Meituan-Dianping / mpvue

基于 Vue.js 的小程序开发框架,从底层支持 Vue.js 语法和构建工具体系。
http://mpvue.com
MIT License
20.41k stars 2.07k forks source link

Bump serialize-javascript from 1.3.0 to 3.1.0 #1809

Open dependabot[bot] opened 4 years ago

dependabot[bot] commented 4 years ago

Bumps serialize-javascript from 1.3.0 to 3.1.0.

Release notes

Sourced from serialize-javascript's releases.

v3.1.0

  • Bump mocha from 7.1.2 to 7.2.0 (#83)
  • Bump mocha from 7.1.1 to 7.1.2 (#82)
  • Bump nyc from 15.0.0 to 15.0.1 (#81)
  • Don't replace regex / function placeholders within string literals (#79)
  • [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
  • Bump mocha from 7.1.0 to 7.1.1 (#77)
  • Bump mocha from 7.0.1 to 7.1.0 (#74)
  • Update example in README (#73)

Note: the randombytes has been added to the dependency package to improve the generation of UIDs. Check the #22 for more information. Thanks to @JordanMilne and @Siebes for this change.

v3.0.0

  • Introduce support for Infinity (@vthibault, #72)
  • Bump mocha from 7.0.0 to 7.0.1 (#71)
  • Test on Node.js v12 (@okuryu, #70)
  • Bump mocha from 6.2.2 to 7.0.0 (#69)
  • Bump nyc from 14.1.1 to 15.0.0 (#68)

Behavior changes for Infinity

It serializes Infinity values as follows since this version. The result of serialization may be changed if you are passing Infinity values into the serialize-javascript.

v3.x

const serialize = require('serialize-javascript');

serialize({inf: Infinity}); // '{"inf":Infinity}'

v2.x

const serialize = require('serialize-javascript');

serialize({inf: Infinity}); // '{"inf":null}'

v2.1.2

v2.1.1

  • Fix regular expressions Cross-Site Scripting (XSS) vulnerability (see security advisory)
  • Migrate to nyc from istanbul

v2.1.0

v2.0.0

Commits
Maintainer changes

This version was pushed to npm by okuryu, a new releaser for serialize-javascript since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Meituan-Dianping/mpvue/network/alerts).