From 955008070b58f7af2316295f3b0f30f437226747 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 24 Jan 2021 23:14:42 +0000 Subject: [PATCH 1/3] Bump clean-css from 3.4.28 to 4.1.11 Bumps [clean-css](https://github.com/jakubpawlowicz/clean-css) from 3.4.28 to 4.1.11. - [Release notes](https://github.com/jakubpawlowicz/clean-css/releases) - [Changelog](https://github.com/jakubpawlowicz/clean-css/blob/master/History.md) - [Commits](https://github.com/jakubpawlowicz/clean-css/compare/v3.4.28...v4.1.11) Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 32 ++++++-------------------------- 2 files changed, 7 insertions(+), 27 deletions(-) diff --git a/package.json b/package.json index 6943b36..8905892 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "babel-plugin-transform-class-properties": "^6.10.2", "babel-preset-es2015": "^6.9.0", "babel-register": "^6.9.0", - "clean-css": "^3.4.8", + "clean-css": "^4.1.11", "eslint": "^3.1.0", "eslint-config-airbnb-base": "^4.0.2", "eslint-plugin-import": "^1.12.0", diff --git a/yarn.lock b/yarn.lock index 1dc66d3..792dd48 100644 --- a/yarn.lock +++ b/yarn.lock @@ -949,13 +949,12 @@ class-utils@^0.3.5: isobject "^3.0.0" static-extend "^0.1.1" -clean-css@^3.4.8: - version "3.4.28" - resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-3.4.28.tgz#bf1945e82fc808f55695e6ddeaec01400efd03ff" - integrity sha1-vxlF6C/ICPVWlebd6uwBQA79A/8= +clean-css@^4.1.11: + version "4.1.11" + resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-4.1.11.tgz#2ecdf145aba38f54740f26cefd0ff3e03e125d6a" + integrity sha1-Ls3xRaujj1R0DybO/Q/z4D4SXWo= dependencies: - commander "2.8.x" - source-map "0.4.x" + source-map "0.5.x" cli-cursor@^1.0.1: version "1.0.2" @@ -1025,13 +1024,6 @@ combine-source-map@~0.3.0: inline-source-map "~0.3.0" source-map "~0.1.31" -commander@2.8.x: - version "2.8.1" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.8.1.tgz#06be367febfda0c330aa1e2a072d3dc9762425d4" - integrity sha1-Br42f+v9oMMwqh4qBy09yXYkJdQ= - dependencies: - graceful-readlink ">= 1.0.0" - commondir@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/commondir/-/commondir-0.0.1.tgz#89f00fdcd51b519c578733fec563e6a6da7f5be2" @@ -1967,11 +1959,6 @@ graceful-fs@~1.2.0: resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-1.2.3.tgz#15a4806a57547cb2d2dbf27f42e89a8c3451b364" integrity sha1-FaSAaldUfLLS2/J/QuiajDRRs2Q= -"graceful-readlink@>= 1.0.0": - version "1.0.1" - resolved "https://registry.yarnpkg.com/graceful-readlink/-/graceful-readlink-1.0.1.tgz#4cafad76bc62f02fa039b2f94e9a3dd3a391a725" - integrity sha1-TK+tdrxi8C+gObL5Tpo906ORpyU= - gulp-babel@^6.1.2: version "6.1.3" resolved "https://registry.yarnpkg.com/gulp-babel/-/gulp-babel-6.1.3.tgz#5aad8acb0db6b7f2f0be19eeee9528f2064df631" @@ -3865,14 +3852,7 @@ source-map@0.1.34: dependencies: amdefine ">=0.0.4" -source-map@0.4.x: - version "0.4.4" - resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.4.4.tgz#eba4f5da9c0dc999de68032d8b4f76173652036b" - integrity sha1-66T12pwNyZneaAMti092FzZSA2s= - dependencies: - amdefine ">=0.0.4" - -source-map@^0.5.1, source-map@^0.5.6, source-map@^0.5.7, source-map@~0.5.1: +source-map@0.5.x, source-map@^0.5.1, source-map@^0.5.6, source-map@^0.5.7, source-map@~0.5.1: version "0.5.7" resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc" integrity sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w= From 2835106570e59a104bdd4b44cff892c04312dd15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 24 Jan 2021 23:18:04 +0000 Subject: [PATCH 2/3] Bump ini from 1.3.5 to 1.3.8 (#1) Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. - [Release notes](https://github.com/isaacs/ini/releases) - [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 792dd48..edff3ff 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2213,9 +2213,9 @@ inherits@2.0.3: integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4= ini@^1.3.4: - version "1.3.5" - resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927" - integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw== + version "1.3.8" + resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c" + integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== inline-source-map@~0.3.0: version "0.3.1" From 541da4057a36f99045a1ac730a98c284afe3cf83 Mon Sep 17 00:00:00 2001 From: littleminx2468 <77942396+littleminx2468@users.noreply.github.com> Date: Sun, 24 Jan 2021 23:19:06 +0000 Subject: [PATCH 3/3] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc.