`<https://github.com/Disfactory/DisfactoryMonthlyReport/commit/6645b44bbc836adbc0a9a37b43c069e6d0c33653|6645b44b>` - chore: autopublish 2023-03-01T01:15:57Z
`<https://github.com/Disfactory/DisfactoryMonthlyReport/commit/6645b44bbc836adbc0a9a37b43c069e6d0c33653|6645b44b>` - chore: autopublish 2023-03-01T01:15:57Z
`<https://github.com/Disfactory/DisfactoryMonthlyReport/commit/6645b44bbc836adbc0a9a37b43c069e6d0c33653|6645b44b>` - chore: autopublish 2023-03-01T01:15:57Z
`<https://github.com/Disfactory/about.disfactory.tw/commit/3305979bc863bc673e743582c08eb7754bbe92c8|3305979b>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/3305979bc863bc673e743582c08eb7754bbe92c8|3305979b>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/f3b0d7cc0ecef96111550d1e2633d440e01eacc8|f3b0d7cc>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/f3b0d7cc0ecef96111550d1e2633d440e01eacc8|f3b0d7cc>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/TaiwanLegislatorData/commit/3d50f8b87550d821f36cfb61bdfe80dcf7cb7fcb|3d50f8b8>` - Fix parser and ignore outgoing `<https://github.com/Disfactory/TaiwanLegislatorData/commit/292722f2b65a5241e7a2e7b5c3bc9ec984a0b745|292722f2>` - Migrate to pnpm
`<https://github.com/Disfactory/TaiwanLegislatorData/commit/3d50f8b87550d821f36cfb61bdfe80dcf7cb7fcb|3d50f8b8>` - Fix parser and ignore outgoing `<https://github.com/Disfactory/TaiwanLegislatorData/commit/292722f2b65a5241e7a2e7b5c3bc9ec984a0b745|292722f2>` - Migrate to pnpm
`<https://github.com/Disfactory/findTaiwanLegislator/commit/4cce8c9d17b54fb1911c2da032086f1e1121ed09|4cce8c9d>` - Migrate to pnpm `<https://github.com/Disfactory/findTaiwanLegislator/commit/0503434265e4220394ec056d02babd00c188d16e|05034342>` - Migrate to vitest `<https://github.com/Disfactory/findTaiwanLegislator/commit/65dd43d70adbaeccc5944ea2cefc007867a6e4ba|65dd43d7>` - Upgrade deps `<https://github.com/Disfactory/findTaiwanLegislator/commit/05871d2c8dcaf43214c469f29c870431f015a16b|05871d2c>` - Update data
`<https://github.com/Disfactory/findTaiwanLegislator/commit/4cce8c9d17b54fb1911c2da032086f1e1121ed09|4cce8c9d>` - Migrate to pnpm `<https://github.com/Disfactory/findTaiwanLegislator/commit/0503434265e4220394ec056d02babd00c188d16e|05034342>` - Migrate to vitest `<https://github.com/Disfactory/findTaiwanLegislator/commit/65dd43d70adbaeccc5944ea2cefc007867a6e4ba|65dd43d7>` - Upgrade deps `<https://github.com/Disfactory/findTaiwanLegislator/commit/05871d2c8dcaf43214c469f29c870431f015a16b|05871d2c>` - Update data
`<https://github.com/Disfactory/findTaiwanLegislator/commit/54d7908709cf4baebc57da4b083a3f0f6b937901|54d79087>` - Fix CI
`<https://github.com/Disfactory/findTaiwanLegislator/commit/54d7908709cf4baebc57da4b083a3f0f6b937901|54d79087>` - Fix CI
`<https://github.com/Disfactory/findTaiwanLegislator/commit/006491d70a2e17dda22eea28feff2865841e70ee|006491d7>` - Fix docker build
`<https://github.com/Disfactory/findTaiwanLegislator/commit/006491d70a2e17dda22eea28feff2865841e70ee|006491d7>` - Fix docker build
<https://github.com/Disfactory/findTaiwanLegislator/issues/2|#2 Re-elected legislator>
「陳柏惟」該改成「林靜儀」了XD
<https://github.com/Disfactory/findTaiwanLegislator/issues/2|#2 Re-elected legislator>
「陳柏惟」該改成「林靜儀」了XD
`<https://github.com/Disfactory/about.disfactory.tw/commit/34473c7df5ea98a3c2a8d0b8710d94630e36b731|34473c7d>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/34473c7df5ea98a3c2a8d0b8710d94630e36b731|34473c7d>` - feat: update the OG images & og-imgs-cache.json
Bumps <https://github.com/minimistjs/minimist|minimist> from 1.2.5 to 1.2.8. Changelog _Sourced from <https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md|minimist's changelog>._ > *<https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8|v1.2.8> - 2023-02-09* > *Merged* > > • [Fix] Fix long option followed by single dash <https://github-redirect.dependabot.com/minimistjs/minimist/pull/17|`[#17](https://github.com/minimistjs/minimist/issues/17)`> > • [Tests] Remove duplicate test <https://github-redirect.dependabot.com/minimistjs/minimist/pull/12|`[#12](https://github.com/minimistjs/minimist/issues/12)`> > • [Fix] opt.string works with multiple aliases <https://github-redirect.dependabot.com/minimistjs/minimist/pull/10|`[#10](https://github.com/minimistjs/minimist/issues/10)`> > > *Fixed* > > • [Fix] Fix long option followed by single dash (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/17|#17>) <https://github-redirect.dependabot.com/minimistjs/minimist/issues/15|`[#15](https://github.com/minimistjs/minimist/issues/15)`> > • [Tests] Remove duplicate test (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/12|#12>) <https://github-redirect.dependabot.com/minimistjs/minimist/issues/8|`[#8](https://github.com/minimistjs/minimist/issues/8)`> > • [Fix] Fix long option followed by single dash <https://github-redirect.dependabot.com/minimistjs/minimist/issues/15|`[#15](https://github.com/minimistjs/minimist/issues/15)`> > • [Fix] opt.string works with multiple aliases (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/10|#10>) <https://github-redirect.dependabot.com/minimistjs/minimist/issues/9|`[#9](https://github.com/minimistjs/minimist/issues/9)`> > • [Fix] Fix handling of short option with non-trivial equals <https://github-redirect.dependabot.com/minimistjs/minimist/issues/5|`[#5](https://github.com/minimistjs/minimist/issues/5)`> > • [Tests] Remove duplicate test <https://github-redirect.dependabot.com/minimistjs/minimist/issues/8|`[#8](https://github.com/minimistjs/minimist/issues/8)`> > • [Fix] opt.string works with multiple aliases <https://github-redirect.dependabot.com/minimistjs/minimist/issues/9|`[#9](https://github.com/minimistjs/minimist/issues/9)`> > > *Commits* > > • Merge tag 'v0.2.3' <https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da|`a026794`> > • [eslint] fix indentation and whitespace <https://github.com/minimistjs/minimist/commit/5368ca4147e974138a54cc0dc4cea8f756546b70|`5368ca4`> > • [eslint] fix indentation and whitespace <https://github.com/minimistjs/minimist/commit/e5f5067259ceeaf0b098d14bec910f87e58708c7|`e5f5067`> > • [eslint] more cleanup <https://github.com/minimistjs/minimist/commit/62fde7d935f83417fb046741531a9e2346a36976|`62fde7d`> > • [eslint] more cleanup <https://github.com/minimistjs/minimist/commit/36ac5d0d95e4947d074e5737d94814034ca335d1|`36ac5d0`> > • [meta] add `auto-changelog` <https://github.com/minimistjs/minimist/commit/73923d223553fca08b1ba77e3fbc2a492862ae4c|`73923d2`> > • [actions] add reusable workflows <https://github.com/minimistjs/minimist/commit/d80727df77bfa9e631044d7f16368d8f09242c91|`d80727d`> > • [eslint] add eslint; rules to enable later are warnings <https://github.com/minimistjs/minimist/commit/48bc06a1b41f00e9cdf183db34f7a51ba70e98d4|`48bc06a`> > • [eslint] fix indentation <https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982|`34b0f1c`> > • [readme] rename and add badges <https://github.com/minimistjs/minimist/commit/5df0fe49211bd09a3636f8686a7cb3012c3e98f0|`5df0fe4`> > • [Dev Deps] switch from `covert` to `nyc` <https://github.com/minimistjs/minimist/commit/a48b128fdb8d427dfb20a15273f83e38d97bef07|`a48b128`> > • [Dev Deps] update `covert`, `tape`; remove unnecessary `tap` <https://github.com/minimistjs/minimist/commit/f0fb958e9a1fe980cdffc436a211b0bda58f621b|`f0fb958`> > • [meta] create FUNDING.yml; add `funding` in package.json <https://github.com/minimistjs/minimist/commit/3639e0c819359a366387e425ab6eabf4c78d3caa|`3639e0c`> > • [meta] use `npmignore` to autogenerate an npmignore file <https://github.com/minimistjs/minimist/commit/be2e038c342d8333b32f0fde67a0026b79c8150e|`be2e038`> > • Only apps should have lockfiles <https://github.com/minimistjs/minimist/commit/282b570e7489d01b03f2d6d3dabf79cd3e5f84cf|`282b570`> > • isConstructorOrProto adapted from PR <https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11|`ef9153f`> > • [Dev Deps] update `@ljharb/eslint-config`, `aud` <https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79|`098873c`> > • [Dev Deps] update `@ljharb/eslint-config`, `aud` <https://github.com/minimistjs/minimist/commit/3124ed3e46306301ebb3c834874ce0241555c2c4|`3124ed3`> > • [meta] add `safe-publish-latest` <https://github.com/minimistjs/minimist/commit/4b927de696d561c636b4f43bf49d4597cb36d6d6|`4b927de`> > • [Tests] add `aud` in `posttest` <https://github.com/minimistjs/minimist/commit/b32d9bd0ab340f4e9f8c3a97ff2a4424f25fab8c|`b32d9bd`> > • [meta] update repo URLs <https://github.com/minimistjs/minimist/commit/f9fdfc032c54884d9a9996a390c63cd0719bbe1a|`f9fdfc0`> > • [actions] Avoid 0.6 tests due to build failures <https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec|`ba92fe6`> > • [Dev Deps] update `tape` <https://github.com/minimistjs/minimist/commit/950eaa74f112e04d23e9c606c67472c46739b473|`950eaa7`> > • [Dev Deps] add missing `npmignore` dev dep <https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b|`3226afa`> > • Merge tag 'v0.2.2' <https://github.com/minimistjs/minimist/commit/980d7ac61a0b4bd552711251ac107d506b23e41f|`980d7ac`> > > *<https://github.com/minimistjs/minimist/compare/v1.2.6...v1.2.7|v1.2.7> - 2022-10-10* > *Commits* ... (truncated) Commits • <https://github.com/minimistjs/minimist/commit/6901ee286bc4c16da6830b48b46ce1574703cea1|`6901ee2`> v1.2.8 • <https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da|`a026794`> Merge tag 'v0.2.3' • <https://github.com/minimistjs/minimist/commit/c0b26618322e94adea26c68e613ef0be482c6c63|`c0b2661`> v0.2.3 • <https://github.com/minimistjs/minimist/commit/63b8fee87b8e7a003216d5d77ba5d6decf3cfb0d|`63b8fee`> [Fix] Fix long option followed by single dash (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/17|#17>) • <https://github.com/minimistjs/minimist/commit/72239e6f0ea77d8be0ad4f682b7ae7d142144395|`72239e6`> [Tests] Remove duplicate test (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/12|#12>) • <https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982|`34b0f1c`> [eslint] fix indentation • <https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b|`3226afa`> [Dev Deps] add missing `npmignore` dev dep • <https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79|`098873c`> [Dev Deps] update `@ljharb/eslint-config`, `aud` • <https://github.com/minimistjs/minimist/commit/9ec4d279ced72ea2f60237218e71cc03aa0dfdd6|`9ec4d27`> [Fix] Fix long option followed by single dash • <https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec|`ba92fe6`> [actions] Avoid 0.6 tests due to build failures • Additional commits viewable in <https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8|compare view> Maintainer changes This version was pushed to npm by <https://www.npmjs.com/~ljharb|ljharb>, a new releaser for minimist since your current version. <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve an…
Bumps <https://github.com/minimistjs/minimist|minimist> from 1.2.5 to 1.2.8. Changelog _Sourced from <https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md|minimist's changelog>._ > *<https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8|v1.2.8> - 2023-02-09* > *Merged* > > • [Fix] Fix long option followed by single dash <https://github-redirect.dependabot.com/minimistjs/minimist/pull/17|`[#17](https://github.com/minimistjs/minimist/issues/17)`> > • [Tests] Remove duplicate test <https://github-redirect.dependabot.com/minimistjs/minimist/pull/12|`[#12](https://github.com/minimistjs/minimist/issues/12)`> > • [Fix] opt.string works with multiple aliases <https://github-redirect.dependabot.com/minimistjs/minimist/pull/10|`[#10](https://github.com/minimistjs/minimist/issues/10)`> > > *Fixed* > > • [Fix] Fix long option followed by single dash (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/17|#17>) <https://github-redirect.dependabot.com/minimistjs/minimist/issues/15|`[#15](https://github.com/minimistjs/minimist/issues/15)`> > • [Tests] Remove duplicate test (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/12|#12>) <https://github-redirect.dependabot.com/minimistjs/minimist/issues/8|`[#8](https://github.com/minimistjs/minimist/issues/8)`> > • [Fix] Fix long option followed by single dash <https://github-redirect.dependabot.com/minimistjs/minimist/issues/15|`[#15](https://github.com/minimistjs/minimist/issues/15)`> > • [Fix] opt.string works with multiple aliases (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/10|#10>) <https://github-redirect.dependabot.com/minimistjs/minimist/issues/9|`[#9](https://github.com/minimistjs/minimist/issues/9)`> > • [Fix] Fix handling of short option with non-trivial equals <https://github-redirect.dependabot.com/minimistjs/minimist/issues/5|`[#5](https://github.com/minimistjs/minimist/issues/5)`> > • [Tests] Remove duplicate test <https://github-redirect.dependabot.com/minimistjs/minimist/issues/8|`[#8](https://github.com/minimistjs/minimist/issues/8)`> > • [Fix] opt.string works with multiple aliases <https://github-redirect.dependabot.com/minimistjs/minimist/issues/9|`[#9](https://github.com/minimistjs/minimist/issues/9)`> > > *Commits* > > • Merge tag 'v0.2.3' <https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da|`a026794`> > • [eslint] fix indentation and whitespace <https://github.com/minimistjs/minimist/commit/5368ca4147e974138a54cc0dc4cea8f756546b70|`5368ca4`> > • [eslint] fix indentation and whitespace <https://github.com/minimistjs/minimist/commit/e5f5067259ceeaf0b098d14bec910f87e58708c7|`e5f5067`> > • [eslint] more cleanup <https://github.com/minimistjs/minimist/commit/62fde7d935f83417fb046741531a9e2346a36976|`62fde7d`> > • [eslint] more cleanup <https://github.com/minimistjs/minimist/commit/36ac5d0d95e4947d074e5737d94814034ca335d1|`36ac5d0`> > • [meta] add `auto-changelog` <https://github.com/minimistjs/minimist/commit/73923d223553fca08b1ba77e3fbc2a492862ae4c|`73923d2`> > • [actions] add reusable workflows <https://github.com/minimistjs/minimist/commit/d80727df77bfa9e631044d7f16368d8f09242c91|`d80727d`> > • [eslint] add eslint; rules to enable later are warnings <https://github.com/minimistjs/minimist/commit/48bc06a1b41f00e9cdf183db34f7a51ba70e98d4|`48bc06a`> > • [eslint] fix indentation <https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982|`34b0f1c`> > • [readme] rename and add badges <https://github.com/minimistjs/minimist/commit/5df0fe49211bd09a3636f8686a7cb3012c3e98f0|`5df0fe4`> > • [Dev Deps] switch from `covert` to `nyc` <https://github.com/minimistjs/minimist/commit/a48b128fdb8d427dfb20a15273f83e38d97bef07|`a48b128`> > • [Dev Deps] update `covert`, `tape`; remove unnecessary `tap` <https://github.com/minimistjs/minimist/commit/f0fb958e9a1fe980cdffc436a211b0bda58f621b|`f0fb958`> > • [meta] create FUNDING.yml; add `funding` in package.json <https://github.com/minimistjs/minimist/commit/3639e0c819359a366387e425ab6eabf4c78d3caa|`3639e0c`> > • [meta] use `npmignore` to autogenerate an npmignore file <https://github.com/minimistjs/minimist/commit/be2e038c342d8333b32f0fde67a0026b79c8150e|`be2e038`> > • Only apps should have lockfiles <https://github.com/minimistjs/minimist/commit/282b570e7489d01b03f2d6d3dabf79cd3e5f84cf|`282b570`> > • isConstructorOrProto adapted from PR <https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11|`ef9153f`> > • [Dev Deps] update `@ljharb/eslint-config`, `aud` <https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79|`098873c`> > • [Dev Deps] update `@ljharb/eslint-config`, `aud` <https://github.com/minimistjs/minimist/commit/3124ed3e46306301ebb3c834874ce0241555c2c4|`3124ed3`> > • [meta] add `safe-publish-latest` <https://github.com/minimistjs/minimist/commit/4b927de696d561c636b4f43bf49d4597cb36d6d6|`4b927de`> > • [Tests] add `aud` in `posttest` <https://github.com/minimistjs/minimist/commit/b32d9bd0ab340f4e9f8c3a97ff2a4424f25fab8c|`b32d9bd`> > • [meta] update repo URLs <https://github.com/minimistjs/minimist/commit/f9fdfc032c54884d9a9996a390c63cd0719bbe1a|`f9fdfc0`> > • [actions] Avoid 0.6 tests due to build failures <https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec|`ba92fe6`> > • [Dev Deps] update `tape` <https://github.com/minimistjs/minimist/commit/950eaa74f112e04d23e9c606c67472c46739b473|`950eaa7`> > • [Dev Deps] add missing `npmignore` dev dep <https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b|`3226afa`> > • Merge tag 'v0.2.2' <https://github.com/minimistjs/minimist/commit/980d7ac61a0b4bd552711251ac107d506b23e41f|`980d7ac`> > > *<https://github.com/minimistjs/minimist/compare/v1.2.6...v1.2.7|v1.2.7> - 2022-10-10* > *Commits* ... (truncated) Commits • <https://github.com/minimistjs/minimist/commit/6901ee286bc4c16da6830b48b46ce1574703cea1|`6901ee2`> v1.2.8 • <https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da|`a026794`> Merge tag 'v0.2.3' • <https://github.com/minimistjs/minimist/commit/c0b26618322e94adea26c68e613ef0be482c6c63|`c0b2661`> v0.2.3 • <https://github.com/minimistjs/minimist/commit/63b8fee87b8e7a003216d5d77ba5d6decf3cfb0d|`63b8fee`> [Fix] Fix long option followed by single dash (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/17|#17>) • <https://github.com/minimistjs/minimist/commit/72239e6f0ea77d8be0ad4f682b7ae7d142144395|`72239e6`> [Tests] Remove duplicate test (<https://github-redirect.dependabot.com/minimistjs/minimist/issues/12|#12>) • <https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982|`34b0f1c`> [eslint] fix indentation • <https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b|`3226afa`> [Dev Deps] add missing `npmignore` dev dep • <https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79|`098873c`> [Dev Deps] update `@ljharb/eslint-config`, `aud` • <https://github.com/minimistjs/minimist/commit/9ec4d279ced72ea2f60237218e71cc03aa0dfdd6|`9ec4d27`> [Fix] Fix long option followed by single dash • <https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec|`ba92fe6`> [actions] Avoid 0.6 tests due to build failures • Additional commits viewable in <https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8|compare view> Maintainer changes This version was pushed to npm by <https://www.npmjs.com/~ljharb|ljharb>, a new releaser for minimist since your current version. <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve an…
Bumps <https://github.com/substack/minimist|minimist> from 1.2.5 to 1.2.6. Commits • <https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846|`7efb22a`> 1.2.6 • <https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2|`ef88b93`> security notice for additional prototype pollution issue • <https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d|`c2b9819`> isConstructorOrProto adapted from PR • <https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb|`bc8ecee`> test from prototype pollution PR • See full diff in <https://github.com/substack/minimist/compare/1.2.5...1.2.6|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/substack/minimist|minimist> from 1.2.5 to 1.2.6. Commits • <https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846|`7efb22a`> 1.2.6 • <https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2|`ef88b93`> security notice for additional prototype pollution issue • <https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d|`c2b9819`> isConstructorOrProto adapted from PR • <https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb|`bc8ecee`> test from prototype pollution PR • See full diff in <https://github.com/substack/minimist/compare/1.2.5...1.2.6|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
`<https://github.com/Disfactory/about.disfactory.tw/commit/2a67c42b5914a8203a14b1c9e53e22306aaff2dd|2a67c42b>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/2a67c42b5914a8203a14b1c9e53e22306aaff2dd|2a67c42b>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/b928bd49b1c6eb466dc476c0f6e93ba7f32f9ceb|b928bd49>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/b928bd49b1c6eb466dc476c0f6e93ba7f32f9ceb|b928bd49>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/cbe2dd1c41162acb0af735191ca98b0b4a8ce96a|cbe2dd1c>` - Run yarn upgrade to fix error on yarn dev `<https://github.com/Disfactory/about.disfactory.tw/commit/ce2df3c26cadf3b201593a30174cdc45bbd59bfb|ce2df3c2>` - Unverified: some simple copy changes `<https://github.com/Disfactory/about.disfactory.tw/commit/0783d243e9fac16edbc977f5516d4aead1b75909|0783d243>` - run prettier `<https://github.com/Disfactory/about.disfactory.tw/commit/47b4768351ec52f3b66befd6ca68027c0b50388b|47b47683>` - Add linting instructions `<https://github.com/Disfactory/about.disfactory.tw/commit/2d66b80a3af90a665a15ada3fc30ac6b6ff5708a|2d66b80a>` - Merge pull request #101 from Disfactory/caleb/suggestions
`<https://github.com/Disfactory/about.disfactory.tw/commit/cbe2dd1c41162acb0af735191ca98b0b4a8ce96a|cbe2dd1c>` - Run yarn upgrade to fix error on yarn dev `<https://github.com/Disfactory/about.disfactory.tw/commit/ce2df3c26cadf3b201593a30174cdc45bbd59bfb|ce2df3c2>` - Unverified: some simple copy changes `<https://github.com/Disfactory/about.disfactory.tw/commit/0783d243e9fac16edbc977f5516d4aead1b75909|0783d243>` - run prettier `<https://github.com/Disfactory/about.disfactory.tw/commit/47b4768351ec52f3b66befd6ca68027c0b50388b|47b47683>` - Add linting instructions `<https://github.com/Disfactory/about.disfactory.tw/commit/2d66b80a3af90a665a15ada3fc30ac6b6ff5708a|2d66b80a>` - Merge pull request #101 from Disfactory/caleb/suggestions
Bumps <https://github.com/lodash/lodash|lodash> from 4.17.20 to 4.17.21. Commits • <https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538|`f299b52`> Bump to v4.17.21 • <https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a|`c4847eb`> Improve performance of `toNumber`, `trim` and `trimEnd` on large input strings • <https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c|`3469357`> Prevent command injection through `_.template`'s `variable` option • See full diff in <https://github.com/lodash/lodash/compare/4.17.20...4.17.21|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/lodash/lodash|lodash> from 4.17.20 to 4.17.21. Commits • <https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538|`f299b52`> Bump to v4.17.21 • <https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a|`c4847eb`> Improve performance of `toNumber`, `trim` and `trimEnd` on large input strings • <https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c|`3469357`> Prevent command injection through `_.template`'s `variable` option • See full diff in <https://github.com/lodash/lodash/compare/4.17.20...4.17.21|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/browserslist/browserslist|browserslist> from 4.16.1 to 4.16.6. Changelog _Sourced from <https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md|browserslist's changelog>._ > *4.16.6* > > • Fixed `npm-shrinkwrap.json` support in `--update-db` (by Geoff Newman). > > *4.16.5* > > • Fixed unsafe RegExp (by Yeting Li). > > *4.16.4* > > • Fixed unsafe RegExp. > • Added artifactory support to `--update-db` (by Ittai Baratz). > > *4.16.3* > > • Fixed `--update-db`. > > *4.16.2* > > • Fixed `--update-db` (by <https://github.com/ialarmedalien|`@ialarmedalien`>). Commits • <https://github.com/browserslist/browserslist/commit/6fe3614db05b40f9dc1c63588a83d2ada05bae75|`6fe3614`> Release 4.16.6 version • <https://github.com/browserslist/browserslist/commit/33ebac933839847a62ede680273449f6cdca1e18|`33ebac9`> Update dependencies • <https://github.com/browserslist/browserslist/commit/2128170f231a6c9f462276006e09f302d811df31|`2128170`> Add support for npm-shrinkwrap files alongside package-lock (<https://github-redirect.dependabot.com/browserslist/browserslist/issues/595|#595>) • <https://github.com/browserslist/browserslist/commit/7cc2aedd0047d800d44aa0259c02b6db1414105c|`7cc2aed`> Release 4.16.5 version • <https://github.com/browserslist/browserslist/commit/27e4afdc68798ca93f8c01c5ea6208b4b361a704|`27e4afd`> Update dependencies • <https://github.com/browserslist/browserslist/commit/1013a1847931a209c34a704aebc85a8c091286e7|`1013a18`> Fix version RegExp • <https://github.com/browserslist/browserslist/commit/b879a1a304def2563f42cc3d3f5711e760662be3|`b879a1a`> Use Node.js 16 on CI • <https://github.com/browserslist/browserslist/commit/bd1e9e01c95cad24be706fb11be7d151cd99ed0a|`bd1e9e0`> Fix ReDoS (<https://github-redirect.dependabot.com/browserslist/browserslist/issues/593|#593>) • <https://github.com/browserslist/browserslist/commit/209adf9e0051fa39a2b25354cffd493300f34b02|`209adf9`> Release 4.16.4 version • <https://github.com/browserslist/browserslist/commit/3e2ae3b52daf7f5203247fd4f583b3bda66ea57d|`3e2ae3b`> Fix types • Additional commits viewable in <https://github.com/browserslist/browserslist/compare/4.16.1...4.16.6|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/browserslist/browserslist|browserslist> from 4.16.1 to 4.16.6. Changelog _Sourced from <https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md|browserslist's changelog>._ > *4.16.6* > > • Fixed `npm-shrinkwrap.json` support in `--update-db` (by Geoff Newman). > > *4.16.5* > > • Fixed unsafe RegExp (by Yeting Li). > > *4.16.4* > > • Fixed unsafe RegExp. > • Added artifactory support to `--update-db` (by Ittai Baratz). > > *4.16.3* > > • Fixed `--update-db`. > > *4.16.2* > > • Fixed `--update-db` (by <https://github.com/ialarmedalien|`@ialarmedalien`>). Commits • <https://github.com/browserslist/browserslist/commit/6fe3614db05b40f9dc1c63588a83d2ada05bae75|`6fe3614`> Release 4.16.6 version • <https://github.com/browserslist/browserslist/commit/33ebac933839847a62ede680273449f6cdca1e18|`33ebac9`> Update dependencies • <https://github.com/browserslist/browserslist/commit/2128170f231a6c9f462276006e09f302d811df31|`2128170`> Add support for npm-shrinkwrap files alongside package-lock (<https://github-redirect.dependabot.com/browserslist/browserslist/issues/595|#595>) • <https://github.com/browserslist/browserslist/commit/7cc2aedd0047d800d44aa0259c02b6db1414105c|`7cc2aed`> Release 4.16.5 version • <https://github.com/browserslist/browserslist/commit/27e4afdc68798ca93f8c01c5ea6208b4b361a704|`27e4afd`> Update dependencies • <https://github.com/browserslist/browserslist/commit/1013a1847931a209c34a704aebc85a8c091286e7|`1013a18`> Fix version RegExp • <https://github.com/browserslist/browserslist/commit/b879a1a304def2563f42cc3d3f5711e760662be3|`b879a1a`> Use Node.js 16 on CI • <https://github.com/browserslist/browserslist/commit/bd1e9e01c95cad24be706fb11be7d151cd99ed0a|`bd1e9e0`> Fix ReDoS (<https://github-redirect.dependabot.com/browserslist/browserslist/issues/593|#593>) • <https://github.com/browserslist/browserslist/commit/209adf9e0051fa39a2b25354cffd493300f34b02|`209adf9`> Release 4.16.4 version • <https://github.com/browserslist/browserslist/commit/3e2ae3b52daf7f5203247fd4f583b3bda66ea57d|`3e2ae3b`> Fix types • Additional commits viewable in <https://github.com/browserslist/browserslist/compare/4.16.1...4.16.6|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/indutny/elliptic|elliptic> from 6.5.3 to 6.5.4. Commits • <https://github.com/indutny/elliptic/commit/43ac7f230069bd1575e1e4a58394a512303ba803|`43ac7f2`> 6.5.4 • <https://github.com/indutny/elliptic/commit/f4bc72be11b0a508fb790f445c43534307c9255b|`f4bc72b`> package: bump deps • <https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f|`441b742`> ec: validate that a point before deriving keys • <https://github.com/indutny/elliptic/commit/e71b2d9359c5fe9437fbf46f1f05096de447de57|`e71b2d9`> lib: relint using eslint • <https://github.com/indutny/elliptic/commit/8421a01aa3ff789c79f91eaf8845558a7be2b9fa|`8421a01`> build(deps): bump elliptic from 6.4.1 to 6.5.3 (<https://github-redirect.dependabot.com/indutny/elliptic/issues/231|#231>) • See full diff in <https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/indutny/elliptic|elliptic> from 6.5.3 to 6.5.4. Commits • <https://github.com/indutny/elliptic/commit/43ac7f230069bd1575e1e4a58394a512303ba803|`43ac7f2`> 6.5.4 • <https://github.com/indutny/elliptic/commit/f4bc72be11b0a508fb790f445c43534307c9255b|`f4bc72b`> package: bump deps • <https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f|`441b742`> ec: validate that a point before deriving keys • <https://github.com/indutny/elliptic/commit/e71b2d9359c5fe9437fbf46f1f05096de447de57|`e71b2d9`> lib: relint using eslint • <https://github.com/indutny/elliptic/commit/8421a01aa3ff789c79f91eaf8845558a7be2b9fa|`8421a01`> build(deps): bump elliptic from 6.4.1 to 6.5.3 (<https://github-redirect.dependabot.com/indutny/elliptic/issues/231|#231>) • See full diff in <https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/websockets/ws|ws> from 6.2.1 to 6.2.2. Commits • See full diff in <https://github.com/websockets/ws/commits|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/websockets/ws|ws> from 6.2.1 to 6.2.2. Commits • See full diff in <https://github.com/websockets/ws/commits|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/postcss/postcss|postcss> from 7.0.35 to 7.0.36. Release notes _Sourced from <https://github.com/postcss/postcss/releases|postcss's releases>._ > *7.0.36* > > • Backport ReDoS vulnerabilities from PostCSS 8. Changelog _Sourced from <https://github.com/postcss/postcss/blob/main/CHANGELOG.md|postcss's changelog>._ > *7.0.36* > > • Backport ReDoS vulnerabilities from PostCSS 8. Commits • <https://github.com/postcss/postcss/commit/67e3d7b3402c5d3d036ab7c1e781f86910d6ca72|`67e3d7b`> Release 7.0.36 version • <https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734|`54cbf3c`> Backport ReDoS vulnerabilities from PostCSS 8 • See full diff in <https://github.com/postcss/postcss/compare/7.0.35...7.0.36|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/postcss/postcss|postcss> from 7.0.35 to 7.0.36. Release notes _Sourced from <https://github.com/postcss/postcss/releases|postcss's releases>._ > *7.0.36* > > • Backport ReDoS vulnerabilities from PostCSS 8. Changelog _Sourced from <https://github.com/postcss/postcss/blob/main/CHANGELOG.md|postcss's changelog>._ > *7.0.36* > > • Backport ReDoS vulnerabilities from PostCSS 8. Commits • <https://github.com/postcss/postcss/commit/67e3d7b3402c5d3d036ab7c1e781f86910d6ca72|`67e3d7b`> Release 7.0.36 version • <https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734|`54cbf3c`> Backport ReDoS vulnerabilities from PostCSS 8 • See full diff in <https://github.com/postcss/postcss/compare/7.0.35...7.0.36|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/Qix-/color-string|color-string> from 1.5.4 to 1.6.0. Release notes _Sourced from <https://github.com/Qix-/color-string/releases|color-string's releases>._ > *1.6.0* > *Minor release 1.6.0* > > • <https://github.com/Qix-/color-string/issues/55|#55> - Add support for space-separated HSL > > Thanks <https://github.com/htunnicliff|`@htunnicliff`> for the contribution :) > > *1.5.5 (Patch/Security Release) - hwb() ReDos patch (low-severity)* > > > Release notes copied verbatim from the commit message, which can be found here: 0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 > > ``` > Discovered by Yeting Li, c/o Colin Ife via <http://Snyk.io|Snyk.io>. > A ReDos (Regular Expression Denial of Service) vulnerability > was responsibly disclosed to me via email by Colin on > Mar 5 2021 regarding an exponential time complexity for > linearly increasing input lengths for hwb() color strings. > Strings reaching more than 5000 characters would see several > milliseconds of processing time; strings reaching more than > 50,000 characters began seeing 1500ms (1.5s) of processing time. > The cause was due to a the regular expression that parses > hwb() strings - specifically, the hue value - where > the integer portion of the hue value used a 0-or-more quantifier > shortly thereafter followed by a 1-or-more quantifier. > This caused excessive backtracking and a cartesian scan, > resulting in exponential time complexity given a linear > increase in input length. > Thank you Yeting Li and Colin Ife for bringing this to my > attention in a secure, responsible and professional manner. > ``` Commits • <https://github.com/Qix-/color-string/commit/1a68f9e91266f504e33441fcab59af22fcb1358d|`1a68f9e`> 1.6.0 • <https://github.com/Qix-/color-string/commit/2b6f59cfa64288b6c1028e666d1ea8b6a4b0132e|`2b6f59c`> Add additional HSL examples to README • <https://github.com/Qix-/color-string/commit/6f73e205202c95ba7e6fd5afdffedd4552579a38|`6f73e20`> Update HSL regular expression • <https://github.com/Qix-/color-string/commit/02645465a23f5bcfb35bd44e29667397a4595ec2|`0264546`> Add tests for space-separated HSL syntax • <https://github.com/Qix-/color-string/commit/966ae4d80fc8f237674d099ce6214a9fb6a816bb|`966ae4d`> 1.5.5 • <https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3|`0789e21`> fix ReDos in hwb() parser (low-severity) • See full diff in <https://github.com/Qix-/color-string/compare/1.5.4...1.6.0|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/Qix-/color-string|color-string> from 1.5.4 to 1.6.0. Release notes _Sourced from <https://github.com/Qix-/color-string/releases|color-string's releases>._ > *1.6.0* > *Minor release 1.6.0* > > • <https://github.com/Qix-/color-string/issues/55|#55> - Add support for space-separated HSL > > Thanks <https://github.com/htunnicliff|`@htunnicliff`> for the contribution :) > > *1.5.5 (Patch/Security Release) - hwb() ReDos patch (low-severity)* > > > Release notes copied verbatim from the commit message, which can be found here: 0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 > > ``` > Discovered by Yeting Li, c/o Colin Ife via <http://Snyk.io|Snyk.io>. > A ReDos (Regular Expression Denial of Service) vulnerability > was responsibly disclosed to me via email by Colin on > Mar 5 2021 regarding an exponential time complexity for > linearly increasing input lengths for hwb() color strings. > Strings reaching more than 5000 characters would see several > milliseconds of processing time; strings reaching more than > 50,000 characters began seeing 1500ms (1.5s) of processing time. > The cause was due to a the regular expression that parses > hwb() strings - specifically, the hue value - where > the integer portion of the hue value used a 0-or-more quantifier > shortly thereafter followed by a 1-or-more quantifier. > This caused excessive backtracking and a cartesian scan, > resulting in exponential time complexity given a linear > increase in input length. > Thank you Yeting Li and Colin Ife for bringing this to my > attention in a secure, responsible and professional manner. > ``` Commits • <https://github.com/Qix-/color-string/commit/1a68f9e91266f504e33441fcab59af22fcb1358d|`1a68f9e`> 1.6.0 • <https://github.com/Qix-/color-string/commit/2b6f59cfa64288b6c1028e666d1ea8b6a4b0132e|`2b6f59c`> Add additional HSL examples to README • <https://github.com/Qix-/color-string/commit/6f73e205202c95ba7e6fd5afdffedd4552579a38|`6f73e20`> Update HSL regular expression • <https://github.com/Qix-/color-string/commit/02645465a23f5bcfb35bd44e29667397a4595ec2|`0264546`> Add tests for space-separated HSL syntax • <https://github.com/Qix-/color-string/commit/966ae4d80fc8f237674d099ce6214a9fb6a816bb|`966ae4d`> 1.5.5 • <https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3|`0789e21`> fix ReDos in hwb() parser (low-severity) • See full diff in <https://github.com/Qix-/color-string/compare/1.5.4...1.6.0|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/npm/node-tar|tar> from 4.4.13 to 4.4.19. Commits • <https://github.com/npm/node-tar/commit/9a6faa017ca90538840f3ae2ccdb4550ac3f4dcf|`9a6faa0`> 4.4.19 • <https://github.com/npm/node-tar/commit/70ef812593184cc54ea1bc74c5dae2d22995002d|`70ef812`> drop dirCache for symlink on all platforms • <https://github.com/npm/node-tar/commit/3e35515c09da615ac268254bed85fe43ee71e2f0|`3e35515`> 4.4.18 • <https://github.com/npm/node-tar/commit/52b09e309bcae0c741a7eb79a17ef36e7828b946|`52b09e3`> fix: prevent path escape using drive-relative paths • <https://github.com/npm/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e|`bb93ba2`> fix: reserve paths properly for unicode, windows • <https://github.com/npm/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a|`2f1bca0`> fix: prune dirCache properly for unicode, windows • <https://github.com/npm/node-tar/commit/9bf70a8cf725c3af5fe2270f1e5d2e06d1559b93|`9bf70a8`> 4.4.17 • <https://github.com/npm/node-tar/commit/6aafff0a8621ba9509b63654bde28762be373d58|`6aafff0`> fix: skip extract if linkpath is stripped entirely • <https://github.com/npm/node-tar/commit/5c5059a69c2aaaedfe4e9766e102ae9fb79e8255|`5c5059a`> fix: reserve paths case-insensitively • <https://github.com/npm/node-tar/commit/fd6accba697070560f301604b8f5f7e2995a2a8b|`fd6accb`> 4.4.16 • Additional commits viewable in <https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/npm/node-tar|tar> from 4.4.13 to 4.4.19. Commits • <https://github.com/npm/node-tar/commit/9a6faa017ca90538840f3ae2ccdb4550ac3f4dcf|`9a6faa0`> 4.4.19 • <https://github.com/npm/node-tar/commit/70ef812593184cc54ea1bc74c5dae2d22995002d|`70ef812`> drop dirCache for symlink on all platforms • <https://github.com/npm/node-tar/commit/3e35515c09da615ac268254bed85fe43ee71e2f0|`3e35515`> 4.4.18 • <https://github.com/npm/node-tar/commit/52b09e309bcae0c741a7eb79a17ef36e7828b946|`52b09e3`> fix: prevent path escape using drive-relative paths • <https://github.com/npm/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e|`bb93ba2`> fix: reserve paths properly for unicode, windows • <https://github.com/npm/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a|`2f1bca0`> fix: prune dirCache properly for unicode, windows • <https://github.com/npm/node-tar/commit/9bf70a8cf725c3af5fe2270f1e5d2e06d1559b93|`9bf70a8`> 4.4.17 • <https://github.com/npm/node-tar/commit/6aafff0a8621ba9509b63654bde28762be373d58|`6aafff0`> fix: skip extract if linkpath is stripped entirely • <https://github.com/npm/node-tar/commit/5c5059a69c2aaaedfe4e9766e102ae9fb79e8255|`5c5059a`> fix: reserve paths case-insensitively • <https://github.com/npm/node-tar/commit/fd6accba697070560f301604b8f5f7e2995a2a8b|`fd6accb`> 4.4.16 • Additional commits viewable in <https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/jbgutierrez/path-parse|path-parse> from 1.0.6 to 1.0.7. Commits • See full diff in <https://github.com/jbgutierrez/path-parse/commits/v1.0.7|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/jbgutierrez/path-parse|path-parse> from 1.0.6 to 1.0.7. Commits • See full diff in <https://github.com/jbgutierrez/path-parse/commits/v1.0.7|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/ai/nanoid|nanoid> from 3.1.20 to 3.2.0. Changelog _Sourced from <https://github.com/ai/nanoid/blob/main/CHANGELOG.md|nanoid's changelog>._ > *Change Log* > > This project adheres to <http://semver.org/|Semantic Versioning>. > > *3.2* > > • Added `--size` and `--alphabet` arguments to binary (by Vitaly Baev). > > *3.1.32* > > • Reduced `async` exports size (by Artyom Arutyunyan). > • Moved from Jest to uvu (by Vitaly Baev). > > *3.1.31* > > • Fixed collision vulnerability on object in `size` (by Artyom Arutyunyan). > > *3.1.30* > > • Reduced size for project with `brotli` compression (by Anton Khlynovskiy). > > *3.1.29* > > • Reduced npm package size. > > *3.1.28* > > • Reduced npm package size. > > *3.1.27* > > • Cleaned `dependencies` from development tools. > > *3.1.26* > > • Improved performance (by Eitan Har-Shoshanim). > • Reduced npm package size. > > *3.1.25* > > • Fixed `browserify` support. > > *3.1.24* > > • Fixed `browserify` support (by Artur Paikin). > > *3.1.23* > > • Fixed `esbuild` support. > > *3.1.22* > > • Added `default` and `browser.default` to `package.exports`. > > *3.1.21* > > • Reduced npm package size. Commits • <https://github.com/ai/nanoid/commit/23b136929a6d58f32e31b269534a3ce3f680a086|`23b1369`> Release 3.2 version • <https://github.com/ai/nanoid/commit/967788efce880960512f969a56f8f22f3fc20bae|`967788e`> Remove TS test tools • <https://github.com/ai/nanoid/commit/27eaa90cd207a7782bbcf17343092ae87dd62164|`27eaa90`> Simplify new binary tool • <https://github.com/ai/nanoid/commit/a9d91239931dc77506381874826d297aee71d6ef|`a9d9123`> Update dependencies • <https://github.com/ai/nanoid/commit/32b9bdaab1fbc28576b17de8516164ce0360f292|`32b9bda`> Allows passing size or custom alphabet via cli as args (<https://github-redirect.dependabot.com/ai/nanoid/issues/334|#334>) • <https://github.com/ai/nanoid/commit/246d5f87b6b34e23b5e401bdf3da1f80c810ac4c|`246d5f8`> Update vite • <https://github.com/ai/nanoid/commit/afdf9c92b41427f35476fbe14b5af5d73dd7fbdb|`afdf9c9`> doc: Fixed Typo (<https://github-redirect.dependabot.com/ai/nanoid/issues/335|#335>) • <https://github.com/ai/nanoid/commit/90a446fef3ecaac78e5af2ea01025c4f40182e2b|`90a446f`> Update benchmark results • <https://github.com/ai/nanoid/commit/8ba2319b579895cc1f9060b9946a44852f97c509|`8ba2319`> bench: add `@napi-rs/uuid` v4 (<https://github-redirect.dependabot.com/ai/nanoid/issues/333|#333>) • <https://github.com/ai/nanoid/commit/f4257780ece488734a65c176e80c2fd8ab6aab8e|`f425778`> Release 3.1.32 version • Additional commits viewable in <https://github.com/ai/nanoid/compare/3.1.20...3.2.0|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/ai/nanoid|nanoid> from 3.1.20 to 3.2.0. Changelog _Sourced from <https://github.com/ai/nanoid/blob/main/CHANGELOG.md|nanoid's changelog>._ > *Change Log* > > This project adheres to <http://semver.org/|Semantic Versioning>. > > *3.2* > > • Added `--size` and `--alphabet` arguments to binary (by Vitaly Baev). > > *3.1.32* > > • Reduced `async` exports size (by Artyom Arutyunyan). > • Moved from Jest to uvu (by Vitaly Baev). > > *3.1.31* > > • Fixed collision vulnerability on object in `size` (by Artyom Arutyunyan). > > *3.1.30* > > • Reduced size for project with `brotli` compression (by Anton Khlynovskiy). > > *3.1.29* > > • Reduced npm package size. > > *3.1.28* > > • Reduced npm package size. > > *3.1.27* > > • Cleaned `dependencies` from development tools. > > *3.1.26* > > • Improved performance (by Eitan Har-Shoshanim). > • Reduced npm package size. > > *3.1.25* > > • Fixed `browserify` support. > > *3.1.24* > > • Fixed `browserify` support (by Artur Paikin). > > *3.1.23* > > • Fixed `esbuild` support. > > *3.1.22* > > • Added `default` and `browser.default` to `package.exports`. > > *3.1.21* > > • Reduced npm package size. Commits • <https://github.com/ai/nanoid/commit/23b136929a6d58f32e31b269534a3ce3f680a086|`23b1369`> Release 3.2 version • <https://github.com/ai/nanoid/commit/967788efce880960512f969a56f8f22f3fc20bae|`967788e`> Remove TS test tools • <https://github.com/ai/nanoid/commit/27eaa90cd207a7782bbcf17343092ae87dd62164|`27eaa90`> Simplify new binary tool • <https://github.com/ai/nanoid/commit/a9d91239931dc77506381874826d297aee71d6ef|`a9d9123`> Update dependencies • <https://github.com/ai/nanoid/commit/32b9bdaab1fbc28576b17de8516164ce0360f292|`32b9bda`> Allows passing size or custom alphabet via cli as args (<https://github-redirect.dependabot.com/ai/nanoid/issues/334|#334>) • <https://github.com/ai/nanoid/commit/246d5f87b6b34e23b5e401bdf3da1f80c810ac4c|`246d5f8`> Update vite • <https://github.com/ai/nanoid/commit/afdf9c92b41427f35476fbe14b5af5d73dd7fbdb|`afdf9c9`> doc: Fixed Typo (<https://github-redirect.dependabot.com/ai/nanoid/issues/335|#335>) • <https://github.com/ai/nanoid/commit/90a446fef3ecaac78e5af2ea01025c4f40182e2b|`90a446f`> Update benchmark results • <https://github.com/ai/nanoid/commit/8ba2319b579895cc1f9060b9946a44852f97c509|`8ba2319`> bench: add `@napi-rs/uuid` v4 (<https://github-redirect.dependabot.com/ai/nanoid/issues/333|#333>) • <https://github.com/ai/nanoid/commit/f4257780ece488734a65c176e80c2fd8ab6aab8e|`f425778`> Release 3.1.32 version • Additional commits viewable in <https://github.com/ai/nanoid/compare/3.1.20...3.2.0|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/follow-redirects/follow-redirects|follow-redirects> from 1.13.2 to 1.14.8. Commits • <https://github.com/follow-redirects/follow-redirects/commit/3d81dc3237b4ffe8b722bb3d1c70a7866657166e|`3d81dc3`> Release version 1.14.8 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445|`62e546a`> Drop confidential headers across schemes. • <https://github.com/follow-redirects/follow-redirects/commit/2ede36d7c60d3acdcd324dcd99a9dbd52e4fb3a6|`2ede36d`> Release version 1.14.7 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22|`8b347cb`> Drop Cookie header across domains. • <https://github.com/follow-redirects/follow-redirects/commit/6f5029ae1a0fdab4dc25f6379a5ee303c2319070|`6f5029a`> Release version 1.14.6 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/af706bee57de954414c0bde0a9f33e62beea3e52|`af706be`> Ignore null headers. • <https://github.com/follow-redirects/follow-redirects/commit/d01ab7a5c5df3617c7a40a03de7af6427fdfac55|`d01ab7a`> Release version 1.14.5 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/40052ea8aa13559becee5795715c1d45b1f0eb76|`40052ea`> Make compatible with Node 17. • <https://github.com/follow-redirects/follow-redirects/commit/86f7572f9365dadc39f85916259b58973819617f|`86f7572`> Fix: clear internal timer on request abort to avoid leakage • <https://github.com/follow-redirects/follow-redirects/commit/2e1eaf0218c5315a2ab27f53964d0535d4dafb51|`2e1eaf0`> Keep Authorization header on subdomain redirects. • Additional commits viewable in <https://github.com/follow-redirects/follow-redirects/compare/v1.13.2...v1.14.8|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/follow-redirects/follow-redirects|follow-redirects> from 1.13.2 to 1.14.8. Commits • <https://github.com/follow-redirects/follow-redirects/commit/3d81dc3237b4ffe8b722bb3d1c70a7866657166e|`3d81dc3`> Release version 1.14.8 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445|`62e546a`> Drop confidential headers across schemes. • <https://github.com/follow-redirects/follow-redirects/commit/2ede36d7c60d3acdcd324dcd99a9dbd52e4fb3a6|`2ede36d`> Release version 1.14.7 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22|`8b347cb`> Drop Cookie header across domains. • <https://github.com/follow-redirects/follow-redirects/commit/6f5029ae1a0fdab4dc25f6379a5ee303c2319070|`6f5029a`> Release version 1.14.6 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/af706bee57de954414c0bde0a9f33e62beea3e52|`af706be`> Ignore null headers. • <https://github.com/follow-redirects/follow-redirects/commit/d01ab7a5c5df3617c7a40a03de7af6427fdfac55|`d01ab7a`> Release version 1.14.5 of the npm package. • <https://github.com/follow-redirects/follow-redirects/commit/40052ea8aa13559becee5795715c1d45b1f0eb76|`40052ea`> Make compatible with Node 17. • <https://github.com/follow-redirects/follow-redirects/commit/86f7572f9365dadc39f85916259b58973819617f|`86f7572`> Fix: clear internal timer on request abort to avoid leakage • <https://github.com/follow-redirects/follow-redirects/commit/2e1eaf0218c5315a2ab27f53964d0535d4dafb51|`2e1eaf0`> Keep Authorization header on subdomain redirects. • Additional commits viewable in <https://github.com/follow-redirects/follow-redirects/compare/v1.13.2...v1.14.8|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/caolan/async|async> from 3.2.0 to 3.2.4. Changelog _Sourced from <https://github.com/caolan/async/blob/master/CHANGELOG.md|async's changelog>._ > *v3.2.4* > > • Fix a bug in `priorityQueue` where it didn't wait for the result. (<https://github-redirect.dependabot.com/caolan/async/issues/1725|#1725>) > • Fix a bug where `unshiftAsync` was included in `priorityQueue`. (<https://github-redirect.dependabot.com/caolan/async/issues/1790|#1790>) > > *v3.2.3* > > • Fix bugs in comment parsing in `autoInject`. (<https://github-redirect.dependabot.com/caolan/async/issues/1767|#1767>, <https://github-redirect.dependabot.com/caolan/async/issues/1780|#1780>) > > *v3.2.2* > > • Fix potential prototype pollution exploit > > *v3.2.1* > > • Use `queueMicrotask` if available to the environment (<https://github-redirect.dependabot.com/caolan/async/issues/1761|#1761>) > • Minor perf improvement in `priorityQueue` (<https://github-redirect.dependabot.com/caolan/async/issues/1727|#1727>) > • More examples in documentation (<https://github-redirect.dependabot.com/caolan/async/issues/1726|#1726>) > • Various doc fixes (<https://github-redirect.dependabot.com/caolan/async/issues/1708|#1708>, <https://github-redirect.dependabot.com/caolan/async/issues/1712|#1712>, <https://github-redirect.dependabot.com/caolan/async/issues/1717|#1717>, <https://github-redirect.dependabot.com/caolan/async/issues/1740|#1740>, <https://github-redirect.dependabot.com/caolan/async/issues/1739|#1739>, <https://github-redirect.dependabot.com/caolan/async/issues/1749|#1749>, <https://github-redirect.dependabot.com/caolan/async/issues/1756|#1756>) > • Improved test coverage (<https://github-redirect.dependabot.com/caolan/async/issues/1754|#1754>) Commits • <https://github.com/caolan/async/commit/f3ab51af76ca87ebe3ec67b3dd6dec4959e04816|`f3ab51a`> Version 3.2.4 • <https://github.com/caolan/async/commit/7ea2cec7398b33a15daf5c3bd9bda6ae78caf297|`7ea2cec`> Update built files • <https://github.com/caolan/async/commit/bef7befc734e4b712ab6ffc82463cc40c1037056|`bef7bef`> update changelog • <https://github.com/caolan/async/commit/03eeab36ae5a0454bbf67b881f087692e0b7c7e4|`03eeab3`> Bump yargs from 17.4.1 to 17.5.1 (<https://github-redirect.dependabot.com/caolan/async/issues/1843|#1843>) • <https://github.com/caolan/async/commit/387efcf80f5b2c454effd2a64c75ff3c634ec3bd|`387efcf`> Bump eslint from 8.14.0 to 8.17.0 (<https://github-redirect.dependabot.com/caolan/async/issues/1849|#1849>) • <https://github.com/caolan/async/commit/131225a8c82fda93010b8b82da46e9a23b6b1816|`131225a`> Bump karma from 6.3.19 to 6.3.20 (<https://github-redirect.dependabot.com/caolan/async/issues/1844|#1844>) • <https://github.com/caolan/async/commit/4cfa89cb240d9748d5bfee0656fbed08cf80cc10|`4cfa89c`> Bump eslint from 8.14.0 to 8.16.0 (<https://github-redirect.dependabot.com/caolan/async/issues/1845|#1845>) • <https://github.com/caolan/async/commit/90e940cbb5a051db7c2a28169769f97eef99fdd6|`90e940c`> Bump rollup from 2.71.1 to 2.75.5 (<https://github-redirect.dependabot.com/caolan/async/issues/1846|#1846>) • <https://github.com/caolan/async/commit/dd72cf5f614bcf2b08ae2678f6e8ffbd28136804|`dd72cf5`> Bump `@babel/eslint-parser` from 7.17.0 to 7.18.2 (<https://github-redirect.dependabot.com/caolan/async/issues/1847|#1847>) • <https://github.com/caolan/async/commit/4ae026e8da11f817f274f264dd3a9ec7ef3307c5|`4ae026e`> Bump babel-minify from 0.5.1 to 0.5.2 (<https://github-redirect.dependabot.com/caolan/async/issues/1848|#1848>) • Additional commits viewable in <https://github.com/caolan/async/compare/v3.2.0...v3.2.4|compare view> Maintainer changes This version was pushed to npm by <https://www.npmjs.com/~hargasinski|hargasinski>, a new releaser for async since your current version. <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/caolan/async|async> from 3.2.0 to 3.2.4. Changelog _Sourced from <https://github.com/caolan/async/blob/master/CHANGELOG.md|async's changelog>._ > *v3.2.4* > > • Fix a bug in `priorityQueue` where it didn't wait for the result. (<https://github-redirect.dependabot.com/caolan/async/issues/1725|#1725>) > • Fix a bug where `unshiftAsync` was included in `priorityQueue`. (<https://github-redirect.dependabot.com/caolan/async/issues/1790|#1790>) > > *v3.2.3* > > • Fix bugs in comment parsing in `autoInject`. (<https://github-redirect.dependabot.com/caolan/async/issues/1767|#1767>, <https://github-redirect.dependabot.com/caolan/async/issues/1780|#1780>) > > *v3.2.2* > > • Fix potential prototype pollution exploit > > *v3.2.1* > > • Use `queueMicrotask` if available to the environment (<https://github-redirect.dependabot.com/caolan/async/issues/1761|#1761>) > • Minor perf improvement in `priorityQueue` (<https://github-redirect.dependabot.com/caolan/async/issues/1727|#1727>) > • More examples in documentation (<https://github-redirect.dependabot.com/caolan/async/issues/1726|#1726>) > • Various doc fixes (<https://github-redirect.dependabot.com/caolan/async/issues/1708|#1708>, <https://github-redirect.dependabot.com/caolan/async/issues/1712|#1712>, <https://github-redirect.dependabot.com/caolan/async/issues/1717|#1717>, <https://github-redirect.dependabot.com/caolan/async/issues/1740|#1740>, <https://github-redirect.dependabot.com/caolan/async/issues/1739|#1739>, <https://github-redirect.dependabot.com/caolan/async/issues/1749|#1749>, <https://github-redirect.dependabot.com/caolan/async/issues/1756|#1756>) > • Improved test coverage (<https://github-redirect.dependabot.com/caolan/async/issues/1754|#1754>) Commits • <https://github.com/caolan/async/commit/f3ab51af76ca87ebe3ec67b3dd6dec4959e04816|`f3ab51a`> Version 3.2.4 • <https://github.com/caolan/async/commit/7ea2cec7398b33a15daf5c3bd9bda6ae78caf297|`7ea2cec`> Update built files • <https://github.com/caolan/async/commit/bef7befc734e4b712ab6ffc82463cc40c1037056|`bef7bef`> update changelog • <https://github.com/caolan/async/commit/03eeab36ae5a0454bbf67b881f087692e0b7c7e4|`03eeab3`> Bump yargs from 17.4.1 to 17.5.1 (<https://github-redirect.dependabot.com/caolan/async/issues/1843|#1843>) • <https://github.com/caolan/async/commit/387efcf80f5b2c454effd2a64c75ff3c634ec3bd|`387efcf`> Bump eslint from 8.14.0 to 8.17.0 (<https://github-redirect.dependabot.com/caolan/async/issues/1849|#1849>) • <https://github.com/caolan/async/commit/131225a8c82fda93010b8b82da46e9a23b6b1816|`131225a`> Bump karma from 6.3.19 to 6.3.20 (<https://github-redirect.dependabot.com/caolan/async/issues/1844|#1844>) • <https://github.com/caolan/async/commit/4cfa89cb240d9748d5bfee0656fbed08cf80cc10|`4cfa89c`> Bump eslint from 8.14.0 to 8.16.0 (<https://github-redirect.dependabot.com/caolan/async/issues/1845|#1845>) • <https://github.com/caolan/async/commit/90e940cbb5a051db7c2a28169769f97eef99fdd6|`90e940c`> Bump rollup from 2.71.1 to 2.75.5 (<https://github-redirect.dependabot.com/caolan/async/issues/1846|#1846>) • <https://github.com/caolan/async/commit/dd72cf5f614bcf2b08ae2678f6e8ffbd28136804|`dd72cf5`> Bump `@babel/eslint-parser` from 7.17.0 to 7.18.2 (<https://github-redirect.dependabot.com/caolan/async/issues/1847|#1847>) • <https://github.com/caolan/async/commit/4ae026e8da11f817f274f264dd3a9ec7ef3307c5|`4ae026e`> Bump babel-minify from 0.5.1 to 0.5.2 (<https://github-redirect.dependabot.com/caolan/async/issues/1848|#1848>) • Additional commits viewable in <https://github.com/caolan/async/compare/v3.2.0...v3.2.4|compare view> Maintainer changes This version was pushed to npm by <https://www.npmjs.com/~hargasinski|hargasinski>, a new releaser for async since your current version. <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/substack/node-shell-quote|shell-quote> from 1.7.2 to 1.7.3. Changelog _Sourced from <https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md|shell-quote's changelog>._ > *1.7.3* > > • Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (<https://github.com/advisories/GHSA-g4rg-993r-mgx7|CVE-2021-42740>) Commits • <https://github.com/substack/node-shell-quote/commit/6a8a899c62a58a30fb128a7079f02826ed4faee0|`6a8a899`> 1.7.3 • <https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe|`5799416`> fix for security issue with windows drive letter regex • <https://github.com/substack/node-shell-quote/commit/c7de931fa4ed0975ea9756983c88334fe4b8cde5|`c7de931`> Add security.md • <https://github.com/substack/node-shell-quote/commit/414853f1fd98553368ce7507cd26ebae88d71b46|`414853f`> Update readme.markdown (<https://github-redirect.dependabot.com/substack/node-shell-quote/issues/43|#43>) • <https://github.com/substack/node-shell-quote/commit/0fc4a978131ab68cace9c9a57cee245b6b70e595|`0fc4a97`> use Github Actions (<https://github-redirect.dependabot.com/substack/node-shell-quote/issues/42|#42>) • See full diff in <https://github.com/substack/node-shell-quote/compare/v1.7.2...1.7.3|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/substack/node-shell-quote|shell-quote> from 1.7.2 to 1.7.3. Changelog _Sourced from <https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md|shell-quote's changelog>._ > *1.7.3* > > • Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (<https://github.com/advisories/GHSA-g4rg-993r-mgx7|CVE-2021-42740>) Commits • <https://github.com/substack/node-shell-quote/commit/6a8a899c62a58a30fb128a7079f02826ed4faee0|`6a8a899`> 1.7.3 • <https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe|`5799416`> fix for security issue with windows drive letter regex • <https://github.com/substack/node-shell-quote/commit/c7de931fa4ed0975ea9756983c88334fe4b8cde5|`c7de931`> Add security.md • <https://github.com/substack/node-shell-quote/commit/414853f1fd98553368ce7507cd26ebae88d71b46|`414853f`> Update readme.markdown (<https://github-redirect.dependabot.com/substack/node-shell-quote/issues/43|#43>) • <https://github.com/substack/node-shell-quote/commit/0fc4a978131ab68cace9c9a57cee245b6b70e595|`0fc4a97`> use Github Actions (<https://github-redirect.dependabot.com/substack/node-shell-quote/issues/42|#42>) • See full diff in <https://github.com/substack/node-shell-quote/compare/v1.7.2...1.7.3|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/terser/terser|terser> from 4.8.0 to 4.8.1. Changelog _Sourced from <https://github.com/terser/terser/blob/master/CHANGELOG.md|terser's changelog>._ > *v4.8.1 (backport)* > > • Security fix for RegExps that should not be evaluated (regexp DDOS) Commits • See full diff in <https://github.com/terser/terser/commits|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/terser/terser|terser> from 4.8.0 to 4.8.1. Changelog _Sourced from <https://github.com/terser/terser/blob/master/CHANGELOG.md|terser's changelog>._ > *v4.8.1 (backport)* > > • Security fix for RegExps that should not be evaluated (regexp DDOS) Commits • See full diff in <https://github.com/terser/terser/commits|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/axios/axios|axios> from 0.21.1 to 0.21.2. Release notes _Sourced from <https://github.com/axios/axios/releases|axios's releases>._ > *v0.21.2* > *0.21.2 (September 4, 2021)* > > Fixes and Functionality: > > • Updating axios requests to be delayed by pre-emptive promise creation (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Adding "synchronous" and "runWhen" options to interceptors api (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Updating of transformResponse (<https://github-redirect.dependabot.com/axios/axios/pull/3377|#3377>) > • Adding ability to omit User-Agent header (<https://github-redirect.dependabot.com/axios/axios/pull/3703|#3703>) > • Adding multiple JSON improvements (<https://github-redirect.dependabot.com/axios/axios/pull/3688|#3688>, <https://github-redirect.dependabot.com/axios/axios/pull/3763|#3763>) > • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (<https://github-redirect.dependabot.com/axios/axios/pull/3738|#3738>) > • Adding parseInt to config.timeout (<https://github-redirect.dependabot.com/axios/axios/pull/3781|#3781>) > • Adding custom return type support to interceptor (<https://github-redirect.dependabot.com/axios/axios/pull/3783|#3783>) > • Adding security fix for ReDoS vulnerability (<https://github-redirect.dependabot.com/axios/axios/pull/3980|#3980>) > > Internal and Tests: > > • Updating build dev dependancies (<https://github-redirect.dependabot.com/axios/axios/pull/3401|#3401>) > • Fixing builds running on Travis CI (<https://github-redirect.dependabot.com/axios/axios/pull/3538|#3538>) > • Updating follow rediect version (<https://github-redirect.dependabot.com/axios/axios/pull/3694|#3694>, <https://github-redirect.dependabot.com/axios/axios/pull/3771|#3771>) > • Updating karma sauce launcher to fix failing sauce tests (<https://github-redirect.dependabot.com/axios/axios/pull/3712|#3712>, <https://github-redirect.dependabot.com/axios/axios/pull/3717|#3717>) > • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (<https://github-redirect.dependabot.com/axios/axios/pull/2154|#2154>) > • Fixing tests by bumping karma-sauce-launcher version (<https://github-redirect.dependabot.com/axios/axios/pull/3813|#3813>) > • Changing testing process from Travis CI to GitHub Actions (<https://github-redirect.dependabot.com/axios/axios/pull/3938|#3938>) > > Documentation: > > • Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints (<https://github-redirect.dependabot.com/axios/axios/pull/3539|#3539>) > • Remove duplication of item in changelog (<https://github-redirect.dependabot.com/axios/axios/pull/3523|#3523>) > • Fixing gramatical errors (<https://github-redirect.dependabot.com/axios/axios/pull/2642|#2642>) > • Fixing spelling error (<https://github-redirect.dependabot.com/axios/axios/pull/3567|#3567>) > • Moving gitpod metion (<https://github-redirect.dependabot.com/axios/axios/pull/2637|#2637>) > • Adding new axios documentation website link (<https://github-redirect.dependabot.com/axios/axios/pull/3681|#3681>, <https://github-redirect.dependabot.com/axios/axios/pull/3707|#3707>) > • Updating documentation around dispatching requests (<https://github-redirect.dependabot.com/axios/axios/pull/3772|#3772>) > • Adding documentation for the type guard isAxiosError (<https://github-redirect.dependabot.com/axios/axios/pull/3767|#3767>) > • Adding explanation of cancel token (<https://github-redirect.dependabot.com/axios/axios/pull/3803|#3803>) > • Updating CI status badge (<https://github-redirect.dependabot.com/axios/axios/pull/3953|#3953>) > • Fixing errors with JSON documentation (<https://github-redirect.dependabot.com/axios/axios/pull/3936|#3936>) > • Fixing README typo under Request Config (<https://github-redirect.dependabot.com/axios/axios/pull/3825|#3825>) > • Adding axios-multi-api to the ecosystem file (<https://github-redirect.dependabot.com/axios/axios/pull/3817|#3817>) > • Adding SECURITY.md to properly disclose security vulnerabilities (<https://github-redirect.dependabot.com/axios/axios/pull/3981|#3981>) > > Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: > > • <https://github.com/SashaKoro|Sasha Korotkov> > • <https://github.com/timemachine3030|Daniel Lopretto> > • <https://github.com/MikeBishop|Mike Bishop> > • <https://github.com/DigitalBrainJS|Dmitriy Mozgovoy> > • <https://github.com/bimbiltu|Mark> > • <https://github.com/piiih|Philipe Gouveia Paixão> ... (truncated) Changelog _Sourced from <https://github.com/axios/axios/blob/master/CHANGELOG.md|axios's changelog>._ > *0.21.2 (September 4, 2021)* > > Fixes and Functionality: > > • Updating axios requests to be delayed by pre-emptive promise creation (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Adding "synchronous" and "runWhen" options to interceptors api (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Updating of transformResponse (<https://github-redirect.dependabot.com/axios/axios/pull/3377|#3377>) > • Adding ability to omit User-Agent header (<https://github-redirect.dependabot.com/axios/axios/pull/3703|#3703>) > • Adding multiple JSON improvements (<https://github-redirect.dependabot.com/axios/axios/pull/3688|#3688>, <https://github-redirect.dependabot.com/axios/axios/pull/3763|#3763>) > • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (<https://github-redirect.dependabot.com/axios/axios/pull/3738|#3738>) > • Adding parseInt to config.timeout (<https://github-redirect.dependabot.com/axios/axios/pull/3781|#3781>) > • Adding custom return type support to interceptor (<https://github-redirect.dependabot.com/axios/axios/pull/3783|#3783>) > • Adding security fix for ReDoS vulnerability (<https://github-redirect.dependabot.com/axios/axios/pull/3980|#3980>) > > Internal and Tests: > > • Updating build dev dependancies (<https://github-redirect.dependabot.com/axios/axios/pull/3401|#3401>) > • Fixing builds running on Travis CI (<https://github-redirect.dependabot.com/axios/axios/pull/3538|#3538>) > • Updating follow rediect version (<https://github-redirect.dependabot.com/axios/axios/pull/3694|#3694>, <https://github-redirect.dependabot.com/axios/axios/pull/3771|#3771>) > • Updating karma sauce launcher to fix failing sauce tests (<https://github-redirect.dependabot.com/axios/axios/pull/3712|#3712>, <https://github-redirect.dependabot.com/axios/axios/pull/3717|#3717>) > • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (<https://github-redirect.dependabot.com/axios/axios/pull/2154|#2154>) > • Fixing tests by bumping karma-sauce-launcher version (<https://github-redirect.dependabot.com/axios/axios/pull/3813|#3813>) > • Changing testing process from Travis CI to GitHub Actions (<https://github-redirect.dependabot.com/axios/axios/pull/3938|#3938>) > > Documentation: > > • Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints (<https://github-redirect.dependabot.com/axios/axios/pull/3539|#3539>) > • Remove duplication of item in changelog (<https://github-redirect.dependabot.com/axios/axios/pull/3523|#3523>) > • Fixing gramatical errors (<https://github-redirect.dependabot.com/axios/axios/pull/2642|#2642>) > • Fixing spelling error (<https://github-redirect.dependabot.com/axios/axios/pull/3567|#3567>) > • Moving gitpod metion (<https://github-redirect.dependabot.com/axios/axios/pull/2637|#2637>) > • Adding new axios documentation website link (<https://github-…
Bumps <https://github.com/axios/axios|axios> from 0.21.1 to 0.21.2. Release notes _Sourced from <https://github.com/axios/axios/releases|axios's releases>._ > *v0.21.2* > *0.21.2 (September 4, 2021)* > > Fixes and Functionality: > > • Updating axios requests to be delayed by pre-emptive promise creation (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Adding "synchronous" and "runWhen" options to interceptors api (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Updating of transformResponse (<https://github-redirect.dependabot.com/axios/axios/pull/3377|#3377>) > • Adding ability to omit User-Agent header (<https://github-redirect.dependabot.com/axios/axios/pull/3703|#3703>) > • Adding multiple JSON improvements (<https://github-redirect.dependabot.com/axios/axios/pull/3688|#3688>, <https://github-redirect.dependabot.com/axios/axios/pull/3763|#3763>) > • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (<https://github-redirect.dependabot.com/axios/axios/pull/3738|#3738>) > • Adding parseInt to config.timeout (<https://github-redirect.dependabot.com/axios/axios/pull/3781|#3781>) > • Adding custom return type support to interceptor (<https://github-redirect.dependabot.com/axios/axios/pull/3783|#3783>) > • Adding security fix for ReDoS vulnerability (<https://github-redirect.dependabot.com/axios/axios/pull/3980|#3980>) > > Internal and Tests: > > • Updating build dev dependancies (<https://github-redirect.dependabot.com/axios/axios/pull/3401|#3401>) > • Fixing builds running on Travis CI (<https://github-redirect.dependabot.com/axios/axios/pull/3538|#3538>) > • Updating follow rediect version (<https://github-redirect.dependabot.com/axios/axios/pull/3694|#3694>, <https://github-redirect.dependabot.com/axios/axios/pull/3771|#3771>) > • Updating karma sauce launcher to fix failing sauce tests (<https://github-redirect.dependabot.com/axios/axios/pull/3712|#3712>, <https://github-redirect.dependabot.com/axios/axios/pull/3717|#3717>) > • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (<https://github-redirect.dependabot.com/axios/axios/pull/2154|#2154>) > • Fixing tests by bumping karma-sauce-launcher version (<https://github-redirect.dependabot.com/axios/axios/pull/3813|#3813>) > • Changing testing process from Travis CI to GitHub Actions (<https://github-redirect.dependabot.com/axios/axios/pull/3938|#3938>) > > Documentation: > > • Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints (<https://github-redirect.dependabot.com/axios/axios/pull/3539|#3539>) > • Remove duplication of item in changelog (<https://github-redirect.dependabot.com/axios/axios/pull/3523|#3523>) > • Fixing gramatical errors (<https://github-redirect.dependabot.com/axios/axios/pull/2642|#2642>) > • Fixing spelling error (<https://github-redirect.dependabot.com/axios/axios/pull/3567|#3567>) > • Moving gitpod metion (<https://github-redirect.dependabot.com/axios/axios/pull/2637|#2637>) > • Adding new axios documentation website link (<https://github-redirect.dependabot.com/axios/axios/pull/3681|#3681>, <https://github-redirect.dependabot.com/axios/axios/pull/3707|#3707>) > • Updating documentation around dispatching requests (<https://github-redirect.dependabot.com/axios/axios/pull/3772|#3772>) > • Adding documentation for the type guard isAxiosError (<https://github-redirect.dependabot.com/axios/axios/pull/3767|#3767>) > • Adding explanation of cancel token (<https://github-redirect.dependabot.com/axios/axios/pull/3803|#3803>) > • Updating CI status badge (<https://github-redirect.dependabot.com/axios/axios/pull/3953|#3953>) > • Fixing errors with JSON documentation (<https://github-redirect.dependabot.com/axios/axios/pull/3936|#3936>) > • Fixing README typo under Request Config (<https://github-redirect.dependabot.com/axios/axios/pull/3825|#3825>) > • Adding axios-multi-api to the ecosystem file (<https://github-redirect.dependabot.com/axios/axios/pull/3817|#3817>) > • Adding SECURITY.md to properly disclose security vulnerabilities (<https://github-redirect.dependabot.com/axios/axios/pull/3981|#3981>) > > Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: > > • <https://github.com/SashaKoro|Sasha Korotkov> > • <https://github.com/timemachine3030|Daniel Lopretto> > • <https://github.com/MikeBishop|Mike Bishop> > • <https://github.com/DigitalBrainJS|Dmitriy Mozgovoy> > • <https://github.com/bimbiltu|Mark> > • <https://github.com/piiih|Philipe Gouveia Paixão> ... (truncated) Changelog _Sourced from <https://github.com/axios/axios/blob/master/CHANGELOG.md|axios's changelog>._ > *0.21.2 (September 4, 2021)* > > Fixes and Functionality: > > • Updating axios requests to be delayed by pre-emptive promise creation (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Adding "synchronous" and "runWhen" options to interceptors api (<https://github-redirect.dependabot.com/axios/axios/pull/2702|#2702>) > • Updating of transformResponse (<https://github-redirect.dependabot.com/axios/axios/pull/3377|#3377>) > • Adding ability to omit User-Agent header (<https://github-redirect.dependabot.com/axios/axios/pull/3703|#3703>) > • Adding multiple JSON improvements (<https://github-redirect.dependabot.com/axios/axios/pull/3688|#3688>, <https://github-redirect.dependabot.com/axios/axios/pull/3763|#3763>) > • Fixing quadratic runtime and extra memory usage when setting a maxContentLength (<https://github-redirect.dependabot.com/axios/axios/pull/3738|#3738>) > • Adding parseInt to config.timeout (<https://github-redirect.dependabot.com/axios/axios/pull/3781|#3781>) > • Adding custom return type support to interceptor (<https://github-redirect.dependabot.com/axios/axios/pull/3783|#3783>) > • Adding security fix for ReDoS vulnerability (<https://github-redirect.dependabot.com/axios/axios/pull/3980|#3980>) > > Internal and Tests: > > • Updating build dev dependancies (<https://github-redirect.dependabot.com/axios/axios/pull/3401|#3401>) > • Fixing builds running on Travis CI (<https://github-redirect.dependabot.com/axios/axios/pull/3538|#3538>) > • Updating follow rediect version (<https://github-redirect.dependabot.com/axios/axios/pull/3694|#3694>, <https://github-redirect.dependabot.com/axios/axios/pull/3771|#3771>) > • Updating karma sauce launcher to fix failing sauce tests (<https://github-redirect.dependabot.com/axios/axios/pull/3712|#3712>, <https://github-redirect.dependabot.com/axios/axios/pull/3717|#3717>) > • Updating content-type header for application/json to not contain charset field, according do RFC 8259 (<https://github-redirect.dependabot.com/axios/axios/pull/2154|#2154>) > • Fixing tests by bumping karma-sauce-launcher version (<https://github-redirect.dependabot.com/axios/axios/pull/3813|#3813>) > • Changing testing process from Travis CI to GitHub Actions (<https://github-redirect.dependabot.com/axios/axios/pull/3938|#3938>) > > Documentation: > > • Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints (<https://github-redirect.dependabot.com/axios/axios/pull/3539|#3539>) > • Remove duplication of item in changelog (<https://github-redirect.dependabot.com/axios/axios/pull/3523|#3523>) > • Fixing gramatical errors (<https://github-redirect.dependabot.com/axios/axios/pull/2642|#2642>) > • Fixing spelling error (<https://github-redirect.dependabot.com/axios/axios/pull/3567|#3567>) > • Moving gitpod metion (<https://github-redirect.dependabot.com/axios/axios/pull/2637|#2637>) > • Adding new axios documentation website link (<https://github-…
Bumps <https://github.com/node-fetch/node-fetch|node-fetch> from 2.6.1 to 2.6.7. Release notes _Sourced from <https://github.com/node-fetch/node-fetch/releases|node-fetch's releases>._ > *v2.6.7* > *Security patch release* > > Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred > > *What's Changed* > > • fix: don't forward secure headers to 3th party by <https://github.com/jimmywarting|`@jimmywarting`> in <https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1453|node-fetch/node-fetch#1453> > > *Full Changelog*: <https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7|node-fetch/node-fetch@v2.6.6...v2.6.7> > > *v2.6.6* > *What's Changed* > > • fix(URL): prefer built in URL version when available and fallback to whatwg by <https://github.com/jimmywarting|`@jimmywarting`> in <https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1352|node-fetch/node-fetch#1352> > > *Full Changelog*: <https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6|node-fetch/node-fetch@v2.6.5...v2.6.6> > > *v2.6.2* > > fixed main path in package.json Commits • <https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35|`1ef4b56`> backport of <https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449|#1449> (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1453|#1453>) • <https://github.com/node-fetch/node-fetch/commit/8fe5c4ea66b9b8187600e6d5ec9b1b6781f44009|`8fe5c4e`> 2.x: Specify encoding as an optional peer dependency in package.json (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1310|#1310>) • <https://github.com/node-fetch/node-fetch/commit/f56b0c66d3dd2ef185436de1f2fd40f66bfea8f4|`f56b0c6`> fix(URL): prefer built in URL version when available and fallback to whatwg (... • <https://github.com/node-fetch/node-fetch/commit/b5417aea6a3275932283a200214522e6ab53f1ea|`b5417ae`> fix: import whatwg-url in a way compatible with ESM Node (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1303|#1303>) • <https://github.com/node-fetch/node-fetch/commit/18193c5922c64046b922e18faf41821290535f06|`18193c5`> fix v2.6.3 that did not sending query params (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1301|#1301>) • <https://github.com/node-fetch/node-fetch/commit/ace7536c955556be742d9910566738630cc3c2a6|`ace7536`> fix: properly encode url with unicode characters (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1291|#1291>) • <https://github.com/node-fetch/node-fetch/commit/152214ca2f6e2a5a17d71e4638114625d3be30c6|`152214c`> Fix(package.json): Corrected main file path in package.json (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1274|#1274>) • See full diff in <https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7|compare view> Maintainer changes This version was pushed to npm by <https://www.npmjs.com/~endless|endless>, a new releaser for node-fetch since your current version. <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/node-fetch/node-fetch|node-fetch> from 2.6.1 to 2.6.7. Release notes _Sourced from <https://github.com/node-fetch/node-fetch/releases|node-fetch's releases>._ > *v2.6.7* > *Security patch release* > > Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred > > *What's Changed* > > • fix: don't forward secure headers to 3th party by <https://github.com/jimmywarting|`@jimmywarting`> in <https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1453|node-fetch/node-fetch#1453> > > *Full Changelog*: <https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7|node-fetch/node-fetch@v2.6.6...v2.6.7> > > *v2.6.6* > *What's Changed* > > • fix(URL): prefer built in URL version when available and fallback to whatwg by <https://github.com/jimmywarting|`@jimmywarting`> in <https://github-redirect.dependabot.com/node-fetch/node-fetch/pull/1352|node-fetch/node-fetch#1352> > > *Full Changelog*: <https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6|node-fetch/node-fetch@v2.6.5...v2.6.6> > > *v2.6.2* > > fixed main path in package.json Commits • <https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35|`1ef4b56`> backport of <https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1449|#1449> (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1453|#1453>) • <https://github.com/node-fetch/node-fetch/commit/8fe5c4ea66b9b8187600e6d5ec9b1b6781f44009|`8fe5c4e`> 2.x: Specify encoding as an optional peer dependency in package.json (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1310|#1310>) • <https://github.com/node-fetch/node-fetch/commit/f56b0c66d3dd2ef185436de1f2fd40f66bfea8f4|`f56b0c6`> fix(URL): prefer built in URL version when available and fallback to whatwg (... • <https://github.com/node-fetch/node-fetch/commit/b5417aea6a3275932283a200214522e6ab53f1ea|`b5417ae`> fix: import whatwg-url in a way compatible with ESM Node (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1303|#1303>) • <https://github.com/node-fetch/node-fetch/commit/18193c5922c64046b922e18faf41821290535f06|`18193c5`> fix v2.6.3 that did not sending query params (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1301|#1301>) • <https://github.com/node-fetch/node-fetch/commit/ace7536c955556be742d9910566738630cc3c2a6|`ace7536`> fix: properly encode url with unicode characters (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1291|#1291>) • <https://github.com/node-fetch/node-fetch/commit/152214ca2f6e2a5a17d71e4638114625d3be30c6|`152214c`> Fix(package.json): Corrected main file path in package.json (<https://github-redirect.dependabot.com/node-fetch/node-fetch/issues/1274|#1274>) • See full diff in <https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7|compare view> Maintainer changes This version was pushed to npm by <https://www.npmjs.com/~endless|endless>, a new releaser for node-fetch since your current version. <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/json5/json5|json5> from 1.0.1 to 1.0.2. Release notes _Sourced from <https://github.com/json5/json5/releases|json5's releases>._ > *v1.0.2* > > • Fix: Properties with the name `__proto__` are added to objects and arrays. (<https://github-redirect.dependabot.com/json5/json5/issues/199|#199>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<https://github-redirect.dependabot.com/json5/json5/issues/295|#295>). This has been backported to v1. (<https://github-redirect.dependabot.com/json5/json5/issues/298|#298>) Changelog _Sourced from <https://github.com/json5/json5/blob/main/CHANGELOG.md|json5's changelog>._ > *Unreleased [<https://github.com/json5/json5/tree/main|code>, <https://github.com/json5/json5/compare/v2.2.3...HEAD|diff>]* > *v2.2.3 [<https://github.com/json5/json5/tree/v2.2.3|code>, <https://github.com/json5/json5/compare/v2.2.2...v2.2.3|diff>]* > > • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (<https://github-redirect.dependabot.com/json5/json5/issues/299|#299>) > > *v2.2.2 [<https://github.com/json5/json5/tree/v2.2.2|code>, <https://github.com/json5/json5/compare/v2.2.1...v2.2.2|diff>]* > > • Fix: Properties with the name `__proto__` are added to objects and arrays. (<https://github-redirect.dependabot.com/json5/json5/issues/199|#199>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<https://github-redirect.dependabot.com/json5/json5/issues/295|#295>). > > *v2.2.1 [<https://github.com/json5/json5/tree/v2.2.1|code>, <https://github.com/json5/json5/compare/v2.2.0...v2.2.1|diff>]* > > • Fix: Removed dependence on minimist to patch <https://github.com/advisories/GHSA-xvch-5gv4-984h|CVE-2021-44906>. (<https://github-redirect.dependabot.com/json5/json5/issues/266|#266>) > > *v2.2.0 [<https://github.com/json5/json5/tree/v2.2.0|code>, <https://github.com/json5/json5/compare/v2.1.3...v2.2.0|diff>]* > > • New: Accurate and documented TypeScript declarations are now included. There is no need to install `@types/json5`. (<https://github-redirect.dependabot.com/json5/json5/issues/236|#236>, <https://github-redirect.dependabot.com/json5/json5/issues/244|#244>) > > *v2.1.3 [<https://github.com/json5/json5/tree/v2.1.3|code>, <https://github.com/json5/json5/compare/v2.1.2...v2.1.3|diff>]* > > • Fix: An out of memory bug when parsing numbers has been fixed. (<https://github-redirect.dependabot.com/json5/json5/issues/228|#228>, <https://github-redirect.dependabot.com/json5/json5/issues/229|#229>) > > *v2.1.2 [<https://github.com/json5/json5/tree/v2.1.2|code>, <https://github.com/json5/json5/compare/v2.1.1...v2.1.2|diff>]* ... (truncated) Commits • <https://github.com/json5/json5/commit/a62db1e51e1031d92ac260f5bb38bbed1fdbc754|`a62db1e`> 1.0.2 • <https://github.com/json5/json5/commit/e0c23fe458a77c0b2cdb271376be5d8d0908133c|`e0c23fe`> docs: update CHANGELOG for v1.0.2 • <https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972|`62a6540`> fix: add *proto* to objects and arrays • See full diff in <https://github.com/json5/json5/compare/v1.0.1...v1.0.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/json5/json5|json5> from 1.0.1 to 1.0.2. Release notes _Sourced from <https://github.com/json5/json5/releases|json5's releases>._ > *v1.0.2* > > • Fix: Properties with the name `__proto__` are added to objects and arrays. (<https://github-redirect.dependabot.com/json5/json5/issues/199|#199>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<https://github-redirect.dependabot.com/json5/json5/issues/295|#295>). This has been backported to v1. (<https://github-redirect.dependabot.com/json5/json5/issues/298|#298>) Changelog _Sourced from <https://github.com/json5/json5/blob/main/CHANGELOG.md|json5's changelog>._ > *Unreleased [<https://github.com/json5/json5/tree/main|code>, <https://github.com/json5/json5/compare/v2.2.3...HEAD|diff>]* > *v2.2.3 [<https://github.com/json5/json5/tree/v2.2.3|code>, <https://github.com/json5/json5/compare/v2.2.2...v2.2.3|diff>]* > > • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (<https://github-redirect.dependabot.com/json5/json5/issues/299|#299>) > > *v2.2.2 [<https://github.com/json5/json5/tree/v2.2.2|code>, <https://github.com/json5/json5/compare/v2.2.1...v2.2.2|diff>]* > > • Fix: Properties with the name `__proto__` are added to objects and arrays. (<https://github-redirect.dependabot.com/json5/json5/issues/199|#199>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<https://github-redirect.dependabot.com/json5/json5/issues/295|#295>). > > *v2.2.1 [<https://github.com/json5/json5/tree/v2.2.1|code>, <https://github.com/json5/json5/compare/v2.2.0...v2.2.1|diff>]* > > • Fix: Removed dependence on minimist to patch <https://github.com/advisories/GHSA-xvch-5gv4-984h|CVE-2021-44906>. (<https://github-redirect.dependabot.com/json5/json5/issues/266|#266>) > > *v2.2.0 [<https://github.com/json5/json5/tree/v2.2.0|code>, <https://github.com/json5/json5/compare/v2.1.3...v2.2.0|diff>]* > > • New: Accurate and documented TypeScript declarations are now included. There is no need to install `@types/json5`. (<https://github-redirect.dependabot.com/json5/json5/issues/236|#236>, <https://github-redirect.dependabot.com/json5/json5/issues/244|#244>) > > *v2.1.3 [<https://github.com/json5/json5/tree/v2.1.3|code>, <https://github.com/json5/json5/compare/v2.1.2...v2.1.3|diff>]* > > • Fix: An out of memory bug when parsing numbers has been fixed. (<https://github-redirect.dependabot.com/json5/json5/issues/228|#228>, <https://github-redirect.dependabot.com/json5/json5/issues/229|#229>) > > *v2.1.2 [<https://github.com/json5/json5/tree/v2.1.2|code>, <https://github.com/json5/json5/compare/v2.1.1...v2.1.2|diff>]* ... (truncated) Commits • <https://github.com/json5/json5/commit/a62db1e51e1031d92ac260f5bb38bbed1fdbc754|`a62db1e`> 1.0.2 • <https://github.com/json5/json5/commit/e0c23fe458a77c0b2cdb271376be5d8d0908133c|`e0c23fe`> docs: update CHANGELOG for v1.0.2 • <https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972|`62a6540`> fix: add *proto* to objects and arrays • See full diff in <https://github.com/json5/json5/compare/v1.0.1...v1.0.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/webpack/loader-utils|loader-utils> from 1.4.0 to 1.4.2. Release notes _Sourced from <https://github.com/webpack/loader-utils/releases|loader-utils's releases>._ > *v1.4.2* > *<https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2|1.4.2> (2022-11-11)* > *Bug Fixes* > > • ReDoS problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/226|#226>) (<https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa|17cbf8f>) > > *v1.4.1* > *<https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1|1.4.1> (2022-11-07)* > *Bug Fixes* > > • security problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/220|#220>) (<https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5|4504e34>) Changelog _Sourced from <https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md|loader-utils's changelog>._ > *<https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2|1.4.2> (2022-11-11)* > *Bug Fixes* > > • ReDoS problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/226|#226>) (<https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa|17cbf8f>) > > *<https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1|1.4.1> (2022-11-07)* > *Bug Fixes* > > • security problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/220|#220>) (<https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5|4504e34>) Commits • <https://github.com/webpack/loader-utils/commit/331ad5067d9a1a7b8d646692e6959639969210d1|`331ad50`> chore(release): 1.4.2 • <https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa|`17cbf8f`> fix: ReDoS problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/226|#226>) • <https://github.com/webpack/loader-utils/commit/8f082b39f6903929f30fe29dab34f4d9c7ef070a|`8f082b3`> chore(release): 1.4.1 • <https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5|`4504e34`> fix: security problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/220|#220>) • See full diff in <https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/webpack/loader-utils|loader-utils> from 1.4.0 to 1.4.2. Release notes _Sourced from <https://github.com/webpack/loader-utils/releases|loader-utils's releases>._ > *v1.4.2* > *<https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2|1.4.2> (2022-11-11)* > *Bug Fixes* > > • ReDoS problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/226|#226>) (<https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa|17cbf8f>) > > *v1.4.1* > *<https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1|1.4.1> (2022-11-07)* > *Bug Fixes* > > • security problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/220|#220>) (<https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5|4504e34>) Changelog _Sourced from <https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md|loader-utils's changelog>._ > *<https://github.com/webpack/loader-utils/compare/v1.4.1...v1.4.2|1.4.2> (2022-11-11)* > *Bug Fixes* > > • ReDoS problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/226|#226>) (<https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa|17cbf8f>) > > *<https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1|1.4.1> (2022-11-07)* > *Bug Fixes* > > • security problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/220|#220>) (<https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5|4504e34>) Commits • <https://github.com/webpack/loader-utils/commit/331ad5067d9a1a7b8d646692e6959639969210d1|`331ad50`> chore(release): 1.4.2 • <https://github.com/webpack/loader-utils/commit/17cbf8fa8989c1cb45bdd2997aa524729475f1fa|`17cbf8f`> fix: ReDoS problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/226|#226>) • <https://github.com/webpack/loader-utils/commit/8f082b39f6903929f30fe29dab34f4d9c7ef070a|`8f082b3`> chore(release): 1.4.1 • <https://github.com/webpack/loader-utils/commit/4504e34c4796a5836ef70458327351675aed48a5|`4504e34`> fix: security problem (<https://github-redirect.dependabot.com/webpack/loader-utils/issues/220|#220>) • See full diff in <https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/expressjs/express|express> from 4.17.1 to 4.18.2. Release notes _Sourced from <https://github.com/expressjs/express/releases|express's releases>._ > *4.18.2* > > • Fix regression routing a large stack in a single route > • deps: body-parser@1.20.1 > • deps: qs@6.11.0 > • perf: remove unnecessary object clone > • deps: qs@6.11.0 > > *4.18.1* > > • Fix hanging on large stack of sync routes > > *4.18.0* > > • Add "root" option to `res.download` > • Allow `options` without `filename` in `res.download` > • Deprecate string and non-integer arguments to `res.status` > • Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` > • Fix handling very large stacks of sync middleware > • Ignore `Object.prototype` values in settings through `app.set`/`app.get` > • Invoke `default` with same arguments as types in `res.format` > • Support proper 205 responses using `res.send` > • Use `http-errors` for `res.format` error > • deps: body-parser@1.20.0 > • Fix error message for json parse whitespace in `strict` > • Fix internal error when inflated body exceeds limit > • Prevent loss of async hooks context > • Prevent hanging when request already read > • deps: depd@2.0.0 > • deps: http-errors@2.0.0 > • deps: on-finished@2.4.1 > • deps: qs@6.10.3 > • deps: raw-body@2.5.1 > • deps: cookie@0.5.0 > • Add `priority` option > • Fix `expires` option to reject invalid dates > • deps: depd@2.0.0 > • Replace internal `eval` usage with `Function` constructor > • Use instance methods on `process` to check for listeners > • deps: finalhandler@1.2.0 > • Remove set content headers that break response > • deps: on-finished@2.4.1 > • deps: statuses@2.0.1 > • deps: on-finished@2.4.1 > • Prevent loss of async hooks context > • deps: qs@6.10.3 > • deps: send@0.18.0 > • Fix emitted 416 error missing headers property > • Limit the headers removed for 304 response > • deps: depd@2.0.0 > • deps: destroy@1.2.0 > • deps: http-errors@2.0.0 > • deps: on-finished@2.4.1 ... (truncated) Changelog _Sourced from <https://github.com/expressjs/express/blob/master/History.md|express's changelog>._ > *4.18.2 / 2022-10-08* > > • Fix regression routing a large stack in a single route > • deps: body-parser@1.20.1 > • deps: qs@6.11.0 > • perf: remove unnecessary object clone > • deps: qs@6.11.0 > > *4.18.1 / 2022-04-29* > > • Fix hanging on large stack of sync routes > > *4.18.0 / 2022-04-25* > > • Add "root" option to `res.download` > • Allow `options` without `filename` in `res.download` > • Deprecate string and non-integer arguments to `res.status` > • Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` > • Fix handling very large stacks of sync middleware > • Ignore `Object.prototype` values in settings through `app.set`/`app.get` > • Invoke `default` with same arguments as types in `res.format` > • Support proper 205 responses using `res.send` > • Use `http-errors` for `res.format` error > • deps: body-parser@1.20.0 > • Fix error message for json parse whitespace in `strict` > • Fix internal error when inflated body exceeds limit > • Prevent loss of async hooks context > • Prevent hanging when request already read > • deps: depd@2.0.0 > • deps: http-errors@2.0.0 > • deps: on-finished@2.4.1 > • deps: qs@6.10.3 > • deps: raw-body@2.5.1 > • deps: cookie@0.5.0 > • Add `priority` option > • Fix `expires` option to reject invalid dates > • deps: depd@2.0.0 > • Replace internal `eval` usage with `Function` constructor > • Use instance methods on `process` to check for listeners > • deps: finalhandler@1.2.0 > • Remove set content headers that break response > • deps: on-finished@2.4.1 > • deps: statuses@2.0.1 > • deps: on-finished@2.4.1 > • Prevent loss of async hooks context > • deps: qs@6.10.3 > • deps: send@0.18.0 ... (truncated) Commits • <https://github.com/expressjs/express/commit/8368dc178af16b91b576c4c1d135f701a0007e5d|`8368dc1`> 4.18.2 • <https://github.com/expressjs/express/commit/61f40491222dbede653b9938e6a4676f187aab44|`61f4049`> docs: replace Freenode with Libera Chat • <https://github.com/expressjs/express/commit/bb7907b932afe3a19236a642f6054b6c8f7349a0|`bb7907b`> build: Node.js@18.10 • <https://github.com/expressjs/express/commit/f56ce73186e885a938bfdb3d3d1005a58e6ae12b|`f56ce73`> build: supertest@6.3.0 • <https://github.com/expressjs/express/commit/24b3dc551670ac4fb0cd5a2bd5ef643c9525e60f|`24b3dc5`> deps: qs@6.11.0 • <https://github.com/expressjs/express/commit/689d175b8b39d8860b81d723233fb83d15201827|`689d175`> deps: body-parser@1.20.1 • <https://github.com/expressjs/express/commit/340be0f79afb9b3176afb76235aa7f92acbd5050|`340be0f`> build: eslint@8.24.0 • <https://github.com/expressjs/express/commit/33e8dc303af9277f8a7e4f46abfdcb5e72f6797b|`33e8dc3`> docs: use Node.js name style • <https://github.com/expressjs/express/commit/644f6464b9f61cbafa8f880636b1aa5237d95bad|`644f646`> build: supertest@6.2.4 • <https://github.com/expressjs/express/commit/ecd7572f1e920b7a512452b8d9806ae617a99c54|`ecd7572`> build: Node.js@14.20 • Additional commits viewable in <https://github.com/expressjs/express/compare/4.17.1...4.18.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/expressjs/express|express> from 4.17.1 to 4.18.2. Release notes _Sourced from <https://github.com/expressjs/express/releases|express's releases>._ > *4.18.2* > > • Fix regression routing a large stack in a single route > • deps: body-parser@1.20.1 > • deps: qs@6.11.0 > • perf: remove unnecessary object clone > • deps: qs@6.11.0 > > *4.18.1* > > • Fix hanging on large stack of sync routes > > *4.18.0* > > • Add "root" option to `res.download` > • Allow `options` without `filename` in `res.download` > • Deprecate string and non-integer arguments to `res.status` > • Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` > • Fix handling very large stacks of sync middleware > • Ignore `Object.prototype` values in settings through `app.set`/`app.get` > • Invoke `default` with same arguments as types in `res.format` > • Support proper 205 responses using `res.send` > • Use `http-errors` for `res.format` error > • deps: body-parser@1.20.0 > • Fix error message for json parse whitespace in `strict` > • Fix internal error when inflated body exceeds limit > • Prevent loss of async hooks context > • Prevent hanging when request already read > • deps: depd@2.0.0 > • deps: http-errors@2.0.0 > • deps: on-finished@2.4.1 > • deps: qs@6.10.3 > • deps: raw-body@2.5.1 > • deps: cookie@0.5.0 > • Add `priority` option > • Fix `expires` option to reject invalid dates > • deps: depd@2.0.0 > • Replace internal `eval` usage with `Function` constructor > • Use instance methods on `process` to check for listeners > • deps: finalhandler@1.2.0 > • Remove set content headers that break response > • deps: on-finished@2.4.1 > • deps: statuses@2.0.1 > • deps: on-finished@2.4.1 > • Prevent loss of async hooks context > • deps: qs@6.10.3 > • deps: send@0.18.0 > • Fix emitted 416 error missing headers property > • Limit the headers removed for 304 response > • deps: depd@2.0.0 > • deps: destroy@1.2.0 > • deps: http-errors@2.0.0 > • deps: on-finished@2.4.1 ... (truncated) Changelog _Sourced from <https://github.com/expressjs/express/blob/master/History.md|express's changelog>._ > *4.18.2 / 2022-10-08* > > • Fix regression routing a large stack in a single route > • deps: body-parser@1.20.1 > • deps: qs@6.11.0 > • perf: remove unnecessary object clone > • deps: qs@6.11.0 > > *4.18.1 / 2022-04-29* > > • Fix hanging on large stack of sync routes > > *4.18.0 / 2022-04-25* > > • Add "root" option to `res.download` > • Allow `options` without `filename` in `res.download` > • Deprecate string and non-integer arguments to `res.status` > • Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` > • Fix handling very large stacks of sync middleware > • Ignore `Object.prototype` values in settings through `app.set`/`app.get` > • Invoke `default` with same arguments as types in `res.format` > • Support proper 205 responses using `res.send` > • Use `http-errors` for `res.format` error > • deps: body-parser@1.20.0 > • Fix error message for json parse whitespace in `strict` > • Fix internal error when inflated body exceeds limit > • Prevent loss of async hooks context > • Prevent hanging when request already read > • deps: depd@2.0.0 > • deps: http-errors@2.0.0 > • deps: on-finished@2.4.1 > • deps: qs@6.10.3 > • deps: raw-body@2.5.1 > • deps: cookie@0.5.0 > • Add `priority` option > • Fix `expires` option to reject invalid dates > • deps: depd@2.0.0 > • Replace internal `eval` usage with `Function` constructor > • Use instance methods on `process` to check for listeners > • deps: finalhandler@1.2.0 > • Remove set content headers that break response > • deps: on-finished@2.4.1 > • deps: statuses@2.0.1 > • deps: on-finished@2.4.1 > • Prevent loss of async hooks context > • deps: qs@6.10.3 > • deps: send@0.18.0 ... (truncated) Commits • <https://github.com/expressjs/express/commit/8368dc178af16b91b576c4c1d135f701a0007e5d|`8368dc1`> 4.18.2 • <https://github.com/expressjs/express/commit/61f40491222dbede653b9938e6a4676f187aab44|`61f4049`> docs: replace Freenode with Libera Chat • <https://github.com/expressjs/express/commit/bb7907b932afe3a19236a642f6054b6c8f7349a0|`bb7907b`> build: Node.js@18.10 • <https://github.com/expressjs/express/commit/f56ce73186e885a938bfdb3d3d1005a58e6ae12b|`f56ce73`> build: supertest@6.3.0 • <https://github.com/expressjs/express/commit/24b3dc551670ac4fb0cd5a2bd5ef643c9525e60f|`24b3dc5`> deps: qs@6.11.0 • <https://github.com/expressjs/express/commit/689d175b8b39d8860b81d723233fb83d15201827|`689d175`> deps: body-parser@1.20.1 • <https://github.com/expressjs/express/commit/340be0f79afb9b3176afb76235aa7f92acbd5050|`340be0f`> build: eslint@8.24.0 • <https://github.com/expressjs/express/commit/33e8dc303af9277f8a7e4f46abfdcb5e72f6797b|`33e8dc3`> docs: use Node.js name style • <https://github.com/expressjs/express/commit/644f6464b9f61cbafa8f880636b1aa5237d95bad|`644f646`> build: supertest@6.2.4 • <https://github.com/expressjs/express/commit/ecd7572f1e920b7a512452b8d9806ae617a99c54|`ecd7572`> build: Node.js@14.20 • Additional commits viewable in <https://github.com/expressjs/express/compare/4.17.1...4.18.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/faisalman/ua-parser-js|ua-parser-js> from 0.7.23 to 0.7.33. Changelog _Sourced from <https://github.com/faisalman/ua-parser-js/blob/master/changelog.md|ua-parser-js's changelog>._ > *Version 0.7.33 / 1.0.33* > > • Add new browser : Cobalt > • Identify Macintosh as an Apple device > • Fix ReDoS vulnerability > > *Version 0.8* > > Version 0.8 was created by accident. This version is now deprecated and no longer maintained, please update to version 0.7 / 1.0. Commits • <https://github.com/faisalman/ua-parser-js/commit/f2d0db001d87da15de7b9b1df7be9f2eacefd8c5|`f2d0db0`> Bump version 0.7.33 • <https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411|`a6140a1`> Remove unsafe regex in trim() function • <https://github.com/faisalman/ua-parser-js/commit/a88660493568d6144a551424a8139d6c876635f6|`a886604`> Fix <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/605|#605> - Identify Macintosh as Apple device • <https://github.com/faisalman/ua-parser-js/commit/b814bcd79198e730936c82462e2d729eb5423e3c|`b814bcd`> Merge pull request <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/606|#606> from rileyjshaw/patch-1 • <https://github.com/faisalman/ua-parser-js/commit/7f71024161399b7aa5d5cd10dba9e059f0218262|`7f71024`> Fix documentation • <https://github.com/faisalman/ua-parser-js/commit/c239ac5167abd574a635cb809a2b4fa35810d23b|`c239ac5`> Merge pull request <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/604|#604> from obecerra3/master • <https://github.com/faisalman/ua-parser-js/commit/8d3c2d327cf540ff2c050f1cc67bca8c6f8e4458|`8d3c2d3`> Add new browser: Cobalt • <https://github.com/faisalman/ua-parser-js/commit/d11fc47dc9b6acc0f89fc10c120cea08e10cd31a|`d11fc47`> Bump version 0.7.32 • <https://github.com/faisalman/ua-parser-js/commit/b490110109de586deab96c775c9ef0dfc9c919c4|`b490110`> Merge branch 'develop' of <http://github.com:faisalman/ua-parser-js|github.com:faisalman/ua-parser-js> • <https://github.com/faisalman/ua-parser-js/commit/cb5da5ea4b220d5b60fe209e123b7f911d8e0d4a|`cb5da5e`> Merge pull request <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/600|#600> from moekm/develop • Additional commits viewable in <https://github.com/faisalman/ua-parser-js/compare/0.7.23...0.7.33|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
Bumps <https://github.com/faisalman/ua-parser-js|ua-parser-js> from 0.7.23 to 0.7.33. Changelog _Sourced from <https://github.com/faisalman/ua-parser-js/blob/master/changelog.md|ua-parser-js's changelog>._ > *Version 0.7.33 / 1.0.33* > > • Add new browser : Cobalt > • Identify Macintosh as an Apple device > • Fix ReDoS vulnerability > > *Version 0.8* > > Version 0.8 was created by accident. This version is now deprecated and no longer maintained, please update to version 0.7 / 1.0. Commits • <https://github.com/faisalman/ua-parser-js/commit/f2d0db001d87da15de7b9b1df7be9f2eacefd8c5|`f2d0db0`> Bump version 0.7.33 • <https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411|`a6140a1`> Remove unsafe regex in trim() function • <https://github.com/faisalman/ua-parser-js/commit/a88660493568d6144a551424a8139d6c876635f6|`a886604`> Fix <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/605|#605> - Identify Macintosh as Apple device • <https://github.com/faisalman/ua-parser-js/commit/b814bcd79198e730936c82462e2d729eb5423e3c|`b814bcd`> Merge pull request <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/606|#606> from rileyjshaw/patch-1 • <https://github.com/faisalman/ua-parser-js/commit/7f71024161399b7aa5d5cd10dba9e059f0218262|`7f71024`> Fix documentation • <https://github.com/faisalman/ua-parser-js/commit/c239ac5167abd574a635cb809a2b4fa35810d23b|`c239ac5`> Merge pull request <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/604|#604> from obecerra3/master • <https://github.com/faisalman/ua-parser-js/commit/8d3c2d327cf540ff2c050f1cc67bca8c6f8e4458|`8d3c2d3`> Add new browser: Cobalt • <https://github.com/faisalman/ua-parser-js/commit/d11fc47dc9b6acc0f89fc10c120cea08e10cd31a|`d11fc47`> Bump version 0.7.32 • <https://github.com/faisalman/ua-parser-js/commit/b490110109de586deab96c775c9ef0dfc9c919c4|`b490110`> Merge branch 'develop' of <http://github.com:faisalman/ua-parser-js|github.com:faisalman/ua-parser-js> • <https://github.com/faisalman/ua-parser-js/commit/cb5da5ea4b220d5b60fe209e123b7f911d8e0d4a|`cb5da5e`> Merge pull request <https://github-redirect.dependabot.com/faisalman/ua-parser-js/issues/600|#600> from moekm/develop • Additional commits viewable in <https://github.com/faisalman/ua-parser-js/compare/0.7.23...0.7.33|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/Disfactory/about.disfactory.tw/network/alerts|Security Alerts page>.
`<https://github.com/Disfactory/about.disfactory.tw/commit/dfcb044791355b55e87d8ae61c2df32b49805bfc|dfcb0447>` - feat: add new contributors (#102)
`<https://github.com/Disfactory/about.disfactory.tw/commit/dfcb044791355b55e87d8ae61c2df32b49805bfc|dfcb0447>` - feat: add new contributors (#102)
`<https://github.com/Disfactory/about.disfactory.tw/commit/861aacbc6d217e60eed78e361a149f6632e7724b|861aacbc>` - Add basic css to en page (#103)
`<https://github.com/Disfactory/about.disfactory.tw/commit/861aacbc6d217e60eed78e361a149f6632e7724b|861aacbc>` - Add basic css to en page (#103)
`<https://github.com/Disfactory/about.disfactory.tw/commit/8ee8cfa76df51e9c8ed0c349307902f1b0286859|8ee8cfa7>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/8ee8cfa76df51e9c8ed0c349307902f1b0286859|8ee8cfa7>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/7d2e19093353016ee87cb540d0d22c324c262b0b|7d2e1909>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/7d2e19093353016ee87cb540d0d22c324c262b0b|7d2e1909>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/64633a232586d7cf5b8cb17122f97799dbc8e20b|64633a23>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/64633a232586d7cf5b8cb17122f97799dbc8e20b|64633a23>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/94098d09a623ef9f1717d64bdd913db0c4f45b03|94098d09>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/8812fb740252cf1496e5bc8ea33a0ff93c7ed7b8|8812fb74>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/7f499f59dca11b4454e662f6ce8600983875f4ca|7f499f59>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/e51415952d4cc4b8f295165337e05b523e7f80a5|e5141595>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/abd33deb60b000e7f8a7510c44f17e162768748d|abd33deb>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/3285c4ddebedfe0f719eee71ec1bce8e101b12f5|3285c4dd>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/ba3aa1a0ac599dca869aa683b63c115acc1c1b46|ba3aa1a0>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/Landing/commit/67e8570f949c75ee7e7a9f7d1b3776b88c8f1f61|67e8570f>` - feat(carousel): update carousel info `<https://github.com/Disfactory/Landing/commit/8d1d6fd6ef331ee5ebac570b59a93b3e58f3280d|8d1d6fd6>` - Merge pull request #44 from Disfactory/main `<https://github.com/Disfactory/Landing/commit/30edf85a160a3f098588d91dc7c7803293918531|30edf85a>` - Merge pull request #45 from ChangRongXuan/next_new
`<https://github.com/Disfactory/Landing/commit/1b09378bc0c76574607d2c0414ff8cd00496eecb|1b09378b>` - feat: update components `<https://github.com/Disfactory/Landing/commit/f1ccc5987de75f1dad2c1f412e11611be464a370|f1ccc598>` - Merge pull request #2 from Disfactory/main `<https://github.com/Disfactory/Landing/commit/0ed8d0cd72efc1429c71aa58b88fea4315aeac06|0ed8d0cd>` - Merge pull request #46 from ChangRongXuan/next_new
`<https://github.com/Disfactory/about.disfactory.tw/commit/a1b6e45db6fd7c2f3f95105e2a2dad8dca0bd05b|a1b6e45d>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/20107636344eed95067496e2c56fdd05ee58ef60|20107636>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/edee57bcd8a91b36d4ec0d5587f5237d8f251dde|edee57bc>` - feat: update the OG images & og-imgs-cache.json
`<https://github.com/Disfactory/about.disfactory.tw/commit/b804d7610395cc7dc715537be229535a13934247|b804d761>` - feat: update the OG images & og-imgs-cache.json