π¨ [security] [js] Update gulp 4.0.2 β 5.0.0 (major)
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
β³ οΈ gulp (4.0.2 β 5.0.0) Β· Repo Β· Changelog
Release Notes
5.0.0
We've tried to provide a high-level changelog for gulp v5 below, but it
doesn't contain all changes from the 60+ dependencies that we maintain.Please see individual changelogs to drill down
into all changes that were made.
β BREAKING CHANGES
- Drop support for Node.js <10.13
- Default stream encoding to UTF-8
- Standardized on
anymatch
library for globbing paths. All globs should work the same betweensrc
andwatch
now!- Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use
ordered-read-stream
- All globs and paths are normalized to unix-like filepaths
- Only allow JS variants for
.gulp.*
config files- Removed support for alpha releases of v4 from
gulp-cli
- Removed the
--verify
flag- Renamed the
--require
flag to--preload
to avoid conflicting with Node.js flags- Removed many legacy and deprecated loaders
- Upgrade to chokidar v3
- Clone
Vinyl
objects with stream contents usingteex
, but no longer wait for all streams to flow before cloned streams will receive data- Stop using
process.umask()
to make directories, instead falling back to Node's default mode- Throw on non-function, non-string option coercers
- Drop support of Node.js snake_case flags
- Use a Symbol for attaching the
gulplog
namespace to the store- Use a Symbol for attaching the
gulplog
store to the global- Use sha256 to hash the
v8flags
cache into a filenameFeatures
- Streamlined the dependency tree
- Switch all streams implementation to Streamx
- Rewrote
glob-stream
to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation- Implement translation support for all CLI messages and all messages passing through gulplog
- Allow users to customize or remove the timestamp from their logs
- Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
- Added support for
gulpile.cjs
andgulpfile.mjs
- Add support for
swc
,esbuild
,sucrase
, andmdx
loaders- Provide an ESM export (#2760) (b00de68)
- Support sourcemap handling on streaming
Vinyl
contents- Support
extends
syntax for.gulp.*
config file- Allow overriding
gulpfile
andpreloads
via.gulp.*
config fileBug Fixes
- Resolve bugs related to symlinks on various platforms
- Resolved some reported ReDoS CVEs and improved performance in glob-parent
- Rework errors surfaced when encountering files or symlinks when trying to create directories
- Ensure watch allows japanese characters in globs (72668c6)
- Ensure watch does not trigger on negated globs (72668c6)
- Improve handling of BOM at the beginning of a stream
- Properly handle function coercer in array of option coercers
- Fork
to-absolute-glob
to:
- Check negative patterns before trimming
- Ensure glob-like characters are escaped in cwd & root options
- Resolve
../
at the beginning of globsMiscellaneous Chores
- Remove lazystream dependency
- Updated various stream test suites to test against Node.js core
stream
,readable-stream
, andstreamx
- Normalize repository, dropping node <10.13 support (#2758) (72668c6)
Individual Changelogs
We created and maintain various projects that gulp depends upon. You can find their changelogs linked below:
- undertaker
- vinyl-fs
- glob-stream
- gulp-cli
- interpret
- glob-parent
- glob-watcher
- vinyl
- fs-mkdirp-stream
- lead
- vinyl-sourcemap
- to-through
- resolve-options
- remove-bom-stream
- value-or-function
- now-and-later
- @gulpjs/to-absolute-glob
- fined
- mute-stdout
- semver-greatest-satisfied-range
- flagged-respawn
- rechoir
- gulplog
- glogg
- @gulpjs/messages
- sparkles
- liftoff
- v8flags
- bach
- undertaker-registry
- async-settle
- last-run
- async-done
- replace-homedir
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 45 commits:
chore: Release 5.0.0 (#2762)
chore: Add index.mjs to files list
feat: Provide an ESM export (#2760)
chore!: Normalize repository, dropping node <10.13 support (#2758)
chore(docs): Update stream handbook link (#2711)
Docs: Remove gulp-sourcemaps because it is built-in (#2592)
Docs: Fix broken link in recipe (#2571)
Docs: Guide CustomRegistries to maintain properties on tasks (fixes #2561) (#2565)
Docs: Remove typo in custom registry docs (#2543)
Docs: Fix typo in task docs (#2524)
Docs: fix recipe link (#2526)
Docs: Cleanup registry error message subtitles
Docs: Rename the automate releases recipe file
Docs: Add subtitles for registry error messages (#2502)
Docs: Update and refactor release workflow recipe (#2498)
Docs: Remove recipe for using a config file
Docs: Remove recipe for splitting tasks in files
Docs: Remove recipe for specifying a CWD
Docs: Remove recipe for running shell commands
Docs: Remove recipe for exporting tasks
Docs: Remove recipe for running tasks in series
Docs: Remove recipes for selecting changed files
Docs: Fix some links
Docs: Add advanced section for creation of custom registries (#2479)
Docs: Fix link to gulp source (#2482)
Docs: Add gulp-cli answer to FAQ (#2212)
Docs: Begin adding Polish translations (#2456)
Docs: Update rollup recipe (#2466)
Docs: End bullet items with a period (#2457)
Scaffold: Remove support template
Docs: Update gulp-imagemin usage (closes #2432)
Scaffold: Fallback to organization community files
Docs: Add Tidelift page
Docs: Fix MDX compatibility
Docs: Fix "Async Completion" code example [ci skip] (#2428)
Docs: Fix ESM link
Docs: Correct typo in rollup example (#2406)
Docs: Add enterprise language
Docs: Fix typo in last line of Vinyl usage example (#2382)
Docs: Help users understand fake values better
Docs: Ensure "Inline plugins" example is runnable (#2365)
Scaffold: Add OpenCollective to funding platforms
Scaffold: Add security disclosure policy
Docs: Update README plugin count (#2336)
Scaffold: Add FUNDING.yml with Tidelift integration
β οΈ ansi-regex (indirect, 2.1.1 β 5.0.1) Β· Repo
Security Advisories π¨
π¨ Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes.
Proof of Concept
import ansiRegex from 'ansi-regex'; for(var i = 1; i <= 50000; i++) { var time = Date.now(); var attack_str = "\u001B["+";".repeat(i*10000); ansiRegex().test(attack_str) var time_cost = Date.now() - time; console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms") }The ReDOS is mainly due to the sub-patterns
[[\\]()#;?]*
and(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*
π¨ Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes.
Proof of Concept
import ansiRegex from 'ansi-regex'; for(var i = 1; i <= 50000; i++) { var time = Date.now(); var attack_str = "\u001B["+";".repeat(i*10000); ansiRegex().test(attack_str) var time_cost = Date.now() - time; console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms") }The ReDOS is mainly due to the sub-patterns
[[\\]()#;?]*
and(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*
π¨ Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes.
Proof of Concept
import ansiRegex from 'ansi-regex'; for(var i = 1; i <= 50000; i++) { var time = Date.now(); var attack_str = "\u001B["+";".repeat(i*10000); ansiRegex().test(attack_str) var time_cost = Date.now() - time; console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms") }The ReDOS is mainly due to the sub-patterns
[[\\]()#;?]*
and(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*
Release Notes
5.0.1
Fixes (backport of
6.0.1
to v5)This is a backport of the minor ReDos vulnerability in
ansi-regex@<6.0.1
, as requested in #38.
- Fix ReDoS in certain cases (#37)
You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1
Thank you @yetingli for the patch and reproduction case!
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 23 commits:
5.0.1
fix incorrect format
Fix potential ReDoS (#37)
Move to GitHub Actions (#35)
Add @Qix- to funding.yml
5.0.0
Meta tweaks
Add TypeScript definition (#32)
Require Node.js 8
Tidelift tasks
4.1.0
Support more escape types like links (#29)
Add Tidelift mention in the readme
4.0.0
Require Node.js 6
Add option to only match the first occurrence (#24)
Add scroll escapes (#20)
Add failing test for #21 (#22)
3.0.0
Minor tweaks
Support urxvt escapes (#13)
Use Map instead of Object for the fixtures
Require Node.js 4 and meta tweaks
β οΈ anymatch (indirect, 2.0.0 β 3.1.3) Β· Repo
Release Notes
3.1.3
Fixes:
- Keep trailing slash on paths
- Add TypeScript overload for test string being null
3.1.2
Bugfixes
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 51 commits:
3.1.3
Merge pull request #50 from micromatch/phated/keep-trailing-sep
fix: Keep trailing slash on paths
Merge pull request #42 from Alucelx/master
add a override of teststring is null
Release 3.1.2.
Merge pull request #37 from mihkeleidast/issue/36
Merge pull request #39 from genisysram/master
Update .travis.yml
do not create pattern from negative matchers
Release 3.1.1.
Release 3.1.0.
License.
Fix typo.
Clarify changelog.
Add pkg engine section. Closes gh-32.
Move returnIndex to a sub-option of 3rd arg.
Merge pull request #34 from bpasero/ben-picooptions
allow to specify picomatch options
Release 3.0.3.
Fix types.
Fix types, again.
Release 3.0.2.
Merge pull request #31 from code0x9/master
export matcher and tester
Merge pull request #30 from wormen/patch-1
fix import
Release 3.0.1.
Push unixpath to additional args.
Fix type declaration.
Update types.
Update index.d.ts
Fix typess.
Release 3.0.0.
Update deps.
Update types.
Fixes.
Update to picomatch-stable.
Merge pull request #28 from leonardodino/fix-package-name
Fix package name typo in README.md
Remove line.
Bring back arg passing.
Cache patterns. Performance boost.
Switch to picomatch. Update deps.
Fix declarations.
Update readme.
Readme.
Update.
Changelog.
Improve type matching.
New version. More strict. Drop returnIndex and startIndex params for now.
β οΈ binary-extensions (indirect, 1.13.1 β 2.3.0) Β· Repo
Commits
See the full diff on Github. The new version differs by 14 commits:
2.3.0
Meta tweaks
Add `afdesign`, `afphoto`, and `afpub` (#30)
2.2.0
Add OpenDocument file extensions (#27)
Move to GitHub Actions (#26)
2.1.0
Add more complete set of Linux package formats: snap, flatpak, appimage, rpm (#25)
Tidelift tasks
Add Node.js 12 to testing (#24)
2.0.0
Meta tweaks
Require Node.js 8, add TypeScript definition (#23)
Meta tweaks
β οΈ braces (indirect, 2.3.2 β 3.0.2) Β· Repo Β· Changelog
Release Notes
3.0.0 (from changelog)
v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.
Breaking Changes
- The undocumented
.makeRe
method was removedNon-breaking changes
- Caching was removed
Does any of this look wrong? Please let us know.
β οΈ chokidar (indirect, 2.1.6 β 3.6.0) Β· Repo Β· Changelog
Release Notes
3.6.0
What's Changed
- fix readyCount logic by @JLHwung in #1288
- handle MustScanSubDirs by @MarcCelani-at in #1197
- update fs.FSWatcher types to satisfy nodejs versions >= 16; fixes #1299 by @ben-polinsky in #1300
New Contributors
- @Mutahhar made their first contribution in #1226
- @zqianem made their first contribution in #1242
- @JLHwung made their first contribution in #1288
- @MarcCelani-at made their first contribution in #1197
- @ben-polinsky made their first contribution in #1300
Full Changelog: 3.5.3...3.6.0
3.5.2
"Update" glob-parent dependency from ~5.1.0 to ~5.1.2 to silence "vulnerability" warnings
3.5.0
- Support for ARM Macs with Apple Silicon.
- Fixed missing removal of symlinks when the target path was deleted (#1042)
3.2.1
Improve Linux RAM usage by 50%. Stability optimizations. Race condition fixes. Windows glob fixes.
3.1.1
Fixes "Expected pattern to be a non-empty string" (#871)
3.1.0
Emit dotfiles by default. You can filter them out by using ignored option.
Improves Linux performance by 50%.
3.0.2
- Brings
bigint
support tostat
outputs on windows.- Fixes
ready
event emission for symlink directories.
3.0.1
- Fixes "Assertion failed" errors when a watcher is closed
- General optimizations
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β οΈ cliui (indirect, 3.2.0 β 7.0.4) Β· Repo Β· Changelog
Release Notes
7.0.4
Bug Fixes
7.0.3
Bug Fixes
7.0.2
Bug Fixes
7.0.1
Bug Fixes
- build: main should be build/index.cjs (dc29a3c)
7.0.0
β BREAKING CHANGESBuild System
Code Refactoring
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 57 commits:
chore: release 7.0.4 (#98)
chore(deps): update to latest standardx (#99)
fix(deno): import UIOptions from definitions (#97)
chore: release 7.0.3 (#94)
chore(deps): update dependency gts to v3 (#90)
fix(exports): node 13.0 and 13.1 require the dotted object form _with_ a string fallback (#93)
chore: release 7.0.2 (#92)
build: use action for publishing
build: hack to allow CI to be kicked off by label
fix(exports): node 13.0-13.6 require a string fallback (#91)
build: update release-please
chore(deps): update typescript-eslint monorepo to v4 (#86)
chore(deps): update dependency typescript to v4 (#84)
chore: release 7.0.1 (#83)
fix(build): main should be build/index.cjs
chore: fix repository format
chore: release 7.0.0 (#81)
build: configure automated publication
chore: add missing @types/node
refactor!: tsc/ESM/Deno support (#82)
build!: modernize deps and build (#80)
chore: add renovate config
chore: release 6.0.0 (#68)
chore: update deps, remove unused deps (#70)
chore: 100% coverage. (#69)
chore(docs): fix up headings in CHANGELOG
force build
build: add release-please (#66)
refactor!: update deps, drop Node 6
chore(release): 5.0.0
chore: fix testing when stdout does not support color-codes. (#62)
force build
fix: Update wrap-ansi to fix compatibility with latest versions of chalk. (#60)
docs: Replace `ui.row` with `ui.div` (#58)
chore(release): 4.1.0
chore: slight tweak to wording in README
feat: add resetOutput method (#57)
chore(release): 4.0.0
chore: switch to release from version
feat: add fallback for window width (#45)
docs: document the `text` property of a column (#50)
fix: set env variable FORCE_COLOR. (#56)
Revert "fix: downgrades strip-ansi to version 3.0.1 (#54)" (#55)
fix: downgrades strip-ansi to version 3.0.1 (#54)
chore: drop support for node < 4 (#53)
chore(package): update nyc to version 10.0.0
chore(package): update nyc to version 9.0.1
chore(package): update standard-version to version 3.0.0 (#44)
chore(package): update standard to version 8.0.0 (#42)
Merge pull request #41 from yargs/greenkeeper-nyc-8.1.0
chore(package): update nyc to version 8.1.0
Merge pull request #39 from yargs/greenkeeper-mocha-3.0.0
chore(package): update mocha to version 3.0.0
Merge pull request #38 from yargs/greenkeeper-nyc-7.0.0
chore(package): update nyc to version 7.0.0
chore(package): update nyc to version 6.6.0
chore(package): update standard to version 7.0.1 (#35)
β οΈ convert-source-map (indirect, 1.6.0 β 2.0.0) Β· Repo
Commits
See the full diff on Github. The new version differs by 15 commits:
2.0.0
feat(BREAKING): Replace mapFileDir argument with a function for reading the source map (#76)
feat!: Support URI encoded source maps (#75)
feat: Make comment RegExps non-greedy to prevent some max call stack errors (#65)
chore: Drop support for node below v4 (#78)
1.9.0
chore: Fix CI badge image
chore: Fix CI badge
feat: Remove SafeBuffer & support base64 in the browser (#74)
feat: replace Travis-CI with GitHub Actions (#77)
1.8.0
updated index.js for error facing on unit testing (#71)
chore: removing obsolete badges from readme
1.7.0
Ignore the fs module in browser builds
β οΈ copy-props (indirect, 2.0.4 β 4.0.0) Β· Repo Β· Changelog
Security Advisories π¨
π¨ Prototype Pollution in copy-props
The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.
Release Notes
4.0.0
β BREAKING CHANGES
- Upgrade each-props to v3.0.0
- Remove pre-built browser bundles (#13)
Miscellaneous Chores
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 21 commits:
chore: Release 4.0.0 (#14)
chore: Run prettier
chore!: Remove pre-built browser bundles (#13)
chore: Release 3.0.1 (#10)
chore: Update license
fix(ci): Rename prettierignore typo & avoid formatting web
fix: Update dependencies
chore: Run prettier
chore: Release 3.0.0 (#9)
chore: Run prettier
chore!: Normalize repository, dropping node <10.13 support (#8)
2.0.5
Fix: Avoids prototype pollution (#7)
Merge: Transfer ownership to Gulp Team (#6)
Doc: Transfer ownership to Gulp Team
Merge: Update dependencies and expand ci test versions (#5)
Test: Update npm to v4 when nodejs is v5 because of npm install error.
Test: Run coveralls when nodejs >= 6 because of its supports
Test: Add nodejs v11-v14 into ci test versions
Doc: Update license years
Build: Update versions of dependencies
β οΈ end-of-stream (indirect, 1.4.1 β 1.4.4) Β· Repo
Commits
See the full diff on Github. The new version differs by 14 commits:
1.4.4
fix multistream+others regression
1.4.3
make destroyed check cleaner
1.4.2
move to tape tests for better debugging
Add Travis CI (#20)
Add test of http streams (#21)
Improve test error asserts (#22)
Add more tests for eos error state (#23)
moved the pumpify tests to pumpify
random -> urandom and some cleanup
Add failing pumpify test (#17)
use .destroy to close fs streams
β οΈ fill-range (indirect, 4.0.0 β 7.0.1) Β· Repo
Sorry, we couldn't find anything useful about this release.
β οΈ findup-sync (indirect, 3.0.0 β 5.0.0) Β· Repo Β· Changelog
Release Notes
5.0.0
β BREAKING CHANGES
- Normalize repository, dropping node <10.13 support (#52)
Miscellaneous Chores
4.0.0
Breaking
- Drop support for node <8 (4e46134)
Upgrade
- Update micromatch & devDeps (b926b21)
Build
Scaffold
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 9 commits:
chore: Release 5.0.0 (#53)
chore!: Normalize repository, dropping node <10.13 support (#52)
Release: 4.0.0
Upgrade: Update micromatch & devDeps
Build: Ignore fixtures directory when linting
Scaffold: Update license year
Build: Disable npm audit
Breaking: Drop support for node <8
Scaffold: Update repository template
β οΈ fsevents (indirect, 1.2.9 β 2.3.3) Β· Repo
Security Advisories π¨
π¨ Code injection in fsevents
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.
Release Notes
2.3.3
Released to npm as v2.3.3
2.3.2
Released to npm as v2.3.2
2.3.1
Released to npm as v2.3.1
Release contains universal binary for x86 & amd64 (m1) chips
2.2.2
Released to npm as v2.2.2
Universal Binary Support x86-64 & amd64(m1)
2.2.0
Electron Enabled (no static functions/variables)
2.1.0
Latest stable release
2.0.6
Include essential files only.
2.0.1
Fixing the API for chokidar since it was calling FSEvents as a constructor
2.0.0
We have upgraded to N-API. For that reason we have also dropped support for node < 6.
For that reason, we have made this a major version bump so dependents have to opt in. The actual API remains entirely the same, so if you are depending on fsevents, it should be as simple as changing the version number in your
package.json
.
1.2.13
Only build on Mac-OSX
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β οΈ function-bind (indirect, 1.1.1 β 1.1.2) Β· Repo Β· Changelog
Commits
See the full diff on Github. The new version differs by 26 commits:
v1.1.2
[meta] add `auto-changelog`
[Robustness] remove runtime dependency on all builtins except `.apply`
[Dev Deps] update `@ljharb/eslint-config`, `aud`, `tape`
[meta] add `funding` field; create FUNDING.yml
[Tests] use `aud` instead of `npm audit`
[meta] update `.gitignore`
[Tests] switch to nyc for coverage
[meta] add `safe-publish-latest`
[Dev Deps] update `@ljharb/eslint-config`, `tape`
[actions] fix permissions
Revert "Point to the correct file"
Merge pull request #16 from svedova/patch-1
Point to the correct file
[readme] update badges
[meta] use `npmignore` to autogenerate an npmignore file
[Tests] migrate tests to Github Actions
[Dev Deps] update `eslint`, `@ljharb/eslint-config`, `tape`
[meta] create SECURITY.md
[Tests] fix eslint errors from #15
[DevΒ Deps] updateΒ `@ljharb/eslintβconfig`, `eslint`,Β `tape`
[Tests] up to `node` `v11.10`, `v10.15`, `v9.11`, `v8.15`, `v6.16`, `v4.9`; use `nvm install-latest-npm`; run audit script in tests
[Tests] add `npm run audit`
[Tests] remove `jscs`
[Dev Deps] update `eslint`, `@ljharb/eslint-config`, `covert`, `tape`
Docs: enable badges; update wording
β οΈ get-caller-file (indirect, 1.0.3 β 2.0.5) Β· Repo
Commits
See the full diff on Github. The new version differs by 37 commits:
release v2.0.5 π
Merge pull request #17 from stefanpenner/types-node-fix
[Fixes #16] move @types/node to dev dependency
Update lockfile
release v2.0.4 π
remove another d.ts file
release v2.0.3 π
Remove index.d.ts file
release v2.0.2 π
update lockfile
Merge pull request #15 from stefanpenner/typescript
Merge branch 'master' into typescript
Correct node version
use yarn
travis.yml
typescript
release v2.0.1 π
Merge pull request #14 from stefanpenner/typescript
use yarn
travis.yml
typescript
release v2.0.1 π
Merge pull request #12 from stefanpenner/readme
Update Readme
Merge pull request #11 from stefanpenner/revert-8-master
Revert "Add node 9 to supported node engines"
Merge pull request #8 from dyniper/master
Add node 9 to supported node engines
release v2.0.0 π
Merge pull request #6 from stefanpenner/bump-engine
Bump node engine support
Merge pull request #3 from GramozKrasniqi/feature-errorStackOverflow
* Fix test
Change let/const to var
go back to function syntax beacuse of node 0.12
Disabled tests no idea why they are outputing error from mocha. Support please if you can.
throw exception if overflowing errorStackLimit
β οΈ glob-parent (indirect, 3.1.0 β 5.1.2) Β· Repo Β· Changelog
Security Advisories π¨
π¨ glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS)
glob-parent before 6.0.1 and 5.1.2 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1 and 5.1.2.
π¨ glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Commits
See the full diff on Github. The new version differs by 23 commits:
chore: update changelog
chore: release 5.1.2
fix: eliminate ReDoS (#36)
chore: add JSDoc returns information (#33)
chore: generate initial changelog
chore: release 5.1.1
ci: try wrapping the JOB_ID in a string
ci: attempt to switch to published coveralls
ci: put the npm step back in for only Windows
ci: update azure build images
ci: add npm revert step to azure
fix: unescape exclamation mark (#26)
ci: attempt to get flakey ci working
chore: release 5.1.0
feat: add `flipBackslashes` option to disable auto conversion of slashes (closes #24) (#25)
chore: release 5.0.0
chore!: Drop support for node <6 & bump dependencies
chore: release 4.0.0
feat: hoist regexps and strings for performance gains
feat!: question marks are valid path characters on Windows so avoid flagging as a glob when alone
feat!: Update is-glob dependency
chore: normalize repository
docs: notate * character name as asterisk
β οΈ glob-stream (indirect, 6.1.0 β 8.0.1) Β· Repo Β· Changelog
Release Notes
8.0.1
Bug Fixes
8.0.0
β BREAKING CHANGES
- Switch to streamx (#119)
- Combine GlobStream & GlobReadable into unified API
- Replace glob with anymatch & custom directory walk (#118)
- Drop support for ordered globs (#115)
Features
- Combine GlobStream & GlobReadable into unified API (6aad264)
- Replace glob with anymatch & custom directory walk (#118) (6aad264)
- Switch to streamx (#119) (8d6b35c)
Bug Fixes
- Normalize cwd on windows (8d6b35c)
- Properly handle glob-like characters in paths (#117) (872a957)
- Resolve cwd to support relative cwd paths (8d6b35c)
Miscellaneous Chores
7.0.0
β BREAKING CHANGES
- Normalize repository, dropping node <10.13 support (#101)
Miscellaneous Chores
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 20 commits:
chore: Release 8.0.1 (#123)
fix: Avoid pushing additional paths to queue when error occurs (#124)
fix: Traverse symlink folders (#122)
chore(docs): Remove node-glob reference
chore: Release 8.0.0 (#116)
feat!: Switch to streamx (#119)
chore: Remove the order negation wording in docs
chore: Update CI badge
chore: Remove node-glob from references
feat!: Replace glob with anymatch & custom directory walk (#118)
fix: Properly handle glob-like characters in paths (#117)
chore!: Drop support for ordered globs (#115)
chore: Remove extend dependency and use Object.assign (#114)
chore: Release 7.0.0 (#109)
chore: Remove some old cruft
chore: Run prettier
chore!: Normalize repository, dropping node <10.13 support (#101)
chore: Tidelift tasks
chore: Add support-bot template
chore: Enforce consistent line endings
β οΈ glogg (indirect, 1.0.2 β 2.2.0) Β· Repo Β· Changelog
Release Notes
2.2.0
Features
2.1.0
Features
2.0.0
β BREAKING CHANGES
- Normalize repository, dropping node <10.13 support (#5)
Miscellaneous Chores
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 7 commits:
β οΈ graceful-fs (indirect, 4.1.15 β 4.2.11) Β· Repo
Commits
See the full diff on Github. The new version differs by 55 commits:
4.2.11
Add EBUSY to handled error codes for windows directory rename
update and improve tests somewhat
4.2.10
fix spurious ENOTEMPTY in test on windows ci
avoid spurious EBUSY in windows CI tests
ci: output raw tap from test
actually fix memory leak test failing spuriously
fix memory leak test failing spuriously
do not try to patch missing fs functions
Avoid setPrototypeOf if prototype is undefined
install with npm 8
fix: fs.readdir() on ancient nodes that don't know about options
chore: add copyright year to license
ci: makework
4.2.9
fix(stat): support throwIfNoEntry for `statSync`
4.2.8
fix: start retrying immediately, stop after 60 seconds
4.2.7
fix: start retrying immediately, stop after 10 attempts
chore: refactor readdir to be consistent
Fix copyFile wrapper when retry hits EMFILE again
Clarify README.md regarding sync methods (#207)
4.2.6
fix: TypeError when loading graceful-fs from worker threads
fix: copyFile with flags
run tests in color mode
4.2.5
Avoid hitting __proto__
Copy over process.chdir.disabled if set
Support copyFile
s/travis/GitHub Actions/
run tests with coverage
4.2.4
fix: attach queue to fs module in addition to global
4.2.3
Split legacy stream properties from regular ones.
4.2.2
Do not inadvertently monkeypatch fs streams
Hide fs.close and fs.closeSync previous symbols
Add Node.js 0.x polyfill for global retry queue name
Create/use global shared retry queue.
4.2.1
Fix `util.promisify` for patched read function
update deps
4.2.0
push to github with one command, not two
add node 12 to travis
Minor code restructuring on fs.stat options
tap@12.7.0
Always load graceful-fs BEFORE tap in tests
update memory leak test for node v12.4
Add basic test for stat functions with 3 arguments when supported
Allow stat functions to accept 3 arguments (target, options, cb)
β οΈ inherits (indirect, 2.0.3 β 2.0.4) Β· Repo
Commits
See the full diff on Github. The new version differs by 6 commits:
β οΈ ini (indirect, 1.3.5 β 1.3.8) Β· Repo Β· Changelog
Security Advisories π¨
π¨ ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Overview
The
ini
npm package before version 1.3.6 has a Prototype Pollution vulnerability.If an attacker submits a malicious INI file to an application that parses it with
ini.parse
, they will pollute the prototype on the application. This can be exploited further depending on the context.Patches
This has been patched in 1.3.6.
Steps to reproduce
payload.ini
[__proto__] polluted = "polluted"
poc.js:
var fs = require('fs') var ini = require('ini') var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8')) console.log(parsed) console.log(parsed.proto) console.log(polluted)
> node poc.js {} { polluted: 'polluted' } { polluted: 'polluted' } polluted
Commits
See the full diff on Github. The new version differs by 9 commits:
β οΈ interpret (indirect, 1.2.0 β 3.1.1) Β· Repo Β· Changelog
Release Notes
3.1.1
Bug Fixes
- Include cjs-stub in npm bundle (4f7d798)
3.1.0
Features
3.0.0
β BREAKING CHANGES
- Provide default configuration in register functions (#83)
- Only load sucrase tsx hook for
.tsx
extension- Normalize repository, dropping node <10.13 support (#80)
- Remove legacy node-jsx hook
- Remove deprecated typescript-node hook
- Remove deprecated typescript-register hook
- Remove unmaintained typescript-require hook
- Replace legacy require-yaml with yaml-hook
- Remove legacy require-xml support
- Remove legacy/deprecated babel hooks
- Remove legacy buble support
- Remove legacy cirru-script support
- Remove legacy node-cjsx support
- Remove legacy coco support
- Remove legacy/deprecated coffeescript hooks
- Remove legacy require-csv support
- Remove legacy earlgrey support
- Remove legacy iced-coffee-script support
- Remove legacy require-ini support
- Remove legacy json5 hook
- Remove legacy livescript support
- Remove legacy wisp support
- Drop legacy loaders & extensions (#79)
- Ensure babel only transforms files that match the full extension
Features
- Add
.cjs
extension and stub hook (#75) (7989161)- Add
@swc/register
as a loader for.ts
and.tsx
extensions (#74) (f160451)- Add esbuild-register for typescript extensions (#77) (963f5fa)
- Add new extensions as JS variants (8a8df59)
- Add sucrase hook as alternative for
.jsx
(58f678e)- Add support for
.esbuild.(js|jsx|ts|tsx)
extensions (fcb9672)- Add support for
.sucrase.(js|jsx|ts|tsx)
extensions (216ad12)- Add support for
.swc.(js|jsx|ts|tsx)
extensions (c054cf2)- Allow register function configuration to be overridden (7856f7e)
- Leverage endsWith instead of RegExp in matchers (#82) (6404724)
- Provide default configuration in register functions (#83) (7856f7e)
- Support
.babel.(jsx|tsx)
extensions (1e3d0f8)- Support
.mdx
extension hook (#85) (cd24c39)Bug Fixes
- Apply correct ordering to esbuild-register (fcfbdb4)
- Ensure babel only transforms files that match the full extension (81ed502)
- Ensure esbuild-register only applies to ts or tsx files (5680b3f)
- Only load sucrase tsx hook for
.tsx
extension (e9376a1)Miscellaneous Chores
- Drop legacy loaders & extensions (#79) (18a0319)
- Normalize repository, dropping node <10.13 support (#80) (7b69c63)
- Remove deprecated typescript-node hook (18a0319)
- Remove deprecated typescript-register hook (18a0319)
- Remove legacy buble support (18a0319)
- Remove legacy cirru-script support (18a0319)
- Remove legacy coco support (18a0319)
- Remove legacy earlgrey support (18a0319)
- Remove legacy iced-coffee-script support (18a0319)
- Remove legacy json5 hook (18a0319)
- Remove legacy livescript support (18a0319)
- Remove legacy node-cjsx support (18a0319)
- Remove legacy node-jsx hook (18a0319)
- Remove legacy require-csv support (18a0319)
- Remove legacy require-ini support (18a0319)
- Remove legacy require-xml support (18a0319)
- Remove legacy wisp support (18a0319)
- Remove legacy/deprecated babel hooks (18a0319)
- Remove legacy/deprecated coffeescript hooks (18a0319)
- Remove unmaintained typescript-require hook (18a0319)
- Replace legacy require-yaml with yaml-hook (18a0319)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 58 commits:
chore: Release 3.1.1 (#93)
fix: Include cjs-stub in npm bundle
chore: Release 3.1.0 (#91)
chore: Remove some crufty files
chore: Update readme & run prettier
feat: Add `.cts` to support typescript 4.7 (#90)
chore: Release 3.0.0 (#81)
feat!: Provide default configuration in register functions (#83)
chore: Update readme & run prettier
chore: Auto-generate the supported hooks & extensions in CI (#86)
chore: Run prettier
feat: Support `.mdx` extension hook (#85)
feat: Add `.cjs` extension and stub hook (#75)
chore: Avoid timeouts on tests (#87)
feat: Add support for `.swc.(js|jsx|ts|tsx)` extensions
chore: Run prettier
chore: Fix supported syntax in sucrase tests
chore: Run prettier
feat: Add sucrase hook as alternative for `.jsx`
chore: Run prettier
feat: Add support for `.sucrase.(js|jsx|ts|tsx)` extensions
fix!: Only load sucrase tsx hook for `.tsx` extension
chore: Run prettier
feat: Leverage endsWith instead of RegExp in matchers (#82)
chore: Run prettier
chore!: Normalize repository, dropping node <10.13 support (#80)
chore!: Drop legacy loaders & extensions (#79)
chore: Ensure package-lock.json is cleaned before tests
feat: Add `@swc/register` as a loader for `.ts` and `.tsx` extensions (#74)
feat: Add new extensions as JS variants
feat: Support `.babel.(jsx|tsx)` extensions
fix!: Ensure babel only transforms files that match the full extension
feat: Add support for `.esbuild.(js|jsx|ts|tsx)` extensions
fix: Ensure esbuild-register only applies to ts or tsx files
chore: Update test fixtures with fallible TS syntax
fix: Apply correct ordering to esbuild-register
feat: Add esbuild-register for typescript extensions (#77)
Release: 2.2.0
New: Support .mjs extension (closes #65)
Build: Add node 12/14 & set maxVersions
Release: 2.1.0
New: Add sucrase for typescript extensions (#66)
Update: Add babel de-register workaround to tests (closes #63)
Update: Make tests less flakey
Scaffold: Update FUNDING list
Release: 2.0.0
Docs: Update extensions map
Docs: Add enterprise language
Breaking: Ensure babel ignores non-.babel.js/ts/jsx files & enable upward-optional mode (fixes #39, #41, #54) (#58)
Scaffold: Complete Tidelift tasks
Update: Switch coverage tool to nyc and coveralls
Update: Upgrade rechoir in devDependencies
Update: Fix test failure about .toml
Scaffold: Add package-lock.json to .gitignore
Update: Pass updated eslint rules
Scaffold: Add FUNDING.yml with Tidelift integration
Update: Support json5/lib/register
Build: Avoid unintentionally skipped tests
β οΈ is-binary-path (indirect, 1.0.1 β 2.1.0) Β· Repo
Commits
See the full diff on Github. The new version differs by 11 commits:
β οΈ is-fullwidth-code-point (indirect, 1.0.0 β 3.0.0) Β· Repo
Release Notes
3.0.0
Breaking:
- Require Node.js 8 15be660
Enhancements:
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 10 commits:
β οΈ is-glob (indirect, 4.0.1 β 4.0.3) Β· Repo
Commits
See the full diff on Github. The new version differs by 8 commits:
β οΈ is-number (indirect, 3.0.0 β 7.0.0) Β· Repo
Commits
See the full diff on Github. The new version differs by 19 commits:
7.0.0
use quotes
run verb to generate readme
refactor
run update
rename
6.0.0
lint, update readme
Merge pull request #14 from benaadams/faster-string-number
Faster string checking
5.0.0
run verb to generate readme
minor optimization
run update
4.0.0
run verb to generate readme documentation
run `update` and `lint-deps`
Merge pull request #8 from realityking/master
Remove dependency on kind-of
β οΈ is-plain-object (indirect, 2.0.4 β 5.0.0) Β· Repo
Release Notes
5.0.0
- Migrated from default to named export (see why here lukeed/klona#17):
ESM/TypeScript
- import isPlainObject from 'is-plain-object'; + import { isPlainObject } from 'is-plain-object';CommonJS
- const isPlainObject = require('is-plain-object'); + const { isPlainObject } = require('is-plain-object');
- Added native ESM support via
exports
mapping
4.1.0
Reduced size and added type guide to ts definition (thanks to @lifeiscontent)
4.0.0
In this release
Object.create(null)
is considered as plain object as well.
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 22 commits:
v5.0.0
Add esm support and migrate to named export
v4.1.1
Revert object assertion because of caused issues
v4.1.0
Update index.d.ts (#21)
Simplify code and drop isobject dependency
Fix readme
v4.0.0
Support Object.create(null) as plain object (#23)
Upgrade rollup
v3.0.1
Bundle isobject to make the package dependency free
Updated mocha-headless-chrome version to v3.1.0 (#22)
3.0.0
Update readme
Provide "module" entry point (#16)
Remove bower support (#13)
Merge pull request #15 from jonschlinkert/puppeteer
Fix browser bundle generation
Ignore bundled isPlainObject
Replace phantomjs with puppeteer
β οΈ liftoff (indirect, 3.1.0 β 5.0.0) Β· Repo Β· Changelog
Release Notes
5.0.0
β BREAKING CHANGES
- Define
configFiles
with an array to prioritize configs (#133)- Populate additional preload modules with
configFiles
(#131)- Lookup
configPath
inconfigFiles
(#128)Features
- Define
configFiles
with an array to prioritize configs (#133) (55123fc)- Lookup
configPath
inconfigFiles
(#128) (5301335)- Populate additional preload modules with
configFiles
(#131) (fad21a9)Bug Fixes
4.0.0
β BREAKING CHANGES
- Support
extends
syntax in config files (#103)- Normalize repository, dropping node <10.13 support (#118)
- call
env.completion
inside execute to allow additional configuration (#106)- Rename
opts.require
toopts.preload
- Rename events to be more specific
- Remove launch API
Features
- Add beforeRequire event (65f350d)
- Rename
opts.require
toopts.preload
(596926a)- Rename events to be more specific (cbb8456)
- Support
extends
syntax in config files (#103) (68c9db7)Bug Fixes
- call
env.completion
inside execute to allow additional configuration (#106) (2a1fc4b)- Update rechoir to support dots in config name (33a6286)
Miscellaneous Chores
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 18 commits:
chore: release 5.0.0 (#129)
feat!: Define `configFiles` with an array to prioritize configs (#133)
feat!: Populate additional preload modules with `configFiles` (#131)
fix: Disallow non-string `configPath` overrides (#130)
feat!: Lookup `configPath` in `configFiles` (#128)
chore: Run prettier
chore: Modify wrong descriptions about opts.configFiles (#125)
chore: Release 4.0.0 (#123)
chore: Fix v8flags link
chore: Upgrade gulpjs dependencies to latest versions
feat!: Support `extends` syntax in config files (#103)
chore!: Normalize repository, dropping node <10.13 support (#118)
fix!: call `env.completion` inside execute to allow additional configuration (#106)
feat!: Rename `opts.require` to `opts.preload`
feat!: Rename events to be more specific
feat: Add beforeRequire event
fix: Update rechoir to support dots in config name
chore!: Remove launch API
β οΈ micromatch (indirect, 3.1.10 β 4.0.5) Β· Repo Β· Changelog
Release Notes
4.0.4
4.0.3
- Enforce newer version of picomatch with bugfixes
4.0.0 (from changelog)
Added
- Adds support for
options.onMatch
. See the readme for details- Adds support for
options.onIgnore
. See the readme for details- Adds support for
options.onResult
. See the readme for detailsBreaking changes
- Removed support for passing an array of brace patterns to
micromatch.braces()
.- To strictly enforce closing brackets (for
{
,[
, and(
), you must now usestrictBrackets=true
instead ofstrictErrors
.cache
- caching and all related options and methods have been removedoptions.unixify
was renamed tooptions.windows
options.nodupes
Was removed. Duplicates are always removed by default. You can override this with custom behavior by using theonMatch
,onResult
andonIgnore
functions.options.snapdragon
was removed, as snapdragon is no longer used.options.sourcemap
was removed, as snapdragon is no longer used, which provided sourcemap support.
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β οΈ normalize-path (indirect, 2.1.1 β 3.0.0) Β· Repo Β· Changelog
Commits
See the full diff on Github. The new version differs by 4 commits:
β οΈ path-parse (indirect, 1.0.6 β 1.0.7) Β· Repo
Security Advisories π¨
π¨ Regular Expression Denial of Service in path-parse
Affected versions of npm package
path-parse
are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Commits
Sorry, we couldn't find anything useful about this release.
β οΈ readable-stream (indirect, 2.3.6 β 3.6.2) Β· Repo
Release Notes
3.6.2
What's Changed
Full Changelog: v3.6.1...v3.6.2
3.6.0
3.5.0
- Update to Node v10.18.1 #420
2.3.8
What's Changed
Full Changelog: v2.3.7...v2.3.8
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 73 commits:
Bumped v3.6.2
Fix es5 compatibility (#508)
Bump v3.6.1
rebuild
Merge branch 'v3.x' of github.com:nodejs/readable-stream into v3.x
rebuild for Node v10.18.1
fix undefined global in some environments (#502)
Bumped v3.6.0
[Fix] babel's "loose mode" class transform enbrittles BufferList (#428)
Bumped v3.5.0
Update to Node v10.18.1 (#420)
doc: indicate stream impl from node versions (#424)
build/test-replacements.js: fix typo. (#415)
Bumped v3.4.0.
Add node v12 to .travis.yml (#410)
add missing exports for browsers (#409)
Travis CI: Remove the deprecated sudo tag (#405)
Bumped v3.3.0.
Build from Node v10.15.3 (#402)
Bumped v3.2.0.
Updated to v10.15.2 (#401)
export * from `stream` when `process.env.READABLE_STREAM === 'disable'` (#399)
Bumped v3.1.1.
Use @babel/preset-env exclusively (#395)
Bumped v3.1.0.
Added yarn.lock to .gitignore
Updated to @babel/core@7, node 10.14.2 (#393)
Ignore airtap and travis configs (#388)
Add build regexp IE11 (isInteger) (#389)
Bumped v3.0.6
Fixed build regexp for IE11. (#369)
Bumped v3.0.5.
Emit no experimental warning in browser. (#367)
Bumped v3.0.4.
Update to node 10 11 (#366)
Bumped v3.0.3.
Updated to Node 10.10 (#363)
Add node >= 6 to package.json (#362)
replace Buffer.alloc() with Buffer.from() where appropriate (#360)
remove Buffer constructor usage (#358) (#359)
Bumped v3.0.2.
Import Node 10.9.0. Redo the fix for util.inspect.custom (#357)
Bumped v3.0.1.
Removed process-nexttick-args as it's not needed anymore (#354)
Fix error messages (#352)
Bumped v3.0.0
Merge branch 'master' into next
Merge branch 'master' into next
Added changelog of breaking changes
Removed inactive members (#351)
Added usage section.
Added a thanks note to Sauce Labs
browsers tests should be passing again
Bumped v3.0.0-rc.3
Updated to Node 10.8.0.
Bumped v3.0.0-rc.2
Added back IE 11.
Removed babel-transform-runtime. Updated to Node 10.6.0.
Bumped v3.0.0-rc.1
README tweaks
Integrate airtap (#345)
only a single entry point
removed dependency on safe-buffer
Removed dependency on core-util-is
Node.js 6 working.
all tests passing
Updated to Node 10.5.0. 2 failures left to go.
.npmignore: "docs/" => "doc/" to match real name (#342)
18 tests to go.
removed comment
Down do 20 failing tests
27 tests to go
Built with 29 tests failing
β οΈ readdirp (indirect, 2.2.1 β 3.6.0) Β· Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β οΈ rechoir (indirect, 0.6.2 β 0.8.0) Β· Repo Β· Changelog
Release Notes
0.8.0
β BREAKING CHANGES
- Normalize repository, dropping node <10.13 support (#40)
Miscellaneous Chores
0.7.1
Fix
Docs
- Add enterprise language (4b3adcc)
Scaffold
- Add FUNDING.yml (64cccd9)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 25 commits:
chore: release 0.8.0 (#42)
chore: Temporarily bump minor for breaking
chore: Remove FUNDING.yml to use gulpjs config
chore: Run prettier
chore!: Normalize repository, dropping node <10.13 support (#40)
Release: 0.7.1
Fix: Support single character extensions (Fixes #38) (#39)
Scaffold: Add FUNDING.yml
Docs: Add enterprise language
Tidelift task
Tidelift task.
Release: 0.7.0
Scaffold: Normalize repository
Upgrade: Update resolve dependency
New: Add support for multiple extension segments (#37)
Build: Simplify tests by moving specific loader tests to interpret
Build: Update Travis configuration
Fix: Update require-xml output & skip some tests on old node
Upgrade: Update typescript & switch to ts-node for devDependencies
Docs: Fix Travis badge location
Update: Simplify onlyErrors logic
Update: Add test for only-errors prepare() with nothrow option
Fix: Correct "is array" expectation
Scaffold: Switch licenses property to license
Update: Improve TypeScript tests
β οΈ resolve (indirect, 1.11.0 β 1.22.8) Β· Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
β οΈ safe-buffer (indirect, 5.1.2 β 5.2.1) Β· Repo
Commits
See the full diff on Github. The new version differs by 14 commits:
5.2.1
Merge pull request #28 from feross/greenkeeper/tape-5.0.0
chore(package): update tape to version 5.0.0
Update README.md
standard *
Merge pull request #27 from feross/greenkeeper/standard-14.0.1
chore(package): update standard to version 14.0.1
Pin standard to workaround npm bug
Update FUNDING.yml
5.2.0
Merge pull request #23 from vkarpov15/patch-1
add FUNDING.yml
add tidelift link
Make SafeBuffer's prototype inherit from Buffer
β οΈ semver (indirect, 5.7.0 β 6.3.1) Β· Repo Β· Changelog
Security Advisories π¨
π¨ semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
π¨ semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Release Notes
6.3.1
6.3.1 (2023-07-10)
Bug Fixes
928e56d
#591 better handling of whitespace (#591) (@lukekarrys, @joaomoreno, @nicolo-ribaudo)
5.7.2
5.7.2 (2023-07-10)
Bug Fixes
2f8fd41
#585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 31 commits:
chore: release 6.3.1
fix: better handling of whitespace (#591)
chore: @npmcli/template-oss@4.16.0
6.3.0
Expose the token enum on the exports
changelog
6.2.0
Add test coverage for bin file
Add `rtl` option to coerce from right to left
coerce(number) will coerce to a string
6.1.3
Handle X ranges properly in includePrelease mode
Add a -0 prerelease on >X and <X ranges
6.1.2
Do not throw when testing invalid version strings
6.1.1
handle undefined version passed to Range.test
added options support for coerce function
Adding docs for clean
6.1.0
Range intersect supports wildcards and ~
tap@14
Remove --save option as it isn't required anymore
Clarify some ^0.0.x & ~.0.0.x cases
Clarify Caret Ranges
Add semver.compareBuild function.
6.0.0
changelog for v6
fix: Improve performance of isSatisfiable function
fix: Fix non-satisfiable ranges so they no longer intersect with anything
fix: Fix Range intersects algorithm
β οΈ string-width (indirect, 1.0.2 β 4.2.3) Β· Repo
Commits
See the full diff on Github. The new version differs by 31 commits:
Upgrade `strip-ansi` dependency
4.2.2
Improve performance (#28)
4.2.1
Improve performance by performing an early exit (#27)
Move to GitHub Actions (#25)
4.2.0
Update to strip-ansi v6.x (#24)
Tidelift tasks
Create funding.yml
Add Node.js 12 to testing (#23)
4.1.0
Refactor TypeScript definition to CommonJS compatible export (#22)
4.0.0
Require Node.js 8
Add TypeScript definition (#21)
3.1.0
Add support for terminal link (#20)
3.0.0
Require Node.js 6
Support emoji (#17)
2.1.1
Meta tweaks
Support combining characters (#12)
2.1.0
Meta tweaks
Update strip-ansi from ^3.0.0 to ^4.0.0 (#10)
Add failing test for #6
Meta tweaks
2.0.0
ES2015ify and require Node.js 4
β οΈ string_decoder (indirect, 1.1.1 β 1.3.0) Β· Repo
Commits
See the full diff on Github. The new version differs by 8 commits:
β οΈ strip-ansi (indirect, 3.0.1 β 6.0.1) Β· Repo
Commits
See the full diff on Github. The new version differs by 19 commits:
Upgrade `ansi-regex`
6.0.0
Require Node.js 8
Tidelift tasks
Tidelift tasks
5.2.0
Meta tweaks
Add TypeScript definition (#28)
Fix readme (#27)
5.1.0
Add support for terminal link (#26)
Add security section
5.0.0
Require Node.js 6 and upgrade dependencies
Add Tidelift mention in the readme
Add related streaming version of this module to the readme (#15)
4.0.0
Bump ansi-regex
Require Node.js 4
β οΈ to-regex-range (indirect, 2.1.1 β 5.0.1) Β· Repo
Commits
See the full diff on Github. The new version differs by 23 commits:
5.0.1
add windows to travis
5.0.0
update docs
improvements to zero-padding
4.0.3
wrap result
4.0.2
run verb to generate readme documentation
use for loop instead of for-in loop in case String.prototype has been modified. Closes #6
4.0.1
4.0.0
run verb to generate readme
es2015
run update, upgrade deps, lint
3.0.0
run verb to generate readme documentation
update examples
update devDependencies
run update
Merge pull request #4 from realityking/dependencies
Update fill-range to version 4.0
Update is-number to version 4.0
β οΈ to-through (indirect, 2.0.0 β 3.0.0) Β· Repo Β· Changelog
Release Notes
3.0.0
β BREAKING CHANGESFeatures
Miscellaneous Chores
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 6 commits:
β οΈ v8flags (indirect, 3.1.3 β 4.0.1) Β· Repo Β· Changelog
Release Notes
4.0.1
Bug Fixes
4.0.0
β BREAKING CHANGES
- Drop support for snake_case flags
- Utilize process.allowedNodeEnvironmentFlags (#63)
- Use SHA-256 for the config file name (#57)
- Normalize repository, dropping node <10.13 support (#60)
Features
Bug Fixes
Miscellaneous Chores
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 17 commits:
chore: Release 4.0.1 (#68)
chore: Cleanup some links
fix: Exclude example flags provided by node (#66)
chore(ci): Ensure fake-bin test case runs on newer node versions (#67)
chore: Release 4.0.0 (#61)
chore: Cleanup for newer node versions (#64)
feat!: Utilize process.allowedNodeEnvironmentFlags (#63)
chore: Run prettier
feat: Remove homedir polyfill (#62)
chore: Run prettier
fix!: Use SHA-256 for the config file name (#57)
chore: Run prettier
chore!: Normalize repository, dropping node <10.13 support (#60)
Release: 3.2.0
Scaffold: Update package description
Update: Add test for colliding flags
New: Also detect node-specific flags (#55)
β οΈ vinyl (indirect, 2.2.0 β 3.0.0) Β· Repo Β· Changelog
Release Notes
3.0.0
β BREAKING CHANGES
- Clone streams with teex
- No longer await all streams to flow before emitting data
- Remove cloneable-readable (#155)
- Remove
inspect
method & rely onutil.inspect.custom
symbol- Normalize repository, dropping node <10.13 support (#151)
Features
- Clone streams with teex (d4868f4)
- No longer await all streams to flow before emitting data (d4868f4)
- Remove cloneable-readable (#155) (d4868f4)
Miscellaneous Chores
2.2.1
Fix
Docs
Build
Scaffold
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 10 commits:
chore: Release 3.0.0 (#154)
feat!: Remove cloneable-readable (#155)
chore: Run prettier
chore!: Normalize repository, dropping node <10.13 support (#151)
Release: 2.2.1
Scaffold: Update repository patterns
Fix: Ensure symbolic link files are cloned properly (closes #143) (#146)
Build: Avoid referencing deprecated Buffer() & update tests to use safer-buffer (#142)
Docs: Improve isCustomProp documentation (ref #144)
Scaffold: Add support-bot template
β οΈ vinyl-fs (indirect, 3.0.3 β 4.0.0) Β· Repo Β· Changelog
Release Notes
4.0.0
β BREAKING CHANGES
- Prefer symlink property set on Vinyl object over its path (#345)
- Avoid error and reflect filesystem stat if futimes not implemented (#341)
- Consider the greater of ctime & mtime when comparing since option (#340)
- Normalize repository, dropping node <10.13 support
- Switch stream implementation to streamx (#333)
Features
- Consider the greater of ctime & mtime when comparing since option (#340) (9f907ba)
- Convert Windows-style paths in
src()
to proper globs (910c8a5)- Prefer symlink property set on Vinyl object over its path (#345) (0ac27a2)
- Replace lazystream with streamx Composer (#344) (a80dae3)
- Switch stream implementation to streamx (#333) (910c8a5)
- Test against streams from core, streamx, and readable-stream (910c8a5)
Bug Fixes
- Add regression test for negative relative globs (#343) (ebe6498)
- Avoid error and reflect filesystem stat if futimes not implemented (#341) (9ba20fd)
- Correct regression with src using arrays of globs (#342) (5659934)
- Reference correct property name in integration testing (#320) (df245a4)
- Workaround symlink stat bug in Node 10 on Windows (910c8a5)
Miscellaneous Chores
- Normalize repository, dropping node <10.13 support (910c8a5)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 19 commits:
chore: Release 4.0.0 (#338)
feat!: Prefer symlink property set on Vinyl object over its path (#345)
feat: Replace lazystream with streamx Composer (#344)
fix: Add regression test for negative relative globs (#343)
fix: Correct regression with src using arrays of globs (#342)
fix!: Avoid error and reflect filesystem stat if futimes not implemented (#341)
feat!: Consider the greater of ctime & mtime when comparing since option (#340)
chore: Add integration test for re-assigning a stream to contents (#339)
chore: Run prettier
feat!: Switch stream implementation to streamx (#333)
Fix: Reference correct property name in integration testing (#320)
Breaking: Add `encoding` option (closes #23) (#287)
Scaffold: Add FUNDING.yml
Docs: Add enterprise language
Docs: Add a line break in Tidelift description
Tidelift tasks
Scaffold: Add support-bot template
Build: Fix node 10 test failures
Build: Swap node 9 for node 10 in matrix
β οΈ wrap-ansi (indirect, 2.1.0 β 7.0.0) Β· Repo
Commits
See the full diff on Github. The new version differs by 30 commits:
7.0.0
Require Node.js 10
Support hyperlinks in supported terminals (#37)
6.2.0
Update to strip-ansi v6.x (#41)
6.1.0
