Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): Bump braces from 3.0.2 to 3.0.3 #269

Merged

Conversation

EelcoLos
Copy link
Contributor

@EelcoLos EelcoLos commented Jun 27, 2024

This PR is a request to fix the "Uncontrolled resource consumption in braces"

This Dependabot *High issue is also visible at GHSA-grv7-fg5c-xmjg

these are displayed in : CWE-1050

PR on forked branch: Brink-Software#30

below is cited from Dependabot:


Bumps braces from 3.0.2 to 3.0.3.

Commits

Dependabot compatibility score

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Copy link
Owner

@amannn amannn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot! 🙌

@amannn amannn merged commit a663946 into amannn:main Jun 28, 2024
27 checks passed
amannn added a commit that referenced this pull request Jun 28, 2024
Copy link

🎉 This PR is included in version 5.5.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/braces-3.0.3 branch June 28, 2024 07:11
FlipEnergy added a commit to gorgias/action-semantic-pull-request that referenced this pull request Aug 29, 2024
* feat: Add outputs for `type`, `scope` and `subject` (amannn#261 by @bcaurel)

* Update validatePrTitle.js

* Update README.md

* Update README.md

---------

Co-authored-by: Jan Amann <[email protected]>

* chore: Release 5.5.0 [skip ci]

* fix: Bump ip from 2.0.0 to 2.0.1 (amannn#263 by @EelcoLos)

Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1.
- [Commits](indutny/node-ip@v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: ip
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Release 5.5.1 [skip ci]

* fix: Bump tar from 6.1.11 to 6.2.1 (amannn#262 by @EelcoLos)

Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.11 to 6.2.1.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.11...v6.2.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Release 5.5.2 [skip ci]

* chore: Update major tag (amannn#268 by @gustavkj)

* chore(deps): Bump braces from 3.0.2 to 3.0.3 (amannn#269 by @EelcoLos)

* fix: Bump `braces` dependency (amannn#269. by @EelcoLos)

* chore: Release 5.5.3 [skip ci]

* docs: Mention `reopened` trigger in README (amannn#272 by @garysassano)

* feat(ops): Update readme to reflect how gorgians should use

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Brandon Caurel <[email protected]>
Co-authored-by: Jan Amann <[email protected]>
Co-authored-by: semantic-release-bot <[email protected]>
Co-authored-by: Eelco Los <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gustav Utterheim <[email protected]>
Co-authored-by: Jan Amann <[email protected]>
Co-authored-by: Gary Sassano <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants