Smart asynchronous data and computed properties for vue components.

MarketDial

Last update: Jun 21, 2021

Related tags

HTTP Requests vue-async-properties

Overview

vue-async-properties

Vue Component Plugin for asynchronous data and computed properties.

A Marketdial Project

new Vue({
  props: {
    articleId: Number
  },
  asyncData: {
    article() {
      return this.axios.get(`/articles/${this.articleId}`)
    }
  },

  data: {
    query: ''
  },
  asyncComputed: {
    searchResults: {
      get() {
        return this.axios.get(`/search/${this.query}`)
      },
      watch: 'query'
      debounce: 500,
    }
  }
})

#article(
  v-if="!article$error",
  :class="{ 'loading': article$loading }")

  h1 {{article.title}}

  .content {{article.content}}

#article(v-else)
  | There was an error while loading the article!
  | {{article$error.message}}

button(@click="article$refresh")
 | Refresh the Article


input.search(v-model="query")
span(v-if="searchResults$pending")
  | Waiting for you to stop typing...
span(v-if="searchResults$error")
  | There was an error while making your search!
  | {{searchResults$error.message}}

#search-results(:class="{'loading': searchResults$loading}")
  .search-result(v-for="result in results")
    p {{result.text}}

Has convenient features for:

loading, pending, and error flags
ability to refresh data
debouncing, with cancel and now functions
defaults
response transformation
error handling

The basic useage looks like this.

npm install --save vue-async-properties

// main.js
import Vue from 'vue'

// you can use whatever http library you prefer
import axios from 'axios'
import VueAxios from 'vue-axios'
Vue.use(VueAxios, axios)

Vue.axios.defaults.baseURL = '... whatever ...'

import VueAsyncProperties from 'vue-async-properties'
Vue.use(VueAsyncProperties)

Now asyncData and asyncComputed options are available on your components. What's the difference between the two?

asyncData only runs once automatically, during the component's onCreated hook.
asyncComputed runs automatically every time any of the things it depends on changes, with a default debounce of 1000 milliseconds.

`asyncData`

You can simply pass a function that returns a promise.

// in component
new Vue({
  props: ['articleId'],
  asyncData: {
    // when the component is created
    // a request will be made to
    // http://api.example.com/v1/articles/articleId
    // (or whatever baseURL you've configured)
    article() {
      return this.axios.get(`/articles/${this.articleId}`)
    }
  },
})

//- in template (using the pug template language)
#article(
  v-if="!article$error",
  :class="{ 'loading': article$loading }")

  h1 {{article.title}}

  .content {{article.content}}

#article(v-else)
  | There was an error while loading the article!
  | {{article$error.message}}

button(@click="article$refresh")
  | Refresh the Article

`asyncComputed`

You have to provide a get function that returns a promise, and a watch parameter that's either a string referring to a property on the vue instance, or a function that refers to the properties you want tracked.

// in component
new Vue({
  data: {
    query: ''
  },
  asyncComputed: {
    // whenever query changes,
    // a request will be made to
    // http://api.example.com/v1/search/articleId
    // (or wherever)
    // debounced by 1000 miliseconds
    searchResults: {
      // the function that returns a promise
      get() {
        return this.axios.get(`/search/${this.query}`)
      },

      // the thing to watch for changes
      watch: 'query'
      // ... or ...
      watch() {
        // do this if you need to watch multiple things
        this.query
      }
    }
  }
})

//- in template (using the pug template language)
input.search(v-model="query")
span(v-if="searchResults$pending")
  | Waiting for you to stop typing...
span(v-if="searchResults$error")
  | There was an error while making your search!
  | {{searchResults$error.message}}

#search-results(v-else, :class="{'loading': searchResults$loading}")
  .search-result(v-for="result in results")
    p {{result.text}}

You might be asking "Why is the watch necessary? Why not just pass a function that's reactively watched?" Well, in order for Vue to reactively track a function, it has to invoke that function up front when you create the watcher. Since we have a function that performs an expensive async operation, which we also want to debounce, we can't really do that.

Meta Properties

Properties to show the status of your requests, and methods to manage them, are automatically added to the component.

prop$loading: if a request is currently in progress
prop$error: the error of the last request
prop$default: the default value you provided, if any

For asyncData

prop$refresh(): perform the request again

For asyncComputed

prop$pending: if a request is queued, but not yet sent because of debouncing
prop$cancel(): cancel any debounced requests
prop$now(): immediately perform the latest debounced request

Debouncing

It's always a good idea to debounce asynchronous functions that rely on user input. You can configure this both globally and at the property level.

By default, anything you pass to debounce only applies to asyncComputed, since it's the only one that directly relies on input.

// global configuration
Vue.use(VueAsyncProperties, {
  // if the value is just a number, it's used as the wait time
  debounce: 500,

  // you can pass an object for more complex situations
  debounce: {
    wait: 500,

    // these are the same options used in lodash debounce
    // https://lodash.com/docs/#debounce
    leading: false, // default
    trailing: true, // default
    maxWait: null // default
  }
})

// property level configuration
new Vue({
  asyncComputed: {
    searchResults: {
      get() { /* ... */ },
      watch: '...'
      // this will be 1000
      // instead of the globally configured 500
      debounce: 1000
    }
  }
})

It is also allowed to pass null to debounce, to specify that no debounce should be applied. If this is done, property$pending, property$cancel, and property$now will not exist. The same rules that apply to other options holds here; the global setting will set all components, but it can be overridden by the local settings.

// no components will debounce
Vue.use(VueAsyncProperties, {
  debounce: null
})

// just this component won't have a debounce
new Vue({
  asyncComputed: {
    searchResults: {
      get() { /* ... */ },
      watch: '...'
      debounce: null

      // this however would debounce,
      // since the local overrides the global
      debounce: 500
    }
  }
})

This should only be done when the asyncComputed only watches values that aren't changed frequently by the user, otherwise a huge number of requests will be sent out.

`watchClosely`

Sometimes the method should debounce when some values change (things like key inputs or anything that might change rapidly), and not debounce when other values change (things like boolean switches that are more discrete, or things that are only changed programmatically).

For these situations, you can set up a separate watcher called watchClosely that will trigger an immediate, undebounced invocation of the asyncComputed.

new Vue({
  data: {
    query: '',
    includeInactiveResults: false
  },
  asyncComputed: {
    searchResults: {
      get() {
        if (this.includeInactiveResults)
          return this.axios.get(`/search/all/${this.query}`)
        else
          return this.axios.get(`/search/${this.query}`)
      },

      // the normal, debounced watcher
      watch: 'query',

      // whenever includeInactiveResults changes,
      // the method will be invoked immediately
      // without any debouncing
      watchClosely: 'includeInactiveResults'
    }
  }
})

Obviously, if you pass debounce: null, then watchClosely will be ignored, since invoking immediately without any debounce is the default behavior.

Also, if you only pass watchClosely, that will automatically infer that debouncing should never be done.

new Vue({
  data: {
    showOldPosts: false
  },
  asyncComputed: {
    searchResults: {
      // a change to showOldPosts
      // should always immediately
      // retrigger a request
      watchClosely: 'showOldPosts',
      get() {
        if (this.showOldPosts) return this.axios.get('/posts')
        else return this.axios.get('/posts/new')
      }
    }
  }
})

Returning a Value Rather Than a Promise

If you don't want a request to be performed, you can directly return a value instead of a promise.

new Vue({
  props: ['articleId'],
  asyncData: {
    article: {
      get() {
        // if you return null
        // the default will be used
        // and no request will be performed
        if (!this.articleId) return null

        // ... or ...

        // doing this will directly set the value
        // and no request will be performed
        if (!this.articleId) return {
          title: "No Article ID!",
          content: "There's nothing there."
        }
        else
          return this.axios.get(`/articles/${this.articleId}`)
      },
      // this will be used if null or undefined
      // are returned either by the get method
      // or by the request it returns
      // or if there's an error
      default: {
        title: "Default Title",
        content: "Default Content"
      }
    }
  }
})

Lazy and Eager

asyncData allows the lazy param, which tells it to not perform its request immediately on creation, and instead set the property as null or the default if you've provided one. It will instead wait for the $refresh method to be called.

new Vue({
  asyncData: {
    article: {
      get() { /* ... */ },
      // won't be triggered until article$refresh is called
      lazy: true, // default 'false'

      // if a default is provided,
      // it will be used until article$refresh is called
      default: {
        title: "Default Title",
        content: "Default content"
      }
    }
  }
})

asyncComputed allows an eager param, which tells it to immediately perform its request on creation, rather than waiting for some user input.

new Vue({
  data: {
    query: 'initial query'
  },
  asyncComputed: {
    searchResults: {
      get() { /* ... */ },
      watch: 'query',
      // will be triggered right away with 'initial query'
      eager: true // default 'false'
    }
  }
})

Transformation Functions

Pass a transform function if you have some processing you'd always like to do with request results. This is convenient if you'd rather not chain then onto promises. You can provide this globally and locally.

Note: this function will only be called if a request is actually made. So if you directly return a value rather than a promise from your get function, transform won't be called.

Vue.use(VueAsyncProperties, {
  // this is the default
  transform(result) {
    return result.data
  }

  // ... or ...
  // doing this will prevent any transforms
  // from being applied in any properties
  transform: null
})

new Vue({
  asyncData: {
    article: {
      get() { /* ... */ },
      // this will override the global transform
      transform(result) {
        return doSomeTransforming(result)
      },

      // ... or ...
      // doing this will prevent any transforms
      // from being applied to this property
      transform: null
    }
  }
})

Pagination

Normal pagination is easy with this library, you just need to use some sort of limit and offset in your requests.

With asyncData:

new Vue({
  data() {
    return {
      pageSize: 10,
      pageNumber: 0
    }
  },
  asyncData: {
    posts() {
      return this.axios.get(`/posts`, {
        params: {
          limit: this.pageSize,
          offset: this.pageSize * this.pageNumber,
        }
      })
    }
  },
  methods: {
    goToPage(page) {
      this.pageNumber = page
      this.posts$refresh()
    }
  }
})

... and with asyncComputed:

const pageSize = 10,
new Vue({
  data() {
    return {
      pageNumber: 0
    }
  },
  asyncComputed: {
    posts: {
      get() {
        return this.axios.get(`/posts`, {
          params: {
            limit: pageSize,
            offset: pageSize * this.pageNumber,
          }
        })
      },
      watchClosely: 'pageNumber'
    }
  }
})

Load More

Doing a "load more" is interesting though, since you need to append new results onto the old ones.

To make a load more situation, pass a more option to your property, giving a method that gets more results to add to the old ones. A $more method will be added to your component that you can call whenever you want to get more results.

const pageSize = 5
new Vue({
  data() {
    return { filter: '' }
  },

  asyncData: {
    posts: {
      get() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
          }
        })
      },

      // this method will get results that will be appended to the old ones
      // it's triggered by the `posts$more` method
      more() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
            offset: this.posts.length,
          }
        })
      }

      // since sometimes the way you add new results
      // to the property won't be a basic array concat
      // you can pass a static concat method that
      // returns a collection with the new results added to it
      more: {
        // this is the default
        concat: (posts, newPosts) => posts.concat(newPosts),
        get() {
          const pageSize = 5
          return this.axios.get(`/posts/${this.filter}`, {
            params: {
              limit: pageSize,
              offset: this.posts.length,
            }
          })
        }
      }
    }

  }
})

Here's an example template:

input.search(v-model="filter")

.posts
  .post(v-for="post in posts") {{ post.title }}

button.load-more(@click="posts$more") Get more posts

For asyncComputed, the watch and watchClosely parameters will still trigger a complete reset of the collection. Only the $more method appends new results.

const pageSize = 5
new Vue({
  data() {
    return { filter: '' }
  },

  asyncComputed: {
    posts: {

      get() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
          }
        })
      },
      watch: 'filter',

      more() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
            offset: this.posts.length,
          }
        })
      }

    }
  }
})

All the other options like transform, error, debounce, will still work the same.

`$more` Returns Last Response

If you need to do some logic based on what the last load more request returned, you can wrap the $more method and get the last response the $more received. This returned value is the raw response, without the transform function called on it.

const pageSize = 10
new Vue({
  data() {
    return { noMoreResults: false }
  },

  asyncData: {
    posts: {
      get() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
          }
        })
      },

      more() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
            offset: this.posts.length,
          }
        })
      }
    }
  },
  async moreHandler() {
    // `$more` handles appending the results,
    // so don't worry about doing that here
    // this just allows you to inspect the last result
    let lastResponse = await this.posts$more()

    this.noMoreResults = lastResponse.data.length < pageSize
  }
})

Watching For Reset Events

Since you might need to be notified when the collection resets based on a watch or watchClosely, you can watch for a propertyName$reset event. It passes the response that came for the reset.

const pageSize = 5
new Vue({
  data() {
    return {
      noResultsReturned: false
    }
  },

  asyncData: {
    posts: {
      get() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
          }
        })
      },

      more() {
        return this.axios.get(`/posts/${this.filter}`, {
          params: {
            limit: pageSize,
            offset: this.posts.length,
          }
        })
      }
    }
  },

  created() {
    // whenever a watch or watchClosely resets the collection,
    // it will $emit this event
    this.$on('posts$reset', (resettingResponse) => {

      // here you can perform whatever logic
      // you need to with the resetttingResponse

      if (resettingResponse.data.length == 0) {
        this.noResultsReturned = true
      }

      this.resetScoller() // or whatever

    })
  }
})

Error Handling

You can set up error handling, either globally (maybe you have some sort of notification tray or alerts), or at the property level.

Vue.use(VueAsyncProperties, {
  error(error) {
    Notification.error({
      title: "error",
      message: error.message,
    })
  }
})

new Vue({
  asyncData: {
    article: {
      get() { /* ... */ },

      // this will override the error handler
      error(error) {
        this.doErrorStuff(error)
      }
    }
  }
})

There is a global default, which simply logs the error to the console:

Vue.use(VueAsyncProperties, {
  error(error) {
    console.error(error)
  }
})

Different naming for Meta Properties

The default naming strategy for the meta properties like loading and pending is propName$metaName. You may prefer a different naming strategy, and you can pass a function for a different one in the global config.

Vue.use(VueAsyncProperties, {
  // for "article" and "loading"
  // "article__Loading"
  meta: (propName, metaName) =>
    `${propName}__${myCapitalize(metaName)}`,

  // ... or ...
  // "$loading_article"
  meta: (propName, metaName) =>
    '$' + metaName + '_' + propName,

  // the default is:
  meta: (propName, metaName) =>
    `${propName}$${metaName}`,
})

Contributing

This package has testing set up with mocha and chai expect. Since many of the tests are on the functionality of Vue components, the vue testing docs are a good place to look for guidance.

If you'd like to contribute, perhaps because you uncovered a bug or would like to add features:

fork the project
clone it locally
write tests to either to reveal the bug you've discovered or cover the features you're adding (write them in the test directory, and take a look at existing tests as well as the mocha, chai expect, and vue testing docs to understand how)
run those tests with npm test (use npm test -- -g "text matching test description" to only run particular tests)
once you're done with development and all tests are passing (including the old ones), submit a pull request!

Comments

TypeError: Cannot read property 'call' of undefined

Hi, me again... thanks for fixing the last issue! Unfortunately I have another error:

[Vue warn]: Error in created hook: "TypeError: Cannot read property 'call' of undefined"

I'm using vue 2.3.4 and webpack 2.3.3.

import Vue from 'vue'
import App from './App'
import router from './router'
import axios from 'axios'
import VueAxios from 'vue-axios'
import VueAsyncProperties from 'vue-async-properties'

Vue.use(VueAxios, axios)
Vue.axios.defaults.baseURL = 'http://localhost:3000/'

Vue.use(VueAsyncProperties)

 export default {
    asyncData: {
      switches() {
        return this.axios.get('/switches')
          .then(response => response.data)
      }
    }
  }

Thanks for the help!

opened by kuhball 6

AsyncData only returning default result.

I'm trying to load an array of values from a "getResources' function that returns a promise:

  asyncData: {
    resources: {
      get() {
        return getResources()
          .then((data) => {
            console.log(`${data.length} resources loaded`);
            return data;
          });
      },
      default: ["some", "default", "data"]
    }
  }

  watch: {
    resources() {
      console.log("resources changes:");
      console.log(this.resources);
    }
  },

I see that the method is called, and I see that it's returning the values I expect, but the "resources" property always returns the default values instead. Is there something obvious I'm missing here?

Thanks!

opened by jbrunken 4

Bump flat and mocha
Bumps flat to 5.0.2 and updates ancestor dependency mocha. These dependencies need to be updated together.

Updates flat from 4.1.0 to 5.0.2

Commits

e5ffd66 Release 5.0.2

fdb79d5 Update dependencies, refresh lockfile, format with standard.

e52185d Test against node 14 in CI.

0189cb1 Avoid arrow function syntax.

f25d3a1 Release 5.0.1

54cc7ad use standard formatting

779816e drop dependencies

2eea6d3 Bump lodash from 4.17.15 to 4.17.19

a61a554 Bump acorn from 7.1.0 to 7.4.0

20ef0ef Fix prototype pollution on unflatten

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by timoxley, a new releaser for flat since your current version.

Updates mocha from 6.2.2 to 10.2.0

Release notes

Sourced from mocha's releases.

v10.2.0

10.2.0 / 2022-12-11

:tada: Enhancements

#4945: API: add possibility to decorate ESM name before import (@j0tunn)

:bug: Fixes

#4946: Browser: color of failed test icon (@kleisauke)

:book: Documentation

#4944: Remove duplicated header (@PauloGoncalvesBH)

v10.1.0

10.1.0 / 2022-10-16

:tada: Enhancements

#4896: Browser: add support for prefers-color-scheme: dark (@greggman)

:nut_and_bolt: Other

#4912: Browser: increase contrast for replay buttons (@JoshuaKGoldberg)

#4905: Use standard Promise.allSettled instead of polyfill (@outsideris)

#4899: Upgrade official GitHub actions to latest (@ddzz)

#4770: Fix regex in function clean(@yetingli)

v10.0.0

10.0.0 / 2022-05-01

:boom: Breaking Changes

#4845: Drop Node.js v12.x support (@juergba)

#4848: Drop Internet-Explorer-11 support (@juergba)

#4857: Drop AMD/RequireJS support (@juergba)

#4866: Drop Growl notification support (@juergba)

#4863: Rename executable bin/mocha to bin/mocha.js (@juergba)

#4865: --ignore option in Windows: upgrade Minimatch (@juergba)

#4861: Remove deprecated Runner signature (@juergba)

:nut_and_bolt: Other

... (truncated)

Changelog

Sourced from mocha's changelog.

10.2.0 / 2022-12-11

:tada: Enhancements

#4945: API: add possibility to decorate ESM name before import (@j0tunn)

:bug: Fixes

#4946: Browser: color of failed test icon (@kleisauke)

:book: Documentation

#4944: Remove duplicated header (@PauloGoncalvesBH)

10.1.0 / 2022-10-16

:tada: Enhancements

#4896: Browser: add support for prefers-color-scheme: dark (@greggman)

:nut_and_bolt: Other

#4912: Browser: increase contrast for replay buttons (@JoshuaKGoldberg)

#4905: Use standard Promise.allSettled instead of polyfill (@outsideris)

#4899: Upgrade official GitHub actions to latest (@ddzz)

#4770: Fix regex in function clean(@yetingli)

10.0.0 / 2022-05-01

:boom: Breaking Changes

#4845: Drop Node.js v12.x support (@juergba)

#4848: Drop Internet-Explorer-11 support (@juergba)

#4857: Drop AMD/RequireJS support (@juergba)

#4866: Drop Growl notification support (@juergba)

#4863: Rename executable bin/mocha to bin/mocha.js (@juergba)

#4865: --ignore option in Windows: upgrade Minimatch (@juergba)

#4861: Remove deprecated Runner signature (@juergba)

:nut_and_bolt: Other

#4878: Update production dependencies (@juergba)

#4876: Add Node.js v18 to CI test matrix (@outsideris)

... (truncated)

Commits

202e9b8 build(v10.2.0): release

6782d6d build(v10.2.0): update CHANGELOG

73bb819 feat(esm): ability to decorate ESM module name before importing it (#4945)

fc4ac58 chore(devDeps): remove unused depedencies (#4949)

0a10ddc docs: remove duplicated header (#4944)

b0a0fb8 fix(browser): failed test icon color (#4946)

3cc9cac ci: update stale action (#4931)

8f3c37b chore(ci): workaround for firefox error (#4933)

5f96d51 build(v10.1.0): release

ed74f16 build(v10.1.0): update CHANGELOG

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by juergba, a new releaser for mocha since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump qs from 6.5.2 to 6.5.3
Bumps qs from 6.5.2 to 6.5.3.

Changelog

Sourced from qs's changelog.

6.5.3

[Fix] parse: ignore __proto__ keys (#428)

[Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source

[Fix] correctly parse nested arrays

[Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)

[Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided

[Fix] when parseArrays is false, properly handle keys ending in []

[Fix] fix for an impossible situation: when the formatter is called with a non-string value

[Fix] utils.merge: avoid a crash with a null target and an array source

[Refactor] utils: reduce observable [[Get]]s

[Refactor] use cached Array.isArray

[Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)

[Refactor] parse: only need to reassign the var once

[Robustness] stringify: avoid relying on a global undefined (#427)

[readme] remove travis badge; add github actions/codecov badges; update URLs

[Docs] Clean up license text so it’s properly detected as BSD-3-Clause

[Docs] Clarify the need for "arrayLimit" option

[meta] fix README.md (#399)

[meta] add FUNDING.yml

[actions] backport actions from main

[Tests] always use String(x) over x.toString()

[Tests] remove nonexistent tape option

[Dev Deps] backport from main

Commits

298bfa5 v6.5.3

ed0f5dc [Fix] parse: ignore __proto__ keys (#428)

691e739 [Robustness] stringify: avoid relying on a global undefined (#427)

1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs

12ac1c4 [meta] fix README.md (#399)

0338716 [actions] backport actions from main

5639c20 Clean up license text so it’s properly detected as BSD-3-Clause

51b8a0b add FUNDING.yml

45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...

f814a7f [Dev Deps] backport from main

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump decode-uri-component from 0.2.0 to 0.2.2
Bumps decode-uri-component from 0.2.0 to 0.2.2.

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2

980e0bf Prevent overwriting previously decoded tokens

3c8a373 0.2.1

76abc93 Switch to GitHub workflows

746ca5d Fix issue where decode throws - fixes #6

486d7e2 Update license (#1)

a650457 Tidelift tasks

66e1c28 Meta tweaks

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump loader-utils from 1.2.3 to 1.4.2
Bumps loader-utils from 1.2.3 to 1.4.2.

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

support the [query] template for the interpolatedName method (#162) (469eeba)

Commits

331ad50 chore(release): 1.4.2

17cbf8f fix: ReDoS problem (#226)

8f082b3 chore(release): 1.4.1

4504e34 fix: security problem (#220)

d95b8b5 chore(release): 1.4.0

cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)

06d36cf chore(release): 1.3.0

469eeba feat: support the [query] template for the interpolatedName method (#162)

909c99d chore: funding.yml config and CI fix (#159)

b5b74f0 Set up CI with Azure Pipelines

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump terser from 4.6.3 to 4.8.1
Bumps terser from 4.6.3 to 4.8.1.

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

Security fix for RegExps that should not be evaluated (regexp DDOS)

v4.8.0

Support for numeric separators (million = 1_000_000) was added.

Assigning properties to a class is now assumed to be pure.

Fixed bug where yield wasn't considered a valid property key in generators.

v4.7.0

A bug was fixed where an arrow function would have the wrong size

arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.

Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

v4.6.13

Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.

Fixed parsing of BigInt with lowercase e in them.

v4.6.12

Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]

Printing of unicode identifiers has been improved

v4.6.11

Read unused classes' properties and method keys, to figure out if they use other variables.

Prevent inlining into block scopes when there are name collisions

Functions are no longer inlined into parameter defaults, because they live in their own special scope.

When inlining identity functions, take into account the fact they may be used to drop this in function calls.

Nullish coalescing operator (x ?? y), plus basic optimization for it.

Template literals in binary expressions such as + have been further optimized

v4.6.10

Do not use reduce_vars when classes are present

v4.6.9

Check if block scopes actually exist in blocks

v4.6.8

Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.

v4.6.7

Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump jsdom from 11.12.0 to 16.5.0
Bumps jsdom from 11.12.0 to 16.5.0.

Release notes

Sourced from jsdom's releases.

Version 16.5.0

Added window.queueMicrotask().

Added window.event.

Added inputEvent.inputType. (diegohaz)

Removed ondragexit from Window and friends, per a spec update.

Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)

Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.

Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)

Fixed the new File() constructor to no longer convert / to :, per a pending spec update.

Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.

Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.

Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.

Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.

Fixed xhr.response to return null for failures that occur during the middle of the download.

Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)

Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)

Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

Version 16.4.0

Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)

Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)

Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)

Fixed el.focus() to do nothing on disconnected elements. (eps1lon)

Fixed el.focus() to work on SVG elements. (zjffun)

Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)

Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)

Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)

Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)

Fixed the valueMissing validation check for <input type="radio">. (zjffun)

Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

Version 16.3.0

Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)

Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)

Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)

Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)

Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)

Fixed drawing an empty canvas into another canvas. (zjffun)

Version 16.2.2

Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)

Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.

Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)

Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.

Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)

Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)

Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.

Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)

Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

... (truncated)

Changelog

Sourced from jsdom's changelog.

16.5.0

Added window.queueMicrotask().

Added window.event.

Added inputEvent.inputType. (diegohaz)

Removed ondragexit from Window and friends, per a spec update.

Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)

Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.

Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)

Fixed the new File() constructor to no longer convert / to :, per a pending spec update.

Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.

Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.

Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.

Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.

Fixed xhr.response to return null for failures that occur during the middle of the download.

Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)

Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)

Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

16.4.0

Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)

Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)

Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)

Fixed el.focus() to do nothing on disconnected elements. (eps1lon)

Fixed el.focus() to work on SVG elements. (zjffun)

Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)

Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)

Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)

Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)

Fixed the valueMissing validation check for <input type="radio">. (zjffun)

Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

16.3.0

Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)

Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)

Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)

Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)

Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)

Fixed drawing an empty canvas into another canvas. (zjffun)

16.2.2

Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)

Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.

Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)

Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.

Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)

Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

... (truncated)

Commits

2d82763 Version 16.5.0

9741311 Fix loading of subresources with Unicode filenames

5e46553 Use domenic's ESLint config as the base

19b35da Fix the URL of about:blank iframes

017568e Support inputType on InputEvent

29f4fdf Upgrade dependencies

e2f7639 Refactor create‑event‑accessor.js to remove code duplication

ff69a75 Convert JSDOM to use callback functions

19df6bc Update links in contributing guidelines

1e34ff5 Test triage

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump ajv from 6.10.2 to 6.12.6
Bumps ajv from 6.10.2 to 6.12.6.

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@sambauers, #1143) Option keywords to add custom keywords (@franciscomorais, #1137) Types fixes (@boenrobot, @MattiAstedrone) Docs:

error logging example (@RadiationSickness)

TypeScript usage notes (@thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

fe59143 6.12.6

d580d3e Merge pull request #1298 from ajv-validator/fix-url

fd36389 fix: regular expression for "url" format

490e34c docs: link to v7-beta branch

9cd93a1 docs: note about v7 in readme

877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type

f1c8e45 6.12.5

764035e Merge branch 'ChALkeR-chalker/fix-comma'

3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...

a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pathval from 1.1.0 to 1.1.1
Bumps pathval from 1.1.0 to 1.1.1.

Release notes

Sourced from pathval's releases.

v1.1.1

Fixes a security issue around prototype pollution.

Commits

db6c3e3 chore: v1.1.1

7859e0e Merge pull request #60 from deleonio/fix/vulnerability-prototype-pollution

49ce1f4 style: correct rule in package.json

c77b9d2 fix: prototype pollution vulnerability + working tests

49031e4 chore: remove very old nodejs

57730a9 chore: update deps and tool configuration

a123018 Merge pull request #55 from chaijs/remove-lgtm

07eb4a8 Delete MAINTAINERS

a0147cd Merge pull request #54 from astorije/patch-1

aebb278 Center repo name on README

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by chai, a new releaser for pathval since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump lodash from 4.17.19 to 4.17.21
Bumps lodash from 4.17.19 to 4.17.21.

Commits

f299b52 Bump to v4.17.21

c4847eb Improve performance of toNumber, trim and trimEnd on large input strings

3469357 Prevent command injection through _.template's variable option

ded9bc6 Bump to v4.17.20.

63150ef Documentation fixes.

00f0f62 test.js: Remove trailing comma.

846e434 Temporarily use a custom fork of lodash-cli.

5d046f3 Re-enable Travis tests on 4.17 branch.

aa816b3 Remove /npm-package.

See full diff in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1