Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
v2.2.0
New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
New: package.json and package.json5 include a module property so
bundlers like webpack, rollup and parcel can take advantage of the ES Module
build. (#208)
Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
New: package.json and package.json5 include a module property so
bundlers like webpack, rollup and parcel can take advantage of the ES Module
build. (#208)
Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
removed cjs wrapper and generated types in commonjs format (export = and namespaces used in types), now you can directly use exported types (#654) (5901006)
removed cjs wrapper and generated types in commonjs format (export = and namespaces used in types), now you can directly use exported types (#654) (5901006)
remove the --prefetch option in favor the PrefetchPlugin plugin
remove the --node-env option in favor --define-process-env-node-env
remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'
remove the --prefetch option in favor the PrefetchPlugin plugin
remove the --node-env option in favor --define-process-env-node-env
remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'
This version was pushed to npm by evilebottnawi, a new releaser for worker-loader since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/samuelhorwitz/phosphorescence/network/alerts).
Bumps json5 to 2.2.2 and updates ancestor dependencies json5, babel-loader, copy-webpack-plugin, html-webpack-plugin, webpack, webpack-cli and worker-loader. These dependencies need to be updated together.
Updates
json5
from 2.1.0 to 2.2.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
14f8cb1
2.2.210cc7ca
docs: update CHANGELOG for v2.2.27774c10
fix: add proto to objects and arraysedde30a
Readme: slight tweak to intro97286f8
Improve example in readmed720b4f
Improve readme (e.g. explain JSON5 better!) (#291)910ce25
docs: fix spelling of Aseem2aab4dd
test: require tap as t in cli tests6d42686
test: remove mocha syntax from tests4798b9d
docs: update installation and usage for modulesUpdates
babel-loader
from 8.0.6 to 8.3.0Release notes
Sourced from babel-loader's releases.
Commits
9bf5652
8.3.080ab7d0
Update@babel/
dependencies493ac6c
Pass external dependencies from Babel to Webpack (#971)df28fe3
Fix broken main test (#950)0b338e4
update hash method so it doesn't fail on a fips enabled machine (#939)1f98d3c
8.2.5c622868
fix: respectinputSourceMap
loader option (#896)f7982c1
8.2.44bb9e21
Use md5 hashing for OpenSSL 3 (#924)247c94b
Bump loader-utils to 2.x (#931)Maintainer changes
This version was pushed to npm by nicolo-ribaudo, a new releaser for babel-loader since your current version.
Updates
copy-webpack-plugin
from 5.0.3 to 11.0.0Release notes
Sourced from copy-webpack-plugin's releases.
... (truncated)
Changelog
Sourced from copy-webpack-plugin's changelog.
... (truncated)
Commits
f3b2c24
chore(release): 11.0.08424ca8
chore(deps): regenerate lock file (#693)675c676
build: drop node v12 (#691)a2b1f19
chore: update gitub actions (#692)238c062
chore: upgrade dependencies to the latest version (#688)e27006e
ci: remove node v17 (#687)e50d708
chore: add node 18 to workflow (#686)f1a91e6
ci: don't install webpack again (#680)64cf06f
docs: add path string to options signature (#683)4b18a6b
docs: improve readmeUpdates
html-webpack-plugin
from 3.2.0 to 5.5.0Changelog
Sourced from html-webpack-plugin's changelog.
... (truncated)
Commits
873d75b
chore(release): 5.5.0ddeb774
chore: update examples1e42625
feat: Support type=module via scriptLoading option7d3645b
Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-380779be779
[chore] changes actions to run on pull_requestsb7e5859
[chore] fixes CI to avoid race conditions48131d3
chore(release): 5.4.016a841a
[chore] rebuild examples3bb7c17
Update index.jse38ac97
Update index.jsMaintainer changes
This version was pushed to npm by jantimon, a new releaser for html-webpack-plugin since your current version.
Updates
webpack
from 4.29.0 to 5.75.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
8241da7
5.75.0a91d923
Merge pull request #16458 from webpack/bugfix/semi4608b11
Merge pull request #16457 from webpack/tooling/updatedfdd0b0
Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback23b9a1c
Merge pull request #16167 from exposir/fixts6f2c5e8
Merge pull request #16257 from alexzhang1030/calc_deterministic_verbosef7f36ad
Merge pull request #16339 from Liamolucko/wasm-i64761a542
fix semicolon position2403a36
Merge pull request #16345 from ahabhgk/fix-eval-nosourcesc18203c
update toolingUpdates
webpack-cli
from 3.2.1 to 5.0.1Release notes
Sourced from webpack-cli's releases.
... (truncated)
Changelog
Sourced from webpack-cli's changelog.
... (truncated)
Commits
4a0f893
chore(release): publish new version9de982c
chore: fix cspell32d26c8
chore(deps-dev): bump cspell from 6.15.1 to 6.16.0 (#3517)2788bf9
chore(deps-dev): bump eslint from 8.28.0 to 8.29.0 (#3516)ac88ee4
chore(deps-dev): bump lint-staged from 13.0.4 to 13.1.0 (#3515)346a518
fix: make define-process-env-node-env alias node-env (#3514)3ec7b16
chore(deps): bump yeoman-environment from 3.12.1 to 3.13.0 (#3508)c8adfa6
chore(deps-dev): bump@types/node
from 18.11.9 to 18.11.10 (#3513)0ad8cc2
chore(deps-dev): bump cspell from 6.15.0 to 6.15.1 (#3512)d30f261
chore(deps-dev): bump ts-loader from 9.4.1 to 9.4.2 (#3511)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for webpack-cli since your current version.
Updates
worker-loader
from 2.0.0 to 3.0.8Release notes
Sourced from worker-loader's releases.
... (truncated)
Changelog
Sourced from worker-loader's changelog.
... (truncated)
Commits
22275e9
chore(release): 3.0.8ad3ee93
chore(deps): update (#308)2abd129
fix: make inline workers work from inside workers (#307)edca167
chore(release): 3.0.7a0de29b
fix: serializing big strings (#304)d4fa470
chore(release): 3.0.608fa5c5
chore(deps): update (#300)15cf407
fix: set a name to exported function (#299)464bf30
chore(release): 3.0.58c63449
fix: determine webpack peer dependency version (#296)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for worker-loader since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/samuelhorwitz/phosphorescence/network/alerts).