This is an automated email from the ASF dual-hosted git repository.

pingsutw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/submarine.git


The following commit(s) were added to refs/heads/master by this push:
     new 07c4f2da Bump async from 2.6.3 to 2.6.4 in /website
07c4f2da is described below

commit 07c4f2daa088995a956d855dbe99c1f6a72846f3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Apr 26 22:53:04 2022 +0000

    Bump async from 2.6.3 to 2.6.4 in /website
    
    Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4.
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a 
href="https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md";>async's 
changelog</a>.</em></p>
    <blockquote>
    <h1>v2.6.4</h1>
    <ul>
    <li>Fix potential prototype pollution exploit (<a 
href="https://github-redirect.dependabot.com/caolan/async/issues/1828";>#1828</a>)</li>
    </ul>
    </blockquote>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a 
href="https://github.com/caolan/async/commit/c6bdaca4f9175c14fc655d3783c6af6a883e6514";><code>c6bdaca</code></a>
 Version 2.6.4</li>
    <li><a 
href="https://github.com/caolan/async/commit/8870da9d5022bab310413041b4079e10db3980b7";><code>8870da9</code></a>
 Update built files</li>
    <li><a 
href="https://github.com/caolan/async/commit/4df6754ef4e96a742956df8782fee27242a2ea12";><code>4df6754</code></a>
 update changelog</li>
    <li><a 
href="https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2";><code>8f7f903</code></a>
 Fix prototype pollution vulnerability (<a 
href="https://github-redirect.dependabot.com/caolan/async/issues/1828";>#1828</a>)</li>
    <li>See full diff in <a 
href="https://github.com/caolan/async/compare/v2.6.3...v2.6.4";>compare 
view</a></li>
    </ul>
    </details>
    <details>
    <summary>Maintainer changes</summary>
    <p>This version was pushed to npm by <a 
href="https://www.npmjs.com/~hargasinski";>hargasinski</a>, a new releaser for 
async since your current version.</p>
    </details>
    <br />
    
    [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async&package-manager=npm_and_yarn&previous-version=2.6.3&new-version=2.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `dependabot rebase` will rebase this PR
    - `dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
    - `dependabot merge` will merge this PR after your CI passes on it
    - `dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
    - `dependabot cancel merge` will cancel a previously requested merge and 
block automerging
    - `dependabot reopen` will reopen this PR if it is closed
    - `dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
    - `dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
    - `dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
    - `dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
    - `dependabot use these labels` will set the current labels as the default 
for future PRs for this repo and language
    - `dependabot use these reviewers` will set the current reviewers as the 
default for future PRs for this repo and language
    - `dependabot use these assignees` will set the current assignees as the 
default for future PRs for this repo and language
    - `dependabot use this milestone` will set the current milestone as the 
default for future PRs for this repo and language
    
    You can disable automated security fix PRs for this repo from the [Security 
Alerts page](https://github.com/apache/submarine/network/alerts).
    
    </details>
    
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    Signed-off-by: Kevin <pings...@apache.org>
    
    Closes #934 from 
dependabot[bot]/dependabot/npm_and_yarn/website/async-2.6.4 and squashes the 
following commits:
    
    2cd2ee58 [dependabot[bot]] Bump async from 2.6.3 to 2.6.4 in /website
---
 website/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/yarn.lock b/website/yarn.lock
index 715ce3ca..fff6dbd5 100644
--- a/website/yarn.lock
+++ b/website/yarn.lock
@@ -2556,9 +2556,9 @@ asap@~2.0.3:
   integrity sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY=
 
 async@^2.6.2:
-  version "2.6.3"
-  resolved 
"https://registry.yarnpkg.com/async/-/async-2.6.3.tgz#d72625e2344a3656e3a3ad4fa749fa83299d82ff";
-  integrity 
sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==
+  version "2.6.4"
+  resolved 
"https://registry.yarnpkg.com/async/-/async-2.6.4.tgz#706b7ff6084664cd7eae713f6f965433b5504221";
+  integrity 
sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==
   dependencies:
     lodash "^4.17.14"
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@submarine.apache.org
For additional commands, e-mail: dev-h...@submarine.apache.org

Reply via email to