lookout
lookout copied to clipboard
src-d
Assisted code review, running custom code analyzers on pull requests
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.15. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization Impact...
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot] avatar"){kind=avatar}
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 11.11.0 to 16.4.9. Commits See full diff in compare view [](https://dependabot.com/compatibility-score/?dependency-name=@types/node&package-manager=npm_and_yarn&previous-version=11.11.0&new-version=16.4.9) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 24.0.11 to 26.0.24. Commits See full diff in compare view [](https://dependabot.com/compatibility-score/?dependency-name=@types/jest&package-manager=npm_and_yarn&previous-version=24.0.11&new-version=26.0.24) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 16.8.7 to 17.0.15. Commits See full diff in compare view [](https://dependabot.com/compatibility-score/?dependency-name=@types/react&package-manager=npm_and_yarn&previous-version=16.8.7&new-version=17.0.15) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [@types/react-dom](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react-dom) from 16.8.2 to 17.0.9. Commits See full diff in compare view [](https://dependabot.com/compatibility-score/?dependency-name=@types/react-dom&package-manager=npm_and_yarn&previous-version=16.8.2&new-version=17.0.9) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [ws](https://github.com/websockets/ws) from 5.2.2 to 5.2.3. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. ReDoS in Sec-Websocket-Protocol header Impact A specially crafted value...
Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Potential memory exposure in dns-packet This affects the package...
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.5.5. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDOS) A Regular Expression...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.20.1 to 1.39.0. Release notes Sourced from google.golang.org/grpc's releases. Release 1.39.0 Behavior Changes csds: return empty response if xds client is not set (#4505) metadata: convert keys...
_Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then._ Dependabot has...