Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump is-svg from 4.2.1 to 4.2.2 #3209

Merged
merged 1 commit into from
Mar 12, 2021

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 12, 2021

Bumps is-svg from 4.2.1 to 4.2.2.

Release notes

Sourced from is-svg's releases.

v4.2.2

  • Fix ReDoS vulnerability 01f8a08 You are only affected if you use this package on a server that accepts SVG as user-input.

sindresorhus/is-svg@v4.2.1...v4.2.2

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

Bumps [is-svg](https://github.com/sindresorhus/is-svg) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/sindresorhus/is-svg/releases)
- [Commits](sindresorhus/is-svg@v4.2.1...v4.2.2)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript labels Mar 12, 2021
@peterbe peterbe merged commit 5da3942 into main Mar 12, 2021
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/is-svg-4.2.2 branch March 12, 2021 13:59
wbamberg pushed a commit to wbamberg/yari that referenced this pull request Mar 15, 2021
* upstream/main: (164 commits)
  skip empty srcs for safe iframe srcs (mdn#3216)
  correct code comment (mdn#3223)
  build(deps): bump ahmadnassri/action-dependabot-auto-merge (mdn#3197)
  build(deps-dev): bump @types/react-dom from 17.0.1 to 17.0.2 (mdn#3164)
  create a whatsdeployed.json for translated-content too (mdn#3221)
  avoid double-slash redirects (mdn#3222)
  build(deps): bump image-size from 0.9.4 to 0.9.5 (mdn#3214)
  build(deps): bump boto3 from 1.17.22 to 1.17.26 in /deployer (mdn#3212)
  Fix our auto-merge workflow (mdn#3218)
  build(deps-dev): bump ts-loader from 8.0.17 to 8.0.18 (mdn#3208)
  disable lighthouse PR check unless relevant changes (mdn#3203)
  hide toolbar for frozen locales (mdn#3213)
  build(deps): bump is-svg from 4.2.1 to 4.2.2 (mdn#3209)
  build(deps): bump @mdn/browser-compat-data from 3.1.3 to 3.2.0 (mdn#3210)
  downloading external images for translated-content (mdn#3207)
  add active locales (mdn#3201)
  add tool command for rendering/removing macros (mdn#2955)
  unsafe html should be a breaking flaw (mdn#3192)
  open editor for translated content (mdn#3196)
  add fundamental redirects for /en-US/Security/CSP (mdn#3200)
  ...
peterbe pushed a commit to peterbe/yari that referenced this pull request Jun 1, 2021
Bumps [is-svg](https://github.com/sindresorhus/is-svg) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/sindresorhus/is-svg/releases)
- [Commits](sindresorhus/is-svg@v4.2.1...v4.2.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant