chore: bump braces from 3.0.2 to 3.0.3 #350
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/braces-3.0.3
branch
from
3e14429
to
7c5d153
Compare
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
steveluscher
force-pushed
the
dependabot/npm_and_yarn/braces-3.0.3
branch
from
7c5d153
to
7a2e0fb
Compare
nibty
added a commit
to FairCrypto/xolana-explorer
that referenced
this pull request
Oct 25, 2024
* chore: fix comment (solana-labs#346) Signed-off-by: finaltrip <[email protected]> * chore: bump tough-cookie from 4.1.2 to 4.1.4 (solana-labs#356) Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.1.2 to 4.1.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/salesforce/tough-cookie/releases">tough-cookie's releases</a>.</em></p> <blockquote> <h2>v4.1.4</h2> <p><a href="https://www.npmjs.com/package/tough-cookie/v/4.1.4">https://www.npmjs.com/package/tough-cookie/v/4.1.4</a></p> <h2>What's Changed</h2> <ul> <li>Add local alias for <code>toString</code> by <a href="https://github.com/corvidism"><code>@corvidism</code></a> in <a href="https://redirect.github.com/salesforce/tough-cookie/pull/409">salesforce/tough-cookie#409</a></li> <li>Fix incorrect string validation for URL by <a href="https://github.com/coditva"><code>@coditva</code></a> in <a href="https://redirect.github.com/salesforce/tough-cookie/pull/261">salesforce/tough-cookie#261</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/corvidism"><code>@corvidism</code></a> made their first contribution in <a href="https://redirect.github.com/salesforce/tough-cookie/pull/409">salesforce/tough-cookie#409</a></li> <li><a href="https://github.com/coditva"><code>@coditva</code></a> made their first contribution in <a href="https://redirect.github.com/salesforce/tough-cookie/pull/261">salesforce/tough-cookie#261</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4">https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4</a></p> <h2>4.1.3</h2> <p>Security fix for Prototype Pollution discovery in <a href="https://redirect.github.com/salesforce/tough-cookie/issues/282">#282</a>. This is a minor release, although output from the <code>inspect</code> utility is affected by this change, we felt this change was important enough to be pushed into the next patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/salesforce/tough-cookie/commit/cacbc37936bd4824693d885e1e65dca626ed3c8c"><code>cacbc37</code></a> Bump version to 4.1.4</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/a48fb3a6ba2bbce41595a20e1db56543d974057b"><code>a48fb3a</code></a> Add tests for url validation</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/50e69bf9372c13a1e573b77c179a879198a240e3"><code>50e69bf</code></a> Merge pull request <a href="https://redirect.github.com/salesforce/tough-cookie/issues/261">#261</a> from postmanlabs/fix/url-string-validation</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/1253d58825378c2327e3a71e2228b65812d1cf7c"><code>1253d58</code></a> Merge pull request <a href="https://redirect.github.com/salesforce/tough-cookie/issues/409">#409</a> from corvidism/validators-to-string</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/238367e2f1d8a2c72cc25cc80a6eeecb612983d6"><code>238367e</code></a> Add local alias for <code>toString</code></li> <li><a href="https://github.com/salesforce/tough-cookie/commit/4ff4d29f6cefd279a412b8d62a21142ebd410b36"><code>4ff4d29</code></a> 4.1.3 release preparation, update the package and lib/version to 4.1.3. (<a href="https://redirect.github.com/salesforce/tough-cookie/issues/284">#284</a>)</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e"><code>12d4747</code></a> Prevent prototype pollution in cookie memstore (<a href="https://redirect.github.com/salesforce/tough-cookie/issues/283">#283</a>)</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/f06b72d1d447f33dfa6222c0a3c0c5e063558248"><code>f06b72d</code></a> Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...</li> <li><a href="https://github.com/salesforce/tough-cookie/commit/cf6debd15f16df43030f36719251fcce0ed27dfc"><code>cf6debd</code></a> Fix incorrect string validation for URL</li> <li>See full diff in <a href="https://github.com/salesforce/tough-cookie/compare/v4.1.2...v4.1.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ccasey">ccasey</a>, a new releaser for tough-cookie since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/solana-labs/explorer/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump axios from 0.27.2 to 0.28.0 (solana-labs#331) Bumps [axios](https://github.com/axios/axios) from 0.27.2 to 0.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v0.28.0</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li>fix(security): fixed CVE-2023-45857 by backporting <code>withXSRFToken</code> option to v0.x (<a href="https://redirect.github.com/axios/axios/issues/6091">#6091</a>)</li> </ul> <h3>Backports from v1.x:</h3> <ul> <li>Allow null indexes on formSerializer and paramsSerializer v0.x (<a href="https://redirect.github.com/axios/axios/issues/4961">#4961</a>)</li> <li>Fixing content-type header repeated <a href="https://redirect.github.com/axios/axios/issues/4745">#4745</a></li> <li>Fixed timeout error message for HTTP 4738</li> <li>Added <code>axios.formToJSON</code> method (<a href="https://redirect.github.com/axios/axios/issues/4735">#4735</a>)</li> <li>URL params serializer (<a href="https://redirect.github.com/axios/axios/issues/4734">#4734</a>)</li> <li>Fixed toFormData Blob issue on node>v17 <a href="https://redirect.github.com/axios/axios/issues/4728">#4728</a></li> <li>Adding types for progress event callbacks <a href="https://redirect.github.com/axios/axios/issues/4675">#4675</a></li> <li>Fixed max body length defaults <a href="https://redirect.github.com/axios/axios/issues/4731">#4731</a></li> <li>Added data URL support for node.js (<a href="https://redirect.github.com/axios/axios/issues/4725">#4725</a>)</li> <li>Added isCancel type assert (<a href="https://redirect.github.com/axios/axios/issues/4293">#4293</a>)</li> <li>Added the ability for the <code>url-encoded-form</code> serializer to respect the <code>formSerializer</code> config (<a href="https://redirect.github.com/axios/axios/issues/4721">#4721</a>)</li> <li>Add <code>string[]</code> to <code>AxiosRequestHeaders</code> type (<a href="https://redirect.github.com/axios/axios/issues/4322">#4322</a>)</li> <li>Allow type definition for axios instance methods (<a href="https://redirect.github.com/axios/axios/issues/4224">#4224</a>)</li> <li>Fixed <code>AxiosError</code> stack capturing; (<a href="https://redirect.github.com/axios/axios/issues/4718">#4718</a>)</li> <li>Fixed <code>AxiosError</code> status code type; (<a href="https://redirect.github.com/axios/axios/issues/4717">#4717</a>)</li> <li>Adding Canceler parameters config and request (<a href="https://redirect.github.com/axios/axios/issues/4711">#4711</a>)</li> <li>fix(types): allow to specify partial default headers for instance creation (<a href="https://redirect.github.com/axios/axios/issues/4185">#4185</a>)</li> <li>Added <code>blob</code> to the list of protocols supported by the browser (<a href="https://redirect.github.com/axios/axios/issues/4678">#4678</a>)</li> <li>Fixing Z_BUF_ERROR when no content (<a href="https://redirect.github.com/axios/axios/issues/4701">#4701</a>)</li> <li>Fixed race condition on immediate requests cancellation (<a href="https://redirect.github.com/axios/axios/issues/4261">#4261</a>)</li> <li>Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance <a href="https://redirect.github.com/axios/axios/pull/4248">axios/axios#4248</a></li> <li>Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (<a href="https://redirect.github.com/axios/axios/issues/4229">#4229</a>)</li> <li>Fix TS definition for AxiosRequestTransformer (<a href="https://redirect.github.com/axios/axios/issues/4201">#4201</a>)</li> <li>Use type alias instead of interface for AxiosPromise (<a href="https://redirect.github.com/axios/axios/issues/4505">#4505</a>)</li> <li>Include request and config when creating a CanceledError instance (<a href="https://redirect.github.com/axios/axios/issues/4659">#4659</a>)</li> <li>Added generic TS types for the exposed toFormData helper (<a href="https://redirect.github.com/axios/axios/issues/4668">#4668</a>)</li> <li>Optimized the code that checks cancellation (<a href="https://redirect.github.com/axios/axios/issues/4587">#4587</a>)</li> <li>Replaced webpack with rollup (<a href="https://redirect.github.com/axios/axios/issues/4596">#4596</a>)</li> <li>Added stack trace to AxiosError (<a href="https://redirect.github.com/axios/axios/issues/4624">#4624</a>)</li> <li>Updated