Bump tar from 2.2.1 to 2.2.2 in /themes/hello-friend-ng #14
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [tar](https://github.com/npm/node-tar) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/npm/node-tar/releases) - [Commits](isaacs/node-tar@v2.2.1...v2.2.2)
dependabot
bot
added
the
dependencies
|
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a cb-technologists member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/ok-to-test |
|
⭐ PR built and available in a preview environment cb-technologists-blog-pr-14 here |
|
/approve |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dcanadillas, logandonley If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Does it make sense to add this theme as a submodule and commit the change upstream? Maybe we've already deviated from their master or plan to make changes in the future? |
|
@cvega Agreed, and it was a submodule originally but that didn't play nicely with the way the Jenkins X did a deploy for the jx-docs repo - https://github.com/jenkins-x/jx-docs/tree/master/themes/gohugoioTheme - so i took the easy way out and copied that - but I'm sure we could figure out how to tweak the JX Pipeline to deploy with a submodule - at this point I'm not sure any of the minor tweaks would be worth sharing upstream but I'm sure there will be some in the future that would be worth sharing. |
Bumps tar from 2.2.1 to 2.2.2.
Commits
523c5c72.2.27ecef07Bump fstream to fix hardlink overwriting vulnerability9fc84b9Use {} for hardlink tracking instead of []15e59f1Only track previously seen hardlinks4f85851Ignore potentially unsafe filesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot ignore this [patch|minor|major] versionwill close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language