Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency danger to v11 #203

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency danger to v11 #203

wants to merge 1 commit into from

Conversation

mend-for-github.aaakk.us.kg[bot]
Copy link

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot commented Mar 26, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
danger devDependencies major ^9.1.0 -> ^11.2.1

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 8.2 WS-2020-0345 #196
High 7.5 CVE-2021-23490 #50
High 7.5 CVE-2022-38900 #171
High 7.3 CVE-2020-7788 #179
Medium 6.4 CVE-2022-23540 #175
Medium 6.1 CVE-2022-0235 #67
Medium 5.9 CVE-2022-23539 #174
Medium 5.6 CVE-2021-23807 #82
Medium 5.5 CVE-2021-4245 #172
Medium 5.0 CVE-2022-23541 #176

Release Notes

danger/danger-js (danger)

v11.2.1

Compare Source

  • Updates jsonwebtoken due to security issues
  • Support arm64 binary generation for Apple silicon users #​1342 [@​pepix]

v11.2.0

Compare Source

v11.1.4

Compare Source

  • Yarn faff (a1d15db)
  • Merge pull request #​1320 from ivankatliarchuk/fix/getFileContents (9539b9d)
  • Merge pull request #​1323 from KubaJastrz/pr-draft (c92a32e)
  • feat: add github.pr.draft field (184df2d)
  • fix: added getFileContents tests with and without file (43c202b)
  • fix: added getFileContents tests (a1af3e2)
  • fix: gitlab api (b5de611)

v11.1.3

Compare Source

v11.1.2

Compare Source

  • Improvements to --staging in Danger local
  • Protection against custom git prompts in Danger local

v11.1.1

Compare Source

  • Bug fix for over-deleting inline comments #​1287

v11.0.7

Compare Source

v11.0.6

Compare Source

v11.0.5

Compare Source

  • Set the timeout for getting results from the Danger runner to be 10 seconds

v11.0.4

Compare Source

  • Deploying from my Mac to see if that's what's causing the build issues for homebrew. [@​orta]

v11.0.2

Compare Source

  • Breaking: Upgrade @​octokit/rest from ^16.43.1 to ^18.12.0 - #​1204 [@​fbartho]

    This is only likely to hit you if you use danger.github.api pretty extensively in your Dangerfiles, but better to keep an eye out.

v10.9.0

Compare Source

  • Prepare for release (34fe471)
  • Merge branch 'adjust-structured-diff-return-value' into main (06928e3)
  • Merge pull request #​1201 from berlysia/adjust-structured-diff-return-value (fb66c81)
  • Lock node-fetch to the latest 2.x (6303c88)
  • Merge pull request #​1198 from jonny133/jonny133-node-fetch-2_6_7 (9049848)
  • now structuredDiffForFile is well-typed (dc54972)
  • make structuredDiffForFile for BitBucketServer the same as the others (0b5865f)
  • Resolve node-fetch to 2.6.7 (ab77e3c)
  • Merge pull request #​1197 from danger/fb/fix-moved-json-crash (a7355a3)
  • Cleanup debug log (3411074)
  • Don't crash when danger.git.JSONDiffForFile encounters a moved JSON file (99e19f7)
  • Merge pull request #​1176 from Rouby/patch-1 (d896baf)
  • Merge branch 'main' into patch-1 (4804f80)
  • Merge branch 'main' of https://github.com/danger/danger-js into patch-1 (38a963e)
  • add changelog entry for pr 1176 (68ab2e9)
  • extend github api to send complete reviews (fb630ec)

v10.8.0

Compare Source

v10.7.1

Compare Source

v10.7.0

Compare Source

  • Adds support for XcodeCloud

v10.6.6

Compare Source

  • Fix for supporting Bitbucket Server personal repositories
  • GitLab: Added GitLabApi to danger.gitlab.api. - [@​shyim]
  • GitLab: Added label helper functions to danger.gitlab.api.addLabels and danger.gitlab.api.removeLabels. - [@​shyim]

v10.6.4

Compare Source

  • DEBUG="*" will now log out the response for any HTTP request which isn't classed as "OK" - [@​orta]

v10.6.3

Compare Source

  • Fixed Bitrise's ciRunURL underlying env var - [@​rogerluan]
  • Simplified Bitrise repo slug lookup, fixing SSH URL parsing in BitBucketServer - [@​rogerluan]
  • Log failure to update status also when not in verbose mode - [@​rogerluan]

v10.6.2

Compare Source

  • Added Codemagic.io as a supported CI - [@​fbartho]
  • Switched Danger's default branch to be 'main' from 'master' - [@​orta]
  • Added GitLab Approvals to the DSL: gitlab.approvals - kelvin-lemon

v10.6.1

Compare Source

  • Better detection of using the github actions bot for comment deletion - [@​orta]

v10.6.0

Compare Source

  • Bitbucket Cloud: Add markdown emoji instead of unicode - [@​JanStevens]
  • Add DANGER_DISABLE_TSC environment variable to disable transpiling with tsc, providing a way to force transpiling
    with Babel - [@​ozzieorca]
  • Adds options --newComment and --removePreviousComments - [@​davidhouweling]
  • Add support for a file path filter when calculation lines of code - [@​melvinvermeer]

v10.5.4

Compare Source

  • Fix for danger local not passing through --staging - [@​g3offrey]

v10.5.3

Compare Source

v10.5.2

Compare Source

v10.5.1

Compare Source

  • Bitbucket Cloud: Fix bug when Danger updating inline comment with summary comment. - [@​hellocore]
  • Fall back to alternative methods for establishing the PR number from CodeBuild - [@​alexandermendes]

v10.5.0

Compare Source

v10.4.1

Compare Source

v10.4.0

Compare Source

  • Adds aliases to the FakeCI env vars. You could now have something like: 
    - run: "npx danger-ts ci"
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    DANGER_MANUAL_CI: true
    DANGER_MANUAL_GH_REPO: ${{ steps.pr_info.outputs.repo }}
    DANGER_MANUAL_PR_NUM: ${{ steps.pr_info.outputs.number }}
    Which looks more intentional instead of: DANGER_FAKE_CI etc. [@​orta]

v10.3.1

Compare Source

  • Experimental support for internal routing when using npx danger-ts [@​orta]

v10.3.0

Compare Source

  • Added a CLI option --ignoreOutOfDiffComments so that you can ignore inline-comments for lines that were not changed
    in the checked PR. The comments would be ignored completely - they won't even show in the results comment. [@​pinkasey]

v10.2.1

Compare Source

  • Wait for close event on spawned process in local git platform - [@​gzaripov]
  • Fix Typo in README.md [@​NotMoni]
  • Fix danger failure on getting diff for files with spaces in file path [@​HonzaMac]
  • Document how to disable transpilation [@​rzgry]
  • Fix get blob url for pr commit [@​doniyor2109]

v10.2.0

Compare Source

  • Take commit hash from CircleCI environment variable [@​valscion]
  • Fix project path with /- in GitLab MR URL [@​pgoudreau]
  • When creating a new PR with createOrUpdatePR, add the description (as done when editing) - [@​sogame]

v10.1.1

Compare Source

v10.1.0

Compare Source

  • Adds support for Bamboo CI [@​tim3trick]
  • Replace regex to a long url repos approach on Bitrise [@​lucasmpaim]
  • Pass process arguments back to the original process [@​f-meloni]
  • When fetching existing labels in createOrAddLabel use pagination to fetch them all - [@​sogame]

v10.0.0

Compare Source

  • Changed JSON patch implementation for better memory performance. [@​dkundel]

    Breaking: JSONPatchForFile will return a different order of operations than previously. It will also return a
    path with the index of the element inserted into an array for add operations.

v9.4.0

Compare Source

  • Vbump (24b0965)
  • Merge pull request #​1018 from sogame/Contributor_url (dcf1472)
  • Add missing contributor url (49b6f27)
  • Merge pull request #​1017 from sogame/Labels_add_debug (e6c7436)
  • Add debug messages for "createLabel" and "addLabels" failures in "createOrAddLabel" (31a1961)

v9.3.0

Compare Source

  • Add the staged flag to danger local command - [@​soyn]
  • Don't use hardcoded userId to update comments if using personal token in Github Actions - [@​rohit-gohri]
  • Disable warning in Github Action if using DANGER_GITHUB_API_TOKEN - [@​rohit-gohri]
  • Update parse-diff library - [@​417-72KI]
  • Fix repository slug in Jenkins provider - [@​sandratatarevicova]
  • Add Gitlab diff support - [@​rohit-gohri]
  • Fix Typos across danger-js Repo - [@​yohix]
  • Fix @octokit/rest deprecation warning when using .issues.addLabels() - [@​sogame]

v9.2.10

Compare Source

v9.2.9

Compare Source

  • Bitbucket Cloud: Allow DangerCI to get UUID from Bitbucket - [@​hellocore]
  • Update docs for GitLab - [@​orta]

v9.2.8

Compare Source

v9.2.7

Compare Source

  • Maybe fix deploys to GPR for Docker - [@​orta]

v9.2.6

Compare Source

  • Add support for Cirrus CI - [@​RDIL]

v9.2.5

Compare Source

  • Remove additional danger from pr generated json - [@​f-meloni]

v9.2.4

Compare Source

v9.2.3

Compare Source

v9.2.2

Compare Source

v9.2.1

Compare Source

v9.2.0

Compare Source

v9.1.8

Compare Source

  • Get GitHub Actions event file pathname from env variable - [@​IljaDaderko]

v9.1.7

Compare Source

  • GitHub Actions docs update - [@​orta]

v9.1.5

Compare Source

v9.1.4

Compare Source

  • Use new env BITBUCKET_REPO_FULL_NAME in bitbucket pipeline. - [@​Soyn]
  • Take commit hash from CI Source if available - [@​f-meloni]

v9.1.3

Compare Source

v9.1.1

Compare Source

  • If you want to rebase/retry this PR, check this box

@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot added the security fix Security fix generated by WhiteSource label Mar 26, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency danger to v11 Update dependency danger to v11 - autoclosed Mar 27, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot deleted the whitesource-remediate/danger-11.x branch March 27, 2023 03:09
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency danger to v11 - autoclosed Update dependency danger to v11 Mar 30, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot restored the whitesource-remediate/danger-11.x branch March 30, 2023 11:18
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency danger to v11 Update dependency danger to v11 - autoclosed Apr 23, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot deleted the whitesource-remediate/danger-11.x branch April 23, 2023 21:00
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency danger to v11 - autoclosed Update dependency danger to v11 Apr 24, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot restored the whitesource-remediate/danger-11.x branch April 24, 2023 19:11
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot force-pushed the whitesource-remediate/danger-11.x branch from 6c9a2e9 to e436527 Compare April 25, 2023 04:59
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency danger to v11 Update dependency danger to v11 - autoclosed Jun 16, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot deleted the whitesource-remediate/danger-11.x branch June 16, 2023 03:06
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot changed the title Update dependency danger to v11 - autoclosed Update dependency danger to v11 Jun 19, 2023
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot restored the whitesource-remediate/danger-11.x branch June 19, 2023 12:58
@mend-for-github.aaakk.us.kg mend-for-github.aaakk.us.kg bot force-pushed the whitesource-remediate/danger-11.x branch from e436527 to 2d7f7dd Compare June 19, 2023 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants