vanilla-js-accordion
vanilla-js-accordion copied to clipboard
Bump minimatch, gulp and bower
Bumps minimatch to 3.0.4 and updates ancestor dependencies minimatch, gulp and bower. These dependencies need to be updated together.
Updates minimatch
from 0.2.14 to 3.0.4
Commits
e46989a
v3.0.4ddfacbd
update brace-expansion55ed736
update package scripts and depseed8949
v3.0.3ecabc57
Do not throw on unfinished !( extglob patterns81edb7c
v3.0.26944abf
Handle extremely long and terrible patterns more gracefully8ac560e
v3.0.14f3a8bc
update tap9cf2d88
Remove mentions of cache from readme- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by isaacs, a new releaser for minimatch since your current version.
Updates gulp
from 3.9.1 to 4.0.2
Release notes
Sourced from gulp's releases.
v4.0.2
Fix
- Bind src/dest/symlink to the gulp instance to support esm exports (5667666) - Ref standard-things/esm#797
Docs
- Add notes about esm support (4091bd3) - Closes #2278
- Fix the Negative Globs section & examples (3c66d95) - Closes #2297
- Remove next tag from recipes (1693a11) - Closes #2277
- Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
- Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
- Fix typo in Explaining Globs (5d81f42) - Closes #2326
Build
- Add node 12 to Travis & Azure (b4b5a68)
v4.0.1
Fix
- Temporary workaround for facebook/Docusaurus#257 (9f4a2e9) - Closes facebook/Docusaurus#257
Docs
- Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
- Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
- Improve recipe for empty glob array (45830cf) - Closes #2122
- Reword standard to default (b065a13)
- Fix recipe typo (86acdea) - Closes #2156
- Add front-matter to each file (d693e49) - Closes #2109
- Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
- Add "Creating Tasks" documentation (21b6962)
- Add "JavaScript and Gulpfiles" documentation (31adf07)
- Add "Working with Files" documentation (50fafc6)
- Add "Async Completion" documentation (ad8b568)
- Add "Explaining Globs" documentation (f8cafa0)
- Add "Using Plugins" documentation (233c3f9)
- Add "Watching Files" documentation (f3f2d9f)
- Add Table of Contents to "Getting Started" directory (a43caf2)
- Improve & fix parts of Getting Started (84b0234)
- Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
- Redirect users to new Getting Started guides (53e9727)
- Temporarily reference gulp@next in Quick Start (2cecf1e)
- Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
- Use h2 headers within Quick Start documentation (921312c) - Closes #2241
- Fix for nested directories references (4c2b9a7)
- Add some more cleanup for Docusaurus (6a8fd8f)
- Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
- API documentation improvements based on feedback (0a68710)
... (truncated)
Changelog
Sourced from gulp's changelog.
gulp changelog
4.0.0
Task system changes
- replaced 3.x task system (orchestrator) with new task system (bach)
- removed gulp.reset
- removed 3 argument syntax for
gulp.task
gulp.task
should only be used when you will call the task with the CLI- added
gulp.series
andgulp.parallel
methods for composing tasks. Everything must use these now.- added single argument syntax for
gulp.task
which allows a named function to be used as the name of the task and task function.- added
gulp.tree
method for retrieving the task tree. Pass{ deep: true }
for anarchy
compatible node list.- added
gulp.registry
for setting custom registries.CLI changes
- split CLI out into a module if you want to save bandwidth/disk space. you can install the gulp CLI using either
npm install gulp -g
ornpm install gulp-cli -g
, where gulp-cli is the smaller one (no module code included)- add
--tasks-json
flag to CLI to dump the whole tree out for other tools to consume- added
--verify
flag to check the dependencies in package.json against the plugin blacklist.vinyl/vinyl-fs changes
- added
gulp.symlink
which functions exactly likegulp.dest
, but symlinks instead.- added
dirMode
param togulp.dest
andgulp.symlink
which allows better control over the mode of the destination folder that is created.- globs passed to
gulp.src
will be evaluated in order, which means this is possiblegulp.src(['*.js', '!b*.js', 'bad.js'])
(exclude every JS file that starts with a b except bad.js)- performance for gulp.src has improved massively
gulp.src(['**/*', '!b.js'])
will no longer eat CPU since negations happen during walking now- added
since
option togulp.src
which lets you only match files that have been modified since a certain date (for incremental builds)- fixed
gulp.src
not following symlinks- added
overwrite
option togulp.dest
which allows you to enable or disable overwriting of existing files
Commits
069350a
Release: 4.0.2b4b5a68
Build: Add node 12 to Travis & Azure5667666
Fix: Bind src/dest/symlink to the gulp instance to support esm exports (ref s...4091bd3
Docs: Add notes about esm support (closes #2278)3c66d95
Docs: Fix the Negative Globs section & examples (closes #2297)1693a11
Docs: Remove next tag from recipes (closes #2277)d916276
Docs: Add default task wrappers to Watching Files examples to make runnable (...ea52a92
Docs: Fix syntax error in lastRun API docs (closes #2315)5d81f42
Docs: Fix typo in Explaining Globs (#2326)ea3bba4
Release: 4.0.1- Additional commits viewable in compare view
Updates bower
from 1.3.12 to 1.8.8
Release notes
Sourced from bower's releases.
v1.8.8
Fix security issue connected to extracting .tar.gz archives
This bug allows to write arbitrary file on filesystem when Bower extracts malicious package
Needlessly to say, please upgrade
v1.8.7
Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders
v1.8.6
Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability
Note: v1.8.5 has been unpublished because of missing files
v1.8.4
- Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include
lib/node_modules
)v1.8.3
- 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
- 50ee729 Allow to disable shorthand resolver (#2507)
- bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
- 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
- 74af42c Only replace last
@
after (if any) last/
with#
(#2395)- 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
- 💅Format source code with prettier
v1.8.2
Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io
It is so we leverage CDN and offload Heroku instance reducing costs.
v1.8.0
- Download tar archives from GitHub when possible (#2263)
- Change default shorthand resolver for github from
git://
tohttps://
- Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
- Allow for removing components with url instead of name (#2368)
- Show in warning message location of malformed bower.json (#2357)
- Improve handling of non-semver versions in git resolver (#2316)
- Fix handling of cached releases pluginResolverFactory (#2356)
- Allow to type the entire version when conflict occured (#2243)
- Allow
owner/reponame
shorthand for registering components (#2248)- Allow single-char repo names and package names (#2249)
- Make
bower version
no longer honorversion
in bower.json (#2232)- Add
postinstall
hook (#2252)- Allow for
@
instead of#
forinstall
andinfo
commands (#2322)- Upgrade all bundled modules
... (truncated)
Changelog
Sourced from bower's changelog.
Changelog
Newer releases
Please see: https://github.com/bower/bower/releases
1.8.0 - 2016-11-07
- Download tar archives from GitHub when possible (#2263)
- Change default shorthand resolver for github from
git://
tohttps://
- Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
- Allow for removing components with url instead of name (#2368)
- Show in warning message location of malformed bower.json (#2357)
- Improve handling of non-semver versions in git resolver (#2316)
- Fix handling of cached releases pluginResolverFactory (#2356)
- Allow to type the entire version when conflict occured (#2243)
- Allow
owner/reponame
shorthand for registering components (#2248)- Allow single-char repo names and package names (#2249)
- Make
bower version
no longer honorversion
in bower.json (#2232)- Add
postinstall
hook (#2252)- Allow for
@
instead of#
forinstall
andinfo
commands (#2322)- Upgrade all bundled modules
1.7.9 - 2016-04-05
- Show warnings for invalid bower.json fields
- Update bower-json
- Less strict validation on package name (allow spaces, slashes, and "@")
1.7.8 - 2016-04-04
- Don't ask for git credentials in non-interactive session, fixes #956 #1009
- Prevent swallowing exceptions with programmatic api, fixes #2187
- Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
- Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
- Upgrade handlebars to 4.0.5, closes #2195
- Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
- Update opn package to fix issues with "bower open" command on Windows
- Update bower-config
- Do not interpolate environment variables in script hooks, fixes bower/config#47
- Update bower-json
- Validate package name more strictly and allow only latin letters, dots, dashes and underscores
- Add support for "save" and "save-exact" in .bowerrc, #2161
1.7.7 - 2016-01-27
Revert locations of all files while still packaging
node_modules
.It's because people are depending on internals of bower, like
bower/lib/renderers/StandardRenderer
. We want to preserve this
... (truncated)
Commits
67741b4
Bump to 1.8.845c6bfa
Fix .tar.gz extract vulnerability4f68fc7
Update decompress-zip and bump206046b
Bump to 1.8.643894f5
Bump to 1.8.56390815
Update decompress-zipe8b94ec
Mention parcel51feb8f
Fix release script1c15dea
Bump to 1.8.42aa1f27
Update publish script- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.