significa

significa

Member Since 5 years ago

Porto, Portugal

Experience Points
0
follower
Lessons Completed
0
follow
Best Reply Awards
15
repos
Activity
May
14
4 days ago
May
11
1 week ago
Apr
29
2 weeks ago
pull request

dependabot[bot] pull request significa/react-snuggle

dependabot[bot]
dependabot[bot]

build(deps): bump async from 2.6.3 to 2.6.4

Bumps async from 2.6.3 to 2.6.4.

Changelog

Sourced from async's changelog.

v2.6.4

  • Fix potential prototype pollution exploit (#1828)
Commits
Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Activity icon
created branch

dependabot[bot] in significa/react-snuggle create branch dependabot/npm_and_yarn/async-2.6.4

createdAt 2 weeks ago
started
started time in 2 weeks ago
Apr
28
2 weeks ago
started
started time in 2 weeks ago
Apr
25
3 weeks ago
Activity icon
issue

jeffubayi issue comment significa/frontend-challenge

jeffubayi
jeffubayi

Jeff

WhatsIn - movie search web app

jeffubayi
jeffubayi

Hello @jeffubayi

First of all, thank you for your submission!

I took a look at your code, tested your project and I left a few comments.

Here are some general thoughts:

  • The search function is not user-friendly. Since the design doesn't have a "search" button, the search button should run without having to press the "Enter" key. Debouncing the search would be even better, delaying the request while the user is typing.
  • You should store the selected movie id. This way, when refreshing the Movie Details page, you won't "lose" the select movie id.
  • I noticed you used Roboto as the project's font, but you used it as a local font. Any users that don't have Roboto installed on their machine, will not display that font.
  • Some components were different from the provided prototype in terms of design.

If you have any questions or thoughts about my review be free to contact me. Have a great day!

Hey @darosadev , thanks for taking your time to review my PR. I literally agree with you in all of the suggestions you made on my code, thats why I took the initiative to resolve all of the issues. If you get time please have another look at the recent commits and keep me in the loop. Thanks and FYI here is a deployed instance for visual testing https://whats-in-pi.vercel.app/

Apr
20
4 weeks ago
Activity icon
fork

JoaoGomes5 forked significa/frontend-challenge

fork time in 3 weeks ago
open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

The only difference between most Texts is the color. There's no real need to have them sorted in different Text components. The Typography component is already enough. You should use it instead.

Having typography as a div is not a good idea. It should be a heading or a paragraph.

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Although you name your components the proper way, it's also part of the convention to name the file using PascalCase and not camelCase. So in this case, the file should also be BackButton

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Even if you didn't store the favorite movies in localStorage, this button should at least switch between states.

pull request

darosadev merge to significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Hello @jeffubayi

First of all, thank you for your submission!

I took a look at your code, tested your project and I left a few comments.

Here are some general thoughts:

  • The search function is not user-friendly. Since the design doesn't have a "search" button, the search button should run without having to press the "Enter" key. Debouncing the search would be even better, delaying the request while the user is typing.
  • You should store the selected movie id. This way, when refreshing the Movie Details page, you won't "lose" the select movie id.
  • I noticed you used Roboto as the project's font, but you used it as a local font. Any users that don't have Roboto installed on their machine, will not display that font.
  • Some components were different from the provided prototype in terms of design.

If you have any questions or thoughts about my review be free to contact me. Have a great day!

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

This function could have been used in the Movie Details to add some action to its "Add to Favourites" button.

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

This button is definitely not visible to most users. It blends with the background

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Avoid using any unless it's absolutely required. children is usually typed with JSX.Element

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Since you created the request in an internal API, why not use it here? You created the API request, but it seems you are not using it

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Using environment variables is a better idea than having an API key public like this.

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

It looks like this file is not useful

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Same here but with the Rotten Tomatoes logo

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Suggestion: Since you are using theme, you could also have all these colors in there too. They wouldn't change between themes, but they would be indexed there.

open pull request

darosadev wants to merge significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

You could have used the IMDB logo here since it was provided to you.

pull request

darosadev merge to significa/frontend-challenge

darosadev
darosadev

Jeff

WhatsIn - movie search web app

darosadev
darosadev

Hello @jeffubayi

First of all, thank you for your submission!

I took a look at your code, tested your project and I left a few comments.

Here are some general thoughts:

  • The search function is not user-friendly. Since the design doesn't have a "search" button, the search button should run without having to press the "Enter" key. Debouncing the search would be even better, delaying the request while the user is typing.
  • You should store the selected movie id. This way, when refreshing the Movie Details page, you won't "lose" the select movie id.
  • I noticed you used Roboto as the project's font, but you used it as a local font. Any users that don't have Roboto installed on their machine, will not display that font.
  • Some components were different from the provided prototype in terms of design.

If you have any questions or thoughts about my review be free to contact me. Have a great day!

Apr
12
1 month ago
Apr
9
1 month ago
pull request

dependabot[bot] pull request significa/significa.co

dependabot[bot]
dependabot[bot]

build(deps): bump moment from 2.24.0 to 2.29.2

Bumps moment from 2.24.0 to 2.29.2.

Changelog

Sourced from moment's changelog.

2.29.2 See full changelog

  • Release Apr 3 2022

Address https://github.com/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

  • Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

  • Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

  • Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

  • Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

  • Release May 19, 2020

TypeScript fixes and many locale improvements

2.25.3

  • Release May 4, 2020

Remove package.json module property. It looks like webpack behaves differently for modules loaded via module vs jsnext:main.

2.25.2

  • Release May 4, 2020

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Activity icon
created branch

dependabot[bot] in significa/significa.co create branch dependabot/npm_and_yarn/moment-2.29.2

createdAt 1 month ago
Apr
7
1 month ago
Activity icon
delete

dependabot[bot] in significa/significa-start delete branch dependabot/npm_and_yarn/node-fetch-2.6.7

deleted time in 1 month ago
pull request

dependabot[bot] pull request significa/significa-start

dependabot[bot]
dependabot[bot]

chore(deps): bump node-fetch from 2.6.1 to 2.6.7

Bumps node-fetch from 2.6.1 to 2.6.7.

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Activity icon
issue

dependabot[bot] issue comment significa/significa-start

dependabot[bot]
dependabot[bot]

chore(deps): bump node-fetch from 2.6.1 to 2.6.7

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps node-fetch from 2.6.1 to 2.6.7.

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7

v2.6.6

What's Changed

Full Changelog: https://github.com/node-fetch/node-fetch/compare/v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits
  • 1ef4b56 backport of #1449 (#1453)
  • 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
  • f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
  • b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
  • 18193c5 fix v2.6.3 that did not sending query params (#1301)
  • ace7536 fix: properly encode url with unicode characters (#1291)
  • 152214c Fix(package.json): Corrected main file path in package.json (#1274)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot]
dependabot[bot]

Looks like node-fetch is up-to-date now, so this is no longer needed.

pull request

dependabot[bot] pull request significa/significa-start

dependabot[bot]
dependabot[bot]

chore(deps): bump trim-off-newlines from 1.0.1 to 1.0.3

Bumps trim-off-newlines from 1.0.1 to 1.0.3.

Commits
  • c3b28d3 1.0.3
  • 6226c95 Merge pull request #4 from Trott/fix-it-again
  • c77691d fix: remediate ReDOS further
  • 76ca93c chore: pin mocha to version that works with 0.10.x
  • 8cd3f73 1.0.2
  • fcbb73d Merge pull request #3 from Trott/patch-1
  • 6d89476 fix: update regular expression to remove ReDOS
  • 0cd87f5 chore: pin xo to latest version that works with current code
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by trott, a new releaser for trim-off-newlines since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Previous