Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix(security): update lodash for GHSA-p6mc-m468-83gw #242

Merged
merged 3 commits into from
Jul 19, 2020
Merged

fix(security): update lodash for GHSA-p6mc-m468-83gw #242

merged 3 commits into from
Jul 19, 2020

Conversation

nogic1008
Copy link
Contributor

No description provided.

nogic1008 added 3 commits July 19, 2020 15:01
@nogic1008
fix(security): bump lodash from 4.17.15 to 4.17.19
e4b2ee2 
- GHSA-p6mc-m468-83gw
- https://www.npmjs.com/advisories/1523
@nogic1008
build(deps): bump dependencies version
3b08ec4 
|package|old|new|
|---------|----|----|
|@octokit/rest|18.0.0|18.0.1|
|@types/jest|26.0.4|26.0.5|
|@typescript-eslint/eslint-plugin|2.34.0|3.6.1|
|@typescript-eslint/parser|2.34.0|3.6.1|
|eslint|7.4.0|7.5.0|
|jest|25.5.4|26.1.0|
|ts-jest|25.5.1|26.1.3|
|typescript|3.9.6|3.9.7|
@nogic1008
fix(lint): remove lint ignore comment
03cb7aa
@nogic1008 nogic1008 added invalid ⚠️ This doesn't seem right (warning, typo...) dependabot 🤖 Pull requests that update a dependency file refactoring ✨ Not a new feature (code clean, remove dup...) labels Jul 19, 2020
@nogic1008 nogic1008 added this to the vNext milestone Jul 19, 2020
@commit-lint
Copy link

commit-lint bot commented Jul 19, 2020

Bug Fixes

  • security: bump lodash from 4.17.15 to 4.17.19 (e4b2ee2)
  • lint: remove lint ignore comment (03cb7aa)

Build System

  • deps: bump dependencies version (3b08ec4)

Contributors

@nogic1008

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR:

  • @Commit-Lint merge patch will merge dependabot PR on "patch" versions (X.X.Y - Y change)
  • @Commit-Lint merge minor will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
  • @Commit-Lint merge major will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
  • @Commit-Lint merge disable will desactivate merge dependabot PR
  • @Commit-Lint review will approve dependabot PR
  • @Commit-Lint stop review will stop approve dependabot PR

@codecov
Copy link

codecov bot commented Jul 19, 2020

Codecov Report

Merging #242 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##            master      #242   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            5         5           
  Lines           65        65           
  Branches         8         8           
=========================================
  Hits            65        65
Impacted Files Coverage Δ
src/send-comment.ts 100.00% <ø> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ba57208...03cb7aa. Read the comment docs.

@nogic1008 nogic1008 merged commit 571518f into master Jul 19, 2020
@nogic1008 nogic1008 deleted the hotfix/npm-audit branch July 19, 2020 06:26
@nogic1008 nogic1008 modified the milestones: v1.2.1, v1.2.4 May 5, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependabot 🤖 Pull requests that update a dependency file invalid ⚠️ This doesn't seem right (warning, typo...) refactoring ✨ Not a new feature (code clean, remove dup...)
Projects
None yet
Milestone
v1.2.4
Development

Successfully merging this pull request may close these issues.
1 participant
@nogic1008