Delete inlay css styles, which are not actually used by Closure.
Add non-nullable modifier to return type of functions never returning null.
Remove forwardDeclares from Closure Events Listenable by reducing the typing of the event key's src property to just Listenable, instead of Listenable|EventTarget. Note that EventTarget is the primary implementation of Listenable.
Other Changes
Added SafeUrl.fromMediaSource()
Fix authority parsing in Closure URI parser.
Document mode is now based on user agent on IE if not present in document
Add a define to module manager so that we can control module loading behaviors.
Add non-nullable modifier to return type of functions never returning null.
goog.isArray in deprecated in favor of Array.isArray
Update Thenable.then rejection handler JSDoc to reflect actual functionality.
Closure Library v20200224
New Additions
Create goog.debug.deepFreeze.
Added goog.async.promises.allMapsValues utility function
Backwards Incompatible Changes
AbstractRange.prototype.getTextRange(s) now return AbstractRange instead of the specific TextRange subclass
Other Changes
Remove some forwardDeclares from closure labs net.
Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)
Version 16.4.0
Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)
Version 16.3.0
Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)
Version 16.2.2
Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.
Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)
16.4.0
Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)
16.3.0
Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)
16.2.2
Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
v2.2.0
New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
New: package.json and package.json5 include a module property so
bundlers like webpack, rollup and parcel can take advantage of the ES Module
build. (#208)
Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
New: package.json and package.json5 include a module property so
bundlers like webpack, rollup and parcel can take advantage of the ES Module
build. (#208)
Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
Security fix for RegExps that should not be evaluated (regexp DDOS)
v4.8.0
Support for numeric separators (million = 1_000_000) was added.
Assigning properties to a class is now assumed to be pure.
Fixed bug where yield wasn't considered a valid property key in generators.
v4.7.0
A bug was fixed where an arrow function would have the wrong size
arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.
Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.
v4.6.13
Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.
Fixed parsing of BigInt with lowercase e in them.
v4.6.12
Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]
Printing of unicode identifiers has been improved
v4.6.11
Read unused classes' properties and method keys, to figure out if they use other variables.
Prevent inlining into block scopes when there are name collisions
Functions are no longer inlined into parameter defaults, because they live in their own special scope.
When inlining identity functions, take into account the fact they may be used to drop this in function calls.
Nullish coalescing operator (x ?? y), plus basic optimization for it.
Template literals in binary expressions such as + have been further optimized
v4.6.10
Do not use reduce_vars when classes are present
v4.6.9
Check if block scopes actually exist in blocks
v4.6.8
Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.
v4.6.7
Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.
Bumps the npm_and_yarn group with 27 updates in the /internal/remediation/fixtures/santatracker directory:
0.7.30.7.8v20190909.0.020200315.0.012.2.016.5.02.1.02.2.23.10.114.8.15.5.15.7.27.6.07.24.64.0.04.0.310.1.021.1.112.0.217.7.25.7.38.11.37.1.08.11.36.0.28.11.32.6.62.6.78.10.08.10.12.0.02.0.25.0.05.1.26.2.16.2.20.2.30.4.01.4.11.4.24.17.204.17.213.0.43.1.25.2.010.4.00.1.20.1.40.10.01.3.13.1.23.1.41.0.61.0.71.1.01.1.16.5.26.5.3Updates
dat.guifrom 0.7.3 to 0.7.8Release notes
Sourced from dat.gui's releases.
Commits
6a444cc0.7.8103be80Removed CHANGELOG.mdf720c72Merge pull request #279 from yetingli/master40f4fc1Remove link to defunct tutorial.1e1aecbFix ReDos in CSS_RGB and CSS_RGBA51d1a37Merge pull request #274 from dataarts/dependabot/npm_and_yarn/lodash-4.17.1928b15c6Bump lodash from 4.17.15 to 4.17.19071edebUse primitive type instead of nullable boxed type92cebb3Re-lint.b290bf7Update lint rules.Maintainer changes
This version was pushed to npm by mrdoob, a new releaser for dat.gui since your current version.
Updates
google-closure-libraryfrom v20190909.0.0 to 20200315.0.0Release notes
Sourced from google-closure-library's releases.
... (truncated)
Commits
c6e4fe0Bump version.2fb2c6dMigrate goog.forwardDeclare to goog.requireType.ade336aMigrate goog.forwardDeclare to goog.requireType.964e8f3RELNOTES[NEW]: Add SafeHtml.comment.a93d568RELNOTES: Add non-nullable modifier to return type of functions never returni...294fc00Fix authority parsing in Closure URI parser.49624abAdd a define to module manager so that we can control module loading behaviors.5845fb1Removed the legacy buffering-proxy detection (aka test-channel).f4c4443Add non-nullable modifier to return type of functions never returning null.60f4a9cAdd non-nullable modifier to return type of functions never returning null.Updates
jsdomfrom 12.2.0 to 16.5.0Release notes
Sourced from jsdom's releases.
... (truncated)
Changelog
Sourced from jsdom's changelog.
... (truncated)
Commits
2d82763Version 16.5.09741311Fix loading of subresources with Unicode filenames5e46553Use domenic's ESLint config as the base19b35daFix the URL of about:blank iframes017568eSupport inputType on InputEvent29f4fdfUpgrade dependenciese2f7639Refactor create‑event‑accessor.js to remove code duplicationff69a75Convert JSDOM to use callback functions19df6bcUpdate links in contributing guidelines1e34ff5Test triageUpdates
json5from 2.1.0 to 2.2.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
14f8cb12.2.210cc7cadocs: update CHANGELOG for v2.2.27774c10fix: add proto to objects and arraysedde30aReadme: slight tweak to intro97286f8Improve example in readmed720b4fImprove readme (e.g. explain JSON5 better!) (#291)910ce25docs: fix spelling of Aseem2aab4ddtest: require tap as t in cli tests6d42686test: remove mocha syntax from tests4798b9ddocs: update installation and usage for modulesUpdates
terserfrom 3.10.11 to 4.8.1Changelog
Sourced from terser's changelog.
... (truncated)
Commits
40674a4update changelog, versiond8cc569backport fix to potential regexp DDOS504b9674.8.09f380dcupdate changelog7dd0b9dupdate assumptionscfad907Allow yield to be used as property key in generators.283f44fMake class property assignment pure.ee965e8Add numeric separators support (#725)ee6b8af4.7.0807f729update changelogUpdates
semverfrom 5.5.1 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313chore: release 5.7.22f8fd41fix: better handling of whitespace (#585)deb5ad5chore:@npmcli/template-oss@4.16.0c83c18c5.7.1956e228Correct typo in README8055dda5.7.0604e73dauto-publishing scriptsbed01e2remove the nomin comments, since we don't minify any more anyway9cb68f1document parse method38d42ca5.7 changelogMaintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
@babel/traversefrom 7.6.0 to 7.24.6Release notes
Sourced from
@babel/traverse's releases.... (truncated)
Changelog
Sourced from
@babel/traverse's changelog.... (truncated)
Commits
9630250v7.24.61f010dfExplicitly defineNodePath.prototype.*(#16488)6e3539b[babel 8] Publish.d.tsfiles for every package (#16416)e37e64dUse eslint v9 (#16479)3ff20b9Statically generate boilerplate for bitfield accessors (#16482)97c3eb1RemovesyntaxTypeoption for record-and-tuple (parser&plugin) (#16458)71c247a[babel 8] Require Node.js^18.20.0 || ^20.10.0 || >=21.0.0(#16457)ddbea7dv7.24.5e779cadfix: TypeScript annotation affects output (#16377)ee48754Use multiple TypeScript projects (#16430)Updates
y18nfrom 4.0.0 to 4.0.3Changelog
Sourced from y18n's changelog.
Commits
0aa97c5chore: release 4.x.x (#128)a8e7f04build(release-please): configure branch properly (#127)1e21a53fix(release): 4.x.x should not enforce Node 10 (#126)8dc7580docs: update CHANGELOG7de58cafix: address prototype pollution issueMaintainer changes
This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.
Updates
yargs-parserfrom 10.1.0 to 21.1.1Release notes
Sourced from yargs-parser's releases.
... (truncated)
Changelog
Sourced from yargs-parser's changelog.
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml
@another-rex I wonder if https://github.com/dependabot/dependabot-core/issues/4364#issuecomment-2002406602 would at least make the PRs auto-close?