Bump json5, @vue/cli-service, sass-loader and webpack

[dependabot[bot]]

Bumps json5 to 2.2.2 and updates ancestor dependencies json5, @vue/cli-service, sass-loader and webpack. These dependencies need to be updated together.

Updates json5 from 2.2.1 to 2.2.2

Release notes

Sourced from json5's releases.

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Changelog

Sourced from json5's changelog.

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Commits

• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
• 910ce25 docs: fix spelling of Aseem
• 2aab4dd test: require tap as t in cli tests
• 6d42686 test: remove mocha syntax from tests
• 4798b9d docs: update installation and usage for modules
• Additional commits viewable in compare view

Updates @vue/cli-service from 4.5.19 to 5.0.8

Release notes

Sourced from @​vue/cli-service's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Changelog

Sourced from @​vue/cli-service's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

Commits

• b154dbd v5.0.8
• 0260e4d fix: add devServer.server.type to useHttps judgement (#7222)
• 4a0655f v5.0.7
• beffe8a fix: allow disabling progress plugin via devServer.client.progress
• 558dea2 fix: support devServer.server option, avoid deprecation warning
• bddd64d fix: optimize the judgment on whether HTTPS has been set in options (#7202)
• ef08a08 v5.0.6
• fcf27e3 fixup! fix: compatibility with Vue 2.7
• a648958 fix: compatibility with Vue 2.7
• 98c66c9 v5.0.5
• Additional commits viewable in compare view

Updates sass-loader from 8.0.2 to 13.2.0

Release notes

Sourced from sass-loader's releases.

v13.2.0

13.2.0 (2022-11-09)

Features

• add support for node-sass v8 (#1100) (e5581b7)

v13.1.0

13.1.0 (2022-10-06)

Features

• allow to extend conditionNames (#1092) (6e02c64)

v13.0.2

13.0.2 (2022-06-27)

Bug Fixes

• hide error stacktrace on Sass errors (#1069) (5e6a61b)

v13.0.1

13.0.1 (2022-06-24)

Bug Fixes

• optimize debug message formatting, #1065 (#1066) (49a578a)

v13.0.0

13.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0 (#1048)
• emit @warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

Bug Fixes

• do not crash on importers for modern API (#1052) (095814e)
• do not store original sass error in webpack error(#1053) (06d7533)

v12.6.0

12.6.0 (2022-02-15)

... (truncated)

Changelog

Sourced from sass-loader's changelog.

13.2.0 (2022-11-09)

Features

• add support for node-sass v8 (#1100) (e5581b7)

13.1.0 (2022-10-06)

Features

• allow to extend conditionNames (#1092) (6e02c64)

13.0.2 (2022-06-27)

Bug Fixes

• hide error stacktrace on Sass errors (#1069) (5e6a61b)

13.0.1 (2022-06-24)

Bug Fixes

• optimize debug message formatting, #1065 (#1066) (49a578a)

13.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0 (#1048)
• emit @warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

Bug Fixes

• do not crash on importers for modern API (#1052) (095814e)
• do not store original sass error in webpack error(#1053) (06d7533)

12.6.0 (2022-02-15)

Features

• added support for automatic loading of sass-embedded (#1025) (c8dae87)

12.5.0 (2022-02-14)

... (truncated)

Commits

• e8fbc79 chore(release): 13.2.0
• e5581b7 feat: add support for node-sass v8 (#1100)
• acb3ce0 chore(deps): bump loader-utils from 2.0.2 to 2.0.3 (#1099)
• 1cdea4e chore: update dependencies to the latest version (#1098)
• 094a303 docs: update cla link (#1096)
• c32f63a ci: add dependency review action (#1094)
• b31751d chore(release): 13.1.0
• 6e02c64 feat: allow to extend conditionNames (#1092)
• edab08f chore: update dependencies to the latest version (#1093)
• 3a34fef chore: update commitlint action (#1091)
• Additional commits viewable in compare view

Updates webpack from 4.46.0 to 5.75.0

Release notes

Sourced from webpack's releases.

v5.75.0

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

... (truncated)

Commits

• 8241da7 5.75.0
• a91d923 Merge pull request #16458 from webpack/bugfix/semi
• 4608b11 Merge pull request #16457 from webpack/tooling/update
• dfdd0b0 Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback
• 23b9a1c Merge pull request #16167 from exposir/fixts
• 6f2c5e8 Merge pull request #16257 from alexzhang1030/calc_deterministic_verbose
• f7f36ad Merge pull request #16339 from Liamolucko/wasm-i64
• 761a542 fix semicolon position
• 2403a36 Merge pull request #16345 from ahabhgk/fix-eval-nosources
• c18203c update tooling
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/thomasheckmann/zxinfo-vue/network/alerts).