Fix uri scheme validation (@ChALkeR).
Fix boolean schemas with strictKeywords option (#1270)
v6.12.4
Fix: coercion of one-item arrays to scalar that should fail validation (failing example).
v6.12.3
Pass schema object to processCode function
Option for strictNumbers (@issacgerges, #1128)
Fixed vulnerability related to untrusted schemas (CVE-2020-15366)
Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury)
Docs: RegExp related security considerations
Tests: Disabled failing typescript test
v6.10.2
Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.
fix: check prototype property access in strict-mode (#1736) - b6d3de7
fix: escape property names in compat mode (#1736) - f058970
refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
chore: start testing on Node.js 12 and 13 - 3789a30
(POSSIBLY) BREAKING CHANGES:
the changes from version 4.6.0 now also apply
in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods
can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties
from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.
That is why we only bump the patch version despite mentioning breaking changes.
2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!
The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.
For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!
Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.
More ES6
We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).
In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.
More Modular
Pop quiz! 📣
What category path does the bindAll method belong to? Is it
A) require('lodash/function/bindAll')
B) require('lodash/utility/bindAll')
C) require('lodash/util/bindAll')
Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as
var bindAll = require('lodash/bindAll');
We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!
New locales (es-mx, bn-bd).
Minor bugfixes and locale improvements.
More tests.
Moment is in maintenance mode. Read more at this link:
https://momentjs.com/docs/#/-project-status/
Setting NSAllowsArbitraryLoads as false for security reasons within terminal-notifier. Meaning non-https images/loads for terminal-notifier will no longer work. See #362
Fixes
fix: options.customPath doesn't work for windows toaster. See #373
v9.0.1
Fixes potential security issue with non-escaping input parameters for notify-send.
v9.0.0
Breaking changes:
Corrects mapping on snoretoast activate event. See #347.
Fixes potential security issue with non-escaping input parameters for notify-send.
v8.0.0
Breaking changes:
Expire time for notify-send is made to match macOS and Windows with default time of 10 seconds. The API is changed to take seconds as input and converting it to milliseconds before passing it on to notify-send. See #341.
v7.0.2
Updates dependencies
Fixes issue with haning Windows notifications when disabled (#335)
Bumps the npm_and_yarn group with 12 updates in the /portiaui directory:
6.10.0
6.12.6
2.6.2
2.6.4
3.0.0
4.2.1
2.6.3
2.18.2
2.24.0
2.30.1
1.7.3
removed
2.18.2
5.9.0
5.2.18
8.4.38
0.6.0
2.0.0
0.3.0
removed
2.10.2
2.13.6
3.2.1
3.2.2
5.0.0
5.0.1
Updates
ajv
from 6.10.0 to 6.12.6Release notes
Sourced from ajv's releases.
Commits
fe59143
6.12.6d580d3e
Merge pull request #1298 from ajv-validator/fix-urlfd36389
fix: regular expression for "url" format490e34c
docs: link to v7-beta branch9cd93a1
docs: note about v7 in readme877d286
Merge pull request #1262 from b4h0-c4t/refactor-opt-object-typef1c8e45
6.12.5764035e
Merge branch 'ChALkeR-chalker/fix-comma'3798160
Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...a3c7eba
Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...Updates
async
from 2.6.2 to 2.6.4Changelog
Sourced from async's changelog.
Commits
c6bdaca
Version 2.6.48870da9
Update built files4df6754
update changelog8f7f903
Fix prototype pollution vulnerability (#1828)f1d8383
Version 2.6.32b674c1
update changelogeab740f
fix: udpate lodash. closes #1675Maintainer changes
This version was pushed to npm by hargasinski, a new releaser for async since your current version.
Updates
dot-prop
from 3.0.0 to 4.2.1Release notes
Sourced from dot-prop's releases.
Commits
c914124
feat: patch 4.2.0 with fixes for CVE-2020-811670f7ed8
4.2.0df49d33
Return object from the.set()
method (#42)49f0809
4.1.17f2bfe4
Return default value when input is not an object (#40)f91d08a
Readme tweaksd49fb11
4.1.05cb213d
Export entire object instead of multiple functions (#34)e03af43
4.0.0a94ea95
Add ability to return default value if path is undefined (#31)Updates
ember-cli
from 2.6.3 to 2.18.2Changelog
Sourced from ember-cli's changelog.
... (truncated)
Commits
ad9322d
Release v2.18.2dd1027d
add-to-output-repos: Addset -e
to fail fastbebae07
Merge pull request #7594 from ember-cli/hotfix-optional-dependencies4ebd110
[BACKPORT release] Install optional dependencies when creating a new projectd1131d8
Merge pull request #7589 from ember-cli/release-backport-testema0f4063
[BACKPORT release] upgrade testem5038ff4
Merge pull request #7569 from kellyselden/eslint-libff50de2
mark "lib" folder as node style in eslint for apps3eec1c8
2.18.124aeacc
Merge pull request #7566 from Turbo87/no-sandboxUpdates
express
from 4.17.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.7.0 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
fstream
from 1.0.8 to 1.0.12Commits
4235459
1.0.126a77d2f
Clobber a Link if it's in the way of a File1e4527f
1.0.11ac4a9e3
Move props.path check below class init (#55)24fabde
build: clean up versions6f3d3bc
1.0.1024c2ad5
collect: respect stream pause / resume statea67b90b
dir-reader: revert a55ae72b688cf00
1.0.9a55ae72
read: account for entries changed after _readUpdates
handlebars
from 4.1.2 to 4.7.8Release notes
Sourced from handlebars's releases.
Changelog
Sourced from handlebars's changelog.
... (truncated)
Commits
8dc3d25
v4.7.8668c4fb
Fix browser tests in CI pipelinec65c6cc
Test on Node 183d3796c
Make library compatible with workers075b354
Fix sync issue with npm lock-file30dbf04
Fix compiling of each block params in strict modee3a5448
Fix bundler issue with webpack 58e23642
Fix integration-tests issue with npm >= 788ac068
use https instead of git for mustache submodulec68bc08
Fix typoMaintainer changes
This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.
Updates
http-proxy
from 1.17.0 to 1.18.1Changelog
Sourced from http-proxy's changelog.
Commits
9b96cd7
1.18.1335aeeb
Skip sending the proxyReq event when the expect header is present (#1447)dba3966
Remove node6 support, add node12 to build (#1397)9bbe486
[dist] Version bump. 1.18.06e4bef4
Added in auto-changelog module set to keepachangelog format (#1373)d056241
fix 'Modify Response' readme section to avoid unnecessary array copying (#1300)244303b
Fix incorrect target name for reverse proxy example (#1135)b4028ba
Fix modify response middleware example (#1139)77a9815
[dist] Update dependency async to v3 (#1359)c662f9e
Fix path to local http-proxy in examples. (#1072)Updates
json-schema
from 0.2.2 to 0.2.3Commits
Updates
lodash.merge
from 3.3.2 to 4.6.1Release notes
Sourced from lodash.merge's releases.
... (truncated)
Commits
Updates
moment
from 2.24.0 to 2.30.1Changelog
Sourced from moment's changelog.
... (truncated)
Commits
485d9a7
Build 2.30.1e048b09
Bump version to 2.30.1f9f2d58
Update changelog for 2.30.1a52ffb2
Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"ddd6809
Build 2.30.0be64d00
Bump version to 2.30.0ad41179
Update changelog for 2.30.063fe479
[misc] Make code ES6 compatible0f0195f
Revert "Merge pull request #5599 from Alanscut:issue_4985"15b82f5
Revert "Merge pull request #5597 from Alanscut:issue-5596"Updates
mout
from 1.1.0 to 1.2.4Changelog
Sourced from mout's changelog.
Commits
a1faf70
v1.2.417ffdc2
Merge pull request #279 from ssong/fix-for-CVE-2022-2121303fe21b
chore: run pretest0892a37
fix: mitigate prototype pollutioned23d74
test: check for prototype pollution93e99c9
Merge branch 'master' of github.com:mout/moutea3d2d8
Merge branch 'SepehrAsh-master'1416dac
corrects formatting1edd6cf
Merge branch 'master' of https://github.com/SepehrAsh/mout into SepehrAsh-master707eb48
Merge pull request #266 from mout/dependabot/npm_and_yarn/showdown-1.9.1Maintainer changes
This version was pushed to npm by roboshoes, a new releaser for mout since your current version.
Removes
node-fetch
Updates
ember-cli
from 2.18.2 to 5.9.0Changelog
Sourced from ember-cli's changelog.
... (truncated)
Commits
ad9322d
Release v2.18.2dd1027d
add-to-output-repos: Addset -e
to fail fastbebae07
Merge pull request #7594 from ember-cli/hotfix-optional-dependencies4ebd110
[BACKPORT release] Install optional dependencies when creating a new projectd1131d8
Merge pull request #7589 from ember-cli/release-backport-testema0f4063
[BACKPORT release] upgrade testem5038ff4
Merge pull request #7569 from kellyselden/eslint-libff50de2
mark "lib" folder as node style in eslint for apps3eec1c8
2.18.124aeacc
Merge pull request #7566 from Turbo87/no-sandboxUpdates
node-notifier
from 5.4.0 to 10.0.1Changelog
Sourced from node-notifier's changelog.
... (truncated)
Commits
1eacdef
v10.0.1ab8d2a5
adds github action for testingb8cada7
Merge pull request #39... _Description has been truncated_