[Security] Bump elliptic from 6.4.1 to 6.5.3 #380
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.4.1 to 6.5.3. **This update includes a security fix.** - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.4.1...v6.5.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
jywarren
added a commit
that referenced
this pull request
Oct 30, 2020
* Update README.md * Update CODE_OF_CONDUCT.md as per new revision (#262) update code of conduct to reflect changes on https://publiclab.org/conduct Aug, 28 2019 and standardize formatting with MK, LDI, Plots2 * Footer UI changes (#255) * Footer UI change * fixed the social media icons on mobile view * Remove redundant function from community-toolbox.js #218 (#268) * Added author thumbnail to issue display (#266) * Update usage.md * fixed UI bug: footer elements not centered (#273) * Bump browserify from 16.3.0 to 16.5.0 (#250) Bumps [browserify](https://github.com/browserify/browserify) from 16.3.0 to 16.5.0. - [Release notes](https://github.com/browserify/browserify/releases) - [Changelog](https://github.com/browserify/browserify/blob/master/changelog.markdown) - [Commits](browserify/browserify@v16.3.0...v16.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump node-snackbar from 0.1.15 to 0.1.16 (#286) Bumps [node-snackbar](https://github.com/polonel/SnackBar) from 0.1.15 to 0.1.16. - [Release notes](https://github.com/polonel/SnackBar/releases) - [Commits](polonel/SnackBar@0.1.15...0.1.16) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump chart.js from 2.8.0 to 2.9.3 (#292) Bumps [chart.js](https://github.com/chartjs/Chart.js) from 2.8.0 to 2.9.3. - [Release notes](https://github.com/chartjs/Chart.js/releases) - [Commits](chartjs/Chart.js@v2.8.0...v2.9.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Added a language attribute (#287) Added it because the language attribute helps to specify the language of the element's content * Bump tape from 4.11.0 to 4.12.0 (#303) Bumps [tape](https://github.com/substack/tape) from 4.11.0 to 4.12.0. - [Release notes](https://github.com/substack/tape/releases) - [Commits](tape-testing/tape@v4.11.0...v4.12.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * fix header UI issue. (#307) * Bump tape from 4.12.0 to 4.12.1 (#304) Bumps [tape](https://github.com/substack/tape) from 4.12.0 to 4.12.1. - [Release notes](https://github.com/substack/tape/releases) - [Commits](tape-testing/tape@v4.12.0...v4.12.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * [Security] Bump handlebars from 4.1.2 to 4.5.3 (#305) Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.2 to 4.5.3. **This update includes a security fix.** - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.1.2...v4.5.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump tape from 4.12.1 to 4.13.0 (#312) Bumps [tape](https://github.com/substack/tape) from 4.12.1 to 4.13.0. - [Release notes](https://github.com/substack/tape/releases) - [Commits](tape-testing/tape@v4.12.1...v4.13.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump http-server from 0.11.1 to 0.12.1 (#311) Bumps [http-server](https://github.com/http-party/http-server) from 0.11.1 to 0.12.1. - [Release notes](https://github.com/http-party/http-server/releases) - [Commits](http-party/http-server@0.11.1...v0.12.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * sort dropdown made responsive (#313) * fixed the stale issues which fixes issue #282 (#314) * fixed the stale issues * Fixed the stale issues * Plugged the function and fixed the key-value pair * Fixed the browser issue * Fixed the index.html issue Co-authored-by: Rishabh Rawat <www.rishabhrawat570@gmail.com> * Bump jest from 24.9.0 to 25.1.0 (#322) Bumps [jest](https://github.com/facebook/jest) from 24.9.0 to 25.1.0. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md) - [Commits](jestjs/jest@v24.9.0...v25.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * JS code enhancement (#298) * Fixed the hyperlink issue (Fixes issue #320) (#329) * Fixed the hyperlink issue * fixed the hyperlink issue * Update getting_started.md (#327) We start the the server with npm start so this we should follow like we have in other projects. * Fix The Position Of Fork me Ribbon (#332) * Fix The Position Of Fork me Ribbon * fixed the indent issue * Added the scrolling in-list (#336) * Add a all repositories button to dropdown (#338) * Show Github username over avatar (#340) * Add gitter option in connect with us section (#342) * Add gitter option in connect with us section * fix the indentation * Bump tape from 4.13.0 to 4.13.2 (#344) Bumps [tape](https://github.com/substack/tape) from 4.13.0 to 4.13.2. - [Release notes](https://github.com/substack/tape/releases) - [Commits](tape-testing/tape@v4.13.0...v4.13.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump grunt from 1.0.4 to 1.1.0 (#347) Bumps [grunt](https://github.com/gruntjs/grunt) from 1.0.4 to 1.1.0. - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/master/CHANGELOG) - [Commits](gruntjs/grunt@v1.0.4...v1.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump acorn from 6.0.4 to 6.4.1 (#346) Bumps [acorn](https://github.com/acornjs/acorn) from 6.0.4 to 6.4.1. **This update includes a security fix.** - [Release notes](https://github.com/acornjs/acorn/releases) - [Commits](acornjs/acorn@6.0.4...6.4.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * updated installation instructions (#345) * Bump jquery from 3.4.1 to 3.5.0 (#357) Bumps [jquery](https://github.com/jquery/jquery) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](jquery/jquery@3.4.1...3.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump browserify from 16.5.0 to 16.5.1 (#351) Bumps [browserify](https://github.com/browserify/browserify) from 16.5.0 to 16.5.1. - [Release notes](https://github.com/browserify/browserify/releases) - [Changelog](https://github.com/browserify/browserify/blob/master/changelog.markdown) - [Commits](browserify/browserify@v16.5.0...v16.5.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump websocket-extensions from 0.1.3 to 0.1.4 (#374) Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. **This update includes a security fix.** - [Release notes](https://github.com/faye/websocket-extensions-node/releases) - [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md) - [Commits](faye/websocket-extensions-node@0.1.3...0.1.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump moment from 2.24.0 to 2.27.0 (#375) Bumps [moment](https://github.com/moment/moment) from 2.24.0 to 2.27.0. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.24.0...2.27.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump grunt from 1.1.0 to 1.2.0 (#377) Bumps [grunt](https://github.com/gruntjs/grunt) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/master/CHANGELOG) - [Commits](gruntjs/grunt@v1.1.0...v1.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump grunt from 1.2.0 to 1.2.1 (#378) Bumps [grunt](https://github.com/gruntjs/grunt) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/master/CHANGELOG) - [Commits](gruntjs/grunt@v1.2.0...v1.2.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump browserify from 16.5.1 to 16.5.2 (#383) Bumps [browserify](https://github.com/browserify/browserify) from 16.5.1 to 16.5.2. - [Release notes](https://github.com/browserify/browserify/releases) - [Changelog](https://github.com/browserify/browserify/blob/master/changelog.markdown) - [Commits](browserify/browserify@v16.5.1...v16.5.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump elliptic from 6.4.1 to 6.5.3 (#380) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.4.1 to 6.5.3. **This update includes a security fix.** - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.4.1...v6.5.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump grunt from 1.2.1 to 1.3.0 (#387) Bumps [grunt](https://github.com/gruntjs/grunt) from 1.2.1 to 1.3.0. - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/master/CHANGELOG) - [Commits](gruntjs/grunt@v1.2.1...v1.3.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump moment from 2.27.0 to 2.28.0 (#391) Bumps [moment](https://github.com/moment/moment) from 2.27.0 to 2.28.0. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.27.0...2.28.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * [Security] Bump http-proxy from 1.18.0 to 1.18.1 (#390) Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1. **This update includes a security fix.** - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](http-party/node-http-proxy@1.18.0...1.18.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump tape-run from 6.0.1 to 8.0.0 (#379) Bumps [tape-run](https://github.com/juliangruber/tape-run) from 6.0.1 to 8.0.0. - [Release notes](https://github.com/juliangruber/tape-run/releases) - [Changelog](https://github.com/juliangruber/tape-run/blob/master/History.md) - [Commits](tape-testing/tape-run@v6.0.1...v8.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump moment from 2.28.0 to 2.29.1 (#393) Bumps [moment](https://github.com/moment/moment) from 2.28.0 to 2.29.1. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.28.0...2.29.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump tape from 4.13.2 to 5.0.1 (#372) Bumps [tape](https://github.com/substack/tape) from 4.13.2 to 5.0.1. - [Release notes](https://github.com/substack/tape/releases) - [Commits](tape-testing/tape@v4.13.2...v5.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Update demo.css to fix font links to League Spartan CDN via fontsource (#402) re publiclab/image-sequencer#1741 * Bump browserify from 16.5.2 to 17.0.0 (#396) Bumps [browserify](https://github.com/browserify/browserify) from 16.5.2 to 17.0.0. - [Release notes](https://github.com/browserify/browserify/releases) - [Changelog](https://github.com/browserify/browserify/blob/master/changelog.markdown) - [Commits](browserify/browserify@v16.5.2...v17.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump jquery from 3.5.0 to 3.5.1 (#369) Bumps [jquery](https://github.com/jquery/jquery) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](jquery/jquery@3.5.0...3.5.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump http-server from 0.12.1 to 0.12.3 (#360) Bumps [http-server](https://github.com/http-party/http-server) from 0.12.1 to 0.12.3. - [Release notes](https://github.com/http-party/http-server/releases) - [Commits](http-party/http-server@v0.12.1...v0.12.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> * Bump chart.js from 2.9.3 to 2.9.4 (#398) Bumps [chart.js](https://github.com/chartjs/Chart.js) from 2.9.3 to 2.9.4. - [Release notes](https://github.com/chartjs/Chart.js/releases) - [Commits](chartjs/Chart.js@v2.9.3...v2.9.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Sasha Boginsky <41092741+sashadev-sky@users.noreply.github.com> Co-authored-by: Sudipto Ghosh <ghoshsudipto1129@gmail.com> Co-authored-by: mastal88 <mastalski.michal@gmail.com> Co-authored-by: Samagra Gupta <32234926+samagragupta@users.noreply.github.com> Co-authored-by: kay nguyen <kaynguyen.dev@gmail.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> Co-authored-by: Elizabeth Owufuni Agada <elizadave6@gmail.com> Co-authored-by: Rishabh Rawat <www.rishabhrawat570@gmail.com> Co-authored-by: rounak176 <32223619+rounak176@users.noreply.github.com> Co-authored-by: Devansh Agarwal <f20180608@pilani.bits-pilani.ac.in> Co-authored-by: somenath sarkar <43093724+somenath1435@users.noreply.github.com> Co-authored-by: Devansh Agarwal <devanshagarwal50@gmail.com> Co-authored-by: Govind Goel <52847415+govindgoel@users.noreply.github.com>
TildaDares
pushed a commit
to TildaDares/community-toolbox
that referenced
this pull request
Apr 28, 2021
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.4.1 to 6.5.3. **This update includes a security fix.** - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.4.1...v6.5.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps elliptic from 6.4.1 to 6.5.3. This update includes a security fix.
Vulnerabilities fixed
Sourced from The GitHub Security Advisory Database.
Commits
86478036.5.3856fe4dsignature: prevent malleability and overflows60489416.5.29984964package: bump dependenciesec735edutils: leak less information ingetNAF()71e4e8e6.5.17ec66ffshort: add infinity check before multiplyingee7970btravis: really move on637d021travis: move on5ed0babpackage: update depsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language@dependabot badge mewill comment on this PR with code to add a "Dependabot enabled" badge to your readmeAdditionally, you can set the following in your Dependabot dashboard: