Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump js-yaml from 3.12.2 to 3.13.1 #429

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump js-yaml from 3.12.2 to 3.13.1 #429

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 5, 2019
edited

Bumps js-yaml from 3.12.2 to 3.13.1.

Changelog

Sourced from js-yaml's changelog.

3.13.1 / 2019-04-05

  • Fix possible code execution in (already unsafe) .load(), #480.

3.13.0 / 2019-03-20

  • Security fix: safeLoad() can hang when arrays with nested refs
    used as key. Now throws exception for nested arrays. #475.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 5, 2019
@coveralls
Copy link

coveralls commented Jun 5, 2019
edited

Pull Request Test Coverage Report for Build c08936a4-283e-4c8f-8952-739d47914a16

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 10.0%
Totals Coverage Status
Change from base Build 33ed468a-287e-45b0-b496-22e01a4fe9d8: 0.0%
Covered Lines: 2
Relevant Lines: 20
💛 - Coveralls

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch 2 times, most recently from 9db9d93 to e9252a1 Compare June 12, 2019 10:27
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch 2 times, most recently from 88b8a3e to e6121ea Compare July 12, 2019 03:31
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch 2 times, most recently from 84aa5f2 to 2c28195 Compare July 19, 2019 23:52
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 2c28195 to 57dcfe9 Compare August 6, 2019 22:39
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 57dcfe9 to 8947070 Compare August 14, 2019 12:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 8947070 to ac970a1 Compare August 28, 2019 13:44
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from ac970a1 to d583ae3 Compare September 25, 2019 12:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from d583ae3 to 2fa1660 Compare October 10, 2019 23:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch 2 times, most recently from 7cc965c to bad81d7 Compare November 26, 2019 19:23
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from bad81d7 to 690a758 Compare January 3, 2020 16:39
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 690a758 to 92b08c4 Compare June 2, 2020 12:57
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 92b08c4 to 728d270 Compare June 16, 2020 11:57
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 728d270 to 621f527 Compare June 26, 2020 12:21
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 621f527 to 0f73aa1 Compare July 5, 2020 14:54
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 0f73aa1 to 0fa43aa Compare July 16, 2020 10:30
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch 2 times, most recently from 5a3a216 to 1ba55fb Compare July 28, 2020 15:17
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch 2 times, most recently from d25e8e3 to 7f69860 Compare August 4, 2020 15:57
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from 7f69860 to fb6bc31 Compare August 19, 2020 14:45
@dependabot
chore(deps): bump js-yaml from 3.12.2 to 3.13.1
f12f8c7 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.12.2 to 3.13.1.
- [Release notes](https://github.com/nodeca/js-yaml/releases)
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.12.2...3.13.1)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/js-yaml-3.13.1 branch from fb6bc31 to f12f8c7 Compare September 2, 2020 14:32
@shavo007 shavo007 closed this Oct 8, 2020
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 8, 2020

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/js-yaml-3.13.1 branch October 8, 2020 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@coveralls @shavo007