blockly-samples icon indicating copy to clipboard operation
blockly-samples copied to clipboard
verified publisher icon google

chore(deps): Bump the npm_and_yarn group across 24 directories with 6 updates

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps the npm_and_yarn group with 1 update in the / directory: micromatch. Bumps the npm_and_yarn group with 3 updates in the /examples/blockly-angular directory: micromatch, webpack and @angular-devkit/build-angular. Bumps the npm_and_yarn group with 2 updates in the /examples/blockly-react directory: micromatch and webpack. Bumps the npm_and_yarn group with 2 updates in the /examples/blockly-rtc directory: micromatch and webpack. Bumps the npm_and_yarn group with 1 update in the /examples/blockly-svelte directory: svelte. Bumps the npm_and_yarn group with 3 updates in the /examples/custom-generator-codelab directory: micromatch, postcss and webpack. Bumps the npm_and_yarn group with 3 updates in the /examples/custom-renderer-codelab directory: micromatch, postcss and webpack. Bumps the npm_and_yarn group with 3 updates in the /examples/developer-tools directory: micromatch, postcss and webpack. Bumps the npm_and_yarn group with 3 updates in the /examples/keyboard-navigation-codelab directory: micromatch, postcss and webpack. Bumps the npm_and_yarn group with 4 updates in the /examples/sample-app directory: micromatch, postcss, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 4 updates in the /examples/sample-app-ts directory: micromatch, postcss, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/block-test directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/continuous-toolbox directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/cross-tab-copy-paste directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/dev-scripts directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/disable-top-blocks directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 1 update in the /plugins/eslint-config directory: micromatch. Bumps the npm_and_yarn group with 3 updates in the /plugins/fixed-edges directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/theme-dark directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/theme-deuteranopia directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 2 updates in the /plugins/theme-hackermode directory: micromatch and webpack. Bumps the npm_and_yarn group with 3 updates in the /plugins/theme-highcontrast directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/theme-modern directory: micromatch, webpack and webpack-dev-middleware. Bumps the npm_and_yarn group with 3 updates in the /plugins/theme-tritanopia directory: micromatch, webpack and webpack-dev-middleware.

Updates micromatch from 4.0.4 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

  • Adds support for options.onMatch. See the readme for details
  • Adds support for options.onIgnore. See the readme for details
  • Adds support for options.onResult. See the readme for details

Breaking changes

  • Require Node.js >= 8.6
  • Removed support for passing an array of brace patterns to micromatch.braces().
  • To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
  • cache - caching and all related options and methods have been removed
  • options.unixify was renamed to options.windows
  • options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
  • options.snapdragon was removed, as snapdragon is no longer used.
  • options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

  • micromatch results are directly compared to bash results
  • in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
  • micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits
  • 8bd704e 4.0.8
  • a0e6841 run verb to generate README documentation
  • 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
  • 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
  • 814f5f7 lint
  • 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
  • 113f2e3 fix: CVE numbers in CHANGELOG
  • d9dbd9a feat: updated CHANGELOG
  • 2ab1315 fix: use actions/setup-node@v4
  • 1406ea3 feat: rework test to work on macos with node 10,12 and 14
  • Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

  • Adds support for options.onMatch. See the readme for details
  • Adds support for options.onIgnore. See the readme for details
  • Adds support for options.onResult. See the readme for details

Breaking changes

  • Require Node.js >= 8.6
  • Removed support for passing an array of brace patterns to micromatch.braces().
  • To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
  • cache - caching and all related options and methods have been removed
  • options.unixify was renamed to options.windows
  • options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
  • options.snapdragon was removed, as snapdragon is no longer used.
  • options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

  • micromatch results are directly compared to bash results
  • in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
  • micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits
  • 8bd704e 4.0.8
  • a0e6841 run verb to generate README documentation
  • 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
  • 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
  • 814f5f7 lint
  • 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
  • 113f2e3 fix: CVE numbers in CHANGELOG
  • d9dbd9a feat: updated CHANGELOG
  • 2ab1315 fix: use actions/setup-node@v4
  • 1406ea3 feat: rework test to work on macos with node 10,12 and 14
  • Additional commits viewable in compare view

Updates webpack from 5.76.1 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import
  • Fixed consumption of eager shared modules for module federation
  • Strip slash for pretty regexp
  • Calculate correct contenthash for CSS generator options

New Features

  • Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
  • Added the modern-module library value for tree shakable output
  • Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

  • Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits
  • eabf85d chore(release): 5.94.0
  • 955e057 security: fix DOM clobbering in auto public path
  • 9822387 test: fix
  • cbb86ed test: fix
  • 5ac3d7f fix: unexpected asi generation with sequence expression
  • 2411661 security: fix DOM clobbering in auto public path
  • b8c03d4 fix: unexpected asi generation with sequence expression
  • f46a03c revert: do not use heuristic fallback for "module-import"
  • 60f1898 fix: do not use heuristic fallback for "module-import"
  • 66306aa Revert "fix: module-import get fallback from externalsPresets"
  • Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 15.2.4 to 18.2.2

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v18.2.2

18.2.2 (2024-08-29)

@​angular-devkit/build-angular

Commit Description
fix - 504b00b93 clear context in Karma by default for single run executions
fix - 82b76086e upgrade webpack to 5.94.0

v18.2.1

18.2.1 (2024-08-21)

@​angular-devkit/schematics-cli

Commit Description
fix - 94e27c88b prevent bypassing select/checkbox prompts on validation failure

@​angular/cli

Commit Description
fix - 05a274a01 prevent bypassing select/checkbox prompts on validation failure

@​angular-devkit/build-angular

Commit Description
fix - ddeb2b2b9 remove outdated browser-esbuild option warning

@​angular/build

Commit Description
fix - 83b2699ab improve error message when an unhandled exception occurs during prerendering
fix - 0be4038a5 support reading on-disk files during i18n extraction

v18.2.0

18.2.0 (2024-08-14)

@​schematics/angular

Commit Description
feat - 4da922e4f use isolatedModules in generated project

@​angular/build

Commit Description
feat - 24aaf1e37 support import attribute based loader configuration

v18.2.0-rc.0

18.2.0-rc.0 (2024-08-07)

@​angular/build

Commit Description
fix - 182ecbd18 allow explicitly disabling TypeScript incremental mode
fix - 34908a3fc lazy load Node.js inspector for dev server

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

18.2.2 (2024-08-29)

@​angular-devkit/build-angular

Commit Type Description
504b00b93 fix clear context in Karma by default for single run executions
82b76086e fix update webpack to 5.94.0

19.0.0-next.2 (2024-08-28)

Breaking Changes

@​angular/ssr

  • The CommonEngine API now needs to be imported from @angular/ssr/node.

    Before

    import { CommonEngine } from '@angular/ssr';

    After

    import { CommonEngine } from '@angular/ssr/node';

@​schematics/angular

Commit Type Description
a381a3db1 feat add option to export component as default

@​angular/ssr

Commit Type Description
30c25bf68 feat export AngularAppEngine as public API
4b09887a9 feat move CommonEngine API to /node entry-point
d43180af5 fix add missing peer dependency on @angular/platform-server

... (truncated)

Commits
  • 72fb55c release: cut the v18.2.2 release
  • 504b00b fix(@​angular-devkit/build-angular): clear context in Karma by default for sin...
  • 82b7608 build: update webpack to 5.94.0
  • 5e030b8 Revert "build: mark server tests as flaky"
  • 672f6a2 test: disable buildOptimizer for server tests
  • e5b4c5c ci: run modules and packages tests using a single bazel invocation
  • 3ee53c9 build: clean up redundant exclude field from tsconfig-build.json
  • b2d1477 build: mark server tests as flaky
  • 15f3d5a release: cut the v18.2.1 release
  • ddeb2b2 fix(@​angular-devkit/build-angular): remove outdated browser-esbuild option wa...
  • Additional commits viewable in compare view

Updates webpack-dev-middleware from 5.3.4 to 7.3.0

Release notes

Sourced from webpack-dev-middleware's releases.

v7.4.2

7.4.2 (2024-08-21)

Bug Fixes

v7.4.1

7.4.1 (2024-08-20)

Bug Fixes

v7.4.0

7.4.0 (2024-08-15)

Features

  • added the cacheImmutable option to cache immutable assets (assets with a hash in file name like image.e12ab567.jpg) (5ed629d)
  • allow to configure the Cache-Control header (#1923) (f7529c3)

Bug Fixes

  • support devServer: false (b443f4d)
Changelog

Sourced from webpack-dev-middleware's changelog.

7.4.2 (2024-08-21)

Bug Fixes

7.4.1 (2024-08-20)

Bug Fixes

7.4.0 (2024-08-15)

Features

  • added the cacheImmutable option to cache immutable assets (assets with a hash in file name like image.e12ab567.jpg) (5ed629d)
  • allow to configure the Cache-Control header (#1923) (f7529c3)

Bug Fixes

  • support devServer: false (b443f4d)
Commits
  • 5a916d8 chore(release): 7.4.2
  • c20f1d9 fix: no crash when headers are already sent (#1929)
  • 0f9a6c9 chore(deps-dev): bump the dependencies group with 4 updates (#1928)
  • 99e9b77 chore(release): 7.4.1
  • 8f9aa16 chore: ignore Rspack word
  • 21f1797 fix: assetsInfo may be undefined (rspack) (#1927)
  • 0034dd9 test: fix (#1926)
  • 60a2bc4 chore(deps-dev): bump the dependencies group with 4 updates (#1925)
  • 792ab65 chore(release): 7.4.0
  • 5ed629d feat: added the cacheImmutable option to cache immutable assets (assets with ...
  • Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

  • Adds support for options.onMatch. See the readme for details
  • Adds support for options.onIgnore. See the readme for details
  • Adds support for options.onResult. See the readme for details

Breaking changes

  • Require Node.js >= 8.6
  • Removed support for passing an array of brace patterns to micromatch.braces().
  • To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
  • cache - caching and all related options and methods have been removed
  • options.unixify was renamed to options.windows
  • options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
  • options.snapdragon was removed, as snapdragon is no longer used.
  • options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

  • micromatch results are directly compared to bash results
  • in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
  • micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits
  • 8bd704e 4.0.8
  • a0e6841 run verb to generate README documentation
  • 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
  • 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
  • 814f5f7 lint
  • 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
  • 113f2e3 fix: CVE numbers in CHANGELOG
  • d9dbd9a feat: updated CHANGELOG
  • 2ab1315 fix: use actions/setup-node@v4
  • 1406ea3 feat: rework test to work on macos with node 10,12 and 14
  • Additional commits viewable in compare view

Updates webpack from 5.93.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import
  • Fixed consumption of eager shared modules for module federation
  • Strip slash for pretty regexp
  • Calculate correct contenthash for CSS generator options

New Features

  • Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
  • Added the modern-module library value for tree shakable output
  • Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

  • Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits
  • eabf85d chore(release): 5.94.0
  • 955e057 security: fix DOM clobbering in auto public path
  • 9822387 test: fix
  • cbb86ed test: fix
  • 5ac3d7f fix: unexpected asi generation with sequence expression
  • 2411661 security: fix DOM clobbering in auto public path
  • b8c03d4 fix: unexpected asi generation with sequence expression
  • f46a03c revert: do not use heuristic fallback for "module-import"
  • 60f1898 fix: do not use heuristic fallback for "module-import"
  • 66306aa Revert "fix: module-import get fallback from externalsPresets"
  • Additional commits viewable in compare view

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

  • Adds support for options.onMatch. See the readme for details
  • Adds support for options.onIgnore. See the readme for details
  • Adds support for options.onResult. See the readme for details

Breaking changes

  • Require Node.js >= 8.6
  • Removed support for passing an array of brace patterns to micromatch.braces().
  • To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
  • cache - caching and all related options and methods have been removed
  • options.unixify was renamed to options.windows
  • options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
  • options.snapdragon was removed, as snapdragon is no longer used.
  • options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

  • micromatch results are directly compared to bash results
  • in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
  • micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits
  • 8bd704e 4.0.8
  • a0e6841 run verb to generate README documentation
  • 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
  • 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
  • 814f5f7 lint
  • 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
  • 113f2e3 fix: CVE numbers in CHANGELOG
  • d9dbd9a feat: updated CHANGELOG
  • 2ab1315 fix: use actions/setup-node@v4
  • 1406ea3 feat: rework test to work on macos with node 10,12 and 14
  • Additional commits viewable in compare view

Updates webpack from 5.93.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

  • Added runtime condition for harmony reexport checked
  • Handle properly data/http/https protocols in source maps
  • Make bigint optimistic when browserslist not found
  • Move @​types/eslint-scope to dev deps
  • Related in asset stats is now always an array when no related found
  • Handle ASI for export declarations
  • Mangle destruction incorrect with export named default properly
  • Fixed unexpected asi generation with sequence expression
  • Fixed a lot of types

New Features

  • Added new external type "module-import"
  • Support webpackIgnore for new URL() construction
  • [CSS] @import pathinfo support

Security

  • Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

  • Generate correct relative path to runtime chunks
  • Makes DefinePlugin quieter under default log level
  • Fixed mangle destructuring default in namespace import
  • Fixed consumption of eager shared modules for module federation
  • Strip slash for pretty regexp
  • Calculate correct contenthash for CSS generator options

New Features

  • Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
  • Added the modern-module library value for tree shakable output
  • Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

  • Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

  • Correct tidle range's comutation for module federation
  • Consider runtime for pure expression dependency update hash
  • Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits
  • eabf85d chore(release): 5.94.0
  • 955e057 security: fix DOM clobbering in auto public path
  • 9822387 test: fix
  • cbb86ed test: fix
  • 5ac3d7f fix: unexpected asi generation with sequence expression
  • 2411661 security: fix DOM clobbering in auto public path
  • b8c03d4 fix: unexpected asi generation with sequence expression
  • f46a03c revert: do not use heuristic fallback for "module-import"
  • 60f1898 fix: do not use heuristic fallback for "module-import"
  • 66306aa Revert "fix: module-import get fallback from externalsPresets"
  • Additional commits viewable in compare view

Updates svelte from 3.49.0 to 4.2.19

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

  • fix: ensure typings for <svelte:options> are picked up (#12902)

  • fix: escape < in attribute strings (#12989)

[email protected]

Patch Changes

  • chore: speed up regex (#11922)
Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

  • fix: ensure typings for <svelte:options> are picked up (#12902)

  • fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

  • chore: speed up regex (#11922)

4.2.17

Patch Changes

  • fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

  • fix: check if svelte component exists on custom element destroy (#11489)

4.2.15

Patch Changes

  • support attribute selector inside :global() (#11135)

4.2.14

Patch Changes

  • fix parsing camelcase container query name (#11131)

4.2.13

Patch Changes

  • fix: applying :global for +,~ sibling combinator when slots are present (#9282)

4.2.12

Patch Changes

  • fix: properly update svelte:component props when there are spread props (#10604)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by svelte-admin, a new releaser for svelte since your current version.


Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

  • backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

  • this is basically v4.0.5, with some README updates
  • it is vulnerable to CVE-2024-4067
  • Updated braces to v3.0.3 to avoid CVE-2024-4068
  • does NOT break API compatibility

[4.0.6] - 2024-05-21

  • Added hasBraces to check if a pattern contains braces.
  • Fixes CVE-2024-4067
  • BREAKS API COMPATIBILITY
  • Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

  • Adds support for options.onMatch. See the readme for details
  • Adds support for options.onIgnore. See the readme for details
  • Adds support for options.onResult. See the readme for details

Breaking changes

  • Require Node.js >= 8.6
  • Removed support for passing an array of brace patterns to micromatch.braces().
  • To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true<...>Description has been truncated

    Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

dependabot[bot] avatar Sep 03 '24 16:09 dependabot[bot]

@dependabot recreate

cpcallen avatar Jan 24 '25 19:01 cpcallen