Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
using ~ is deprecated and can be removed from your code (we recommend it), but we still support it for historical reasons.
Why you can removed it?
The loader will first try to resolve @import/@require as relative, if it cannot be resolved, the loader will try to resolve @import/@require inside node_modules.
using ~ is deprecated and can be removed from your code (we recommend it), but we still support it for historical reasons.
Why you can removed it?
The loader will first try to resolve @import/@require as relative, if it cannot be resolved, the loader will try to resolve @import/@require inside node_modules.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cdglabs/apparatus/network/alerts).
Bumps json5 to 1.0.2 and updates ancestor dependencies json5, css-loader, postcss-loader, stylus-loader and webpack. These dependencies need to be updated together.
Updates
json5
from 1.0.1 to 1.0.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysUpdates
css-loader
from 0.23.1 to 6.7.3Release notes
Sourced from css-loader's releases.
... (truncated)
Changelog
Sourced from css-loader's changelog.
... (truncated)
Commits
ef749f2
chore(release): 6.7.336fb945
chore: fix cspell962924c
fix: removesourceURL
from emitted CSS (#1487)3f3f302
chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1486)04ca713
chore: update dependencies to the latest version (#1485)9449827
chore: update styfle/cancel-workflow-action (#1484)6c67af8
chore: add cSpell to check spelling issues (#1482)239b9ac
chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#1481)394d200
chore(release): 6.7.22f4c273
fix: css modules generation with inline syntax (#1480)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.
Updates
postcss-loader
from 0.8.2 to 7.0.2Release notes
Sourced from postcss-loader's releases.
... (truncated)
Changelog
Sourced from postcss-loader's changelog.
... (truncated)
Commits
2129116
chore(release): 7.0.2955085f
fix: support ESM version ofpostcss.config.js
andpostcss.config.mjs
(#614)b0f4749
chore: update styfle/cancel-workflow-action (#612)ab3ff44
chore: add cSpell to check spelling issues (#610)3177135
chore: update dependencies to the latest version (#609)08b19c7
docs: update cla link (#608)49a0943
ci: add node v19 (#607)d274f90
ci: add dependency review action (#606)64af37b
chore: update dependencies to the latest version (#605)548e8aa
chore: update commitlint action (#604)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for postcss-loader since your current version.
Updates
stylus-loader
from 2.5.1 to 7.1.0Release notes
Sourced from stylus-loader's releases.
... (truncated)
Changelog
Sourced from stylus-loader's changelog.
... (truncated)
Commits
fad7060
chore(release): 7.1.05d76d64
feat: allow to extendconditionNames
(#365)cbce835
chore: update dependencies to the latest version (#364)76093b8
chore: update commitlint action (#363)a29a1d1
chore: run cancel workflow on pull request (#362)7238a6d
chore: update jest to the latest version (#361)116c25d
chore: upgrae-dependencies to the latest version (#360)228b757
ci: update github workflow security permissions (#359)541ad25
ci: add job to cancel previous runs (#358)0b1aa76
chore: update dependencies to the latest version (#357)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for stylus-loader since your current version.
Updates
webpack
from 1.15.0 to 5.75.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
8241da7
5.75.0a91d923
Merge pull request #16458 from webpack/bugfix/semi4608b11
Merge pull request #16457 from webpack/tooling/updatedfdd0b0
Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback23b9a1c
Merge pull request #16167 from exposir/fixts6f2c5e8
Merge pull request #16257 from alexzhang1030/calc_deterministic_verbosef7f36ad
Merge pull request #16339 from Liamolucko/wasm-i64761a542
fix semicolon position2403a36
Merge pull request #16345 from ahabhgk/fix-eval-nosourcesc18203c
update toolingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cdglabs/apparatus/network/alerts).