5c2e13bbf0c0518e1958a4307982a999aa181049: Bump ECMA version to 2022.
3.9.8
Fixes
777ffb0e021ef89444f215a69365a689d7051896: Fix access to some restricted function properties on non functions and fix findBestExtensionHandler not finding the best handler.
925e3e665acfa37dd3db0ea8e7f02b57277677e8: Try to return nicer parser errors.
3.9.7
Fixes
b7f794dfb3034d2173b9da957f48425adc4081c3: Custom Resolver is allowed to return undefined
568934f58cf72339a3dd2a2c578cc28550c19d27: Fixed some bugs introduced in v3.9.6
b6581b4a9cf9a4706b2967fceb5930a3de4d2ac7: Fixed root path checking
3.9.6
Fixes
532120d5cdec7da8225fc6242e154ebabc63fe4d: Internal restructuring and security improvements
[fix] Security fixes
[fix] Fixed problems when Promise object is deleted (XmiliaH)
[fix] Fixed oversight that write ability can change on non configurable properties (XmiliaH)
🖊️ 🔐 This release features the ability for template authors to sign their templates, along with the ability for users to verify that the template has not been tempered with since it's been created. (Contributor: @sanketshevkar)
It also include bug fixes and addresses known vulnerabilities in dependencies.
🖊️ 🔐 This release features the ability for template authors to sign their templates, along with the ability for users to verify that the template has not been tempered with since it's been created. (Contributor: @sanketshevkar)
It also include bug fixes and addresses known vulnerabilities in dependencies.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/contractpendev/contractpen-work-client/network/alerts).
Bumps vm2 to 3.9.11 and updates ancestor dependencies vm2, @accordproject/cicero-cli and @accordproject/cicero-engine. These dependencies need to be updated together.
Updates
vm2from 3.5.0 to 3.9.11Release notes
Sourced from vm2's releases.
... (truncated)
Changelog
Sourced from vm2's changelog.
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by xmilia, a new releaser for vm2 since your current version.
Updates
@accordproject/cicero-clifrom 0.12.3 to 0.24.0Release notes
Sourced from
@accordproject/cicero-cli's releases.... (truncated)
Commits
8fc3dd2chore(ergo) : bump ergo version (#757)c626bf9chore(actions): publish v0.23.0 to npm (#737)2becd47(feat) update to Concerto v2 (#736)c0dc742chore(build): Update engines constraints in all package.json44b49fefix(*): Adjuts all the tests post 0.23, fixes to keystoresb94794achore(actions): publish v0.23.0-alpha.1 to npm2a37517fix(dep): Upgrade many dependencies93f8b96feature(dep): Switch to Concerto 2.0.0-alpha.2fd21382chore(dep): Upgrade to latest pre-2.0 concerto and other dependencies719594cchore(actions): publish v0.22.2 to npmUpdates
@accordproject/cicero-enginefrom 0.12.3 to 0.24.0Release notes
Sourced from
@accordproject/cicero-engine's releases.... (truncated)
Commits
8fc3dd2chore(ergo) : bump ergo version (#757)c626bf9chore(actions): publish v0.23.0 to npm (#737)2becd47(feat) update to Concerto v2 (#736)c0dc742chore(build): Update engines constraints in all package.json44b49fefix(*): Adjuts all the tests post 0.23, fixes to keystoresb94794achore(actions): publish v0.23.0-alpha.1 to npm2a37517fix(dep): Upgrade many dependencies93f8b96feature(dep): Switch to Concerto 2.0.0-alpha.2fd21382chore(dep): Upgrade to latest pre-2.0 concerto and other dependencies719594cchore(actions): publish v0.22.2 to npmDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/contractpendev/contractpen-work-client/network/alerts).