Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)
Version 16.4.0
Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)
Version 16.3.0
Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)
Version 16.2.2
Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.
Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)
16.4.0
Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)
16.3.0
Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)
16.2.2
Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
In vulnerable versions of ws, the issue can be mitigated in the following ways:
Reduce the maximum allowed length of the request headers using the
[--max-http-header-size=size][] and/or the [maxHeaderSize][] options so
that no more headers than the server.maxHeadersCount limit can be sent.
Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.
Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)
Version 16.4.0
Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)
Version 16.3.0
Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)
Version 16.2.2
Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.
Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)
16.4.0
Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)
16.3.0
Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)
16.2.2
Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/abhinavsingh/proxy.py/network/alerts).
Bumps the npm_and_yarn group in /dashboard with 8 updates:
15.2.1
16.5.0
8.9.0
8.17.1
1.14.8
1.15.6
3.0.2
3.0.3
1.0.1
1.0.2
6.5.2
6.5.3
2.5.0
4.1.4
16.5.0
16.7.0
Updates
jsdom
from 15.2.1 to 16.5.0Release notes
Sourced from jsdom's releases.
... (truncated)
Changelog
Sourced from jsdom's changelog.
... (truncated)
Commits
2d82763
Version 16.5.09741311
Fix loading of subresources with Unicode filenames5e46553
Use domenic's ESLint config as the base19b35da
Fix the URL of about:blank iframes017568e
Support inputType on InputEvent29f4fdf
Upgrade dependenciese2f7639
Refactor create‑event‑accessor.js to remove code duplicationff69a75
Convert JSDOM to use callback functions19df6bc
Update links in contributing guidelines1e34ff5
Test triageUpdates
ws
from 8.9.0 to 8.17.1Release notes
Sourced from ws's releases.
... (truncated)
Commits
3c56601
[dist] 8.17.1e55e510
[security] Fix crash when the Upgrade header cannot be read (#2231)6a00029
[test] Increase code coverageddfe4a8
[perf] Reduce the amount ofcrypto.randomFillSync()
callsb73b118
[dist] 8.17.029694a5
[test] Use thehighWaterMark
variable934c9d6
[ci] Test on node 221817bac
[ci] Do not test on node 2196c9b3d
[major] Flip the default value ofallowSynchronousEvents
(#2221)e5f32c7
[fix] Emit at most one event per event loop iteration (#2218)Updates
follow-redirects
from 1.14.8 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
braces
from 3.0.2 to 3.0.3Commits
74b2db2
3.0.388f1429
update eslint. lint, fix unit tests.415d660
Snyk js braces 6838727 (#40)190510f
fix tests, skip 1 test in test/braces.expand716eb9f
readme bumpa5851e5
Merge pull request #37 from coderaiser/fix/vulnerability2092bd1
feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...9f5b4cf
fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)98414f9
remove funding file665ab5d
update keepEscaping doc (#27)Updates
json5
from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysUpdates
qs
from 6.5.2 to 6.5.3Changelog
Sourced from qs's changelog.
Commits
298bfa5
v6.5.3ed0f5dc
[Fix]parse
: ignore__proto__
keys (#428)691e739
[Robustness]stringify
: avoid relying on a globalundefined
(#427)1072d57
[readme] remove travis badge; add github actions/codecov badges; update URLs12ac1c4
[meta] fix README.md (#399)0338716
[actions] backport actions from main5639c20
Clean up license text so it’s properly detected as BSD-3-Clause51b8a0b
add FUNDING.yml45f6759
[Fix] fix for an impossible situation: when the formatter is called with a no...f814a7f
[Dev Deps] backport from mainUpdates
tough-cookie
from 2.5.0 to 4.1.4Release notes
Sourced from tough-cookie's releases.
... (truncated)
Commits
cacbc37
Bump version to 4.1.4a48fb3a
Add tests for url validation50e69bf
Merge pull request #261 from postmanlabs/fix/url-string-validation1253d58
Merge pull request #409 from corvidism/validators-to-string238367e
Add local alias fortoString
4ff4d29
4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747
Prevent prototype pollution in cookie memstore (#283)f06b72d
Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...cf6debd
Fix incorrect string validation for URLb1a8898
fix: allow set cookies with localhost (#253)Maintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Updates
jsdom
from 16.5.0 to 16.7.0Release notes
Sourced from jsdom's releases.
... (truncated)
Changelog
Sourced from jsdom's changelog.
... (truncated)
Commits
2d82763
Version 16.5.09741311
Fix loading of subresources with Unicode filenames5e46553
Use domenic's ESLint config as the base19b35da
Fix the URL of about:blank iframes017568e
Support inputType on InputEvent29f4fdf
Upgrade dependenciese2f7639
Refactor create‑event‑accessor.js to remove code duplicationff69a75
Convert JSDOM to use callback functions19df6bc
Update links in contributing guidelines1e34ff5
Test triageDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show