Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump bl and gh-release #91

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump bl and gh-release #91

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 22, 2022
edited
Loading

Bumps bl and gh-release. These dependencies needed to be updated together.
Updates bl from 1.1.2 to 4.1.0

Release notes

Sourced from bl's releases.

v4.0.3

Fix unintialized memory access

v4.0.1

  • Remove false-positive Apache-exploit (Fixes #79). #80

v3.0.1

Fix unintialized memory access

v3.0.0

  • readable-stream@3 #57

v2.2.1

Fix unintialized memory access

v2.2.0

  • Add indexOf docs #60
  • fix empty shallowSlice return #65

v2.1.2

  • use ES3 only #62

v2.1.1

  • Use native indexOf whenever possible #61

v2.1.0

  • Added indexOf #59

v2.0.1

  • Use require('readable-stream').Duplex #56

v2.0.0

  • Added support for readUIntLE and companions #55

v1.2.2

  • use safe-buffer #51

v1.2.1

  • Fix shallowSlice when the offset are not at the beginning of an internal buffer #44
Commits
Maintainer changes

This version was pushed to npm by matteo.collina, a new releaser for bl since your current version.


Updates gh-release from 3.5.0 to 6.0.4

Release notes

Sourced from gh-release's releases.

v6.0.4

Changed

  • pkg(engines): set min node to 12
    • note: minimum node was already 12 as of v6.x, this just updates requirement in package.json
  • deps: gauge@^v4.0.4 (#169)

Misc

  • minor (cosmetic) doc updates

v6.0.3

Changed

  • deps: rm chalk (#163)
  • deps(dev): rm live-server, tap-spec, use serve (#162)

v6.0.2

Note: this repo has moved from https://github.com/hypermodules/gh-release to https://github.com/ungoldman/gh-release. @​ungoldman is the original author and the same people that have been maintaining gh-release will continue to do so. The move was made because the hypermodules org is being retired.

Changed

v6.0.1

Changed

v6.0.0

Changed

  • BREAKING CHANGE: upgrade to Yargs 17. Node 10 is definitely EOL and not supported now.

v5.0.2

Changed

  • Roll back to yargs@16 due to introduced breaking changes.

v5.0.1

Changed

v5.0.0

  • A release of 4.0.5-beta.0 as a breaking change
  • BREAKING CHANGE: new underlying request library (@​octokit/rest) in use to fix edge case where releases would time out.
  • No API changes, it should be safe to upgrade, but there is a risk of new bugs. Please update at your convenience.

v4.0.5-beta.0

  • Replace simple-get with @octokit/rest. This should fix some spurious timeout bugs.

... (truncated)

Changelog

Sourced from gh-release's changelog.

6.0.4 - 2022-04-14

Changed

  • pkg(engines): set min node to 12
  • deps: gauge@^v4.0.4 (#169)

Misc

  • minor (cosmetic) doc updates

6.0.3 - 2022-03-15

Changed

  • deps: rm chalk (#163)
  • deps(dev): rm live-server, tap-spec, use serve (#162)

6.0.2 - 2022-03-14

Note: this repo has moved from https://github.com/hypermodules/gh-release to https://github.com/ungoldman/gh-release. @​ungoldman is the original author and the same people that have been maintaining gh-release will continue to do so. The move was made because the hypermodules org is being retired.

Changed

6.0.1 - 2021-09-20

Changed

6.0.0 - 2021-05-20

Changed

  • BREAKING CHANGE: upgrade to Yargs 16. Node 10 is definitely EOL and not supported now.

5.0.2 - 2021-05-20

Changed

  • Roll back to yargs@16 due to introduced breaking changes.

5.0.1 - 2021-05-18

Changed

5.0.0 - 2021-01-16

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 22, 2022
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/bl-and-gh-release-4.1.0 branch from 87770bd to 14a0b0b Compare August 22, 2022 20:34
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/bl-and-gh-release-4.1.0 branch 2 times, most recently from c62ed86 to c942cca Compare November 15, 2022 22:21
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/bl-and-gh-release-4.1.0 branch from c942cca to b96da95 Compare January 31, 2023 01:36
@dependabot
Bump bl and gh-release
b9ec42f 
Bumps [bl](https://github.com/rvagg/bl) and [gh-release](https://github.com/ungoldman/gh-release). These dependencies needed to be updated together.

Updates `bl` from 1.1.2 to 4.1.0
- [Release notes](https://github.com/rvagg/bl/releases)
- [Commits](rvagg/bl@v1.1.2...v4.1.0)

Updates `gh-release` from 3.5.0 to 6.0.4
- [Release notes](https://github.com/ungoldman/gh-release/releases)
- [Changelog](https://github.com/ungoldman/gh-release/blob/main/CHANGELOG.md)
- [Commits](ungoldman/gh-release@v3.5.0...v6.0.4)

---
updated-dependencies:
- dependency-name: bl
  dependency-type: indirect
- dependency-name: gh-release
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/bl-and-gh-release-4.1.0 branch from b96da95 to b9ec42f Compare February 16, 2023 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants