Skip to content

chore(deps): update all non-major dependencies

Delta10 Bot requested to merge renovate/all-minor-patch into master

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
@vue/cli-plugin-babel 4.5.13 -> 4.5.15 age adoption passing confidence
@vue/cli-plugin-eslint 4.5.13 -> 4.5.15 age adoption passing confidence
@vue/cli-service (source) 4.5.13 -> 4.5.15 age adoption passing confidence
Django (source, changelog) ==3.2.7 -> ==3.2.9 age adoption passing confidence
Pillow (source, changelog) ==8.3.2 -> ==8.4.0 age adoption passing confidence
core-js 3.18.1 -> 3.19.0 age adoption passing confidence
coverage ==6.0 -> ==6.1.1 age adoption passing confidence
django-webpack-loader ==1.4.0 -> ==1.4.1 age adoption passing confidence
eslint-plugin-vue (source) 7.18.0 -> 7.20.0 age adoption passing confidence
fpdf2 (source) ==2.4.3 -> ==2.4.5 age adoption passing confidence
node 12.22.6-alpine -> 12.22.7-alpine age adoption passing confidence
python 3.9-slim -> 3.10-slim age adoption passing confidence
vue-router 3.5.2 -> 3.5.3 age adoption passing confidence

Release Notes

vuejs/vue-cli

v4.5.15

Compare Source

Bug Fixes
  • fix: set .mjs file type to javascript/auto [15b1e1b]

This change allows an .mjs file to import named exports from .cjs and plain .js files. Fixes compatibility with pinia.

v4.5.14

Compare Source

Security Fixes

This version fixed a CORS vulnerability and an XSS vulnerability in Vue CLI UI. We recommend all users of vue ui to upgrade to this version as soon as possible.

Credits:

Ngo Wei Lin (@​Creastery) of STAR Labs (@​starlabs_sg)

django/django

v3.2.9

Compare Source

v3.2.8

Compare Source

python-pillow/Pillow

v8.4.0

Compare Source

  • Prefer global transparency in GIF when replacing with background color #​5756 [radarhere]

  • Added "exif" keyword argument to TIFF saving #​5575 [radarhere]

  • Copy Python palette to new image in quantize() #​5696 [radarhere]

  • Read ICO AND mask from end #​5667 [radarhere]

  • Actually check the framesize in FliDecode.c #​5659 [wiredfool]

  • Determine JPEG2000 mode purely from ihdr header box #​5654 [radarhere]

  • Fixed using info dictionary when writing multiple APNG frames #​5611 [radarhere]

  • Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #​5655 [radarhere]

  • For GIF save_all with palette, do not include palette with each frame #​5603 [radarhere]

  • Keep transparency when converting from P to LA or PA #​5606 [radarhere]

  • Copy palette to new image in transform() #​5647 [radarhere]

  • Added "transparency" argument to EpsImagePlugin load() #​5620 [radarhere]

  • Corrected pathlib.Path detection when saving #​5633 [radarhere]

  • Added WalImageFile class #​5618 [radarhere]

  • Consider I;16 pixel size when drawing text #​5598 [radarhere]

  • If default conversion from P is RGB with transparency, convert to RGBA #​5594 [radarhere]

  • Speed up rotating square images by 90 or 270 degrees #​5646 [radarhere]

  • Add support for reading DPI information from JPEG2000 images [rogermb, radarhere]

  • Catch TypeError from corrupted DPI value in EXIF #​5639 [homm, radarhere]

  • Do not close file pointer when saving SGI images #​5645 [farizrahman4u, radarhere]

  • Deprecate ImagePalette size parameter #​5641 [radarhere, hugovk]

  • Prefer command line tools SDK on macOS #​5624 [radarhere]

  • Added tags when saving YCbCr TIFF #​5597 [radarhere]

  • PSD layer count may be negative #​5613 [radarhere]

  • Fixed ImageOps expand with tuple border on P image #​5615 [radarhere]

