Skip to content

Bump moment from 2.29.1 to 2.29.4#24

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/moment-2.29.4
Closed

Bump moment from 2.29.1 to 2.29.4#24
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/moment-2.29.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 1, 2023

Copy link
Copy Markdown

Bumps moment from 2.29.1 to 2.29.4.

Changelog

Sourced from moment's changelog.

2.29.4

  • Release Jul 6, 2022
    • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

  • Release Apr 17, 2022
    • #5995 [bugfix] Remove const usage
    • #5990 misc: fix advisory link

2.29.2 See full changelog

  • Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.4.
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](moment/moment@2.29.1...2.29.4)

---
updated-dependencies:
- dependency-name: moment
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 1, 2023
@dependabot @github

dependabot Bot commented on behalf of github Jan 1, 2024

Copy link
Copy Markdown
Author

Superseded by #30.

@dependabot dependabot Bot closed this Jan 1, 2024
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/develop/moment-2.29.4 branch January 1, 2024 22:36
pull Bot pushed a commit that referenced this pull request Jul 1, 2026
## Release Notes
Thanks to: @angeldeejay, @egeekial, @khassel, @KristjanESPERANTO,
@MikeBishop, @rejas
> ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change
to previous release)

[Compare to previous Release
v2.36.0](MagicMirrorOrg/MagicMirror@v2.36.0...develop)


### [core]
- Prepare Release 2.37.0 (MagicMirrorOrg#4193)
- fix(electron): map IPv6 :: wildcard to localhost (MagicMirrorOrg#4188)
- refactor(main): modernize DOM update flow with async/await (MagicMirrorOrg#4186)
- refactor(main): simplify _updateDom with async/await (MagicMirrorOrg#4185)
- fix(security): prevent unauthorized secret expansion in socket
payloads (MagicMirrorOrg#4184)
- refactor(main): simplify updateDomWithContent async flow (MagicMirrorOrg#4182)
- fix: modules losing data after HTTP 304 responses (MagicMirrorOrg#4180)
- chore: add missing core defaults (MagicMirrorOrg#4181)
- fix(server): enforce ipWhitelist for Socket.IO too (MagicMirrorOrg#4169)
- feat(systeminfo): include Git hash and branch in system information
log (MagicMirrorOrg#4167)
- feat(electron): support object-based electronSwitches (MagicMirrorOrg#4161)
- systeminformation thread not ending: move error handling from utils to
app (MagicMirrorOrg#4160)
- fix systeminformation thread not ending (MagicMirrorOrg#4155)
- refactor: use ES module imports in browser core (MagicMirrorOrg#4158)
- refactor(core): remove old Object.assign polyfill (MagicMirrorOrg#4157)
- refactor: rewrite Module as an ES6 class (MagicMirrorOrg#4151)
- refactor: rewrite NodeHelper as an ES6 class (MagicMirrorOrg#4147)
- update eletron to v42 (MagicMirrorOrg#4144)
- refactor(utils): drop ajv dependency (MagicMirrorOrg#4142)
- fix(systeminformation): output right 'used node' version (from parent
process) (MagicMirrorOrg#4141)
- fix: skip postinstall git clean when not in a git repository (MagicMirrorOrg#4139)
- Remove unnecessary conditionals and fix falsy property check in
imperial conversion (MagicMirrorOrg#4135)
- update version in package.json

### [dependencies]
- update dependencies (MagicMirrorOrg#4191)
- Bump actions/checkout from 6 to 7 (MagicMirrorOrg#4190)
- chore: update dependencies and adjust import path for SunCalc (MagicMirrorOrg#4189)
- update dependencies incl. electron and revert
yauzl-electron-install-fix (MagicMirrorOrg#4183)
- update dependencies, add electron fix in package.json (MagicMirrorOrg#4175)
- chore: update dependencies (MagicMirrorOrg#4162)
- Bump actions/dependency-review-action from 4 to 5 (MagicMirrorOrg#4152)
- Unify linting: replace Stylelint and markdownlint with ESLint (MagicMirrorOrg#4148)
- update dependencies and workflows to node v26 (MagicMirrorOrg#4140)

### [modules/alert]
- CodeQL cleanup for alerts #18, #19, #20 (MagicMirrorOrg#4153)
- fix: resolve CodeQL alerts #24 and #26 (MagicMirrorOrg#4145)
- fix(electron): resolve CodeQL alerts #22 and #25 in electron.js
(MagicMirrorOrg#4136)

### [modules/calendar]
- perf(calendar): pre-filter ICS data before parsing (MagicMirrorOrg#4168)
- perf(calendar): use async ICS parsing to avoid blocking event loop
(MagicMirrorOrg#4143)

### [modules/newsfeed]
- [newsfeed] add allowBasicHtmlTags option for basic emphasis (MagicMirrorOrg#4176)

### [modules/updatenotification]
- fix(updatenotification): don't spawn a child process when running
under PM2 (MagicMirrorOrg#4166)
- fix(updatenotification): use process.argv[0] as restart binary (MagicMirrorOrg#4163)
- fix(updatenotification): preserve start mode on restart (MagicMirrorOrg#4156)
- fix(updatenotification): fix ref diff parsing for fetch --dry-run
(MagicMirrorOrg#4138)
- refactor(updatenotification): replace pm2 usage with node logic
(MagicMirrorOrg#4134)

### [modules/weather]
- feat(weather): add Buienradar provider (MagicMirrorOrg#4164)

### [testing]
- remove warning in unit tests (for nodejs >= v25) (MagicMirrorOrg#4149)
- polish HTTP 304 docs/test/handling (MagicMirrorOrg#4129)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com>
Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com>
Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com>
Co-authored-by: Karsten Hassel <hassel@gmx.de>
Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com>
Co-authored-by: Koen Konst <koenspero@gmail.com>
Co-authored-by: Koen Konst <c.h.konst@avisi.nl>
Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr>
Co-authored-by: dathbe <github@beffa.us>
Co-authored-by: veeck <gitkraken@veeck.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marcel <m-idler@users.noreply.github.com>
Co-authored-by: sam detweiler <sdetweil@gmail.com>
Co-authored-by: Kevin G. <crazylegstoo@gmail.com>
Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com>
Co-authored-by: Jboucly <contact@jboucly.fr>
Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com>
Co-authored-by: Jordan Welch <JordanHWelch@gmail.com>
Co-authored-by: Blackspirits <blackspirits@gmail.com>
Co-authored-by: Samed Ozdemir <samed@xsor.io>
Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com>
Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com>
Co-authored-by: cgillinger <christian.gillinger@gmail.com>
Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com>
Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
Co-authored-by: Morgan McBee <egeekial@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Mike Bishop <mbishop@evequefou.be>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants