Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
This repository was archived by the owner on Sep 16, 2021. It is now read-only.

Bump urijs from 1.19.1 to 1.19.7#53

Open
dependabot wants to merge1 commit intomaster
base:master
Choose a base branch
Loading
fromdependabot/npm_and_yarn/urijs-1.19.7

Conversation

@dependabot
Copy link
Contributor

@dependabotdependabotbot commented on behalf ofgithubJul 20, 2021

Bumpsurijs from 1.19.1 to 1.19.7.

Release notes

Sourced fromurijs's releases.

1.19.7 (July 14th 2021)

  • SECURITY fixingURI.parseQuery() to prevent overwriting__proto__ in parseQuery() - disclosed privately by@​NewEraCracker
  • SECURITY fixingURI.parse() to handle variable amounts of\ and/ in scheme delimiter as Node and Browsers do - disclosed privately byready-research viahttps://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

1.19.6 (February 13th 2021)

  • SECURITY fixingURI.parse() to rewrite\ in scheme delimiter to/ as Node and Browsers do - disclosed privately byYaniv Nizry from the CxSCA AppSec team at Checkmarx

1.19.5 (December 30th 2020)

1.19.4 (December 23rd 2020)

1.19.3 (December 20th 2020)

1.19.2 (October 20th 2019)

Changelog

Sourced fromurijs's changelog.

1.19.7 (July 14th 2021)

  • SECURITY fixingURI.parseQuery() to prevent overwriting__proto__ in parseQuery() - disclosed privately by@​NewEraCracker
  • SECURITY fixingURI.parse() to handle variable amounts of\ and/ in scheme delimiter as Node and Browsers do - disclosed privately byready-research viahttps://huntr.dev/
  • removed obsolete build tools
  • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)

1.19.6 (February 13th 2021)

  • SECURITY fixingURI.parse() to rewrite\ in scheme delimiter to/ as Node and Browsers do - disclosed privately byYaniv Nizry from the CxSCA AppSec team at Checkmarx

1.19.5 (December 30th 2020)

1.19.4 (December 23rd 2020)

1.19.3 (December 20th 2020)

1.19.2 (October 20th 2019)

Commits
  • 19e54c7 chore(build): bumping to version 1.19.7
  • 547d4b6 build: update jquery
  • aab4a43 build: remove obsolete build tools
  • ac43ca8 fix(parse): more backslash galore#410
  • 622db6d docs: add security policy
  • 8e51b00 fix(parse): prevent overwritingproto in parseQuery()
  • 46c8ac0 chore(build): bumping to version 1.19.6
  • a1ad8bc fix(parse): treat backslash as forwardslash in scheme delimiter
  • d7bb4ce chore(build): bumping to version 1.19.5
  • bf04ec5 chore(build): bumping to version 1.19.4
  • Additional commits viewable incompare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from theSecurity Alerts page.

Bumps [urijs](https://github.com/medialize/URI.js) from 1.19.1 to 1.19.7.- [Release notes](https://github.com/medialize/URI.js/releases)- [Changelog](https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md)- [Commits](medialize/URI.js@v1.19.1...v1.19.7)---updated-dependencies:- dependency-name: urijs  dependency-type: indirect...Signed-off-by: dependabot[bot] <support@github.com>
@dependabotdependabotbot added the dependenciesPull requests that update a dependency file labelJul 20, 2021
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependenciesPull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

[8]ページ先頭
©2009-2025 Movatter.jp