recipe-api-only

recipe-api-only copied to clipboard

Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.15. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization Impact...

dependabot-preview[bot]

Bumps [eslint](https://github.com/eslint/eslint) from 5.12.0 to 7.32.0. Release notes Sourced from eslint's releases. v7.32.0 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#14841) (Bryan Mishkin) faecf56 Update: change reporting location for curly rule...

dependabot-preview[bot]

Bumps [nodemon](https://github.com/remy/nodemon) from 1.18.9 to 2.0.12. Release notes Sourced from nodemon's releases. v2.0.12 2.0.12 (2021-07-10) Bug Fixes windows: properly handle quoted args in event (0823f18), closes #1823 v2.0.11 2.0.11 (2021-07-09)...

dependabot-preview[bot]

Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 3.1.10 to 3.6.10. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Denial of Service in mongodb Versions of mongodb prior...

dependabot-preview[bot]

Upgrade to GitHub-native Dependabot

1

_Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then._ Dependabot has...

dependabot-preview[bot]

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in hosted-git-info The npm...

dependabot-preview[bot]

Bumps [bson](https://github.com/mongodb/js-bson) from 1.1.0 to 1.1.6. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Deserialization of Untrusted Data in bson All versions of...

dependabot-preview[bot]

Bumps [underscore](https://github.com/jashkenas/underscore) from 1.9.1 to 1.12.1. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Arbitrary Code Execution in underscore The package underscore from...

dependabot-preview[bot]

Bumps [loopback-connector-mongodb](https://github.com/strongloop/loopback-connector-mongodb) from 3.9.2 to 6.0.1. Changelog Sourced from loopback-connector-mongodb's changelog. 2021-05-03, Version 6.0.1 fix: allows fields filter with custom field name (louis.nguyen) README: update notes about 6.0 (Miroslav Bajtoš)...

dependabot-preview[bot]

Bumps [helmet](https://github.com/helmetjs/helmet) from 3.15.0 to 4.6.0. Changelog Sourced from helmet's changelog. 4.6.0 - 2021-05-01 Added helmet.contentSecurityPolicy: the useDefaults option, defaulting to false, lets you selectively override defaults more easily Explicitly...

dependabot-preview[bot]