burrow GitHub

PR #1539 Bump simple-get from 2.8.1 to 2.8.2 in /vent/test/eth

dependencies

Bumps [simple-get](https://github.com/feross/simple-get) from 2.8.1 to 2.8.2.

Commits

4e156b6 2.8.2
43c272d Bug fix: Thirdparty cookie leak
See full diff in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for simple-get since your current version.

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=simple-get&package-manager=npm_and_yarn&previous-version=2.8.1&new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperledger/burrow/network/alerts).

Created At 2022-05-12 16:53:48 +0000 UTC

PR #1538 Bump node-fetch from 2.6.1 to 2.6.7 in /docs/example/basic-app

dependencies

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

fix: don't forward secure headers to 3th party by @jimmywarting in node-fetch/node-fetch#1453

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in node-fetch/node-fetch#1352

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits

1ef4b56 backport of #1449 (#1453)
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
18193c5 fix v2.6.3 that did not sending query params (#1301)
ace7536 fix: properly encode url with unicode characters (#1291)
152214c Fix(package.json): Corrected main file path in package.json (#1274)
See full diff in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=node-fetch&package-manager=npm_and_yarn&previous-version=2.6.1&new-version=2.6.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

Created At 2022-05-12 16:53:42 +0000 UTC

PR #1537 Bump node-fetch from 2.6.1 to 2.6.7 in /docs/example/basic-app-website

dependencies

Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7.

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

fix: don't forward secure headers to 3th party by @jimmywarting in node-fetch/node-fetch#1453

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

fix(URL): prefer built in URL version when available and fallback to whatwg by @jimmywarting in node-fetch/node-fetch#1352

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits

1ef4b56 backport of #1449 (#1453)
8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
18193c5 fix v2.6.3 that did not sending query params (#1301)
ace7536 fix: properly encode url with unicode characters (#1291)
152214c Fix(package.json): Corrected main file path in package.json (#1274)
See full diff in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Dependabot commands and options

Created At 2022-05-12 16:53:42 +0000 UTC

PR #1536 Bump ejs from 2.6.2 to 3.1.7 in /docs/example/basic-app-website

dependencies

Bumps [ejs](https://github.com/mde/ejs) from 2.6.2 to 3.1.7.

Release notes

Sourced from ejs's releases.

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

v2.7.4

Bug fixes

Fixed Node 4 support, which broke in v2.7.3 (https://github.com/mde/ejs/commit/5e42d6cef15ae6f2c7d29ef55a455e8e49b5e76e, @mde)

v2.7.3

Bug fixes

Made the post-install message more discreet by following the example of opencollective-postinstall (https://github.com/mde/ejs/commit/228d8e45b7ced2afd3e596c13d44aed464e57e43, @mde)

v2.7.2

Features

Added support for destructuring locals (#452, @ExE-Boss)

Added support for disabling legacy include directives (#458, #459, @ExE-Boss)

Compiled functions are now shown in the debugger (#456, @S2-)

function.name is now set to the file base name in environments that support this (#466, @ExE-Boss)

Bug Fixes

The error message when async != true now correctly mention the existence of the async option (#460, @ExE-Boss)

Improved performance of HTML output generation (#470, @nwoltman)

v2.7.1

Deprecated:

Added deprecation notice for use of require.extensions (@mde)

Changelog

Sourced from ejs's changelog.

v3.0.1: 2019-11-23

Removed require.extensions (@mde)

Removed legacy preprocessor include (@mde)

Removed support for EOL Nodes 4 and 6 (@mde)

v2.7.4: 2019-11-19

Bug fixes

Fixed Node 4 support, which broke in v2.7.3 (5e42d6c, @mde)

v2.7.3: 2019-11-19

Bug fixes

Made the post-install message more discreet by following the example of opencollective-postinstall (228d8e4, @mde)

v2.7.2: 2019-11-13

Features

Added support for destructuring locals (#452, @ExE-Boss)

Added support for disabling legacy include directives (#458, #459, @ExE-Boss)

Compiled functions are now shown in the debugger (#456, @S2-)

function.name is now set to the file base name in environments that support this (#466, @ExE-Boss)

Bug Fixes

The error message when async != true now correctly mention the existence of the async option (#460, @ExE-Boss)

Improved performance of HTML output generation (#470, @nwoltman)

v2.7.1: 2019-09-02

Added deprecation notice for use of require.extensions (@mde)

Commits

820855a Version 3.1.7
076dcb6 Don't use template literal
faf8b84 Skip test -- error message vary depending on JS runtime
c028c34 Update packages
e4180b4 Merge pull request #629 from markbrouwer96/main
d5404d6 Updated jsdoc to 3.6.7
7b0845d Merge pull request #609 from mde/dependabot/npm_and_yarn/glob-parent-5.1.2
32fb8ee Bump glob-parent from 5.1.1 to 5.1.2
f21a9e4 Merge pull request #603 from mde/mde-null-proto-where-possible
a50e46f Merge pull request #606 from akash-55/main
Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ejs&package-manager=npm_and_yarn&previous-version=2.6.2&new-version=3.1.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---

Dependabot commands and options

Created At 2022-05-12 16:53:40 +0000 UTC