Skip to content

build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /addons/screenshot-tool#988

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/addons/screenshot-tool/cross-spawn-7.0.6
Open

build(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /addons/screenshot-tool#988
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/addons/screenshot-tool/cross-spawn-7.0.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 26, 2024

Copy link
Copy Markdown
Contributor

Bumps cross-spawn from 7.0.3 to 7.0.6.

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

  • update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

  • fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

Commits
  • 77cd97f chore(release): 7.0.6
  • 6717de4 chore: upgrade standard-version
  • f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
  • 9a7e3b2 chore: fix build status badge
  • 0852683 chore(release): 7.0.5
  • 640d391 fix: fix escaping bug introduced by backtracking
  • bff0c87 chore: remove codecov
  • a7c6abc chore: replace travis with github workflows
  • 9b9246e chore(release): 7.0.4
  • 5ff3a07 fix: disable regexp backtracking (#160)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 26, 2024
@facebook-github-bot

Copy link
Copy Markdown
Contributor

@facebook-github-bot has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6.
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/addons/screenshot-tool/cross-spawn-7.0.6 branch from 01a353c to 487d65a Compare December 2, 2024 19:39
@facebook-github-bot

Copy link
Copy Markdown
Contributor

@dependabot[bot] has updated the pull request. You must reimport the pull request before landing.

@facebook-github-bot

Copy link
Copy Markdown
Contributor

@facebook-github-bot has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@DuoAlly-AI-Recruiter DuoAlly-AI-Recruiter left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good change.

facebook-github-bot pushed a commit that referenced this pull request Jul 10, 2025
Summary:
@public
1.0.2 comes with a vulnerable idna.

v2.5.4 Latest
Revert "Normalize URL paths: convert /.//p, /..//p, and //p to p (#943)" by valenting in #999
Updates the MSRV to 1.63 required though the libc v0.2.164 dependency

v2.5.3
fix: enable wasip2 feature for wasm32-wasip2 target by brooksmtownsend in #960
Fix idna tests with no_std by cjwatson in #963
Fix debugger_visualizer test failures. by valenting in #967
Add AsciiSet::EMPTY and boolean operators by joshka in #969
mention why we pin unicode-width by Manishearth in #972
refactor and add tests for percent encoding by joshka in #977
Add a test for and fix issue #974 by hansl in #975
no_std support for the url crate by domenukk in #831
Normalize URL paths: convert /.//p, /..//p, and //p to p by theskim in #943
support Hermit by m-mueller678 in #985
fix: support wasm32-wasip2 on the stable channel by brooksmtownsend in #983
Improve serde error output by konstin in #982
OSS-Fuzz: Add more fuzzer by arthurscchan in #988
Merge idna-v1x to main by hsivonen in #990

What's Changed
fix: enable wasip2 feature for wasm32-wasip2 target by brooksmtownsend in #960
Fix idna tests with no_std by cjwatson in #963
Fix debugger_visualizer test failures. by valenting in #967
Add AsciiSet::EMPTY and boolean operators by joshka in #969
mention why we pin unicode-width by Manishearth in #972
refactor and add tests for percent encoding by joshka in #977
Add a test for and fix issue #974 by hansl in #975
no_std support for the url crate by domenukk in #831
Normalize URL paths: convert /.//p, /..//p, and //p to p by theskim in #943
support Hermit by m-mueller678 in #985
fix: support wasm32-wasip2 on the stable channel by brooksmtownsend in #983
Improve serde error output by konstin in #982
OSS-Fuzz: Add more fuzzer by arthurscchan in #988
Merge idna-v1x to main by hsivonen in #990

Reviewed By: dtolnay

Differential Revision: D78043174

fbshipit-source-id: 93ca32d2a17f6cf3662055050ef77b1906edcdae
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CLA Signed dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

2 participants