zeppelin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prabhjyotsi...@apache.org
Subject [zeppelin] branch master updated: Bump lodash from 3.9.3 to 4.17.15 in /zeppelin-web/src/app/visualization
Date Fri, 29 Nov 2019 10:35:31 GMT
This is an automated email from the ASF dual-hosted git repository.

prabhjyotsingh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git


The following commit(s) were added to refs/heads/master by this push:
     new b4e297d  Bump lodash from 3.9.3 to 4.17.15 in /zeppelin-web/src/app/visualization
b4e297d is described below

commit b4e297d6d4ffd764e38a2f96ceffad751825471a
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Fri Nov 1 01:40:45 2019 +0000

    Bump lodash from 3.9.3 to 4.17.15 in /zeppelin-web/src/app/visualization
    
    Bumps [lodash](https://github.com/lodash/lodash) from 3.9.3 to 4.17.15.
    <details>
    <summary>Release notes</summary>
    
    *Sourced from [lodash's releases](https://github.com/lodash/lodash/releases).*
    
    > ## 4.0.0
    > # [lodash v4.0.0](https://github.com/lodash/lodash/wiki/Changelog#v400)
    >
    > 2015 was big year! [Lodash](https://lodash.com/) became the [most depended on](https://gist.github.com/anvaka/8e8fa57c7ee1350e3491#file-01-most-dependent-upon-md)
npm package, passed [1 billion](http://npm-stat.com/charts.html?package=&author=jdalton)
downloads, & its v3 release saw massive adoption!
    >
    > The year was also one of collaboration, as discussions began on [merging Lodash &
Underscore](https://github-redirect.dependabot.com/underdash/underdash/issues/14). Much of
Lodash v4 is proofing out the ideas from those discussions. Lodash v4 **would not be possible**
without the collaboration & contributions of the Underscore core team. In the spirit of
merging our teams have blended with [several members](https://github.com/orgs/lodash/people)
contributing to both libraries.
    >
    > For 2016 & [lodash v4.0.0](https://github.com/lodash/lodash/wiki/Changelog#v400)
we wanted to cut loose, push forward, & take things up a notch!
    >
    > ## Modern only
    >
    > With v4 we’re breaking free from [old projects](https://github.com/lodash-archive),
old environments, & dropping [old IE < 9 support](https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support)!
    >
    > ## 4 kB Core
    >
    > Lodash’s kitchen-sink size will continue to grow as new methods & functionality
are added. However, we now offer a 4 kB (gzipped) [core build](https://github.com/lodash/lodash/tree/4.0.0/dist)
that’s compatible with [Backbone v1.2.4](https://github-redirect.dependabot.com/jashkenas/backbone/issues/3839)
for folks who want Lodash without lugging around the kitchen sink.
    >
    > ## More ES6
    >
    > We’ve continued to embrace ES6 with methods like [_.isSymbol](https://lodash.com/docs#isSymbol),
added support for cloning & comparing array buffers, maps, sets, & symbols, converting
iterators to arrays, & iterable `_(…)`.
    >
    > In addition, we’ve published an [es-build](https://github.com/lodash/lodash/tree/4.0.0-es/)
& pulled [babel-plugin-lodash](https://github.com/lodash/babel-plugin-lodash) into core
to make tree-shaking a breeze.
    >
    > ## More Modular
    >
    > Pop quiz! 📣
    >
    > What category path does the `bindAll` method belong to? Is it
    >
    > A) `require('lodash/function/bindAll')`
    > B) `require('lodash/utility/bindAll')`
    > C) `require('lodash/util/bindAll')`
    >
    > Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple
as
    >
    > ``` js
    > var bindAll = require('lodash/bindAll');
    > ```
    >
    > We’ve also reduced module complexity making it easier to create smaller bundles.
This has helped Lodash adoption with libraries like [Async](https://github-redirect.dependabot.com/caolan/async/pull/996)
& [Redux](https://github-redirect.dependabot.com/rackt/redux/pull/611)!
    >
    > ## 1st Class FP
    >
    > With v3 we introduced [lodash-fp](https://github.com/lodash-archive/lodash-fp). We
learned a lot & with v4 we decided to [pull it into core](https://github.com/lodash/lodash/wiki/FP-Guide).
    >
    > Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply
as
    >
    > ``` js
    > var _ = require('lodash/fp');
    > var object = { 'a': 1 };
    ></tr></table> ... (truncated)
    </details>
    <details>
    <summary>Commits</summary>
    
