Hi,
Is there a reason why this PR has not been pushed?
TIA
Jacques
Le 13/04/2022 à 07:15, GitBox a écrit :
dependabot[bot] opened a new pull request, #2:
URL: https://github.com/apache/freemarker-docgen/pull/2
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/substack/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846";><code>7efb22a</code></a>
1.2.6</li>
<li><a
href="https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2";><code>ef88b93</code></a>
security notice for additional prototype pollution issue</li>
<li><a
href="https://github.com/substack/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d";><code>c2b9819</code></a>
isConstructorOrProto adapted from PR</li>
<li><a
href="https://github.com/substack/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb";><code>bc8ecee</code></a>
test from prototype pollution PR</li>
<li>See full diff in <a
href="https://github.com/substack/minimist/compare/1.2.5...1.2.6";>compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your
CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default
for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the
default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the
default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/freemarker-docgen/network/alerts).
</details>
