Hi,

Is there a reason why this PR has not been pushed?

TIA

Jacques

Le 13/04/2022 à 07:15, GitBox a écrit :
dependabot[bot] opened a new pull request, #2:
URL: https://github.com/apache/freemarker-docgen/pull/2

    Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a 
href="https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846";><code>7efb22a</code></a>
 1.2.6</li>
    <li><a 
href="https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2";><code>ef88b93</code></a>
 security notice for additional prototype pollution issue</li>
    <li><a 
href="https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d";><code>c2b9819</code></a>
 isConstructorOrProto adapted from PR</li>
    <li><a 
href="https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb";><code>bc8ecee</code></a>
 test from prototype pollution PR</li>
    <li>See full diff in <a 
href="https://github.com/substack/minimist/compare/1.2.5...1.2.6";>compare view</a></li>
    </ul>
    </details>
    <br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimist&package-manager=npm_and_yarn&previous-version=1.2.5&new-version=1.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
--- <details>
    <summary>Dependabot commands and options</summary>
    <br />
You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
    - `@dependabot merge` will merge this PR after your CI passes on it
    - `@dependabot squash and merge` will squash and merge this PR after your 
CI passes on it
    - `@dependabot cancel merge` will cancel a previously requested merge and 
block automerging
    - `@dependabot reopen` will reopen this PR if it is closed
    - `@dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
    - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
    - `@dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
    - `@dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
    - `@dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
    - `@dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/freemarker-docgen/network/alerts). </details>


Reply via email to