Sourced from [json5's releases](https://github.com/json5/json5/releases).
v1.0.2
Fix: Properties with the name **proto** are added to objects and arrays. ([#199](https://github-redirect.dependabot.com/json5/json5/issues/199)) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! ([#295](https://github-redirect.dependabot.com/json5/json5/issues/295)). This has been backported to v1. ([#298](https://github-redirect.dependabot.com/json5/json5/issues/298))
Changelog
Sourced from [json5's changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md).
Fix: json5@2.2.3 is now the 'latest' release according to npm instead of
v1.0.2. ([#299](https://github-redirect.dependabot.com/json5/json5/issues/299))
Fix: Properties with the name **proto** are added to objects and arrays.
([#199](https://github-redirect.dependabot.com/json5/json5/issues/199)) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! ([#295](https://github-redirect.dependabot.com/json5/json5/issues/295)).
New: Accurate and documented TypeScript declarations are now included. There
is no need to install @types/json5. ([#236](https://github-redirect.dependabot.com/json5/json5/issues/236), [#244](https://github-redirect.dependabot.com/json5/json5/issues/244))
Fix: An out of memory bug when parsing numbers has been fixed. ([#228](https://github-redirect.dependabot.com/json5/json5/issues/228),
[#229](https://github-redirect.dependabot.com/json5/json5/issues/229))
See full diff in [compare view](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
* `@dependabot rebase` will rebase this PR
* `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
* `@dependabot merge` will merge this PR after your CI passes on it
* `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
* `@dependabot cancel merge` will cancel a previously requested merge and block automerging
* `@dependabot reopen` will reopen this PR if it is closed
* `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
* `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
* `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
* `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
* `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
* `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
* `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
* `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/vlafranca/ngxAutocomPlace/network/alerts).
Bumps json5 from 1.0.1 to 1.0.2.
Release notes
Sourced from [json5's releases](https://github.com/json5/json5/releases).
Changelog
Sourced from [json5's changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md).
... (truncated)
Commits
a62db1e
1.0.2e0c23fe
docs: update CHANGELOG for v1.0.262a6540
fix: add proto to objects and arraysDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: * `@dependabot rebase` will rebase this PR * `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it * `@dependabot merge` will merge this PR after your CI passes on it * `@dependabot squash and merge` will squash and merge this PR after your CI passes on it * `@dependabot cancel merge` will cancel a previously requested merge and block automerging * `@dependabot reopen` will reopen this PR if it is closed * `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually * `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) * `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) * `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) * `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language * `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language * `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language * `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/vlafranca/ngxAutocomPlace/network/alerts).
┆Issue is synchronized with this Clickup by Unito