Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.
The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.
Intermediate Release
No release notes provided.
Release v1.2.9 - Node v12 compatibility
No release notes provided.
Release Pre-NAPI v1.2.8
No release notes provided.
Version Bump (bundle node-pre-gyp)
No release notes provided.
Prebuilt v11.x
No release notes provided.
v1.2.3
Added node v10 for pre-built binaries
C++ tuning to fix potential SIGILL and cyclic dependency (#204)
v1.2.2
Fixed node-pre-gyp bundling issue
v1.2.1
[unpublished because of errors during publish process]
v1.2.0
BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
Compatibility updates for nan v2.9.0
v1.1.3
Added node v9 for pre-built binaries
Fixed bug related to using --no-bin-links option on install
Updated node-pre-gyp to latest version (0.6.39)
v1.1.2
Added Node.js v8 to the prebuild binary assets.
Stopped prebuilding for io.js (can still be built locally)
fix: check prototype property access in strict-mode (#1736) - b6d3de7
fix: escape property names in compat mode (#1736) - f058970
refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
chore: start testing on Node.js 12 and 13 - 3789a30
(POSSIBLY) BREAKING CHANGES:
the changes from version 4.6.0 now also apply
in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods
can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties
from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.
That is why we only bump the patch version despite mentioning breaking changes.
The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
// returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
When passing non-string arrays to a .set operation, an error is thrown:
// throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')
SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
removed obsolete build tools
updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)
1.19.6 (February 13th 2021)
SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx
1.19.5 (December 30th 2020)
dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - [Issue #404](medialize/URI.js#404)
SECURITY fixing URI.parse() to handle variable amounts of \ and / in scheme delimiter as Node and Browsers do - disclosed privately by ready-research via https://huntr.dev/
removed obsolete build tools
updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0)
1.19.6 (February 13th 2021)
SECURITY fixing URI.parse() to rewrite \ in scheme delimiter to / as Node and Browsers do - disclosed privately by Yaniv Nizry from the CxSCA AppSec team at Checkmarx
1.19.5 (December 30th 2020)
dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - [Issue #404](medialize/URI.js#404)
This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/web-starter-kit/network/alerts).
Bumps the npm_and_yarn group with 11 updates in the / directory:
1.0.4
1.1.0
1.0.0
1.0.1
0.10.12
0.10.64
1.0.15
1.2.13
4.0.6
4.7.8
2.1.5
2.8.9
1.3.4
1.3.8
2.15.0
2.20.6
1.2.2
1.2.4
1.18.4
1.19.11
3.2.1
3.2.2
Updates
concat-with-sourcemaps
from 1.0.4 to 1.1.0Commits
Maintainer changes
This version was pushed to npm by floridoo, a new releaser for concat-with-sourcemaps since your current version.
Updates
deap
from 1.0.0 to 1.0.1Commits
Maintainer changes
This version was pushed to npm by prestaul, a new releaser for deap since your current version.
Updates
es5-ext
from 0.10.12 to 0.10.64Release notes
Sourced from es5-ext's releases.
... (truncated)
Changelog
Sourced from es5-ext's changelog.
... (truncated)
Commits
f76b03d
chore: Release v0.10.642881acd
chore: Bump dependenciesc2e2bb9
fix: Revert update meant to fix Powershell issue, as it's a regression16f2b72
docs: Fix date in the changelogde4e03c
chore: Release v0.10.633fd53b7
chore: Upgradelint-staged
to v13bf8ed79
chore: Ensure postinstall script does not crash on Windows2cbbb07
chore: Bump dependencies22d0416
chore: Bump LICENSE yeara52e957
fix: Support ES2015+ function definitions infunction#toStringTokens()
Updates
fsevents
from 1.0.15 to 1.2.13Release notes
Sourced from fsevents's releases.
... (truncated)
Commits
844a05d
Version Bumpf393f2a
Only build fsevents on macOS (#322)6a281a7
[publish binary]acc2bce
[publish binary]f532b6e
[publish binary]4c6a1c0
Add node 13 to travis matrix.92e40aa
Release 1.2.12.909af26
Release v1.2.117074adb
Release v1.2.100a052f6
Node.js v12 support for v1.x (#274)Updates
handlebars
from 4.0.6 to 4.7.8Release notes
Sourced from handlebars's releases.
Changelog
Sourced from handlebars's changelog.
... (truncated)
Commits
8dc3d25
v4.7.8668c4fb
Fix browser tests in CI pipelinec65c6cc
Test on Node 183d3796c
Make library compatible with workers075b354
Fix sync issue with npm lock-file30dbf04
Fix compiling of each block params in strict modee3a5448
Fix bundler issue with webpack 58e23642
Fix integration-tests issue with npm >= 788ac068
use https instead of git for mustache submodulec68bc08
Fix typoMaintainer changes
This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.
Updates
hosted-git-info
from 2.1.5 to 2.8.9Changelog
Sourced from hosted-git-info's changelog.
... (truncated)
Commits
8d4b369
chore(release): 2.8.929adfe5
fix: backport regex fix from #76afeaefd
chore(release): 2.8.85038b18
fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...7440afa
chore(release): 2.8.72d0bb66
fix: Do not attempt to use url.URL when unavailablef2cdfcf
fix: Do not pass scp-style URLs to the WhatWG url.URLe1b83df
chore(release): 2.8.6ff259a6
Ensure passwords in hosted Git URLs are correctly escaped624fd6f
chore(release): 2.8.5Maintainer changes
This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.
Updates
ini
from 1.3.4 to 1.3.8Commits
a2c5da8
1.3.8af5c6bb
Do not use Object.create(null)8b648a1
don't test where our devdeps don't even workc74c8af
1.3.7024b8b5
update deps, add linting032fbaf
Use Object.create(null) to avoid default object property hazards2da9039
1.3.6cfea636
better git push script, before publish instead of after56d2805
do not allow invalid hazardous string as section name738eca5
v1.3.5Maintainer changes
This version was pushed to npm by isaacs, a new releaser for ini since your current version.
Updates
is-my-json-valid
from 2.15.0 to 2.20.6Commits
58d30cb
2.20.6f76edf0
Merge pull request #188 from axelniklasson/master4eef089
Upgrade jsonpointer to address security vulnerability441f812
2.20.5d36a1b1
Merge pull request #182 from ChALkeR/chalker/fix-commab6ea484
Fix uri prefix detection5389c5b
Merge pull request #181 from ChALkeR/chalker/fix-undefdf5b313
add funding filec224619
Fix 'required' implementation2534af4
2.20.4Maintainer changes
This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.
Updates
is-url
from 1.2.2 to 1.2.4Commits
d204828
1.2.4a524d7f
Merge pull request #20 from davisjam/FixUndefb33cac4
handle undefined string8585fac
Merge pull request #23 from segmentio/fix-testse572e5d
add travis confige1c30e1
remove cruft and fix the test scriptf1c83cf
1.2.355ee8ee
Merge pull request #18 from davisjam/FixREDOS1495509
security: Fix REDOS vulnerabilityUpdates
jsonpointer
from 4.0.0 to 5.0.1Release notes
Sourced from jsonpointer's releases.
Commits
4a253c0
Adopt strictEqual changes and only return null when the get succeededbad4983
Fix null values throwing exception when traversing over while gettinga5706e8
test: Always use strictEqual to ensure null and undefined values are asserted...b8e1e6a
fix incorrect typings for compile get/set methodsc4de620
Merge pull request #53 from janl/release/5.0.08dbf304
feat: v584cf173
Merge pull request #52 from janl/fix/testf716e5c
chore: more rip travise2ae355
chore: remove commentd23693b
chore: update primary branchUpdates
urijs
from 1.18.4 to 1.19.11Release notes
Sourced from urijs's releases.
... (truncated)
Changelog
Sourced from urijs's changelog.
... (truncated)
Commits
b655c1b
chore(build): bumping to version 1.19.11b0c9796
fix(parse): handle CR,LF,TAB88805fd
fix(parse): handle excessive slashes in scheme-relative URLs926b2aa
chore(build): bumping to version 1.19.10a8166fe
fix(parse): handle excessive colons in scheme delimiter01920b5
chore(build): bumping to version 1.19.986d1052
fix(parse): remove leading whitespaceefae1e5
chore(build): bumping to version 1.19.86ea641c
fix(parse): case insensitive scheme - #41219e54c7
chore(build): bumping to version 1.19.7Updates
y18n
from 3.2.1 to 3.2.2Release notes
Sourced from y18n's releases.
Commits
Maintainer changes
This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show