Bump lodash from 4.17.10 to 4.17.21 in /Tasks/AzureMysqlDeploymentV1 #16041
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/Tasks/AzureMysqlDeploymentV1/lodash-4.17.21
branch
from
8cb29f8 to
5010786
Compare
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/Tasks/AzureMysqlDeploymentV1/lodash-4.17.21
branch
from
5010786 to
cd335f7
Compare
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/Tasks/AzureMysqlDeploymentV1/lodash-4.17.21
branch
from
cd335f7 to
8043de9
Compare
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.10...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/Tasks/AzureMysqlDeploymentV1/lodash-4.17.21
branch
from
8043de9 to
b89f8d3
Compare
|
@rvairavelu could you please take a look? This is important fix for item. |
|
@v-nagarajku @PhilipsonJoseph can you please check and update on this? |
|
@anatolybolshakov package.json file is missing in this PR. Can we proceed with package-lock.json for approval? |
|
@v-nagarajku since this is automatic PR created by dependabot - it probably make sense to bump task version as well (please see instruction). I believe it should be fine with package-lock.json changes only since there seem to be child dependencies updates, but it's probably a good idea to make some testing. |
…ploymentV1/lodash-4.17.21
v-nagarajku
approved these changes
Apr 27, 2022
|
@anatolybolshakov reviewed the PR and tested the task. |
|
@mmrazik could you please also take a look? |
|
/azp run |
|
Azure Pipelines successfully started running 4 pipeline(s). |
KonstantinTyukalov
approved these changes
Apr 27, 2022
…ploymentV1/lodash-4.17.21
|
/azp run |
|
Azure Pipelines successfully started running 4 pipeline(s). |
…ploymentV1/lodash-4.17.21
|
/azp run |
|
Azure Pipelines successfully started running 4 pipeline(s). |
mmrazik
approved these changes
May 3, 2022
…ploymentV1/lodash-4.17.21
|
/azp run |
|
Azure Pipelines successfully started running 4 pipeline(s). |
dependabot
bot
deleted the
dependabot/npm_and_yarn/Tasks/AzureMysqlDeploymentV1/lodash-4.17.21
branch
Kozlov-Igor
pushed a commit
to Kozlov-Igor/azure-pipelines-tasks
that referenced
this pull request
May 25, 2022
…icrosoft#16041) * Bump lodash from 4.17.10 to 4.17.21 in /Tasks/AzureMysqlDeploymentV1 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.10...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * bumping the task version * Bump the task version to 1.205.0 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: v-nagarajku <[email protected]> Co-authored-by: v-nagarajku <[email protected]> Co-authored-by: Konstantin Tyukalov <[email protected]> Co-authored-by: Konstantin Tyukalov <[email protected]>
alexander-smolyakov
pushed a commit
that referenced
this pull request
May 30, 2022
* Fix code coverage Maven jacoco issue #12597 * remove unused debug * fix 1 * fix PR commets * second iteration fix * hotfix * delete '.' from file type * fix iteration 3 * hotfix * fix whitespaces * hotfix * Fix code coverage Maven jacoco issue #12597 * remove unused debug * fix 1 * fix PR commets * second iteration fix * hotfix * delete '.' from file type * Update yml to include pool for single task (#16179) * fix permissions for specified files in DotNetCoreInstallerV0, DotNetCoreInstallerV1, UseDotNetV2 tasks (#16100) Co-authored-by: Tomáš Hübelbauer <[email protected]> Co-authored-by: Martin Mrazik <[email protected]> Co-authored-by: Tom Hubelbauer <[email protected]> * Updated PTRV2 task to version 2.203.0 (#16213) * Updated make.json * Updated task.json * Updated task.loc.json * Updated VsTestV2 task to version 2.203.0 (#16212) * Updated make.json * Updated task.json * Updated task.loc.json * Move assignment of transitioned tasks (#16211) * Add a note about too recent versions of Node (#16229) Running the build and test scripts won't work because of changes to the sync request APIs in recent Node versions. I have added a recommendation to stick with ~ Node 10 or so. I don't know the exact major from which this is broken, but we should focus on fixing the tooling over finding the exact version of old Node the contributors must use anyway, so this will do for now. * Create the basic workflow for the Node migration tracking The workflow pulls all issues related to the Node migration (which at the time of push will be zero) and prints them. In the next steps, it will ensure a migration issue exists for each task and reflect the migration status in the issue's state. * Mark the .github/workflows directory to be able to use ESM This will not spill over to the outside directories as it is constrained to this one. * Disable the Tasks directory trigger It seems Dependabot is pushing dep changes in droves (not sure why yet) which keeps triggering this workflow. * Fix a typo in the issue count print statement Two typos actually, issue->issues and label->length. * Print Node versions used by each task Later this will be used to find corresponding update issue or create one if it doesn't exist yet. * Skip the Common directory and limit to tasks that do use Node Some tasks do not use Node and use only PowerShell for example, we can skip those and they are not going to be a part of the update. The Common directory are some helpers, not a real task. * Print tasks with manifest with no execution field I think all should have it but possibly not? * Skip tasks with missing execution manifest field They happen to be Node tasks, but seem to lack this field. I will get to them separately and see if I can extend the handling for them or fix them. * Check to see if any tasks have both Node 6 and Node 10 keys and throw if so This should not be the case, but the check will ensure it remains not the case. * Limit the trackNodeMigration to the main branch This will prevent it from running for PR branches. * Add the logic to create the tracking issue For now one, I will manually verify it looks good and then remove the early exit so all get created. * Use startsWith for matching existing issues The template always has it at the start of the title so this check matches better. * Remove the short-circuit so that all remaining issues get created I have also added a link to the label which now serves at the full list of tasks that still need to be upgraded with the ratio of open/closed indicating how far along we are. * Resolved vulnerabilities - java tool installer (#16184) Co-authored-by: Konstantin Tyukalov <[email protected]> * Bump lodash from 4.17.10 to 4.17.21 in /Tasks/AzureMysqlDeploymentV1 (#16041) * Bump lodash from 4.17.10 to 4.17.21 in /Tasks/AzureMysqlDeploymentV1 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.10 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.10...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * bumping the task version * Bump the task version to 1.205.0 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: v-nagarajku <[email protected]> Co-authored-by: v-nagarajku <[email protected]> Co-authored-by: Konstantin Tyukalov <[email protected]> Co-authored-by: Konstantin Tyukalov <[email protected]> * Added notes for task version bump - cut off date (#16292) Co-authored-by: Konstantin Tyukalov <[email protected]> * updated lodash and lodash.merge dependencies to newer version. (#16214) Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects. CVE-2019-10744 Co-authored-by: Andrii Kozin <[email protected]> * This affects the package set-value before 2.0.1, and starting with 3.0.0 but prior to 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays. (#16228) Co-authored-by: Andrii Kozin <[email protected]> * Fix CVE-2019-10746 for AppCenterTestV1 (#16289) * Update lodash * Bump task version * Revert "Update lodash" This reverts commit 113396a. * Npm audit fix * Audit fix for AzureMonitorAlertsV0 * Audit fix for MysqlDeploymentOnMachineGroupV1 * Revert "Audit fix for MysqlDeploymentOnMachineGroupV1" This reverts commit 0c1f4f1. * Revert "Audit fix for AzureMonitorAlertsV0" This reverts commit d7dd19f. * Revert "Npm audit fix" This reverts commit 312d713. * npm audit fix for AppCenterTestV1 * Bump task version * Reset packege-lock.json to master * Run npm audit fix * Bump task version * Added warning about 'chmod' method (#16189) * Added warning to Gradle task * Update Tasks/GradleV3/Modules/project-configuration.ts Co-authored-by: Alexander Smolyakov <[email protected]> * Upgraded task version Co-authored-by: Alexander Smolyakov <[email protected]> * Fixed vulnerabilities (npm audit fix) - for az-blobstorage-provider-v2 (#16185) * npm audit fix * Bumped package version Co-authored-by: Konstantin Tyukalov <[email protected]> * Fixed vulnerabilities (npm audit fix) - VsTestV2 (#16224) * Run npm audit fix * Bump the task version to 2.204.0 * Bump the task version to 2.205.0 * Replaced request with typed-rest-client package (#16188) * replace request with typed-rest-client * bump version * bump version * hotfix * fix iteration 3 * fix whitespaces * hotfix * Update pypy3 default version to 3.9 (#16321) * Bump pypy3 default version to 3.9 * Update task messages * Bump task version to 0.205.0 * Text changes completed (#16277) * Text changes completed * Text changes completed Co-authored-by: Philipson Joseph V <[email protected]> * Remove appcenter-cli from dependencies to solve security issues (#16288) * Remove appcenter-cli dependency * Bump version * 1933760-set the parameter value customMessage:true in updateDeploymen… (#16141) * 1933760-set the parameter value customMessage:true in updateDeploymentHistory and finally block, * PR review feedback changes * Update AppCenter owners (#16223) * Bump vm2 from 3.9.5 to 3.9.9 in /Tasks/AppCenterDistributeV3 (#15978) Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.5 to 3.9.9. - [Release notes](https://github.com/patriksimek/vm2/releases) - [Changelog](https://github.com/patriksimek/vm2/blob/master/CHANGELOG.md) - [Commits](patriksimek/vm2@3.9.5...3.9.9) --- updated-dependencies: - dependency-name: vm2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ondřej Merkun <[email protected]> * fix for upgrading SF application in pipeline repo (#16328) * Bump minimist from 1.2.5 to 1.2.6 (#16061) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexander Smolyakov <[email protected]> * Add option to remove hidden files in CopyFilesOverSSHV0 task (#16029) * Add option to remove hidden files * Fix help markdown message * Rework generator logic * Add descritpion for the file pattern used on linux * Resolve comments * Bump task version Co-authored-by: Alexander Smolyakov <[email protected]> * Fix visibility rule in MavenV2 and MavenV3 tasks (#16081) Co-authored-by: Konstantin Tyukalov <[email protected]> Co-authored-by: Alexander Smolyakov <[email protected]> * CopyFilesOverSSHV0, MavenV2/V3 - bumped tasks versions to 205 sprint (#16314) * Bumped version - DownloadGitHubNugetPackage * Bump version - PipAuthenticate * Bump version - OpenPolicyAgentInstaller * Bump version - JenkinsQueueJob * Bump version - CopyFilesOverSSHV0 * Bump version - Maven tasks * Revert "Bumped version - DownloadGitHubNugetPackage" This reverts commit 04b68ef. * Revert "Bump version - PipAuthenticate" This reverts commit 7957d9d. * Revert "Bump version - OpenPolicyAgentInstaller" This reverts commit c8d9767. * Revert "Bump version - JenkinsQueueJob" This reverts commit 69a86c9. * hotfix package.lock.json * Bump task version Co-authored-by: Kozlov Igor <[email protected]> Co-authored-by: Igor Kozlov <[email protected]> Co-authored-by: Konstantin Tyukalov <[email protected]> Co-authored-by: Alexander Smolyakov <[email protected]> Co-authored-by: Rohit Batra <[email protected]> Co-authored-by: Pavlo Andriiesh <[email protected]> Co-authored-by: Tomáš Hübelbauer <[email protected]> Co-authored-by: Martin Mrazik <[email protected]> Co-authored-by: Tom Hubelbauer <[email protected]> Co-authored-by: triptijain2112 <[email protected]> Co-authored-by: Bishal Prasad <[email protected]> Co-authored-by: Anatoly Bolshakov <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: v-nagarajku <[email protected]> Co-authored-by: v-nagarajku <[email protected]> Co-authored-by: Konstantin Tyukalov <[email protected]> Co-authored-by: Stanislav Balia <[email protected]> Co-authored-by: Andrii Kozin <[email protected]> Co-authored-by: Sergei Fedorov <[email protected]> Co-authored-by: Svetlana Maliugina <[email protected]> Co-authored-by: AndreyIvanov42 <[email protected]> Co-authored-by: Philipson Joseph V <[email protected]> Co-authored-by: Philipson Joseph V <[email protected]> Co-authored-by: Alexey Chernikov <[email protected]> Co-authored-by: Lukas Cenovsky <[email protected]> Co-authored-by: Ondřej Merkun <[email protected]> Co-authored-by: Nikita Ezzhev <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps lodash from 4.17.10 to 4.17.21.
Commits
f299b52Bump to v4.17.21c4847ebImprove performance oftoNumber,trimandtrimEndon large input strings3469357Prevent command injection through_.template'svariableoptionded9bc6Bump to v4.17.20.63150efDocumentation fixes.00f0f62test.js: Remove trailing comma.846e434Temporarily use a custom fork oflodash-cli.5d046f3Re-enable Travis tests on4.17branch.aa816b3Remove/npm-package.d7fbc52Bump to v4.17.19Maintainer changes
This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.