    - [`ddfd9b1`](https://github.com/lodash/lodash/commit/ddfd9b11a0126db2302cb70ec9973b66baec0975)
Bump to v4.17.15.
    - [`b185fce`](https://github.com/lodash/lodash/commit/b185fcee26b2133bd071f4aaca14b455c2ed1008)
Rebuild lodash and docs.
    - [`be87d30`](https://github.com/lodash/lodash/commit/be87d303941222b97c482755afc0f4a77ce46c30)
Bump to v4.17.14.
    - [`a6fe6b1`](https://github.com/lodash/lodash/commit/a6fe6b1e174fd02b5e60eb2664405f4c1262c300)
Rebuild lodash and docs.
    - [`e371828`](https://github.com/lodash/lodash/commit/e37182845f16715a0d1c391c8662d83c55609cee)
Bump to v4.17.13.
    - [`357e899`](https://github.com/lodash/lodash/commit/357e899e685872b4af5403ecc4b2a928f961ae63)
Rebuild lodash and docs.
    - [`fd9a062`](https://github.com/lodash/lodash/commit/fd9a062d57646450b61f74029315abd4cc834b08)
Bump to v4.17.12.
    - [`e77d681`](https://github.com/lodash/lodash/commit/e77d68121ff00ba86b53eed5893d35adfe94c9dd)
Rebuild lodash and docs.
    - [`629d186`](https://github.com/lodash/lodash/commit/629d1865793182cd967196716f4beff223aa4a91)
Update OpenJS references.
    - [`2406eac`](https://github.com/lodash/lodash/commit/2406eac542b2a1282be8d812a6d8a45433ade80a)
Fix minified build.
    - Additional commits viewable in [compare view](https://github.com/lodash/lodash/compare/3.9.3...4.17.15)
    </details>
    <br />
    
    [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=3.9.3&new-version=4.17.15)](https://help.github.com/articles/configuring-automated-security-fixes)
    
    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself.
You can also trigger a rebase manually by commenting `dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    Change-Id: Id3611f5ddf0a1a801d5a03a4bca4b6fa7c9da91d
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `dependabot rebase` will rebase this PR
    - `dependabot recreate` will recreate this PR, overwriting any edits that have been made
to it
    - `dependabot merge` will merge this PR after your CI passes on it
    - `dependabot squash and merge` will squash and merge this PR after your CI passes on
it
    - `dependabot cancel merge` will cancel a previously requested merge and block automerging
    - `dependabot reopen` will reopen this PR if it is closed
    - `dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot
creating any more for this minor/major version (unless you reopen the PR or upgrade to it
yourself)
    - `dependabot ignore this dependency` will close this PR and stop Dependabot creating
any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    - `dependabot use these labels` will set the current labels as the default for future
PRs for this repo and language
    - `dependabot use these reviewers` will set the current reviewers as the default for future
PRs for this repo and language
    - `dependabot use these assignees` will set the current assignees as the default for future
PRs for this repo and language
    - `dependabot use this milestone` will set the current milestone as the default for future
PRs for this repo and language
    
    You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/zeppelin/network/alerts).
    
    </details>
    
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    Closes #3505 from dependabot[bot]/dependabot/npm_and_yarn/zeppelin-web/src/app/visualization/lodash-4.17.15
and squashes the following commits:
    
    8928d09f6 [dependabot[bot]] Bump lodash from 3.9.3 to 4.17.15 in /zeppelin-web/src/app/visualization
---
 zeppelin-web/src/app/visualization/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zeppelin-web/src/app/visualization/package.json b/zeppelin-web/src/app/visualization/package.json
index cd5a9eb..661eb82 100644
--- a/zeppelin-web/src/app/visualization/package.json
+++ b/zeppelin-web/src/app/visualization/package.json
@@ -6,7 +6,7 @@
   "dependencies": {
     "json3": "~3.3.1",
     "nvd3": "~1.7.1",
-    "lodash": "~3.9.3"
+    "lodash": "~4.17.15"
   },
   "repository": {
     "type": "git",


Mime
View raw message