profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/JamesMGreene/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
James M. Greene JamesMGreene GitHub Minneapolis, MN https://jamesmgreene.github.io/ :octocat: Software Engineer :octocat:

ariya/phantomjs 28194

Scriptable Headless Browser

derek-watson/jsUri 366

Uri parsing and manipulation for node.js and the browser.

JamesMGreene/document.currentScript 65

Polyfill for HTML5's `document.currentScript`.

JamesMGreene/Function.name 42

Polyfill for ECMAScript 6's `Function.name`.

JamesMGreene/currentExecutingScript 23

Get the currently executing script, regardless of its source/trigger/synchronicity. Similar to HTML5's `document.currentScript` but arguably much more useful!

JamesMGreene/gh-cover-letter 8

GitHub cover letter

JamesMGreene/chai-deep-match 5

Extends Chai with an assertion for deeply matching objects (i.e. subset equality checking)

JamesMGreene/breq 3

A client-side CommonJS `require` implementation that does NOT require a precompilation build step nor server-side middleware. It instead utilizes synchronous `XMLHttpRequest`s and `eval` instead, which does impose a series of limitations unless you're willing to generate a whole mess of `404`s. Terrible for performance, nice for dynamic ease of use.

JamesMGreene/gc2gh-issue-migrator 3

Migration tool(s) for fetching issues from the Google Code Issue Tracker API and translating that data into a GitHub Issue Tracker offline-importable format.

JamesMGreene/chef-gocd-agent 1

Chef cookbook to install/configure a ThoughtWorks Go CD (GoCD) Agent

startedwereturtle/ghostwriter

started time in 6 hours

delete branch JamesMGreene/node-draft-releaser

delete branch : dependabot/npm_and_yarn/typescript-4.1.5

delete time in 13 hours

PR closed JamesMGreene/node-draft-releaser

Bump typescript from 3.8.3 to 4.1.5 dependencies

Bumps typescript from 3.8.3 to 4.1.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 4.1.5</h2> <p>This release contains a fix for <a href="https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42718">an issue when language service plugins have no specified name</a>.</p> <h2>TypeScript 4.1.4</h2> <p>This release contains fixes for a <a href="https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42712">security risk involving language service plugin loading</a>. More details are available <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639">here</a>.</p> <h2>TypeScript 4.1.3</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-1">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.2%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.3%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.3 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41">Visual Studio 2017/2019</a> (<a href="https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017">Select new version in project options</a>)</li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 4.1</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-1">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.2%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.2 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41">Visual Studio 2017/2019</a> (<a href="https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017">Select new version in project options</a>)</li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 4.1 RC</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-1-rc">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.1 (RC)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41rc">Visual Studio 2017/2019</a> (<a href="https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017">Select new version in project options</a>)</li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/TypeScript/commit/aace53f7d71af11e4b89dd074a1657964a22d0b4"><code>aace53f</code></a> Bump version to 4.1.5 and LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/af0ad8089777ef8df16b0980b0972f1e214308fe"><code>af0ad80</code></a> Handle if plugin doesnt specify name (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/42720">#42720</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/c329d68d4591d31d966ab64e0da579c95a1c5e1d"><code>c329d68</code></a> Bump version to 4.1.4 and LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/7bc71732c1fd09d910433f7f020a2de312e9549f"><code>7bc7173</code></a> Allow only package names as plugin names</li> <li><a href="https://github.com/microsoft/TypeScript/commit/b512d91a351c474b1530f87faf6e5c53fb71c30d"><code>b512d91</code></a> Bump version to 4.1.3 and LKG</li> <li><a href="https://github.com/microsoft/TypeScript/commit/3c736255e407f75a0faa6b70ad8b290d084f948e"><code>3c73625</code></a> Properly cache types for shared control flow nodes (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41665">#41665</a>) (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41906">#41906</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/1e9518cb3531704145c038b469cbe38e3368e023"><code>1e9518c</code></a> Cherry-pick PR <a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41758">#41758</a> into release-4.1 (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41862">#41862</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/abf88154d22e5fb050fba2916325e48675381cbf"><code>abf8815</code></a> Undo <a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/39258">#39258</a> (isArray changes) see overview at <a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41808">#41808</a> (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41849">#41849</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/9b6625895bf6a75da1ad679bc77f0ea388a05734"><code>9b66258</code></a> Add missed resolveSymbol in commonjs import resolution (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41479">#41479</a>) (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41691">#41691</a>)</li> <li><a href="https://github.com/microsoft/TypeScript/commit/9d25e593ab722d9cf203690de94e36f8588e968e"><code>9d25e59</code></a> Adds Format param to the tsserver session (<a href="https://github-redirect.dependabot.com/Microsoft/TypeScript/issues/41614">#41614</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Microsoft/TypeScript/compare/v3.8.3...v4.1.5">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

