🎨 A Color picker component. Built from the bottom to work with Vue.js.

Baianat

Last update: Dec 26, 2022

Overview

Verte

A Complete Vue.js Color Picker Component

Features

Multiple Color Models support: RGB, HSL, and HEX.
SSR Friendly.
Small file size, only 7kb gzipped.
Two way binding support.

Getting Started

Installation

First step is to install it using yarn or npm:

npm install verte --save

# or use yarn
yarn add verte

Basic usage

<template>
  <verte picker="square" model="rgb"></verte>
</template>

<script>
  import Verte from 'verte';
  import 'verte/dist/verte.css';
  // register component globally
  Vue.component(Verte.name, Verte);

  new Vue ({
    el: '#app',
    // OR register locally
    components: { Verte }
  });
</script>

License

MIT

Comments

recentColors prop array doesn't work
Describe the bug Passing a recentColors prop as an array of colors doesn't set the initial recent color palette.

I'm guessing in Verte.vue#L197:

\\ this: return initStore(); \\ needs to be: return initStore(Vue, {recentColors: this.recentColors});

edit: Added Vue as first parameter to initStore().
enhancement
opened by wildhart 4
Prevent native form submit from buttons

Almost all buttons in the widget trigger a native submit when the component is used inside a form.

This PR adds the correct button type to avoid this side effect.

opened by deshack 3
Picker "square" invisible color picker in 0.

Hey guys,

Really great library, thanks for this!

Just letting you know that under 0.0.9 the color picker UI in "square" mode is invisible. By UI I mean the color gradient picker element. Reverting to 0.0.8 fixes it.

opened by auscaster 3
Components opens off-screen causing scroll bars
If the component is inserted near the edge of a page, then when it opens it will be partially off the page causing the page to gain horizontal and possibly vertical scroll bars.

Steps to reproduce

Add the component with draggable=true near the edge of the screen, e.g. in a div with style="float: right"

Open the component

The page will get a horizontal scroll bar.

Expected behavior The component should prevent itself openening outside the near the edge of the page (or container?)

It would also be nice (particularly on mobile devices) to have a prop to force the component to open in the center of the page.

Only tested on Linux/Chrome so far.
enhancement
opened by wildhart 3
Is there an online demo somewhere?

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

opened by MarcGodard 3
Bump prismjs from 1.14.0 to 1.23.0
Bumps prismjs from 1.14.0 to 1.23.0.

Release notes

Sourced from prismjs's releases.

v1.23.0

New components

Apex (#2622) f0e2b70e

DataWeave (#2659) 0803525b

PromQL (#2628) 8831c706

Updated components

Fixed multiple vulnerable regexes (#2584) c2f6a644

Apache Configuration

Update directive-flag to match = (#2612) 00bf00e3

C-like

Made all comments greedy (#2680) 0a3932fe

C

Better class name and macro name detection (#2585) 129faf5c

Content-Security-Policy

Added missing directives and keywords (#2664) f1541342

Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d

CSS

Better HTML style attribute tokenization (#2569) b04cbafe

Java

Improved package and class name detection (#2599) 0889bc7c

Added Java 15 keywords (#2567) 73f81c89

Java stack trace

Added support stack frame element class loaders and modules (#2658) 0bb4f096

Julia

Removed constants that are not exported by default (#2601) 093c8175

Kotlin

Added support for backticks in function names (#2489) a5107d5c

Latte

Fixed exponential backtracking (#2682) 89f1e182

Markdown

Improved URL tokenization (#2678) 2af3e2c2

Added support for YAML front matter (#2634) 5cf9cfbc

PHP

Added support for PHP 7.4 + other major improvements (#2566) 38808e64

Added support for PHP 8.0 features (#2591) df922d90

Removed C-like dependency (#2619) 89ebb0b7

Fixed exponential backtracking (#2684) 37b9c9a1

Sass (Scss)

Added support for Sass modules (#2643) deb238a6

Scheme

Fixed number pattern (#2648) e01ecd00

Fixed function and function-like false positives (#2611) 7951ca24

Shell session

Fixed false positives because of links in command output (#2649) 8e76a978

TSX

Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

... (truncated)

Changelog

Sourced from prismjs's changelog.

1.23.0 (2020-12-31)

New components

Apex (#2622) f0e2b70e

DataWeave (#2659) 0803525b

PromQL (#2628) 8831c706

Updated components

Fixed multiple vulnerable regexes (#2584) c2f6a644

Apache Configuration

Update directive-flag to match = (#2612) 00bf00e3

C-like

Made all comments greedy (#2680) 0a3932fe

C

Better class name and macro name detection (#2585) 129faf5c

Content-Security-Policy

Added missing directives and keywords (#2664) f1541342

Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d

CSS

Better HTML style attribute tokenization (#2569) b04cbafe

Java

Improved package and class name detection (#2599) 0889bc7c

Added Java 15 keywords (#2567) 73f81c89

Java stack trace

Added support stack frame element class loaders and modules (#2658) 0bb4f096

Julia

Removed constants that are not exported by default (#2601) 093c8175

Kotlin

Added support for backticks in function names (#2489) a5107d5c

Latte

Fixed exponential backtracking (#2682) 89f1e182

Markdown

Improved URL tokenization (#2678) 2af3e2c2

Added support for YAML front matter (#2634) 5cf9cfbc

PHP

Added support for PHP 7.4 + other major improvements (#2566) 38808e64

Added support for PHP 8.0 features (#2591) df922d90

Removed C-like dependency (#2619) 89ebb0b7

Fixed exponential backtracking (#2684) 37b9c9a1

Sass (Scss)

Added support for Sass modules (#2643) deb238a6

Scheme

Fixed number pattern (#2648) e01ecd00

Fixed function and function-like false positives (#2611) 7951ca24

Shell session

Fixed false positives because of links in command output (#2649) 8e76a978

TSX

Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

... (truncated)

Commits

88a17b4 1.23.0

5dc7b42 Changelog v1.23.0 (#2681)

37b9c9a PHP: Fixed exponential backtracking (#2684)

89f1e18 Latte: Fixed exponential backtracking (#2682)

0a3932f C-like: Made all comments greedy (#2680)

cdb24ab Line Highlight: Fixed print background color (#2668)

e644178 Added test for polynomial backtracking (#2597)

b40f8f4 Line highlight: Fixed top offset in combination with Line numbers (#2237)

2af3e2c Markdown: Improved URL tokenization (#2678)

df0738e Test page: Don't trigger ad-blockers with class (#2677)

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jamesdigioia, a new releaser for prismjs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump handlebars from 4.1.2 to 4.7.6
Bumps handlebars from 4.1.2 to 4.7.6.

Changelog

Sourced from handlebars's changelog.

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

#1672 - Switch cmd parser to latest minimist (@dougwilson

Compatibility notes:

Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

~~Node.js version support has been changed to v6+~~ Reverted in 4.7.6

Compatibility notes:

~~Node.js < v6 is no longer supported~~ Reverted in 4.7.6

Commits

v4.7.4 - April 1st, 2020

Chore/Housekeeping:

#1666 - Replaced minimist with yargs for handlebars CLI (@aorinevo, @AviVahl & @fabb)

Compatibility notes:

No incompatibilities are to be expected

Commits

v4.7.3 - February 5th, 2020

Chore/Housekeeping:

#1644 - Download links to aws broken on handlebarsjs.com - access denied (@Tea56)

Fix spelling and punctuation in changelog - d78cc73

Bugfixes:

Add Type Definition for Handlebars.VERSION, Fixes #1647 - 4de51fe

Include Type Definition for runtime.js in Package - a32d05f

Compatibility notes:

Commits

e6ad93e v4.7.6

2bf4fc6 Update release notes

b64202b Update release-notes.md

c2f1e62 Switch cmd parser to latest minimist

08e9a11 Revert "chore: set Node.js compatibility to v6+"

1fd2ede v4.7.5

3c9c2f5 Update release notes

16487a0 chore: downgrade yargs to v14

309d2b4 chore: set Node.js compatibility to v6+

645ac73 test: fix integration tests

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by erisds, a new releaser for handlebars since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2

Bump node-sass from 4.9.2 to 4.13.1

Bumps node-sass from 4.9.2 to 4.13.1.

Release notes

Sourced from node-sass's releases.

v4.13.1

Community

Fix render example syntax (@ZoranPandovski , #2787)

Fix sourceMap option inconsistencies (@saper , #2394)

Fix possible crash in customer importer (@xzyfer, #2816)

Supported Environments

OS Architecture Node

Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^

Alpine Linux x64 6, 8, 10, 11, 12, 13

FreeBSD i386 amd64 8, 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+ ** Not available on CentOS 5 ^ Only available on x64

v4.13.0

Features

Node 13 support (@saper, #2766 #2767)

Community

Fix broken link to NodeJS docs in README.md (@schwigri, #2753)

Assorted typo fixes (@XhmikosR , #2726)

Remove PR template (@nschonni)

Remove sudo settings from .travis.yml (@abetomo, #2673)

Add note in PR template about node-gyp 4.0 (@nschonni)

Change note about Node 12 support (@nschonni)

Dependencies

lodash@^4.17.15 (@kessenich, #2574)

Supported Environments

OS Architecture Node

Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^

Alpine Linux x64 6, 8, 10, 11, 12, 13

FreeBSD i386 amd64 6, 8, 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10^, 11^, 12^, 13^
Alpine Linux	x64	6, 8, 10, 11, 12, 13
FreeBSD	i386 amd64	8, 10, 12, 13

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10^, 11^, 12^, 13^
Alpine Linux	x64	6, 8, 10, 11, 12, 13
FreeBSD	i386 amd64	6, 8, 10, 12, 13

Changelog

Sourced from node-sass's changelog.

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

https://github.com/sass/node-sass/releases/tag/v4.12.0

v4.11.0

https://github.com/sass/node-sass/releases/tag/v4.11.0

v4.10.0

https://github.com/sass/node-sass/releases/tag/v4.10.0

v4.9.4

https://github.com/sass/node-sass/releases/tag/v4.9.4

v4.9.3

https://github.com/sass/node-sass/releases/tag/v4.9.3

Commits

01db051 4.13.1
338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
c6f2e5a doc: README example fix (#2787)
fbc9ff5 Merge pull request #2754 from saper/no-map-if-not-requested
60fad5f 4.13.0
43db915 Merge pull request #2768 from sass/release-4-13
0c8d308 Update references for v4.13 release
f1cc0d3 Use GCC 6 for Node 12 binaries (#2767)
3838eae Use GCC 6 for Node 12 binaries
e84c6a9 Merge pull request #2766 from saper/node-modules-79
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies

opened by dependabot[bot] 2

Bump prismjs from 1.14.0 to 1.21.0
Bumps prismjs from 1.14.0 to 1.21.0.

Release notes

Sourced from prismjs's releases.

v1.21.0

Release 1.21.0

v1.20.0

Release 1.20.0

v1.19.0

Release 1.19.0

v1.18.0

Release 1.18.0

v1.17.1

Release 1.17.1

v1.17.0

Release 1.17.0

v1.16.0

Release 1.16.0

v1.15.0

Release 1.15.0

Changelog

Sourced from prismjs's changelog.

1.21.0 (2020-08-06)

New components

.ignore & .gitignore & .hgignore & .npmignore (#2481) 3fcce6fe

Agda (#2430) 3a127c7d

AL (#2300) de21eb64

Cypher (#2459) 398e2943

Dhall (#2473) 649e51e5

EditorConfig (#2471) ed8fff91

HLSL (#2318) 87a5c7ae

JS stack trace (#2418) ae0327b3

PeopleCode (#2302) bd4d8165

PureBasic (#2369) d0c1c70d

Racket (#2315) 053016ef

Smali (#2419) 22eb5cad

Structured Text (IEC 61131-3) (#2311) 8704cdfb

UnrealScript (#2305) 1093ceb3

WarpScript (#2307) cde5b0fa

XML doc (.net) (#2340) caec5e30

YANG (#2467) ed1df1e1

Updated components

Markup & JSON: Added new aliases (#2390) 9782cfe6

Fixed several cases of exponential backtracking (#2268) 7a554b5f

APL

Added ⍥ (#2409) 0255cb6a

AutoHotkey

Added missing format built-in (#2450) 7c66cfc4

Improved comments and other improvements (#2412) ddf3cc62

Added missing definitions (#2400) 4fe03676

Bash

Added composer command (#2298) 044dd271

Batch

Fix escaped double quote (#2485) f0f8210c

C

Improved macros and expressions (#2440) 8a72fa6f

Improved macros (#2320) fdcf7ed2

C#

Improved pattern matching (#2411) 7f341fc1

Fixed adjacent string interpolations (#2402) 2a2e79ed

C++

Added support for default comparison operator (#2426) 8e9d161c

Improved class name detection (#2348) e3fe9040

Fixed enum class class names (#2342) 30b4e254

Content-Security-Policy

Fixed directives (#2461) 537a9e80

CSS

Improved url and added keywords (#2432) 964de5a1

Commits

187c8a6 1.21.0

bf4f323 Changelog for v1.21.0 (#2507)

8bba488 Previewers: Fixed XSS (#2506)

158caf5 JSON: Greedy comments (#2479)

f0f8210 Batch: Fix escaped double quote (#2485)

649e51e Added support for Dhall (#2473)

453079b Line Numbers: Fixed class name on website

a0efa40 Fixed Treeview page (#2484)

78161d6 VB: Added VBA alias (#2469)

ed1df1e Added support for YANG (#2467)

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jamesdigioia, a new releaser for prismjs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump elliptic from 6.4.0 to 6.5.3
Bumps elliptic from 6.4.0 to 6.5.3.

Commits

8647803 6.5.3

856fe4d signature: prevent malleability and overflows

6048941 6.5.2

9984964 package: bump dependencies

ec735ed utils: leak less information in getNAF()

71e4e8e 6.5.1

7ec66ff short: add infinity check before multiplying

ee7970b travis: really move on

637d021 travis: move on

5ed0bab package: update deps

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump handlebars from 4.1.2 to 4.5.3
Bumps handlebars from 4.1.2 to 4.5.3.

Changelog

Sourced from handlebars's changelog.

v4.5.3 - November 18th, 2019

Bugfixes:

fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7

fix: add more properties required to be enumerable - 1988878

Chores / Build:

fix: use !== 0 instead of != 0 - c02b05f

add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

Security:

The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

Compatibility notes:

Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.

The semantics have not changed in cases where the properties are enumerable, as in:

{ __proto__: 'some string' }

The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

Commits

v4.5.2 - November 13th, 2019

Bugfixes

fix: use String(field) in lookup when checking for "constructor" - d541378

test: add fluent API for testing Handlebars - c2ac79c

Compatibility notes:

no incompatibility are to be expected

... (truncated)

Commits

c819c8b v4.5.3

827c9d0 Update release notes

f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences

1988878 fix: add more properties required to be enumerable

886ba86 test/chore: add chai/expect and sinon to "runtime"-environment

0817dad test: add sinon as global variable to eslint in the specs

93516a0 test: add sinon.js for spies, deprecate current assertions

93e284e chore: add chai and dirty-chai for better test assertions

c02b05f fix: use !== 0 instead of != 0

8de121d v4.5.2

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 2
Bump decode-uri-component from 0.2.0 to 0.2.2
Bumps decode-uri-component from 0.2.0 to 0.2.2.

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2

980e0bf Prevent overwriting previously decoded tokens

3c8a373 0.2.1

76abc93 Switch to GitHub workflows

746ca5d Fix issue where decode throws - fixes #6

486d7e2 Update license (#1)

a650457 Tidelift tasks

66e1c28 Meta tweaks

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump css-what from 2.1.0 to 2.1.3
Bumps css-what from 2.1.0 to 2.1.3.

Commits

2db00ca 2.1.3

dc51092 fix(css-selectors): extend regex to include superscript in range, fix #27 (#28)

a5f1991 Test on node LTS

b2a2117 2.1.2

e9ef3f1 Run prettier

070b2f8 Add remaining parsed outputs (#25)

af801e4 update license references to match license file (#23)

2d495d0 Update to node 10 in .travis.yml (#22)

c636f0d Allow escaped parentheses in pseudo selectors (#20)

4e255c9 Update .travis.yml

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump trim-off-newlines from 1.0.1 to 1.0.3
Bumps trim-off-newlines from 1.0.1 to 1.0.3.

