barlock

barlock

Member Since 8 years ago

IBM,

Experience Points
19
follower
Lessons Completed
0
follow
Lessons Completed
18
stars
Best Reply Awards
80
repos

42 contributions in the last year

Pinned
⚡ Bot to enter twitter contests via retweets
⚡ :clapper: Command line utility for synchronizing Plex watched / seen status
⚡ Automatically exported from code.google.com/p/sportsync
⚡ React Native icons build with svg. Complete customization of icon svgs
⚡ OpenID authentication strategy for Passport and Node.js.
⚡ OpenID for Node.js
Activity
Jan
19
1 week ago
Activity icon
issue

barlock issue comment slackapi/bolt-js

barlock
barlock

PleaseUpgradeNode issues with NCC/Webpack

Description

When building a bolt app with ncc (which uses webpack) pleaseUpgradeNode in the index breaks as it can't find your package.json. I have a monorepo and it picked up my root package.json (which didn't have engines in it).

Error:

/dist/webpack:/node_modules/please-upgrade-node/index.js:5
  var requiredVersion = pkg.engines.node.replace('>=', '')
^
TypeError: Cannot read property 'replace' of undefined
    at pleaseUpgradeNode (/dist/webpack:/node_modules/please-upgrade-node/index.js:5:1)
    at Object.36141 (/dist/webpack:/node_modules/@slack/bolt/dist/index.js:20:1)

Possible solutions:

It strikes me that please-upgrade-node is designed for CLI tools, not libraries. Simply embedding the engine config into the index would work great, It does introduce some duplication though. You distribute your own webpack'd version of the library, maybe you can build it in? Lots of good solutions out there.

After combing through the generated files I found a workaround for me that I just need to add an engines.node block into my own package, but that wasn't the intentions of the bolt authors I assume.

What type of issue is this? (place an x in one of the [ ])

  • bug
  • enhancement (feature request)
  • question
  • documentation related
  • example code related
  • testing related
  • discussion

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

NA

Steps to reproduce:

  1. Take an example bolt app,
  2. build it with ncc into dist (something like ncc build src/index.ts -o dist)
  3. node dist/index.js
  4. See error above

Expected result:

The app should run as normal

Actual result:

The error at the top

Attachments:

Logs, screenshots, screencast, sample project, funny gif, etc.

barlock
barlock

I made a repo to reproduce: https://github.com/barlock/bolt-issue-repro

After cloning:

  1. Install deps yarn install
  2. use ncc to compile yarn build
  3. start the built app and get error yarn start

I'm honestly not sure what the difference is between your steps and mine. I thought it might be typescript, but that doesn't appear to be it. I'll be curious if you can reproduce with my repo.

Activity icon
created branch
createdAt 1 week ago
Activity icon
created repository
createdAt 1 week ago
Activity icon
issue

barlock issue slackapi/bolt-js

barlock
barlock

PleaseUpgradeNode issues with NCC/Webpack

Description

When building a bolt app with ncc (which uses webpack) pleaseUpgradeNode in the index breaks as it can't find your package.json. I have a monorepo and it picked up my root package.json (which didn't have engines in it).

Error:

/dist/webpack:/node_modules/please-upgrade-node/index.js:5
  var requiredVersion = pkg.engines.node.replace('>=', '')
^
TypeError: Cannot read property 'replace' of undefined
    at pleaseUpgradeNode (/dist/webpack:/node_modules/please-upgrade-node/index.js:5:1)
    at Object.36141 (/dist/webpack:/node_modules/@slack/bolt/dist/index.js:20:1)

Possible solutions:

It strikes me that please-upgrade-node is designed for CLI tools, not libraries. Simply embedding the engine config into the index would work great, It does introduce some duplication though. You distribute your own webpack'd version of the library, maybe you can build it in? Lots of good solutions out there.

After combing through the generated files I found a workaround for me that I just need to add an engines.node block into my own package, but that wasn't the intentions of the bolt authors I assume.

What type of issue is this? (place an x in one of the [ ])

  • bug
  • enhancement (feature request)
  • question
  • documentation related
  • example code related
  • testing related
  • discussion

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

NA

Steps to reproduce:

  1. Take an example bolt app,
  2. build it with ncc into dist (something like ncc build src/index.ts -o dist)
  3. node dist/index.js
  4. See error above

Expected result:

The app should run as normal

Actual result:

The error at the top

Attachments:

Logs, screenshots, screencast, sample project, funny gif, etc.

Jan
6
3 weeks ago
Activity icon
fork

barlock forked zsh-users/zsh-syntax-highlighting

⚡ Fish shell like syntax highlighting for Zsh.
barlock BSD 3-Clause "New" or "Revised" License Updated
fork time in 2 weeks ago
Jan
3
3 weeks ago
Activity icon
created branch

barlock in IBM/slack-wrench create branch main

createdAt 3 weeks ago
Activity icon
delete

barlock in IBM/slack-wrench delete branch master

deleted time in 3 weeks ago
push

barlock push IBM/slack-wrench

barlock
barlock

chore: update default branch to main (#122)

commit sha: a928ba283d7b4cb3bf6c87c49261a8995f990120

push time in 3 weeks ago
Activity icon
delete

barlock in IBM/slack-wrench delete branch update-to-main

deleted time in 3 weeks ago
pull request

barlock pull request IBM/slack-wrench

barlock
barlock

chore: update default branch to main

Related PRs
This PR is not dependent on any other PR

What does this PR do?
Words matter. Updating master to main -> https://github.com/github/renaming

What gif most accurately describes how I feel towards this PR?

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

chore: update default branch to main

Related PRs
This PR is not dependent on any other PR

What does this PR do?
Words matter. Updating master to main -> https://github.com/github/renaming

What gif most accurately describes how I feel towards this PR?

Activity icon
created branch

barlock in IBM/slack-wrench create branch update-to-main

createdAt 3 weeks ago
push

barlock push IBM/slack-wrench

barlock
barlock

chore: update eslint packages and config (#119)

commit sha: f1ef963f69fe65853e6875a1dc9b89bdaa8edfd4

push time in 3 weeks ago
Activity icon
delete

barlock in IBM/slack-wrench delete branch update-eslint

deleted time in 3 weeks ago
pull request

barlock pull request IBM/slack-wrench

barlock
barlock

chore: update eslint packages and config

Related PRs
This PR is not dependent on any other PR

What does this PR do?
Cleaning up eslint packages as a guard for later updating work.

Description of Changes
Bump packages, fix issues.

What gif most accurately describes how I feel towards this PR?

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump aws-sdk from 2.730.0 to 2.1030.0

Bumps aws-sdk from 2.730.0 to 2.1030.0.

Release notes

Sourced from aws-sdk's releases.

Release v2.1030.0

See changelog for more information.

Release v2.1029.0

See changelog for more information.

Release v2.1028.0

See changelog for more information.

Release v2.1027.0

See changelog for more information.

Release v2.1026.0

See changelog for more information.

Release v2.1025.0

See changelog for more information.

Release v2.1024.0

See changelog for more information.

Release v2.1023.0

See changelog for more information.

Release v2.1022.0

See changelog for more information.

Release v2.1021.0

See changelog for more information.

Release v2.1020.0

See changelog for more information.

Release v2.1019.0

See changelog for more information.

Release v2.1018.0

See changelog for more information.

Release v2.1017.0

See changelog for more information.

Release v2.1016.0

See changelog for more information.

Release v2.1015.0

See changelog for more information.

Release v2.1014.0

See changelog for more information.

... (truncated)

Changelog

Sourced from aws-sdk's changelog.

2.1030.0

  • feature: CloudTrail: CloudTrail Insights now supports ApiErrorRateInsight, which enables customers to identify unusual activity in their AWS account based on API error codes and their rate.
  • feature: Location: This release adds the support for Relevance, Distance, Time Zone, Language and Interpolated Address for Geocoding and Reverse Geocoding.
  • feature: S3Control: Support FIPS for S3 Outposts
  • feature: s3util: Add allowFipsEndpoint option in validateArnRegion

2.1029.0

  • feature: AppStream: This release includes support for images of AmazonLinux2 platform type.
  • feature: DMS: Add Settings in JSON format for the source GCP MySQL endpoint
  • feature: EC2: Adds a new VPC Subnet attribute "EnableDns64." When enabled on IPv6 Subnets, the Amazon-Provided DNS Resolver returns synthetic IPv6 addresses for IPv4-only destinations.
  • feature: EKS: Adding Tags support to Cluster Registrations.
  • feature: MigrationHubStrategy: AWS SDK for Migration Hub Strategy Recommendations. It includes APIs to start the portfolio assessment, import portfolio data for assessment, and to retrieve recommendations. For more information, see the AWS Migration Hub documentation at https://docs.aws.amazon.com/migrationhub/index.html
  • feature: SSM: Adds support for Session Reason and Max Session Duration for Systems Manager Session Manager.
  • feature: Transfer: AWS Transfer Family now supports integrating a custom identity provider using AWS Lambda
  • feature: WAFV2: Your options for logging web ACL traffic now include Amazon CloudWatch Logs log groups and Amazon S3 buckets.

2.1028.0

  • feature: Connect: This release adds APIs for creating and managing scheduled tasks. Additionally, adds APIs to describe and update a contact and list associated references.
  • feature: DevOpsGuru: Add support for cross account APIs.
  • feature: EC2: C6i instances are powered by a third-generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz. G5 instances feature up to 8 NVIDIA A10G Tensor Core GPUs and second generation AMD EPYC processors.
  • feature: MediaConvert: AWS Elemental MediaConvert SDK has added automatic modes for GOP configuration and added the ability to ingest screen recordings generated by Safari on MacOS 12 Monterey.
  • feature: SSM: This Patch Manager release supports creating Patch Baselines for RaspberryPi OS (formerly Raspbian)
  • feature: endpoint: Add useDualstackEndpoint configuration

2.1027.0

  • feature: EC2: This release provides an additional route target for the VPC route table.
  • feature: Translate: This release enables customers to import Multi-Directional Custom Terminology and use Multi-Directional Custom Terminology in both real-time translation and asynchronous batch translation.
  • feature: endpoint: Add useFipsEndpoint configuration

2.1026.0

  • feature: Backup: AWS Backup SDK provides new options when scheduling backups: select supported services and resources that are assigned to a particular tag, linked to a combination of tags, or can be identified by a partial tag value, and exclude resources from their assignments.
  • feature: ECS: This release adds support for container instance health.
  • feature: Resiliencehub: Initial release of AWS Resilience Hub, a managed service that enables you to define, validate, and track the resilience of your applications on AWS
  • feature: endpoint: Move FIPS rules to a separate section in region_config

2.1025.0

  • feature: Batch: Adds support for scheduling policy APIs.
  • feature: GreengrassV2: This release adds support for Greengrass core devices running Windows. You can now specify name of a Windows user to run a component.

2.1024.0

  • feature: ChimeSDKMeetings: Updated format validation for ids and regions.
  • feature: EC2: This release adds internal validation on the GatewayAssociationState field
  • feature: SageMaker: SageMaker CreateEndpoint and UpdateEndpoint APIs now support additional deployment configuration to manage traffic shifting options and automatic rollback monitoring. DescribeEndpoint now shows new in-progress deployment details with stage status.
  • feature: WAFV2: You can now configure rules to run a CAPTCHA check against web requests and, as needed, send a CAPTCHA challenge to the client.

2.1023.0

  • feature: EC2: DescribeInstances now returns customer-owned IP addresses for instances running on an AWS Outpost.
  • feature: Translate: This release enable customers to use their own KMS keys to encrypt output files when they submit a batch transform job.

2.1022.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump tmpl from 1.0.4 to 1.0.5

Bumps tmpl from 1.0.4 to 1.0.5.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump hosted-git-info from 2.8.8 to 2.8.9

Bumps hosted-git-info from 2.8.8 to 2.8.9.

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump tar from 4.4.13 to 4.4.19

Bumps tar from 4.4.13 to 4.4.19.

Commits
  • 9a6faa0 4.4.19
  • 70ef812 drop dirCache for symlink on all platforms
  • 3e35515 4.4.18
  • 52b09e3 fix: prevent path escape using drive-relative paths
  • bb93ba2 fix: reserve paths properly for unicode, windows
  • 2f1bca0 fix: prune dirCache properly for unicode, windows
  • 9bf70a8 4.4.17
  • 6aafff0 fix: skip extract if linkpath is stripped entirely
  • 5c5059a fix: reserve paths case-insensitively
  • fd6accb 4.4.16
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump path-parse from 1.0.6 to 1.0.7

Bumps path-parse from 1.0.6 to 1.0.7.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump ws from 7.3.1 to 7.4.6

Bumps ws from 7.3.1 to 7.4.6.

Release notes

Sourced from ws's releases.

7.4.6

Bug fixes

  • Fixed a ReDoS vulnerability (00c425ec).

A specially crafted value of the Sec-Websocket-Protocol header could be used to significantly slow down a ws server.

for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) {
  const value = 'b' + ' '.repeat(length) + 'x';
  const start = process.hrtime.bigint();

value.trim().split(/ *, */);

const end = process.hrtime.bigint();

console.log('length = %d, time = %f ns', length, end - start); }

The vulnerability was responsibly disclosed along with a fix in private by Robert McLaughlin from University of California, Santa Barbara.

In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.

7.4.5

Bug fixes

  • UTF-8 validation is now done even if utf-8-validate is not installed (23ba6b29).
  • Fixed an edge case where websocket.close() and websocket.terminate() did not close the connection (67e25ff5).

7.4.4

Bug fixes

  • Fixed a bug that could cause the process to crash when using the permessage-deflate extension (92774377).

7.4.3

Bug fixes

  • The deflate/inflate stream is now reset instead of reinitialized when context takeover is disabled (#1840).

7.4.2

Bug fixes

... (truncated)

Commits
  • f5297f7 [dist] 7.4.6
  • 00c425e [security] Fix ReDoS vulnerability
  • 990306d [lint] Fix prettier error
  • 32e3a84 [security] Remove reference to Node Security Project
  • 8c914d1 [minor] Fix nits
  • fc7e27d [ci] Test on node 16
  • 587c201 [ci] Do not test on node 15
  • f672710 [dist] 7.4.5
  • 67e25ff [fix] Fix case where abortHandshake() does not close the connection
  • 23ba6b2 [fix] Make UTF-8 validation work even if utf-8-validate is not installed
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump lodash from 4.17.19 to 4.17.21

Bumps lodash from 4.17.19 to 4.17.21.

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump handlebars from 4.7.6 to 4.7.7

Bumps handlebars from 4.7.6 to 4.7.7.

Changelog

Sourced from handlebars's changelog.

v4.7.7 - February 15th, 2021

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#1736) - b6d3de7
  • fix: escape property names in compat mode (#1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

Commits
  • a9a8e40 v4.7.7
  • e66aed5 Update release notes
  • 7d4d170 disable IE in Saucelabs tests
  • eb860c0 fix weird error in integration tests
  • b6d3de7 fix: check prototype property access in strict-mode (#1736)
  • f058970 fix: escape property names in compat mode (#1736)
  • 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
  • 3789a30 chore: start testing on Node.js 12 and 13
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump underscore from 1.10.2 to 1.13.1

Bumps underscore from 1.10.2 to 1.13.1.

Commits
  • 943977e Merge branch 'umd-alias', tag 1.13.1 release
  • 5630f88 Add version 1.13.1 to the change log
  • 5aa5b52 Update the bundle sizes
  • 76c8d8a Bump the version to 1.13.1
  • 9cda0b0 Add some build clarifications to the documentation (#2923)
  • 8b5928c Revert .gitignore underscore.js from 57a4a0e (fix #2923)
  • 7054a54 Update generated sources and tag 1.13.0 release
  • 37dc52a Merge pull request #2921 from jgonggrijp/prepare-1.13.0
  • 5511d12 Add version 1.13.0 to the change log
  • efe5fbf Bump the version to 1.13.0
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump ssri from 6.0.1 to 6.0.2

Bumps ssri from 6.0.1 to 6.0.2.

Changelog

Sourced from ssri's changelog.

6.0.2 (2021-04-07)

Bug Fixes

  • backport regex change from 8.0.1 (b30dfdb), closes #19

Commits
Maintainer changes

This version was pushed to npm by nlf, a new releaser for ssri since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump y18n from 3.2.1 to 3.2.2

Bumps y18n from 3.2.1 to 3.2.2.

Commits
Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

Bump ini from 1.3.5 to 1.3.8

Bumps ini from 1.3.5 to 1.3.8.

Commits
  • a2c5da8 1.3.8
  • af5c6bb Do not use Object.create(null)
  • 8b648a1 don't test where our devdeps don't even work
  • c74c8af 1.3.7
  • 024b8b5 update deps, add linting
  • 032fbaf Use Object.create(null) to avoid default object property hazards
  • 2da9039 1.3.6
  • cfea636 better git push script, before publish instead of after
  • 56d2805 do not allow invalid hazardous string as section name
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

pull request

barlock pull request IBM/slack-wrench

barlock
barlock

chore: update eslint packages and config

Related PRs
This PR is not dependent on any other PR

What does this PR do?
Cleaning up eslint packages as a guard for later updating work.

Description of Changes
Bump packages, fix issues.

What gif most accurately describes how I feel towards this PR?

Activity icon
created branch

barlock in IBM/slack-wrench create branch update-eslint

createdAt 3 weeks ago
Dec
22
1 month ago
Activity icon
issue

barlock issue comment mikelawrence/aiosenseme

barlock
barlock

feat: support smartmode params

In support of: https://github.com/mikelawrence/senseme-hacs/issues/33

Adds support for setting and reading smartmode parameters

barlock
barlock

I would happily accept a maintainership.

You can use my fork in home assistant by setting up my fork of senseme-hacs as a custom repo in hacks https://github.com/barlock/senseme-hacs. I've been using it happily ever since I made the PRs.

Previous