This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.
Fix ReDoS in certain cases (#37)
You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.
Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)
v2.2.2
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
Fix: Properties with the name __proto__ are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
Bumps the npm_and_yarn group with 10 updates in the /cloudfront/iiif.wellcomecollection.org/edge-lambda directory:
7.12.13
7.24.0
5.0.0
5.0.1
0.2.0
0.2.2
2.2.0
2.2.3
3.0.4
3.1.2
1.2.5
1.2.8
6.5.2
6.5.3
5.7.1
5.7.2
1.0.4
1.0.5
1.2.3
1.2.5
Bumps the npm_and_yarn group with 10 updates in the /cloudfront/invalidation/lambda directory:
7.13.13
7.24.0
5.0.0
5.0.1
0.2.0
0.2.2
1.0.1
1.0.2
3.0.4
3.1.2
1.2.5
1.2.8
6.5.2
6.5.3
5.7.1
5.7.2
1.0.4
1.0.5
1.2.3
1.2.5
Bumps the npm_and_yarn group with 1 update in the /logging directory: node-fetch.
Updates
@babel/traverse
from 7.12.13 to 7.24.0Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.... (truncated)
Commits
ce59160
v7.24.0bd5abd5
fix: avoidpopContext
on unvisited node paths (#16305)08a057c
UseObject.hasOwn
when available (#16248)a0dd614
v7.23.91200542
fix: Don't throw ingetTypeAnnotation
when using TS+inference (#15383)e428a6d
v7.23.7d292822
fix: Crash when removing withoutProgram
(#16191)d02c1f7
v7.23.6cce807f
Bump debug to ^4.3.1 (#16164)8479012
v7.23.5Updates
ansi-regex
from 5.0.0 to 5.0.1Release notes
Sourced from ansi-regex's releases.
Commits
a9babce
5.0.14657833
fix incorrect formatc3c0b3f
Fix potential ReDoS (#37)178363b
Move to GitHub Actions (#35)0755e66
Add@Qix
- to funding.ymlUpdates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea46
0.2.2980e0bf
Prevent overwriting previously decoded tokens3c8a373
0.2.176abc93
Switch to GitHub workflows746ca5d
Fix issue where decode throws - fixes #6486d7e2
Update license (#1)a650457
Tidelift tasks66e1c28
Meta tweaksUpdates
json5
from 2.2.0 to 2.2.3Release notes
Sourced from json5's releases.
Changelog
Sourced from json5's changelog.
Commits
c3a7524
2.2.394fd06d
docs: update CHANGELOG for v2.2.33b8cebf
docs(security): use GitHub security advisoriesf0fd9e1
docs: publish a security policy6a91a05
docs(template): bug -> bug report14f8cb1
2.2.210cc7ca
docs: update CHANGELOG for v2.2.27774c10
fix: add proto to objects and arraysedde30a
Readme: slight tweak to intro97286f8
Improve example in readmeUpdates
minimatch
from 3.0.4 to 3.1.2Commits
699c459
3.1.22f2b5ff
fix: trim pattern25d7c0d
3.1.155dda29
fix: treat nocase:true as always having magic5e1fb8d
3.1.0f8145c5
Add 'allowWindowsEscape' option570e8b1
add publishConfig for v3 publishes5b7cd33
3.0.620b4b56
[fix] revert all breaking syntax changes2ff0388
document, expose, and test 'partial:true' optionUpdates
minimist
from 1.2.5 to 1.2.8Changelog
Sourced from minimist's changelog.
... (truncated)
Commits
6901ee2
v1.2.8a026794
Merge tag 'v0.2.3'c0b2661
v0.2.363b8fee
[Fix] Fix long option followed by single dash (#17)72239e6
[Tests] Remove duplicate test (#12)34b0f1c
[eslint] fix indentation3226afa
[Dev Deps] add missingnpmignore
dev dep098873c
[Dev Deps] update@ljharb/eslint-config
,aud
9ec4d27
[Fix] Fix long option followed by single dashba92fe6
[actions] Avoid 0.6 tests due to build failuresMaintainer changes
This version was pushed to npm by ljharb, a new releaser for minimist since your current version.
Updates
qs
from 6.5.2 to 6.5.3Changelog
Sourced from qs's changelog.
Commits
298bfa5
v6.5.3ed0f5dc
[Fix]parse
: ignore__proto__
keys (#428)691e739
[Robustness]stringify
: avoid relying on a globalundefined
(#427)1072d57
[readme] remove travis badge; add github actions/codecov badges; update URLs12ac1c4
[meta] fix README.md (#399)0338716
[actions] backport actions from main5639c20
Clean up license text so it’s properly detected as BSD-3-Clause51b8a0b
add FUNDING.yml45f6759
[Fix] fix for an impossible situation: when the formatter is called with a no...f814a7f
[Dev Deps] backport from mainUpdates
semver
from 5.7.1 to 5.7.2Release notes
Sourced from semver's releases.
Changelog
Sourced from semver's changelog.
Commits
f8cc313
chore: release 5.7.22f8fd41
fix: better handling of whitespace (#585)deb5ad5
chore:@npmcli/template-oss
@4
.16.0Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
Updates
tmpl
from 1.0.4 to 1.0.5Commits
Updates
word-wrap
from 1.2.3 to 1.2.5Release notes
Sourced from word-wrap's releases.
Commits
207044e
1.2.59894315
revert default indentf64b188
run verb to generate README03ea082
Merge pull request #42 from jonschlinkert/chore/publish-workflow420dce9
Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2bfa694e
Update .github/workflows/publish.ymlace0b3c
chore: bump version to 1.2.46fd7275
chore: add publish workflow30d6daf
chore: fix test655929c
chore: remove package-lockUpdates
@babel/traverse
from 7.13.13 to 7.24.0Release notes
Sourced from
@babel/traverse
's releases.... (truncated)
Changelog
Sourced from
@babel/traverse
's changelog.