ubyssey.ca icon indicating copy to clipboard operation
ubyssey.ca copied to clipboard

Published 20 hours ago verified publisher icon ubyssey

Bump js-cookie from 2.2.1 to 3.0.5 in /ubyssey/static_src

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps js-cookie from 2.2.1 to 3.0.5.

Release notes

Sourced from js-cookie's releases.

v3.0.5

  • Remove npm version restriction in package.json - #818

v3.0.4

  • Publish to npmjs.com with package provenance

v3.0.1

  • Make package.json accessible in export - #727

v3.0.0

  • Removed defaults in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's Cookies.withAttributes(), e.g.:
const api = Cookies.withAttributes({
  path: '/',
  secure: true
})
api.set('key', 'value') // writes cookie with path: '/' and secure: true...
  • The attributes that an api instance is configured with are exposed as attributes property; it's an immutable object and unlike defaults cannot be changed to configure the api.
  • The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as Cookies.converter, which allows for implementing self-contained custom converters providing the same behavior:
const customReadConverter = (value, name) => {
  if (name === 'special') {
    return unescape(value)
  }
  return Cookies.converter.read(value)
}
  • withConverter() no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):
const api = Cookies.withConverter({
  read: (value, name) => unescape(value)
})
  • The converter(s) that an api instance is configured with are exposed as converter property; it's an immutable object and cannot be changed to configure the api.
  • Started providing library as ES module, in addition to UMD module. The module field in package.json points to an ES module variant of the library.
  • Started using browser field instead of main in package.json (for the UMD variant of the library).
  • Dropped support for IE < 10.
  • Removed built-in JSON support, i.e. getJSON() and automatic stringifying in set(): use Cookies.set('foo', JSON.stringify({ ... })) and JSON.parse(Cookies.get('foo')) instead.
  • Removed support for Bower.
  • Added minified versions to package - #501
  • Improved support for url encoded cookie values (support case insensitive encoding) - #466, #530
  • Expose default path via API - #541
  • Handle falsy arguments passed to getters - #399
  • No longer support Node < 12 when building (LTS versions only)

v3.0.0-rc.4

Reverted changes introduced in rc2, which caused a mayor breaking change in the case of requesting the library via jsdelivr CDN with a particular file name. This breaking change was not intentional.

The problem was that we've been advertising the following link in the readme on the master branch:

... (truncated)

Commits
  • ab3f67f Craft v3.0.5 release
  • 39a0f40 Remove npm version restriction
  • 08eb825 Stop distribution via GitHub releases
  • f44d125 Revert "Allow skipping npm publishing for releasing"
  • ef94a67 Revert "Add cli flag required to actually skip npm publish"
  • 3f8542c Reword readme section regarding releasing
  • 0e8eb66 Add cli flag required to actually skip npm publish
  • c740408 Allow skipping npm publishing for releasing
  • 089e42b Add keyless commit signing to release workflow
  • 97dca93 Craft v3.0.4 release
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Aug 14 '23 06:08 dependabot[bot]