dependabot[bot]
3c6b38f67d
chore(deps): bump socket.io-parser from 3.3.2 to 3.3.3 ( #376 )
...
Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser ) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/socketio/socket.io-parser/releases )
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md )
- [Commits](https://github.com/socketio/socket.io-parser/compare/3.3.2...3.3.3 )
---
updated-dependencies:
- dependency-name: socket.io-parser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
f85861670d
chore(deps): bump loader-utils from 1.4.0 to 1.4.1 ( #372 )
...
Bumps [loader-utils](https://github.com/webpack/loader-utils ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/webpack/loader-utils/releases )
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.1/CHANGELOG.md )
- [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.1 )
---
updated-dependencies:
- dependency-name: loader-utils
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
b46b3feba3
chore(deps): bump ansi-html and laravel-mix ( #363 )
...
Removes [ansi-html](https://github.com/Tjatse/ansi-html ). It's no longer used after updating ancestor dependency [laravel-mix](https://github.com/JeffreyWay/laravel-mix ). These dependencies need to be updated together.
Removes `ansi-html`
Updates `laravel-mix` from 6.0.25 to 6.0.49
- [Release notes](https://github.com/JeffreyWay/laravel-mix/releases )
- [Changelog](https://github.com/laravel-mix/laravel-mix/blob/master/CHANGELOG.md )
- [Commits](https://github.com/JeffreyWay/laravel-mix/commits )
---
updated-dependencies:
- dependency-name: ansi-html
dependency-type: indirect
- dependency-name: laravel-mix
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
Ned Zimmerman
9ff13ad6f2
chore(deps): update Aetna and Pressbooks Build Tools ( #349 )
...
* chore(deps): update Aetna and Pressbooks Build Tools
* fix: lint styles
* ci: add Node 16 to matrix
* chore(deps): bump Aetna to 1.0.1
2 years ago
Ricardo Aragon
f35dad2989
feat: allow custom pages for catalog
2 years ago
dependabot[bot]
8713991abf
Bump terser from 4.8.0 to 4.8.1 ( #341 )
...
Bumps [terser](https://github.com/terser/terser ) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/terser/terser/releases )
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/commits )
---
updated-dependencies:
- dependency-name: terser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
747793b279
Bump minimist from 1.2.5 to 1.2.6 ( #323 )
...
Bumps [minimist](https://github.com/substack/minimist ) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases )
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6 )
---
updated-dependencies:
- dependency-name: minimist
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
7e8b11a402
Bump follow-redirects from 1.14.7 to 1.14.8 ( #317 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.7 to 1.14.8.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.7...v1.14.8 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
f684813557
Bump follow-redirects from 1.14.1 to 1.14.7 ( #307 )
...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects ) from 1.14.1 to 1.14.7.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases )
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.1...v1.14.7 )
---
updated-dependencies:
- dependency-name: follow-redirects
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
e6104a403a
Bump jquery-bridget from 3.0.0 to 3.0.1 ( #304 )
...
Bumps [jquery-bridget](https://github.com/desandro/jquery-bridget ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/desandro/jquery-bridget/releases )
- [Commits](https://github.com/desandro/jquery-bridget/compare/v3.0.0...v3.0.1 )
---
updated-dependencies:
- dependency-name: jquery-bridget
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
de31590154
Bump nanoid from 3.1.23 to 3.2.0 ( #310 )
...
Bumps [nanoid](https://github.com/ai/nanoid ) from 3.1.23 to 3.2.0.
- [Release notes](https://github.com/ai/nanoid/releases )
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ai/nanoid/compare/3.1.23...3.2.0 )
---
updated-dependencies:
- dependency-name: nanoid
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
79f977ca8d
Bump nth-check from 2.0.0 to 2.0.1 ( #289 )
...
Bumps [nth-check](https://github.com/fb55/nth-check ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/fb55/nth-check/releases )
- [Commits](https://github.com/fb55/nth-check/compare/v2.0.0...v2.0.1 )
---
updated-dependencies:
- dependency-name: nth-check
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
dependabot[bot]
1ab92e54d1
Bump jquery-bridget from 2.0.1 to 3.0.0 ( #263 )
...
Bumps [jquery-bridget](https://github.com/desandro/jquery-bridget ) from 2.0.1 to 3.0.0.
- [Release notes](https://github.com/desandro/jquery-bridget/releases )
- [Commits](https://github.com/desandro/jquery-bridget/compare/v2.0.1...v3.0.0 )
---
updated-dependencies:
- dependency-name: jquery-bridget
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
Steel Wagstaff
0d66e94654
chore: add pressbooks-build-tools as devDependency ( #265 )
...
* update package.json
* Update WP text matrix
3 years ago
Ho Man Chan
5ba1929f77
Update version and localizations ( #233 )
...
* Update version and localizations
* Remove Travis CI test for php 7.1 and 7.2
4 years ago
dependabot-preview[bot]
2ca0b40310
[Security] Bump highlight.js from 9.16.2 to 9.18.5 ( #226 )
...
Bumps [highlight.js](https://github.com/highlightjs/highlight.js ) from 9.16.2 to 9.18.5. **This update includes a security fix.**
- [Release notes](https://github.com/highlightjs/highlight.js/releases )
- [Changelog](https://github.com/highlightjs/highlight.js/blob/9.18.5/CHANGES.md )
- [Commits](https://github.com/highlightjs/highlight.js/compare/9.16.2...9.18.5 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
d4c0b5add7
[Security] Bump tree-kill from 1.2.1 to 1.2.2 ( #224 )
...
Bumps [tree-kill](https://github.com/pkrumins/node-tree-kill ) from 1.2.1 to 1.2.2. **This update includes a security fix.**
- [Release notes](https://github.com/pkrumins/node-tree-kill/releases )
- [Commits](https://github.com/pkrumins/node-tree-kill/compare/v1.2.1...v1.2.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
84ce5f79ca
[Security] Bump bl from 3.0.0 to 3.0.1 ( #215 )
...
Bumps [bl](https://github.com/rvagg/bl ) from 3.0.0 to 3.0.1. **This update includes a security fix.**
- [Release notes](https://github.com/rvagg/bl/releases )
- [Commits](https://github.com/rvagg/bl/compare/v3.0.0...v3.0.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
4 years ago
dependabot-preview[bot]
1275f95eb0
[Security] Bump jquery from 3.4.0 to 3.5.1 ( #210 )
...
Bumps [jquery](https://github.com/jquery/jquery ) from 3.4.0 to 3.5.1. **This update includes security fixes.**
- [Release notes](https://github.com/jquery/jquery/releases )
- [Commits](https://github.com/jquery/jquery/compare/3.4.0...3.5.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
5 years ago
dependabot-preview[bot]
ef7386d503
[Security] Bump handlebars from 4.5.3 to 4.7.6
...
Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.5.3 to 4.7.6. **This update includes a security fix.**
- [Release notes](https://github.com/wycats/handlebars.js/releases )
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md )
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.7.6 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
Dac Chartrand
262df22b4a
Better Pressbooks-build-tools Solution ( #197 )
...
* unused wpapi, update js-cookie, npm audit fix
* build dist with updated versions
See: https://github.com/pressbooks/pressbooks/pull/1834
5 years ago
Dac Chartrand
ac3521420e
Better Pressbooks-build-tools Solution ( #196 )
...
See: https://github.com/pressbooks/pressbooks/pull/1834
5 years ago
dependabot-preview[bot]
c74ce31d5b
[Security] Bump eslint-utils from 1.3.1 to 1.4.2 ( #190 )
...
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils ) from 1.3.1 to 1.4.2. **This update includes a security fix.**
- [Release notes](https://github.com/mysticatea/eslint-utils/releases )
- [Commits](https://github.com/mysticatea/eslint-utils/compare/v1.3.1...v1.4.2 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
dependabot-preview[bot]
b2a9f9f324
[Security] Bump mixin-deep from 1.3.0 to 1.3.2 ( #188 )
...
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep ) from 1.3.0 to 1.3.2. **This update includes security fixes.**
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases )
- [Commits](https://github.com/jonschlinkert/mixin-deep/commits )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
5 years ago
Daniel Fernandes
9a9c110427
Contact link form, color picker a11y tweaks ( #186 )
...
Fixes : pressbooks/ideas#180
Fixes : pressbooks/pressbooks#1659
6 years ago
Dac Chartrand
34e1562a7f
Update aetna to 1.0.0-alpha.26
6 years ago
Daniel Fernandes
017f8dbf50
Update site/admin footers following website launch ( #180 )
...
Fixes https://github.com/pressbooks/pressbooks/issues/1690
6 years ago
dependabot[bot]
df250e5b97
[Security] Bump tar from 4.4.1 to 4.4.8 ( #179 )
...
Bumps [tar](https://github.com/npm/node-tar ) from 4.4.1 to 4.4.8. **This update includes security fixes.**
- [Release notes](https://github.com/npm/node-tar/releases )
- [Commits](https://github.com/npm/node-tar/compare/v4.4.1...v4.4.8 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
88faa2fd09
[Security] Bump jquery from 3.2.1 to 3.4.0
...
Bumps [jquery](https://github.com/jquery/jquery ) from 3.2.1 to 3.4.0. **This update includes security fixes.**
- [Release notes](https://github.com/jquery/jquery/releases )
- [Commits](https://github.com/jquery/jquery/compare/3.2.1...3.4.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
Ned Zimmerman
7db5ebfec3
Bump version, localizations
6 years ago
dependabot[bot]
dafbb6cbe3
[Security] Bump handlebars from 4.0.12 to 4.1.0 ( #173 )
...
Bumps [handlebars](https://github.com/wycats/handlebars.js ) from 4.0.12 to 4.1.0. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The npm Advisory Database](https://npmjs.com/advisories/755 ).*
> **Prototype Pollusion**
> All versions of `handlebars` are vulnerable to Prototype Pollusion. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
>
> Affected versions: <=4.0.12
</details>
<details>
<summary>Changelog</summary>
*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/v4.1.0/release-notes.md ).*
> ## v4.1.0 - February 7th, 2019
> New Features
>
> - import TypeScript typings - 27ac1ee
>
> Security fixes:
>
> - disallow access to the constructor in templates to prevent RCE - 42841c4, [#1495 ](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495 )
>
> Housekeeping
>
> - chore: fix components/handlebars package.json and auto-update on release - bacd473
> - chore: Use node 10 to build handlebars - 78dd89c
> - chore/doc: Add more release docs - 6b87c21
>
> Compatibility notes:
>
> Access to class constructors (i.e. `({}).constructor`) is now prohibited to prevent
> Remote Code Execution. This means that following construct will no work anymore:
>
> ```
> class SomeClass {
> }
>
> SomeClass.staticProperty = 'static'
>
> var template = Handlebars.compile('{{constructor.staticProperty}}');
> document.getElementById('output').innerHTML = template(new SomeClass());
> // expected: 'static', but now this is empty.
> ```
>
> This kind of access is not the intended use of Handlebars and leads to the vulnerability described in [#1495 ](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495 ). We will **not** increase the major version, because such use is not intended or documented, and because of the potential impact of the issue (we fear that most people won't use a new major version and the issue may not be resolved on many systems).
>
>
>
> [Commits](https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.1.0 )
</details>
<details>
<summary>Commits</summary>
- [`7caca94`](7caca944b1
) v4.1.0
- [`7bd34fb`](7bd34fb466
) Update release notes
- [`56fc676`](56fc6768d1
) test: run appveyor tests in Node 10
- [`ee30222`](ee3022228b
) chore: disable sauce-labs
- [`05e6293`](05e6293bb3
) chore: bump version of grunt-saucelabs
- [`2db0d12`](2db0d123c8
) chore: add .idea and yarn-error.log to .gitignore
- [`edc6220`](edc6220d51
) fix: disallow access to the constructor in templates to prevent RCE
- [`bacd473`](bacd473fe6
) chore: fix components/handlebars package.json and auto-update on release
- [`27ac1ee`](27ac1ee396
) Feat: Import TypeScript typings
- [`78dd89c`](78dd89c13a
) chore: Use node 10 to build handlebars
- Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.1.0 )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=handlebars&package-manager=npm_and_yarn&previous-version=4.0.12&new-version=4.1.0 )](https://dependabot.com/compatibility-score.html?dependency-name=handlebars&package-manager=npm_and_yarn&previous-version=4.0.12&new-version=4.1.0 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
dependabot[bot]
930d611c09
Bump pressbooks-build-tools from 1.3.1 to 1.3.3 ( #174 )
...
Bumps [pressbooks-build-tools](https://github.com/pressbooks/pressbooks-build-tools ) from 1.3.1 to 1.3.3.
<details>
<summary>Release notes</summary>
*Sourced from [pressbooks-build-tools's releases](https://github.com/pressbooks/pressbooks-build-tools/releases ).*
> ## 1.3.3
> ### Patches
>
> - Bump eslint-loader from 2.1.1 to 2.1.2: [#246 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/246 )
> - Bump stylelint-scss from 3.5.2 to 3.5.3: [#247 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/247 )
> - Bump eslint-config-react-app from 3.0.6 to 3.0.7: [#250 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/250 )
>
> ## 1.3.2
> ### Patches
>
> - [Security] Bump lodash from 4.17.10 to 4.17.11: [#245 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/245 )
> - [Security] Bump extend from 3.0.1 to 3.0.2: [#244 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/244 )
</details>
<details>
<summary>Commits</summary>
- [`78187a6`](78187a6fee
) 1.3.3
- [`372ca18`](372ca182fb
) Bump eslint-config-react-app from 3.0.6 to 3.0.7 ([#250 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/250 ))
- [`97f7e6e`](97f7e6e116
) Bump stylelint-scss from 3.5.2 to 3.5.3 ([#247 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/247 ))
- [`af5ae7d`](af5ae7d2c0
) Bump eslint-loader from 2.1.1 to 2.1.2 ([#246 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/246 ))
- [`6120204`](61202040f2
) 1.3.2
- [`237b40c`](237b40c93c
) [Security] Bump extend from 3.0.1 to 3.0.2 ([#244 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/244 ))
- [`765d195`](765d195af0
) [Security] Bump lodash from 4.17.10 to 4.17.11 ([#245 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/245 ))
- See full diff in [compare view](https://github.com/pressbooks/pressbooks-build-tools/compare/1.3.1...1.3.3 )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.3.1&new-version=1.3.3 )](https://dependabot.com/compatibility-score.html?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.3.1&new-version=1.3.3 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
dependabot[bot]
d9d796bb20
[Security] Bump extend from 3.0.1 to 3.0.2
...
Bumps [extend](https://github.com/justmoon/node-extend ) from 3.0.1 to 3.0.2. **This update includes security fixes.**
- [Release notes](https://github.com/justmoon/node-extend/releases )
- [Changelog](https://github.com/justmoon/node-extend/blob/master/CHANGELOG.md )
- [Commits](https://github.com/justmoon/node-extend/compare/v3.0.1...v3.0.2 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
dbf2b96c81
[Security] Bump node.extend from 1.1.6 to 1.1.8
...
Bumps [node.extend](https://github.com/dreamerslab/node.extend ) from 1.1.6 to 1.1.8. **This update includes security fixes.**
- [Release notes](https://github.com/dreamerslab/node.extend/releases )
- [Changelog](https://github.com/dreamerslab/node.extend/blob/master/History.md )
- [Commits](https://github.com/dreamerslab/node.extend/compare/v1.1.6...v1.1.8 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
2e0ef1bef2
Bump pressbooks-build-tools from 1.2.1 to 1.3.1 ( #169 )
...
Bumps [pressbooks-build-tools](https://github.com/pressbooks/pressbooks-build-tools ) from 1.2.1 to 1.3.1.
<details>
<summary>Release notes</summary>
*Sourced from [pressbooks-build-tools's releases](https://github.com/pressbooks/pressbooks-build-tools/releases ).*
> ## 1.3.1
> ### Patches
>
> - Bump eslint-plugin-jsx-a11y from 6.2.0 to 6.2.1: [#240 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/240 )
> - Bump stylelint-scss from 3.5.1 to 3.5.2: [#241 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/241 )
> - Bump prettier from 1.16.1 to 1.16.4: [#242 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/242 )
>
> ## 1.3.0
> ### Minor Changes
>
> - Bump stylelint-scss from 3.4.4 to 3.5.0: [#227 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/227 )
> - Bump eslint from 5.11.1 to 5.12.1: [#231 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/231 )
> - Bump sass from 1.15.3 to 1.16.1: [#232 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/232 )
> - Bump stylelint from 9.9.0 to 9.10.1: [#233 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/233 )
> - Bump prettier from 1.15.3 to 1.16.1: [#234 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/234 )
> - Bump eslint-plugin-jsx-a11y from 6.1.2 to 6.2.0: [#235 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/235 )
> - Bump eslint-plugin-import from 2.14.0 to 2.15.0: [#238 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/238 )
>
> ### Patches
>
> - Bump laravel-mix from 4.0.13 to 4.0.14: [#230 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/230 )
> - Bump stylelint-scss from 3.5.0 to 3.5.1: [#236 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/236 )
> - Bump eslint-plugin-react from 7.12.3 to 7.12.4: [#237 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/237 )
</details>
<details>
<summary>Commits</summary>
- [`65d8f96`](65d8f961ae
) 1.3.1
- [`3ec31e2`](3ec31e2ccf
) Bump prettier from 1.16.1 to 1.16.4 ([#242 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/242 ))
- [`fae84f5`](fae84f54aa
) Bump stylelint-scss from 3.5.1 to 3.5.2 ([#241 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/241 ))
- [`3dd62eb`](3dd62ebec8
) Bump eslint-plugin-jsx-a11y from 6.2.0 to 6.2.1 ([#240 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/240 ))
- [`3aed18f`](3aed18f0d5
) Bump prettier from 1.16.1 to 1.16.4
- [`bc9af6a`](bc9af6a588
) 1.3.0
- [`90699f0`](90699f0b9e
) Bump eslint-plugin-import from 2.14.0 to 2.15.0 ([#238 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/238 ))
- [`0967535`](0967535c14
) Bump eslint-plugin-react from 7.12.3 to 7.12.4 ([#237 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/237 ))
- [`22e6617`](22e6617c95
) Bump stylelint-scss from 3.5.0 to 3.5.1 ([#236 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/236 ))
- [`7c8c384`](7c8c384127
) Bump eslint-plugin-jsx-a11y from 6.1.2 to 6.2.0 ([#235 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/235 ))
- Additional commits viewable in [compare view](https://github.com/pressbooks/pressbooks-build-tools/compare/1.2.1...1.3.1 )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.2.1&new-version=1.3.1 )](https://dependabot.com/compatibility-score.html?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.2.1&new-version=1.3.1 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
dependabot[bot]
51ceae4c78
Bump aetna from 1.0.0-alpha.22 to 1.0.0-alpha.24 ( #168 )
...
Bumps [aetna](https://github.com/pressbooks/aetna ) from 1.0.0-alpha.22 to 1.0.0-alpha.24.
<details>
<summary>Commits</summary>
- See full diff in [compare view](https://github.com/pressbooks/aetna/commits )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=aetna&package-manager=npm_and_yarn&previous-version=1.0.0-alpha.22&new-version=1.0.0-alpha.24 )](https://dependabot.com/compatibility-score.html?dependency-name=aetna&package-manager=npm_and_yarn&previous-version=1.0.0-alpha.22&new-version=1.0.0-alpha.24 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
dependabot[bot]
2e4dc4c8f9
Bump pressbooks-build-tools from 1.2.0 to 1.2.1 ( #165 )
...
Bumps [pressbooks-build-tools](https://github.com/pressbooks/pressbooks-build-tools ) from 1.2.0 to 1.2.1.
<details>
<summary>Release notes</summary>
*Sourced from [pressbooks-build-tools's releases](https://github.com/pressbooks/pressbooks-build-tools/releases ).*
> ## 1.2.1
> ### Patches
>
> - Bump rimraf from 2.6.2 to 2.6.3: [#220 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/220 )
> - Bump laravel-mix from 4.0.12 to 4.0.13: [#222 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/222 )
> - Bump eslint-plugin-react from 7.12.1 to 7.12.2: [#221 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/221 )
> - Bump eslint-plugin-flowtype from 3.2.0 to 3.2.1: [#226 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/226 )
> - Bump eslint-plugin-react from 7.12.2 to 7.12.3: [#225 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/225 )
> - Bump sass from 1.15.2 to 1.15.3: [#224 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/224 )
> - Bump vue-template-compiler from 2.5.21 to 2.5.22: [#229 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/229 )
</details>
<details>
<summary>Commits</summary>
- [`d7dc8a9`](d7dc8a9225
) 1.2.1
- [`ec0e50c`](ec0e50c3a9
) Bump vue-template-compiler from 2.5.21 to 2.5.22 ([#229 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/229 ))
- [`2b877c9`](2b877c934f
) Bump sass from 1.15.2 to 1.15.3 ([#224 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/224 ))
- [`820cc27`](820cc27794
) Bump eslint-plugin-react from 7.12.2 to 7.12.3 ([#225 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/225 ))
- [`7863e6a`](7863e6a6f5
) Bump eslint-plugin-flowtype from 3.2.0 to 3.2.1 ([#226 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/226 ))
- [`a23c743`](a23c7438d7
) Bump eslint-plugin-react from 7.12.1 to 7.12.2 ([#221 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/221 ))
- [`e97e77b`](e97e77b673
) Bump laravel-mix from 4.0.12 to 4.0.13 ([#222 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/222 ))
- [`30b1e2f`](30b1e2f5f1
) Bump rimraf from 2.6.2 to 2.6.3 ([#220 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/220 ))
- See full diff in [compare view](https://github.com/pressbooks/pressbooks-build-tools/compare/1.2.0...1.2.1 )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.2.0&new-version=1.2.1 )](https://dependabot.com/compatibility-score.html?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.2.0&new-version=1.2.1 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
Ned Zimmerman
ab7e88c040
Update Aetna, simplify font size button ( #163 )
...
Accompanies https://github.com/pressbooks/pressbooks-book/pull/452 .
6 years ago
Ned Zimmerman
32de704ac1
Update package files
6 years ago
dependabot[bot]
cde2fe53f3
Bump pressbooks-build-tools from 1.1.0 to 1.2.0 ( #161 )
...
Bumps [pressbooks-build-tools](https://github.com/pressbooks/pressbooks-build-tools ) from 1.1.0 to 1.2.0.
<details>
<summary>Release notes</summary>
*Sourced from [pressbooks-build-tools's releases](https://github.com/pressbooks/pressbooks-build-tools/releases ).*
> ## 1.2.0
> ### Minor Changes
>
> - Bump eslint-plugin-react from 7.11.1 to 7.12.1: [#219 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/219 )
> - Bump eslint-plugin-jquery from 1.3.2 to 1.5.0: [#218 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/218 )
> - Bump eslint from 5.10.0 to 5.11.1: [#214 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/214 )
>
> ### Patches
>
> - Bump stylelint-scss from 3.4.1 to 3.4.2: [#209 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/209 )
> - [Security] Bump webpack-dev-server from 3.1.10 to 3.1.14: [#215 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/215 )
> - Bump stylelint-scss from 3.4.2 to 3.4.4: [#213 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/213 )
> - Bump eslint-config-react-app from 3.0.5 to 3.0.6: [#212 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/212 )
</details>
<details>
<summary>Commits</summary>
- [`f890c29`](f890c298bf
) 1.2.0
- [`aba8ce1`](aba8ce17bc
) Bump eslint from 5.10.0 to 5.11.1 ([#214 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/214 ))
- [`e930274`](e930274ed3
) Bump eslint-config-react-app from 3.0.5 to 3.0.6 ([#212 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/212 ))
- [`e40ea1f`](e40ea1f1cb
) Bump stylelint-scss from 3.4.2 to 3.4.4 ([#213 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/213 ))
- [`4d65a07`](4d65a07885
) [Security] Bump webpack-dev-server from 3.1.10 to 3.1.14 ([#215 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/215 ))
- [`f5a69f4`](f5a69f496e
) Bump eslint-plugin-jquery from 1.3.2 to 1.5.0 ([#218 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/218 ))
- [`84c45ca`](84c45cad71
) Bump eslint-plugin-react from 7.11.1 to 7.12.1 ([#219 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/219 ))
- [`9e97b4a`](9e97b4a1eb
) Bump stylelint-scss from 3.4.1 to 3.4.2 ([#209 ](https://github-redirect.dependabot.com/pressbooks/pressbooks-build-tools/issues/209 ))
- See full diff in [compare view](https://github.com/pressbooks/pressbooks-build-tools/compare/1.1.0...1.2.0 )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.1.0&new-version=1.2.0 )](https://dependabot.com/compatibility-score.html?dependency-name=pressbooks-build-tools&package-manager=npm_and_yarn&previous-version=1.1.0&new-version=1.2.0 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
dependabot[bot]
b9381bbae1
[Security] Bump webpack-dev-server from 3.1.10 to 3.1.14
...
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server ) from 3.1.10 to 3.1.14. **This update includes security fixes.**
- [Release notes](https://github.com/webpack/webpack-dev-server/releases )
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md )
- [Commits](https://github.com/webpack/webpack-dev-server/compare/v3.1.10...v3.1.14 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
730ebda2aa
[Security] Bump sshpk from 1.13.0 to 1.16.0 ( #159 )
...
Bumps [sshpk](https://github.com/joyent/node-sshpk ) from 1.13.0 to 1.16.0. **This update includes security fixes.**
- [Release notes](https://github.com/joyent/node-sshpk/releases )
- [Commits](https://github.com/joyent/node-sshpk/compare/v1.13.0...v1.16.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
5b0c6c7f29
Bump pressbooks-build-tools from 1.0.2 to 1.1.0 ( #158 )
...
Bumps [pressbooks-build-tools](https://github.com/pressbooks/pressbooks-build-tools ) from 1.0.2 to 1.1.0.
- [Release notes](https://github.com/pressbooks/pressbooks-build-tools/releases )
- [Commits](https://github.com/pressbooks/pressbooks-build-tools/compare/1.0.2...1.1.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
00afdd3f1c
[Security] Bump debug from 2.6.8 to 2.6.9
...
Bumps [debug](https://github.com/visionmedia/debug ) from 2.6.8 to 2.6.9. **This update includes security fixes.**
- [Release notes](https://github.com/visionmedia/debug/releases )
- [Changelog](https://github.com/visionmedia/debug/blob/2.6.9/CHANGELOG.md )
- [Commits](https://github.com/visionmedia/debug/compare/2.6.8...2.6.9 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
Ned Zimmerman
f45c81ac9b
Update dependencies
6 years ago
dependabot[bot]
5e3c149dbd
[Security] Bump url-parse from 1.4.1 to 1.4.4
...
Bumps [url-parse](https://github.com/unshiftio/url-parse ) from 1.4.1 to 1.4.4. **This update includes security fixes.**
- [Release notes](https://github.com/unshiftio/url-parse/releases )
- [Commits](https://github.com/unshiftio/url-parse/compare/1.4.1...1.4.4 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
dependabot[bot]
5631cc49b6
[Security] Bump atob from 2.0.3 to 2.1.2 ( #153 )
...
Bumps [atob](https://github.com/coolaj86/node-browser-compat ) from 2.0.3 to 2.1.2. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73 ).*
> **CWE-125: Out-of-bounds Read**
> The software reads data past the end, or before the beginning, of the intended buffer.
>
> Affected versions: <=2.0.3
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/403.json ).*
> **Out-of-bounds Read**
> `atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below
>
> Affected versions: <=2.0.3
</details>
<details>
<summary>Commits</summary>
- See full diff in [compare view](https://github.com/coolaj86/node-browser-compat/commits )
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=atob&package-manager=npm_and_yarn&previous-version=2.0.3&new-version=2.1.2 )](https://dependabot.com/compatibility-score.html?dependency-name=atob&package-manager=npm_and_yarn&previous-version=2.0.3&new-version=2.1.2 )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com ):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot .
</details>
6 years ago
dependabot[bot]
7fdc8040c5
[Security] Bump qs from 6.2.1 to 6.2.3
...
Bumps [qs](https://github.com/ljharb/qs ) from 6.2.1 to 6.2.3. **This update includes security fixes.**
- [Release notes](https://github.com/ljharb/qs/releases )
- [Changelog](https://github.com/ljharb/qs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.2.1...v6.2.3 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago
Ned Zimmerman
9d5f10e728
Avoid jQuery, use NPM instead of Yarn ( #151 )
6 years ago
dependabot[bot]
b1fc4e07e2
Bump aetna from 1.0.0-alpha.17 to 1.0.0-alpha.20 ( #148 )
...
Bumps [aetna](https://github.com/pressbooks/aetna ) from 1.0.0-alpha.17 to 1.0.0-alpha.20.
- [Release notes](https://github.com/pressbooks/aetna/releases )
- [Commits](https://github.com/pressbooks/aetna/commits )
Signed-off-by: dependabot[bot] <support@dependabot.com>
6 years ago