Skip to content

Dependabot + dependency update #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: master
Choose a base branch
from

Conversation

PythonCoderAS
Copy link

This updates all of the dependencies to latest (so they stop throwing audit errors) and adds Dependabot so that it's easy to mitigate audit failures.

Replaces #5

dependabot bot and others added 20 commits December 11, 2021 21:28
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.8...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](npm/ini@v1.3.5...v1.3.8)

---
updated-dependencies:
- dependency-name: ini
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.17.21)

---
updated-dependencies:
- dependency-name: lodash
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [sequelize](https://github.com/sequelize/sequelize) from 4.42.0 to 5.15.1.
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Commits](sequelize/sequelize@v4.42.0...v5.15.1)

---
updated-dependencies:
- dependency-name: sequelize
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [sequelize](https://github.com/sequelize/sequelize) from 4.44.4 to 6.11.0.
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Commits](sequelize/sequelize@v4.44.4...v6.11.0)

---
updated-dependencies:
- dependency-name: sequelize
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [deep-diff](https://github.com/flitbit/diff) from 0.3.8 to 1.0.2.
- [Release notes](https://github.com/flitbit/diff/releases)
- [Changelog](https://github.com/flitbit/diff/blob/master/ChangeLog.md)
- [Commits](flitbit/diff@v0.3.8...v1.0.2)

---
updated-dependencies:
- dependency-name: deep-diff
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 3.2.2.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v2.6.3...v3.2.2)

---
updated-dependencies:
- dependency-name: async
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
…ample/tar-4.4.19

Bump tar from 4.4.8 to 4.4.19 in /example
…ample/ini-1.3.8

Bump ini from 1.3.5 to 1.3.8 in /example
…ample/lodash-4.17.21

Bump lodash from 4.17.11 to 4.17.21 in /example
…ample/sequelize-5.15.1

Bump sequelize from 4.42.0 to 5.15.1 in /example
…quelize-6.11.0

Bump sequelize from 4.44.4 to 6.11.0
…ep-diff-1.0.2

Bump deep-diff from 0.3.8 to 1.0.2
…ync-3.2.2

Bump async from 2.6.3 to 3.2.2
Bumps [object-hash](https://github.com/puleos/object-hash) from 1.3.1 to 2.2.0.
- [Release notes](https://github.com/puleos/object-hash/releases)
- [Commits](puleos/object-hash@v1.3.1...v2.2.0)

---
updated-dependencies:
- dependency-name: object-hash
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
…ject-hash-2.2.0

Bump object-hash from 1.3.1 to 2.2.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant