neh issues

[Security] Bump color-string from 1.5.3 to 1.6.0

1

Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.6.0. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDOS) A Regular Expression...

dependabot-preview[bot]

dependencies

security

Bump @prettier/plugin-pug from 1.13.3 to 1.16.1

1

Bumps [@prettier/plugin-pug](https://github.com/prettier/plugin-pug) from 1.13.3 to 1.16.1. Release notes Sourced from @prettier/plugin-pug's releases. 1.16.1 Changelog 1.16.1 1.16.1-0 (beta) Changelog 1.16.1-0 (beta) 1.16.0 Changelog 1.16.0 1.16.0-1 (beta) Changelog 1.16.0-1 (beta) 1.16.0-0 (beta)...

dependabot-preview[bot]

dependencies

[Security] Bump urijs from 1.19.5 to 1.19.7

1

Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.5 to 1.19.7. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Hostname spoofing via backslashes in URL Impact If using...

dependabot-preview[bot]

dependencies

security

[Security] Bump ws from 7.3.1 to 7.5.3

1

Bumps [ws](https://github.com/websockets/ws) from 7.3.1 to 7.5.3. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. ReDoS in Sec-Websocket-Protocol header Impact A specially crafted value of...

dependabot-preview[bot]

dependencies

security

Bump typescript from 4.1.5 to 4.3.5

1

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 4.1.5 to 4.3.5. Release notes Sourced from typescript's releases. TypeScript 4.3.5 This release contains a bug fix for auto-imports on JSX components in the TypeScript language service....

dependabot-preview[bot]

dependencies

Upgrade to GitHub-native Dependabot

2

_Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then._ Dependabot has...

dependabot-preview[bot]

dependencies

[Security] Bump browserslist from 4.14.0 to 4.16.6

1

Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.14.0 to 4.16.6. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in browserslist The package...

dependabot-preview[bot]

dependencies

security

[Security] Bump hosted-git-info from 2.8.8 to 2.8.9

1

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in hosted-git-info The npm...

dependabot-preview[bot]

dependencies

security

[Security] Bump lodash from 4.17.20 to 4.17.21

1

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Command Injection in lodash lodash versions prior to 4.17.21...

dependabot-preview[bot]

dependencies

security

[Security] Bump url-parse from 1.4.7 to 1.5.1

2

Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.1. Commits eb6d9f5 [dist] 1.5.1 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201) 3ac7774 [test] Make test consistent for browser testing 267a0c6 [dist] 1.5.0...

dependabot-preview[bot]

dependencies

security

neh
neh copied to clipboard

Metadata

[Security] Bump color-string from 1.5.3 to 1.6.0

Bump @prettier/plugin-pug from 1.13.3 to 1.16.1

[Security] Bump urijs from 1.19.5 to 1.19.7

[Security] Bump ws from 7.3.1 to 7.5.3

Bump typescript from 4.1.5 to 4.3.5

Upgrade to GitHub-native Dependabot

[Security] Bump browserslist from 4.14.0 to 4.16.6

[Security] Bump hosted-git-info from 2.8.8 to 2.8.9

[Security] Bump lodash from 4.17.20 to 4.17.21

[Security] Bump url-parse from 1.4.7 to 1.5.1

← Metadata

Owner

Metadata

neh neh copied to clipboard

Metadata

← Metadata

Owner

Metadata

neh
neh copied to clipboard