), [gulp-jshint](https://github.com/spalger/gulp-jshint) and [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `minimatch` from 0.2.14 to 3.1.2 Commits 699c459 3.1.2...

dependabot[bot]

Removes [xmldom](https://github.com/xmldom/xmldom). It's no longer used after updating ancestor dependency [xml-crypto](https://github.com/yaronn/xml-crypto). These dependencies need to be updated together. Removes `xmldom` Updates `xml-crypto` from 1.4.0 to 1.5.6 Release notes Sourced from...

dependabot[bot]

Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.0 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords...

dependabot[bot]


haribaskarvr

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [lodash](https://github.com/lodash/lodash) from 2.4.2 to 4.17.21. Release notes Sourced from lodash's releases. 4.0.0 lodash v4.0.0 2015 was big year! Lodash became the most depended on npm package, passed 1 billion...

dependabot[bot]

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. Commits c74c8af 1.3.7 024b8b5 update deps, add linting 032fbaf Use Object.create(null) to avoid default object property hazards 2da9039 1.3.6 cfea636 better git push script,...

dependabot[bot]

Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. Changelog Sourced from websocket-extensions's changelog. 0.1.4 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin) Change license from...

dependabot[bot]