Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
Bumps the npm_and_yarn group with 20 updates:
7.19.4
7.24.8
3.0.0
3.0.1
3.0.2
3.0.3
4.2.1
4.2.3
0.2.0
0.2.2
0.10.62
0.10.64
4.18.2
4.19.2
1.15.2
1.15.6
4.24.0
4.25.1
5.24.0
5.25.1
4.1.0
4.1.1
1.0.1
1.0.2
1.4.0
1.4.2
1.7.2
1.11.0
5.7.1
5.7.2
6.1.13
6.2.1
0.7.31
0.7.38
5.74.0
5.93.0
1.2.3
1.2.5
5.2.3
5.2.4
Updates
@babel/traverse
from 7.19.4 to 7.24.8Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
1f5af44
v7.24.8c90bb0c
[babel 8] Remove methods starting with_
in@babel/traverse
(#16504)e0368a8
Avoid checkingScope.globals
multiple times (#16619)683c654
Enable some lint rules (#16605)cfe13c2
[babel 8] Updateglobals
dependency (#16600)c36fa6a
Update typescript-eslint v8 (#16557)12619ff
improve getBindingIdentifiers.keys typing (#16570)424fc90
Update to TypeScript 5.5 (#16536)bf1e9a3
v7.24.74463aa5
fix: incorrectconstantViolations
with destructuring (#16522)Updates
@sideway/formula
from 3.0.0 to 3.0.1Commits
5b44c1b
3.0.19fbc20a
chore: better number regex41ae98e
Cleanupc59f35e
Move to SidewayMaintainer changes
This version was pushed to npm by marsup, a new releaser for
@sideway/formula
since your current version.Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
browserify-sign
from 4.2.1 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea46
0.2.2980e0bf
Prevent overwriting previously decoded tokens3c8a373
0.2.176abc93
Switch to GitHub workflows746ca5d
Fix issue where decode throws - fixes #6486d7e2
Update license (#1)a650457
Tidelift tasks66e1c28
Meta tweaksUpdates
es5-ext
from 0.10.62 to 0.10.64Release notes
Sourced from es5-ext's releases.
Changelog
Sourced from es5-ext's changelog.
Commits
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgradelint-staged
to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions infunction#toStringTokens()
Updates
express
from 4.18.2 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.15.2 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
gatsby-plugin-sharp
from 4.24.0 to 4.25.1Changelog
Sourced from gatsby-plugin-sharp's changelog.
... (truncated)
Commits
50e3f94
chore(release): Publishdcf88ed
fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...5e72a5d
chore(release): Publish2dc715d
chore: remove tracedSVG (#37093) (#37127)Updates
gatsby-transformer-remark
from 5.24.0 to 5.25.1Changelog
Sourced from gatsby-transformer-remark's changelog.
... (truncated)
Commits
4dcca80
chore(release): Publish59076c8
fix(gatsby-transformer-remark): Disallow JS frontmatter by default (#37244) (...5e72a5d
chore(release): PublishUpdates
http-cache-semantics
from 4.1.0 to 4.1.1Commits
2449650
Update mocha560b2d8
Don't use regex to trim whitespaceb1bdb92
Remove linting package zooc20dc7e
Cache 308Updates
json5
from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysUpdates
loader-utils
from 1.4.0 to 1.4.2Release notes
Sourced from loader-utils's releases.
Changelog
Sourced from loader-utils's changelog.
Commits
331ad50
chore(release): 1.4.217cbf8f
fix: ReDoS problem (#226)8f082b3
chore(release): 1.4.14504e34
fix: security problem (#220)Updates
msgpackr
from 1.7.2 to 1.11.0Commits
Updates
semver
from 5.7.1 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313
chore: release 5.7.22f8fd41
fix: better handling of whitespace (#585)deb5ad5
chore:@npmcli/template-oss
@4
.16.0