Skip to content
This repository has been archived by the owner on Apr 25, 2023. It is now read-only.

build(deps): bump luxon and @types/luxon #228

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump luxon and @types/luxon #228

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 26, 2023

Bumps luxon and @types/luxon. These dependencies needed to be updated together.
Updates luxon from 2.3.1 to 3.2.1

Changelog

Sourced from luxon's changelog.

Changelog

3.2.0 (2022-12-29)

  • Allow timeZone to be specified as an intl option
  • Fix for diff's handling of end-of-month when crossing leap years (#1340)
  • Add Interval.toLocaleString() (#1320)

3.1.1 (2022-11-28)

  • Add Settings.twoDigitCutoffYear

3.1.0 (2022-10-31)

  • Add Duration.rescale

3.0.4 (2022-09-24)

  • Fix quarters in diffs (#1279)
  • Export package.json in package (#1239)

3.0.2 (2022-08-28)

  • Lots of doc changes
  • Added DateTime.expandFormat
  • Added support for custom conversion matrices in Durations

3.0.1 (2022-07-09)

  • Add DateTime.parseFormatForOpts

3.0.0 (2022-07-09)

  • Add "default" as an option for specifying a zone, and change "system" to really mean the system zone (breaking change)

2.5.0 (2022-07-09)

  • Support for ESM-style node imports
  • Fix Wednesday parsing for RFC 850 strings
  • Increase number of digits allowed in ISO durations

2.4.0 (2022-05-08)

  • Add support for parsing the ISO zone extension, like 2022-05-08T20:42:00.000-04:00[America/New_York]
  • Add an extendedZone option to toISO() and toISOTime
  • Improvements to DateTime.isInDST()
  • Fix for parsing in Vietnames (and probably other languages)

2.3.2 (2022-04-17)

... (truncated)

Commits

Updates @types/luxon from 2.3.0 to 3.2.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump luxon and @types/luxon
5e5a5b4 
Bumps [luxon](https://github.com/moment/luxon) and [@types/luxon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/luxon). These dependencies needed to be updated together.

Updates `luxon` from 2.3.1 to 3.2.1
- [Release notes](https://github.com/moment/luxon/releases)
- [Changelog](https://github.com/moment/luxon/blob/master/CHANGELOG.md)
- [Commits](moment/luxon@2.3.1...3.2.1)

Updates `@types/luxon` from 2.3.0 to 3.2.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/luxon)

---
updated-dependencies:
- dependency-name: luxon
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: "@types/luxon"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 26, 2023
@dependabot dependabot bot mentioned this pull request Jan 26, 2023
Closed
@ImagineBuildBot
Copy link

Scan submitted to Checkmarx

@ImagineBuildBot
Copy link

Logo
Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 70 vulnerabilities
High 33 High
Medium 37 Medium
Low 0 Low
Info 0 Info

Checkmarx Scan Summary

Severity Count
High 33
Medium 37
Low 0
Informational 0

Violation Summary

High 28 High
Medium 21 Medium

View more details on Checkmarx UI

Cx-SAST Details

Lines Severity Category File Link
81 Medium Unchecked_Input_For_Loop_Condition plugins/catalog-graph/src/components/CatalogGraphPage/useCatalogGraphPage.ts Checkmarx
73 Medium Privacy_Violation plugins/todo-backend/src/service/router.ts Checkmarx
172 Medium Privacy_Violation plugins/scaffolder-backend/src/service/router.ts Checkmarx
89 Medium Missing_HSTS_Header contrib/catalog/ImmediateEntityProvider.ts Checkmarx
91 116 Medium Client_ReDoS_From_Regex_Injection plugins/catalog-backend-module-github/src/GithubDiscoveryProcessor.test.ts Checkmarx
102 121 126 129 130 151 161 Medium Client_ReDoS_From_Regex_Injection plugins/catalog-backend-module-bitbucket/src/BitbucketDiscoveryProcessor.ts Checkmarx
198 219 Medium Client_ReDoS_From_Regex_Injection plugins/catalog-backend-module-bitbucket/src/BitbucketDiscoveryProcessor.test.ts Checkmarx
104 Medium Client_ReDoS_From_Regex_Injection plugins/catalog-backend-module-github/src/GithubDiscoveryProcessor.ts Checkmarx
155 Medium Client_Privacy_Violation plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucket.ts Checkmarx
221 Medium Client_Privacy_Violation packages/backend-common/src/scm/git.ts Checkmarx
168 Medium Client_Privacy_Violation packages/integration/src/bitbucket/core.ts Checkmarx
90 Medium Client_Privacy_Violation plugins/auth-backend/src/providers/microsoft/provider.ts Checkmarx
149 Medium Client_HTML5_Store_Sensitive_data_In_Web_Storage packages/core-app-api/src/lib/AuthSessionManager/AuthSessionStore.ts Checkmarx
77 100 High Stored_XSS plugins/code-coverage-backend/src/service/CodeCoverageDatabase.ts Checkmarx
40 High Reflected_XSS plugins/app-backend/src/lib/assets/createStaticAssetMiddleware.ts Checkmarx
50 High Reflected_XSS plugins/periskop-backend/src/service/router.ts Checkmarx
372 High Reflected_XSS plugins/techdocs-node/src/stages/publish/awsS3.ts Checkmarx
335 High Reflected_XSS plugins/techdocs-node/src/stages/publish/azureBlobStorage.ts Checkmarx
48 86 High Reflected_XSS plugins/badges-backend/src/service/router.ts Checkmarx
53 59 65 66 72 73 79 80 High Reflected_XSS plugins/rollbar-backend/src/service/router.ts Checkmarx
108 High Reflected_XSS plugins/search-backend/src/service/router.ts Checkmarx
46 83 High Reflected_XSS plugins/jenkins-backend/src/service/router.ts Checkmarx
44 High Reflected_XSS plugins/bazaar-backend/src/service/router.ts Checkmarx
242 High Reflected_XSS plugins/techdocs-node/src/stages/publish/openStackSwift.ts Checkmarx
126 129 130 High Prototype_Pollution plugins/catalog-backend-module-bitbucket/src/BitbucketDiscoveryProcessor.ts Checkmarx
36 High Insecure_Storage_of_Sensitive_Data plugins/auth-backend/src/service/standaloneServer.ts Checkmarx
30 High Client_DOM_XSS plugins/catalog-backend/src/util/conversion.ts Checkmarx
62 High Client_DOM_XSS plugins/git-release-manager/src/hooks/useQueryHandler.ts Checkmarx
64 High Client_DOM_XSS plugins/gcp-projects/src/components/ProjectDetailsPage/ProjectDetailsPage.tsx Checkmarx

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ImagineBuildBot