cache-chunk-store icon indicating copy to clipboard operation
cache-chunk-store copied to clipboard
verified publisher icon feross

Bump fs-chunk-store from 2.0.5 to 4.0.1

Open dependabot[bot] opened this issue 3 years ago • 2 comments

Bumps fs-chunk-store from 2.0.5 to 4.0.1.

Release notes

Sourced from fs-chunk-store's releases.

v4.0.1

4.0.1 (2023-01-27)

Bug Fixes

  • deps: update dependency random-access-file to v4 (#41) (33e47bd), closes #47

v4.0.0

4.0.0 (2022-11-19)

Features

BREAKING CHANGES

  • ESM only

  • fix: don't mutate original path

  • feat: esm, modernize

v3.0.1

3.0.1 (2022-07-03)

Bug Fixes

v3.0.0

3.0.0 (2022-03-30)

Bug Fixes

BREAKING CHANGES

  • requires node 14+

  • remove rimraf

  • fix: no package lock

... (truncated)

Changelog

Sourced from fs-chunk-store's changelog.

4.0.1 (2023-01-27)

Bug Fixes

  • deps: update dependency random-access-file to v4 (#41) (33e47bd), closes #47

4.0.0 (2022-11-19)

Features

BREAKING CHANGES

  • ESM only

  • fix: don't mutate original path

  • feat: esm, modernize

3.0.1 (2022-07-03)

Bug Fixes

3.0.0 (2022-03-30)

Bug Fixes

BREAKING CHANGES

  • requires node 14+

  • remove rimraf

  • fix: no package lock

Co-authored-by: Diego Rodríguez Baquero [email protected]

Commits
  • 58ba577 chore(release): 4.0.1
  • 33e47bd fix(deps): update dependency random-access-file to v4 (#41)
  • 09a2f3d chore(deps): update dependency tape to v5.6.3 (#46)
  • f2dee21 chore(release): 4.0.0
  • b8f5bde feat: esm, modernize (#44)
  • c1adb0d chore(deps): update dependency @​webtorrent/semantic-release-config to v1.0.8 ...
  • 4227cc7 chore(deps): update dependency tape to v5.6.1 (#42)
  • 848e822 chore(deps): update dependency semantic-release to v19.0.5 (#40)
  • 6948ac9 chore(deps): update dependency tape to v5.6.0 (#39)
  • 7c7bd2e chore(deps): update dependency semantic-release to v19.0.3 [security] (#36)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jan 30 '23 09:01 dependabot[bot]

The following labels could not be found: dependency.

dependabot[bot] avatar Jan 30 '23 09:01 dependabot[bot]

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
[email protected] (added) install package.json via [email protected]
Pull request report summary
Issue Status
Install scripts ⚠️ 1 issue
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Network access ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
AI detected malware ✅ 0 issues
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] [email protected]

Powered by socket.dev

socket-security[bot] avatar Jan 30 '23 09:01 socket-security[bot]