Type safe state management inspired by Vuex

Last update: Nov 27, 2022

Overview

Sinai

Type safe state management inspired by Vuex.

This library includes many type level hacks. Use at your own risk and do not use if you are unsure about the mechanism under the hood.

If you search a production ready state management solution, take a look vuex-smart-module

Requirements

Vue >= 2.5
TypeScript >= 2.8

Examples

import { store as createStore, module, Getters, Mutations, Actions } from 'sinai'

// Declare the module state and its initial value
class CounterState {
  count = 0
}

// Declare getters
class CounterGetters extends Getters<CounterState>() {
  get half () {
    return this.state.count / 2
  }
}

// Declare mutations
class CounterMutations extends Mutations<CounterState>() {
  inc () {
    this.state.count += 1
  }

  dec () {
    this.state.count -= 1
  }
}

// Declare actions
class CounterActions extends Actions<CounterState, CounterGetters, CounterMutations>() {
  asyncInc (ms: number) {
    console.log('count: ' + this.state.count)
    console.log('half: ' + this.getters.half)

    return new Promise(resolve => {
      setTimeout(() => {
        this.mutations.inc()
        resolve()
      }, ms)
    })
  }
}

// Create module by composing state/getters/mutations/actions
const counter = module({
  state: CounterState,
  getters: CounterGetters,
  mutations: CounterMutations,
  actions: CounterActions
})

// Create root module
const root = module().child('counter', counter)

// Create store
const store = createStore(root, {
  strict: process.env.NODE_ENV !== 'production'
})

// These will be all type checked
console.log(store.state.counter.count)
console.log(store.getters.counter.half)
store.actions.counter.asyncInc(1000)
store.mutations.counter.inc()

For other examples, see tests.

License

MIT

Comments

Cross module dependencies

Hello there!

I've recently started using your library since I really love the type safety it brings. However I've hit a major roadblock. I have two modules (user session & current document="adventure" being edited) which some other modules depend on.

However, I cannot simply import my store in these modules without triggering a TypeScript compiler error due to it being a cyclic dependency: 'store' implicitly has type 'any' because it does not have a type annotation and is referenced directly or indirectly in its own initializer.ts(7022)

index.ts: [...snip...]

Room.ts: [...snip...] [...snip...]

If I remove the store import in the first line of the Room.ts screenshot everything compiles just fine.

I've tried some hacks such as accessing the private member store of the __proxy__ variable, but it always leads to the same error.

How would one introduce depenencies on other moduels with this library?

Thanks for your time!

opened by SachsKaylee 5

To use this.$store in Vue Component

Set up as below code

import * as Sinai from 'sinai'
import aside from './aside'
import Vue from 'vue'

Vue.use(Sinai)

const root = Sinai.module().child('aside', aside())

export const store =  Sinai.store(root, {
  strict: process.env.DEV,
})


class Fake {
  get store() {
    return store
  }
}

declare module 'vue/types/vue' {
  interface Vue {
    $store: typeof Fake.prototype.store
  }
}

export default () => (store)

Now you can use this.$store like below

  import {Component, Vue} from 'vue-property-decorator'
  import store from 'src/store'

  @Component
  export default class IndexPage extends Vue {

    meta: {

    }

    mounted() {
      console.log(store().state.aside.version)
    }
  }

opened by bichikim 3

Mutations of parent classes not recognized in DevTools
Mutations are not recognized in the dev tools if the mutation method is located in a parent class and called on a sub class.

This is my current implementation:

abstract class AbstractMutations extends Mutations { myMutation() { ... } }

And this is the mutations class that the mutation gets called on:

class ConcreteMutations extends AbstractMutations { }

The app is working as expected, it's just not debuggable like that.
opened by econic 3
No store type when using module().child(...) as per README
Hi,

When I try to reproduce the code on the README, I get Property 'counter' does not exist on type '{}' error when doing store.state.counter.count

The store declaration is

// Create root module const root = module().child('counter', counter) // Create store const rootStore = store(root, { strict: process.env.NODE_ENV !== 'production' })

But if I pass the counter module instead, it works as expected when doing store.state.count :

// Create store const rootStore = store(counter, { // <-- strict: process.env.NODE_ENV !== 'production' })

and I couldn't figure out how to make "module()" work. Is there something I'm missing? What I want is to partition my store in several modules.
opened by fnzr 2
typing conlfict: store VueStore

I get the following error:

Subsequent variable declarations must have the same type. Variable 'store' must be of type 'VueStore<any, any, any, any> | undefined', but here has type 'Store | undefined'.

It seems that the sinai VueStore Interface is conflicting with the vue Store interface

I am using nuxtjs. This might play a role.

opened by christophmayrhofer 2
chore(deps-dev): bump @types/node from 13.13.0 to 16.4.1
Bumps @types/node from 13.13.0 to 16.4.1.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
chore(deps-dev): bump @types/node from 13.13.0 to 16.3.3
Bumps @types/node from 13.13.0 to 16.3.3.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
chore(deps-dev): bump vue-loader from 15.9.1 to 16.3.1
Bumps vue-loader from 15.9.1 to 16.3.1.

Release notes

Sourced from vue-loader's releases.

v16.3.0

Features

pass on compilerOptions and refSugar when using <script setup> (7137294)

v16.2.0

Features

enable :slotted usage detection (66a3759)

v16.1.2

Note: vue-loader v16 is for Vue 3 only.

Bug Fixes

resourceQuery could be undefined in webpack 5 (6a1ee76), closes #1771

v16.1.1

fix inconsistent scope Ids for css var injection via v-bind() (vuejs/vue-next#2721)

v16.1.0

New Features

feat: allow manually specifying whether server-rendering is targeted (9bbb82b)

v16.0.0

New Features

feat: support for experimental sfc features

new <script setup> vuejs/rfcs#227

new <style> variable injection vuejs/rfcs#231 Requires a version of @vue/compiler-sfc that supports the above features.

Bug Fixes

fix: update hmr api usage (f9dd610)

fixed thread-loader compatibility for <script setup> support

v16.0.0-rc.2

Bug Fixes

fix: disable esModuleInterop & allowSyntheticDefaultImports and regenerate the type definitions (c76f5e5)

Known Issues

SSR usage needs more thorough testing.

vue-style-loader hasn't been not updated for Vue 3 yet. Please use mini-css-extract-plugin for CSS extraction.

No shadowMode support.

<script setup> support is experimental. It does not work well with thread-loader. In Vue CLI, you need to set parallel: false for this feature to work correctly. Also, please follow vuejs/rfcs#227, vuejs/rfcs#228 for more possible script setup sugars in the future.

... (truncated)

Changelog

Sourced from vue-loader's changelog.

15.9.7 (2021-05-11)

Bug Fixes

[plugin] Use compiler.webpack when possible (#1822) (f7ee30b), closes #1781

check for compiler.webpack existence (2472b2f)

15.9.6 (2020-12-17)

Bug Fixes

resourceQuery could be undefined in webpack 5 (a2b89d3), closes #1771

15.9.5 (2020-11-02)

Bug Fixes

add rule plugins to keep up with webpack 5 new features (7ca8e2c)

ensure new webpack5 generator property in rules passes ruleset checks (#1753) (f79bb08), closes #1729

15.9.4 (2020-10-27)

Bug Fixes

fix id differences between different operating systems (#1706) (afe8a0d)

fix mini-css-extract-plugin missing default export error (#1748) (429a284)

15.9.3 (2020-06-23)

Bug Fixes

skip matching rule with 'enforce' (e7b2b11), closes #1680

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
chore(deps-dev): bump @types/node from 13.13.0 to 16.3.0
Bumps @types/node from 13.13.0 to 16.3.0.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
chore(deps-dev): bump vue-loader from 15.9.1 to 16.3.0
Bumps vue-loader from 15.9.1 to 16.3.0.

Release notes

Sourced from vue-loader's releases.

v16.1.2

Note: vue-loader v16 is for Vue 3 only.

Bug Fixes

resourceQuery could be undefined in webpack 5 (6a1ee76), closes #1771

v16.1.1

fix inconsistent scope Ids for css var injection via v-bind() (vuejs/vue-next#2721)

v16.1.0

New Features

feat: allow manually specifying whether server-rendering is targeted (9bbb82b)

v16.0.0

New Features

feat: support for experimental sfc features

new <script setup> vuejs/rfcs#227

new <style> variable injection vuejs/rfcs#231 Requires a version of @vue/compiler-sfc that supports the above features.

Bug Fixes

fix: update hmr api usage (f9dd610)

fixed thread-loader compatibility for <script setup> support

v16.0.0-rc.2

Bug Fixes

fix: disable esModuleInterop & allowSyntheticDefaultImports and regenerate the type definitions (c76f5e5)

Known Issues

SSR usage needs more thorough testing.

vue-style-loader hasn't been not updated for Vue 3 yet. Please use mini-css-extract-plugin for CSS extraction.

No shadowMode support.

<script setup> support is experimental. It does not work well with thread-loader. In Vue CLI, you need to set parallel: false for this feature to work correctly. Also, please follow vuejs/rfcs#227, vuejs/rfcs#228 for more possible script setup sugars in the future.

v16.0.0-rc.1

Bug Fixes

fix: add back webpack 5 generator support (3db9ab8)

v16.0.0-rc.0

Bug Fixes

fix: should apply cloned rules to custom blocks too (b2d7ffb)

fix: should check for type query for render function imports (41af4b6)

... (truncated)

Changelog

Sourced from vue-loader's changelog.

15.9.7 (2021-05-11)

Bug Fixes

[plugin] Use compiler.webpack when possible (#1822) (f7ee30b), closes #1781

check for compiler.webpack existence (2472b2f)

15.9.6 (2020-12-17)

Bug Fixes

resourceQuery could be undefined in webpack 5 (a2b89d3), closes #1771

15.9.5 (2020-11-02)

Bug Fixes

add rule plugins to keep up with webpack 5 new features (7ca8e2c)

ensure new webpack5 generator property in rules passes ruleset checks (#1753) (f79bb08), closes #1729

15.9.4 (2020-10-27)

Bug Fixes

fix id differences between different operating systems (#1706) (afe8a0d)

fix mini-css-extract-plugin missing default export error (#1748) (429a284)

15.9.3 (2020-06-23)

Bug Fixes

skip matching rule with 'enforce' (e7b2b11), closes #1680

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
chore(deps-dev): bump @types/node from 13.13.0 to 15.14.0
Bumps @types/node from 13.13.0 to 15.14.0.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 1
chore(deps): [security] bump tar from 4.4.8 to 4.4.15
Bumps tar from 4.4.8 to 4.4.15. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Impact

Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution

node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example /home/user/.bashrc would turn into home/user/.bashrc.

This logic was insufficient when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite.

Patches

3.2.2 || 4.4.14 || 5.0.6 || 6.1.1

NOTE: an adjacent issue CVE-2021-32803 affects this release level. Please ensure you update to the latest patch levels that address CVE-2021-32803 as well if this adjacent issue affects your node-tar use case.

Workarounds

Users may work around this vulnerability without upgrading by creating a custom onentry method which sanitizes the entry.path or a filter method which removes entries with absolute paths.

const path = require('path') </tr></table>

... (truncated)

Affected versions: >= 4.0.0 < 4.4.14

Sourced from The GitHub Security Advisory Database.

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact

Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution

node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.

This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the node-tar directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where node-tar checks for symlinks occur.

By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.

This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.

Patches

3.2.3 || 4.4.15 || 5.0.7 || 6.1.2

Workarounds

Users may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.

... (truncated)

Affected versions: >= 4.0.0 < 4.4.15

Commits

843c897 4.4.15

46fe350 Remove paths from dirCache when no longer dirs

df3aa4d 4.4.14

6d28013 add publishConfig tag

efc6bb0 fix: strip absolute paths more comprehensively

65edb39 4.4.13

d04c3ff Always provide a callback to fs.close()

dbd6f52 4.4.12

0240086 update tap and minipass

9232b3d 4.4.11

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies security
opened by dependabot-preview[bot] 0
chore(deps-dev): bump @types/node from 13.13.0 to 16.4.8
Bumps @types/node from 13.13.0 to 16.4.8.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
chore(deps-dev): bump vue-loader from 15.9.1 to 16.4.0
Bumps vue-loader from 15.9.1 to 16.4.0.

Release notes

Sourced from vue-loader's releases.

v16.3.3

Bug Fixes

mark @vue/compiler-sfc as an optional peer dependency (089473a)

v16.3.2

Bug Fixes

add undeclared peer dependency webpack and @vue/compiler-sfc (#1853) (330d672)

v16.3.1

Bug Fixes

pick up production env in thread-loader context (821a3a3), closes vuejs/vue-next#3921

v16.3.0

Features

pass on compilerOptions and refSugar when using <script setup> (7137294)

v16.2.0

Features

enable :slotted usage detection (66a3759)

v16.1.2

Note: vue-loader v16 is for Vue 3 only.

Bug Fixes

resourceQuery could be undefined in webpack 5 (6a1ee76), closes #1771

v16.1.1

fix inconsistent scope Ids for css var injection via v-bind() (vuejs/vue-next#2721)

v16.1.0

New Features

feat: allow manually specifying whether server-rendering is targeted (9bbb82b)

v16.0.0

New Features

feat: support for experimental sfc features

new <script setup> vuejs/rfcs#227

new <style> variable injection vuejs/rfcs#231 Requires a version of @vue/compiler-sfc that supports the above features.

Bug Fixes

... (truncated)

Changelog

Sourced from vue-loader's changelog.

15.9.7 (2021-05-11)

Bug Fixes

[plugin] Use compiler.webpack when possible (#1822) (f7ee30b), closes #1781

check for compiler.webpack existence (2472b2f)

15.9.6 (2020-12-17)

Bug Fixes

resourceQuery could be undefined in webpack 5 (a2b89d3), closes #1771

15.9.5 (2020-11-02)

Bug Fixes

add rule plugins to keep up with webpack 5 new features (7ca8e2c)

ensure new webpack5 generator property in rules passes ruleset checks (#1753) (f79bb08), closes #1729

15.9.4 (2020-10-27)

Bug Fixes

fix id differences between different operating systems (#1706) (afe8a0d)

fix mini-css-extract-plugin missing default export error (#1748) (429a284)

15.9.3 (2020-06-23)

Bug Fixes

skip matching rule with 'enforce' (e7b2b11), closes #1680

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
chore(deps-dev): bump sinon from 9.0.1 to 11.1.2
Bumps sinon from 9.0.1 to 11.1.2.

Changelog

Sourced from sinon's changelog.

11.1.1 / 2021-05-26

Fix #2379 by using v7 of supports-color

11.1.0 / 2021-05-25

Add sinon.promise() implementation (#2369)

Set wrappedMethod on getters/setters (#2378)

[Docs] Update fake-server usage & descriptions (#2365)

Fake docs improvement (#2360)

Update nise to 5.1.0 (fixed #2318)

11.0.0 / 2021-05-24

Explicitly use samsam 6.0.2 with fix for #2345

Update most packages (#2371)

Update compatibility docs (#2366)

Update packages (includes breaking fake-timers change, see #2352)

Warn of potential memory leaks (#2357)

Fix clock test errors

10.0.1 / 2021-04-08

Upgrade sinon components (bumps y18n to 4.0.1)

Bump y18n from 4.0.0 to 4.0.1

10.0.0 / 2021-03-22

Upgrade nise to 4.1.0

Use @sinonjs/eslint-config@4 => Adopts ES2017 => Drops support for IE 11, Legacy Edge and legacy Safari

9.2.4 / 2021-01-23

Upgrade @sinonjs/samsam@5.3.1

9.2.3 / 2021-01-06

Use util.inspect for formatting human readable output (this retires @sinonjs/formatio)

9.2.2 / 2020-12-11

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
chore(deps-dev): bump css-loader from 3.4.2 to 5.2.7
Bumps css-loader from 3.4.2 to 5.2.7.

