Bump dependabot/fetch-metadata from 1.3.0 to 1.3.1 #8

Merged
dependabot[bot] merged 1 commits from dependabot/github_actions/dependabot/fetch-metadata-1.3.1 into v3 2022-04-21 12:47:56 +03:00
dependabot[bot] commented 2022-04-21 05:24:00 +03:00 (Migrated from github.com)

Bumps dependabot/fetch-metadata from 1.3.0 to 1.3.1.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v1.3.1

Highlights

This release is primarily catching up on our dependencies, but it also includes a few bug fixes:

What's Changed

New Contributors

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1

Commits
  • bfac3fa Merge pull request #210 from dependabot/v1.3.1-release-notes
  • 80173ff Small correction to bump-version script
  • 525fbe9 v1.3.1
  • 58f09fc Merge pull request #206 from dependabot/dependabot/npm_and_yarn/yaml-2.0.1
  • b1d2cf8 Bump dist/
  • 70c6c9e Bump yaml from 1.10.2 to 2.0.1
  • 7b49493 Merge pull request #209 from dependabot/dependabot/npm_and_yarn/vercel/ncc-0....
  • 13f5830 Bump @​vercel/ncc from 0.33.3 to 0.33.4
  • 59ab888 Merge pull request #208 from dependabot/dependabot/npm_and_yarn/types/node-17...
  • aad4446 Bump @​types/node from 17.0.23 to 17.0.25
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.0 to 1.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v1.3.1</h2> <h2>Highlights</h2> <p>This release is primarily catching up on our dependencies, but it also includes a few bug fixes:</p> <ul> <li>Correctly populate Dependabot Alert metadata when a manifest is located in the project root, thanks <a href="https://github.com/SalimBensiali"><code>@​SalimBensiali</code></a></li> <li>Add a workaround for a <a href="https://github-redirect.dependabot.com/dependabot/dependabot-core/issues/4893">dependabot-core bug</a> that causes the <code>update-type</code> to be blank occasionally, thanks <a href="https://github.com/mwaddell"><code>@​mwaddell</code></a></li> </ul> <h2>What's Changed</h2> <ul> <li>If the <code>update-type</code> is missing for some reason, calculate it by <a href="https://github.com/mwaddell"><code>@​mwaddell</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/173">dependabot/fetch-metadata#173</a></li> <li>Updated readme to explain when you need to use a PAT by <a href="https://github.com/mwaddell"><code>@​mwaddell</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/183">dependabot/fetch-metadata#183</a></li> <li>Updated auto approve example to minimizing notifications by <a href="https://github.com/mwaddell"><code>@​mwaddell</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/188">dependabot/fetch-metadata#188</a></li> <li>Bump <code>@​types/node</code> from 17.0.19 to 17.0.23 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/191">dependabot/fetch-metadata#191</a></li> <li>Bump <code>@​types/jest</code> from 27.4.0 to 27.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/168">dependabot/fetch-metadata#168</a></li> <li>Fix incorrect vulnerable manifest path check by <a href="https://github.com/SalimBensiali"><code>@​SalimBensiali</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/186">dependabot/fetch-metadata#186</a></li> <li>Bump <code>@​types/yargs</code> from 17.0.8 to 17.0.10 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/181">dependabot/fetch-metadata#181</a></li> <li>Bump <code>@​typescript-eslint/parser</code> from 5.12.1 to 5.17.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/194">dependabot/fetch-metadata#194</a></li> <li>Bump eslint from 8.9.0 to 8.12.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/190">dependabot/fetch-metadata#190</a></li> <li>Bump ts-node from 10.5.0 to 10.7.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/196">dependabot/fetch-metadata#196</a></li> <li>Bump eslint from 8.12.0 to 8.13.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/198">dependabot/fetch-metadata#198</a></li> <li>Bump typescript from 4.5.5 to 4.6.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/193">dependabot/fetch-metadata#193</a></li> <li>Bump minimist from 1.2.5 to 1.2.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/204">dependabot/fetch-metadata#204</a></li> <li>Bump yargs from 17.3.1 to 17.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/199">dependabot/fetch-metadata#199</a></li> <li>Bump <code>@​typescript-eslint/parser</code> from 5.17.0 to 5.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/202">dependabot/fetch-metadata#202</a></li> <li>Bump <code>@​typescript-eslint/eslint-plugin</code> from 5.12.1 to 5.20.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/203">dependabot/fetch-metadata#203</a></li> <li>Dependabot updates run monthly and attempt to auto-compile dist/ by <a href="https://github.com/brrygrdn"><code>@​brrygrdn</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/205">dependabot/fetch-metadata#205</a></li> <li>Bump <code>@​actions/github</code> from 5.0.0 to 5.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/197">dependabot/fetch-metadata#197</a></li> <li>Bump eslint-plugin-import from 2.25.4 to 2.26.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/207">dependabot/fetch-metadata#207</a></li> <li>Bump <code>@​types/node</code> from 17.0.23 to 17.0.25 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/208">dependabot/fetch-metadata#208</a></li> <li>Bump <code>@​vercel/ncc</code> from 0.33.3 to 0.33.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/209">dependabot/fetch-metadata#209</a></li> <li>Bump yaml from 1.10.2 to 2.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/206">dependabot/fetch-metadata#206</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/SalimBensiali"><code>@​SalimBensiali</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/186">dependabot/fetch-metadata#186</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1">https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/bfac3fa29cc6834ca2e3fd659343da191a65d971"><code>bfac3fa</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/210">#210</a> from dependabot/v1.3.1-release-notes</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/80173ff966677a9fa09a782f48aee580b106fdbb"><code>80173ff</code></a> Small correction to bump-version script</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/525fbe9201a37c573823fd43c81f1268d0c5b5d1"><code>525fbe9</code></a> v1.3.1</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/58f09fc6798c8e5c7e5f3cec3299b6c1d86f5bdd"><code>58f09fc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/206">#206</a> from dependabot/dependabot/npm_and_yarn/yaml-2.0.1</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/b1d2cf8266c85fd9b3f64000955f49a2d60b2dba"><code>b1d2cf8</code></a> Bump dist/</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/70c6c9ef04d96c0062436fbecf66f3f7721cc1b6"><code>70c6c9e</code></a> Bump yaml from 1.10.2 to 2.0.1</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/7b49493fe1a9fe08a45c5b4c8c859a1c4c170cda"><code>7b49493</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/209">#209</a> from dependabot/dependabot/npm_and_yarn/vercel/ncc-0....</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/13f5830248cf5be89f71433d8bfe93084208aaf0"><code>13f5830</code></a> Bump <code>@​vercel/ncc</code> from 0.33.3 to 0.33.4</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/59ab8889c16ac10fc360334622b812e954e8cc12"><code>59ab888</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/208">#208</a> from dependabot/dependabot/npm_and_yarn/types/node-17...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/aad444603c0dfb956d443e978141b14199d79695"><code>aad4446</code></a> Bump <code>@​types/node</code> from 17.0.23 to 17.0.25</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=1.3.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-04-21 05:24:13 +03:00
Sign in to join this conversation.
No description provided.