🚨 [security] Update eslint 5.4.0 → 5.16.0 (minor) #96
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Welcome to Depfu 👋
This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.
After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.
Let us know if you have any questions. Thanks so much for giving Depfu a try!
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ eslint (5.4.0 → 5.16.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Security Advisories 🚨
🚨 Regular Expression Denial of Service in Acorn
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
5.2.0
Does any of this look wrong? Please let us know.
Sorry, we couldn't find anything useful about this release.
Commits
See the full diff on Github. The new version differs by 2 commits:
3.2.0Add `.clearTerminal` to clear the whole terminal, not just visible part of it (#6)Release Notes
3.0.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 6 commits:
3.0.0Build: changelog update for 3.0.0Breaking: drop support for Node < 6 (#223)Upgrade: eslint-release@1.0.0 (#220)Chore: upgrade coveralls to ^3.0.1 (#213)Upgrade: eslint-release@^0.11.1 (#210)Release Notes
5.0.1
5.0.0
4.1.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 16 commits:
5.0.1Build: changelog update for 5.0.1Upgrade: acorn@6.0.7 (#407)5.0.0Build: changelog update for 5.0.0Breaking: remove attachComment (#405)Chore: update linting config (#406)Build: add node 11 (#400)Fix: build failing due to incorrectly super() call (fixes #398) (#399)Upgrade: eslint & eslint-config-eslint (#387)4.1.0Build: changelog update for 4.1.0Upgrade: acorn 6, acorn-jsx 5, and istanbul (#391)Upgrade: eslint-release@1.0.0 (#392)Update: VisitorKeys depend on eslint-visitor-keys (#389)Docs: Fix some typos in the README (#386)Commits
See the full diff on Github. The new version differs by 7 commits:
Version 4.3.0Updated `estraverse`. Added tests for optional chaining support (#22)Version 4.2.1Remove support for Node.js versions < 4add package-lock.json to .npmignorefix spelling error in READMEMore fix for README.mdRelease Notes
6.0.0
Does any of this look wrong? Please let us know.
Sorry, we couldn't find anything useful about this release.
Commits
See the full diff on Github. The new version differs by 2 commits:
2.0.1Fix: follow tc39/ecma262#910 (refs eslint/eslint#10861)Commits
See the full diff on Github. The new version differs by 6 commits:
2.6.3autopublish scriptsbin testupdate tap and glob for security stuffupdate tap, add package-locktravis node version updatesRelease Notes
6.5.2 (from changelog)
6.5.1 (from changelog)
6.4.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 3 commits:
chore(publish): 6.6.7fix(types): move Symbol.observable into types.ts (#6178)fix: catch within innerSubscribe (#6186)Security Advisories 🚨
🚨 semver vulnerable to Regular Expression Denial of Service
Release Notes
5.7.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 44 commits:
chore: release 5.7.2fix: better handling of whitespace (#585)chore: @npmcli/template-oss@4.16.05.7.1Correct typo in README5.7.0auto-publishing scriptsremove the nomin comments, since we don't minify any more anywaydocument parse method5.7 changelogFix code style and get to 100% coveragedrop windows testingnext-gen tap for testingAdd semver.minVersion function.remove node 4Document `includePrerelease` flag moreUse https when possible. (#246)Add changelog, fix #220Move 'standard' from scripts.test to .posttestApply 'standard' to bin/semver, add to npm testAdd 'standard' to dev dependencies and npm testApply 'standard' auto-fixes to remainder of testsApply 'standard' to test/index.jsApply 'standard' to test/cli.jsApply 'standard' to test/big-numbers.jsApply 'standard' to semver.jsremove dead execSync code in test/cli.jsrefactor cli test to work without execSyncchore: turn of CLI invokation for nowtest:💥 something amazing is in the works 💥test:💥 something amazing is in the works 💥 (#257)5.6.0Fix bin/semver runtime errorBetter detect truthy loose paramsRemove version from readmeReplace prereleaseLock with includePrerelease optSwitch the boolean `loose` param to an options objAdd preprelease version unlock testsAdd optional parameter to range test to allow prerelease versions to match higher non-prerelease versions5.5.1Update tap versionUpdate tap versionMerge pull request #247 from steveklabnik/patch-1Fix grammar for rangesCommits
See the full diff on Github. The new version differs by 12 commits:
2.1.0Bump dev dependenciesAccept true color escape sequences (#18)Remove executable permission on the readme2.0.0Meta tweaksFix weird null issue (#19)Require Node.js 6Add failing tests (#16)Update URL to XOUse escape codes from `ansi-styles` (#13)Use `astral-regex` (#11)Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 48 commits:
fix: stream borderless fix (#101)fix: do not draw new line on the top (borderless) (#102)fix: transform lodash exports to allow tree-shaking (#100)fix: revert string-width update (fixes #98)fix: revert eslint to version supported by Node.js v6fix: explicitly update all dependencies (fixes #96)Create FUNDING.ymldocs: generate docsfix: remove references to non-supported property minWidth (fixes #95)feat: single line mode (compact) (#94)docs: generate docsfix: update GitSpo badge URLdocs: generate docsfix: correct GitSpo badge markdowndocs: generate docsfix: correct GitSpo badge markdowndocs: generate docsfix: update GitSpo URLMerge branch 'master' of github.com:gajus/tabledocs: generate docsdocs: add GitSpo mentions badgefeat: whitelist control chars to print hyperlinks in terminal, addresses issue #82 (#93)docs: generate docsdocs: use updated styling + patreonfix: correct cell width resolution logic (fixes #88, #9)chore: add editorconfigfix: update dependenciesfix: lax slice-ansi dependency version (#90)fix: accept newlines passed into table data (#89)feat: add support for wrapping with newlines (#88)fix: force release with updated dependenciesMerge branch 'master' of github.com:gajus/tablefeat: update dependenciesfix: use lodash's _.values() to drop the dependency on object.values (#78)fix: indicate support for Node.js 6 in package.json (#79)style: fix import orderfix: polyfill object.valueschore: fix build processchore: re-add Flowchore: remove Flowfeat: give a faceliftdocs: correct drawHorizontalLine reference reference (closes #54)chore: move dependencies not use in src code into devDependencies (#62)style: use Object.values (fixes #64)chore: switch to babel-preset-env (#75)feat: update JSON schemas to draft-07 (#74)fix: linting on TravisCI and add new Node.js version to the testing matrix (#76)fix: proposal for #72 (#73)Commits
See the full diff on Github. The new version differs by 31 commits:
1.0.3fix node version1.0.2improve description, docs. run verb to generate readme documentationimprove description, fix related listremove `matrix`add stream test1.0.1improve docs1.0.0add changelog, run verb to generate readme documentationadds promise supportstream examplerun update and lint-depstry againfix headings0.3.3run update0.3.2generate docsuse `fs-exists-sync`run update0.3.1fixes https://github.com/jonschlinkert/write/issues/2 / regression introduced in 0.3.00.3.0update deps, run `verb --init`generate docsclean up testspass options to `fs.writeFile` and `mkdirp`, remove `fs.exists` since it was deprecatedrun updatelint🆕 astral-regex (added, 1.0.0)
🗑️ ajv-keywords (removed)
🗑️ caller-path (removed)
🗑️ callsites (removed)
🗑️ circular-json (removed)
🗑️ is-resolvable (removed)
🗑️ pluralize (removed)
🗑️ require-uncached (removed)
🗑️ resolve-from (removed)
🗑️ symbol-observable (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands