Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump deep-extend and rc in /2017

Closed
Number: #7
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 1
Created: July 22, 2025 at 08:50 AM UTC
(about 2 months ago)
Updated: July 22, 2025 at 01:35 PM UTC
(about 2 months ago)
Closed: July 22, 2025 at 01:35 PM UTC
(about 2 months ago)
Time to Close: about 5 hours
Labels:
dependencies javascript
Description:

Bumps deep-extend and rc. These dependencies needed to be updated together.
Updates deep-extend from 0.4.2 to 0.6.0

Changelog

Sourced from deep-extend's changelog.

v0.6.0

  • Updated "devDependencies" versions to fix vulnerability alerts
  • Dropped support of io.js and node.js v0.12.x and lower since new versions of "devDependencies" couldn't work with those old node.js versions (minimal supported version of node.js now is v4.0.0)

v0.5.1

  • Fix prototype pollution vulnerability (thanks to @​mwakerman for the PR)
  • Avoid using deprecated Buffer API (thanks to @​ChALkeR for the PR)

v0.5.0

  • Auto-testing provided by Travis CI;
  • Support older Node.JS versions (v0.11.x and v0.10.x);
  • Removed tests files from npm package.
Commits
  • f3f2b4f more versions of node.js to test by travis-ci
  • 3d85253 package.json: updated "engines"
  • 8b8aef9 dropped support of old node.js versions
  • 120fd97 increased "devDependencies" (mocha) up enough to fix vulnerability
  • 235821a decreasing versions of "devDependencies" to fix tests for older node versions
  • a1eb0eb README: removed "download" stats badge
  • 7bebe75 CHANGELOG: info for 0.5.2 version
  • 16b328f 0.5.2
  • 0402225 updated "devDependencies" to fix vulnerability alerts
  • 2e0110e prepared v0.5.1 release
  • Additional commits viewable in compare view

Updates rc from 1.2.2 to 1.2.8

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Pull Request Statistics
Commits:
0
Files Changed:
0
Additions:
+0
Deletions:
-0
Package Dependencies
Package:
deep-extend
Ecosystem:
npm
Version Change:
0.4.2 → 0.6.0
Update Type:
Minor
Path:
/2017
Package:
rc
Ecosystem:
npm
Version Change:
1.2.2 → 1.2.8
Update Type:
Patch
Path:
/2017
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 4038648
UUID: 3251747525
Node ID: PR_kwDODwdFbc6gBYuC
Host: GitHub
Repository: iangregson/advent-of-code