Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade gh-pages from 0.11.0 to 2.2.0 #9

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Mar 7, 2020

Snyk has created this PR to upgrade gh-pages from 0.11.0 to 2.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 10 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2020-01-07.

The recommended version fixes:

Severity Issue Exploit Maturity
Prototype Override Protection Bypass
npm:qs:20170213
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:q-io:20180212
Proof of Concept
Release notes
Package name: gh-pages
  • 2.2.0 - 2020-01-07

    2.2.0

  • 2.1.1 - 2019-08-08
  • 2.1.0 - 2019-07-31
  • 2.0.1 - 2018-10-04
    • #268 - Continue even if no git configured user.
  • 2.0.0 - 2018-09-16

    Breaking changes:

    • Requires Node 6 and above. If you require support for Node 4, stick with v1.2.0.
    • The git user for commits is determined by running git config user.name and git config user.email in the current working directory when gh-pages is run. Ideally, this is what you want. In v1, the git user was determined based on the gh-pages install directory. If the package was installed globally, the git user might not have been what you expected when running in a directory with a locally configured git user.

    Details:

  • 1.2.0 - 2018-06-01
  • 1.1.0 - 2017-11-17
    • #218 - Update dependencies, test on Node 8 (@tschaub)
    • #211 - Update async to the latest version 🚀 (@tschaub)
    • #202 - chore(package): update sinon to version 3.2.1 (@tschaub)
    • #201 - chore(package): update chai to version 4.1.1 (@tschaub)
    • #196 - fix(package): update fs-extra to version 4.0.1 (@tschaub)
    • #199 - Update tmp to the latest version 🚀 (@tschaub)
    • #193 - Return the promise in the publish function (@Ambyjkl)
    • #188 - chore(package): update sinon to version 2.3.3 (@tschaub)
    • #185 - fix(package): update commander to version 2.11.0 (@tschaub)
    • #186 - chore(package): update eslint to version 4.1.1 (@tschaub)
    • #187 - fix(package): update async to version 2.5.0 (@tschaub)
    • #175 - Removed unnecessary path require (@antialias)
  • 1.0.0 - 2017-05-09

    This release includes a couple breaking changes:

    • Node 4+ is required.
    • The logger option has been removed. Set NODE_DEBUG=gh-pages to see debug output.

    If you are using Node 4+ and not using the logger option, upgrades should be painless. See below for a full list of changes:

  • 1.0.0-beta.1 - 2017-05-08

    1.0.0-beta.1

  • 0.12.0 - 2016-11-17

    0.12.0

  • 0.11.0 - 2016-03-02
from gh-pages GitHub release notes
Commit messages
Package name: gh-pages
  • a8478a8 2.2.0
  • 8bb003c Log changes
  • 5bf8204 Merge pull request #318 from okuryu/dist
  • 169f29b Merge pull request #319 from Sag-Dev/master
  • ff212fe Merge pull request #323 from tschaub/updates
  • 3dcf9ea Update dependencies
  • f6bb57b Update dev dependencies
  • 6b87c84 Merge pull request #277 from dplusic/feature/no-history
  • e73d921 cli: add `--no-history` flag not to preserve deploy history
  • 1f313c7 Use path.resolve() instead
  • a5f6b56 Added 'remove' documentation to 'readme.md'
  • 1f0e59f Allow an absolute path as dist directory
  • 0249ac9 2.1.1
  • aa27355 Log changes
  • 3a92063 Add MIT license
  • 3cb4f30 Merge pull request #312 from tschaub/git-default
  • 0b3f02c Use default for git
  • ba7e5e1 2.1.0
  • 28f006b Log changes
  • 47d051b Merge pull request #307 from tschaub/updates
  • 76288c5 Update dev dependencies
  • 496aeb4 Audit fix
  • 5bcf217 Test for git option
  • 2fb83f5 Merge pull request #303 from JRJurman/patch-1

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # (snyk:metadata:{"dependencies":[{"name":"gh-pages","from":"0.11.0","to":"2.2.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/saiichihashimoto/project/7d6180cf-f521-4b7d-88a4-b0bc39afc19b?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"7d6180cf-f521-4b7d-88a4-b0bc39afc19b","env":"prod","prType":"upgrade","vulns":["npm:qs:20170213","npm:q-io:20180212"],"issuesToFix":[{"issueId":"npm:qs:20170213","severity":"high","title":"Prototype Override Protection Bypass","exploitMaturity":"no-known-exploit"},{"issueId":"npm:q-io:20180212","severity":"high","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"proof-of-concept"}],"upgrade":["npm:qs:20170213","npm:q-io:20180212"],"upgradeInfo":{"versionsDiff":10,"publishedDate":"2020-01-07T02:16:48.652Z"},"templateVariants":[],"hasFixes":true,"isMajorUpgrade":true,"isBreakingChange":true})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant