Bump send and serve-static #227
Conversation
dependabot
bot
added
dependencies
|
Hello @intercom/team-messenger 👋 this PR fixes a security vulnerability (GHSA-m6fv-jmcg-4jfg) in a repository you own - intercom/intercom-react-native. We have obligation to update our dependencies in a timely manner in order to keep our applications secure. Please take a look at the PR and merge it as soon as possible. |
|
@dependabot rebase |
|
Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request |
uddish
added
the
team-messenger-triaged
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-36d97f4dbf
branch
from
7ef7974 to
f52b994
Compare
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-36d97f4dbf
branch
from
f52b994 to
4dcaa7d
Compare
|
@dependabot squash and merge |
dependabot
bot
dismissed
github-management-service’s stale review
via
c9f5381
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-36d97f4dbf
branch
from
4dcaa7d to
c9f5381
Compare
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-36d97f4dbf
branch
from
bb1e270 to
38a39a8
Compare
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
@dependabot squash and merge |
Bumps [send](https://github.com/pillarjs/send) and [serve-static](https://github.com/expressjs/serve-static). These dependencies needed to be updated together. Updates `send` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.18.0...0.19.0) Updates `serve-static` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/v1.16.2/HISTORY.md) - [Commits](expressjs/serve-static@v1.15.0...v1.16.2) --- updated-dependencies: - dependency-name: send dependency-type: indirect - dependency-name: serve-static dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/multi-36d97f4dbf
branch
from
38a39a8 to
0b19809
Compare
|
Dependabot tried to merge this PR, but received the following error from GitHub: |
|
No corresponding Security Alert was found for this PR. |
|
@dependabot rebase |
|
Looks like these dependencies are up-to-date now, so this is no longer needed. |
Fixes intercom/intercom#355654. Bumps send and serve-static. These dependencies needed to be updated together.
Updates
sendfrom 0.18.0 to 0.19.0Release notes
Sourced from send's releases.
Changelog
Sourced from send's changelog.
Commits
9d2db990.19.0ae4f298Merge commit from forkMaintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.
Updates
serve-staticfrom 1.15.0 to 1.16.2Release notes
Sourced from serve-static's releases.
Changelog
Sourced from serve-static's changelog.
Commits
ec9c5ec1.16.2f454d37fix(deps): encodeurl@~2.0.077a82551.16.14263f49fix(deps): send@0.19.048c73971.16.00c11fadMerge commit from forkMaintainer changes
This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.
You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @github-management-service.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.