Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump jsonpointer and danger #497

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump jsonpointer and danger #497

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 9, 2023
edited
Loading

Bumps jsonpointer to 5.0.1 and updates ancestor dependency danger. These dependencies need to be updated together.

Updates jsonpointer from 4.1.0 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

  • Fix prototype pollution (#51)

    • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
    // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
    • When passing non-string arrays to a .set operation, an error is thrown:
    // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')
Commits
  • 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
  • bad4983 Fix null values throwing exception when traversing over while getting
  • a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
  • b8e1e6a fix incorrect typings for compile get/set methods
  • c4de620 Merge pull request #53 from janl/release/5.0.0
  • 8dbf304 feat: v5
  • 84cf173 Merge pull request #52 from janl/fix/test
  • f716e5c chore: more rip travis
  • e2ae355 chore: remove comment
  • d23693b chore: update primary branch
  • Additional commits viewable in compare view

Updates danger from 7.1.4 to 11.2.1

Release notes

Sourced from danger's releases.

Release 11.2.1

  • Release faff (fc5c42c)

Release 11.2.0

  • CHANGELOG for release (6829c33)
  • Merge pull request #1331 from hcomde/issue_1138_gitlab_threads (c3641dc)
  • Merge pull request #1337 from stodirascu/fix-github-action (f8453e9)
  • Moving the GITHUB_WORKFLOW check before actually getting the userInfo (beb7f41)
  • GitLab: Add support to use threads instead of comments (90f595b)
  • Merge pull request #1336 from falkenhawk/patch-1 (639898f)
  • fix messing the order of messages (7b60e62)
  • Merge pull request #1332 from ivankatliarchuk/issue_1330 (0c8804f)
  • use this.log instead (886616b)
  • update message (98fd3f0)
  • wip (c4d1cbf)
  • update CHANGELOG (3a97856)
  • added environment variable DANGER_SKIP_WHEN_EMPTY (6b47827)
  • Update issue_template.md (2bcccbd)
  • Update README.md (60ec3aa)
  • Merge pull request #1326 from ivankatliarchuk/chore/gitlab-code-coverage (1109c7d)
  • gitlab: remove reference to fetch (de76c65)
  • gitlab: slightly rename test (bd78aa4)
  • gitlab: improve test coverage (3415a15)

Release 11.1.4

  • Yarn faff (a1d15db)
  • Merge pull request #1320 from ivankatliarchuk/fix/getFileContents (9539b9d)
  • Merge pull request #1323 from KubaJastrz/pr-draft (c92a32e)
  • feat: add github.pr.draft field (184df2d)
  • fix: added getFileContents tests with and without file (43c202b)
  • fix: added getFileContents tests (a1af3e2)
  • fix: gitlab api (b5de611)

Release 11.1.3

  • Merge pull request #1318 from ivankatliarchuk/issue_1301 (8e58eae)
  • Manually fix (f6d17c0)
  • Merge branch 'main' into issue_1301 (4c52740)
  • Merge pull request #1319 from ivankatliarchuk/fix-gitlab-forks (6a216a1)
  • Merge pull request #1307 from OscarBarrett/feature/upgrade-proxy-agents (f5eeee0)
  • @​types/nock no longer needed (6a70f47)
  • spell check (ba84b5f)
  • rename tests (15c00e0)
  • added forked mr url (3367329)
  • changelog: update (47d2085)
  • fix: added provider gitlab tests (dafdb02)
  • inline changelog, provide link to an issue (67737e8)
  • added yarn.lock (c0d8430)
  • added ^ to gitbreaker version (89987a2)
  • cleanup (27414d9)
  • move code to @​gitbeaker/node (507cb11)

... (truncated)

Changelog

Sourced from danger's changelog.

11.2.1

  • Updates jsonwebtoken due to security issues
  • Support arm64 binary generation for Apple silicon users #1342 [@​pepix]

11.2.1

  • Bug fix for bitbucket bot detection ignoring case #1291

11.2.0

11.1.2

  • Improvements to --staging in Danger local
  • Protection against custom git prompts in Danger local

11.1.1

  • Bug fix for over-deleting inline comments #1287

11.1.0

  • Adds support for the new GitHub Job summaries API via:
  • danger.github.setSummaryMarkdown("[markdown]") for the JavaScript DSL
  • The results DSL for sub-processes now accepts { github: { stepSummary: "[markdown]" } } from projects the Swift and Kotlin implementations of Danger.

This gives you the chance to leave feedback on the overview page for a PR, it won't ping people in the PR thread or trigger emails which is why it's a separate attribute in the DSL. Potentially open to having the main comment in the job summary if someone can make a good case for it in the Danger JS issues. [@​orta]

11.0.5

  • Set the timeout for getting results from the Danger runner to be 10 seconds

11.0.4

  • Deploying from my Mac to see if that's what's causing the build issues for homebrew. [@​orta]

11.0.3

  • Bump up @babel/* plugins for Core-JS support. [@​parvez]
  • Replace deprecated @​Babel/polyfill dependency with Core-JS + Regenerator-Runtime. [@​gpetrioli]

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 9, 2023
@artsy-peril
Copy link
Contributor

artsy-peril bot commented Jan 9, 2023
edited
Loading

Warnings
⚠️

Changes were made to package.json, but not to yarn.lock.
Perhaps you need to run yarn install?

Generated by 🚫 dangerJS against ab61806

@dependabot
chore(deps): bump jsonpointer and danger
ab61806 
Bumps [jsonpointer](https://github.com/janl/node-jsonpointer) to 5.0.1 and updates ancestor dependency [danger](https://github.com/danger/danger-js). These dependencies need to be updated together.


Updates `jsonpointer` from 4.1.0 to 5.0.1
- [Release notes](https://github.com/janl/node-jsonpointer/releases)
- [Commits](janl/node-jsonpointer@v4.1.0...v5.0.1)

Updates `danger` from 7.1.4 to 11.2.1
- [Release notes](https://github.com/danger/danger-js/releases)
- [Changelog](https://github.com/danger/danger-js/blob/main/CHANGELOG.md)
- [Commits](danger/danger-js@7.1.4...11.2.1)

---
updated-dependencies:
- dependency-name: jsonpointer
  dependency-type: indirect
- dependency-name: danger
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jsonpointer-and-danger-5.0.1 branch from 9f3a2a2 to ab61806 Compare February 8, 2023 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants