chore(deps): update all non-major dependencies
This MR contains the following updates:
Release Notes
vuejs/vue-cli
v4.5.15
Bug Fixes
- fix: set
.mjs
file type tojavascript/auto
[15b1e1b]
This change allows an .mjs
file to import named exports from .cjs
and plain .js
files.
Fixes compatibility with pinia
.
v4.5.14
Security Fixes
This version fixed a CORS vulnerability and an XSS vulnerability in Vue CLI UI.
We recommend all users of vue ui
to upgrade to this version as soon as possible.
Credits:
Ngo Wei Lin (@Creastery) of STAR Labs (@starlabs_sg)
python-pillow/Pillow
v8.4.0
-
Prefer global transparency in GIF when replacing with background color #5756 [radarhere]
-
Added "exif" keyword argument to TIFF saving #5575 [radarhere]
-
Copy Python palette to new image in quantize() #5696 [radarhere]
-
Read ICO AND mask from end #5667 [radarhere]
-
Actually check the framesize in FliDecode.c #5659 [wiredfool]
-
Determine JPEG2000 mode purely from ihdr header box #5654 [radarhere]
-
Fixed using info dictionary when writing multiple APNG frames #5611 [radarhere]
-
Allow saving 1 and L mode TIFF with PhotometricInterpretation 0 #5655 [radarhere]
-
For GIF save_all with palette, do not include palette with each frame #5603 [radarhere]
-
Keep transparency when converting from P to LA or PA #5606 [radarhere]
-
Copy palette to new image in transform() #5647 [radarhere]
-
Added "transparency" argument to EpsImagePlugin load() #5620 [radarhere]
-
Corrected pathlib.Path detection when saving #5633 [radarhere]
-
Added WalImageFile class #5618 [radarhere]
-
Consider I;16 pixel size when drawing text #5598 [radarhere]
-
If default conversion from P is RGB with transparency, convert to RGBA #5594 [radarhere]
-
Speed up rotating square images by 90 or 270 degrees #5646 [radarhere]
-
Add support for reading DPI information from JPEG2000 images [rogermb, radarhere]
-
Catch TypeError from corrupted DPI value in EXIF #5639 [homm, radarhere]
-
Do not close file pointer when saving SGI images #5645 [farizrahman4u, radarhere]
-
Deprecate ImagePalette size parameter #5641 [radarhere, hugovk]
-
Prefer command line tools SDK on macOS #5624 [radarhere]
-
Added tags when saving YCbCr TIFF #5597 [radarhere]
-
PSD layer count may be negative #5613 [radarhere]
-
Fixed ImageOps expand with tuple border on P image #5615 [radarhere]
-
Fixed error saving APNG with duplicate frames and different duration times #5609 [thak1411, radarhere]
zloirock/core-js
v3.19.0
- Most built-ins are encapsulated in
core-js
for preventing possible cases of breaking / observing the internal state by patching / deleting of them- Avoid
.call
/.apply
prototype methods that could be patched - Avoid
instanceof
operator - implicit.prototype
/@@​hasInstance
access that could be patched - Avoid
RegExp#test
,String#match
and some over methods - implicit.exec
andRegExp
well-known symbols access that could be patched
- Avoid
- Clearing of
Error
stack from extra entries experimentally added toAggregateError
, #996, in case lack of problems it will be extended to other cases - In engines with native
Symbol
support, new well-known symbols created with usageSymbol.for
for ensuring the same keys in different realms, #998 - Added a workaround of a BrowserFS NodeJS
process
polyfill bug that incorrectly reports V8 version that's used in some cases ofcore-js
feature detection - Fixed normalization of
message
AggregateError
argument - Fixed order of arguments conversion in
Math.scale
, a spec draft bug - Fixed
core-js-builder
work in NodeJS 17, added a workaround ofwebpack
+ NodeJS 17 issue - Added NodeJS 17.0 compat data mapping
- Added Opera Android 65 compat data mapping
- Updated Electron 16.0 compat data mapping
- Many other minor fixes and improvements
v3.18.3
- Fixed the prototype chain of
AggregateError
constructor that should containError
constructor - Fixed incorrect
AggregateError.prototype
properties descriptors - Fixed
InstallErrorCause
internal operation - Added NodeJS 16.11 compat data mapping
- Added Deno 1.16 compat data mapping
-
Object.hasOwn
marked as supported from Safari 15.1
v3.18.2
- Early
{ Array, %TypedArray% }.fromAsync
errors moved to the promise, per the latest changes of the spec draft - Internal
ToInteger(OrInfinity)
operation returns+0
for-0
argument, ES2020+ update - Fixed theoretical problems with handling bigint in
Number
constructor wrapper - Fixed
String.raw
with extra arguments - Fixed some missed dependencies in entry points
- Some other minor fixes and improvements
- Refactoring
nedbat/coveragepy
v6.1.1
-
Fix: The sticky header on the HTML report didn't work unless you had branch coverage enabled. This is now fixed: the sticky header works for everyone. (Do people still use coverage without branch measurement!? j/k)
-
Fix: When using explicitly declared namespace packages, the "already imported a file that will be measured" warning would be issued (
issue 888
_). This is now fixed.
.. _issue 888: https://github.com/nedbat/coveragepy/issues/888
.. _changes_61:
v6.1
-
Fix: The sticky header on the HTML report didn't work unless you had branch coverage enabled. This is now fixed: the sticky header works for everyone. (Do people still use coverage without branch measurement!? j/k)
-
Fix: When using explicitly declared namespace packages, the "already imported a file that will be measured" warning would be issued (
issue 888
_). This is now fixed.
.. _issue 888: https://github.com/nedbat/coveragepy/issues/888
.. _changes_61:
v6.0.2
-
Namespace packages being measured weren't properly handled by the new code that ignores third-party packages. If the namespace package was installed, it was ignored as a third-party package. That problem (
issue 1231
_) is now fixed. -
Packages named as "source packages" (with
source
, orsource_pkgs
, or pytest-cov's--cov
) might have been only partially measured. Their top-level statements could be marked as unexecuted, because they were imported by coverage.py before measurement began (issue 1232
_). This is now fixed, but the package will be imported twice, once by coverage.py, then again by your test suite. This could cause problems if importing the package has side effects. -
The :meth:
.CoverageData.contexts_by_lineno
method was documented to return a dict, but was returning a defaultdict. Now it returns a plain dict. It also no longer returns negative numbered keys.
.. _issue 1231: https://github.com/nedbat/coveragepy/issues/1231 .. _issue 1232: https://github.com/nedbat/coveragepy/issues/1232
.. _changes_601:
v6.0.1
-
In 6.0, the coverage.py exceptions moved from coverage.misc to coverage.exceptions. These exceptions are not part of the public supported API, CoverageException is. But a number of other third-party packages were importing the exceptions from coverage.misc, so they are now available from there again (
issue 1226
_). -
Changed an internal detail of how tomli is imported, so that tomli can use coverage.py for their own test suite (
issue 1228
_). -
Defend against an obscure possibility under code obfuscation, where a function can have an argument called "self", but no local named "self" (
pull request 1210
_). Thanks, Ben Carlsson.
.. _pull request 1210: https://github.com/nedbat/coveragepy/pull/1210 .. _issue 1226: https://github.com/nedbat/coveragepy/issues/1226 .. _issue 1228: https://github.com/nedbat/coveragepy/issues/1228
.. _changes_60:
django-webpack/django-webpack-loader
v1.4.1
vuejs/eslint-plugin-vue
v7.20.0
✨ Enhancements
-
#1472 Added
vue/no-undef-properties
rule that warns of using undefined properties. -
#1653 Added
vue/no-computed-properties-in-data
rule that disallow accessing computed properties indata()
. -
#1659 Improved
vue/no-use-computed-property-like-method
rule reports. -
#1661 Added
vue/multi-word-component-names
rule to enforce multiple words in component names. -
#1663 Added
vue/no-deprecated-router-link-tag-prop
rule that disallow using deprecatedtag
property on<RouterLink>
.
🐛 Bug Fixes
-
#1659 Fixed crash in
vue/no-use-computed-property-like-method
rule. -
#1658 Fixed false positives for vars inside types in
vue/valid-define-emits
andvue/valid-define-props
rules.
⚙ ️ Updates
-
#1654 Changed peer deps eslint ver from
^6.2.0 || ^7.0.0 || ^8.0.0-0
to^6.2.0 || ^7.0.0 || ^8.0.0
.
Full Changelog: https://github.com/vuejs/eslint-plugin-vue/compare/v7.19.1...v7.20.0
v7.19.1
🐛 Bug Fixes
- [
83eab8d
] Fixed false positives for vars inside functions invue/valid-define-emits
andvue/valid-define-props
rules. Picked from #1652
Full Changelog: https://github.com/vuejs/eslint-plugin-vue/compare/v7.19.0...v7.19.1
v7.19.0
✨ Enhancements
-
#1639 Added
vue/no-restricted-class
rule that reports the classes you don't want to allow in the template. -
#1644 Added
vue/no-useless-template-attributes
rule that disallow useless attribute on<template>
tags.
🐛 Bug Fixes
-
#1647 Fixed false positives for toRefs in
vue/no-unused-properties
rule. -
#1648 Fixed unable to autofix event name with
update:
.
All commits: v7.18.0 -> v7.19.0
PyFPDF/fpdf2
v2.4.5
Fixed
- ensure support for old field names in
Template.code39
for backward compatibility
v2.4.4
Added
-
Template()
has gained a more flexible cousinFlexTemplate()
, cf. documentation, thanks to @gmischler - markdown support in
multi_cell()
, thanks to Yeshi Namkhai - base 64 images can now be provided to
FPDF.image
, thanks to @MWhatsUp - documentation on how to generate datamatrix barcodes using the
pystrich
lib: documentation section, thanks to @MWhatsUp -
write_html
: headings (<h1>
,<h2>
...) relative sizes can now be configured through an optionalheading_sizes
parameter - a subclass of
HTML2FPDF
can now easily be used by settingFPDF.HTML2FPDF_CLASS
, cf. documentation
Fixed
-
Template
:split_multicell()
will not write spurious font data to the target document anymore, thanks to @gmischler -
Template
: rotation now should work correctly in all situations, thanks to @gmischler -
write_html
: headings (<h1>
,<h2>
...) can now contain non-ASCII characters without triggering aUnicodeEncodeError
-
Template
: CSV column types are now safely parsed, thanks to @gmischler -
cell(..., markdown=True)
"leaked" its final style (bold / italics / underline) onto the following cells
Changed
-
write_html
: the line height of headings (<h1>
,<h2>
...) is now properly scaled with its font size - some
FPDF
methods should not be used inside arotation
context, or things can get broken. This is now forbidden: an exception is now raised in those cases.
Deprecated
-
Template
:code39
barcode input field names changed fromx/y/w/h
tox1/y1/y2/size
nodejs/node
v12.22.7
This is a security release.
Notable changes
-
CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
- The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
-
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
- The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.
Commits
- [
21a2e554e3
] - deps: update llhttp to 2.1.4 (Fedor Indutny) nodejs-private/node-private#286 - [
d5d3a03246
] - http: add regression test for smuggling content length (Matteo Collina) nodejs-private/node-private#286 - [
0858587f21
] - http: add regression test for chunked smuggling (Matteo Collina) nodejs-private/node-private#286
vuejs/vue-router
v3.5.3
Bug Fixes
- clean more than two consecutive slashes (#3652) (3e3a07e)
- scrollBehavior: trigger scroll behavior if same route with hash (#3592) (57d8042)
Features
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.