Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency madge to v4 [security] #52

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency madge to v4 [security] #52

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Apr 26, 2021
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
madge ^3.8.0 -> ^4.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Release Notes

pahen/madge

v4.0.1

Compare Source

5 March 2021

  • Fix potential command injection vulnerability da5cbc9

v4.0.0

Compare Source

5 January 2021

  • Upgrade dependencies & raise minimum Node.js version #269
  • Upgrade core dependencies fe8a186
  • Upgrade commander to version 6 5ca410c
  • Require Node.js 10.13 eee3dc0
v3.12.0

2 November 2020

  • Remove pify again #264
  • Update ora to version 5 #262
  • Replace pify with util.promisify #263
  • Update README e4be868
  • Bump dependency-tree to 7.2.2 0eaccb7
v3.11.0

1 October 2020

  • Add support for combining --circular and --dot d2ce3f7
v3.10.0

14 September 2020

  • Add support for combining --image and --circular 7a4bd3b
v3.9.2

16 June 2020

v3.9.1

8 June 2020

  • chore: significant speedup by skipping filing-cabinet ts-config parsing #237
  • Clarification for mixed projects (with JS and TS) #246
v3.9.0

7 May 2020

  • Remove info about Patreon and Open Collective a57eeff
  • Update list of backers 545be08
  • Update dependencies ffa4fdd
v3.8.0

9 March 2020

  • Add leaves option to show modules that do not have dependencies 97ed27f
  • Update README 9c1f7d2
  • Updated list of donations 899f15f
v3.7.0

30 January 2020

v3.6.0

11 November 2019

  • Add test for TypeScript with mixed import syntax 50c1c10
  • Update deps f1125d0
v3.5.1

7 November 2019

  • Add funding to package.json 8ee9126
v3.5.0

28 October 2019

  • Add an .svg public method to the API #171
  • Respect graphVizOptions in DOT output 4edf82a
  • Added credits to README 9287c3c
  • Add .svg() in API to export the svg as a Buffer d01f6f3
v3.4.4

12 February 2019

  • [Fixes #​203] Exclude test folder from npm registry #205
  • Merge pull request #​205 from SethDavenport/chore(exclude-test-folder-from-npm) #203
  • Add NPM releasing from Travis 97f060b
  • Exclude test folder from npm registry 41f94f2
v3.4.3

17 January 2019

  • Add link to my Patreon page in README 9ee722a
  • Add info about --orphans to CLI docs 925c57e
  • Bump dependency-tree c2ce2ac
v3.4.2

10 January 2019

  • Eslint should not be a dev dependency 3165988
v3.4.1

10 January 2019

  • Update eslint (peer dependency for typescript-eslint-parser) 2e6643a
v3.4.0

7 January 2019

  • Support .tsx files and specifying a tsconfig #193
  • README: improve instructions related to Graphviz #183
v3.3.0

31 October 2018

  • Update dependencies & test on Node.js 10 #176
  • Add --no-spinner option b1ad3eb
  • Update dependencies 9b1293e
  • Update dev dependencies 2260b61
v3.2.0

26 June 2018

  • Plot nodes as boxes #165
  • Document new graph settings c6e742f
  • aesthetic changes: plot rounded boxes, prefer left to right. 7a7ed8c
  • fix incorrect hex. 5 -> 6 digits. e8e330c
v3.1.1

24 May 2018

v3.1.0

22 May 2018

  • Bind all dependencies to latest version #161
  • Update ora to version 2 #155
  • Remove mz as a production dependency. Instead use pify for promisifying. #154
  • Remove package-lock.json 8fd1859
  • Bind all dependencies to latest version, It fixes security issue in rc => deep-extend library. And added .idea project files to gitignore 147d431
  • Use caret ranges for all dependencies b0e334a
v3.0.1

5 February 2018

  • Fix broken link #149
  • Update deps 3ba103c
  • Fix issue with short CLI options not working properly f73704d

v3.12.0

Compare Source

2 November 2020

  • Remove pify again #264
  • Update ora to version 5 #262
  • Replace pify with util.promisify #263
  • Update README e4be868
  • Bump dependency-tree to 7.2.2 0eaccb7

v3.11.0

Compare Source

1 October 2020

  • Add support for combining --circular and --dot d2ce3f7

v3.10.0

Compare Source

14 September 2020

  • Add support for combining --image and --circular 7a4bd3b

v3.9.2

Compare Source

16 June 2020

v3.9.1

Compare Source

8 June 2020

  • chore: significant speedup by skipping filing-cabinet ts-config parsing #237
  • Clarification for mixed projects (with JS and TS) #246

v3.9.0

Compare Source

7 May 2020

  • Remove info about Patreon and Open Collective a57eeff
  • Update list of backers 545be08
  • Update dependencies ffa4fdd

Configuration

📅 Schedule: Branch creation - "" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Author

renovate bot commented Mar 24, 2023
edited
Loading

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot