Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)
v2.2.2
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
v2.2.0
New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
This document provides a summary of all notable changes to the core Antora components by release.
For a detailed view of what's changed, refer to the repository's https://gitlab.com/antora/antora/commits/main[commit history].
This project utilizes semantic versioning.
== 3.2.0-alpha.2 (2022-11-01)
=== Added
content-classifier: Emit componentsRegistered event after all components and versions have been registered (#1015)
content-classifier: Store raw files, nav, and startPage data on partially constructed component version until processed (#1015)
content-classifier: Add readable property named files to component version in ContentCatalog#registerComponentVersionStartPage to get files for component version on access (#1015)
content-classifier: Add readable property named startPage to component version in ContentCatalog#registerComponentVersionStartPage to look up start page for component version on access (#1015)
content-classifier: Discover implicit site start page in component version promoted to site root (#1021)
content-classifier: Update ContentCatalog#registerComponentVersionStartPage to return start page
=== Changed
content-classifier: Don't recompute resource ID on file from content aggregate if src.family is set (#1026)
content-classifier: Don't assign fallback value to url property on component version if property is already set
site-generator: Print site URL instead of file URI in completion message if CI=true
=== Fixed
playbook-builder: Decouple logic to compute default log format from process environment (#1022)
playbook-builder: Use consistent formatting for error messages in playbook builder
playbook-builder: Allow content aggregator to parse value of content.branches and content.tags playbook keys (#1025)
content-classifier: Add guard to prevent ContentCatalog#registerSiteStartPage from registering alias loop (#1020)
redirect-producer: Preserve target when creating static route if target is an absolute URL (#1024)
site-generator: Look for IS_TTY on playbook.env in site generator to decouple check from process environment
== 3.2.0-alpha.1 (2022-10-20)
=== Added
content-aggregate: Introduce syntax to match branches by worktree name (for inclusion or exclusion) (e.g., HEAD@5.8.x) (#1016)
content-aggregate: Allow linked worktree to be used as content source; automatically resolve main repository location and remap HEAD reference in branches (#535)
content-aggregate: Add support for ref placeholder to insert full name of git ref (e.g., refs/heads/v3.1.x) in value of edit_url key on content source (#1013)
content-classifier: Use value of versionSegment property on component version in place of version in output path and URL of pages (#1006)
content-classifier: Set dynamic activeVersionSegment property on component version to indicate which version segment is in use (#1006)
content-classifier: Add addSplatAlias method to ContentCatalog for adding a splat (directory) alias (#1008)
=== Changed
playbook-builder: Remove trailing slash from value of site.url when building playbook (#1009)
content-aggregator: Always assign the value auth-required to origin.private if the server requests credentials (even when credentials are embedded in content source URL) (#1012)
content-classifier: shorten urlSegment fragment in property names on ContentCatalog to segment (e.g., latestVersionUrlSegment -> latestVersionSegment)
site-generator: Remove trailing slash from value of site.url after playbookBuilt event (#1009)
This document provides a summary of all notable changes to the core Antora components by release.
For a detailed view of what's changed, refer to the repository's https://gitlab.com/antora/antora/commits/main[commit history].
This project utilizes semantic versioning.
== 3.2.0-alpha.2 (2022-11-01)
=== Added
content-classifier: Emit componentsRegistered event after all components and versions have been registered (#1015)
content-classifier: Store raw files, nav, and startPage data on partially constructed component version until processed (#1015)
content-classifier: Add readable property named files to component version in ContentCatalog#registerComponentVersionStartPage to get files for component version on access (#1015)
content-classifier: Add readable property named startPage to component version in ContentCatalog#registerComponentVersionStartPage to look up start page for component version on access (#1015)
content-classifier: Discover implicit site start page in component version promoted to site root (#1021)
content-classifier: Update ContentCatalog#registerComponentVersionStartPage to return start page
=== Changed
content-classifier: Don't recompute resource ID on file from content aggregate if src.family is set (#1026)
content-classifier: Don't assign fallback value to url property on component version if property is already set
site-generator: Print site URL instead of file URI in completion message if CI=true
=== Fixed
playbook-builder: Decouple logic to compute default log format from process environment (#1022)
playbook-builder: Use consistent formatting for error messages in playbook builder
playbook-builder: Allow content aggregator to parse value of content.branches and content.tags playbook keys (#1025)
content-classifier: Add guard to prevent ContentCatalog#registerSiteStartPage from registering alias loop (#1020)
redirect-producer: Preserve target when creating static route if target is an absolute URL (#1024)
site-generator: Look for IS_TTY on playbook.env in site generator to decouple check from process environment
== 3.2.0-alpha.1 (2022-10-20)
=== Added
content-aggregate: Introduce syntax to match branches by worktree name (for inclusion or exclusion) (e.g., HEAD@5.8.x) (#1016)
content-aggregate: Allow linked worktree to be used as content source; automatically resolve main repository location and remap HEAD reference in branches (#535)
content-aggregate: Add support for ref placeholder to insert full name of git ref (e.g., refs/heads/v3.1.x) in value of edit_url key on content source (#1013)
content-classifier: Use value of versionSegment property on component version in place of version in output path and URL of pages (#1006)
content-classifier: Set dynamic activeVersionSegment property on component version to indicate which version segment is in use (#1006)
content-classifier: Add addSplatAlias method to ContentCatalog for adding a splat (directory) alias (#1008)
=== Changed
playbook-builder: Remove trailing slash from value of site.url when building playbook (#1009)
content-aggregator: Always assign the value auth-required to origin.private if the server requests credentials (even when credentials are embedded in content source URL) (#1012)
content-classifier: shorten urlSegment fragment in property names on ContentCatalog to segment (e.g., latestVersionUrlSegment -> latestVersionSegment)
site-generator: Remove trailing slash from value of site.url after playbookBuilt event (#1009)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/feelpp/book.hifimagnet/network/alerts).
Bumps json5 to 2.2.3 and updates ancestor dependencies json5, @antora/cli and @antora/site-generator-default. These dependencies need to be updated together.
Updates
json5from 2.1.3 to 2.2.3Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
c3a75242.2.394fd06ddocs: update CHANGELOG for v2.2.33b8cebfdocs(security): use GitHub security advisoriesf0fd9e1docs: publish a security policy6a91a05docs(template): bug -> bug report14f8cb12.2.210cc7cadocs: update CHANGELOG for v2.2.27774c10fix: add proto to objects and arraysedde30aReadme: slight tweak to intro97286f8Improve example in readmeUpdates
@antora/clifrom 2.3.4 to 3.1.2Changelog
Sourced from
@antora/cli's changelog.... (truncated)
Commits
f09e3acrelease 3.1.2937c40cupgrade dependencies that can be upgraded and refresh dependency lock file5af8e49refresh dependency lock filecdd7223update release process; automate management of release and tool version attri...a8d8e72merge !964911ae54update What's New for Antora 3.1.2f6fc688replace raise event with emit event1975bd2backport fix for #1025 allow content aggregator to parse value of content.bra...7a39895reclassify CHANGELOG entries34ac3e2backport fix for #1024 preserve target when creating static route if target i...Updates
@antora/site-generator-defaultfrom 2.3.4 to 3.1.2Changelog
Sourced from
@antora/site-generator-default's changelog.... (truncated)
Commits
f09e3acrelease 3.1.2937c40cupgrade dependencies that can be upgraded and refresh dependency lock file5af8e49refresh dependency lock filecdd7223update release process; automate management of release and tool version attri...a8d8e72merge !964911ae54update What's New for Antora 3.1.2f6fc688replace raise event with emit event1975bd2backport fix for #1025 allow content aggregator to parse value of content.bra...7a39895reclassify CHANGELOG entries34ac3e2backport fix for #1024 preserve target when creating static route if target i...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/feelpp/book.hifimagnet/network/alerts).