Commits

c3b28d3 1.0.3

6226c95 Merge pull request #4 from Trott/fix-it-again

c77691d fix: remediate ReDOS further

76ca93c chore: pin mocha to version that works with 0.10.x

8cd3f73 1.0.2

fcbb73d Merge pull request #3 from Trott/patch-1

6d89476 fix: update regular expression to remove ReDOS

0cd87f5 chore: pin xo to latest version that works with current code

See full diff in compare view

Maintainer changes

This version was pushed to npm by trott, a new releaser for trim-off-newlines since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump prismjs from 1.14.0 to 1.27.0
Bumps prismjs from 1.14.0 to 1.27.0.

Release notes

Sourced from prismjs's releases.

v1.27.0

Release 1.27.0

v1.26.0

Release 1.26.0

v1.25.0

Release 1.25.0

v1.24.1

Release 1.24.1

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

v1.22.0

Release 1.22.0

v1.21.0

Release 1.21.0

v1.20.0

Release 1.20.0

v1.19.0

Release 1.19.0

v1.18.0

Release 1.18.0

v1.17.1

Release 1.17.1

v1.17.0

Release 1.17.0

v1.16.0

Release 1.16.0

v1.15.0

Release 1.15.0

Changelog

Sourced from prismjs's changelog.

1.27.0 (2022-02-17)

New components

UO Razor Script (#3309) 3f8cc5a0

Updated components

AutoIt

Allow hyphen in directive (#3308) bcb2e2c8

EditorConfig

Change alias of section from keyword to selector (#3305) e46501b9

Ini

Swap out header for section (#3304) deb3a97f

MongoDB

Added v5 support (#3297) 8458c41f

PureBasic

Added missing keyword and fixed constants ending with $ (#3320) d6c53726

Scala

Added support for interpolated strings (#3293) 441a1422

Systemd configuration file

Swap out operator for punctuation (#3306) 2eb89e15

Updated plugins

Command Line

Escape markup in command line output (#3341) e002e78c

Add support for line continuation and improved colors (#3326) 1784b175

Added span around command and output (#3312) 82d0ca15

Other

Core

Added better error message for missing grammars (#3311) 2cc4660b

1.26.0 (2022-01-06)

New components

Atmel AVR Assembly (#2078) b5a70e4c

Go module (#3209) 8476a9ab

Keepalived Configure (#2417) d908e457

Tremor & Trickle & Troy (#3087) ec25ba65

Web IDL (#3107) ef53f021

Updated components

Use \d for [0-9] (#3097) 9fe2f93e

6502 Assembly

Use standard tokens and minor improvements (#3184) 929c33e0

... (truncated)

Commits

703881e 1.27.0

7ac1373 Updated changelog for v1.27.0 (#3342)

e002e78 Command Line: Escape markup in command line output (#3341)

13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (#3338)

f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (#3334)

9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (#3333)

3fcca6b Bump pathval from 1.1.0 to 1.1.1 (#3331)

1784b17 Command Line: Add support for line continuation and improved colors (#3326)

f545843 ESLint: Allow Map and Set in ES5 code (#3328)

d6c5372 PureBasic: Added missing keyword and fixed constants ending with $ (#3320)

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump follow-redirects from 1.4.1 to 1.14.8
Bumps follow-redirects from 1.4.1 to 1.14.8.

Commits

3d81dc3 Release version 1.14.8 of the npm package.

62e546a Drop confidential headers across schemes.

2ede36d Release version 1.14.7 of the npm package.

8b347cb Drop Cookie header across domains.

6f5029a Release version 1.14.6 of the npm package.

af706be Ignore null headers.

d01ab7a Release version 1.14.5 of the npm package.

40052ea Make compatible with Node 17.

86f7572 Fix: clear internal timer on request abort to avoid leakage

2e1eaf0 Keep Authorization header on subdomain redirects.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump chownr from 1.0.1 to 1.1.4
Bumps chownr from 1.0.1 to 1.1.4.

Commits

814f642 1.1.4

a0d7ae0 push to github before npm

1a3667a ignore stuff

147eac4 Full tests, handle errors properly in many cases

578fb9f update tap, fix rimraf version

5bbda8c feat: ignore ENOENT errors during chown

deaa058 1.1.3

190e311 Don't early-capture the fs.lchownSync method

df2826a push to git with 1 command, not 2

cf3b27b 1.1.2

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0