react-native-looped-carousel icon indicating copy to clipboard operation
react-native-looped-carousel copied to clipboard

Published 20 hours ago verified publisher icon phil-r

[Security] Bump diff from 3.2.0 to 3.5.0

Open dependabot-preview[bot] opened this issue 4 years ago • 0 comments

Bumps diff from 3.2.0 to 3.5.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service (ReDoS) A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Affected versions: < 3.5.0

Changelog

Sourced from diff's changelog.

v3.5.0 - March 4th, 2018

  • Omit redundant slice in join method of diffArrays - 1023590
  • Support patches with empty lines - fb0f208
  • Accept a custom JSON replacer function for JSON diffing - 69c7f0a
  • Optimize parch header parser - 2aec429
  • Fix typos - e89c832

Commits

v3.4.0 - October 7th, 2017

  • #183 - Feature request: ability to specify a custom equality checker for diffArrays
  • #173 - Bug: diffArrays gives wrong result on array of booleans
  • #158 - diffArrays will not compare the empty string in array?
  • comparator for custom equality checks - 30e141e
  • count oldLines and newLines when there are conflicts - 53bf384
  • Fix: diffArrays can compare falsey items - 9e24284
  • Docs: Replace grunt with npm test - 00e2f94

Commits

v3.3.1 - September 3rd, 2017

  • #141 - Cannot apply patch because my file delimiter is "/r/n" instead of "/n"
  • #192 - Fix: Bad merge when adding new files (#189)
  • correct spelling mistake - 21fa478

Commits

v3.3.0 - July 5th, 2017

  • #114 - /patch/merge not exported
  • Gracefully accept invalid newStart in hunks, same as patch(1) does. - d8a3635
  • Use regex rather than starts/ends with for parsePatch - 6cab62c
  • Add browser flag - e64f674
  • refactor: simplified code a bit more - 8f8e0f2
  • refactor: simplified code a bit - b094a6f
  • fix: some corrections re ignoreCase option - 3c78fd0
  • ignoreCase option - 3cbfbb5
  • Sanitize filename while parsing patches - 2fe8129
  • Added better installation methods - aced50b
  • Simple export of functionality - 8690f31

Commits

Commits
  • e9ab948 v3.5.0
  • b73884c Update release notes
  • 8953021 Update release notes
  • 1023590 Omit redundant slice in join method of diffArrays
  • c72ef4a Add missing test coverage
  • b9ef24f Support patches with empty lines
  • 10aaabb Support patches with empty lines
  • 196d3aa Support patches with empty lines
  • e24d789 Support patches with empty lines
  • 8616a02 Support patches with empty lines
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

dependabot-preview[bot] avatar Feb 24 '21 19:02 dependabot-preview[bot]