fix(deps): update all non-major dependencies

This MR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@fortawesome/fontawesome-free (source)	5.15.3 -> 5.15.4
@vue/cli-plugin-babel	4.5.12 -> 4.5.13
@vue/cli-plugin-eslint	4.5.12 -> 4.5.13
@vue/cli-service (source)	4.5.12 -> 4.5.13
Django (source, changelog)	==3.2 -> ==3.2.6
Pillow (source, changelog)	==8.2.0 -> ==8.3.1
core-js	3.10.1 -> 3.16.3
django-axes	==5.20.0 -> ==5.21.0
django-crispy-forms	==1.11.2 -> ==1.12.0
eslint (source)	7.23.0 -> 7.32.0
eslint-plugin-vue (source)	7.8.0 -> 7.16.0
node	12.22.1-alpine -> 12.22.5-alpine
postgres	11.11-alpine -> 11.13-alpine
prospector	==1.3.1 -> ==1.4.0
requests (source, changelog)	==2.25.1 -> ==2.26.0
requests_mock	==1.8.0 -> ==1.9.3
sphinx (source)	==3.5.3 -> ==3.5.4
sqlalchemy (changelog)	==1.4.6 -> ==1.4.23
vue	2.6.12 -> 2.6.14
vue-router	3.5.1 -> 3.5.2
vue-template-compiler	2.6.12 -> 2.6.14

---

Release Notes

FortAwesome/Font-Awesome

v5.15.4

Compare Source

Changed

• Removed the tripadvisor brand icon by request of Tripadvisor
• Update bug, bullseye, drone, icons #​17800 #​17106 #​17730
• Update bootstrap, discord, figma, and font-awesome-* brand icons #​17436

Fixed

• Made font-family matching case-insensitive for SVG + JavaScript version of Font Awesome #​17860
• Corrected missing version hospital-user #​17435
• Removed useless .tgz file in @​fortawesome/fontawesome-pro and all @​fortawesome/pro-*-svg-icons

---

vuejs/vue-cli

v4.5.13

Compare Source

🐛 Bug Fix

• @vue/babel-preset-app
  • #​6459 fix: fix modern mode optional chaining syntax tranpilation (@​sodatea)
• @vue/cli-plugin-unit-mocha
  • #​6400 fix(mocha): workaround the SVGElement issue in Vue 3 (@​fangbinwei)
• @vue/cli-service
  • #​6455 fix: get rid of ssri vulnerability warnings (@​sodatea)

Others

• #​6300 chore: remove the word "Preview" from vue 3 preset (@​sodatea)

Committers: 3

• Binwei Fang (@​fangbinwei)
• Haoqun Jiang (@​sodatea)
• Tony Trinh (@​tony19)

django/django

v3.2.6

Compare Source

v3.2.5

Compare Source

v3.2.4

Compare Source

v3.2.3

Compare Source

v3.2.2

Compare Source

v3.2.1

Compare Source

python-pillow/Pillow

v8.3.1

Compare Source

• Catch OSError when checking if fp is sys.stdout #​5585 [radarhere]

• Handle removing orientation from alternate types of EXIF data #​5584 [radarhere]

• Make Image.array take optional dtype argument #​5572 [t-vi, radarhere]

v8.3.0

Compare Source

• Use snprintf instead of sprintf. CVE-2021-34552 #​5567 [radarhere]

• Limit TIFF strip size when saving with LibTIFF #​5514 [kmilos]

• Allow ICNS save on all operating systems #​4526 [baletu, radarhere, newpanjing, hugovk]

• De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #​4989 [gofr, radarhere]

• Replaced xml.etree.ElementTree #​5565 [radarhere]

• Moved CVE image to pillow-depends #​5561 [radarhere]

• Added tag data for IFD groups #​5554 [radarhere]

• Improved ImagePalette #​5552 [radarhere]

• Add DDS saving #​5402 [radarhere]

• Improved getxmp() #​5455 [radarhere]

• Convert to float for comparison with float in IFDRational eq #​5412 [radarhere]

• Allow getexif() to access TIFF tag_v2 data #​5416 [radarhere]

• Read FITS image mode and size #​5405 [radarhere]

• Merge parallel horizontal edges in ImagingDrawPolygon #​5347 [radarhere, hrdrq]

• Use transparency behind first GIF frame and when disposing to background #​5557 [radarhere, zewt]

• Avoid unstable nature of qsort in Quant.c #​5367 [radarhere]

• Copy palette to new images in ImageOps expand #​5551 [radarhere]

• Ensure palette string matches RGB mode #​5549 [radarhere]

• Do not modify EXIF of original image instance in exif_transpose() #​5547 [radarhere]

• Fixed default numresolution for small JPEG2000 images #​5540 [radarhere]

• Added DDS BC5 reading #​5501 [radarhere]

• Raise an error if ImageDraw.textbbox is used without a TrueType font #​5510 [radarhere]

• Added ICO saving in BMP format #​5513 [radarhere]

• Ensure PNG seeks to end of previous chunk at start of load_end #​5493 [radarhere]

• Do not allow TIFF to seek to a past frame #​5473 [radarhere]

• Avoid race condition when displaying images with eog #​5507 [mconst]

• Added specific error messages when ink has incorrect number of bands #​5504 [radarhere]

• Allow converting an image to a numpy array to raise errors #​5379 [radarhere]

• Removed DPI rounding from BMP, JPEG, PNG and WMF loading #​5476, #​5470 [radarhere]

• Remove spikes when drawing thin pieslices #​5460 [xtsm]

• Updated default value for SAMPLESPERPIXEL TIFF tag #​5452 [radarhere]

• Removed TIFF DPI rounding #​5446 [radarhere, hugovk]

• Include code in WebP error #​5471 [radarhere]

• Do not alter pixels outside mask when drawing text on an image with transparency #​5434 [radarhere]

• Reset handle when seeking backwards in TIFF #​5443 [radarhere]

• Replace sys.stdout with sys.stdout.buffer when saving #​5437 [radarhere]

• Fixed UNDEFINED TIFF tag of length 0 being changed in roundtrip #​5426 [radarhere]

• Fixed bug when checking FreeType2 version if it is not installed #​5445 [radarhere]

• Do not round dimensions when saving PDF #​5459 [radarhere]

• Added ImageOps contain() #​5417 [radarhere, hugovk]

• Changed WebP default "method" value to 4 #​5450 [radarhere]

• Switched to saving 1-bit PDFs with DCTDecode #​5430 [radarhere]

• Use bpp from ICO header #​5429 [radarhere]

• Corrected JPEG APP14 transform value #​5408 [radarhere]

• Changed TIFF tag 33723 length to 1 #​5425 [radarhere]

• Changed ImageMorph incorrect mode errors to ValueError #​5414 [radarhere]

• Add EXIF tags specified in EXIF 2.32 #​5419 [gladiusglad]

• Treat previous contents of first GIF frame as transparent #​5391 [radarhere]

• For special image modes, revert default resize resampling to NEAREST #​5411 [radarhere]

• JPEG2000: Support decoding subsampled RGB and YCbCr images #​4996 [nulano, radarhere]

• Stop decoding BC1 punchthrough alpha in BC2&3 #​4144 [jansol]

• Use zero if GIF background color index is missing #​5390 [radarhere]

• Fixed ensuring that GIF previous frame was loaded #​5386 [radarhere]

• Valgrind fixes #​5397 [wiredfool]

• Round down the radius in rounded_rectangle #​5382 [radarhere]

• Fixed reading uncompressed RGB data from DDS #​5383 [radarhere]

zloirock/core-js

v3.16.3

Compare Source

• Fixed CreateAsyncFromSyncIterator semantic in AsyncIterator.from, related to #​765
• Added a workaround of a specific case of broken Object.prototype, #​973

v3.16.2

Compare Source

• Added a workaround of a Closure Compiler unsafe optimization, #​972
• One more fix crashing of Object.create(null) on WSH, #​970
• Added Deno 1.14 compat data mapping

v3.16.1

Compare Source

• Fixed microtask implementation on iOS Pebble, #​967
• Fixed some entry points
• Improved old Safari compat data

v3.16.0

Compare Source

• Array find from last proposal moved to the stage 3, July 2021 TC39 meeting
• Array filtering stage 1 proposal:
  • Array.prototype.filterReject replaces Array.prototype.filterOut
  • %TypedArray%.prototype.filterReject replaces %TypedArray%.prototype.filterOut
• Added Array grouping stage 1 proposal:
  • Array.prototype.groupBy
  • %TypedArray%.prototype.groupBy
• Work with symbols made stricter: some missed before cases of methods that should throw an error on symbols now works as they should
• Handling @@​toPrimitive in some cases of ToPrimitive internal logic made stricter
• Fixed work of Request with polyfilled URLSearchParams, #​965
• Fixed possible exposing of collections elements metadata in some cases, #​427
• Fixed crashing of Object.create(null) on WSH, #​966
• Fixed some cases of typed arrays subclassing logic
• Fixed a minor bug related to string conversion in RegExp#exec
• Fixed Date.prototype.getYear feature detection
• Fixed content of some entry points
• Some minor optimizations and refactoring
• Deno:
  • Added Deno support (sure, after bundling since Deno does not support CommonJS)
  • Allowed deno target in core-js-compat / core-js-builder
  • A bundle for Deno published on deno.land/x/corejs
• Added / updated compat data / mapping:
  • Deno 1.0-1.13
  • NodeJS up to 16.6
  • iOS Safari up to 15.0
  • Samsung Internet up to 15.0
  • Opera Android up to 64
  • Object.hasOwn marked as supported from V8 9.3 and FF92
  • Date.prototype.getYear marked as not supported in IE8-
• Added summary option to core-js-builder, see more info in the README, #​910

v3.15.2

Compare Source

• Worked around breakage related to zone.js loaded before core-js, #​953
• Added NodeJS 16.4 -> Chrome 91 compat data mapping

v3.15.1

Compare Source

• Fixed cloning of regex through RegExp constructor, #​948

v3.15.0

Compare Source

• Added RegExp named capture groups polyfill, #​521, #​944
• Added RegExp dotAll flag polyfill, #​792, #​944
• Added missed polyfills of Annex B features (required mainly for some non-browser engines), #​336, #​945:
  • escape
  • unescape
  • String.prototype.substr
  • Date.prototype.getYear
  • Date.prototype.setYear
  • Date.prototype.toGMTString
• Fixed detection of forbidden host code points in URL polyfill
• Allowed rhino target in core-js-compat / core-js-builder, added compat data for rhino 1.7.13, #​942, thanks @​gausie
• .at marked as supported from FF90

v3.14.0

Compare Source

• Added polyfill of stable sort in { Array, %TypedArray% }.prototype.sort, #​769, #​941
• Fixed Safari 14.0- %TypedArray%.prototype.sort validation of arguments bug
• .at marked as supported from V8 9.2

v3.13.1

Compare Source

• Overwrites get-own-property-symbols third-party Symbol polyfill if it's used since it causes a stack overflow, #​774
• Added a workaround of possible browser crash on Object.prototype accessors methods in WebKit ~ Android 4.0, #​232

v3.13.0

Compare Source

• Accessible Object#hasOwnProperty (Object.hasOwn) proposal moved to the stage 3, May 2021 TC39 meeting

v3.12.1

Compare Source

• Fixed some cases of Function#toString with multiple core-js instances
• Fixed some possible String#split polyfill problems in V8 5.1

v3.12.0

Compare Source

• Added well-known symbol Symbol.metadata for decorators stage 2 proposal
• Added well-known symbol Symbol.matcher for pattern matching stage 1 proposal
• Fixed regression of V8 ~ Node 0.12 String(Symbol()) bug, #​933

v3.11.3

Compare Source

• Native promise-based APIs Promise#{ catch, finally } returns polyfilled Promise instances when it's required

v3.11.2

Compare Source

• Added a workaround of WebKit ~ iOS 10.3 Safari Promise bug, #​932
• Promise#then of incorrect native Promise implementations with correct subclassing no longer wrapped
• Changed the order of Promise feature detection, removed unhandled rejection tracking check in non-browser non-node platforms

v3.11.1

Compare Source

• Made instanceof Promise and .constructor === Promise work with polyfilled Promise for all native promise-based APIs
• Added a workaround for some buggy V8 versions ~4.5 related to fixing of %TypedArray% static methods, #​564

v3.11.0

Compare Source

• Added accessible Object#hasOwnProperty stage 2 proposal
  • Object.hasOwn method
• Fixed a possible RegExp constructor problem with multiple global core-js instances

v3.10.2

Compare Source

• URL and URLSearchParams marked as supported from Safari 14.0
• Polyfilled built-in constructors protected from calling on instances

jazzband/django-axes

v5.21.0

Compare Source

• Add configurable lockout HTTP status code responses with the new AXES_HTTP_RESPONSE_CODE setting. [phil-bell]

django-crispy-forms/django-crispy-forms

v1.12.0

Compare Source

• Fixed rendering of grouped checkboxes and radio inputs in the Bootstrap 4 template pack. (#​1155)
• Introduced new input_size argument to AppendedText, PrependedText and PrependedAppendedText. This allows the size of these grouped inputs to be changed in the Bootstrap 4 template pack. (#​1114)
• Confirmed support for Django 3.2
• Dropped support for Python 3.5
• Dropped support for Django 3.0

See the 1.12.0 Milestone for the full change list.

eslint/eslint

v7.32.0

Compare Source

• 3c78a7b Chore: Adopt eslint-plugin/prefer-message-ids rule internally (#​14841) (Bryan Mishkin)
• faecf56 Update: change reporting location for curly rule (refs #​12334) (#​14766) (Nitin Kumar)
• d7dc07a Fix: ignore lines with empty elements (fixes #​12756) (#​14837) (Soufiane Boutahlil)
• 1bfbefd New: Exit on fatal error (fixes #​13711) (#​14730) (Antonios Katopodis)
• ed007c8 Chore: Simplify internal no-invalid-meta rule (#​14842) (Bryan Mishkin)
• d53d906 Docs: Prepare data for website to indicate rules with suggestions (#​14830) (Bryan Mishkin)
• d28f2ff Docs: Reference eslint-config-eslint to avoid potential for staleness (#​14805) (Brett Zamir)
• 8be8a36 Chore: Adopt eslint-plugin/require-meta-docs-url rule internally (#​14823) (Bryan Mishkin)
• f9c164f Docs: New syntax issue template (#​14826) (Nicholas C. Zakas)
• eba0c45 Chore: assertions on reporting loc in unicode-bom (refs #​12334) (#​14809) (Nitin Kumar)
• ed945bd Docs: fix multiple broken links (#​14833) (Sam Chen)
• 60df44c Chore: use actions/setup-node@v2 (#​14816) (Nitin Kumar)
• 6641d88 Docs: Update README team and sponsors (ESLint Jenkins)

v7.31.0

Compare Source

• efdbb12 Upgrade: @​eslint/eslintrc to v0.4.3 (#​14808) (Brandon Mills)
• a96b05f Update: add end location to report in consistent-return (refs #​12334) (#​14798) (Nitin Kumar)
• e0e8e30 Docs: update BUG_REPORT template (#​14787) (Nitin Kumar)
• 39115c8 Docs: provide more context to no-eq-null (#​14801) (gfyoung)
• 9a3c73c Docs: fix a broken link (#​14790) (Sam Chen)
• ddffa8a Update: Indicating the operator in question (#​14764) (Paul Smith)
• bba714c Update: Clarifying what changes need to be made in no-mixed-operators (#​14765) (Paul Smith)
• b0d22e3 Docs: Mention benefit of providing meta.docs.url (#​14774) (Bryan Mishkin)
• 000cc79 Sponsors: Sync README with website (ESLint Jenkins)
• a6a7438 Chore: pin fs-teardown@0.1.1 (#​14771) (Milos Djermanovic)

v7.30.0

Compare Source

• 5f74642 Chore: don't check Program.start in SourceCode#getComments (refs #​14744) (#​14748) (Milos Djermanovic)
• 19a871a Docs: Suggest linting plugins for ESLint plugin developers (#​14754) (Bryan Mishkin)
• aa87329 Docs: fix broken links (#​14756) (Sam Chen)
• 278813a Docs: fix and add more examples for new-cap rule (fixes #​12874) (#​14725) (Nitin Kumar)
• ed1da5d Update: ecmaVersion allows "latest" (#​14720) (薛定谔的猫)
• 104c0b5 Update: improve use-isnan rule to detect Number.NaN (fixes #​14715) (#​14718) (Nitin Kumar)
• b08170b Update: Implement FlatConfigArray (refs #​13481) (#​14321) (Nicholas C. Zakas)
• f113cdd Chore: upgrade eslint-plugin-eslint-plugin (#​14738) (薛定谔的猫)
• 1b8997a Docs: Fix getRulesMetaForResults link syntax (#​14723) (Brandon Mills)
• aada733 Docs: fix two broken links (#​14726) (Sam Chen)
• 8972529 Docs: Update README team and sponsors (ESLint Jenkins)

v7.29.0

Compare Source

• bfbfe5c New: Add only to RuleTester (refs eslint/rfcs#​73) (#​14677) (Brandon Mills)
• c2cd7b4 New: Add ESLint#getRulesMetaForResults() (refs #​13654) (#​14716) (Nicholas C. Zakas)
• eea7e0d Chore: remove duplicate code (#​14719) (Nitin Kumar)
• 6a1c7a0 Fix: allow fallthrough comment inside block (fixes #​14701) (#​14702) (Kevin Gibbons)
• a47e5e3 Docs: Add Mega-Linter to the list of integrations (#​14707) (Nicolas Vuillamy)
• 353ddf9 Chore: enable reportUnusedDisableDirectives in eslint-config-eslint (#​14699) (薛定谔的猫)
• 757c495 Chore: add some rules to eslint-config-eslint (#​14692) (薛定谔的猫)
• c93a222 Docs: fix a broken link (#​14697) (Sam Chen)
• 655c118 Sponsors: Sync README with website (ESLint Jenkins)
• e2bed2e Sponsors: Sync README with website (ESLint Jenkins)
• 8490fb4 Sponsors: Sync README with website (ESLint Jenkins)
• ddbe877 Sponsors: Sync README with website (ESLint Jenkins)

v7.28.0

Compare Source

• 1237705 Upgrade: @​eslint/eslintrc to 0.4.2 (#​14672) (Milos Djermanovic)
• 123fb86 Docs: Add Feedback Needed triage description (#​14670) (Nicholas C. Zakas)
• c545163 Update: support multiline /eslint-env/ directives (fixes #​14652) (#​14660) (薛定谔的猫)
• 8d1e75a Upgrade: glob-parent version in package.json (#​14658) (Hamza Najeeb)
• 1f048cb Fix: no-implicit-coercion false positive with String() (fixes #​14623) (#​14641) (Milos Djermanovic)
• d709abf Chore: fix comment location in no-unused-vars (#​14648) (Milos Djermanovic)
• e44ce0a Fix: no-duplicate-imports allow unmergeable (fixes #​12758, fixes #​12760) (#​14238) (Soufiane Boutahlil)
• bb66a3d New: add getPhysicalFilename() method to rule context (fixes #​11989) (#​14616) (Nitin Kumar)
• 2e43dac Docs: fix no-sequences example (#​14643) (Nitin Kumar)
• 958ff4e Docs: add note for arrow functions in no-seq rule (#​14578) (Nitin Kumar)
• e4f111b Fix: arrow-body-style crash with object pattern (fixes #​14633) (#​14635) (Milos Djermanovic)
• ec28b5a Chore: upgrade eslint-plugin-eslint-plugin (#​14590) (薛定谔的猫)
• 85a2725 Docs: Update README team and sponsors (ESLint Jenkins)

v7.27.0

Compare Source

• 2c0868c Chore: merge all html formatter files into html.js (#​14612) (Milos Djermanovic)
• 9e9b5e0 Update: no-unused-vars false negative with comma operator (fixes #​14325) (#​14354) (Nitin Kumar)
• afe9569 Chore: use includes instead of indexOf (#​14607) (Mikhail Bodrov)
• c0f418e Chore: Remove lodash (#​14287) (Stephen Wade)
• 52655dd Update: no-restricted-imports custom message for patterns (fixes #​11843) (#​14580) (Alex Holden)
• 967b1c4 Chore: Fix typo in large.js (#​14589) (Ikko Ashimine)
• 2466a05 Sponsors: Sync README with website (ESLint Jenkins)
• fe29f18 Sponsors: Sync README with website (ESLint Jenkins)
• 086c1d6 Chore: add more test cases for no-sequences (#​14579) (Nitin Kumar)
• 6a2ced8 Docs: Update README team and sponsors (ESLint Jenkins)

v7.26.0

Compare Source

• aaf65e6 Upgrade: eslintrc for ModuleResolver fix (#​14577) (Brandon Mills)
• ae6dbd1 Fix: track variables, not names in require-atomic-updates (fixes #​14208) (#​14282) (Patrick Ahmetovic)
• 6a86e50 Chore: remove loose-parser tests (fixes #​14315) (#​14569) (Milos Djermanovic)
• ee3a3ea Fix: create .eslintrc.cjs for module type (#​14304) (Nitin Kumar)
• 6791dec Docs: fix example for require-atomic-updates (#​14562) (Milos Djermanovic)
• 388eb7e Sponsors: Sync README with website (ESLint Jenkins)
• f071d1e Update: Add automated suggestion to radix rule for parsing decimals (#​14291) (Bryan Mishkin)
• 0b6a3f3 New: Include XO style guide in eslint --init (#​14193) (Federico Brigante)

v7.25.0

Compare Source

• 5df5e4a Update: highlight last write reference for no-unused-vars (fixes #​14324) (#​14335) (Nitin Kumar)
• 0023872 Docs: Add deprecated note to working-with-rules-deprecated page (#​14344) (Michael Novotny)
• 36fca70 Chore: Upgrade eslump to 3.0.0 (#​14350) (Stephen Wade)
• 59b689a Chore: add node v16 (#​14355) (薛定谔的猫)
• 35a1f5e Sponsors: Sync README with website (ESLint Jenkins)
• fb0a92b Chore: rename misspelled identifier in test (#​14346) (Tobias Nießen)
• f2babb1 Docs: update pull request template (#​14336) (Nitin Kumar)
• 02dde29 Docs: Fix anchor in 'docs/developer-guide/working-with-rules.md' (#​14332) (Nate-Wilkins)
• 07d14c3 Chore: remove extraneous command from lint-staged config (#​14314) (James George)
• 41b3570 Update: lint code block with same extension but different content (#​14227) (JounQin)
• eb29996 Docs: add more examples with arrow functions for no-sequences rule (#​14313) (Nitin Kumar)

v7.24.0

Compare Source

• 0c346c8 Chore: ignore pnpm-lock.yaml (#​14303) (Nitin Kumar)
• f06ecdf Update: Add disallowTemplateShorthand option in no-implicit-coercion (#​13579) (Remco Haszing)
• 71a80e3 Docs: fix broken links in Node.js API docs toc (#​14296) (u-sho (Shouhei Uechi))
• bd46dc4 Docs: Fix incorrect reference to "braces" in arrow-parens (#​14300) (emclain)
• 0d6235e Docs: update header in max-lines (#​14273) (Shinigami)
• 70c9216 Docs: Update issue triage to include blocked column (#​14275) (Nicholas C. Zakas)
• abca186 Docs: Fix typo in suggestions section (#​14293) (Kevin Partington)
• c4d8b0d Fix: no-unused-vars ignoreRestSiblings check assignments (fixes #​14163) (#​14264) (YeonJuan)
• b51d077 Update: add ignoreNonDeclaration to no-multi-assign rule (fixes #​12545) (#​14185) (t-mangoe)
• c981fb1 Chore: Upgrade mocha to 8.3.2 (#​14278) (Stephen Wade)
• 147fc04 Docs: Fix repro:needed label in bug report template (#​14285) (Milos Djermanovic)
• e1cfde9 Docs: Update bug report template (#​14276) (Nicholas C. Zakas)
• c85c2f1 Docs: Add fatal to Node.js API LintMessage type (#​14251) (Brandon Mills)

vuejs/eslint-plugin-vue

v7.16.0

Compare Source

✨ Enhancements

• #​1596 Added vue/valid-v-memo rule that enforce valid v-memo directives.
• #​1599 Updated vue/no-unsupported-features rule to support Vue 3.2 syntaxes.

🐛 Bug Fixes

• #​1602 Fixed false positives for namespace component in vue/script-setup-uses-vars rule.

⚙ Updates

• #​1598 Updated vue/no-restricted-v-bind and vue/valid-v-bind rules to support attr modifier.

---

All commits: v7.15.2 -> v7.16.0

v7.15.2

Compare Source

🐛 Bug Fixes

• #​1600 Fixed false positives in vue/no-use-computed-property-like-method rule.

---

All commits: v7.15.1 -> v7.15.2

v7.15.1

Compare Source

🐛 Bug Fixes

• #​1590 Fixed message typo in vue/no-reserved-keys rule.
• #​1591 Fixed false positives for type-only defineProps in vue/require-default-prop rule.

---

All commits: v7.15.0 -> v7.15.1

v7.15.0

Compare Source

✨ Enhancements

• #​1234 Added vue/no-use-computed-property-like-method rule that disallows to use computed property like method.
• #​1586 Added vue/block-lang rule rule that disallows the use of languages other than those available in the your application for the lang attribute of block elements.
• #​1576 Updated some rules to support style CSS variable injection.
  • vue/comma-spacing rule.
  • vue/dot-notation rule.
  • vue/eqeqeq rule.
  • vue/func-call-spacing rule.
  • vue/no-extra-parens rule.
  • vue/no-restricted-syntax rule.
  • vue/no-useless-concat rule.
  • vue/prefer-template rule.
  • vue/space-in-parens rule.
  • vue/space-infix-ops rule.
  • vue/space-unary-ops rule.
  • vue/template-curly-spacing rule.

🐛 Bug Fixes

• #​1584 Fixed false positives for call expression in vue/no-mutating-props rule.

⚙ Updates

• #​1576 Upgraded vue-eslint-parser.

---

All commits: v7.14.0 -> v7.15.0

v7.14.0

Compare Source

✨ Enhancements

• #​1568 Added vue/require-expose rule that enforces the component to explicitly declare the exposed properties to the component using expose.
• #​1566 Updated vue/no-unused-properties rule to support expose
• #​1574 Updated some rules to support style CSS vars injection.
  • vue/no-parsing-error rule.
  • vue/no-unused-properties rule.
  • vue/script-setup-uses-vars rule.
  • vue/no-unsupported-features rule.
• #​1565 Improved report location of vue/valid-v-xxx rules.

🐛 Bug Fixes

• #​1569 Fixed false positives for <script setup> in vue/no-lifecycle-after-await rule.
• #​1569 Fixed false positives for <script setup> in vue/no-watch-after-await rule.
• #​1569 Fixed false positives for <script setup> in vue/no-restricted-call-after-await rule.
• #​1575 Downgraded to semver compatible with Node v8.

---

All commits: v7.13.0 -> v7.14.0

v7.13.0

Compare Source

✨ Enhancements

• Supports <script setup>
  • #​1529 Added vue/script-setup-uses-vars rule that will find variables in <script setup> used in <template> and mark them as used.
  • #​1559 Added vue/no-export-in-script-setup rule that disallows ES export in <script setup>.
  • #​1560 Added vue/valid-define-props rule that reports defineProps compiler macros in the following cases:
    • defineProps are referencing locally declared variables.
    • defineProps has both a literal type and an argument. e.g. defineProps<{/*props*/}>({/*props*/})
    • defineProps has been called multiple times.
    • Props are defined in both defineProps and export default {}.
    • Props are not defined in either defineProps or export default {}.
  • #​1561 Added vue/valid-define-emits rule that reports defineEmits compiler macros in the following cases:
    • defineEmits are referencing locally declared variables.
    • defineEmits has both a literal type and an argument. e.g. defineEmits<(e: 'foo')=>void>(['bar'])
    • defineEmits has been called multiple times.
    • Custom events are defined in both defineEmits and export default {}.
    • Custom events are not defined in either defineEmits or export default {}.
  • #​1532, #​1559 Upgraded vue-eslint-parser.
  • Updated rules to support <script setup>.
    • #​1531 vue/no-mutating-props rule.
    • #​1535 vue/no-reserved-keys rule.
    • #​1533 vue/no-async-in-computed-properties rule.
    • #​1534 vue/no-side-effects-in-computed-properties rule.
    • #​1536 vue/require-prop-type-constructor rule.
    • #​1539 vue/no-lifecycle-after-await rule.
    • #​1538 vue/require-valid-default-prop rule.
    • #​1542 vue/return-in-emits-validator rule.
    • #​1545 vue/require-default-prop rule.
    • #​1540 vue/no-setup-props-destructure rule.
    • #​1541 vue/no-watch-after-await rule.
    • #​1543 vue/no-template-shadow rule.
    • #​1544 vue/prop-name-casing rule.
    • #​1546 vue/require-prop-types rule.
    • #​1548 vue/require-explicit-emits rule.
    • #​1549 vue/custom-event-name-casing rule.
    • #​1550 vue/no-boolean-default rule.
    • #​1551 vue/no-restricted-call-after-await rule.
    • #​1552 vue/no-restricted-props rule.
    • #​1553 vue/no-unregistered-components rule.
    • #​1554 vue/no-unsupported-features rule.
    • #​1555 vue/no-unused-properties rule.
    • #​1556 vue/no-unused-refs rule.
    • #​1557 vue/require-emit-validator rule.
    • #​1558 vue/require-name-property rule.
• #​1543 Updated vue/no-template-shadow rule to support setup().
• #​1556 Updated vue/no-unused-refs rule to support setup().

🐛 Bug Fixes

• #​1527 Changed the indent rule so that the union type has the same indent as the binary expression.

⚙️ Updates

• #​1528 Deprecated vue/experimental-script-setup-vars rule.

---

All commits: v7.12.1 -> v7.13.0

v7.12.1

Compare Source

🐛 Bug Fixes

• #​1525 Fixed false positives for trailing comma with import in vue/script-indent rule.

---

All commits: v7.12.0 -> v7.12.1

v7.12.0

Compare Source

✨ Enhancements

• #​1520 Improved vue/script-indent rule to support TypeScript syntax.
• #​1481 Improved vue/script-indent rule and vue/html-indent rule to support ES2022 Class Fields syntax. (When using espree v8+.)

🐛 Bug Fixes

• #​1521 Fixed wrong auto-fix in vue/no-deprecated-slot-attribute rule and vue/no-deprecated-slot-scope-attribute rule.
• #​1522 Fixed false positives for default with type Function in vue/no-deprecated-props-default-this rule.

⚙️ Updates

• #​1481 Supports ES2022 Class Fields. (When using espree v8+.)

---

All commits: v7.11.1 -> v7.12.0

v7.11.1

Compare Source

🐛 Bug Fixes

• #​1515 Fixed crash when using objectsInObjects option in vue/object-curly-spacing rule.

v7.11.0

Compare Source

✨ Enhancements

New Rules:

• #​1506 Added vue/no-this-in-before-route-enter rule that disallow this usage in a beforeRouteEnter method.
• #​1510 Added vue/no-deprecated-v-is rule that disallow deprecated v-is directive (in Vue.js 3.1.0+).

Other changes in Rules:

• #​1501 Made vue/no-deprecated-destroyed-lifecycle rule to auto-fixable.

⚙️ Updates

• #​1509 Added supports for is="vue:" (Vue 3.1.0+).

---

All commits: v7.10.0 -> v7.11.0

v7.10.0

Compare Source

✨ Enhancements

New Rules:

• #​1487 Added vue/require-emit-validator rule that enforce the validator definition in emits.

Other changes in Rules:

• #​1493 Changed vue/this-in-template rule to support autofix.

⚙ Updates

• #​1484 Changed vue/attribute-hyphenation rule to ignore SVG attributes.

---

All commits: v7.9.0 -> v7.10.0

v7.9.0

Compare Source

✨ Enhancements

New Rules:

• #​1466 Added vue/no-invalid-model-keys rule that disallow invalid model option keys.
• #​1474 Added vue/no-unused-refs rule that reports refs that are defined using the ref attribute in <template> but are not used via $refs.

Other changes in Rules:

• #​1465 Added singleline.allowFirstLine option to vue/max-attributes-per-line rule.

🐛 Bug Fixes

• #​1469 Fixed false negative in as expression for vue/require-valid-default-prop rule.

---

All commits: v7.8.0 -> v7.9.0

nodejs/node

v12.22.5

Compare Source

This is a security release.

Notable Changes

• CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
  • Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
• CVE-2021-22930: Use after free on close http2 on stream canceling (High)
  • Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
• CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
  • If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.

Commits

• [5f947db68c] - deps: update c-ares to 1.17.2 (Beth Griggs) #​39724
• [42695ea34b] - deps: reflect c-ares source tree (Beth Griggs) #​39653
• [e4c9156b32] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #​39653
• [9cd1f53103] - http2: add tests for cancel event while client is paused reading (Akshay K) #​39622
• [2008c9722f] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #​39622
• [1780bbc329] - tls: validate "rejectUnauthorized: undefined" (Matteo Collina) nodejs-private/node-private#​276

v12.22.4

Compare Source

This is a security release.

Notable Changes

• CVE-2021-22930: Use after free on close http2 on stream canceling (High)
  • Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930

Commits

• [499e56babe] - build: fix label-pr workflow (Michaël Zasso) #​38399
• [98ac3c4108] - build: label MRs with GitHub Action instead of nodejs-github-bot (Phillip Johnsen) #​38301
• [ddc8dde150] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #​39553
• [e11a862eed] - deps: update to c-ares 1.17.1 (Danny Sonnenschein) #​36207
• [39e9cd540f] - deps: restore minimum ICU version to 65 (Richard Lau) #​39068
• [e459c79b02] - deps: V8: cherry-pick 035c305 (Michaël Zasso) #​38497
• [b3c698a5d8] - deps: update to cjs-module-lexer@1.2.1 (Guy Bedford) #​38450
• [7d5a2f9588] - deps: update to cjs-module-lexer@1.1.1 (Guy Bedford) #​37992
• [906b43e586] - deps: V8: update build dependencies (Michaël Zasso) #​39245
• [15b91fa3fa] - deps: V8: backport 8959494 (Michaël Zasso) #​39245
• [8046daf09f] - deps: V8: cherry-pick 0b3a4ec (Michaël Zasso) #​39245
• [f4377b13a6] - deps: V8: cherry-pick 7c182bd (Michaël Zasso) #​39245
• [add7b5b4c2] - deps: V8: cherry-pick cc641f6 (Michaël Zasso) #​39245
• [a73275f056] - deps: V8: cherry-pick 7b33328 (Michaël Zasso) #​39245
• [492b0d6b37] - deps: V8: cherry-pick e6f62a4 (Michaël Zasso) #​39245
• [2b54156260] - deps: V8: cherry-pick 92e6d33 (Michaël Zasso) #​39245
• [bbceab4d91] - deps: V8: backport 1b1eda0 (Michaël Zasso) #​39245
• [93a1a3c5ae] - deps: V8: cherry-pick 530080c (Milad Fa) #​38509
• [b263f2585a] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #​39423
• [3e4bc1b0d3] - module: fix legacy node specifier resolution to resolve "main" field (Antoine du Hamel) #​38979
• [f552c45676] - src: move CHECK in AddIsolateFinishedCallback (Fedor Indutny) #​38010
• [30ce0e66ae] - src: update cares_wrap OpenBSD defines (Anna Henningsen) #​38670

v12.22.3

Compare Source

Notable Changes

Node.js 12.22.2 introduced a regression in the Windows installer on non-English locales that is being fixed in this release. There is no need to download this release if you are not using the Windows installer.

Commits

• [182f86a4d4] - win,msi: use localized "Authenticated Users" name (Richard Lau) #​39241

v12.22.2

Compare Source

This is a security release.

Notable Changes

Vulnerabilities fixed:

• CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
  • Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
• CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
  • Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921
• CVE-2021-27290: npm upgrade - ssri Regular Expression Denial of Service (ReDoS) (High)
  • This is a vulnerability in the ssri npm mudule which may be vulnerable to denial of service attacks. You can read more about it in https://github.com/advisories/GHSA-vx3p-948g-6vhq
• CVE-2021-23362: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS) (Medium)
  • This is a vulnerability in the hosted-git-info npm mudule which may be vulnerable to denial of service attacks. You can read more about it in https://nvd.nist.gov/vuln/detail/CVE-2021-23362

Commits

• [623fd1fcb5] - deps: uv: cherry-pick 99c29c9 (Ben Noordhuis) nodejs-private/node-private#​267
• [923b3760f8] - deps: upgrade npm to 6.14.13 (Ruy Adorno) #​38214
• [a52790cba0] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#​269

psf/requests

v2.26.0

Compare Source

Improvements

• Requests now supports Brotli compression, if either the brotli or brotlicffi package is installed. (#​5783)

• Session.send now correctly resolves proxy configurations from both the Session and Request. Behavior now matches Session.request. (#​5681)

Bugfixes

• Fixed a race condition in zip extraction when using Requests in parallel from zip archive. (#​5707)

Dependencies

• Instead of chardet, use the MIT-licensed charset_normalizer for Python3 to remove license ambiguity for projects bundling requests. If chardet is already installed on your machine it will be used instead of charset_normalizer to keep backwards compatibility. (#​5797)

  You can also install chardet while installing requests by specifying [use_chardet_on_py3] extra as follows:

  pip install "requests[use_chardet_on_py3]"

  Python2 still depends upon the chardet module.

• Requests now supports idna 3.x on Python 3. idna 2.x will continue to be used on Python 2 installations. (#​5711)

Deprecations

• The requests[security] extra has been converted to a no-op install. PyOpenSSL is no longer the recommended secure option for Requests. (#​5867)

• Requests has officially dropped support for Python 3.5. (#​5867)

sphinx-doc/sphinx

v3.5.4

=====================================

Dependencies

• #​9071: Restrict docutils to 0.16

Bugs fixed

• #​9078: autodoc: Async staticmethods and classmethods are considered as non async coroutine-functions with Python3.10

• #​8870, #​9001, #​9051: html theme: The style are not applied with docutils-0.17

  • toctree captions
  • The content of sidebar directive
  • figures

vuejs/vue

v2.6.14

Compare Source

Bug Fixes

• types: async Component types (#​11906) c52427b, closes #​11990
• v-slot: fix scoped slot normalization combined with v-if (#​12104) 38f71de, closes #​12102

Features

• ssr: vue-ssr-webpack-plugin compatible with webpack 5 (#​12002) 80e7730, closes #​11718

v2.6.13

Compare Source

Bug Fixes

• attrs: do not consider translate attribute as boolean (#​11392) cd57393, closes #​11392 #​11391
• compiler: Allow BigInt usage in templates (#​11152) c42b706, closes #​11152
• compiler: avoid converting &nbps; to spaces (#​11065) 55a30cf, closes #​11065
• compiler: event handlers with modifiers swallowing arguments (fix #​10867) (#​10958) 8620706, closes #​10867 #​10958
• core: fix sameVnode for async component (#​11107) 5260830, closes #​11107
• core: remove trailing comma in function signature (#​10845) 579e1ff, closes #​10845 #​10843
• errorHandler: async error handling for watchers (#​9484) e4dea59, closes #​9484
• keep-alive: cache what is really needed not the whole VNode data (#​12015) e7baaa1, closes #​12015
• parser: allow multiple slots with new syntax (#​9785) 67825c2, closes #​9785 #​9781
• props: correctly warn when a provided prop is Symbol (#​10529) abb5ef3, closes #​10529 #​10519
• props: support BigInt in props type validation (#​11191) fa1f81e, closes #​11191
• slot: add a function to return the slot fallback content (#​12014) ce457f9, closes #​12014
• ssr: avoid missing files in manifest (#​11609) b97606c, closes #​11609
• ssr: inheritAttrs false adds attributes to html (#​11706) 7e5dc6b, closes #​11706
• ssr: textarea keeps undefined/null values (#​11121) b8bd149, closes #​11121
• types: add types for Vue.util.warn function (#​11964) e0274e4, closes #​11964 /github.com/vuejs/vue/blob/v2.6.12/src/core/util/debug.js#L18-L26
• types: allow string for watch handlers in options (#​10396) 668e1e6, closes #​10396
• types: allow symbol & boolean for vnode key (#​11914) 5c459f0, closes #​11914
• types: changed expression type to optional string (#​11189) 7c75462, closes #​11189 #​10871
• types: make $refs undefined possible (#​11112) 2b93e86, closes #​11112
• v-on: avoid events with empty keyCode (autocomplete) (#​11326) c6d7a6f, closes #​11326
• force update between two components with and without slot (#​11795) 77b5330, closes #​11795
• give correct namespace in foreignObject (#​11576) af5e05d, closes #​11576 #​11575
• handle async placeholders in normalizeScopedSlot (#​11963) af54514, closes #​11963
• warns: modify maybeComponent function in parser (#​10167) 0603ff6, closes #​10167 #​10152
• pause dep collection during immediate watcher invocation (#​11943) 987f322, closes #​11943
• v-pre: do not alter attributes (#​10088) 0664cb0, closes #​10088 #​10087
• vdom: avoid executing root level script tags (#​11487) fb16d7b, closes #​11487 #​11483
• warn: better message with no constructors props (#​9241) 6940131, closes #​9241

Features

• warn: warn computed conflict with methods (#​10119) 3ad60fe, closes #​10119
• warns: avoid warning native modifiers on dynamic components (#​11052) 3d46692, closes #​11052

Performance Improvements

• preinitialize typeCheck RegExp (#​10990) 2488a6a, closes #​10990

vuejs/vue-router

v3.5.2

Compare Source

Bug Fixes

• history: stricter check of base in HTML5 (#​3556) (11dd184)
• types: added missing router.match (#​3554) (394a3b6)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this MR, check this box.

---

This MR has been generated by Renovate Bot.