Skip to content

Dependabot + dependency update #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Dependabot + dependency update #6

wants to merge 20 commits into from

Conversation

PythonCoderAS
Copy link

This updates all of the dependencies to latest (so they stop throwing audit errors) and adds Dependabot so that it's easy to mitigate audit failures.

Replaces #5

dependabot bot and others added 20 commits December 11, 2021 21:28
@dependabot
Bump tar from 4.4.8 to 4.4.19 in /example
f9b923e 
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v4.4.8...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump ini from 1.3.5 to 1.3.8 in /example
4da01d4 
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](npm/ini@v1.3.5...v1.3.8)

---
updated-dependencies:
- dependency-name: ini
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump lodash from 4.17.11 to 4.17.21 in /example
4187b07 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.11...4.17.21)

---
updated-dependencies:
- dependency-name: lodash
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump sequelize from 4.42.0 to 5.15.1 in /example
1247c92 
Bumps [sequelize](https://github.com/sequelize/sequelize) from 4.42.0 to 5.15.1.
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Commits](sequelize/sequelize@v4.42.0...v5.15.1)

---
updated-dependencies:
- dependency-name: sequelize
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@PythonCoderAS
Create dependabot.yml
6528d3d
@dependabot
Bump sequelize from 4.44.4 to 6.11.0
f5bc01d 
Bumps [sequelize](https://github.com/sequelize/sequelize) from 4.44.4 to 6.11.0.
- [Release notes](https://github.com/sequelize/sequelize/releases)
- [Commits](sequelize/sequelize@v4.44.4...v6.11.0)

---
updated-dependencies:
- dependency-name: sequelize
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump deep-diff from 0.3.8 to 1.0.2
5fff6e0 
Bumps [deep-diff](https://github.com/flitbit/diff) from 0.3.8 to 1.0.2.
- [Release notes](https://github.com/flitbit/diff/releases)
- [Changelog](https://github.com/flitbit/diff/blob/master/ChangeLog.md)
- [Commits](flitbit/diff@v0.3.8...v1.0.2)

---
updated-dependencies:
- dependency-name: deep-diff
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump async from 2.6.3 to 3.2.2
0d41988 
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 3.2.2.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v2.6.3...v3.2.2)

---
updated-dependencies:
- dependency-name: async
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@PythonCoderAS
Merge pull request #1 from HealthScreening/dependabot/npm_and_yarn/ex…
f7e6545 
…ample/tar-4.4.19

Bump tar from 4.4.8 to 4.4.19 in /example
@PythonCoderAS
Merge pull request #2 from HealthScreening/dependabot/npm_and_yarn/ex…
3779c81 
…ample/ini-1.3.8

Bump ini from 1.3.5 to 1.3.8 in /example
@PythonCoderAS
Merge pull request #3 from HealthScreening/dependabot/npm_and_yarn/ex…
6616fb6 
…ample/lodash-4.17.21

Bump lodash from 4.17.11 to 4.17.21 in /example
@PythonCoderAS
Merge pull request #4 from HealthScreening/dependabot/npm_and_yarn/ex…
0786285 
…ample/sequelize-5.15.1

Bump sequelize from 4.42.0 to 5.15.1 in /example
@PythonCoderAS
Merge pull request #5 from HealthScreening/dependabot/npm_and_yarn/se…
71c31fc 
…quelize-6.11.0

Bump sequelize from 4.44.4 to 6.11.0
@PythonCoderAS
Merge pull request #6 from HealthScreening/dependabot/npm_and_yarn/de…
a220c4e 
…ep-diff-1.0.2

Bump deep-diff from 0.3.8 to 1.0.2
@PythonCoderAS
Merge pull request #8 from HealthScreening/dependabot/npm_and_yarn/as…
a15f535 
…ync-3.2.2

Bump async from 2.6.3 to 3.2.2
@dependabot
Bump object-hash from 1.3.1 to 2.2.0
a5b5ffb 
Bumps [object-hash](https://github.com/puleos/object-hash) from 1.3.1 to 2.2.0.
- [Release notes](https://github.com/puleos/object-hash/releases)
- [Commits](puleos/object-hash@v1.3.1...v2.2.0)

---
updated-dependencies:
- dependency-name: object-hash
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@PythonCoderAS
Merge pull request #7 from HealthScreening/dependabot/npm_and_yarn/ob…
f399b65 
…ject-hash-2.2.0

Bump object-hash from 1.3.1 to 2.2.0
@PythonCoderAS
Add updated versions
f1e595d
@PythonCoderAS
Actually fix this time
914ff3e
@PythonCoderAS
Merge remote-tracking branch 'origin/dependencies' into dependencies
d0c84ae
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@PythonCoderAS