Bump debug from 4.1.1 to 4.3.4 #238
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [debug](https://github.com/debug-js/debug) from 4.1.1 to 4.3.4. - [Release notes](https://github.com/debug-js/debug/releases) - [Commits](debug-js/debug@4.1.1...4.3.4) --- updated-dependencies: - dependency-name: debug dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
|
@dependabot merge
…On Mon, Oct 2, 2023 at 2:34 PM dependabot[bot] ***@***.***> wrote:
This automated pull request fixes a security vulnerability
<https://github.com/lentz/youtube-shuffle/security/dependabot/12>
(moderate severity).
Learn more about Dependabot security updates
<https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates>.
------------------------------
Bumps debug <https://github.com/debug-js/debug> from 4.1.1 to 4.3.4.
Release notes
*Sourced from debug's releases
<https://github.com/debug-js/debug/releases>.*
4.3.4 What's Changed
- Add section about configuring JS console to show debug messages by
@gitname <https://github.com/gitname> in debug-js/debug#866
<https://redirect.github.com/debug-js/debug/pull/866>
- Replace deprecated String.prototype.substr() by @CommanderRoot
<https://github.com/CommanderRoot> in debug-js/debug#876
<https://redirect.github.com/debug-js/debug/pull/876>
New Contributors
- @gitname <https://github.com/gitname> made their first contribution
in debug-js/debug#866
<https://redirect.github.com/debug-js/debug/pull/866>
- @CommanderRoot <https://github.com/CommanderRoot> made their first
contribution in debug-js/debug#876
<https://redirect.github.com/debug-js/debug/pull/876>
*Full Changelog*: ***@***.***
<debug-js/debug@4.3.3...4.3.4>
4.3.3 Patch Release 4.3.3
This is a documentation-only release. Further, the repository was
transferred. Please see notes below.
- *Migrates repository from https://github.com/visionmedia/debug
<https://github.com/visionmedia/debug> to https://github.com/debug-js/debug
<https://github.com/debug-js/debug>*. Please see notes below as to why
this change was made.
- Updates repository maintainership information
- Updates the copyright (no license terms change has been made)
- Removes accidental epizeuxis (#828
<https://redirect.github.com/debug-js/debug/issues/828>)
- Adds README section regarding usage in child procs (#850
<https://redirect.github.com/debug-js/debug/issues/850>)
Thank you to @taylor1791 <https://github.com/taylor1791> and
@kristofkalocsai <https://github.com/kristofkalocsai> for their
contributions.
------------------------------
Repository Migration Information
I've formatted this as a FAQ, please feel free to open an issue for any
additional question and I'll add the response here.
Q: What impact will this have on me?
In most cases, you shouldn't notice any change.
The only exception I can think of is if you pull code directly from
https://github.com/visionmedia/debug, e.g. via a "debug":
"visionmedia/debug"-type version entry in your package.json - in which
case, you should *still* be fine due to the automatic redirection Github
sets up, but you should also update any references as soon as possible.
Q: What are the security implications of this change?
If you pull code directly from the old URL, you should update the URL to
https://github.com/debug-js/debug as soon as possible. The old
organization has *many* approved owners and thus a new repository could
(in theory) be created at the old URL, circumventing Github's automatic
redirect that is in place now and serving malicious code. I (@qix
<https://github.com/qix>-) also wouldn't have access to that repository,
so while I don't think it would happen, it's still something to consider.
Even in such a case, however, the officially released package on npm (
debug) would *not* be affected. That package is still very much under
control (even more than it used to be).
Q: What should I do if I encounter an issue related to the migration?
Search the issues first
<https://github.com/debug-js/debug/issues?q=label%3Amigration+> to see if
someone has already reported it, and *then* open a new issue if someone
has not.
Q: Why was this done as a 'patch' release? Isn't this breaking?
No, it shouldn't be breaking. The package on npm shouldn't be affected
(aside from this patch release) and any references to the old repository
should automatically redirect.
Thus, according to all of the "APIs" (loosely put) involved, nothing
should have broken.
... (truncated)
Commits
- da66c86
<debug-js/debug@da66c86>
4.3.4
- 9b33412
<debug-js/debug@9b33412>
replace deprecated String.prototype.substr() (#876
<https://redirect.github.com/debug-js/debug/issues/876>)
- c0805cc
<debug-js/debug@c0805cc>
add section about configuring JS console to show debug messages (#866
<https://redirect.github.com/debug-js/debug/issues/866>)
- 043d3cd
<debug-js/debug@043d3cd>
4.3.3
- 4079aae
<debug-js/debug@4079aae>
update license and more maintainership information
- 19b36c0
<debug-js/debug@19b36c0>
update repository location + maintainership information
- f851b00
<debug-js/debug@f851b00>
adds README section regarding usage in child procs (#850
<https://redirect.github.com/debug-js/debug/issues/850>)
- d177f2b
<debug-js/debug@d177f2b>
Remove accidental epizeuxis
- e47f96d
<debug-js/debug@e47f96d>
4.3.2
- 1e9d38c
<debug-js/debug@1e9d38c>
cache enabled status per-logger (#799
<https://redirect.github.com/debug-js/debug/issues/799>)
- Additional commits viewable in compare view
<debug-js/debug@4.1.1...4.3.4>
Maintainer changes
This version was pushed to npm by qix <https://www.npmjs.com/~qix>, a new
releaser for debug since your current version.
[image: Dependabot compatibility score]
<https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores>
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting @dependabot
rebase.
------------------------------
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits
that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after
your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge
and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- @dependabot show <dependency name> ignore conditions will show all
of the ignore conditions of the specified dependency
- @dependabot ignore this major version will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the
PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the
PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR
or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security
Alerts page <https://github.com/lentz/youtube-shuffle/network/alerts>.
------------------------------
You can view, comment on, or merge this pull request online at:
#238
Commit Summary
- 77dd0d3
<77dd0d3>
Bump debug from 4.1.1 to 4.3.4
File Changes
(1 file <https://github.com/lentz/youtube-shuffle/pull/238/files>)
- *M* package-lock.json
<https://github.com/lentz/youtube-shuffle/pull/238/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519>
(56)
Patch Links:
- https://github.com/lentz/youtube-shuffle/pull/238.patch
- https://github.com/lentz/youtube-shuffle/pull/238.diff
—
Reply to this email directly, view it on GitHub
<#238>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACL7U2SAMDNXXC4LY2Z4QDX5MCNHAVCNFSM6AAAAAA5P2SYQSVHI2DSMVQWIX3LMV43ASLTON2WKOZRHEZDENBSGQ2TIMY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps debug from 4.1.1 to 4.3.4.
Release notes
Sourced from debug's releases.
... (truncated)
Commits
da66c864.3.49b33412replace deprecated String.prototype.substr() (#876)c0805ccadd section about configuring JS console to show debug messages (#866)043d3cd4.3.34079aaeupdate license and more maintainership information19b36c0update repository location + maintainership informationf851b00adds README section regarding usage in child procs (#850)d177f2bRemove accidental epizeuxise47f96d4.3.21e9d38ccache enabled status per-logger (#799)Maintainer changes
This version was pushed to npm by qix, a new releaser for debug since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.