search

Kompakkt / Repo

Repository for Kompakkt, the Web Based multimodal 3D Viewer and 3D Annotation System.
https://kompakkt.de
GNU Affero General Public License v3.0
12 stars 2 forks source link

Bump terser and @angular-devkit/build-angular #13

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps terser and @angular-devkit/build-angular. These dependencies needed to be updated together. Updates terser from 5.9.0 to 5.14.2

Changelog

Sourced from terser's changelog.

v5.14.2

  • Security fix for RegExps that should not be evaluated (regexp DDOS)
  • Source maps improvements (#1211)
  • Performance improvements in long property access evaluation (#1213)

v5.14.1

  • keep_numbers option added to TypeScript defs (#1208)
  • Fixed parsing of nested template strings (#1204)

v5.14.0

  • Switched to @​jridgewell/source-map for sourcemap generation (#1190, #1181)
  • Fixed source maps with non-terminated segments (#1106)
  • Enabled typescript types to be imported from the package (#1194)
  • Extra DOM props have been added (#1191)
  • Delete the AST while generating code, as a means to save RAM

v5.13.1

  • Removed self-assignments (varname=varname) (closes #1081)
  • Separated inlining code (for inlining things into references, or removing IIFEs)
  • Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#1176)

v5.13.0

  • All calls to eval() were removed (#1171, #1184)
  • source-map was updated to 0.8.0-beta.0 (#1164)
  • NavigatorUAData was added to domprops to avoid property mangling (#1166)

v5.12.1

  • Fixed an issue with function definitions inside blocks (#1155)
  • Fixed parens of new in some situations (closes #1159)

v5.12.0

  • TERSER_DEBUG_DIR environment variable
  • @​copyright comments are now preserved with the comments="some" option (#1153)

v5.11.0

  • Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#1147)
  • acorn is now a regular dependency

v5.10.0

  • Massive optimization to max_line_len (#1109)
  • Basic support for import assertions
  • Marked ES2022 Object.hasOwn as a pure function
  • Fix delete optional?.property
  • New CI/CD pipeline with github actions (#1057)

... (truncated)

Commits


Updates @angular-devkit/build-angular from 13.0.3 to 13.3.9

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v13.3.9

13.3.9 (2022-07-20)

@​angular-devkit/build-angular

Commit Description
fix - 0d62716ae update terser to address CVE-2022-25858

Special Thanks

Alan Agius and Charles Lyding

v13.3.8

13.3.8 (2022-06-15)

@​angular/pwa

Commit Description
fix - c7f994f88 add peer dependency on Angular CLI

Special Thanks

Alan Agius

v13.3.7

13.3.7 (2022-05-25)

@​angular-devkit/build-angular

Commit Description
fix - a54018d8f add debugging and timing information in JavaScript and CSS optimization plugins

Special Thanks

Alan Agius and Joey Perrott

v13.3.6

13.3.6 (2022-05-18)

@​angular/cli

Commit Description
fix - e20964c43 resolve relative schematic from angular.json instead of current working directory

@​angular-devkit/build-angular

Commit Description
fix - 16fec8d58 update babel-loader to 8.2.5

Special Thanks

Alan Agius, Charles Lyding, Jason Bedard and Paul Gschwendtner

v13.3.5

13.3.5 (2022-05-04)

@​angular-devkit/build-angular

Commit Description

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

13.3.9 (2022-07-20)

@​angular-devkit/build-angular

Commit Type Description
0d62716ae fix update terser to address CVE-2022-25858

Special Thanks

Alan Agius and Charles Lyding

14.0.6 (2022-07-13)

@​angular/cli

Commit Type Description
178550529 fix handle cases when completion is enabled and running in an older CLI workspace
10f24498e fix remove deprecation warning of no prefixed schema options

@​schematics/angular

Commit Type Description
dfa6d73c5 fix remove browserslist configuration

@​angular-devkit/build-angular

Commit Type Description
4d848c4e6 fix generate different content hashes for scripts which are changed during the optimization phase

@​angular-devkit/core

Commit Type Description
2500f34a4 fix provide actionable warning when a workspace project has missing root property

Special Thanks

Alan Agius and martinfrancois

... (truncated)

Commits
  • d091bb0 release: cut the v13.3.9 release
  • 0d62716 fix(@​angular-devkit/build-angular): update terser to address CVE-2022-25858
  • 0bb875d build: mark external only bazel rules
  • 62f46c8 release: cut the v13.3.8 release
  • d27fc7e test: always install a compatible version of @angular/material-moment-adapter
  • c7f994f fix(@​angular/pwa): add peer dependency on Angular CLI
  • 8f5a20a release: cut the v13.3.7 release
  • 3168ab6 build: update CaretakerConfig import patch
  • 209a49e ci: add nightly CI configuration for version 13
  • 588b742 build: add caretaker configuration to ng-dev config
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Kompakkt/Repo/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.