AxiosError.config to be optional in the type definition (<a href="https://redirect.github.com/axios/axios/issues/4665">#4665</a>)</li> <li>Removed incorrect argument for NetworkError constructor (<a href="https://redirect.github.com/axios/axios/issues/4656">#4656</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v0.28.0/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/axios/axios/compare/v0.27.2...v0.28.0">0.28.0</a> (2024-02-12)</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li>fix(security): fixed CVE-2023-45857 by backporting <code>withXSRFToken</code> option to v0.x (<a href="https://redirect.github.com/axios/axios/issues/6091">#6091</a>)</li> </ul> <h3>Backports from v1.x:</h3> <ul> <li>Allow null indexes on formSerializer and paramsSerializer v0.x (<a href="https://redirect.github.com/axios/axios/issues/4961">#4961</a>)</li> <li>Fixing content-type header repeated <a href="https://redirect.github.com/axios/axios/issues/4745">#4745</a></li> <li>Fixed timeout error message for HTTP 4738</li> <li>Added <code>axios.formToJSON</code> method (<a href="https://redirect.github.com/axios/axios/issues/4735">#4735</a>)</li> <li>URL params serializer (<a href="https://redirect.github.com/axios/axios/issues/4734">#4734</a>)</li> <li>Fixed toFormData Blob issue on node>v17 <a href="https://redirect.github.com/axios/axios/issues/4728">#4728</a></li> <li>Adding types for progress event callbacks <a href="https://redirect.github.com/axios/axios/issues/4675">#4675</a></li> <li>Fixed max body length defaults <a href="https://redirect.github.com/axios/axios/issues/4731">#4731</a></li> <li>Added data URL support for node.js (<a href="https://redirect.github.com/axios/axios/issues/4725">#4725</a>)</li> <li>Added isCancel type assert (<a href="https://redirect.github.com/axios/axios/issues/4293">#4293</a>)</li> <li>Added the ability for the <code>url-encoded-form</code> serializer to respect the <code>formSerializer</code> config (<a href="https://redirect.github.com/axios/axios/issues/4721">#4721</a>)</li> <li>Add <code>string[]</code> to <code>AxiosRequestHeaders</code> type (<a href="https://redirect.github.com/axios/axios/issues/4322">#4322</a>)</li> <li>Allow type definition for axios instance methods (<a href="https://redirect.github.com/axios/axios/issues/4224">#4224</a>)</li> <li>Fixed <code>AxiosError</code> stack capturing; (<a href="https://redirect.github.com/axios/axios/issues/4718">#4718</a>)</li> <li>Fixed <code>AxiosError</code> status code type; (<a href="https://redirect.github.com/axios/axios/issues/4717">#4717</a>)</li> <li>Adding Canceler parameters config and request (<a href="https://redirect.github.com/axios/axios/issues/4711">#4711</a>)</li> <li>fix(types): allow to specify partial default headers for instance creation (<a href="https://redirect.github.com/axios/axios/issues/4185">#4185</a>)</li> <li>Added <code>blob</code> to the list of protocols supported by the browser (<a href="https://redirect.github.com/axios/axios/issues/4678">#4678</a>)</li> <li>Fixing Z_BUF_ERROR when no content (<a href="https://redirect.github.com/axios/axios/issues/4701">#4701</a>)</li> <li>Fixed race condition on immediate requests cancellation (<a href="https://redirect.github.com/axios/axios/issues/4261">#4261</a>)</li> <li>Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance <a href="https://redirect.github.com/axios/axios/pull/4248">axios/axios#4248</a></li> <li>Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (<a href="https://redirect.github.com/axios/axios/issues/4229">#4229</a>)</li> <li>Fix TS definition for AxiosRequestTransformer (<a href="https://redirect.github.com/axios/axios/issues/4201">#4201</a>)</li> <li>Use type alias instead of interface for AxiosPromise (<a href="https://redirect.github.com/axios/axios/issues/4505">#4505</a>)</li> <li>Include request and config when creating a CanceledError instance (<a href="https://redirect.github.com/axios/axios/issues/4659">#4659</a>)</li> <li>Added generic TS types for the exposed toFormData helper (<a href="https://redirect.github.com/axios/axios/issues/4668">#4668</a>)</li> <li>Optimized the code that checks cancellation (<a href="https://redirect.github.com/axios/axios/issues/4587">#4587</a>)</li> <li>Replaced webpack with rollup (<a href="https://redirect.github.com/axios/axios/issues/4596">#4596</a>)</li> <li>Added stack trace to AxiosError (<a href="https://redirect.github.com/axios/axios/issues/4624">#4624</a>)</li> <li>Updated AxiosError.config to be optional in the type definition (<a href="https://redirect.github.com/axios/axios/issues/4665">#4665</a>)</li> <li>Removed incorrect argument for NetworkError constructor (<a href="https://redirect.github.com/axios/axios/issues/4656">#4656</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/3b7635aefc842c05da0ec8c90e8bd09cb54616b8"><code>3b7635a</code></a> [Release] v0.28.0 (<a href="https://redirect.github.com/axios/axios/issues/6211">#6211</a>)</li> <li><a href="https://github.com/axios/axios/commit/27c007656d8d7ffe780248edc531949d744450b7"><code>27c0076</code></a> feat(backport): added ability for paramsSerializer to handle function; (<a href="https://redirect.github.com/axios/axios/issues/6227">#6227</a>)</li> <li><a href="https://github.com/axios/axios/commit/80c3d74544197e83ee268b24f9cc1428e04d766c"><code>80c3d74</code></a> chore(ci): backported publish action; (<a href="https://redirect.github.com/axios/axios/issues/6224">#6224</a>)</li> <li><a href="https://github.com/axios/axios/commit/2755df562b9c194fba6d8b609a383443f6a6e967"><code>2755df5</code></a> fix(security): fixed CVE-2023-45857 by backporting <code>withXSRFToken</code> option to ...</li> <li><a href="https://github.com/axios/axios/commit/880b42e2b8cdd467ce0c6ecd1cf522ef6ef65682"><code>880b42e</code></a> docs: Fix a typo in README</li> <li><a href="https://github.com/axios/axios/commit/c4bf0a4afcac9a49e9b58d3ea64570110cba34f8"><code>c4bf0a4</code></a> Allow null indexes on formSerializer and paramsSerializer v0.x (<a href="https://redirect.github.com/axios/axios/issues/4961">#4961</a>)</li> <li><a href="https://github.com/axios/axios/commit/1e2679f75b2030dd62c661e3292ab265c89497b8"><code>1e2679f</code></a> fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...</li> <li><a href="https://github.com/axios/axios/commit/80b546c3f1982852aa0047dac5ddde38426e25cb"><code>80b546c</code></a> fix: loosing request header (<a href="https://redirect.github.com/axios/axios/issues/4858">#4858</a>) (<a href="https://redirect.github.com/axios/axios/issues/4871">#4871</a>)</li> <li><a href="https://github.com/axios/axios/commit/6acb5ef8ff127db65da85189b3ccaeb10b93121a"><code>6acb5ef</code></a> feat: brower platform add data protocol. (<a href="https://redirect.github.com/axios/axios/issues/4814">#4814</a>)</li> <li><a href="https://github.com/axios/axios/commit/bbb2264614befdce107449baa8a3102d9043a527"><code>bbb2264</code></a> fix(typing): axios response headers can be undefined (<a href="https://redirect.github.com/axios/axios/issues/4813">#4813</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v0.27.2...v0.28.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/solana-labs/explorer/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump semver from 6.3.0 to 6.3.1 (solana-labs#294) Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/npm/node-semver/releases">semver's releases</a>.</em></p> <blockquote> <h2>v6.3.1</h2> <h2><a href="https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1">6.3.1</a> (2023-07-10)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"><code>928e56d</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/591">#591</a> better handling of whitespace (<a href="https://redirect.github.com/npm/node-semver/issues/591">#591</a>) (<a href="https://github.com/lukekarrys"><code>@lukekarrys</code></a>, <a href="https://github.com/joaomoreno"><code>@joaomoreno</code></a>, <a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md">semver's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1">6.3.1</a> (2023-07-10)</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"><code>928e56d</code></a> <a href="https://redirect.github.com/npm/node-semver/pull/591">#591</a> better handling of whitespace (<a href="https://redirect.github.com/npm/node-semver/issues/591">#591</a>) (<a href="https://github.com/lukekarrys"><code>@lukekarrys</code></a>, <a href="https://github.com/joaomoreno"><code>@joaomoreno</code></a>, <a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> <h2>6.2.0</h2> <ul> <li>Coerce numbers to strings when passed to semver.coerce()</li> <li>Add <code>rtl</code> option to coerce from right to left</li> </ul> <h2>6.1.3</h2> <ul> <li>Handle X-ranges properly in includePrerelease mode</li> </ul> <h2>6.1.2</h2> <ul> <li>Do not throw when testing invalid version strings</li> </ul> <h2>6.1.1</h2> <ul> <li>Add options support for semver.coerce()</li> <li>Handle undefined version passed to Range.test</li> </ul> <h2>6.1.0</h2> <ul> <li>Add semver.compareBuild function</li> <li>Support <code>*</code> in semver.intersects</li> </ul> <h2>6.0</h2> <ul> <li> <p>Fix <code>intersects</code> logic.</p> <p>This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.</p> </li> </ul> <h2>5.7</h2> <ul> <li>Add <code>minVersion</code> method</li> </ul> <h2>5.6</h2> <ul> <li>Move boolean <code>loose</code> param to an options object, with backwards-compatibility protection.</li> <li>Add ability to opt out of special prerelease version handling with the <code>includePrerelease</code> option flag.</li> </ul> <h2>5.5</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/node-semver/commit/44d27bc007e4827e9b797d6145f1076c127005f2"><code>44d27bc</code></a> chore: release 6.3.1</li> <li><a href="https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c"><code>928e56d</code></a> fix: better handling of whitespace (<a href="https://redirect.github.com/npm/node-semver/issues/591">#591</a>)</li> <li><a href="https://github.com/npm/node-semver/commit/39f632690ea5b1b0d64fa913aa0f96f42b9bde32"><code>39f6326</code></a> chore: <code>@npmcli/template-oss</code><a href="https://github.com/4"><code>@4</code></a>.16.0</li> <li>See full diff in <a href="https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~lukekarrys">lukekarrys</a>, a new releaser for semver since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/solana-labs/explorer/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump follow-redirects from 1.15.5 to 1.15.6 (solana-labs#334) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.5 to 1.15.6. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/35a517c5861d79dc8bff7db8626013d20b711b06"><code>35a517c</code></a> Release version 1.15.6 of the npm package.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"><code>c4f847f</code></a> Drop Proxy-Authorization across hosts.</li> <li><a href="https://github.com/follow-redirects/follow-redirects/commit/8526b4a1b2ab3a2e4044299377df623a661caa76"><code>8526b4a</code></a> Use GitHub for disclosure.</li> <li>See full diff in <a href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/solana-labs/explorer/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix account history (solana-labs#353) This small change will allow transaction history to be displayed on both the current version and on agave * chore: repair lockfile * chore: bump braces from 3.0.2 to 3.0.3 (solana-labs#350) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d"><code>74b2db2</code></a> 3.0.3</li> <li><a href="https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e"><code>88f1429</code></a> update eslint. lint, fix unit tests.</li> <li><a href="https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff"><code>415d660</code></a> Snyk js braces 6838727 (<a href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6"><code>190510f</code></a> fix tests, skip 1 test in test/braces.expand</li> <li><a href="https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856"><code>716eb9f</code></a> readme bump</li> <li><a href="https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3"><code>a5851e5</code></a> Merge pull request <a href="https://redirect.github.com/micromatch/braces/issues/37">#37</a> from coderaiser/fix/vulnerability</li> <li><a href="https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538"><code>2092bd1</code></a> feature: braces: add maxSymbols (<a href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li> <li><a href="https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3"><code>9f5b4cf</code></a> fix: vulnerability (<a href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li> <li><a href="https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d"><code>98414f9</code></a> remove funding file</li> <li><a href="https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14"><code>665ab5d</code></a> update keepEscaping doc (<a href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/solana-labs/explorer/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump next from 13.4.0 to 14.2.5 (solana-labs#337) Bumps [next](https://github.com/vercel/next.js) from 13.4.0 to 14.2.5 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/5f59ee5f197a09275da7a9fa876986f22f4b7711"><code>5f59ee5</code></a> v14.1.1</li> <li><a href="https://github.com/vercel/next.js/commit/f48b90b162c1a27a1ecaa8ae0a452e0a6605c35f"><code>f48b90b</code></a> even more</li> <li><a href="https://github.com/vercel/next.js/commit/7f789f4a6f6a4f89495c770bed74d5e5d0e01d44"><code>7f789f4</code></a> more timeout</li> <li><a href="https://github.com/vercel/next.js/commit/ab71c4cf782e13d564f48fe15732b9c42a3f6f36"><code>ab71c4c</code></a> update timeout</li> <li><a href="https://github.com/vercel/next.js/commit/75f60d92c43187aa5786f88f0fe4e2bfc7d44c7b"><code>75f60d9</code></a> update trigger release workflow</li> <li><a href="https://github.com/vercel/next.js/commit/74b3f0f4f3dcc15f35c9b9956755ca7b7b6a6db5"><code>74b3f0f</code></a> Server Action tests (<a href="https://redirect.github.com/vercel/next.js/issues/62655">#62655</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/a6946b69ccb268015887ea6d6ef39f262e5636b1"><code>a6946b6</code></a> Backport metadata fixes (<a href="https://redirect.github.com/vercel/next.js/issues/62663">#62663</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/4002f4b33c5a42166e5ad5f9ff4f879195aeb852"><code>4002f4b</code></a> Fix draft mode invariant (<a href="https://redirect.github.com/vercel/next.js/issues/62121">#62121</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7dbf6f8298daea8e8c5198e9a4e7e758da665a6d"><code>7dbf6f8</code></a> fix: babel usage with next/image (<a href="https://redirect.github.com/vercel/next.js/issues/61835">#61835</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/3efc842a0a30ffd3a991e45736ac615f336d3103"><code>3efc842</code></a> Fix next/server apit push alias for ESM pkg (<a href="https://redirect.github.com/vercel/next.js/issues/61721">#61721</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v13.4.0...v14.1.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/solana-labs/explorer/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Co-authored-by: steveluscher <[email protected]> * Upgrade `@solana/web3.js` to 2.0.0-rc.0 (solana-labs#357) https://x.com/anza_xyz/status/1819093864394764674 * Add anchor details to instruction card on tx inspector (solana-labs#341) When possible, use the anchor description card instead of the default instruction card on the tx simulation page. Before: <img width="1238" alt="Screen Shot 2024-05-19 at 1 01 28 PM" src="https://github.com/solana-labs/explorer/assets/1320260/f11c902e-3fd1-4b30-8ecc-f79f103c1935"> After: <img width="1273" alt="Screen Shot 2024-05-19 at 1 01 47 PM" src="https://github.com/solana-labs/explorer/assets/1320260/2733821e-e807-41be-91a0-50d58d9e7851"> * Fix anchor program usage in Inspector (solana-labs#358) * Fix writable badge color for ix cards (solana-labs#359) Use `bg-danger-soft` everywhere for Writable badges * Add Finternet program on devnet (solana-labs#363) This pr adds label support to two devnet programs for finternet Finternet Token manager - `A5JxZVHgXe7fn5TqJXm6Hj2zKh1ptDapae2YjtXbZJoy` Finternet User manager - `CmFuqQTLs2nQof5uaktJn1a6k2VdbGmZPfrJufB2Vm3F` --------- Co-authored-by: ngundotra <[email protected]> * Add support for showing self-cpi (solana-labs#364) Fixes issue where events were not parsed for self-cpi's executed via `emit_cpi!` in Anchor. See example: https://explorer.solana.com/tx/2iofwLXfEDjEqvGZNMuCzZF8TEGyvfogCVf4oDnAATLpGkUbSfPe7ZBuqNoNXzaV2Xb33AT7PRYd9HztdbTvF3GR?cluster=devnet * added finternet program ids mainnet (solana-labs#365) * fix: add logo support for PYUSD & USDP (solana-labs#347) Based on solana-labs#343, this PR adds support for the PYUSD & USDP tokens. <img width="1050" alt="image" src="https://github.com/solana-labs/explorer/assets/1867900/e7b84057-9684-4cca-8780-8094a9adfbf9"> <img width="1041" alt="image" src="https://github.com/solana-labs/explorer/assets/1867900/1c2e41ee-d2d5-4328-8bc2-21b76bb67be4"> --------- Co-authored-by: ngundotra <[email protected]> * Fix T22 Metadata Loadinng (solana-labs#366) Closes solana-labs#328 * Add fix for viewing stake accounts due to rpc method changes (solana-labs#367) Fix copied from https://github.com/solana-developers/solana-rpc-get-stake-activation/blob/main/web3js-1.0/src/rpc.ts Closes solana-labs#362 cc @jacobcreech @steveluscher * ANS Support (solana-labs#368) Couldn't force push to upstream branch for solana-labs#236 , so I rebased on master & created this new PR. cc @crypt0miester @alinalexa --------- Co-authored-by: Cryptomiester <[email protected]> Co-authored-by: Alin Alexa <[email protected]> * Add ORE program (solana-labs#360) Adds ORE program mainnet id --------- Co-authored-by: Noah Gundotra <[email protected]> * Add verified builds support (solana-labs#371) This PR adds a row to account headers for Program Accounts like so:  --------- Co-authored-by: Noah Gundotra <[email protected]> * Add support for anchor 0.30.1 (solana-labs#374) - ports `anchor idl convert` to TS - uses new anchor 0.30.1 idl type everywhere - removes old anchor package Still doesn't work for State Compression transactions: - http://localhost:3000/tx/TYgsD3iqLCK2KMeSPp7cyAboGhDZqgSCQUGwAdDWXKe1QeLWmBS7wpLBsp1Ma9z6rTYHRqvAwbnZA8qtAnwHCyD Works for new Anchor IDLs: - http://localhost:3000/tx/52kfChUoUQLR5XkCm2Bx9c6oayeRZm9tno62ugHkPcBieojoGWZwEa1NpXaQFga83HtxTWu5ARqi544D65HTm4tB Works for some old Anchor IDLs: - http://localhost:3000/tx/2iofwLXfEDjEqvGZNMuCzZF8TEGyvfogCVf4oDnAATLpGkUbSfPe7ZBuqNoNXzaV2Xb33AT7PRYd9HztdbTvF3GR?cluster=devnet --------- Co-authored-by: Noah Gundotra <[email protected]> * Prune unused anchor types so layouts can be constructed from legacy IDLs with bad types (solana-labs#376) Kamino YVaults program was not loading on the explorer with solana-labs#374 due to bad type "ScopeConversionChain" having undefined type "ScopePriceId" which was not included in the IDL. This PR fixes YVaults IDL loading by pruning unused anchor types. Example tx: - https://explorer.solana.com/tx/3KgAexzvZ8Kdmj1TCkdZ4RCrV5q9ihyZ1xUnXcSCwybybgCupQ8Mf21tZqQWx2eJh45ATZhMWg2FbbzxhYW6UoU6 Example account - https://explorer.solana.com/address/H8h7ZyS5qJR2cwLxvZQdPaNzLik17cRxB5pDvjdXeuBg/anchor-account * Create .env.example * Update README.md * Add squads program auth integration (solana-labs#379) * IDL Fixes (solana-labs#384) * fix long byte array display for anchor ix arguments * add option to download idl * add badge to show IDL version * add toggle for viewing expanded IDL (no more clicking manually to expand) * Add token state back to token account sections (solana-labs#387) * Added ZK Compression program names (solana-labs#389) Co-authored-by: Noah Gundotra <[email protected]> Co-authored-by: Noah Gundotra <[email protected]> * Stop parsing idls from program binaries when loading anchor programs (solana-labs#390) This has been causing rate limiting issues when loading transactions that have a lot of program interactions because each instruction required fetching the entire program binary. Also need a key flagship program to use this feature on mainnet to be useful. * up-date lock file --------- Signed-off-by: finaltrip <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: finaltrip <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Artsiom Holikau <[email protected]> Co-authored-by: steveluscher <[email protected]> Co-authored-by: Steven Luscher <[email protected]> Co-authored-by: Britt Cyr <[email protected]> Co-authored-by: Noah Gundotra <[email protected]> Co-authored-by: dhruvsol <[email protected]> Co-authored-by: ngundotra <[email protected]> Co-authored-by: Catalin Rosu <[email protected]> Co-authored-by: Cryptomiester <[email protected]> Co-authored-by: Alin Alexa <[email protected]> Co-authored-by: Hardhat Chad <[email protected]> Co-authored-by: Noah Gundotra <[email protected]> Co-authored-by: Noah Gundotra <[email protected]> Co-authored-by: Koen Rijpstra <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps braces from 3.0.2 to 3.0.3.
Commits
74b2db23.0.388f1429update eslint. lint, fix unit tests.415d660Snyk js braces 6838727 (#40)190510ffix tests, skip 1 test in test/braces.expand716eb9freadme bumpa5851e5Merge pull request #37 from coderaiser/fix/vulnerability2092bd1feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cffix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9remove funding file665ab5dupdate keepEscaping doc (#27)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.