Bump react-markdown from 9.0.1 to 9.0.3 #52
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
Minder Vulnerability Report ✅Minder analyzed this PR and found it does not add any new vulnerable dependencies.
|
![stacklok-cloud-staging[bot]](https://avatars.githubusercontent.com/u/110237746?s=60&v=4){kind=small}
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
Pull Request Test Coverage Report for Build 12832446918Details
💛 - Coveralls |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
727a804 to
f0e12ad
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
f0e12ad to
3b6c906
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
3b6c906 to
0db421b
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
0db421b to
06de7db
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
06de7db to
d7fe102
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
d7fe102 to
afc663e
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
afc663e to
d250b65
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
d250b65 to
cdb9359
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
cdb9359 to
157d292
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
157d292 to
1d0cd21
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
1d0cd21 to
d1e9bdb
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
d1e9bdb to
d0283f5
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
d0283f5 to
a65d515
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
a65d515 to
2548395
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
2548395 to
fcd9525
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
fcd9525 to
00e7570
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
00e7570 to
de3e5e2
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
de3e5e2 to
6aea06c
Compare
Bumps [react-markdown](https://github.com/remarkjs/react-markdown) from 9.0.1 to 9.0.3. - [Release notes](https://github.com/remarkjs/react-markdown/releases) - [Changelog](https://github.com/remarkjs/react-markdown/blob/main/changelog.md) - [Commits](remarkjs/react-markdown@9.0.1...9.0.3) --- updated-dependencies: - dependency-name: react-markdown dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/react-markdown-9.0.3
branch
from
6aea06c to
33ce58e
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: react-markdown
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 7.5 |
| Repository activity | 6 |
| User activity | 9.1 |
| Provenance | historical_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 94 |
| Number of git tags or releases | 77 |
| Versions matched to tags or releases | 72 |
Alternatives
| Package | Score | Description |
|---|---|---|
| markdown-to-jsx | 0 | |
| react-markdown-loader | 0 |
Bumps react-markdown from 9.0.1 to 9.0.3.
Release notes
Sourced from react-markdown's releases.
Commits
aed00109.0.340c097e9.0.22c6ffe8Refactor.gitignoreb664ac4Update Actionse686551Update dev-dependenciesb151a90Fix types for React 1927d3949Separate all typedefs into their own JSDoc blocks (#878)9eb589eFix typo in changelog515bf19Fix typoa7ca8edRefactor.editorconfigDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)