  • Fixed error saving APNG with duplicate frames and different duration times #​5609 [thak1411, radarhere]

zloirock/core-js

v3.19.0

Compare Source

  • Most built-ins are encapsulated in core-js for preventing possible cases of breaking / observing the internal state by patching / deleting of them
    • Avoid .call / .apply prototype methods that could be patched
    • Avoid instanceof operator - implicit .prototype / @@​hasInstance access that could be patched
    • Avoid RegExp#test, String#match and some over methods - implicit .exec and RegExp well-known symbols access that could be patched
  • Clearing of Error stack from extra entries experimentally added to AggregateError, #​996, in case lack of problems it will be extended to other cases
  • In engines with native Symbol support, new well-known symbols created with usage Symbol.for for ensuring the same keys in different realms, #​998
  • Added a workaround of a BrowserFS NodeJS process polyfill bug that incorrectly reports V8 version that's used in some cases of core-js feature detection
  • Fixed normalization of message AggregateError argument
  • Fixed order of arguments conversion in Math.scale, a spec draft bug
  • Fixed core-js-builder work in NodeJS 17, added a workaround of webpack + NodeJS 17 issue
  • Added NodeJS 17.0 compat data mapping
  • Added Opera Android 65 compat data mapping
  • Updated Electron 16.0 compat data mapping
  • Many other minor fixes and improvements

v3.18.3

Compare Source

  • Fixed the prototype chain of AggregateError constructor that should contain Error constructor
  • Fixed incorrect AggregateError.prototype properties descriptors
  • Fixed InstallErrorCause internal operation
  • Added NodeJS 16.11 compat data mapping
  • Added Deno 1.16 compat data mapping
  • Object.hasOwn marked as supported from Safari 15.1

v3.18.2

Compare Source

  • Early { Array, %TypedArray% }.fromAsync errors moved to the promise, per the latest changes of the spec draft
  • Internal ToInteger(OrInfinity) operation returns +0 for -0 argument, ES2020+ update
  • Fixed theoretical problems with handling bigint in Number constructor wrapper
  • Fixed String.raw with extra arguments
  • Fixed some missed dependencies in entry points
  • Some other minor fixes and improvements
  • Refactoring
nedbat/coveragepy

v6.1.1

Compare Source

  • Fix: The sticky header on the HTML report didn't work unless you had branch coverage enabled. This is now fixed: the sticky header works for everyone. (Do people still use coverage without branch measurement!? j/k)

  • Fix: When using explicitly declared namespace packages, the "already imported a file that will be measured" warning would be issued (issue 888_). This is now fixed.

.. _issue 888: https://github.com/nedbat/coveragepy/issues/888

.. _changes_61:

v6.1

Compare Source

  • Fix: The sticky header on the HTML report didn't work unless you had branch coverage enabled. This is now fixed: the sticky header works for everyone. (Do people still use coverage without branch measurement!? j/k)

  • Fix: When using explicitly declared namespace packages, the "already imported a file that will be measured" warning would be issued (issue 888_). This is now fixed.

.. _issue 888: https://github.com/nedbat/coveragepy/issues/888

.. _changes_61:

v6.0.2

Compare Source

  • Namespace packages being measured weren't properly handled by the new code that ignores third-party packages. If the namespace package was installed, it was ignored as a third-party package. That problem (issue 1231_) is now fixed.

  • Packages named as "source packages" (with source, or source_pkgs, or pytest-cov's --cov) might have been only partially measured. Their top-level statements could be marked as unexecuted, because they were imported by coverage.py before measurement began (issue 1232_). This is now fixed, but the package will be imported twice, once by coverage.py, then again by your test suite. This could cause problems if importing the package has side effects.

  • The :meth:.CoverageData.contexts_by_lineno method was documented to return a dict, but was returning a defaultdict. Now it returns a plain dict. It also no longer returns negative numbered keys.

.. _issue 1231: https://github.com/nedbat/coveragepy/issues/1231 .. _issue 1232: https://github.com/nedbat/coveragepy/issues/1232

.. _changes_601:

v6.0.1

Compare Source

  • In 6.0, the coverage.py exceptions moved from coverage.misc to coverage.exceptions. These exceptions are not part of the public supported API, CoverageException is. But a number of other third-party packages were importing the exceptions from coverage.misc, so they are now available from there again (issue 1226_).

  • Changed an internal detail of how tomli is imported, so that tomli can use coverage.py for their own test suite (issue 1228_).

  • Defend against an obscure possibility under code obfuscation, where a function can have an argument called "self", but no local named "self" (pull request 1210_). Thanks, Ben Carlsson.

.. _pull request 1210: https://github.com/nedbat/coveragepy/pull/1210 .. _issue 1226: https://github.com/nedbat/coveragepy/issues/1226 .. _issue 1228: https://github.com/nedbat/coveragepy/issues/1228

.. _changes_60:

django-webpack/django-webpack-loader

v1.4.1

Compare Source

vuejs/eslint-plugin-vue

v7.20.0

Compare Source

Enhancements

  • #​1472 Added vue/no-undef-properties rule that warns of using undefined properties.
  • #​1653 Added vue/no-computed-properties-in-data rule that disallow accessing computed properties in data().
  • #​1659 Improved vue/no-use-computed-property-like-method rule reports.
  • #​1661 Added vue/multi-word-component-names rule to enforce multiple words in component names.
  • #​1663 Added vue/no-deprecated-router-link-tag-prop rule that disallow using deprecated tag property on <RouterLink>.

🐛 Bug Fixes

  • #​1659 Fixed crash in vue/no-use-computed-property-like-method rule.
  • #​1658 Fixed false positives for vars inside types in vue/valid-define-emits and vue/valid-define-props rules.

️ Updates

  • #​1654 Changed peer deps eslint ver from ^6.2.0 || ^7.0.0 || ^8.0.0-0 to ^6.2.0 || ^7.0.0 || ^8.0.0.

Full Changelog: https://github.com/vuejs/eslint-plugin-vue/compare/v7.19.1...v7.20.0

v7.19.1

Compare Source

🐛 Bug Fixes

  • [83eab8d] Fixed false positives for vars inside functions in vue/valid-define-emits and vue/valid-define-props rules. Picked from #​1652

Full Changelog: https://github.com/vuejs/eslint-plugin-vue/compare/v7.19.0...v7.19.1

v7.19.0

Compare Source

Enhancements

  • #​1639 Added vue/no-restricted-class rule that reports the classes you don't want to allow in the template.
  • #​1644 Added vue/no-useless-template-attributes rule that disallow useless attribute on <template> tags.

🐛 Bug Fixes

  • #​1647 Fixed false positives for toRefs in vue/no-unused-properties rule.
  • #​1648 Fixed unable to autofix event name with update:.

All commits: v7.18.0 -> v7.19.0

PyFPDF/fpdf2

v2.4.5

Compare Source

Fixed
  • ensure support for old field names in Template.code39 for backward compatibility

v2.4.4

Compare Source

Added
  • Template() has gained a more flexible cousin FlexTemplate(), cf. documentation, thanks to @​gmischler
  • markdown support in multi_cell(), thanks to Yeshi Namkhai
  • base 64 images can now be provided to FPDF.image, thanks to @​MWhatsUp
  • documentation on how to generate datamatrix barcodes using the pystrich lib: documentation section, thanks to @​MWhatsUp
  • write_html: headings (<h1>, <h2>...) relative sizes can now be configured through an optional heading_sizes parameter
  • a subclass of HTML2FPDF can now easily be used by setting FPDF.HTML2FPDF_CLASS, cf. documentation
Fixed
  • Template: split_multicell() will not write spurious font data to the target document anymore, thanks to @​gmischler
  • Template: rotation now should work correctly in all situations, thanks to @​gmischler
  • write_html: headings (<h1>, <h2>...) can now contain non-ASCII characters without triggering a UnicodeEncodeError
  • Template: CSV column types are now safely parsed, thanks to @​gmischler
  • cell(..., markdown=True) "leaked" its final style (bold / italics / underline) onto the following cells
Changed
  • write_html: the line height of headings (<h1>, <h2>...) is now properly scaled with its font size
  • some FPDF methods should not be used inside a rotation context, or things can get broken. This is now forbidden: an exception is now raised in those cases.
Deprecated
  • Template: code39 barcode input field names changed from x/y/w/h to x1/y1/y2/size
nodejs/node

v12.22.7

Compare Source

This is a security release.

Notable changes
  • CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
    • The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
  • CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
    • The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
Commits
vuejs/vue-router

v3.5.3

Compare Source

Bug Fixes
Features

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Edited by Delta10 Bot

Merge request reports