1 comment

2 changed files

dependabot-preview[bot]

pr closed time in 13 hours

pull request commentJamesMGreene/node-draft-releaser

Bump typescript from 3.8.3 to 4.1.5

Superseded by #308.

dependabot-preview[bot]

comment created time in 13 hours

PR opened JamesMGreene/node-draft-releaser

Bump typescript from 3.8.3 to 4.2.2

Bumps typescript from 3.8.3 to 4.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Microsoft/TypeScript/releases">typescript's releases</a>.</em></p> <blockquote> <h2>TypeScript 4.2 RC</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-2-rc">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.2.0%22+is%3Aclosed+">fixed issues query for TypeScript v4.2.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.2.1%22+is%3Aclosed+">fixed issues query for TypeScript v4.2.1 (RC)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-42rc">Visual Studio 2017/2019</a> (<a href="https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017">Select new version in project options</a>)</li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 4.2 Beta</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-2-beta/">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.2.0%22+is%3Aclosed+">fixed issues query for TypeScript v4.2.0 (Beta)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-42beta">Visual Studio 2017/2019</a> (<a href="https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017">Select new version in project options</a>)</li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 4.1.5</h2> <p>This release contains a fix for <a href="https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42718">an issue when language service plugins have no specified name</a>.</p> <h2>TypeScript 4.1.4</h2> <p>This release contains fixes for a <a href="https://github-redirect.dependabot.com/microsoft/TypeScript/issues/42712">security risk involving language service plugin loading</a>. More details are available <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1639">here</a>.</p> <h2>TypeScript 4.1.3</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-1">release announcement</a>.</p> <p>For the complete list of fixed issues, check out the</p> <ul> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.0%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.0 (Beta)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.1%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.1 (RC)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.2%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.2 (Stable)</a>.</li> <li><a href="https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93&q=is%3Aissue+milestone%3A%22TypeScript+4.1.3%22+is%3Aclosed+">fixed issues query for TypeScript v4.1.3 (Stable)</a>.</li> </ul> <p>Downloads are available on:</p> <ul> <li><a href="https://www.npmjs.com/package/typescript">npm</a></li> <li><a href="https://marketplace.visualstudio.com/items?itemName=TypeScriptTeam.TypeScript-41">Visual Studio 2017/2019</a> (<a href="https://github.com/Microsoft/TypeScript/wiki/Updating-TypeScript-in-Visual-Studio-2017">Select new version in project options</a>)</li> <li><a href="https://www.nuget.org/packages/Microsoft.TypeScript.MSBuild">NuGet package</a></li> </ul> <h2>TypeScript 4.1</h2> <p>For release notes, check out the <a href="https://devblogs.microsoft.com/typescript/announcing-typescript-4-1">release announcement</a>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Microsoft/TypeScript/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

0 comment

2 changed files

pr created time in 13 hours

startedgradle-nexus/publish-plugin

started time in a day

created repositorygr2m/squash-commit-app

GitHub App which adds an empty commit to an open pull request with a single commit when the title was changed

created time in a day

created repositoryoctokit/auth-oauth-device.js

GitHub OAuth Device authentication strategy for JavaScript

created time in a day

fork gr2m/docs

The open-source repo for docs.github.com

https://docs.github.com

fork in a day

MemberEvent

startedrui314/mold

started time in 2 days

fork zeke/gettext_i18n_rails

Rails: FastGettext, I18n integration -- simple, threadsafe and fast!

fork in 2 days

delete branch JamesMGreene/node-draft-releaser

delete branch : dependabot/npm_and_yarn/types/node-14.14.30

delete time in 3 days

PR closed JamesMGreene/node-draft-releaser

Bump @types/node from 14.0.1 to 14.14.30 dependencies

Bumps @types/node from 14.0.1 to 14.14.30. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

1 comment

2 changed files

dependabot-preview[bot]

pr closed time in 3 days

pull request commentJamesMGreene/node-draft-releaser

Bump @types/node from 14.0.1 to 14.14.30

Superseded by #307.

dependabot-preview[bot]

comment created time in 3 days

PR opened JamesMGreene/node-draft-releaser

Bump @types/node from 14.0.1 to 14.14.31

Bumps @types/node from 14.0.1 to 14.14.31. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -4

