Bump the npm_and_yarn group with 22 updates #18

dependabot · 2024-08-26T21:26:31Z

Bumps the npm_and_yarn group with 22 updates:

Package	From	To
@babel/traverse	`7.7.2`	`7.25.4`
async	`2.6.3`	`2.6.4`
bl	`1.2.2`	`1.2.3`
browserify-sign	`4.0.4`	`4.2.3`
browserslist	`4.7.2`	`4.23.3`
decode-uri-component	`0.2.0`	`0.2.2`
elliptic	`6.5.1`	`6.5.7`
fsevents	`1.2.9`	`1.2.13`
handlebars	`4.5.3`	`4.7.8`
hosted-git-info	`2.5.0`	`2.8.9`
ini	`1.3.5`	`1.3.8`
lodash	`4.17.15`	`4.17.21`
minimatch	`3.0.4`	`3.1.2`
path-parse	`1.0.6`	`1.0.7`
qs	`6.5.2`	`6.5.3`
ssri	`6.0.1`	`6.0.2`
terser	`4.4.0`	`4.8.1`
tmpl	`1.0.4`	`1.0.5`
word-wrap	`1.2.3`	`1.2.5`
ws	`5.2.2`	`5.2.4`
y18n	`4.0.0`	`4.0.3`
yargs-parser	`13.1.1`	`13.1.2`

Updates @babel/traverse from 7.7.2 to 7.25.4

Release notes

Sourced from @babel/traverse's releases.

v7.25.4 (2024-08-22)

🐛 Bug Fix

babel-traverse

#16756 fix: Skip computed key when renaming (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16755 fix: Decorator 2018-09 may throw an exception (@liuxingbaoyu)

babel-types

#16710 Visit AST fields nodes according to their syntactical order (@nicolo-ribaudo)

babel-generator

#16709 Print semicolon after TS export namespace as A (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse

#16722 Avoid unnecessary parens around sequence expressions (@nicolo-ribaudo)

babel-generator, babel-plugin-transform-class-properties

#16714 Avoid unnecessary parens around exported arrow functions (@nicolo-ribaudo)

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread

#16712 Avoid printing unnecessary parens around object destructuring (@nicolo-ribaudo)

🔬 Output optimization

babel-generator

#16740 Avoid extra spaces between comments/regexps in compact mode (@nicolo-ribaudo)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.25.3 (2024-07-31)

🐛 Bug Fix

babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse

#16699 Avoid validating visitors produced by traverse.visitors.merge (@nicolo-ribaudo)

🏠 Internal

babel-parser

#16688 Add @babel/types as a dependency of @babel/parser (@nicolo-ribaudo)

Committers: 2

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

v7.25.2 (2024-07-30)

🐛 Bug Fix

babel-core, babel-traverse

#16695 Ensure that requeueComputedKeyAndDecorators is available (@nicolo-ribaudo)

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.25.4 (2024-08-22)

🐛 Bug Fix

babel-traverse

#16756 fix: Skip computed key when renaming (@liuxingbaoyu)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16755 fix: Decorator 2018-09 may throw an exception (@liuxingbaoyu)

babel-types

#16710 Visit AST fields nodes according to their syntactical order (@nicolo-ribaudo)

babel-generator

#16709 Print semicolon after TS export namespace as A (@nicolo-ribaudo)

💅 Polish

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse

#16722 Avoid unnecessary parens around sequence expressions (@nicolo-ribaudo)

babel-generator, babel-plugin-transform-class-properties

#16714 Avoid unnecessary parens around exported arrow functions (@nicolo-ribaudo)

babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread

#16712 Avoid printing unnecessary parens around object destructuring (@nicolo-ribaudo)

🔬 Output optimization

babel-generator

#16740 Avoid extra spaces between comments/regexps in compact mode (@nicolo-ribaudo)

v7.25.3 (2024-07-31)

🐛 Bug Fix

babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse

#16699 Avoid validating visitors produced by traverse.visitors.merge (@nicolo-ribaudo)

🏠 Internal

babel-parser

#16688 Add @babel/types as a dependency of @babel/parser (@nicolo-ribaudo)

v7.25.2 (2024-07-30)

🐛 Bug Fix

babel-core, babel-traverse

#16695 Ensure that requeueComputedKeyAndDecorators is available (@nicolo-ribaudo)

v7.25.1 (2024-07-28)

🐛 Bug Fix

babel-plugin-transform-function-name

#16683 fix: ensureFunctionName may be undefined (@liuxingbaoyu)

babel-plugin-transform-react-constant-elements

#16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@keiseiTi)

babel-traverse

#16587 fix: fixed issue16583 + test (@nerodesu017)

🏠 Internal

#16663 Test eslint plugin against eslint 9 (@JLHwung)

v7.25.0 (2024-07-26)

... (truncated)

Commits

cbf124c v7.25.4
2b289fb fix: skip computed key when renaming (#16756)
575863c Avoid unnecessary parens around sequence expressions (#16722)
5174ad1 Clean all always enabled parser plugins (#16572)
52718ab Discontinue babel-eslint-config-internal (#16718)
dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
787c7cd v7.25.3
992c6e0 Avoid validating visitors produced by traverse.visitors.merge (#16699)
44efb5f print @babel/traverse version on unknown AST types (#16701)
0f8f408 v7.25.2
Additional commits viewable in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

Fix potential prototype pollution exploit (#1828)

Commits

c6bdaca Version 2.6.4
8870da9 Update built files
4df6754 update changelog
8f7f903 Fix prototype pollution vulnerability (#1828)
See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates bl from 1.2.2 to 1.2.3

Commits

d69edfd 1.2.3
847473a test all branches
0bd87ec Fix unintialized memory access
dc097f3 test newer versions of Node
See full diff in compare view

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

[patch] widen support to 0.12 9247adf

[patch] drop minimum node support to v1 4d0ee49

[Dev Deps] update aud, npmignore, tape 87f3a35

[actions] remove redundant finisher 37a4758

[Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12

[Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)

[Deps] update elliptic fb261ce

[Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

[Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

Only apps should have lockfiles 09a8995

[eslint] switch to eslint 83fe463

[meta] add npmignore and auto-changelog 4418183

[meta] fix package.json indentation 9ac5a5e

[Tests] migrate from travis to github actions d845d85

[Fix] sign: throw on unsupported padding scheme 8767739

[Fix] properly check the upper bound for DSA signatures 85994cd

[Tests] handle openSSL not supporting a scheme f5f17c2

[Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb

[Dev Deps] update nyc, standard, tape cc5350b

[Tests] always run coverage; downgrade nyc 75ce1d5

[meta] add safe-publish-latest dcf49ce

[Tests] add npm run posttest 75dd8fd

[Dev Deps] update tape 3aec038

[Tests] skip unsupported schemes 703c83e

[Tests] node < 6 lacks array includes 3aa43cf

[Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

bf2c3ec v4.2.3
9247adf [patch] widen support to 0.12
f427270 [Deps] update `parse-asn1
87f3a35 [Dev Deps] update aud, npmignore, tape
fb261ce [Deps] update elliptic
4d0ee49 [patch] drop minimum node support to v1
9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
168e16f [Deps] pin elliptic due to a breaking change
37a4758 [actions] remove redundant finisher
4af5a90 v4.2.2
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates browserslist from 4.7.2 to 4.23.3

Release notes

Sourced from browserslist's releases.

4.23.3

Fixed >= query for ios (by @syi0808).

4.23.2

Updated Firefox ESR.

4.23.1

Fixed feature query with mobile to desktop when caniuse lags (by @steverep).

4.23.0

Added BROWSERSLIST_ROOT_PATH (by @teleclimber).

Changelog

Sourced from browserslist's changelog.

4.23.3

Fixed >= query for ios (by @syi0808).

4.23.2

Updated Firefox ESR.

4.23.1

Fixed feature query with mobile to desktop when caniuse lags (by @steverep).

4.23.0

Added BROWSERSLIST_ROOT_PATH (by @teleclimber).

4.22.3

Fixed white spaces support in supports query (@g-plane).

Fixed shared config like @company/package/browserslist-config (@boucodes).

4.22.2

Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

Updated Firefox ESR (by @lerkor).

4.22

Added fully supports query (by Ben Scott).

Added partially supports alias for supports query (by Ben Scott).

4.21.11

Added warning to --update-db to move to new CLI (by Ivan Vasilev).

Fixed docs (by Tatsunori Uchino).

4.21.10

Updated Firefox ESR.

4.21.9

Fixed Opera Mobile edge cases (by Steve Repsher).

4.21.8

Fixed supports query and mobileToDesktop (by Steve Repsher).

4.21.7

Fixed last queries for Android (by Steve Repsher).

4.21.6

Fixed time queries with mobileToDesktop (by Steve Repsher).

Fixed docs (by Tatsunori Uchino, Will Stone, and Dominik Pschenitschni).

4.21.5

Fixed running Browserslist in browser environment.

4.21.4

... (truncated)

Commits

ee095bd Release 4.32.3 version
0f4e6f7 Update dependencies
8f87b3c fix: browser ray gt or gte compare with latest version (#836)
cdcfbc0 Release 4.23.2 version
9e8188b Update dependencies
543fc48 Update Firefox ESR
edd5309 Release 4.23.1 version
9e8ca3d Simplify code
bbe6821 Update lock
a36e1ad Update ESLint and dependencies
Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

Updates elliptic from 6.5.1 to 6.5.7

Commits

3e46a48 6.5.7
accb61e lib: DER signature decoding correction
03e06e1 6.5.6
7ac5360 Merge commit from fork
7570078 6.5.5
206da2e lib: lint
0a78e03 [Fix] restore node < 4 compat
43ac7f2 6.5.4
f4bc72b package: bump deps
441b742 ec: validate that a point before deriving keys
Additional commits viewable in compare view

Updates fsevents from 1.2.9 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Commits

844a05d Version Bump
f393f2a Only build fsevents on macOS (#322)
6a281a7 [publish binary]
acc2bce [publish binary]
f532b6e [publish binary]
4c6a1c0 Add node 13 to travis matrix.
92e40aa Release 1.2.12.
909af26 Release v1.2.11
7074adb Release v1.2.10
See full diff in compare view

Updates handlebars from 4.5.3 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning when importing Handlebars as ESM - 03d387b

Fix bundler issue with webpack 5 (#1862) - c6c6bbb

Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

Make library compatible with workers (#1894) - 3d3796c

Don't rely on Node.js global object (#1776) - 2954e7e

Fix compiling of each block params in strict mode (#1855) - 30dbf04

Fix rollup warning when importing Handlebars as ESM - 03d387b

Fix bundler issue with webpack 5 (#1862) - c6c6bbb

Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

fix weird error in integration tests - eb860c0

fix: check prototype property access in strict-mode (#1736) - b6d3de7

fix: escape property names in compat mode (#1736) - f058970

refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8

chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

#1672 - Switch cmd parser to latest minimist (@dougwilson

Compatibility notes:

Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

~~Node.js version support has been changed to v6+~~ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

8dc3d25 v4.7.8
668c4fb Fix browser tests in CI pipeline
c65c6cc Test on Node 18
3d3796c Make library compatible with workers
075b354 Fix sync issue with npm lock-file
30dbf04 Fix compiling of each block params in strict mode
e3a5448 Fix bundler issue with webpack 5
8e23642 Fix integration-tests issue with npm >= 7
88ac068 use https instead of git for mustache submodule
c68bc08 Fix typo
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates hosted-git-info from 2.5.0 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

#61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62

Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

updated pathmatch for gitlab (e8325b5), closes #51

updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits

8d4b369 chore(release): 2.8.9
29adfe5 fix: backport regex fix from #76
afeaefd chore(release): 2.8.8
5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
7440afa chore(release): 2.8.7
2d0bb66 fix: Do not attempt to use url.URL when unavailable
f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
e1b83df chore(release): 2.8.6
ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
624fd6f chore(release): 2.8.5
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates ini from 1.3.5 to 1.3.8

Commits

a2c5da8 1.3.8
af5c6bb Do not use Object.create(null)
8b648a1 don't test where our devdeps don't even work
c74c8af 1.3.7
024b8b5 update deps, add linting
032fbaf Use Object.create(null) to avoid default object property hazards
2da9039 1.3.6
cfea636 better git push script, before publish instead of after
56d2805 do not allow invalid hazardous string as section name
See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates lodash from 4.17.15 to 4.17.21

Commits

f299b52 Bump to v4.17.21
c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
3469357 Prevent command injection through _.template's variable option
ded9bc6 Bump to v4.17.20.
63150ef Documentation fixes.
00f0f62 test.js: Remove trailing comma.
846e434 Temporarily use a custom fork of lodash-cli.
5d046f3 Re-enable Travis tests on 4.17 branch.
aa816b3 Remove /npm-package.
d7fbc52 Bump to v4.17.19
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates minimatch from 3.0.4 to 3.1.2

Commits

699c459 3.1.2
2f2b5ff fix: trim pattern
25d7c0d 3.1.1
55dda29 fix: treat nocase:true as always having magic
5e1fb8d 3.1.0
f8145c5 Add 'allowWindowsEscape' option
570e8b1 add publishConfig for v3 publishes
5b7cd33 3.0.6
20b4b56 [fix] revert all breaking syntax changes
2ff0388 document, expose, and test 'partial:true' option
Additional commits viewable in compare view

Updates path-parse from 1.0.6 to 1.0.7

Commits

See full diff in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3
ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
12ac1c4 [meta] fix README.md (#399)
0338716 [actions] backport actions from main
5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
51b8a0b add FUNDING.yml
45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
f814a7f [Dev Deps] backport from main
Additional commits viewable in compare view

Updates ssri from 6.0.1 to 6.0.2

Changelog

Sourced from ssri's changelog.

6.0.2 (2021-04-07)

Bug Fixes

backport regex change from 8.0.1 (b30dfdb), closes #19

Commits

b7c8c7c chore(release): 6.0.2
b30dfdb fix: backport regex change from 8.0.1
See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for ssri since your current version.

Updates terser from 4.4.0 to 4.8.1

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

Security fix for RegExps that should not be evaluated (regexp DDOS)

v4.8.0

Support for numeric separators (million = 1_000_000) was added.

Assigning properties to a class is now assumed to be pure.

Fixed bug where yield wasn't considered a valid property key in generators.

v4.7.0

A bug was fixed where an arrow function would have the wrong size

arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.

Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

v4.6.13

Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.

Fixed parsing of BigInt with lowercase e in them.

v4.6.12

Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]

Printing of unicode identifiers has been improved

v4.6.11

Read unused classes' properties and method keys, to figure out if they use other variables.

Prevent inlining into block scopes when there are name collisions

Functions are no longer inlined into parameter defaults, because they live in their own special scope.

When inlining identity functions, take into account the fact they may be used to drop this in function calls.

Nullish coalescing operator (x ?? y), plus basic optimization for it.

Template literals in binary expressions such as + have been further optimized

v4.6.10

Do not use reduce_vars when classes are present

v4.6.9

Check if block scopes actually exist in blocks

v4.6.8

Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.

v4.6.7

Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.

... (truncated)

Commits

40674a4 update changelog, version
d8cc569 backport fix to potential regexp DDOS
504b967 4.8.0
9f380dc update changelog
7dd0b9d update assumptions
cfad907 Allow yield to be used as property key in generators.
283f44f Make class property assignment pure.
ee965e8 Add numeric separators support (#725)
ee6b8af 4.7.0
807f729 update changelog
Additional commits viewable in

Bumps the npm_and_yarn group with 22 updates: | Package | From | To | | --- | --- | --- | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.7.2` | `7.25.4` | | [async](https://github.com/caolan/async) | `2.6.3` | `2.6.4` | | [bl](https://github.com/rvagg/bl) | `1.2.2` | `1.2.3` | | [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.3` | | [browserslist](https://github.com/browserslist/browserslist) | `4.7.2` | `4.23.3` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [elliptic](https://github.com/indutny/elliptic) | `6.5.1` | `6.5.7` | | [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` | | [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.8` | | [hosted-git-info](https://github.com/npm/hosted-git-info) | `2.5.0` | `2.8.9` | | [ini](https://github.com/npm/ini) | `1.3.5` | `1.3.8` | | [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` | | [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` | | [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` | | [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` | | [ssri](https://github.com/npm/ssri) | `6.0.1` | `6.0.2` | | [terser](https://github.com/terser/terser) | `4.4.0` | `4.8.1` | | [tmpl](https://github.com/daaku/nodejs-tmpl) | `1.0.4` | `1.0.5` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | | [ws](https://github.com/websockets/ws) | `5.2.2` | `5.2.4` | | [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` | | [yargs-parser](https://github.com/yargs/yargs-parser) | `13.1.1` | `13.1.2` | Updates `@babel/traverse` from 7.7.2 to 7.25.4 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.4/packages/babel-traverse) Updates `async` from 2.6.3 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) Updates `bl` from 1.2.2 to 1.2.3 - [Release notes](https://github.com/rvagg/bl/releases) - [Changelog](https://github.com/rvagg/bl/blob/master/CHANGELOG.md) - [Commits](rvagg/bl@v1.2.2...v1.2.3) Updates `browserify-sign` from 4.0.4 to 4.2.3 - [Changelog](https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md) - [Commits](browserify/browserify-sign@v4.0.4...v4.2.3) Updates `browserslist` from 4.7.2 to 4.23.3 - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](browserslist/browserslist@4.7.2...4.23.3) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `elliptic` from 6.5.1 to 6.5.7 - [Commits](indutny/elliptic@v6.5.1...v6.5.7) Updates `fsevents` from 1.2.9 to 1.2.13 - [Release notes](https://github.com/fsevents/fsevents/releases) - [Commits](fsevents/fsevents@v1.2.9...v1.2.13) Updates `handlebars` from 4.5.3 to 4.7.8 - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.8/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.5.3...v4.7.8) Updates `hosted-git-info` from 2.5.0 to 2.8.9 - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](npm/hosted-git-info@v2.5.0...v2.8.9) Updates `ini` from 1.3.5 to 1.3.8 - [Release notes](https://github.com/npm/ini/releases) - [Changelog](https://github.com/npm/ini/blob/main/CHANGELOG.md) - [Commits](npm/ini@v1.3.5...v1.3.8) Updates `lodash` from 4.17.15 to 4.17.21 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.15...4.17.21) Updates `minimatch` from 3.0.4 to 3.1.2 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `path-parse` from 1.0.6 to 1.0.7 - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) Updates `qs` from 6.5.2 to 6.5.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) Updates `ssri` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - [Commits](npm/ssri@v6.0.1...v6.0.2) Updates `terser` from 4.4.0 to 4.8.1 - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](terser/terser@v4.4.0...v4.8.1) Updates `tmpl` from 1.0.4 to 1.0.5 - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `ws` from 5.2.2 to 5.2.4 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@5.2.2...5.2.4) Updates `y18n` from 4.0.0 to 4.0.3 - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md) - [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3) Updates `yargs-parser` from 13.1.1 to 13.1.2 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md) - [Commits](https://github.com/yargs/yargs-parser/commits) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: async dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bl dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserify-sign dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: browserslist dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: elliptic dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: fsevents dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: handlebars dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: hosted-git-info dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ini dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: lodash dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: minimatch dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-parse dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: qs dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ssri dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: terser dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmpl dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: ws dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: y18n dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: yargs-parser dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 26, 2024

This was referenced Aug 26, 2024

Bump terser from 4.4.0 to 4.8.1 #13

Closed

Bump decode-uri-component from 0.2.0 to 0.2.2 #14

Closed

Bump qs from 6.5.2 to 6.5.3 #15

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the npm_and_yarn group with 22 updates #18

Bump the npm_and_yarn group with 22 updates #18

Uh oh!

dependabot bot commented on behalf of github Aug 26, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the npm_and_yarn group with 22 updates #18

Are you sure you want to change the base?

Bump the npm_and_yarn group with 22 updates #18

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 26, 2024

v7.25.4 (2024-08-22)

🐛 Bug Fix

💅 Polish

🔬 Output optimization

Committers: 4

v7.25.3 (2024-07-31)

🐛 Bug Fix

🏠 Internal

Committers: 2

v7.25.2 (2024-07-30)

🐛 Bug Fix

v7.25.4 (2024-08-22)

🐛 Bug Fix

💅 Polish

🔬 Output optimization

v7.25.3 (2024-07-31)

🐛 Bug Fix

🏠 Internal

v7.25.2 (2024-07-30)

🐛 Bug Fix

v7.25.1 (2024-07-28)

🐛 Bug Fix

🏠 Internal

v7.25.0 (2024-07-26)

v2.6.4

v4.2.3 - 2024-03-05

Commits

v4.2.2 - 2023-10-25

Fixed

Commits

v4.2.1 - 2020-08-04

Merged

v4.2.0 - 2020-05-18

Merged

4.23.3

4.23.2

4.23.1

4.23.0

4.23.3

4.23.2

4.23.1

4.23.0

4.22.3

4.22.2

4.22.1

4.22

4.21.11

4.21.10

4.21.9

4.21.8

4.21.7

4.21.6

4.21.5

4.21.4

v0.2.2

v0.2.1

Release v1.2.13

Release v1.2.11

Intermediate Release

v4.7.8

v4.7.8 - July 27th, 2023

v4.7.7 - February 15th, 2021

v4.7.6 - April 3rd, 2020

v4.7.5 - April 2nd, 2020

2.8.9 (2021-04-07)

Bug Fixes

2.8.8 (2020-02-29)

Bug Fixes

2.8.7 (2020-02-26)

Bug Fixes

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

2.8.4 (2019-08-12)