• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to url.href (#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to url.href (#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 2ede36d Release version 1.14.7 of the npm package.
• 8b347cb Drop Cookie header across domains.
• 6f5029a Release version 1.14.6 of the npm package.
• af706be Ignore null headers.
• d01ab7a Release version 1.14.5 of the npm package.
• 40052ea Make compatible with Node 17.
• 86f7572 Fix: clear internal timer on request abort to avoid leakage
• 2e1eaf0 Keep Authorization header on subdomain redirects.
• 2ad9e82 Carry over Host header on relative redirects (#172)
• 77e2a58 Release version 1.14.4 of the npm package.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from core-js's changelog.

3.20.1 - 2021.12.23

• Fixed the order of calling reactions of already fulfilled / rejected promises in Promise.prototype.then, #1026
• Fixed possible memory leaking in specific promise chains
• Fixed some missed dependencies of entries
• Added Deno 1.18 compat data mapping

3.20.0 - 2021.12.16

• Added structuredClone method from the HTML spec, see MDN
  • Includes all cases of cloning and transferring of required ECMAScript and platform types that can be polyfilled, for the details see the caveats
  • Uses native structured cloning algorithm implementations where it's possible
  • Includes the new semantic of errors cloning from html/5749
• Added DOMException polyfill, the Web IDL spec, see MDN
  • Includes DOMException and its attributes polyfills with fixes of many different engines bugs
  • Includes DOMException#stack property polyfill in engines that should have it
  • Reuses native DOMException implementations where it's possible (for example, in old NodeJS where it's not exposed as global)
• Added support of cause on all Error types
• Added Error.prototype.toString method polyfill with fixes of many different bugs of JS engines
• Added Number.prototype.toExponential method polyfill with fixes of many different bugs of JS engines
• Array grouping proposal:
  • Moved to the stage 3
  • Added Array.prototype.groupByToMap method
  • Removed @@species support
• Added change Array by copy stage 2 proposal:
  • Array.prototype.toReversed
  • Array.prototype.toSorted
  • Array.prototype.toSpliced
  • Array.prototype.with
  • %TypedArray%.prototype.toReversed
  • %TypedArray%.prototype.toSorted
  • %TypedArray%.prototype.toSpliced
  • %TypedArray%.prototype.with
• Added Iterator.prototype.toAsync method from the iterator helpers stage 2 proposal
• Array.fromAsync proposal moved to stage 2
• Added String.cooked stage 1 proposal:
• Added Function.prototype.unThis stage 0 proposal
• Added Function.{ isCallable, isConstructor } stage 0 proposal:
  • Function.isCallable
  • Function.isConstructor
• Added a workaround of most cases breakage modern String#at after loading obsolete String#at proposal module, #1019
• Fixed Array.prototype.{ values, @@iterator }.name in V8 ~ Chrome 45-
• Fixed validation of typed arrays in typed arrays iteration methods in V8 ~ Chrome 50-
• Extension of the API, #1012
  • Added a new core-js/actual/** namespace
  • Added entry points for each finished post-ES6 proposal

3.19.3 - 2021.12.06

• Fixed internal slots check in methods of some built-in types, #1017
• Fixed URLSearchParams iterator .next that should be enumerable by the spec
• Refactored Subscription
• Added NodeJS 17.2 compat data mapping

... (truncated)

• 8f22e98 3.20.1
• 5d78d50 fix possible memory leaking in specific promise chains
• 9ffb395 add a clarification
• e287627 fix the order of calling reactions of fulfilled / rejected promises in `Promi...
• 09db127 add promises-es6-tests case
• 24c6889 update dependencies
• d893abd leaving DOMException without Object#toString dependency should be safe
• 065e3d0 fix some more dependencies of entries
• c0461bc fix some missed dependencies of entries
• 0c4d69d Spelling (#1023)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from eslint's releases.

v8.5.0

Features

• 94e77a6 feat: Suggestions support for prefer-regex-literals (#15077) (Yash Singh)
• eafaf52 feat: add prefer-object-has-own rule (#15346) (Nitin Kumar)

Bug Fixes

• 7d832d4 fix: improve prefer-template fixer (#15230) (Nitin Kumar)
• 981fb48 fix: do not report global references in id-match rule (#15420) (Nitin Kumar)
• f13d4a6 fix: improve autofix of prefer-object-has-own (#15419) (Nitin Kumar)
• f4559a0 fix: add helpful message when test case has non-string code/name (#15425) (Bryan Mishkin)

Documentation

• 314c84c docs: add an incorrect code example in for-direction (#15434) (Holger Jeromin)
• 3928175 docs: add destructuring examples for computed-property-spacing (#15423) (Nitin Kumar)
• a53e59e docs: add more examples for array-element-newline rule (#15427) (Nitin Kumar)
• 74cf0a0 docs: update CLA info (#15370) (Nitin Kumar)
• e84195e docs: fix heading level for an option in class-methods-use-this rule (#15399) (Takuya Fukuju)

Chores

• 225f211 test: add destructuring test cases for computed-property-spacing (#15424) (Nitin Kumar)
• f2c7ba6 ci: use node v16 for macOS and windows jobs (#15418) (Nitin Kumar)

v8.4.1

Bug Fixes

• 234e3d9 fix: revert changes to reported locations in max-lines-per-function (#15397) (Milos Djermanovic)

Documentation

• fa4d483 docs: fix typo in example for sort-keys rule (#15393) (Nitin Kumar)

v8.4.0

Features

• 5771663 feat: add allowReserved parser option (#15387) (Milos Djermanovic)
• 32ac37a feat: Flat config support in Linter (refs #13481) (#15185) (Nicholas C. Zakas)
• d041f34 feat: Treat Class/New Expressions as truthy in no-constant-condition (#15326) (Jordan Eldredge)
• 8f44cf5 feat: report only lines that exceed the limit in max-lines-per-function (#15140) (Sneh Khatri)
• 808ad35 feat: pass cwd to formatters (refs eslint/rfcs#57) (#13392) (Toru Nagashima)
• f1b7499 feat: support async formatters (#15243) (MO)

Bug Fixes

• 4940cc5 fix: mark --rulesdir option as deprecated in CLI docs (#15310) (Kevin Partington)

Documentation

• 54deec5 docs: update integrations.md (#15380) (Vlad Sholokhov)
• fa0423a docs: fix typo in PR template (#15365) (Nitin Kumar)
• e233920 docs: enable a few more markdownlint rules and fix violations (#15368) (Bryan Mishkin)
• 632176d docs: Dedent needlessly indented example in getter-return docs (#15363) (Jordan Eldredge)
• 4497e88 docs: Update release notes blog post template (#15285) (Nicholas C. Zakas)

Chores

• efede90 chore: upgrade @​eslint/eslintrc@​1.0.5 (#15389) (Milos Djermanovic)

... (truncated)

Sourced from eslint's changelog.

v8.5.0 - December 17, 2021

• 7d832d4 fix: improve prefer-template fixer (#15230) (Nitin Kumar)
• 94e77a6 feat: Suggestions support for prefer-regex-literals (#15077) (Yash Singh)
• 314c84c docs: add an incorrect code example in for-direction (#15434) (Holger Jeromin)
• 981fb48 fix: do not report global references in id-match rule (#15420) (Nitin Kumar)
• 3928175 docs: add destructuring examples for computed-property-spacing (#15423) (Nitin Kumar)
• 225f211 test: add destructuring test cases for computed-property-spacing (#15424) (Nitin Kumar)
• f13d4a6 fix: improve autofix of prefer-object-has-own (#15419) (Nitin Kumar)
• f4559a0 fix: add helpful message when test case has non-string code/name (#15425) (Bryan Mishkin)
• a53e59e docs: add more examples for array-element-newline rule (#15427) (Nitin Kumar)
• f2c7ba6 ci: use node v16 for macOS and windows jobs (#15418) (Nitin Kumar)
• eafaf52 feat: add prefer-object-has-own rule (#15346) (Nitin Kumar)
• 74cf0a0 docs: update CLA info (#15370) (Nitin Kumar)
• e84195e docs: fix heading level for an option in class-methods-use-this rule (#15399) (Takuya Fukuju)

v8.4.1 - December 6, 2021

• 234e3d9 fix: revert changes to reported locations in max-lines-per-function (#15397) (Milos Djermanovic)
• fa4d483 docs: fix typo in example for sort-keys rule (#15393) (Nitin Kumar)

v8.4.0 - December 3, 2021

• efede90 chore: upgrade @​eslint/eslintrc@​1.0.5 (#15389) (Milos Djermanovic)
• 5771663 feat: add allowReserved parser option (#15387) (Milos Djermanovic)
• 32ac37a feat: Flat config support in Linter (refs #13481) (#15185) (Nicholas C. Zakas)
• 54deec5 docs: update integrations.md (#15380) (Vlad Sholokhov)
• d041f34 feat: Treat Class/New Expressions as truthy in no-constant-condition (#15326) (Jordan Eldredge)
• 8f44cf5 feat: report only lines that exceed the limit in max-lines-per-function (#15140) (Sneh Khatri)
• fa0423a docs: fix typo in PR template (#15365) (Nitin Kumar)
• 0b8c846 chore: fix update-readme to avoid multiple consecutive blank lines (#15375) (Milos Djermanovic)
• 808ad35 feat: pass cwd to formatters (refs eslint/rfcs#57) (#13392) (Toru Nagashima)
• 94b2a8b chore: Use default Chromium binary in M1 Mac tests (#15371) (Brandon Mills)
• 4940cc5 fix: mark --rulesdir option as deprecated in CLI docs (#15310) (Kevin Partington)
• e233920 docs: enable a few more markdownlint rules and fix violations (#15368) (Bryan Mishkin)
• ba58d94 ci: use node v16 for Verify Files (#15364) (Nitin Kumar)
• 632176d docs: Dedent needlessly indented example in getter-return docs (#15363) (Jordan Eldredge)
• 4497e88 docs: Update release notes blog post template (#15285) (Nicholas C. Zakas)
• f1b7499 feat: support async formatters (#15243) (MO)
• 1e32ee5 chore: add jsdoc type annotation to rules (#15291) (Bryan Mishkin)

v8.3.0 - November 21, 2021

• 60b0a29 feat: add allowProperties option to require-atomic-updates (#15238) (Milos Djermanovic)
• 79278a1 feat: update no-use-before-define for class static blocks (#15312) (Milos Djermanovic)
• 8aa7645 fix: update vars-on-top for class static blocks (#15306) (Milos Djermanovic)
• 479a4cb fix: update semi-style for class static blocks (#15309) (Milos Djermanovic)
• ddd01dc feat: update no-redeclare for class static blocks (#15313) (Milos Djermanovic)
• de69cec feat: update no-inner-declarations for class static blocks (#15290) (Milos Djermanovic)
• e2fe7ef feat: support for private-in syntax (fixes #14811) (#15060) (Yosuke Ota)

... (truncated)

• 9d951ac 8.5.0
• 6ff5609 Build: changelog update for 8.5.0
• 7d832d4 fix: improve prefer-template fixer (#15230)
• 94e77a6 feat: Suggestions support for prefer-regex-literals (#15077)
• 314c84c docs: add an incorrect code example in for-direction (#15434)
• 981fb48 fix: do not report global references in id-match rule (#15420)
• 3928175 docs: add destructuring examples for computed-property-spacing (#15423)
• 225f211 test: add destructuring test cases for computed-property-spacing (#15424)
• f13d4a6 fix: improve autofix of prefer-object-has-own (#15419)
• f4559a0 fix: add helpful message when test case has non-string code/name (#15425)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from core-js's changelog.

3.20.0 - 2021.12.16

• Added structuredClone method from the HTML spec, see MDN
  • Includes all cases of cloning and transferring of required ECMAScript and platform types that can be polyfilled, for the details see the caveats
  • Uses native structured cloning algorithm implementations where it's possible
  • Includes the new semantic of errors cloning from html/5749
• Added DOMException polyfill, the Web IDL spec, see MDN
  • Includes DOMException and its attributes polyfills with fixes of many different engines bugs
  • Includes DOMException#stack property polyfill in engines that should have it
  • Reuses native DOMException implementations where it's possible (for example, in old NodeJS where it's not exposed as global)
• Added support of cause on all Error types
• Added Error.prototype.toString method polyfill with fixes of many different bugs of JS engines
• Added Number.prototype.toExponential method polyfill with fixes of many different bugs of JS engines
• Array grouping proposal:
  • Moved to the stage 3
  • Added Array.prototype.groupByToMap method
  • Removed @@species support
• Added change Array by copy stage 2 proposal:
  • Array.prototype.toReversed
  • Array.prototype.toSorted
  • Array.prototype.toSpliced
  • Array.prototype.with
  • %TypedArray%.prototype.toReversed
  • %TypedArray%.prototype.toSorted
  • %TypedArray%.prototype.toSpliced
  • %TypedArray%.prototype.with
• Added Iterator.prototype.toAsync method from the iterator helpers stage 2 proposal
• Array.fromAsync proposal moved to stage 2
• Added String.cooked stage 1 proposal:
• Added Function.prototype.unThis stage 0 proposal
• Added Function.{ isCallable, isConstructor } stage 0 proposal:
  • Function.isCallable
  • Function.isConstructor
• Added a workaround of most cases breakage modern String#at after loading obsolete String#at proposal module, #1019
• Fixed Array.prototype.{ values, @@iterator }.name in V8 ~ Chrome 45-
• Fixed validation of typed arrays in typed arrays iteration methods in V8 ~ Chrome 50-
• Extension of the API, #1012
  • Added a new core-js/actual/** namespace
  • Added entry points for each finished post-ES6 proposal

3.19.3 - 2021.12.06

• Fixed internal slots check in methods of some built-in types, #1017
• Fixed URLSearchParams iterator .next that should be enumerable by the spec
• Refactored Subscription
• Added NodeJS 17.2 compat data mapping

3.19.2 - 2021.11.29

• Added a workaround for a UC Browser specific version bug with unobservable RegExp#sticky flag, #1008, #1015
• Added handling of comments and specific spaces to Function#name polyfill, #1010, thanks @​ildar-shaimordanov
• Prevented some theoretical cases of breaking / observing the internal state by patching Array.prototype[@@species]
• Refactored URL and URLSearchParams

... (truncated)

• 29590d0 3.20.0
• 65a85a4 update the changelog
• cafe9ec Merge pull request #1012 from zloirock/api
• 55fdcb8 update the readme
• e9168f0 add logo
• 9d9833c update .groupBy
• cafdde7 add a structuredClone example
• c124e00 add entries for recently added features
• 132649b update the changelog
• 14aed14 remove mention of /web/ namespace from the readme
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from @​vue/compiler-sfc's releases.

v3.2.26

Please refer to CHANGELOG.md for details.

v3.2.25

Please refer to CHANGELOG.md for details.

v3.2.24

Please refer to CHANGELOG.md for details.

v3.2.23

Please refer to CHANGELOG.md for details.

v3.2.22

Please refer to CHANGELOG.md for details.

v3.2.21

Please refer to CHANGELOG.md for details.

v3.2.20

Please refer to CHANGELOG.md for details.

v3.2.19

Please refer to CHANGELOG.md for details.

v3.2.18

Please refer to CHANGELOG.md for details.

v3.2.17

Please refer to CHANGELOG.md for details.

v3.2.16

Please refer to CHANGELOG.md for details.

v3.2.15

Please refer to CHANGELOG.md for details.

v3.2.14

Please refer to CHANGELOG.md for details.

v3.2.13

Please refer to CHANGELOG.md for details.

v3.2.12

Please refer to CHANGELOG.md for details.

v3.2.11

Please refer to CHANGELOG.md for details.

v3.2.10

Please refer to CHANGELOG.md for details.

... (truncated)

Sourced from @​vue/compiler-sfc's changelog.

3.2.26 (2021-12-12)

3.2.25 (2021-12-12)

Bug Fixes

• compiler-sfc: generate valid TS in script and script setup co-usage with TS (7e4f0a8), closes #5094
• compiler: force block for custom dirs and inline beforeUpdate hooks (1c9a481)
• runtime-core: disallow recurse in vnode/directive beforeUpdate hooks (a1167c5)

Features

• compiler-core: support aliasing vue: prefixed events to inline vnode hooks (4b0ca87)
• experimental: allow const for ref sugar declarations (9823bd9)
• reactivity-transform/types: restructure macro types + export types for all shorthand methods (db729ce)
• reactivity-transform: $$() escape for destructured prop bindings (198ca14)
• reactivity-transform: rename @​vue/ref-transform to @​vue/reactivity-transform (d70fd8d)
• reactivity-transform: support $-shorthands for all ref-creating APIs (179fc05)
• reactivity-transform: support optionally importing macros (fbd0fe9)
• reactivity-transform: use toRef() for $() destructure codegen (93ba6b9)
• reactivity: support default value in toRef() (2db9c90)
• sfc-playground: add github link (#5067) (9ac0dde)
• sfc-playground: prevent ctrl+s default behavior (#5066) (b027507)
• support ref in v-for, remove compat deprecation warnings (41c18ef)

3.2.24 (2021-12-06)

Bug Fixes

• compat: maintain compatConfig option in legacy functional comp (#4974) (ee97cf5)
• compiler-dom: avoid bailing stringification on setup const bindings (29beda7)
• compiler-sfc: make asset url imports stringifiable (87c73e9)
• package: ensure ref-macros export is recognized by vue-tsc (#5003) (f855269)
• runtime-core: handle initial undefined attrs (#5017) (6d887aa), closes #5016
• types/reactivity: export ShallowRef type (#5026) (523b4b7), closes #5205

Features

• types/script-setup: add generic type to defineExpose (#5035) (34985fe)

... (truncated)

• ccb6651 release: v3.2.26
• 756534b release: v3.2.25
• d6be340 types(compiler-sfc): export additional types
• 7e4f0a8 fix(compiler-sfc): generate valid TS in script and script setup co-usage with TS
• ea1fcfb chore: bump babel deps
• d70fd8d feat(reactivity-transform): rename @​vue/ref-transform to @​vue/reactivity-tran...
• f4dcbbc chore: fix build
• 198ca14 feat(reactivity-transform): $$() escape for destructured prop bindings
• 93ba6b9 feat(reactivity-transform): use toRef() for $() destructure codegen
• d955cfa release: v3.2.24
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from @​vue/compiler-sfc's releases.

v3.2.24

Please refer to CHANGELOG.md for details.

v3.2.23

Please refer to CHANGELOG.md for details.

v3.2.22

Please refer to CHANGELOG.md for details.

v3.2.21

Please refer to CHANGELOG.md for details.

v3.2.20

Please refer to CHANGELOG.md for details.

v3.2.19

Please refer to CHANGELOG.md for details.

v3.2.18

Please refer to CHANGELOG.md for details.

v3.2.17

Please refer to CHANGELOG.md for details.

v3.2.16

Please refer to CHANGELOG.md for details.

v3.2.15

Please refer to CHANGELOG.md for details.

v3.2.14

Please refer to CHANGELOG.md for details.

v3.2.13

Please refer to CHANGELOG.md for details.

v3.2.12

Please refer to CHANGELOG.md for details.

v3.2.11

Please refer to CHANGELOG.md for details.

v3.2.10

Please refer to CHANGELOG.md for details.

v3.2.9

Please refer to CHANGELOG.md for details.

v3.2.8

Please refer to CHANGELOG.md for details.

... (truncated)

Sourced from @​vue/compiler-sfc's changelog.

3.2.24 (2021-12-06)

Bug Fixes

• compat: maintain compatConfig option in legacy functional comp (#4974) (ee97cf5)
• compiler-dom: avoid bailing stringification on setup const bindings (29beda7)
• compiler-sfc: make asset url imports stringifiable (87c73e9)
• package: ensure ref-macros export is recognized by vue-tsc (#5003) (f855269)
• runtime-core: handle initial undefined attrs (#5017) (6d887aa), closes #5016
• types/reactivity: export ShallowRef type (#5026) (523b4b7), closes #5205

Features

• types/script-setup: add generic type to defineExpose (#5035) (34985fe)

3.2.23 (2021-11-26)

Bug Fixes

• reactivity: retain readonly proxies when setting as reactive property (d145128), closes #4986
• runtime-core: fix component public instance has check for accessed non-existent properties (aac0466), closes #4962
• runtime-core: handle error in async KeepAlive hooks (#4978) (820a143)
• runtime-dom: fix option element value patching edge case (#4959) (89b2f92), closes #4956
• runtime-dom: patchDOMProps should not set _value if element is custom element (#4839) (1701bf3)
• types: export ref-macros.d.ts (1245709)
• types: fix propType type inference (#4985) (3c449cd), closes #4983
• types: scrip-setup+ts: ensure proper handling of null as default prop value. (#4979) (f2d2d7b), closes #4868

Features

• compiler-sfc: export resolveTemplateUsageCheckString for HMR plugin use (#4908) (c61baac)
• compiler-sfc: expose properties for more accurate HMR (68c45e7), closes #4358 #4908

3.2.22 (2021-11-15)

Bug Fixes

• compiler-sfc: add type for props include Function in prod mode (#4938) (9c42a1e)
• compiler-sfc: add type for props's properties in prod mode (#4790) (090df08), closes #4783
• compiler-sfc: externalRE support automatic http/https prefix url pattern (#4922) (574070f), closes #4920
• compiler-sfc: fix expose codegen edge case (#4919) (31fd590), closes #4917

... (truncated)

• d955cfa release: v3.2.24
• d70dd9f chore(compiler-sfc): fix typo in comments (#5029)
• 29beda7 fix(compiler-dom): avoid bailing stringification on setup const bindings
• 87c73e9 fix(compiler-sfc): make asset url imports stringifiable
• 2d4f455 chore(compiler-sfc): fix typo in compileScript (#5000)
• b6a8a45 release: v3.2.23
• 68c45e7 feat(compiler-sfc): expose properties for more accurate HMR
• c61baac feat(compiler-sfc): export resolveTemplateUsageCheckString for HMR plugin use...
• c17cbdc refactor: use refTransform instead of deprecated refSugar (#4957)
• 635d88a release: v3.2.22
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from eslint's releases.

v8.4.1

Bug Fixes

• 234e3d9 fix: revert changes to reported locations in max-lines-per-function (#15397) (Milos Djermanovic)

Documentation

• fa4d483 docs: fix typo in example for sort-keys rule (#15393) (Nitin Kumar)

v8.4.0

Features

• 5771663 feat: add allowReserved parser option (#15387) (Milos Djermanovic)
• 32ac37a feat: Flat config support in Linter (refs #13481) (#15185) (Nicholas C. Zakas)
• d041f34 feat: Treat Class/New Expressions as truthy in no-constant-condition (#15326) (Jordan Eldredge)
• 8f44cf5 feat: report only lines that exceed the limit in max-lines-per-function (#15140) (Sneh Khatri)
• 808ad35 feat: pass cwd to formatters (refs eslint/rfcs#57) (#13392) (Toru Nagashima)
• f1b7499 feat: support async formatters (#15243) (MO)

Bug Fixes

• 4940cc5 fix: mark --rulesdir option as deprecated in CLI docs (#15310) (Kevin Partington)

Documentation

• 54deec5 docs: update integrations.md (#15380) (Vlad Sholokhov)
• fa0423a docs: fix typo in PR template (#15365) (Nitin Kumar)
• e233920 docs: enable a few more markdownlint rules and fix violations (#15368) (Bryan Mishkin)
• 632176d docs: Dedent needlessly indented example in getter-return docs (#15363) (Jordan Eldredge)
• 4497e88 docs: Update release notes blog post template (#15285) (Nicholas C. Zakas)

Chores

• efede90 chore: upgrade @​eslint/eslintrc@​1.0.5 (#15389) (Milos Djermanovic)
• 0b8c846 chore: fix update-readme to avoid multiple consecutive blank lines (#15375) (Milos Djermanovic)
• 94b2a8b chore: Use default Chromium binary in M1 Mac tests (#15371) (Brandon Mills)
• ba58d94 ci: use node v16 for Verify Files (#15364) (Nitin Kumar)
• 1e32ee5 chore: add jsdoc type annotation to rules (#15291) (Bryan Mishkin)

v8.3.0

Features

• 60b0a29 feat: add allowProperties option to require-atomic-updates (#15238) (Milos Djermanovic)
• 79278a1 feat: update no-use-before-define for class static blocks (#15312) (Milos Djermanovic)
• ddd01dc feat: update no-redeclare for class static blocks (#15313) (Milos Djermanovic)
• de69cec feat: update no-inner-declarations for class static blocks (#15290) (Milos Djermanovic)
• e2fe7ef feat: support for private-in syntax (fixes #14811) (#15060) (Yosuke Ota)
• 34bc8d7 feat: Update espree and eslint-scope (#15338) (Brandon Mills)
• b171cd7 feat: update max-depth for class static blocks (#15316) (Milos Djermanovic)
• 6487df3 feat: update padded-blocks for class static blocks (#15333) (Milos Djermanovic)
• 194f36d feat: update the complexity rule for class static blocks (#15328) (Milos Djermanovic)
• 3530337 feat: update the indent rule for class static blocks (#15324) (Milos Djermanovic)
• f03cd14 feat: update lines-around-comment for class static blocks (#15323) (Milos Djermanovic)
• 5c64747 feat: update brace-style for class static blocks (#15322) (Milos Djermanovic)
• df2f1cc feat: update max-statements for class static blocks (#15315) (Milos Djermanovic)
• fd5a0b8 feat: update prefer-const for class static blocks (#15325) (Milos Djermanovic)
• b3669fd feat: code path analysis for class static blocks (#15282) (Milos Djermanovic)

... (truncated)

Sourced from eslint's changelog.

v8.4.1 - December 6, 2021

• 234e3d9 fix: revert changes to reported locations in max-lines-per-function (#15397) (Milos Djermanovic)
• fa4d483 docs: fix typo in example for sort-keys rule (#15393) (Nitin Kumar)

v8.4.0 - December 3, 2021

• efede90 chore: upgrade @​eslint/eslintrc@​1.0.5 (#15389) (Milos Djermanovic)
• 5771663 feat: add allowReserved parser option (#15387) (Milos Djermanovic)
• 32ac37a feat: Flat config support in Linter (refs #13481) (#15185) (Nicholas C. Zakas)
• 54deec5 docs: update integrations.md (#15380) (Vlad Sholokhov)
• d041f34 feat: Treat Class/New Expressions as truthy in no-constant-condition (#15326) (Jordan Eldredge)
• 8f44cf5 feat: report only lines that exceed the limit in max-lines-per-function (#15140) (Sneh Khatri)
• fa0423a docs: fix typo in PR template (#15365) (Nitin Kumar)
• 0b8c846 chore: fix update-readme to avoid multiple consecutive blank lines (#15375) (Milos Djermanovic)
• 808ad35 feat: pass cwd to formatters (refs eslint/rfcs#57) (#13392) (Toru Nagashima)
• 94b2a8b chore: Use default Chromium binary in M1 Mac tests (#15371) (Brandon Mills)
• 4940cc5 fix: mark --rulesdir option as deprecated in CLI docs (#15310) (Kevin Partington)
• e233920 docs: enable a few more markdownlint rules and fix violations (#15368) (Bryan Mishkin)
• ba58d94 ci: use node v16 for Verify Files (#15364) (Nitin Kumar)
• 632176d docs: Dedent needlessly indented example in getter-return docs (#15363) (Jordan Eldredge)
• 4497e88 docs: Update release notes blog post template (#15285) (Nicholas C. Zakas)
• f1b7499 feat: support async formatters (#15243) (MO)
• 1e32ee5 chore: add jsdoc type annotation to rules (#15291) (Bryan Mishkin)

v8.3.0 - November 21, 2021

• 60b0a29 feat: add allowProperties option to require-atomic-updates (#15238) (Milos Djermanovic)
• 79278a1 feat: update no-use-before-define for class static blocks (#15312) (Milos Djermanovic)
• 8aa7645 fix: update vars-on-top for class static blocks (#15306) (Milos Djermanovic)
• 479a4cb fix: update semi-style for class static blocks (#15309) (Milos Djermanovic)
• ddd01dc feat: update no-redeclare for class static blocks (#15313) (Milos Djermanovic)
• de69cec feat: update no-inner-declarations for class static blocks (#15290) (Milos Djermanovic)
• e2fe7ef feat: support for private-in syntax (fixes #14811) (#15060) (Yosuke Ota)
• 34bc8d7 feat: Update espree and eslint-scope (#15338) (Brandon Mills)
• b171cd7 feat: update max-depth for class static blocks (#15316) (Milos Djermanovic)
• 6487df3 feat: update padded-blocks for class static blocks (#15333) (Milos Djermanovic)
• 194f36d feat: update the complexity rule for class static blocks (#15328) (Milos Djermanovic)
• 3530337 feat: update the indent rule for class static blocks (#15324) (Milos Djermanovic)
• f03cd14 feat: update lines-around-comment for class static blocks (#15323) (Milos Djermanovic)
• 5c64747 feat: update brace-style for class static blocks (#15322) (Milos Djermanovic)
• df2f1cc feat: update max-statements for class static blocks (#15315) (Milos Djermanovic)
• fd5a0b8 feat: update prefer-const for class static blocks (#15325) (Milos Djermanovic)
• b3669fd feat: code path analysis for class static blocks (#15282) (Milos Djermanovic)
• 15c1397 feat: update eslint-scope for class static blocks (#15321) (Milos Djermanovic)
• 1a1bb4b feat: update one-var for class static blocks (#15317) (Milos Djermanovic)
• 9b666e0 feat: update padding-line-between-statements for class static blocks (#15318) (Milos Djermanovic)
• 6b85426 docs: Expand --debug option description in the CLI documentation (#15308) (darkred)
• 3ae5258 docs: the strict rule does not apply to class static blocks (#15314) (Milos Djermanovic)
• 6d1c666 fix: update no-invalid-this and no-eval for class static blocks (#15300) (Milos Djermanovic)

... (truncated)

• db40376 8.4.1
• 6a78788 Build: changelog update for 8.4.1
• 234e3d9 fix: revert changes to reported locations in max-lines-per-function (#15397)
• fa4d483 docs: fix typo in example for sort-keys rule (#15393)
• 60f6a06 8.4.0
• 44936d2 Build: changelog update for 8.4.0
• efede90 chore: upgrade @​eslint/eslintrc@​1.0.5 (#15389)
• 5771663 feat: add allowReserved parser option (#15387)
• 32ac37a feat: Flat config support in Linter (refs #13481) (#15185)
• 54deec5 docs: update integrations.md (#15380)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

• New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
• Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
• Fix: Spelling mistakes have been fixed. (#196)

v2.1.0

• New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

v2.0.1

• Fix: The browser builds in the dist directory support ES5. (#182)

v2.0.0

• Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

• New: Support for Unicode 10 has been added.

• New: The test framework has been migrated from Mocha to Tap.

• New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

• Fix: The warning has been made clearer when line and paragraph separators are

... (truncated)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Sourced from @​vue/cli-plugin-babel's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-plugin-babel's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 4a0655f v5.0.7
• ef08a08 v5.0.6
• 98c66c9 v5.0.5
• ca97fc2 v5.0.4
• dd53f26 v5.0.3
• a859b1f v5.0.2
• 92d80a8 v5.0.1
• c913cdc v5.0.0
• 75a6d69 v5.0.0-rc.3
• Additional commits viewable in compare view

Sourced from @​vue/cli-plugin-eslint's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-plugin-eslint's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 4a0655f v5.0.7
• ef08a08 v5.0.6
• 98c66c9 v5.0.5
• ca97fc2 v5.0.4
• dd53f26 v5.0.3
• a859b1f v5.0.2
• 92d80a8 v5.0.1
• c913cdc v5.0.0
• 75a6d69 v5.0.0-rc.3
• Additional commits viewable in compare view

Sourced from @​vue/cli-service's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-service's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 0260e4d fix: add devServer.server.type to useHttps judgement (#7222)
• 4a0655f v5.0.7
• beffe8a fix: allow disabling progress plugin via devServer.client.progress
• 558dea2 fix: support devServer.server option, avoid deprecation warning
• bddd64d fix: optimize the judgment on whether HTTPS has been set in options (#7202)
• ef08a08 v5.0.6
• fcf27e3 fixup! fix: compatibility with Vue 2.7
• a648958 fix: compatibility with Vue 2.7
• 98c66c9 v5.0.5
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

• New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
• Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
• Fix: Spelling mistakes have been fixed. (#196)

v2.1.0

• New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

v2.0.1

• Fix: The browser builds in the dist directory support ES5. (#182)

v2.0.0

• Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

• New: Support for Unicode 10 has been added.

• New: The test framework has been migrated from Mocha to Tap.

• New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

• Fix: The warning has been made clearer when line and paragraph separators are

... (truncated)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Sourced from @​vue/cli-plugin-babel's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-plugin-babel's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 4a0655f v5.0.7
• ef08a08 v5.0.6
• 98c66c9 v5.0.5
• ca97fc2 v5.0.4
• dd53f26 v5.0.3
• a859b1f v5.0.2
• 92d80a8 v5.0.1
• c913cdc v5.0.0
• 75a6d69 v5.0.0-rc.3
• Additional commits viewable in compare view

Sourced from @​vue/cli-service's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-service's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 0260e4d fix: add devServer.server.type to useHttps judgement (#7222)
• 4a0655f v5.0.7
• beffe8a fix: allow disabling progress plugin via devServer.client.progress
• 558dea2 fix: support devServer.server option, avoid deprecation warning
• bddd64d fix: optimize the judgment on whether HTTPS has been set in options (#7202)
• ef08a08 v5.0.6
• fcf27e3 fixup! fix: compatibility with Vue 2.7
• a648958 fix: compatibility with Vue 2.7
• 98c66c9 v5.0.5
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

... (truncated)

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]

... (truncated)

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: [email protected]
• f56ce73 build: [email protected]
• 24b3dc5 deps: [email protected]
• 689d175 deps: [email protected]
• 340be0f build: [email protected]
• 33e8dc3 docs: use Node.js name style
• 644f646 build: [email protected]
• ecd7572 build: [email protected]
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

... (truncated)

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]

... (truncated)

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: [email protected]
• f56ce73 build: [email protected]
• 24b3dc5 deps: [email protected]
• 689d175 deps: [email protected]
• 340be0f build: [email protected]
• 33e8dc3 docs: use Node.js name style
• 644f646 build: [email protected]
• ecd7572 build: [email protected]
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.