🚨 [security] Update all of commitlint 12.1.1 → 12.1.4 (patch) (!55) · Merge requests · pinage404 / jsonresume-theme-pinage404

Depfu Bot requested to merge depfu/update/npm/group/commitlint-12.1.4 into main Jul 18, 2024

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ @commitlint/cli (12.1.1 → 12.1.4) · Repo · Changelog

✳️ @commitlint/config-conventional (12.1.1 → 12.1.4) · Repo · Changelog

↗️ @commitlint/lint (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

Release Notes

12.1.4

fix node v10 support

12.1.3

12.1.3 (2021-05-12)

Bug Fixes

update dependency fs-extra to v10 (#2575) (d47d2b5)

update dependency yargs to v17 (#2574) (81c38dd)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 54 commits:

↗️ @commitlint/load (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

Release Notes

12.1.4

fix node v10 support

12.1.3

12.1.3 (2021-05-12)

Bug Fixes

update dependency fs-extra to v10 (#2575) (d47d2b5)

update dependency yargs to v17 (#2574) (81c38dd)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 54 commits:

↗️ @commitlint/types (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 54 commits:

↗️ @types/minimist (indirect, 1.2.1 → 1.2.5) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ @types/normalize-package-data (indirect, 2.4.0 → 2.4.4) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ @types/parse-json (indirect, 4.0.0 → 4.0.2) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ conventional-changelog-angular (indirect, 5.0.12 → 5.0.13) · Repo · Changelog

Release Notes

5.0.13 (from changelog)

Bug Fixes

conventional-commits-parser: address CVE-2021-23425 (#841) (02b3d53)

Does any of this look wrong? Please let us know.

↗️ conventional-changelog-conventionalcommits (indirect, 4.5.0 → 4.6.3) · Repo · Changelog

Release Notes

4.6.3 (from changelog)

Bug Fixes

support BREAKING-CHANGE alongside BREAKING CHANGE (#882) (e6f44ad)

4.6.2 (from changelog)

Bug Fixes

docs: template examples (#866) (5917ad2)

4.6.1 (from changelog)

Bug Fixes

conventional-commits-parser: address CVE-2021-23425 (#841) (02b3d53)

4.6.0 (from changelog)

Features

conventionalcommits: include Release-As commits in CHANGELOG (#796) (9a0b9a7)

Does any of this look wrong? Please let us know.

↗️ conventional-commits-parser (indirect, 3.2.1 → 3.2.4) · Repo · Changelog

Release Notes

3.2.4 (from changelog)

Bug Fixes

support BREAKING-CHANGE alongside BREAKING CHANGE (#882) (e6f44ad)

3.2.3 (from changelog)

Bug Fixes

address ReDoS issue (#861) (c696fa3)

3.2.2 (from changelog)

Bug Fixes

conventional-commits-parser: address CVE-2021-23425 (#841) (02b3d53)

Does any of this look wrong? Please let us know.

↗️ decamelize-keys (indirect, 1.1.0 → 1.1.1) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ git-raw-commits (indirect, 2.0.10 → 2.0.11) · Repo · Changelog

Release Notes

2.0.11 (from changelog)

Bug Fixes

allow raw commits to be filtered by path and date range (#893) (b2245a7)

Does any of this look wrong? Please let us know.

↗️ hosted-git-info (indirect, 2.8.5 → 4.1.0) · Repo · Changelog

Security Advisories 🚨

🚨 Regular Expression Denial of Service in hosted-git-info

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

🚨 Regular Expression Denial of Service in hosted-git-info

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ lines-and-columns (indirect, 1.1.6 → 1.2.4) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ map-obj (indirect, 4.2.1 → 4.3.0) · Repo

Release Notes

4.3.0

Add mapObject.mapObjectSkip for removing object keys (#38) 9ee1876

v4.2.1...v4.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

↗️ normalize-package-data (indirect, 2.5.0 → 3.0.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 28 commits:

↗️ spdx-correct (indirect, 3.1.0 → 3.2.0) · Repo

Commits

See the full diff on Github. The new version differs by 21 commits:

↗️ spdx-exceptions (indirect, 2.2.0 → 2.5.0) · Repo

Commits

See the full diff on Github. The new version differs by 12 commits:

↗️ spdx-expression-parse (indirect, 3.0.0 → 3.0.1) · Repo

Commits

See the full diff on Github. The new version differs by 18 commits:

↗️ spdx-license-ids (indirect, 3.0.5 → 3.0.18) · Repo

Commits

See the full diff on Github. The new version differs by 52 commits:

↗️ string-width (indirect, 4.2.2 → 4.2.3) · Repo

Commits

See the full diff on Github. The new version differs by 1 commit:

Upgrade `strip-ansi` dependency

↗️ trim-newlines (indirect, 3.0.0 → 3.0.1) · Repo

Security Advisories 🚨

🚨 Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

Sorry, we couldn't find anything useful about this release.

↗️ type-fest (indirect, 0.6.0 → 0.18.1) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Sorry, we couldn't find anything useful about this release.

↗️ universalify (indirect, 2.0.0 → 2.0.1) · Repo

Release Notes

2.0.1

Performance improvements (thanks @H4ad!)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 5 commits:

↗️ yargs-parser (indirect, 20.2.7 → 20.2.9)

Sorry, we couldn't find anything useful about this release.

🆕 hasown (added, 2.0.2)

🗑️ trim-off-newlines (removed)

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@depfu rebase

Rebases against your default branch and redoes this update

@depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@depfu cancel merge

Cancels automatic merging of this PR

@depfu close

Closes this PR and deletes the branch

@depfu reopen

Restores the branch and reopens this PR (if it's closed)

@depfu pause

Ignores all future updates for this dependency and closes this PR

@depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

🚨 [security] Update all of commitlint 12.1.1 → 12.1.4 (patch)

What changed?

✳️ @​commitlint/cli (12.1.1 → 12.1.4) · Repo · Changelog

✳️ @​commitlint/config-conventional (12.1.1 → 12.1.4) · Repo · Changelog

↗️ @​commitlint/lint (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

12.1.3 (2021-05-12)

Bug Fixes

↗️ @​commitlint/load (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

12.1.3 (2021-05-12)

Bug Fixes

↗️ @​commitlint/types (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

↗️ @​types/minimist (indirect, 1.2.1 → 1.2.5) · Repo

↗️ @​types/normalize-package-data (indirect, 2.4.0 → 2.4.4) · Repo

↗️ @​types/parse-json (indirect, 4.0.0 → 4.0.2) · Repo

↗️ conventional-changelog-angular (indirect, 5.0.12 → 5.0.13) · Repo · Changelog

5.0.13 (from changelog)

Bug Fixes

↗️ conventional-changelog-conventionalcommits (indirect, 4.5.0 → 4.6.3) · Repo · Changelog

4.6.3 (from changelog)

Bug Fixes

4.6.2 (from changelog)

Bug Fixes

4.6.1 (from changelog)

Bug Fixes

4.6.0 (from changelog)

Features

↗️ conventional-commits-parser (indirect, 3.2.1 → 3.2.4) · Repo · Changelog

3.2.4 (from changelog)

Bug Fixes

3.2.3 (from changelog)

Bug Fixes

3.2.2 (from changelog)

Bug Fixes

↗️ decamelize-keys (indirect, 1.1.0 → 1.1.1) · Repo

↗️ git-raw-commits (indirect, 2.0.10 → 2.0.11) · Repo · Changelog

2.0.11 (from changelog)

Bug Fixes

↗️ hosted-git-info (indirect, 2.8.5 → 4.1.0) · Repo · Changelog

↗️ lines-and-columns (indirect, 1.1.6 → 1.2.4) · Repo

↗️ map-obj (indirect, 4.2.1 → 4.3.0) · Repo

↗️ normalize-package-data (indirect, 2.5.0 → 3.0.3) · Repo · Changelog

↗️ spdx-correct (indirect, 3.1.0 → 3.2.0) · Repo

↗️ spdx-exceptions (indirect, 2.2.0 → 2.5.0) · Repo

↗️ spdx-expression-parse (indirect, 3.0.0 → 3.0.1) · Repo

↗️ spdx-license-ids (indirect, 3.0.5 → 3.0.18) · Repo

↗️ string-width (indirect, 4.2.2 → 4.2.3) · Repo

↗️ trim-newlines (indirect, 3.0.0 → 3.0.1) · Repo

↗️ type-fest (indirect, 0.6.0 → 0.18.1) · Repo

↗️ universalify (indirect, 2.0.0 → 2.0.1) · Repo

↗️ yargs-parser (indirect, 20.2.7 → 20.2.9)

🆕 hasown (added, 2.0.2)

🗑️ trim-off-newlines (removed)

Merge request reports

✳️ @commitlint/cli (12.1.1 → 12.1.4) · Repo · Changelog

✳️ @commitlint/config-conventional (12.1.1 → 12.1.4) · Repo · Changelog

↗️ @commitlint/lint (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

↗️ @commitlint/load (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

↗️ @commitlint/types (indirect, 12.1.1 → 12.1.4) · Repo · Changelog

↗️ @types/minimist (indirect, 1.2.1 → 1.2.5) · Repo

↗️ @types/normalize-package-data (indirect, 2.4.0 → 2.4.4) · Repo

↗️ @types/parse-json (indirect, 4.0.0 → 4.0.2) · Repo