Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump got, snyk and critical #22

Open
wants to merge 1 commit into
base: stable
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 22, 2022

Bumps got, snyk and critical. These dependencies needed to be updated together.
Updates got from 8.3.2 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

  • Bump cacheable-request dependency (#1921) 9463bb6
  • Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

v11.8.2

  • Make the dnsCache option lazy (#1529) 3bd245f This slightly improves Got startup performance and fixes an issue with Jest.

sindresorhus/got@v11.8.1...v11.8.2

v11.8.1

  • Do not throw on custom stack traces (#1491) 4c815c3a609eb74d0eb139414d9996b4f65dc3c0

v11.8.0

  • Fix for sending files with size 0 on stat (#1488) 7acd380
  • beforeRetry allows stream body if different from original (#1501) 3dd2273
  • Set default value for an options object (#1495) 390b145

sindresorhus/got@v11.7.0...v11.8.0

v11.7.0

Improvements

  • Add pfx HTTPS option (#1364) c33df7f
  • Update body after beforeRequest (#1453) e1c1844
  • Don't allocate buffer twice (#1403) 7bc69d9

Fixes

  • Fix a regression where body was sent after redirect 88b32ea
  • Fix destructure error on promise.json() c97ce7c
  • Do not ignore userinfo on a redirect to the same origin 52de13b

sindresorhus/got@v11.6.2...v11.7.0

v11.6.2

Bug fixes

  • Inherit the prefixUrl option from parent if it's undefined (#1448) a3da70a78aeb7f44dd3e0d0fa47cebe9541eb91e
  • Prepare a fix for hanging promise on Node.js 14.10.x 29d4e325b110ccf7571d4265d40760be4175f7ff
  • Prepare for Node.js 15.0.0 c126ff19c4e893975cbf6c2c8bebce6ed7631276

... (truncated)

Commits

Updates snyk from 1.661.0 to 1.990.0

Release notes

Sourced from snyk's releases.

v1.990.0

1.990.0 (2022-08-22)

Bug Fixes

  • none custom policies severity issues should be filtered out before sending them to registry (4acacd2)

v1.989.0

1.989.0 (2022-08-19)

Bug Fixes

  • downgrade snyk-go-plugin to 1.19.0 (4643026)
  • increase buffer size (8079fe3)
  • update golang plugin (a0e30d9)
  • upgrade-docker-registry-v2-client (275afb1)

Features

  • pass remote-repo-url arg to snyk-iac-test (18e8c87)

v1.988.0

1.988.0 (2022-08-17)

Bug Fixes

  • return exit code 3 when no resources can be found (9d2e41f)
  • upgrade docker-registry-v2-client lib (374ba55)

Features

  • pass target-name arg to snyk-iac-test (4352122)
  • stop caching rules (71c866e)

v1.987.0

1.987.0 (2022-08-15)

Bug Fixes

  • correct broken URLs for license issues (8a46931)
  • Ensured the test spinner stops (5d9d15f)

Features

... (truncated)

Commits
  • c3095cf Merge pull request #3606 from snyk/fix/none-custom-policies-filtering
  • 0a5a129 Merge pull request #3611 from snyk/fix/regression_tests
  • 4643026 fix: downgrade snyk-go-plugin to 1.19.0
  • 2a573e3 Merge pull request #3607 from snyk/fix/upgrade-docker-registry-v2-client
  • 275afb1 fix: upgrade-docker-registry-v2-client
  • 4acacd2 fix: none custom policies severity issues should be filtered out before sendi...
  • d347279 Merge pull request #3598 from snyk/fix/update-golang-plugin
  • 43dcec6 Merge pull request #3599 from snyk/chore/add-remote-repo-url-iac-v2
  • 18e8c87 feat: pass remote-repo-url arg to snyk-iac-test
  • 3b9f91b chore: Updated snyk-iac-test version to v0.21.0
  • Additional commits viewable in compare view

Updates critical from 1.3.10 to 4.0.1

Release notes

Sourced from critical's releases.

v4.0.1

  • Adds support for media attribute on link elements (#510) f6aadc9
  • Npm audit fix 24e2266
  • Bump normalize-url from 4.5.0 to 4.5.1 (#502) 4c8988c
  • Bump trim-newlines from 3.0.0 to 3.0.1 (#501) 8e5beb8

addyosmani/critical@v4.0.0...v4.0.1

v4.0.0

Maintenance

  • Bump dependencies 26e8b7c
  • Bump ws from 6.2.1 to 6.2.2 (#500) 712122d
  • Adds node 16 to ci matrix 143c398
  • Removes link to changelog c2b14d9
  • Fix config test fdd5705
  • Fix linter af99878
  • Bump inline-critical && fix tests f058e45

Bugfixes

  • Support web pages that use media=print for async CSS (#487) 03d0455

Breaking

  • Removed minify option 86aaa4a

addyosmani/critical@v3.1.0...v4.0.0

v3.1.0

  • npm audit fix d4599e0
  • Adds support for inline styles & data-uris (#498) 3ed099c
  • Bump hosted-git-info from 2.8.8 to 2.8.9 (#493) 1fb431b

addyosmani/critical@v3.0.1...v3.1.0

v3.0.1

  • Bump dependencies (#492) f3bd111
  • Fix: dedupe stylesheet hrefs found in document b7d2e27

addyosmani/critical@v3.0.0...v3.0.1

v3.0.0

  • Bump dependencies (#483) 6b3e957
  • Slice cssString in debug output 719cc52

BREAKING

  • Drop support for node versions 11 & 13

addyosmani/critical@v2.0.6...v3.0.0

v2.0.6

  • Chore/bump deps (#472) 0619caa

... (truncated)

Changelog

Sourced from critical's changelog.

v2.0.0 / 2020-06-16

  • Drop support for Node.js < 10
  • Bump dependencies
  • Use Jest for testing
  • Drop include and timeout options as they can be specified in the penthouse options.
  • Drop options styleTarget & dest in favour of target You can specify either a css file, an html file or an object {css: dest.css, html: dest.html} if you want to store both. We may also add an extract target here in a future release.
  • Drop options destFolder, folder and pathPrefix. We tried our best to improve the way critical auto-detects the paths to used assets in the critical css which should suit for most cases. If this doesn't work out you can use the new rebase option to either specify the location of the css & the html file like this: {from: '/styles/main.css', to: '/en/test.html'}. You can also pass a callback function to dynamically compute the path or specify a cdn for example. We utilize postcss-url for this task.
  • Due to some limitations with modern css features we replaced filter-css as the library of choice for handling ignores with postcss-discard. We tried to keep things backwards compatible but you may have to change your ignore configuration.
  • Add concurrency option to specify how many operations can run in parallel.
  • Add the ability to specify used css files using file globs. See supported minimatch patterns.

v1.3.4 / 2018-07-19

  • fix: return Promise.reject instead of re-throw
  • fix: handle PAGE_UNLOADED_DURING_EXECUTION error (#314)
  • output warning on invalid extract setting
  • Add user agent option (#316)
  • Bump dependencies
  • npm audit fix

v1.3.3 / 2018-06-06

  • Bump dependencies
  • Docs: fix typo (#310)
  • Reduced vulnerabilities (#308)

v1.3.2 / 2018-05-15

  • Switched to async-exit-hook

v1.3.1 / 2018-05-14

  • Bump dependencies
  • Removed process.exit on cleanup
  • Adding html-webpack-critical-plugin to README (#306)

v1.3.0 / 2018-05-02

  • Add basic auth option (#295)

v1.2.2 / 2018-04-02

  • Improved handling of protocol-relative asset URLs (#288)
  • Adjust test files according to (#293)
  • Improve error reporting (#258)
  • Replace gutil with fancy-log (#297)
  • Update README.md (#296)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [got](https://github.com/sindresorhus/got), [snyk](https://github.com/snyk/snyk) and [critical](https://github.com/addyosmani/critical). These dependencies needed to be updated together.

Updates `got` from 8.3.2 to 11.8.5
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v8.3.2...v11.8.5)

Updates `snyk` from 1.661.0 to 1.990.0
- [Release notes](https://github.com/snyk/snyk/releases)
- [Commits](snyk/cli@v1.661.0...v1.990.0)

Updates `critical` from 1.3.10 to 4.0.1
- [Release notes](https://github.com/addyosmani/critical/releases)
- [Changelog](https://github.com/addyosmani/critical/blob/master/CHANGELOG.md)
- [Commits](addyosmani/critical@v1.3.10...v4.0.1)

---
updated-dependencies:
- dependency-name: got
  dependency-type: indirect
- dependency-name: snyk
  dependency-type: direct:production
- dependency-name: critical
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner August 22, 2022 12:15
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Aug 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants