🚨 [security] Update pdfjs-dist 2.10.377 → 4.2.67 (major)

[depfu[bot]]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ pdfjs-dist (2.10.377 → 4.2.67) · Repo

Security Advisories 🚨

🚨 PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

Impact

If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.

Patches

The patch removes the use of eval:
mozilla/pdf.js#18015

Workarounds

Set the option isEvalSupported to false.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

Sorry, we couldn't find anything useful about this release.

↗️ nan (indirect, 2.15.0 → 2.19.0) · Repo · Changelog

Release Notes

2.19.0 (from changelog)

2.19.0 Mar 6 2024

• Feature: Fix builds for Electron 29 (#966) 1b630dd

2.18.0 Sep 12 2023

• Feature: Cast v8::Object::GetInternalField() return value to v8::Value (#956) bdfee17

2.17.0 Oct 10 2022

• Feature: overload deprecated AccessorSignatures (#943) 7f9ceb8

2.16.0 May 25 2022

• Feature: Add support for Node 18 (#937) 16fa322

2.15.0 Aug 4 2021

• Feature: add ScriptOrigin (#918) d09debf

2.14.2 Oct 13 2020

• Bugfix: fix gcc 8 function cast warning (#899) 35f0fab

2.14.1 Apr 21 2020

• Bugfix: use GetBackingStore() instead of GetContents() (#888) 2c023bd

2.14.0 May 16 2019

• Feature: Add missing methods to Nan::Maybe (#852) 4e96248

2.13.2 Mar 24 2019

• Bugfix: remove usage of deprecated IsNearDeath (#842) fbaf422

2.13.1 Mar 14 2019

• Bugfix: check V8 version directly instead of inferring from NMV (#840) 12f9df9

2.13.0 Mar 13 2019

• Feature: add support for node master (#831) 113c0282072e7ff4f9dfc98b432fd894b798c2c

2.12.1 Dec 18 2018

• Bugfix: Fix build breakage with Node.js 10.0.0-10.9.0. (#833) 625e90e

2.12.0 Dec 16 2018

• Bugfix: Add scope.Escape() to Call() (#817) 2e5ed4f
• Bugfix: Fix Node.js v10.12.0 deprecation warnings. 509859c
• Feature: Allow SetWeak() for non-object persistent handles. (#824) e6ef6a4

2.11.1 Sep 29 2018

• Fix: adapt to V8 7.0 24a22c3

2.11.0 Aug 25 2018

• Removal: remove FunctionCallbackInfo::Callee for nodejs >= 10 1a56c0a
• Bugfix: Fix AsyncProgressWorkerBase::WorkProgress sends invalid data b0c764d
• Feature: Introduce GetCurrentEventLoop b4911b0
• Feature: Add NAN_MODULE_WORKER_ENABLED macro as a replacement for NAN_MODULE b058fb0

2.10.0 Mar 16 2018

• Deprecation: Deprecate MakeCallback 5e92b19
• Feature: add Nan::Call overload 4482e12
• Feature: add more Nan::Call overloads 8584e63
• Feature: Fix deprecation warnings for Node 10 1caf258

2.9.2 Feb 22 2018

• Bugfix: Bandaid for async hooks 212bd2f

2.9.1 Feb 22 2018

• Bugfix: Avoid deprecation warnings in deprecated Nan::Callback::operator() 372b14d
• Bugfix: Avoid deprecation warnings in Nan::JSON 3bc294b

2.9.0 Feb 22 2018

• Deprecation: Deprecate legacy Callback::Call 6dd5fa6
• Feature: introduce AsyncResource class 90c0a179c0d8cb5fd26f1a7d2b1d6231eb402d48o
• Feature: Add context aware Nan::Callback::Call functions 7169e09
• Feature: Make AsyncWorker context aware 066ba21
• Feature: add Callback overload to Nan::Call 5328daf
• Bugfix: fix warning: suggest parentheses around && within || b2bb63d
• Bugfix: Fix compilation on io.js 3 d06114d

2.8.0 Nov 15 2017

• Deprecation: Deprecate Nan::ForceSet in favor of Nan::DefineOwnProperty() 95cbb97
• Feature: Add Nan::AsyncProgressQueueWorker a976636
• Feature: Add Nan::DefineOwnProperty() 95cbb97
• Bugfix: Fix compiling on io.js 1 & 2 82705a6
• Bugfix: Use DefineOwnProperty instead of ForceSet 95cbb97

2.7.0 Aug 30 2017

• Feature: Add Nan::To<v8::Function>() overload. b932806
• Bugfix: Fix ternary in Nan::MaybeLocal<T>::FromMaybe<S>(). 79a26f7

2.6.2 Apr 12 2017

• Bugfix: Fix v8::JSON::Parse() deprecation warning. 87f6a3c

2.6.1 Apr 6 2017

• Bugfix: nan_json.h: fix build breakage in Node 6 ac8d47d

2.6.0 Apr 6 2017

• Feature: nan: add support for JSON::Parse & Stringify b533226

2.5.1 Jan 23 2017

• Bugfix: Fix disappearing handle for private value 6a80995
• Bugfix: Add missing scopes a93b8ba
• Bugfix: Use string::data instead of string::front in NewOneByteString d5f9203

2.5.0 Dec 21 2016

• Feature: Support Private accessors a86255c
• Bugfix: Abort in delete operators that shouldn't be called 0fe3821

2.4.0 Jul 10 2016

• Feature: Rewrite Callback to add Callback::Reset c4cf44d
• Feature: AsyncProgressWorker: add template types for .send 1242c9a
• Bugfix: Add constness to old Persistent comparison operators bd43cb9

2.3.5 May 31 2016

• Bugfix: Replace NAN_INLINE with 'inline' keyword. 71819d8

2.3.4 May 31 2016

• Bugfix: Remove V8 deprecation warnings 0592fb0
• Bugfix: Fix new versions not to use WeakCallbackInfo::IsFirstPass 615c19d
• Bugfix: Make ObjectWrap::handle() const d19af99
• Bugfix: Fix compilation errors related to 0592fb0 e9191c5

2.3.3 May 4 2016

• Bugfix: Refactor SetMethod() to deal with v8::Templates (#566) b9083cf

2.3.2 Apr 27 2016

• Bugfix: Fix compilation on outdated versions due to Handle removal f8b7c87

2.3.1 Apr 27 2016

• Bugfix: Don't use deprecated v8::Template::Set() in SetMethod a90951e

2.3.0 Apr 27 2016

• Feature: added Signal() for invoking async callbacks without sending data from AsyncProgressWorker d8adba4
• Bugfix: Don't use deprecated v8::Template::Set() 00dacf0

2.2.1 Mar 29 2016

• Bugfix: Use NewFromUnsigned in ReturnValue::Set(uint32_t i) for pre_12 3a18f9b
• Performance: Remove unneeeded nullptr checks b715ef4

2.2.0 Jan 9 2016

• Feature: Add Function::Call wrapper 4c15747
• Feature: Rename GC*logueCallback to GCCallback for > 4.0 3603435
• Bugfix: Fix Global::Pass for old versions 367e82a
• Bugfix: Remove weird MaybeLocal wrapping of what already is a MaybeLocal 23b4590

2.1.0 Oct 8 2015

• Deprecation: Deprecate NanErrnoException in favor of ErrnoException 0af1ca4
• Feature: added helper class for accessing contents of typedarrays 17b5129
• Feature: [Maybe types] Add MakeMaybe(...) 48d7b53
• Feature: new: allow utf16 string with length 66ac6e6
• Feature: Introduce SetCallHandler and SetCallAsFunctionHandler 7764a9a
• Bugfix: Enable creating Locals from Globals under Node 0.10. 9bf9b8b
• Bugfix: Fix issue #462 where PropertyCallbackInfo data is not stored safely. 55f50ad

2.0.9 Sep 8 2015

• Bugfix: EscapableHandleScope in Nan::NewBuffer for Node 0.8 and 0.10 b1654d7

2.0.8 Aug 28 2015

• Work around duplicate linking bug in clang 11902da

2.0.7 Aug 26 2015

• Build: Repackage

2.0.6 Aug 26 2015

• Bugfix: Properly handle null callback in FunctionTemplate factory 6e99cb1
• Bugfix: Remove unused static std::map instances 525bddc
• Bugfix: Make better use of maybe versions of APIs bfba85b
• Bugfix: Fix shadowing issues with handle in ObjectWrap 0a9072d

2.0.5 Aug 10 2015

• Bugfix: Reimplement weak callback in ObjectWrap 98d38c1
• Bugfix: Make sure callback classes are not assignable, copyable or movable 81f9b1d

2.0.4 Aug 6 2015

• Build: Repackage

2.0.3 Aug 6 2015

• Bugfix: Don't use clang++ / g++ syntax extension. 231450e

2.0.2 Aug 6 2015

• Build: Repackage

2.0.1 Aug 6 2015

• Bugfix: Add workaround for missing REPLACE_INVALID_UTF8 60d6687
• Bugfix: Reimplement ObjectWrap from scratch to prevent memory leaks 6484601
• Bugfix: Fix Persistent leak in FunctionCallbackInfo and PropertyCallbackInfo 641ef5f
• Bugfix: Add missing overload for Nan::NewInstance that takes argc/argv 29450ed

2.0.0 Jul 31 2015

• Change: Renamed identifiers with leading underscores b5932b4
• Change: Replaced NanObjectWrapHandle with class NanObjectWrap 464f1e1
• Change: Replace NanScope and NanEscpableScope macros with classes 47751c4
• Change: Rename NanNewBufferHandle to NanNewBuffer 6745f99
• Change: Rename NanBufferUse to NanNewBuffer 3e8b0a5
• Change: Rename NanNewBuffer to NanCopyBuffer d6af78d
• Change: Remove Nan prefix from all names 72d1f67
• Change: Update Buffer API for new upstream changes d5d3291
• Change: Rename Scope and EscapableScope to HandleScope and EscapableHandleScope 21a7a6a
• Change: Get rid of Handles e6c0daf
• Feature: Support io.js 3 with V8 4.4
• Feature: Introduce NanPersistent 7fed696
• Feature: Introduce NanGlobal 4408da1
• Feature: Added NanTryCatch 10f1ca4
• Feature: Update for V8 v4.3 4b6404a
• Feature: Introduce NanNewOneByteString c543d32
• Feature: Introduce namespace Nan 67ed1b1
• Removal: Remove NanLocker and NanUnlocker dd6e401
• Removal: Remove string converters, except NanUtf8String, which now follows the node implementation b5d00a9
• Removal: Remove NanReturn* macros d90a25c
• Removal: Remove HasInstance e8f84fe

1.9.0 Jul 31 2015

• Feature: Added NanFatalException 81d4a2c
• Feature: Added more error types 4265f06
• Feature: Added dereference and function call operators to NanCallback c4b2ed0
• Feature: Added indexed GetFromPersistent and SaveToPersistent edd510c
• Feature: Added more overloads of SaveToPersistent and GetFromPersistent 8b1cef6
• Feature: Added NanErrnoException dd87d9e
• Correctness: Prevent assign, copy, and move for classes that do not support it 1f55c59, 4b808cb, c96d9b2, fba4a29, 3357130
• Deprecation: Deprecate NanGetPointerSafe and NanSetPointerSafe 81d4a2c
• Deprecation: Deprecate NanBooleanOptionValue and NanUInt32OptionValue 0ad254b

1.8.4 Apr 26 2015

• Build: Repackage

1.8.3 Apr 26 2015

• Bugfix: Include missing header 1af8648

1.8.2 Apr 23 2015

• Build: Repackage

1.8.1 Apr 23 2015

• Bugfix: NanObjectWrapHandle should take a pointer 155f1d3

1.8.0 Apr 23 2015

• Feature: Allow primitives with NanReturnValue 2e4475e
• Feature: Added comparison operators to NanCallback 55b075e
• Feature: Backport thread local storage 15bb7fa
• Removal: Remove support for signatures with arguments 8a2069d
• Correcteness: Replaced NanObjectWrapHandle macro with function 0bc6d59

1.7.0 Feb 28 2015

• Feature: Made NanCallback::Call accept optional target 8d54da7
• Feature: Support atom-shell 0.21 0b7f1bb

1.6.2 Feb 6 2015

• Bugfix: NanEncode: fix argument type for node::Encode on io.js 2be8639

1.6.1 Jan 23 2015

• Build: version bump

1.5.3 Jan 23 2015

• Build: repackage

1.6.0 Jan 23 2015

• Deprecated NanNewContextHandle in favor of NanNew<Context> 49259af
• Support utility functions moved in newer v8 versions (Node 0.11.15, io.js 1.0) a0aa179
• Added NanEncode, NanDecodeBytes and NanDecodeWrite 75e6fb9

1.5.2 Jan 23 2015

• Bugfix: Fix non-inline definition build error with clang++ 21d96a1, 60fadd4
• Bugfix: Readded missing String constructors 18d828f
• Bugfix: Add overload handling NanNew(..) 5ef813b
• Bugfix: Fix uv_work_cb versioning 997e4ae
• Bugfix: Add function factory and test 4eca89c
• Bugfix: Add object template factory and test cdcb951
• Correctness: Lifted an io.js related typedef c9490be
• Correctness: Make explicit downcasts of String lengths 00074e6
• Windows: Limit the scope of disabled warning C4530 83d7deb

1.5.1 Jan 15 2015

• Build: version bump

1.4.3 Jan 15 2015

• Build: version bump

1.4.2 Jan 15 2015

• Feature: Support io.js 0dbc5e8

1.5.0 Jan 14 2015

• Feature: Support io.js b003843
• Correctness: Improved NanNew internals 9cd4f6a
• Feature: Implement progress to NanAsyncWorker 8d6a160

1.4.1 Nov 8 2014

• Bugfix: Handle DEBUG definition correctly
• Bugfix: Accept int as Boolean

1.4.0 Nov 1 2014

• Feature: Added NAN_GC_CALLBACK 6a5c245
• Performance: Removed unnecessary local handle creation 18a7243, 41fe2f8
• Correctness: Added constness to references in NanHasInstance 02c61cd
• Warnings: Fixed spurious warnings from -Wundef and -Wshadow, 541b122, 99d8cb6
• Windoze: Shut Visual Studio up when compiling 8d558c1
• License: Switch to plain MIT from custom hacked MIT license 11de983
• Build: Added test target to Makefile e232e46
• Performance: Removed superfluous scope in NanAsyncWorker f4b7821
• Sugar/Feature: Added NanReturnThis() and NanReturnHolder() shorthands 237a5ff, d697208
• Feature: Added suitable overload of NanNew for v8::Integer::NewFromUnsigned b27b450

1.3.0 Aug 2 2014

• Added NanNew<v8::String, std::string>(std::string)
• Added NanNew<v8::String, std::string&>(std::string&)
• Added NanAsciiString helper class
• Added NanUtf8String helper class
• Added NanUcs2String helper class
• Deprecated NanRawString()
• Deprecated NanCString()
• Added NanGetIsolateData(v8::Isolate *isolate)
• Added NanMakeCallback(v8::Handlev8::Object target, v8::Handlev8::Function func, int argc, v8::Handlev8::Value* argv)
• Added NanMakeCallback(v8::Handlev8::Object target, v8::Handlev8::String symbol, int argc, v8::Handlev8::Value* argv)
• Added NanMakeCallback(v8::Handlev8::Object target, const char* method, int argc, v8::Handlev8::Value* argv)
• Added NanSetTemplate(v8::Handlev8::Template templ, v8::Handlev8::String name , v8::Handlev8::Data value, v8::PropertyAttribute attributes)
• Added NanSetPrototypeTemplate(v8::Localv8::FunctionTemplate templ, v8::Handlev8::String name, v8::Handlev8::Data value, v8::PropertyAttribute attributes)
• Added NanSetInstanceTemplate(v8::Localv8::FunctionTemplate templ, const char *name, v8::Handlev8::Data value)
• Added NanSetInstanceTemplate(v8::Localv8::FunctionTemplate templ, v8::Handlev8::String name, v8::Handlev8::Data value, v8::PropertyAttribute attributes)

1.2.0 Jun 5 2014

• Add NanSetPrototypeTemplate
• Changed NAN_WEAK_CALLBACK internals, switched _NanWeakCallbackData to class, introduced _NanWeakCallbackDispatcher
• Removed -Wno-unused-local-typedefs from test builds
• Made test builds Windows compatible ('Sleep()')

1.1.2 May 28 2014

• Release to fix more stuff-ups in 1.1.1

1.1.1 May 28 2014

• Release to fix version mismatch in nan.h and lack of changelog entry for 1.1.0

1.1.0 May 25 2014

• Remove nan_isolate, use v8::Isolate::GetCurrent() internally instead
• Additional explicit overloads for NanNew(): (char*,int), (uint8_t*[,int]), (uint16_t*[,int), double, int, unsigned int, bool, v8::String::ExternalStringResource*, v8::String::ExternalAsciiStringResource*
• Deprecate NanSymbol()
• Added SetErrorMessage() and ErrorMessage() to NanAsyncWorker

1.0.0 May 4 2014

• Heavy API changes for V8 3.25 / Node 0.11.13
• Use cpplint.py
• Removed NanInitPersistent
• Removed NanPersistentToLocal
• Removed NanFromV8String
• Removed NanMakeWeak
• Removed NanNewLocal
• Removed NAN_WEAK_CALLBACK_OBJECT
• Removed NAN_WEAK_CALLBACK_DATA
• Introduce NanNew, replaces NanNewLocal, NanPersistentToLocal, adds many overloaded typed versions
• Introduce NanUndefined, NanNull, NanTrue and NanFalse
• Introduce NanEscapableScope and NanEscapeScope
• Introduce NanMakeWeakPersistent (requires a special callback to work on both old and new node)
• Introduce NanMakeCallback for node::MakeCallback
• Introduce NanSetTemplate
• Introduce NanGetCurrentContext
• Introduce NanCompileScript and NanRunScript
• Introduce NanAdjustExternalMemory
• Introduce NanAddGCEpilogueCallback, NanAddGCPrologueCallback, NanRemoveGCEpilogueCallback, NanRemoveGCPrologueCallback
• Introduce NanGetHeapStatistics
• Rename NanAsyncWorker#SavePersistent() to SaveToPersistent()

0.8.0 Jan 9 2014

• NanDispose -> NanDisposePersistent, deprecate NanDispose
• Extract NANRETURN_TYPE, pull up NAN()

0.7.1 Jan 9 2014

• Fixes to work against debug builds of Node
• Safer NanPersistentToLocal (avoid reinterpret_cast)
• Speed up common NanRawString case by only extracting flattened string when necessary

0.7.0 Dec 17 2013

• New no-arg form of NanCallback() constructor.
• NanCallback#Call takes Handle rather than Local
• Removed deprecated NanCallback#Run method, use NanCallback#Call instead
• Split off NAN_ARGS_TYPE from NAN_ARGS
• Restore (unofficial) Node 0.6 compatibility at NanCallback#Call()
• Introduce NanRawString() for char* (or appropriate void*) from v8::String (replacement for NanFromV8String)
• Introduce NanCString() for null-terminated char* from v8::String

0.6.0 Nov 21 2013

• Introduce NanNewLocal(v8::Handle value) for use in place of v8::Local::New(...) since v8 started requiring isolate in Node 0.11.9

0.5.2 Nov 16 2013

• Convert SavePersistent and GetFromPersistent in NanAsyncWorker from protected and public

0.5.1 Nov 12 2013

• Use node::MakeCallback() instead of direct v8::Function::Call()

0.5.0 Nov 11 2013

• Added @TooTallNate as collaborator
• New, much simpler, "include_dirs" for binding.gyp
• Added full range of NAN_INDEX_* macros to match NAN_PROPERTY_* macros

0.4.4 Nov 2 2013

• Isolate argument from v8::Persistent::MakeWeak removed for 0.11.8+

0.4.3 Nov 2 2013

• Include node_object_wrap.h, removed from node.h for Node 0.11.8.

0.4.2 Nov 2 2013

• Handle deprecation of v8::Persistent::Dispose(v8::Isolate* isolate)) for Node 0.11.8 release.

0.4.1 Sep 16 2013

• Added explicit #include <uv.h> as it was removed from node.h for v0.11.8

0.4.0 Sep 2 2013

• Added NAN_INLINE and NAN_DEPRECATED and made use of them
• Added NanError, NanTypeError and NanRangeError
• Cleaned up code

0.3.2 Aug 30 2013

• Fix missing scope declaration in GetFromPersistent() and SaveToPersistent in NanAsyncWorker

0.3.1 Aug 20 2013

• fix "not all control paths return a value" compile warning on some platforms

0.3.0 Aug 19 2013

• Made NAN work with NPM
• Lots of fixes to NanFromV8String, pulling in features from new Node core
• Changed node::encoding to Nan::Encoding in NanFromV8String to unify the API
• Added optional error number argument for NanThrowError()
• Added NanInitPersistent()
• Added NanReturnNull() and NanReturnEmptyString()
• Added NanLocker and NanUnlocker
• Added missing scopes
• Made sure to clear disposed Persistent handles
• Changed NanAsyncWorker to allocate error messages on the heap
• Changed NanThrowError(Local) to NanThrowError(Handle)
• Fixed leak in NanAsyncWorker when errmsg is used

0.2.2 Aug 5 2013

• Fixed usage of undefined variable with node::BASE64 in NanFromV8String()

0.2.1 Aug 5 2013

• Fixed 0.8 breakage, node::BUFFER encoding type not available in 0.8 for NanFromV8String()

0.2.0 Aug 5 2013

• Added NAN_PROPERTY_GETTER, NAN_PROPERTY_SETTER, NAN_PROPERTY_ENUMERATOR, NAN_PROPERTY_DELETER, NAN_PROPERTY_QUERY
• Extracted _NAN_METHOD_ARGS, _NAN_GETTER_ARGS, _NAN_SETTER_ARGS, _NAN_PROPERTY_GETTER_ARGS, _NAN_PROPERTY_SETTER_ARGS, _NAN_PROPERTY_ENUMERATOR_ARGS, _NAN_PROPERTY_DELETER_ARGS, _NAN_PROPERTY_QUERY_ARGS
• Added NanGetInternalFieldPointer, NanSetInternalFieldPointer
• Added NAN_WEAK_CALLBACK, NAN_WEAK_CALLBACK_OBJECT, NAN_WEAK_CALLBACK_DATA, NanMakeWeak
• Renamed THROW_ERROR to _NAN_THROW_ERROR
• Added NanNewBufferHandle(char*, size_t, node::smalloc::FreeCallback, void*)
• Added NanBufferUse(char*, uint32_t)
• Added NanNewContextHandle(v8::ExtensionConfiguration*, v8::Handlev8::ObjectTemplate, v8::Handlev8::Value)
• Fixed broken NanCallback#GetFunction()
• Added optional encoding and size arguments to NanFromV8String()
• Added NanGetPointerSafe() and NanSetPointerSafe()
• Added initial test suite (to be expanded)
• Allow NanUInt32OptionValue to convert any Number object

0.1.0 Jul 21 2013

• Added NAN_GETTER, NAN_SETTER
• Added NanThrowError with single Local argument
• Added NanNewBufferHandle with single uint32_t argument
• Added NanHasInstance(Persistent<FunctionTemplate>&, Handle<Value>)
• Added Local<Function> NanCallback#GetFunction()
• Added NanCallback#Call(int, Local<Value>[])
• Deprecated NanCallback#Run(int, Local<Value>[]) in favour of Call

2.18.0 (from changelog)

• Feature: Cast v8::Object::GetInternalField() return value to v8::Value (#956) bdfee17

2.17.0 (from changelog)

• Feature: overload deprecated AccessorSignatures (#943) 7f9ceb8

2.16.0 (from changelog)

• Feature: Add support for Node 18 (#937) 16fa322

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 27 commits:

• 2.19.0
• Prepare for 2.19.0
• Fix builds for Electron 29 (#966)
• 2.18.0
• Prepare for 2.18.0
• Cast v8::Object::GetInternalField() return value to v8::Value (#956)
• Merge pull request #952 from striezel-stash/fix-links
• Merge pull request #951 from striezel-stash/fix-typos
• Fix some typos
• Fix outdated links to V8 documentation
• new: Add CMake as an alternative build tool (#950)
• Node.js 20. (#949)
• Add Node 19 to CI and update README (#945)
• docs: SetAccessor lost the signature parameter
• 2.17.0
• Prepare for 2.17.0
• fix: bump nmv version down, add dummy sig
• chore: overload deprecated AccessorSignatures
• package.json: fix supported Node.js versions in package description
• 2.16.0
• Prepare for 2.16.0
• Add support for Node 18
• fix appveyor build tests when x86 binary is not available
• Upgrade node-gyp
• add define NODE_17_0_MODULE_VERSION
• add node 17 to the test matrix
• docs: license format and contributors

🆕 @​mapbox/node-pre-gyp (added, 1.0.11)

🆕 aproba (added, 2.0.0)

🆕 are-we-there-yet (added, 2.0.0)

🆕 canvas (added, 2.11.2)

🆕 color-support (added, 1.1.3)

🆕 console-control-strings (added, 1.1.0)

🆕 delegates (added, 1.0.0)

🆕 fs-minipass (added, 2.1.0)

🆕 gauge (added, 3.0.2)

🆕 has-unicode (added, 2.0.1)

🆕 minipass (added, 5.0.0)

🆕 minizlib (added, 2.1.2)

🆕 npmlog (added, 5.0.1)

🆕 path2d (added, 0.2.0)

🆕 tar (added, 6.2.1)

🗑️ big.js (removed)

🗑️ emojis-list (removed)

🗑️ loader-utils (removed)

🗑️ worker-loader (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

---

This change is