yours-truly-phil / SOULHub

Serves SOUL (Sound Language) Patches
MIT License
7 stars 0 forks source link

Bump json5 and webpack-babel-multi-target-plugin #94

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps json5 to 1.0.2 and updates ancestor dependency webpack-babel-multi-target-plugin. These dependencies need to be updated together.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

  • Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

  • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits


Updates webpack-babel-multi-target-plugin from 2.3.3 to 2.5.0

Release notes

Sourced from webpack-babel-multi-target-plugin's releases.

v2.5.0

Note: v2.4.0 is skipped due to a prerelease versioning conflict.

Added:

Fixed:

  • fix: Add exclude for 'querystring-es3 (#62, thanks again @​despian!)
  • fix Angular Routing example

Updated

  • Bump html-webpack-plugin peerDependency requirement to ^3.2.0 || ^4.0.0

v2.5.0-next.3

Updated

  • Bump html-webpack-plugin peerDependency requirement to ^3.2.0 || ^4.0.0

v2.5.0-next.2

Note: 2.4.0 is skipped due to a prerelease versioning conflict.

Added:

  • feat: add inject(head|body) and minify options to safari10NoModuleFix (#63, thanks @​despian!)
  • feat: add preset configuration to babel options (#59, thanks @​semoal!)

Fixed:

  • fix: Add exclude for 'querystring-es3 (#62, thanks again @​despian!)

See also: v2.5.0-next.1

v2.5.0-next.1

Note: 2.4.0 is skipped due to a prerelease versioning conflict.

v2.4.0-next.1

No release notes provided.

v2.4.0-next.0

No release notes provided.

Commits
  • 6741737 [skip ci] v2.5.0
  • fe5637c chore: Merge branch 'release/2.5.0'
  • 942c696 [skip ci] v2.5.0-next.3
  • fde18e8 chore: Update html-webpack-plugin peerDependency requirement to `^3.2.0 || ...
  • 7b58114 [skip ci] v2.5.0-next.2
  • dc0fbad chore: update yarn.lock
  • 4e39cf7 chore: Merge branch 'develop' of github.com:DanielSchaffer/webpack-babel-mult...
  • cb15ae2 chore: Merge pull request #59 from semoal/allow-configure-presets
  • 0fd5c05 chore: Merge pull request #63 from despian/feature/safarifix-inject-option
  • 6c27bc9 chore: fixed pr comments
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yours-truly-phil/SOULHub/network/alerts).