Skip to content

Bump node-fetch and danger#7

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/node-fetch-and-danger-2.6.9
Open

Bump node-fetch and danger#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/node-fetch-and-danger-2.6.9

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 8, 2023

Bumps node-fetch and danger. These dependencies needed to be updated together.
Updates node-fetch from 2.6.1 to 2.6.9

Release notes

Sourced from node-fetch's releases.

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

v2.6.8

2.6.8 (2023-01-13)

Bug Fixes

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

What's Changed

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits
  • 70f592d fix: "global is not defined" (#1704)
  • 0f1ebb0 Prevent error when response is null (#1699)
  • 6e9464d ci(release): install dependencies
  • dd2a0ba ci(release): install dependencies
  • 49bef02 ci(release): use latest Node LTS
  • ce37bcd ci(semantic-release): config
  • 1768eaa ci(release): initial version
  • 8bb6e31 fix: prevent hoisting of the undefined global variable in browser.js (#1534)
  • e218f8d Add missing changelog entries. (#1613)
  • fddad0e fix(headers): don't forward secure headers on protocol change (#1605)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.


Updates danger from 10.6.6 to 10.9.0

Release notes

Sourced from danger's releases.

Release 10.9.0

  • Prepare for release (34fe471)
  • Merge branch 'adjust-structured-diff-return-value' into main (06928e3)
  • Merge pull request #1201 from berlysia/adjust-structured-diff-return-value (fb66c81)
  • Lock node-fetch to the latest 2.x (6303c88)
  • Merge pull request #1198 from jonny133/jonny133-node-fetch-2_6_7 (9049848)
  • now structuredDiffForFile is well-typed (dc54972)
  • make structuredDiffForFile for BitBucketServer the same as the others (0b5865f)
  • Resolve node-fetch to 2.6.7 (ab77e3c)
  • Merge pull request #1197 from danger/fb/fix-moved-json-crash (a7355a3)
  • Cleanup debug log (3411074)
  • Don't crash when danger.git.JSONDiffForFile encounters a moved JSON file (99e19f7)
  • Merge pull request #1176 from Rouby/patch-1 (d896baf)
  • Merge branch 'main' into patch-1 (4804f80)
  • Merge branch 'main' of https://github.com/danger/danger-js into patch-1 (38a963e)
  • add changelog entry for pr 1176 (68ab2e9)
  • extend github api to send complete reviews (fb630ec)

Release 10.8.0

  • Faff (7ae4121)
  • Merge pull request #1188 from danger/fb/release-10.8.0 (cb52e29)
  • Fix the yml (cf48b28)
  • Merge pull request #1191 from danger/pr_body (ac8d0e8)
  • Faff (6772c4f)
  • Ensure the pr body always exists (dfd4c81)
  • Merge pull request #1189 from danger/fb/node-14 (a64699c)
  • Update .babelrc (7b7529e)
  • Merge pull request #1190 from danger/fb/parse-link-header-update (4b63bdf)
  • Fix: Updates parse-link-header for CVE-2021-23490 (fdf44e6)
  • Switch to node-14 as the oldest tested environment (fc4f607)
  • Release 10.8.0 (08d3498)
  • Merge branch 'main' of https://github.com/danger/danger-js into main (7c026f9)
  • Merge pull request #1177 from danger/output-json (d8ac772)
  • README (3df5838)
  • Merge pull request #1174 from unfernandito/main (a2be690)
  • add ability to ouput results as JSON (9fe7d5e)
  • chore: update package json to fix security problem (3150f56)

Release 10.7.1

  • CHANGELOG (2e2f5e2)
  • Merge pull request #1171 from nicholasrussell-mylo/critical-audit-deps (0672d7a)
  • Update micromatch to resolve critical audit dependency vulnerability (c74329c)
  • Merge pull request #1166 from acherkashin/gitlab_reviewers (6db972a)
  • add reviewers and assignees fields for GitLab API (22c07ac)

Release 10.7.0

  • Prepare for release (a9e765d)
  • Merge pull request #1162 from bobergj/ci-xcode-cloud (933240d)
  • Fix test indentation. (2860fcc)
  • Add support for Xcode Cloud CI. (6ebd330)

... (truncated)

Changelog

Sourced from danger's changelog.

Main

11.2.6

  • A fix for the fix in 11.2.5

11.2.5

  • Fix for running in projects which contain the path danger-pr e.g. ~/danger-projects #1375

11.2.4

  • Feature: Expose addLabels, removeLabels via gitlab.utils, [@​glensc] #1353
  • Fix remote dangerfiles always parsing as JavaScript. TypeScript files should now work properly - [@​snowe2010]
  • Add support for BitBucket Cloud Repository Access Token - [@​thawankeane]

11.2.3

Turns on skipLibCheck so that an @​types change doesn't break deploys to homebrew

11.2.2

Reverts a change for GitHub Actions which was likely causing duplicate comments #1337

11.2.1

  • Updates jsonwebtoken due to security issues
  • Support arm64 binary generation for Apple silicon users #1342 [@​pepix]

11.2.1

  • Bug fix for bitbucket bot detection ignoring case #1291

... (truncated)

Commits
  • 202d727 Release 10.9.0
  • 34fe471 Prepare for release
  • 06928e3 Merge branch 'adjust-structured-diff-return-value' into main
  • fb66c81 Merge pull request #1201 from berlysia/adjust-structured-diff-return-value
  • 6303c88 Lock node-fetch to the latest 2.x
  • 9049848 Merge pull request #1198 from jonny133/jonny133-node-fetch-2_6_7
  • dc54972 now structuredDiffForFile is well-typed
  • 0b5865f make structuredDiffForFile for BitBucketServer the same as the others
  • ab77e3c Resolve node-fetch to 2.6.7
  • a7355a3 Merge pull request #1197 from danger/fb/fix-moved-json-crash
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump node-fetch and danger
aa9296a 
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) and [danger](https://github.com/danger/danger-js). These dependencies needed to be updated together.

Updates `node-fetch` from 2.6.1 to 2.6.9
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@v2.6.1...v2.6.9)

Updates `danger` from 10.6.6 to 10.9.0
- [Release notes](https://github.com/danger/danger-js/releases)
- [Changelog](https://github.com/danger/danger-js/blob/main/CHANGELOG.md)
- [Commits](danger/danger-js@10.6.6...10.9.0)

---
updated-dependencies:
- dependency-name: node-fetch
  dependency-type: indirect
- dependency-name: danger
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants