build(deps): bump is-svg from 4.2.1 to 4.2.2 #3209

dependabot · 2021-03-12T05:45:43Z

Bumps is-svg from 4.2.1 to 4.2.2.

Release notes

v4.2.2

Fix ReDoS vulnerability 01f8a08 You are only affected if you use this package on a server that accepts SVG as user-input.

sindresorhus/is-svg@v4.2.1...v4.2.2

Commits

1f34e79 4.2.2
01f8a08 Fix ReDoS vulnerability
3c99615 Move to GitHub Actions
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

Bumps [is-svg](https://github.com/sindresorhus/is-svg) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/sindresorhus/is-svg/releases) - [Commits](sindresorhus/is-svg@v4.2.1...v4.2.2) Signed-off-by: dependabot[bot] <support@github.com>

* upstream/main: (164 commits) skip empty srcs for safe iframe srcs (mdn#3216) correct code comment (mdn#3223) build(deps): bump ahmadnassri/action-dependabot-auto-merge (mdn#3197) build(deps-dev): bump @types/react-dom from 17.0.1 to 17.0.2 (mdn#3164) create a whatsdeployed.json for translated-content too (mdn#3221) avoid double-slash redirects (mdn#3222) build(deps): bump image-size from 0.9.4 to 0.9.5 (mdn#3214) build(deps): bump boto3 from 1.17.22 to 1.17.26 in /deployer (mdn#3212) Fix our auto-merge workflow (mdn#3218) build(deps-dev): bump ts-loader from 8.0.17 to 8.0.18 (mdn#3208) disable lighthouse PR check unless relevant changes (mdn#3203) hide toolbar for frozen locales (mdn#3213) build(deps): bump is-svg from 4.2.1 to 4.2.2 (mdn#3209) build(deps): bump @mdn/browser-compat-data from 3.1.3 to 3.2.0 (mdn#3210) downloading external images for translated-content (mdn#3207) add active locales (mdn#3201) add tool command for rendering/removing macros (mdn#2955) unsafe html should be a breaking flaw (mdn#3192) open editor for translated content (mdn#3196) add fundamental redirects for /en-US/Security/CSP (mdn#3200) ...

Bumps [is-svg](https://github.com/sindresorhus/is-svg) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/sindresorhus/is-svg/releases) - [Commits](sindresorhus/is-svg@v4.2.1...v4.2.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript labels Mar 12, 2021

peterbe merged commit 5da3942 into main Mar 12, 2021

dependabot bot deleted the dependabot/npm_and_yarn/is-svg-4.2.2 branch March 12, 2021 13:59

dependabot bot mentioned this pull request Mar 12, 2021

chore(deps): bump @mdn/yari from 0.4.269 to 0.4.274 mdn/content#3073

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump is-svg from 4.2.1 to 4.2.2 #3209

build(deps): bump is-svg from 4.2.1 to 4.2.2 #3209

dependabot bot commented on behalf of github Mar 12, 2021

build(deps): bump is-svg from 4.2.1 to 4.2.2 #3209

build(deps): bump is-svg from 4.2.1 to 4.2.2 #3209

Conversation

dependabot bot commented on behalf of github Mar 12, 2021

v4.2.2