Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security] Bump is-my-json-valid from 2.17.1 to 2.19.0 (#298)
Bumps [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid) from 2.17.1 to 2.19.0. **This update includes security fixes.** <details> <summary>Vulnerabilities fixed</summary> *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/b7e8b6ac-2aac-4ecc-91f6-86b529307e46).* > **CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')** > The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. > > Affected versions: <1.4.1; >=2.0.0 <2.17.2 *Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/375.json).* > **Regular Expression Denial of Service (ReDoS)** > is-my-json-valid is vulnerable to Regular Expression Denial of Service (ReDoS) attacks via the email validation function > > Affected versions: <1.4.1 || >=2.0.0 <2.17.2 </details> <details> <summary>Commits</summary> - [`dcea5be`](mafintosh/is-my-json-valid@dcea5be) 2.19.0 - [`1712811`](mafintosh/is-my-json-valid@1712811) Merge pull request [#171](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/171) from mafintosh/ts-nullable - [`fad4c91`](mafintosh/is-my-json-valid@fad4c91) Add nullable types to TypeScript typings - [`484197f`](mafintosh/is-my-json-valid@484197f) Add test for nested object in typings - [`4bec868`](mafintosh/is-my-json-valid@4bec868) Merge pull request [#168](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/168) from mafintosh/ts-oneof - [`e8c30d5`](mafintosh/is-my-json-valid@e8c30d5) Add support for "oneOf" to TypeScript typings - [`7160756`](mafintosh/is-my-json-valid@7160756) Merge pull request [#167](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/167) from mafintosh/ts-required - [`88dad89`](mafintosh/is-my-json-valid@88dad89) Make "required" optional in TypeScript typings - [`45b9708`](mafintosh/is-my-json-valid@45b9708) Fix assertions of union types - [`20b299d`](mafintosh/is-my-json-valid@20b299d) Merge pull request [#166](https://github-redirect.dependabot.com/mafintosh/is-my-json-valid/issues/166) from mafintosh/ts-tojson - Additional commits viewable in [compare view](mafintosh/is-my-json-valid@v2.17.1...v2.19.0) </details> <br /> [![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=is-my-json-valid&package-manager=npm_and_yarn&previous-version=2.17.1&new-version=2.19.0)](https://dependabot.com/compatibility-score.html?dependency-name=is-my-json-valid&package-manager=npm_and_yarn&previous-version=2.17.1&new-version=2.19.0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details>
- Loading branch information