0 comment

2 changed files

pr created time in 3 days

delete branch JamesMGreene/node-draft-releaser

delete branch : dependabot/npm_and_yarn/lodash-4.17.20

delete time in 3 days

PR closed JamesMGreene/node-draft-releaser

[Security] Bump lodash from 4.17.15 to 4.17.20 dependencies security

Bumps lodash from 4.17.15 to 4.17.20. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/516.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Allocation of Resources Without Limits or Throttling</strong> Prototype pollution attack (lodash)</p> <p>Affected versions: >=4.17.15 <4.17.19</p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-p6mc-m468-83gw">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Prototype Pollution in lodash</strong> Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.</p> <p>This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.</p> <p>Affected versions: < 4.17.19</p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-p6mc-m468-83gw">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Prototype Pollution in lodash</strong> Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.</p> <p>This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.</p> <p>Affected versions: < 4.17.19</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/ded9bc66583ed0b4e3b7dc906206d40757b4a90a"><code>ded9bc6</code></a> Bump to v4.17.20.</li> <li><a href="https://github.com/lodash/lodash/commit/63150ef7645ac07961b63a86490f419f356429aa"><code>63150ef</code></a> Documentation fixes.</li> <li><a href="https://github.com/lodash/lodash/commit/00f0f62a979d2f5fa0287c06eae70cf9a62d8794"><code>00f0f62</code></a> test.js: Remove trailing comma.</li> <li><a href="https://github.com/lodash/lodash/commit/846e434c7a5b5692c55ebf5715ed677b70a32389"><code>846e434</code></a> Temporarily use a custom fork of <code>lodash-cli</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/5d046f39cbd27f573914768e3b36eeefcc4f1229"><code>5d046f3</code></a> Re-enable Travis tests on <code>4.17</code> branch.</li> <li><a href="https://github.com/lodash/lodash/commit/aa816b36d402a1ad9385142ce7188f17dae514fd"><code>aa816b3</code></a> Remove <code>/npm-package</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.20">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~bnjmnt4n">bnjmnt4n</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -3

1 comment

1 changed file

dependabot-preview[bot]

pr closed time in 3 days

pull request commentJamesMGreene/node-draft-releaser

[Security] Bump lodash from 4.17.15 to 4.17.20

Superseded by #306.

dependabot-preview[bot]

comment created time in 3 days

PR opened JamesMGreene/node-draft-releaser

[Security] Bump lodash from 4.17.15 to 4.17.21

Bumps lodash from 4.17.15 to 4.17.21. This update includes security fixes. <details> <summary>Vulnerabilities fixed</summary> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-p6mc-m468-83gw">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Prototype Pollution in lodash</strong> Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.</p> <p>This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.</p> <p>Affected versions: < 4.17.19</p> </blockquote> <p><em>Sourced from <a href="https://github.com/advisories/GHSA-p6mc-m468-83gw">The GitHub Security Advisory Database</a>.</em></p> <blockquote> <p><strong>Prototype Pollution in lodash</strong> Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.</p> <p>This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.</p> <p>Affected versions: < 4.17.19</p> </blockquote> <p><em>Sourced from <a href="https://github.com/nodejs/security-wg/blob/master/vuln/npm/516.json">The Node Security Working Group</a>.</em></p> <blockquote> <p><strong>Allocation of Resources Without Limits or Throttling</strong> Prototype pollution attack (lodash)</p> <p>Affected versions: >=4.17.15 <4.17.19</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538"><code>f299b52</code></a> Bump to v4.17.21</li> <li><a href="https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a"><code>c4847eb</code></a> Improve performance of <code>toNumber</code>, <code>trim</code> and <code>trimEnd</code> on large input strings</li> <li><a href="https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"><code>3469357</code></a> Prevent command injection through <code>_.template</code>'s <code>variable</code> option</li> <li><a href="https://github.com/lodash/lodash/commit/ded9bc66583ed0b4e3b7dc906206d40757b4a90a"><code>ded9bc6</code></a> Bump to v4.17.20.</li> <li><a href="https://github.com/lodash/lodash/commit/63150ef7645ac07961b63a86490f419f356429aa"><code>63150ef</code></a> Documentation fixes.</li> <li><a href="https://github.com/lodash/lodash/commit/00f0f62a979d2f5fa0287c06eae70cf9a62d8794"><code>00f0f62</code></a> test.js: Remove trailing comma.</li> <li><a href="https://github.com/lodash/lodash/commit/846e434c7a5b5692c55ebf5715ed677b70a32389"><code>846e434</code></a> Temporarily use a custom fork of <code>lodash-cli</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/5d046f39cbd27f573914768e3b36eeefcc4f1229"><code>5d046f3</code></a> Re-enable Travis tests on <code>4.17</code> branch.</li> <li><a href="https://github.com/lodash/lodash/commit/aa816b36d402a1ad9385142ce7188f17dae514fd"><code>aa816b3</code></a> Remove <code>/npm-package</code>.</li> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.15...4.17.21">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~bnjmnt4n">bnjmnt4n</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -3

0 comment

1 changed file

pr created time in 3 days

startedjanko/down

started time in 3 days

startedtauri-apps/tauri

started time in 3 days

startedcloudflare/wrangler-action

started time in 4 days

startedphp/doc-en

started time in 4 days

startedexcid3/noticed

started time in 4 days

startedjlfwong/speedscope

started time in 4 days

delete branch JamesMGreene/node-draft-releaser

delete branch : dependabot/npm_and_yarn/types/node-14.14.28

delete time in 6 days