Release notes

Sourced from css-loader's releases.

v5.2.7

5.2.7 (2021-07-13)

Bug Fixes

fix crash when source map is unavailable with external URL in [@import](https://github.com/import) (bb76fe4)

v5.2.6

5.2.6 (2021-05-24)

Bug Fixes

always write locals export when css modules/icss enabled (#1315) (075d9bd)

v5.2.5

5.2.5 (2021-05-20)

Bug Fixes

compatibility with named export and es5 (#1314) (0cf8cde)

v5.2.4

5.2.4 (2021-04-19)

Bug Fixes

do not crash on 'false' aliases (#1292) (e913cb1)

v5.2.3

5.2.3 (2021-04-19)

Bug Fixes

improve performance

v5.2.2

5.2.2 (2021-04-16)

Bug Fixes

avoid escape nonASCII characters in local names (0722733)

v5.2.1

5.2.1 (2021-04-09)

... (truncated)

Changelog

Sourced from css-loader's changelog.

5.2.7 (2021-07-13)

Bug Fixes

fix crash when source map is unavailable with external URL in [@import](https://github.com/import) (bb76fe4)

5.2.6 (2021-05-24)

Bug Fixes

always write locals export when css modules/icss enabled (#1315) (075d9bd)

5.2.5 (2021-05-20)

Bug Fixes

compatibility with named export and es5 (#1314) (0cf8cde)

5.2.4 (2021-04-19)

Bug Fixes

do not crash on 'false' aliases (#1292) (e913cb1)

5.2.3 (2021-04-19)

Bug Fixes

improve performance

5.2.2 (2021-04-16)

Bug Fixes

avoid escape nonASCII characters in local names (0722733)

5.2.1 (2021-04-09)

Bug Fixes

do not crash on unescaped svg data uri (#1288) (4f289c5)

5.2.0 (2021-03-24)

... (truncated)

Commits

ae98845 chore(release): 5.2.7

bb76fe4 fix: fix crash when source map is unavailable with external URL in @import

adcc438 ci: use actions/setup-node@v2 (#1323)

c7f81eb chore: fix typo (#1318)

d31c680 chore(release): 5.2.6

075d9bd fix: always write locals export when css modules/icss enabled (#1315)

fa9d4c4 chore(release): 5.2.5

0cf8cde fix: compatibility with named export and es5 (#1314)

8f1a6fc chore: husky updated (#1312)

417aaba docs: recommend (#1313)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
chore(deps): [security] bump postcss from 7.0.14 to 7.0.36
Bumps postcss from 7.0.14 to 7.0.36. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service in postcss The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Affected versions: >= 7.0.0 < 7.0.36

Release notes

Sourced from postcss's releases.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

Add migration guide link to PostCSS 8 error text.

7.0.34

Fix compatibility with postcss-scss 2.

7.0.33

Add error message for PostCSS 8 plugins.

7.0.32

Fix error message (by @admosity).

7.0.31

Use only the latest source map annotation (by @emzoumpo).

7.0.30

Fix TypeScript definition (by @nex3)

7.0.29

Update Processor#version.

7.0.28

Fix TypeScript definition (by @nex3).

7.0.27

Fix TypeScript definition (by @nex3).

7.0.26

Fix TypeScript definition (by @nex3)

7.0.25

Fix absolute path support for Windows (by @tomrav)

7.0.24

Fix TypeScript definition (by @keithamus).

7.0.23

Update Processor#version.

7.0.22

Add funding link for npm fund.

7.0.21

Revert passing nodes property to node constructor.

7.0.20

Allow to pass PostCSS’s nodes in nodes property to node constructor.

... (truncated)

Changelog

Sourced from postcss's changelog.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

Add migration guide link to PostCSS 8 error text.

7.0.34

Fix compatibility with postcss-scss 2.

7.0.33

Add error message for PostCSS 8 plugins.

7.0.32

Fix error message (by @admosity).

7.0.31

Use only the latest source map annotation (by Emmanouil Zoumpoulakis).

7.0.30

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.29

Update Processor#version.

7.0.28

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.27

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.26

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.25

Fix absolute path support for Windows (by Tom Raviv).

7.0.24

Fix TypeScript definition (by Keith Cirkel).

7.0.23

Update Processor#version.

7.0.22

Add funding link for npm fund.

7.0.21

Revert passing nodes property to node constructor.

7.0.20

Allow to pass PostCSS’s nodes in nodes property to node constructor.

... (truncated)

Commits

67e3d7b Release 7.0.36 version

54cbf3c Backport ReDoS vulnerabilities from PostCSS 8

12832f3 Release 7.0.35 version

4455ef6 Use OpenCollective in funding

e867c79 Add migration guide to PostCSS 8 error

32a22a9 Release 7.0.34 version

2293982 Lock build targets

2c3a111 Release 7.0.33 version

4105f21 Use yaspeller instead of yaspeller-ci

c8d02a0 Revert yaspeller-ci removal

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies security
opened by dependabot-preview[bot] 0

Releases(v0.2.6)

v0.2.6(May 21, 2019)
Features

Support the latest vue-devtools

Source code(tar.gz)
Source code(zip)
v0.2.4(Feb 13, 2019)
Bug Fixes

failing compilation error (bb0c56f)

Source code(tar.gz)
Source code(zip)
v0.2.3(Feb 13, 2019)
Bug Fixes

work on the latest typescript (b1ff132)

Performance Improvements

prefer native bind (10a64ee)

Source code(tar.gz)
Source code(zip)
v0.2.2(Jun 23, 2018)
Bug Fixes

improve test util types (#23) (78d697a)

Source code(tar.gz)
Source code(zip)
v0.2.1(Jun 20, 2018)
Bug Fixes

choose most extended properties for module assets (b3e100b)

Source code(tar.gz)
Source code(zip)
v0.2.0(Jun 20, 2018)
Features

add component binding helpers (#22) (bb5fb53)

BREAKING CHANGES

No longer supports Vue < v2.5, TypeScript < v2.8

Source code(tar.gz)
Source code(zip)
v0.1.8(Jun 7, 2018)
Bug Fixes

avoid errors on devtools when a getter returns null value (fix #20) (0d75ed0)

Source code(tar.gz)
Source code(zip)
v0.1.7(Nov 27, 2017)
Support Vue >= 2.5 (#17)

Source code(tar.gz)
Source code(zip)
v0.1.6(Sep 16, 2017)
Bug Fixes

should subscribe inherited mutations (fix #15) (#16) (3acbf9e)

Source code(tar.gz)
Source code(zip)
v0.1.5(Sep 10, 2017)
Bug Fixes

disable devtools hook if Vue.config.devtools is false (b1db62b)

Features

add vuex plugin adapter (#14) (48ffa23)

Source code(tar.gz)
Source code(zip)
v0.1.4(Aug 24, 2017)
But Fixes

Devtool improvement for the flattengetters (#11)

Source code(tar.gz)
Source code(zip)
v0.1.3(Jul 22, 2017)
Bug Fixes

ensure state is reactive if it replaced from root (#9) (d367e1c)

Features

add es module build (f7ea042)

enable to use vue-devtools (#10) (12f2921)

plugin (#7) (d16e3d7)

replaceState (#8) (7af46f1)

Source code(tar.gz)
Source code(zip)
v0.1.2(Jul 22, 2017)
Fixed

can't get Promise from action (#5)

Source code(tar.gz)
Source code(zip)
v0.1.1(Jul 22, 2017)
Fixed

Allow to return a Promise in actions (#4)

Source code(tar.gz)
Source code(zip)
v0.1.0(Feb 8, 2017)

Initial release
Source code(tar.gz)
Source code(zip)