Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Dependencies updated by Dependabot #156

Closed
wants to merge 20 commits into from
Closed

Dependencies updated by Dependabot #156

wants to merge 20 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Feb 10, 2019

See individual commits for details

dependabot-support and others added 20 commits February 9, 2019 08:34
@dependabot-support
Bump npm-registry-fetch from 3.8.0 to 3.9.0
8f9fbd2 
Bumps [npm-registry-fetch](https://github.com/npm/registry-fetch) from 3.8.0 to 3.9.0.
- [Release notes](https://github.com/npm/registry-fetch/releases)
- [Changelog](https://github.com/npm/npm-registry-fetch/blob/latest/CHANGELOG.md)
- [Commits](npm/npm-registry-fetch@v3.8.0...v3.9.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
[Security] Bump lodash from 4.17.10 to 4.17.11
960dde7 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.11. **This update includes security fixes.**
- [Release notes](https://github.com/lodash/lodash/releases)
- [Changelog](https://github.com/lodash/lodash/blob/master/CHANGELOG)
- [Commits](lodash/lodash@4.17.10...4.17.11)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump tacks from 1.2.7 to 1.3.0
948e28a 
Bumps [tacks](https://github.com/iarna/tacks) from 1.2.7 to 1.3.0.
- [Release notes](https://github.com/iarna/tacks/releases)
- [Changelog](https://github.com/iarna/tacks/blob/master/CHANGES.md)
- [Commits](iarna/tacks@v1.2.7...v1.3.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump npm-packlist from 1.2.0 to 1.3.0
8791cee 
Bumps [npm-packlist](https://github.com/npm/npm-packlist) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/npm/npm-packlist/releases)
- [Commits](npm/npm-packlist@v1.2.0...v1.3.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump normalize-package-data from 2.4.0 to 2.5.0
ca7a9da 
Bumps [normalize-package-data](https://github.com/npm/normalize-package-data) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/npm/normalize-package-data/releases)
- [Commits](npm/normalize-package-data@v2.4.0...v2.5.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump lru-cache from 4.1.5 to 5.1.1
ddca775 
Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 4.1.5 to 5.1.1.
- [Release notes](https://github.com/isaacs/node-lru-cache/releases)
- [Commits](isaacs/node-lru-cache@v4.1.5...v5.1.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>
Merge pull request #6 from pjclutterbuck/dependabot/npm_and_yarn/lru-…
bbc00e9 
…cache-5.1.1

Bump lru-cache from 4.1.5 to 5.1.1
Merge pull request #5 from pjclutterbuck/dependabot/npm_and_yarn/norm…
95594ce 
…alize-package-data-2.5.0

Bump normalize-package-data from 2.4.0 to 2.5.0
Merge pull request #4 from pjclutterbuck/dependabot/npm_and_yarn/npm-…
ac6ba86 
…packlist-1.3.0

Bump npm-packlist from 1.2.0 to 1.3.0
Merge pull request #3 from pjclutterbuck/dependabot/npm_and_yarn/tack…
f4f01f7 
…s-1.3.0

Bump tacks from 1.2.7 to 1.3.0
Merge pull request #2 from pjclutterbuck/dependabot/npm_and_yarn/loda…
e8c6c96 
…sh-4.17.11

[Security] Bump lodash from 4.17.10 to 4.17.11
Merge pull request #1 from pjclutterbuck/dependabot/npm_and_yarn/npm-…
1b666a0 
…registry-fetch-3.9.0

Bump npm-registry-fetch from 3.8.0 to 3.9.0
@dependabot-support
Bump tap from 12.1.1 to 12.5.2
7a781cc 
Bumps [tap](https://github.com/tapjs/node-tap) from 12.1.1 to 12.5.2.
- [Release notes](https://github.com/tapjs/node-tap/releases)
- [Changelog](https://github.com/tapjs/node-tap/blob/master/CHANGELOG.md)
- [Commits](tapjs/tapjs@v12.1.1...v12.5.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump standard from 11.0.1 to 12.0.1
d507fd5 
Bumps [standard](https://github.com/standard/standard) from 11.0.1 to 12.0.1.
- [Release notes](https://github.com/standard/standard/releases)
- [Changelog](https://github.com/standard/standard/blob/master/CHANGELOG.md)
- [Commits](standard/standard@v11.0.1...v12.0.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump sha from 2.0.1 to 3.0.0
b46d565 
Bumps [sha](https://github.com/ForbesLindesay/sha) from 2.0.1 to 3.0.0.
- [Release notes](https://github.com/ForbesLindesay/sha/releases)
- [Commits](ForbesLindesay/sha@v2.0.1...v3.0.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
@dependabot-support
Bump pacote from 9.4.0 to 9.4.1
48bd885 
Bumps [pacote](https://github.com/zkat/pacote) from 9.4.0 to 9.4.1.
- [Release notes](https://github.com/zkat/pacote/releases)
- [Changelog](https://github.com/zkat/pacote/blob/latest/CHANGELOG.md)
- [Commits](zkat/pacote@v9.4.0...v9.4.1)

Signed-off-by: dependabot[bot] <support@dependabot.com>
Merge pull request #10 from pjclutterbuck/dependabot/npm_and_yarn/pac…
e02fc8d 
…ote-9.4.1

Bump pacote from 9.4.0 to 9.4.1
Merge pull request #9 from pjclutterbuck/dependabot/npm_and_yarn/sha-…
e2a8357 
…3.0.0

Bump sha from 2.0.1 to 3.0.0
Merge pull request #8 from pjclutterbuck/dependabot/npm_and_yarn/stan…
777b3f1 
…dard-12.0.1

Bump standard from 11.0.1 to 12.0.1
Merge pull request #7 from pjclutterbuck/dependabot/npm_and_yarn/tap-…
b209453 
…12.5.2

Bump tap from 12.1.1 to 12.5.2
@ghost ghost self-requested a review as a code owner February 10, 2019 01:39
@ljharb
Copy link
Contributor

ljharb commented Feb 10, 2019

This is 20 commits to update 4 dependencies; #155 was 12 to update 2. Is this what “dependabot” produces?

@ghost
Copy link
Author

ghost commented Feb 10, 2019

Not usually. There's normally one commit from Dependabot creating the branch with a proposed update, then another when I merge the pull request into the default branch on my fork.
Apologies for this not playing nicely with Travis CI. It seems to be a frequent occurrence. I don't use Travis or any other CI myself, though I do use CodeFactor for reviewing.

@ghost ghost closed this Feb 10, 2019
This was referenced Feb 1, 2020
Open
Open
Open
This was referenced Sep 15, 2021
Open
Open
Open
@snyk-bot snyk-bot mentioned this pull request Sep 16, 2021
Open
This was referenced Sep 27, 2021
Open
Open
Open
Open
Open
Open
Open
@Mhmonicox Mhmonicox mentioned this pull request Feb 15, 2023
Open
@Mhmonicox Mhmonicox mentioned this pull request Jun 1, 2023
Open
@CALISOULB CALISOULB mentioned this pull request Nov 30, 2023
Open
This was referenced Nov 30, 2023
Open
Open
@MrBrain295 MrBrain295 mentioned this pull request Dec 19, 2023
Open
@CALISOULB CALISOULB mentioned this pull request Dec 20, 2023
Open
@snyk-io snyk-io bot mentioned this pull request Oct 21, 2024
Open
This pull request was closed.
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ljharb @dependabot-support