Vulnerable lodash in dependency chain #57
Comments
zengyu714
pushed a commit
that referenced
this issue
Dec 30, 2021
Bumps aws-core from 2.17.99 to 2.17.100. Co-Authored-By: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-Authored-By: Yu Zeng <[email protected]> --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump protocol-core from 2.4.0 to 2.17.100 (#45) Bumps protocol-core from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:protocol-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-nio-client from 2.4.0 to 2.17.100 (#42) Bumps netty-nio-client from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:netty-nio-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-transport-native-unix-common (#46) Bumps [netty-transport-native-unix-common](https://github.com/netty/netty) from 4.1.71.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.71.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-transport-native-unix-common dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-java-sdk-core from 1.11.477 to 1.12.129 (#48) Bumps [aws-java-sdk-core](https://github.com/aws/aws-sdk-java) from 1.11.477 to 1.12.129. - [Release notes](https://github.com/aws/aws-sdk-java/releases) - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java@1.11.477...1.12.129) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump http-client-spi from 2.4.0 to 2.17.100 (#47) Bumps [http-client-spi](https://github.com/aws/aws-sdk-java-v2) from 2.4.0 to 2.17.100. - [Release notes](https://github.com/aws/aws-sdk-java-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-java-v2/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java-v2@2.4.0...2.17.100) --- updated-dependencies: - dependency-name: software.amazon.awssdk:http-client-spi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump protobuf-java from 2.6.1 to 3.19.1 (#49) Bumps [protobuf-java](https://github.com/protocolbuffers/protobuf) from 2.6.1 to 3.19.1. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v2.6.1...v3.19.1) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump dynamodb from 2.4.0 to 2.17.100 (#35) Bumps dynamodb from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:dynamodb dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump httpcore from 4.4.10 to 4.4.15 (#50) Bumps httpcore from 4.4.10 to 4.4.15. --- updated-dependencies: - dependency-name: org.apache.httpcomponents:httpcore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump mocha from 5.2.0 to 9.1.3 (#4) Bumps [mocha](https://github.com/mochajs/mocha) from 5.2.0 to 9.1.3. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](mochajs/mocha@v5.2.0...v9.1.3) --- updated-dependencies: - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump grunt-mocha-test from 0.12.7 to 0.13.3 (#3) Bumps [grunt-mocha-test](https://github.com/pghalliday/grunt-mocha-test) from 0.12.7 to 0.13.3. - [Release notes](https://github.com/pghalliday/grunt-mocha-test/releases) - [Commits](pghalliday/grunt-mocha-test@0.12.7...0.13.3) --- updated-dependencies: - dependency-name: grunt-mocha-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump logback-classic from 1.2.3 to 1.2.9 (#52) Bumps logback-classic from 1.2.3 to 1.2.9. --- updated-dependencies: - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump sdk-core from 2.4.0 to 2.17.100 (#53) Bumps sdk-core from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:sdk-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-resolver from 4.1.32.Final to 4.1.72.Final (#51) Bumps [netty-resolver](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-resolver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump rxjava from 2.1.14 to 2.2.21 (#2) Bumps [rxjava](https://github.com/ReactiveX/RxJava) from 2.1.14 to 2.2.21. - [Release notes](https://github.com/ReactiveX/RxJava/releases) - [Changelog](https://github.com/ReactiveX/RxJava/blob/v2.2.21/CHANGES.md) - [Commits](ReactiveX/RxJava@v2.1.14...v2.2.21) --- updated-dependencies: - dependency-name: io.reactivex.rxjava2:rxjava dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump auth from 2.4.0 to 2.17.100 (#54) Bumps auth from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump amazon-kinesis-client-multilang from 2.1.2 to 2.3.9 (#1) Bumps [amazon-kinesis-client-multilang](https://github.com/awslabs/amazon-kinesis-client) from 2.1.2 to 2.3.9. - [Release notes](https://github.com/awslabs/amazon-kinesis-client/releases) - [Changelog](https://github.com/awslabs/amazon-kinesis-client/blob/master/CHANGELOG.md) - [Commits](awslabs/amazon-kinesis-client@v2.1.2...v2.3.9) --- updated-dependencies: - dependency-name: software.amazon.kinesis:amazon-kinesis-client-multilang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-common from 4.1.71.Final to 4.1.72.Final (#55) Bumps [netty-common](https://github.com/netty/netty) from 4.1.71.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.71.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-common dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump jackson-core from 2.13.0 to 2.13.1 (#56) Bumps [jackson-core](https://github.com/FasterXML/jackson-core) from 2.13.0 to 2.13.1. - [Release notes](https://github.com/FasterXML/jackson-core/releases) - [Commits](FasterXML/jackson-core@jackson-core-2.13.0...jackson-core-2.13.1) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump annotations from 2.4.0 to 2.17.100 (#61) Bumps annotations from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:annotations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump sts from 2.4.0 to 2.17.100 (#60) Bumps sts from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:sts dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump jcommander from 1.72 to 1.81 (#59) Bumps [jcommander](https://github.com/cbeust/jcommander) from 1.72 to 1.81. - [Release notes](https://github.com/cbeust/jcommander/releases) - [Changelog](https://github.com/cbeust/jcommander/blob/master/CHANGELOG.md) - [Commits](https://github.com/cbeust/jcommander/commits/1.81) --- updated-dependencies: - dependency-name: com.beust:jcommander dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump guava from 26.0-jre to 31.0.1-jre (#58) Bumps [guava](https://github.com/google/guava) from 26.0-jre to 31.0.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Bump jackson-databind from 2.9.8 to 2.13.1 (#62) Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.9.8 to 2.13.1. - [Release notes](https://github.com/FasterXML/jackson/releases) - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump checker-qual from 2.5.2 to 3.21.0 (#65) Bumps [checker-qual](https://github.com/typetools/checker-framework) from 2.5.2 to 3.21.0. - [Release notes](https://github.com/typetools/checker-framework/releases) - [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md) - [Commits](typetools/checker-framework@checker-framework-2.5.2...checker-framework-3.21.0) --- updated-dependencies: - dependency-name: org.checkerframework:checker-qual dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump reactive-streams from 1.0.2 to 1.0.3 (#67) Bumps [reactive-streams](https://github.com/reactive-streams/reactive-streams) from 1.0.2 to 1.0.3. - [Release notes](https://github.com/reactive-streams/reactive-streams/releases) - [Changelog](https://github.com/reactive-streams/reactive-streams-jvm/blob/master/RELEASE-NOTES.md) - [Commits](reactive-streams/reactive-streams-jvm@v1.0.2...v1.0.3) --- updated-dependencies: - dependency-name: org.reactivestreams:reactive-streams dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump j2objc-annotations from 1.1 to 1.3 (#66) Bumps [j2objc-annotations](https://github.com/google/j2objc) from 1.1 to 1.3. - [Release notes](https://github.com/google/j2objc/releases) - [Commits](google/j2objc@1.1...1.3) --- updated-dependencies: - dependency-name: com.google.j2objc:j2objc-annotations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump httpclient from 4.5.6 to 4.5.13 (#64) Bumps httpclient from 4.5.6 to 4.5.13. --- updated-dependencies: - dependency-name: org.apache.httpcomponents:httpclient dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-cbor-protocol from 2.4.0 to 2.17.100 (#63) Bumps aws-cbor-protocol from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-cbor-protocol dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-codec-http from 4.1.32.Final to 4.1.72.Final (#57) Bumps [netty-codec-http](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-codec-http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-query-protocol from 2.4.0 to 2.17.100 (#72) Bumps aws-query-protocol from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-query-protocol dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump commons-codec from 1.10 to 1.15 (#71) Bumps [commons-codec](https://github.com/apache/commons-codec) from 1.10 to 1.15. - [Release notes](https://github.com/apache/commons-codec/releases) - [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-codec@1.10...rel/commons-codec-1.15) --- updated-dependencies: - dependency-name: commons-codec:commons-codec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-reactive-streams from 2.0.0 to 2.0.5 (#70) Bumps [netty-reactive-streams](https://github.com/playframework/netty-reactive-streams) from 2.0.0 to 2.0.5. - [Release notes](https://github.com/playframework/netty-reactive-streams/releases) - [Commits](playframework/netty-reactive-streams@netty-reactive-streams-parent-2.0.0...netty-reactive-streams-parent-2.0.5) --- updated-dependencies: - dependency-name: com.typesafe.netty:netty-reactive-streams dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-codec from 4.1.32.Final to 4.1.72.Final (#69) Bumps [netty-codec](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-codec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump commons-beanutils from 1.9.3 to 1.9.4 (#68) Bumps commons-beanutils from 1.9.3 to 1.9.4. --- updated-dependencies: - dependency-name: commons-beanutils:commons-beanutils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump amazon-kinesis-client from 2.1.2 to 2.3.9 (#73) Bumps [amazon-kinesis-client](https://github.com/awslabs/amazon-kinesis-client) from 2.1.2 to 2.3.9. - [Release notes](https://github.com/awslabs/amazon-kinesis-client/releases) - [Changelog](https://github.com/awslabs/amazon-kinesis-client/blob/master/CHANGELOG.md) - [Commits](awslabs/amazon-kinesis-client@v2.1.2...v2.3.9) --- updated-dependencies: - dependency-name: software.amazon.kinesis:amazon-kinesis-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump animal-sniffer-annotations from 1.14 to 1.20 (#77) Bumps [animal-sniffer-annotations](https://github.com/mojohaus/animal-sniffer) from 1.14 to 1.20. - [Release notes](https://github.com/mojohaus/animal-sniffer/releases) - [Commits](mojohaus/animal-sniffer@animal-sniffer-parent-1.14...animal-sniffer-parent-1.20) --- updated-dependencies: - dependency-name: org.codehaus.mojo:animal-sniffer-annotations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump logback-core from 1.2.3 to 1.2.9 (#76) Bumps logback-core from 1.2.3 to 1.2.9. --- updated-dependencies: - dependency-name: ch.qos.logback:logback-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-handler from 4.1.32.Final to 4.1.72.Final (#75) Bumps [netty-handler](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-handler dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-reactive-streams-http from 2.0.0 to 2.0.5 (#74) Bumps [netty-reactive-streams-http](https://github.com/playframework/netty-reactive-streams) from 2.0.0 to 2.0.5. - [Release notes](https://github.com/playframework/netty-reactive-streams/releases) - [Commits](playframework/netty-reactive-streams@netty-reactive-streams-parent-2.0.0...netty-reactive-streams-parent-2.0.5) --- updated-dependencies: - dependency-name: com.typesafe.netty:netty-reactive-streams-http dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-json-protocol from 2.4.0 to 2.17.100 (#78) Bumps aws-json-protocol from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-json-protocol dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-java-sdk-core from 1.12.129 to 1.12.131 (#84) Bumps [aws-java-sdk-core](https://github.com/aws/aws-sdk-java) from 1.12.129 to 1.12.131. - [Release notes](https://github.com/aws/aws-sdk-java/releases) - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java@1.12.129...1.12.131) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-query-protocol from 2.17.100 to 2.17.102 (#83) Bumps aws-query-protocol from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-query-protocol dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump sdk-core from 2.17.100 to 2.17.102 (#86) Bumps sdk-core from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:sdk-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump sts from 2.17.100 to 2.17.102 (#85) Bumps sts from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:sts dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump utils from 2.17.100 to 2.17.102 (#87) Bumps [utils](https://github.com/aws/aws-sdk-java-v2) from 2.17.100 to 2.17.102. - [Release notes](https://github.com/aws/aws-sdk-java-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-java-v2/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java-v2@2.17.100...2.17.102) --- updated-dependencies: - dependency-name: software.amazon.awssdk:utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump profiles from 2.17.100 to 2.17.102 (#82) Bumps profiles from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:profiles dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-core from 2.17.100 to 2.17.102 (#90) Bumps aws-core from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-cbor-protocol from 2.17.100 to 2.17.102 (#89) Bumps aws-cbor-protocol from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-cbor-protocol dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump apache-client from 2.17.100 to 2.17.102 (#88) Bumps apache-client from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:apache-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump http-client-spi from 2.17.100 to 2.17.102 (#81) Bumps [http-client-spi](https://github.com/aws/aws-sdk-java-v2) from 2.17.100 to 2.17.102. - [Release notes](https://github.com/aws/aws-sdk-java-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-java-v2/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java-v2@2.17.100...2.17.102) --- updated-dependencies: - dependency-name: software.amazon.awssdk:http-client-spi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump regions from 2.17.100 to 2.17.102 (#92) Bumps regions from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:regions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump kinesis from 2.17.100 to 2.17.102 (#91) Bumps kinesis from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:kinesis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-nio-client from 2.17.100 to 2.17.102 (#93) Bumps netty-nio-client from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:netty-nio-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump protocol-core from 2.17.100 to 2.17.102 (#97) Bumps protocol-core from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:protocol-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump aws-json-protocol from 2.17.100 to 2.17.102 (#96) Bumps aws-json-protocol from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:aws-json-protocol dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump auth from 2.17.100 to 2.17.102 (#95) Bumps auth from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump logback-core from 1.2.9 to 1.2.10 (#94) Bumps logback-core from 1.2.9 to 1.2.10. --- updated-dependencies: - dependency-name: ch.qos.logback:logback-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump cloudwatch from 2.17.100 to 2.17.102 (#80) Bumps cloudwatch from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:cloudwatch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump annotations from 2.17.100 to 2.17.102 (#98) Bumps annotations from 2.17.100 to 2.17.102. --- updated-dependencies: - dependency-name: software.amazon.awssdk:annotations dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump apache-client from 2.4.0 to 2.17.100 (#22) Bumps apache-client from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:apache-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump kinesis from 2.4.0 to 2.17.100 (#21) Bumps kinesis from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:kinesis dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump jackson-annotations from 2.9.0 to 2.13.1 (#24) Bumps [jackson-annotations](https://github.com/FasterXML/jackson) from 2.9.0 to 2.13.1. - [Release notes](https://github.com/FasterXML/jackson/releases) - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump cloudwatch from 2.4.0 to 2.17.100 (#23) Bumps cloudwatch from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:cloudwatch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump regions from 2.17.99 to 2.17.100 (#26) Bumps regions from 2.17.99 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:regions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump joda-time from 2.8.1 to 2.10.13 (#28) Bumps [joda-time](https://github.com/JodaOrg/joda-time) from 2.8.1 to 2.10.13. - [Release notes](https://github.com/JodaOrg/joda-time/releases) - [Changelog](https://github.com/JodaOrg/joda-time/blob/master/RELEASE-NOTES.txt) - [Commits](JodaOrg/joda-time@v2.8.1...v2.10.13) --- updated-dependencies: - dependency-name: joda-time:joda-time dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump error_prone_annotations from 2.1.3 to 2.10.0 (#27) Bumps [error_prone_annotations](https://github.com/google/error-prone) from 2.1.3 to 2.10.0. - [Release notes](https://github.com/google/error-prone/releases) - [Commits](google/error-prone@v2.1.3...v2.10.0) --- updated-dependencies: - dependency-name: com.google.errorprone:error_prone_annotations dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-codec-http2 from 4.1.32.Final to 4.1.72.Final (#29) Bumps [netty-codec-http2](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-codec-http2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump ion-java from 1.0.2 to 1.5.1 (#31) Bumps [ion-java](https://github.com/amzn/ion-java) from 1.0.2 to 1.5.1. - [Release notes](https://github.com/amzn/ion-java/releases) - [Commits](amazon-ion/ion-java@v1.0.2...com_amazon_ion_v1.5.1) --- updated-dependencies: - dependency-name: software.amazon.ion:ion-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump jackson-dataformat-cbor from 2.13.0 to 2.13.1 (#30) Bumps [jackson-dataformat-cbor](https://github.com/FasterXML/jackson-dataformats-binary) from 2.13.0 to 2.13.1. - [Release notes](https://github.com/FasterXML/jackson-dataformats-binary/releases) - [Commits](FasterXML/jackson-dataformats-binary@jackson-dataformats-binary-2.13.0...jackson-dataformats-binary-2.13.1) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-transport from 4.1.32.Final to 4.1.72.Final (#25) Bumps [netty-transport](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-transport dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump sinon from 1.17.7 to 12.0.1 (#7) Bumps [sinon](https://github.com/sinonjs/sinon) from 1.17.7 to 12.0.1. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/master/docs/changelog.md) - [Commits](sinonjs/sinon@v1.17.7...v12.0.1) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump commons-logging from 1.1.3 to 1.2 (#32) Bumps commons-logging from 1.1.3 to 1.2. --- updated-dependencies: - dependency-name: commons-logging:commons-logging dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-buffer from 4.1.32.Final to 4.1.72.Final (#33) Bumps [netty-buffer](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-buffer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump profiles from 2.4.0 to 2.17.100 (#34) Bumps profiles from 2.4.0 to 2.17.100. --- updated-dependencies: - dependency-name: software.amazon.awssdk:profiles dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump grunt-contrib-jshint from 1.1.0 to 3.1.1 (#6) Bumps [grunt-contrib-jshint](https://github.com/gruntjs/grunt-contrib-jshint) from 1.1.0 to 3.1.1. - [Release notes](https://github.com/gruntjs/grunt-contrib-jshint/releases) - [Changelog](https://github.com/gruntjs/grunt-contrib-jshint/blob/main/CHANGELOG) - [Commits](gruntjs/grunt-contrib-jshint@v1.1.0...v3.1.1) --- updated-dependencies: - dependency-name: grunt-contrib-jshint dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump chai from 1.10.0 to 4.3.4 (#5) Bumps [chai](https://github.com/chaijs/chai) from 1.10.0 to 4.3.4. - [Release notes](https://github.com/chaijs/chai/releases) - [Changelog](https://github.com/chaijs/chai/blob/main/History.md) - [Commits](chaijs/chai@1.10.0...v4.3.4) --- updated-dependencies: - dependency-name: chai dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump async from 0.9.2 to 3.2.2 (#39) Bumps [async](https://github.com/caolan/async) from 0.9.2 to 3.2.2. - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md) - [Commits](caolan/async@0.9.2...v3.2.2) --- updated-dependencies: - dependency-name: async dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump commander from 2.6.0 to 8.3.0 (#40) Bumps [commander](https://github.com/tj/commander.js) from 2.6.0 to 8.3.0. - [Release notes](https://github.com/tj/commander.js/releases) - [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md) - [Commits](tj/commander.js@v2.6.0...v8.3.0) --- updated-dependencies: - dependency-name: commander dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump log4js from 0.6.38 to 6.3.0 (#41) Bumps [log4js](https://github.com/log4js-node/log4js-node) from 0.6.38 to 6.3.0. - [Release notes](https://github.com/log4js-node/log4js-node/releases) - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](log4js-node/log4js-node@v0.6.38...v6.3.0) --- updated-dependencies: - dependency-name: log4js dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump netty-transport-native-epoll from 4.1.32.Final to 4.1.72.Final (#38) Bumps [netty-transport-native-epoll](https://github.com/netty/netty) from 4.1.32.Final to 4.1.72.Final. - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.32.Final...netty-4.1.72.Final) --- updated-dependencies: - dependency-name: io.netty:netty-transport-native-epoll dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Bump utils from 2.4.0 to 2.17.100 (#37) Bumps [utils](https://github.com/aws/aws-sdk-java-v2) from 2.4.0 to 2.17.100. - [Release notes](https://github.com/aws/aws-sdk-java-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-java-v2/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-java-v2@2.4.0...2.17.100) --- updated-dependencies: - dependency-name: software.amazon.awssdk:utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Bump grunt-jsdoc from 1.1.0 to 2.4.1 (#36) Bumps [grunt-jsdoc](https://github.com/krampstudio/grunt-jsdoc) from 1.1.0 to 2.4.1. - [Release notes](https://github.com/krampstudio/grunt-jsdoc/releases) - [Commits](krampstudio/grunt-jsdoc@1.1.0...v2.4.1) --- updated-dependencies: - dependency-name: grunt-jsdoc dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Bump grunt-contrib-clean from 1.1.0 to 2.0.0 (#44) Bumps [grunt-contrib-clean](https://github.com/gruntjs/grunt-contrib-clean) from 1.1.0 to 2.0.0. - [Release notes](https://github.com/gruntjs/grunt-contrib-clean/releases) - [Changelog](https://github.com/gruntjs/grunt-contrib-clean/blob/main/CHANGELOG) - [Commits](gruntjs/grunt-contrib-clean@v1.1.0...v2.0.0) --- updated-dependencies: - dependency-name: grunt-contrib-clean dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[email protected] depends on [email protected] which depends on [email protected]
https://www.npmjs.com/advisories/577
The text was updated successfully, but these errors were encountered: