flame
flame copied to clipboard
lightspeed
Component library for building Lightspeed products
Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) Commits See full diff in compare...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [moment](https://github.com/moment/moment) from 2.27.0 to 2.29.4. Changelog Sourced from moment's changelog. 2.29.4 Release Jul 6, 2022 #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex 2.29.3 Full changelog Release Apr 17, 2022...
Bumps [postcss](https://github.com/postcss/postcss) from 6.0.23 to 7.0.36. Release notes Sourced from postcss's releases. 7.0.36 Backport ReDoS vulnerabilities from PostCSS 8. 7.0.35 Add migration guide link to PostCSS 8 error text. 7.0.34...
Bumps [shelljs](https://github.com/shelljs/shelljs) from 0.8.4 to 0.8.5. Release notes Sourced from shelljs's releases. v0.8.5 This was a small security fix for #1058. Commits 70668a4 0.8.5 d919d22 fix(exec): lockdown file permissions (#1060)...
Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.21 to 0.7.31. Commits 97f3368 Bump version 0.7.31 b86860e Merge pull request #546 from hansott/master 157af1e Merge pull request #547 from sunny-mwx/patch-1 b4cfe1b Merge pull request #535...
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: #...
Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.19. Commits 9a6faa0 4.4.19 70ef812 drop dirCache for symlink on all platforms 3e35515 4.4.18 52b09e3 fix: prevent path escape using drive-relative paths bb93ba2 fix: reserve...
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...
Bumps [trim-off-newlines](https://github.com/stevemao/trim-off-newlines) from 1.0.1 to 1.0.3. Commits c3b28d3 1.0.3 6226c95 Merge pull request #4 from Trott/fix-it-again c77691d fix: remediate ReDOS further 76ca93c chore: pin mocha to version that works with...
Bumps [set-getter](https://github.com/doowb/set-getter) from 0.1.0 to 0.1.1. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: #...
Metadata
Owner
Metadata
Component library for building Lightspeed products