Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
v2.2.0
New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
New: package.json and package.json5 include a module property so
bundlers like webpack, rollup and parcel can take advantage of the ES Module
build. (#208)
Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
New: package.json and package.json5 include a module property so
bundlers like webpack, rollup and parcel can take advantage of the ES Module
build. (#208)
Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
[697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)
[697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)
[697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)
This version was pushed to npm by evilebottnawi, a new releaser for sass-loader since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sif/Ghost-Artemis/network/alerts).
Bumps json5 to 2.2.2 and updates ancestor dependencies json5, babel-loader, @vue/cli-plugin-eslint, @vue/cli-plugin-unit-jest, @vue/cli-service, mini-css-extract-plugin and sass-loader. These dependencies need to be updated together.
Updates
json5
from 2.1.0 to 2.2.2Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
14f8cb1
2.2.210cc7ca
docs: update CHANGELOG for v2.2.27774c10
fix: add proto to objects and arraysedde30a
Readme: slight tweak to intro97286f8
Improve example in readmed720b4f
Improve readme (e.g. explain JSON5 better!) (#291)910ce25
docs: fix spelling of Aseem2aab4dd
test: require tap as t in cli tests6d42686
test: remove mocha syntax from tests4798b9d
docs: update installation and usage for modulesUpdates
babel-loader
from 8.0.4 to 8.3.0Release notes
Sourced from babel-loader's releases.
... (truncated)
Commits
9bf5652
8.3.080ab7d0
Update@babel/
dependencies493ac6c
Pass external dependencies from Babel to Webpack (#971)df28fe3
Fix broken main test (#950)0b338e4
update hash method so it doesn't fail on a fips enabled machine (#939)1f98d3c
8.2.5c622868
fix: respectinputSourceMap
loader option (#896)f7982c1
8.2.44bb9e21
Use md5 hashing for OpenSSL 3 (#924)247c94b
Bump loader-utils to 2.x (#931)Maintainer changes
This version was pushed to npm by nicolo-ribaudo, a new releaser for babel-loader since your current version.
Updates
@vue/cli-plugin-eslint
from 3.1.5 to 5.0.8Release notes
Sourced from
@vue/cli-plugin-eslint
's releases.... (truncated)
Changelog
Sourced from
@vue/cli-plugin-eslint
's changelog.... (truncated)
Commits
b154dbd
v5.0.84a0655f
v5.0.7ef08a08
v5.0.698c66c9
v5.0.5ca97fc2
v5.0.4dd53f26
v5.0.3a859b1f
v5.0.292d80a8
v5.0.1c913cdc
v5.0.075a6d69
v5.0.0-rc.3Updates
@vue/cli-plugin-unit-jest
from 3.1.1 to 5.0.8Release notes
Sourced from
@vue/cli-plugin-unit-jest
's releases.... (truncated)
Changelog
Sourced from
@vue/cli-plugin-unit-jest
's changelog.... (truncated)
Commits
b154dbd
v5.0.84a0655f
v5.0.7ef08a08
v5.0.698c66c9
v5.0.5ca97fc2
v5.0.4dd53f26
v5.0.3a859b1f
v5.0.292d80a8
v5.0.1c913cdc
v5.0.09be19f0
test: fix tsx importUpdates
@vue/cli-service
from 3.1.4 to 5.0.8Release notes
Sourced from
@vue/cli-service
's releases.... (truncated)
Changelog
Sourced from
@vue/cli-service
's changelog.... (truncated)
Commits
b154dbd
v5.0.80260e4d
fix: add devServer.server.type to useHttps judgement (#7222)4a0655f
v5.0.7beffe8a
fix: allow disabling progress plugin viadevServer.client.progress
558dea2
fix: supportdevServer.server
option, avoid deprecation warningbddd64d
fix: optimize the judgment on whether HTTPS has been set in options (#7202)ef08a08
v5.0.6fcf27e3
fixup! fix: compatibility with Vue 2.7a648958
fix: compatibility with Vue 2.798c66c9
v5.0.5Updates
mini-css-extract-plugin
from 0.4.5 to 2.7.2Release notes
Sourced from mini-css-extract-plugin's releases.
... (truncated)
Changelog
Sourced from mini-css-extract-plugin's changelog.
... (truncated)
Commits
b616093
chore(release): 2.7.24d98d4b
fix: don't crash in web workers (#1004)5ef989b
chore(deps): bump minimist from 1.2.5 to 1.2.6 (#928)cd7d933
chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#993)9178a0c
chore: update dependencies to the latest version (#1003)7053ce2
chore(release): 2.7.182ed663
refactor: fix compatibility with old browsers (#1000)7585663
chore(deps): update (#999)6ea0922
fix: preserve order of link tags on HMR (#982)2633446
chore: update styfle/cancel-workflow-action (#996)Updates
sass-loader
from 7.1.0 to 13.2.0Release notes
Sourced from sass-loader's releases.
... (truncated)
Changelog
Sourced from sass-loader's changelog.
... (truncated)
Commits
e8fbc79
chore(release): 13.2.0e5581b7
feat: add support for node-sass v8 (#1100)acb3ce0
chore(deps): bump loader-utils from 2.0.2 to 2.0.3 (#1099)1cdea4e
chore: update dependencies to the latest version (#1098)094a303
docs: update cla link (#1096)c32f63a
ci: add dependency review action (#1094)b31751d
chore(release): 13.1.06e02c64
feat: allow to extendconditionNames
(#1092)edab08f
chore: update dependencies to the latest version (#1093)3a34fef
chore: update commitlint action (#1091)Maintainer changes
This version was pushed to npm by evilebottnawi, a new releaser for sass-loader since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sif/Ghost-Artemis/network/alerts).