Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump json5 from 2.2.1 to 2.2.3 in /documentation #990

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

build(deps): bump json5 from 2.2.1 to 2.2.3 in /documentation #990

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 4, 2023
edited

Bumps json5 from 2.2.1 to 2.2.3.

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot requested a review from C0ZEN as a code owner January 4, 2023 15:44
@dependabot dependabot bot added the dependencies 📦 Alter the dependencies label Jan 4, 2023
@vercel
Copy link

vercel bot commented Jan 4, 2023
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
stale-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 2, 2023 0:03am

@codecov
Copy link

codecov bot commented Jan 4, 2023
edited

Codecov Report

Merging #990 (51440c5) into develop (6a85ef3) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           develop     #990   +/-   ##
========================================
  Coverage    99.26%   99.26%           
========================================
  Files          131      131           
  Lines         3259     3259           
  Branches       344      344           
========================================
  Hits          3235     3235           
  Misses          22       22           
  Partials         2        2
Flag Coverage Δ
integration-issues 72.61% <ø> (ø)
integration-pull-requests 75.67% <ø> (ø)
unit 99.69% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 9335eb6 to 313ca3c Compare January 24, 2023 21:40
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 313ca3c to df42779 Compare February 8, 2023 08:14
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from df42779 to 879614b Compare March 2, 2023 21:27
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 879614b to 296a9e6 Compare March 2, 2023 22:34
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 296a9e6 to 411d21f Compare March 4, 2023 15:13
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 411d21f to 6d084c1 Compare March 4, 2023 16:46
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 6d084c1 to b8f8561 Compare March 4, 2023 17:34
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from b8f8561 to 6e0192b Compare March 4, 2023 19:54
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 6e0192b to 276ae22 Compare March 4, 2023 22:31
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch 3 times, most recently from 7ed62a6 to e86db21 Compare March 4, 2023 23:44
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch 2 times, most recently from 7543435 to aa38e79 Compare March 5, 2023 14:33
@vercel
Copy link

vercel bot commented Mar 5, 2023

Deployment failed with the following error:

Resource is limited - try again in 32 minutes (more than 100, code: "api-deployments-free-per-day").

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from e99d55d to e10e9e1 Compare March 14, 2023 21:19
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from e10e9e1 to ff7126f Compare March 18, 2023 16:03
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from ff7126f to 4c7ea49 Compare March 18, 2023 16:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 4c7ea49 to a8fe08c Compare March 19, 2023 13:44
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from a8fe08c to 51dc573 Compare March 19, 2023 14:00
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch 2 times, most recently from dba6e73 to 910d537 Compare March 19, 2023 18:13
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 910d537 to 08234a4 Compare March 22, 2023 09:52
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 08234a4 to 712f4ff Compare March 22, 2023 12:47
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 712f4ff to 50e9476 Compare March 22, 2023 15:38
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 50e9476 to feeda5c Compare March 22, 2023 16:36
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from feeda5c to 97533d9 Compare March 22, 2023 18:26
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 97533d9 to 3ced643 Compare April 1, 2023 17:10
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from 3ced643 to fed1bdf Compare April 2, 2023 08:51
@dependabot
build(deps): bump json5 from 2.2.1 to 2.2.3 in /documentation
51440c5 
Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.2.1...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/documentation/json5-2.2.3 branch from fed1bdf to 51440c5 Compare April 2, 2023 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@C0ZEN C0ZEN Awaiting requested review from C0ZEN C0ZEN is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies 📦 Alter the dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants