chore(deps-dev): bump jszip from 3.6.0 to 3.7.0 by dependabot[bot] · Pull Request #15990 · aws/aws-cdk

dependabot · 2021-08-11T12:29:13Z

Bumps jszip from 3.6.0 to 3.7.0.

Changelog

v3.7.0 2021-07-23

Fix: Use a null prototype object for this.files (see #766)

This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

Commits

e5b3f0d 3.7.0
e88ba4b Update for version 3.7.0
9046487 Disable proto assert that fails in browsers
6d029b4 Merge pull request #766 from MichaelAquilina/fix/files-null-prototype
bb38812 Ensure prototype isn't modified by zip file
d024c22 test: Add test case for loading zip filenames which shadow method names
2235749 fix: Use a null prototype object for this.files
b7f472d Merge pull request #757: Update license to be valid spdx identifier
a311039 update license to be valid spdx identifier
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [jszip](https://github.com/Stuk/jszip) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/master/CHANGES.md) - [Commits](Stuk/jszip@v3.6.0...v3.7.0) --- updated-dependencies: - dependency-name: jszip dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

gitpod-io · 2021-08-11T12:29:15Z

mergify · 2021-08-18T05:12:39Z

Thanks Dependabot!

mergify · 2021-08-18T06:30:43Z

Thanks Dependabot!

…nd_yarn/jszip-3.7.0

aws-cdk-automation · 2021-08-18T07:21:59Z

AWS CodeBuild CI Report

CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
Commit ID: 055b416
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

* chore(deps-dev): bump jszip from 3.6.0 to 3.7.0 Bumps [jszip](https://github.com/Stuk/jszip) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/master/CHANGES.md) - [Commits](Stuk/jszip@v3.6.0...v3.7.0) --- updated-dependencies: - dependency-name: jszip dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * updates package.json as well and removes unneeded types dependency Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ben Chaimberg <chaimber@amazon.com>

dependabot bot added dependencies This issue is a problem in a dependency or a pull request that updates a dependency file. javascript Pull requests that update Javascript code labels Aug 11, 2021

BenChaimberg approved these changes Aug 18, 2021

View reviewed changes

BenChaimberg added the pr/do-not-merge This PR should not be merged at this time. label Aug 18, 2021

updates package.json as well and removes unneeded types dependency

b900384

BenChaimberg removed the pr/do-not-merge This PR should not be merged at this time. label Aug 18, 2021

BenChaimberg enabled auto-merge (squash) August 18, 2021 05:50

Merge branch 'master' into dependabot/npm_and_yarn/jszip-3.7.0

1d7819f

BenChaimberg added 2 commits August 17, 2021 23:36

Merge branch 'master' of github.com:aws/aws-cdk into dependabot/npm_a…

aefb65c

…nd_yarn/jszip-3.7.0

fix nested dependencies

055b416

BenChaimberg merged commit 1e49857 into master Aug 18, 2021

BenChaimberg deleted the dependabot/npm_and_yarn/jszip-3.7.0 branch August 18, 2021 07:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps-dev): bump jszip from 3.6.0 to 3.7.0#15990

chore(deps-dev): bump jszip from 3.6.0 to 3.7.0#15990
BenChaimberg merged 5 commits intomasterfrom
dependabot/npm_and_yarn/jszip-3.7.0

dependabot bot commented on behalf of github Aug 11, 2021

Uh oh!

gitpod-io bot commented Aug 11, 2021

Uh oh!

mergify bot commented Aug 18, 2021

Uh oh!

mergify bot commented Aug 18, 2021

Uh oh!

aws-cdk-automation commented Aug 18, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Aug 11, 2021

v3.7.0 2021-07-23

Uh oh!

gitpod-io bot commented Aug 11, 2021

Uh oh!

mergify bot commented Aug 18, 2021

Uh oh!

mergify bot commented Aug 18, 2021

Uh oh!

aws-cdk-automation commented Aug 18, 2021

AWS CodeBuild CI Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants