Skip to content

Bump datatables.net from 1.13.4 to 2.0.8 in /components#10295

Closed
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/components/dev/datatables.net-2.0.8
Closed

Bump datatables.net from 1.13.4 to 2.0.8 in /components#10295
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/components/dev/datatables.net-2.0.8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 29, 2024
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps datatables.net from 1.13.4 to 2.0.8.

Release notes

Sourced from datatables.net's releases.

1.13.11

DataTables 1.13.11

Commits
  • fd6230a Sync tag release - 2.0.8
  • 1e90363 6abcccb9c0eae8042ed0ee1a7d199b8d1f81f417 Release 2.0.8
  • 1aa43d2 81ad6956b1f59cd1fec4ec9310f5e9f635b0c93c Dev: Support for loading plugins in ...
  • 5955366 5409cb063df85deaaf952d962333cef6e061f4d3 Fix: :visible on its own as a colu...
  • d980044 51b19797b71eb355e827d02e3be041ed9ec999b7 Fix: Selector row indexes from the A...
  • 2880044 7060769a9e52d1c4766a799e5e20e43a3bb77e85 Fix: Error when checking isShown()...
  • 3b005a0 Sync tag release - 2.0.7
  • c27b00b 2dbfcaac1f25b06c8aba6e9233eda9a22c8b1d32 Release 2.0.7
  • 73095e1 40bc402b50f69e37be92b0f22ced34e9ab095471 Fix: Processing element could be clo...
  • bc454cd 2126267999007dd1c95b2cb727a35be5cd75b8e7 Fix: Scrolling misalignment due to i...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump datatables.net from 1.13.4 to 2.0.8 in /components
1f576c2 
Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.13.4 to 2.0.8.
- [Release notes](https://github.com/DataTables/Dist-DataTables/releases)
- [Commits](DataTables/Dist-DataTables@1.13.4...2.0.8)

---
updated-dependencies:
- dependency-name: datatables.net
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 29, 2024
@dependabot dependabot Bot mentioned this pull request May 29, 2024
Closed
@dryrunsecurity

dryrunsecurity Bot commented May 29, 2024
edited
Loading

Copy link
Copy Markdown

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 1 finding
AppSec Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes involve updating the version of the datatables.net dependency in the project's package.json and yarn.lock files. This is a significant version bump, going from 1.13.4 to 2.0.8, which may introduce changes in functionality or API. From an application security perspective, it's important to review the release notes and change logs for the new version to understand if there are any security-related fixes or improvements. Additionally, thorough testing should be conducted to ensure that the application's functionality and security posture have not been compromised by the dependency update.

Files Changed:

  1. components/package.json: The datatables.net dependency has been updated from version ^1.13.4 to ^2.0.8. This is a significant version bump that should be reviewed carefully to ensure that the new version is compatible with the rest of the project's codebase and does not introduce any known security vulnerabilities. It's also recommended to regularly audit the project's dependencies for known security issues using tools like npm audit or yarn audit.

  2. components/yarn.lock: This file indicates that the version of the datatables.net dependency has been updated from 1.13.4 to 2.0.8. As with the package.json change, it's important to review the release notes and change logs for the new version to understand if there are any security-related fixes or improvements, and to thoroughly test the application after the dependency update to ensure that there are no regressions or unexpected behavior.

Powered by DryRun Security

@mtesauro

mtesauro commented May 29, 2024

Copy link
Copy Markdown
Contributor

Related to #10152

@dependabot @github

dependabot Bot commented on behalf of github Jul 25, 2024

Copy link
Copy Markdown
Contributor Author

Superseded by #10631.

@dependabot dependabot Bot closed this Jul 25, 2024
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/components/dev/datatables.net-2.0.8 branch July 25, 2024 12:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtesauro