search

nelsonic / rumbl

Phoenix App built following Programming Phoenix 1.4 book
3 stars 0 forks source link

Bump json5 and webpack-cli in /apps/rumbl_web/assets #16

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps json5 to 2.2.3 and updates ancestor dependencies json5, json5 and webpack-cli. These dependencies need to be updated together.

Updates json5 from 2.1.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view


Updates json5 from 1.0.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

  • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
  • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
  • Fix: Spelling mistakes have been fixed. (#196)
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

  • Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view


Updates webpack-cli from 2.1.5 to 5.0.1

Release notes

Sourced from webpack-cli's releases.

v5.0.1

5.0.1 (2022-12-05)

Bug Fixes

  • make define-process-env-node-env alias node-env (#3514) (346a518)

v5.0.0

5.0.0 (2022-11-17)

Bug Fixes

  • improve description of the --disable-interpret option (#3364) (bdb7e20)
  • remove the redundant utils export (#3343) (a9ce5d0)
  • respect NODE_PATH env variable (#3411) (83d1f58)
  • show all CLI specific flags in the minimum help output (#3354) (35843e8)

Features

  • failOnWarnings option (#3317) (c48c848)
  • update commander to v9 (#3460) (6621c02)
  • added the --define-process-env-node-env option
  • update interpret to v3 and rechoir to v0.8
  • add an option for preventing interpret (#3329) (c737383)

BREAKING CHANGES

  • the minimum supported webpack version is v5.0.0 (#3342) (b1af0dc), closes #3342
  • webpack-cli no longer supports webpack v4, the minimum supported version is webpack v5.0.0
  • webpack-cli no longer supports webpack-dev-server v3, the minimum supported version is webpack-dev-server v4.0.0
  • remove the migrate command (#3291) (56b43e4), closes #3291
  • remove the --prefetch option in favor the PrefetchPlugin plugin
  • remove the --node-env option in favor --define-process-env-node-env
  • remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
  • the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'

v4.10.0

4.10.0 (2022-06-13)

Bug Fixes

Features

v4.9.2

4.9.2 (2022-01-24)

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

5.0.1 (2022-12-05)

Bug Fixes

  • make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

Bug Fixes

  • improve description of the --disable-interpret option (#3364) (bdb7e20)
  • remove the redundant utils export (#3343) (a9ce5d0)
  • respect NODE_PATH env variable (#3411) (83d1f58)
  • show all CLI specific flags in the minimum help output (#3354) (35843e8)

Features

  • failOnWarnings option (#3317) (c48c848)
  • update commander to v9 (#3460) (6621c02)
  • added the --define-process-env-node-env option
  • update interpret to v3 and rechoir to v0.8
  • add an option for preventing interpret (#3329) (c737383)

BREAKING CHANGES

  • the minimum supported webpack version is v5.0.0 (#3342) (b1af0dc), closes #3342
  • webpack-cli no longer supports webpack v4, the minimum supported version is webpack v5.0.0
  • webpack-cli no longer supports webpack-dev-server v3, the minimum supported version is webpack-dev-server v4.0.0
  • remove the migrate command (#3291) (56b43e4), closes #3291
  • remove the --prefetch option in favor the PrefetchPlugin plugin
  • remove the --node-env option in favor --define-process-env-node-env
  • remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
  • the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'

4.10.0 (2022-06-13)

Bug Fixes

Features

4.9.2 (2022-01-24)

Bug Fixes

  • respect negatedDescription for flags from schema (#3102) (463b731)

... (truncated)

Commits
  • 4a0f893 chore(release): publish new version
  • 9de982c chore: fix cspell
  • 32d26c8 chore(deps-dev): bump cspell from 6.15.1 to 6.16.0 (#3517)
  • 2788bf9 chore(deps-dev): bump eslint from 8.28.0 to 8.29.0 (#3516)
  • ac88ee4 chore(deps-dev): bump lint-staged from 13.0.4 to 13.1.0 (#3515)
  • 346a518 fix: make define-process-env-node-env alias node-env (#3514)
  • 3ec7b16 chore(deps): bump yeoman-environment from 3.12.1 to 3.13.0 (#3508)
  • c8adfa6 chore(deps-dev): bump @​types/node from 18.11.9 to 18.11.10 (#3513)
  • 0ad8cc2 chore(deps-dev): bump cspell from 6.15.0 to 6.15.1 (#3512)
  • d30f261 chore(deps-dev): bump ts-loader from 9.4.1 to 9.4.2 (#3511)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-cli since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nelsonic/rumbl/network/alerts).