Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gm0t/react-sticky-el/network/alerts).
Bumps json5 to 2.2.2 and updates ancestor dependencies json5, css-loader, html-webpack-plugin, sass-loader and webpack. These dependencies need to be updated together.
Updates
json5
from 2.2.0 to 2.2.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
14f8cb1
2.2.210cc7ca
docs: update CHANGELOG for v2.2.27774c10
fix: add proto to objects and arraysedde30a
Readme: slight tweak to intro97286f8
Improve example in readmed720b4f
Improve readme (e.g. explain JSON5 better!) (#291)910ce25
docs: fix spelling of Aseem2aab4dd
test: require tap as t in cli tests6d42686
test: remove mocha syntax from tests4798b9d
docs: update installation and usage for modulesUpdates
css-loader
from 3.6.0 to 6.7.3Release notes
Sourced from css-loader's releases.
... (truncated)
Changelog
Sourced from css-loader's changelog.
... (truncated)
Commits
ef749f2
chore(release): 6.7.336fb945
chore: fix cspell962924c
fix: removesourceURL
from emitted CSS (#1487)3f3f302
chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1486)04ca713
chore: update dependencies to the latest version (#1485)9449827
chore: update styfle/cancel-workflow-action (#1484)6c67af8
chore: add cSpell to check spelling issues (#1482)239b9ac
chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#1481)394d200
chore(release): 6.7.22f4c273
fix: css modules generation with inline syntax (#1480)Updates
html-webpack-plugin
from 3.2.0 to 5.5.0Changelog
Sourced from html-webpack-plugin's changelog.
... (truncated)
Commits
873d75b
chore(release): 5.5.0ddeb774
chore: update examples1e42625
feat: Support type=module via scriptLoading option7d3645b
Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-380779be779
[chore] changes actions to run on pull_requestsb7e5859
[chore] fixes CI to avoid race conditions48131d3
chore(release): 5.4.016a841a
[chore] rebuild examples3bb7c17
Update index.jse38ac97
Update index.jsMaintainer changes
This version was pushed to npm by jantimon, a new releaser for html-webpack-plugin since your current version.
Updates
sass-loader
from 8.0.2 to 13.2.0Release notes
Sourced from sass-loader's releases.
... (truncated)
Changelog
Sourced from sass-loader's changelog.
... (truncated)
Commits
e8fbc79
chore(release): 13.2.0e5581b7
feat: add support for node-sass v8 (#1100)acb3ce0
chore(deps): bump loader-utils from 2.0.2 to 2.0.3 (#1099)1cdea4e
chore: update dependencies to the latest version (#1098)094a303
docs: update cla link (#1096)c32f63a
ci: add dependency review action (#1094)b31751d
chore(release): 13.1.06e02c64
feat: allow to extendconditionNames
(#1092)edab08f
chore: update dependencies to the latest version (#1093)3a34fef
chore: update commitlint action (#1091)Updates
webpack
from 4.46.0 to 5.75.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
8241da7
5.75.0a91d923
Merge pull request #16458 from webpack/bugfix/semi4608b11
Merge pull request #16457 from webpack/tooling/updatedfdd0b0
Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback23b9a1c
Merge pull request #16167 from exposir/fixts6f2c5e8
Merge pull request #16257 from alexzhang1030/calc_deterministic_verbosef7f36ad
Merge pull request #16339 from Liamolucko/wasm-i64761a542
fix semicolon position2403a36
Merge pull request #16345 from ahabhgk/fix-eval-nosourcesc18203c
update toolingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gm0t/react-sticky-el/network/alerts).