dspurl / tfshop

vue+php+uniapp轻量级多语言易二开跨终端商城系统,低代码,完全前后端分离,免费开源可商用,H5商城电商平台,微信小程序商城电商平台;支持H5、微信小程序,支付宝小程序、百度小程序、字节跳动小程序、安卓、IOS等等
https://www.dswjcms.com
MIT License
831 stars 250 forks source link

Bump json5, nuxt, webpack and vue-jest in /api/public/web #271

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps json5 to 2.2.3 and updates ancestor dependencies json5, nuxt, webpack and vue-jest. These dependencies need to be updated together.

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view


Updates nuxt from 2.15.7 to 3.0.0

Release notes

Sourced from nuxt's releases.

Nuxt 3.0 stable

Official Release Announcenment

💬 Release Discussion

📝 Changelog

Check out v3.0.0-rc.14 for other recent changes.

🩹 Fixes

  • nuxt: Removed auto imports (#9045)
  • schema: Initialise runtimeConfig.public with empty object (#9050)
  • cli: Upgrade with latest tag (#9060)
  • nuxt: Allow union type arguments for useAsyncData (#9061)

📖 Documentation

  • New website design (#9007)
  • Update website theme version (819deb89)
  • Minor style improvements (9ab069b2)
  • Update website-theme (780b17b1)
  • Add warning about definePageMeta issues with transitions and NuxtLoadingIndicator (#9055)
  • Add missing agencies (#9059)

🏡 Chore

  • Update readme design (#9048)
  • Ignore parse5 for renovate update (#9046)

❤️ Contributors

v3.0.0-rc.14

Note This is the last release candidate for Nuxt v3! Are you ready? 👀

👉 Release Discussion

Changelog

compare changes

... (truncated)

Commits


Updates webpack from 4.46.0 to 5.75.0

Release notes

Sourced from webpack's releases.

v5.75.0

Bugfixes

  • experiments.* normalize to false when opt-out
  • avoid NaN%
  • show the correct error when using a conflicting chunk name in code
  • HMR code tests existance of window before trying to access it
  • fix eval-nosources-* actually exclude sources
  • fix race condition where no module is returned from processing module
  • fix position of standalong semicolon in runtime code

Features

  • add support for @import to extenal CSS when using experimental CSS in node
  • add i64 support to the deprecated WASM implementation

Developer Experience

  • expose EnableWasmLoadingPlugin
  • add more typings
  • generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Features

  • add resolve.extensionAlias option which allows to alias extensions
    • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
  • add support for ES2022 features like static blocks
  • add Tree Shaking support for ProvidePlugin

Bugfixes

  • fix persistent cache when some build dependencies are on a different windows drive
  • make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
  • remove left-over from debugging in TLA/async modules runtime code
  • remove unneeded extra 1s timestamp offset during watching when files are actually untouched
    • This sometimes caused an additional second build which are not really needed
  • fix shareScope option for ModuleFederationPlugin
  • set "use-credentials" also for same origin scripts

Performance

  • Improve memory usage and performance of aggregating needed files/directories for watching
    • This affects rebuild performance

Extensibility

  • export HarmonyImportDependency for plugins

v5.73.0

... (truncated)

Commits


Updates vue-jest from 3.0.7 to 4.0.1

Release notes

Sourced from vue-jest's releases.

v4.0.1

One minor fix.

Fixes:

v4.0.0

The 4.0.0 is finally here. No clear blocker so transitioning this from release candidate to master. Better late than never.

Fixes

fix: add fallback to default TemplateCompileOptions #310 @​nogic1008

v4.0.0-rc.1

Features

feat: pass templateCompiler options https://github.com/vuejs/vue-jest/commit/37efa5873661385c1a979838b23b72701650a132 feat: add-compile-template-options #288

Fixes

fix: external css files path resolution https://github.com/vuejs/vue-jest/commit/fe76473cb19a01cd417e4bff4ca1c22128625e37

v4.0.0-rc.0

Features

We moved to release candidate after many months of beta with no real roadmap.

We will move to 4.0.0 stable before the end of Sep 2020.

v4.0.0-beta.6

Fixes

fix: remove inline source map @​nogic1008 build: bump jest version in peerDependencies @​nogic1008

That's it! Small release.

v4.0.0-beta.5

Fixes

v4.0.0-beta.4

Features

... (truncated)

Commits
  • e632171 Merge pull request #320 from catrope/typo-namepsace
  • 95784e4 Merge pull request #284 from vuejs/remove-ts-jest
  • 10559e1 chore: rebase
  • 6a7a728 Fix typo in processor example
  • 1fb3b2e publish: 4.0.0
  • 938a97e Merge pull request #311 from vuejs/dependabot/npm_and_yarn/ini-1.3.7
  • 1ada5fe Merge pull request #312 from vuejs/dependabot/npm_and_yarn/node-notifier-8.0.1
  • b393520 chore(deps): bump node-notifier from 8.0.0 to 8.0.1
  • 4ce4686 Merge pull request #310 from nogic1008/hotfix/template-compiler
  • 2353bd2 chore(deps): bump ini from 1.3.5 to 1.3.7
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dspurl/dsshop/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.