Normalize newline characters (#40)
6.0.0
Require Node.js 8
Tidelift tasks
Force chalk to enable color codes for testing (#34)
5.1.0
Improve handling of invisible sequences in trim mode (#33)
Add Tidelift mention in the readme
Add failing test demonstrating issue #24 with colorized text (#32)
5.0.0
Update dependencies and meta tweaks
Fix a bunch of issues (#30)
4.0.0
Require Node.js 6
Bump dev dependencies
Use escape codes from `ansi-styles` (#22)
3.0.1
Fix space issues at the end of input string (#21)
3.0.0
Add option to not remove whitespace - fixes #9 (#17)
Add support for surrogate pairs and full width characters (#20)
Require Node.js 4 and meta tweaks
Fix no word wrap bug - fixes #18 (#19)
Fix tests (#15)
β οΈ y18n (indirect, 3.2.1 β 5.0.8) Β· Repo Β· Changelog
Security Advisories π¨
π¨ Prototype Pollution in y18n
Overview
The npm package
y18n
before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.POC
const y18n = require('y18n')();y18n.setLocale('proto'); y18n.updateLocale({polluted: true});
console.log(polluted); // true
Recommendation
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.
π¨ Prototype Pollution in y18n
Overview
The npm package
y18n
before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.POC
const y18n = require('y18n')();y18n.setLocale('proto'); y18n.updateLocale({polluted: true});
console.log(polluted); // true
Recommendation
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.
π¨ Prototype Pollution in y18n
Overview
The npm package
y18n
before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.POC
const y18n = require('y18n')();y18n.setLocale('proto'); y18n.updateLocale({polluted: true});
console.log(polluted); // true
Recommendation
Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.
Release Notes
5.0.8
Bug Fixes
- deno: force modern release for Deno (b1c215a)
5.0.7
Bug Fixes
5.0.6
Bug Fixes
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 67 commits:
chore: release 5.0.8 (#129)
fix(deno): force modern release for Deno
chore: release 5.0.7 (#123)
fix(deno): force release for deno (#121)
chore: release 5.0.6 (#118)
fix(webpack): skip readFileSync if not defined (#117)
docs: add entry for v4.0.1 (#114)
chore(deps): update dependency standardx to v6 (#110)
chore: release 5.0.5 (#109)
fix: address prototype pollution issue (#108)
chore: release 5.0.4 (#106)
fix(exports): node 13.0 and 13.1 require the dotted object form _with_ a string fallback (#105)
chore: release 5.0.3 (#104)
fix(exports): node 13.0-13.6 require a string fallback (#103)
build: newest version of action
chore(deps): update dependency gts to v3 (#102)
chore: release 5.0.2 (#101)
fix(deno): update types for deno ^1.4.0 (#100)
chore: release 5.0.1 (#99)
fix: main had old index path (#98)
build: switch package.json to format supported by wombat
chore: release 5.0.0 (#91)
build: experiment with label for kicking off build
chore(deps): update dependency typescript to v4 (#97)
build: fix action release tag
build: use 2.x release
force workflow
build: debugging bad build
build: debugging bad build
build: debugging bad build
build: debugging bad build
build: debugging bad build
build: debugging bad build
feat: add support for ESM and Deno #95)
docs: correct examples in README (#94)
chore: update additional deps (#93)
chore(deps): update dependency mocha to v8 (#88)
build: remove unused standard-version
ci: remove coveralls (#92)
build: add release-please workflow
build!: drops Node 6 and 4. begin following Node.js LTS schedule (#89)
chore: add renovate config
chore(package): update standard-version to version 5.0.0 (#73)
chore(release): 4.0.0
chore: add standard-version as npm run release (#54)
chore(package): update mocha to version 4.0.1 (#52)
chore(package): update coveralls to version 3.0.0 (#51)
chore(package): update chai to version 4.0.1 (#46)
fix: allow support for falsy values like 0 in tagged literal (#45)
chore(package): update nyc to version 11.0.1 (#47)
feat(__): added tagged template literal support (#44)
chore(package): update standard to version 10.0.0-beta.0 (#40)
chore(package): update nyc to version 10.0.0
chore(package): update nyc to version 9.0.1
chore: merge pull request #36 from yargs/greenkeeper-standard-8.0.0
Merge pull request #35 from yargs/greenkeeper-nyc-8.1.0
chore(package): update nyc to version 8.1.0
Merge pull request #33 from yargs/greenkeeper-mocha-3.0.0
chore(package): update mocha to version 3.0.0
Merge pull request #30 from yargs/update_travis
Merge pull request #32 from yargs/greenkeeper-nyc-7.0.0
chore(package): update nyc to version 7.0.0
Add support for testing on Node.js v6
Remove unnecessary slashes in path.join statements
Using path.join() instead of concatenation to create paths
chore(package): update standard to version 7.1.0
chore(package): update nyc to version 6.4.2
β οΈ yargs (indirect, 7.1.0 β 16.2.0) Β· Repo Β· Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 6 commits:
β οΈ yargs-parser (indirect, 5.0.0 β 20.2.9)
Security Advisories π¨
π¨ yargs-parser Vulnerable to Prototype Pollution
Affected versions of
yargs-parser
are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ofObject
, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument--foo.__proto__.bar baz'
adds abar
property with valuebaz
to all objects. This is only exploitable if attackers have control over the arguments being passed toyargs-parser
.Recommendation
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
π¨ Prototype Pollution in yargs-parser
Affected versions of
yargs-parser
are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ofObject
, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument--foo.__proto__.bar baz'
adds abar
property with valuebaz
to all objects. This is only exploitable if attackers have control over the arguments being passed toyargs-parser
.Recommendation
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
π¨ yargs-parser Vulnerable to Prototype Pollution
Affected versions of
yargs-parser
are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ofObject
, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument--foo.__proto__.bar baz'
adds abar
property with valuebaz
to all objects. This is only exploitable if attackers have control over the arguments being passed toyargs-parser
.Recommendation
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
π¨ yargs-parser Vulnerable to Prototype Pollution
Affected versions of
yargs-parser
are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ofObject
, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument--foo.__proto__.bar baz'
adds abar
property with valuebaz
to all objects. This is only exploitable if attackers have control over the arguments being passed toyargs-parser
.Recommendation
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
π¨ yargs-parser Vulnerable to Prototype Pollution
Affected versions of
yargs-parser
are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ofObject
, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument--foo.__proto__.bar baz'
adds abar
property with valuebaz
to all objects. This is only exploitable if attackers have control over the arguments being passed toyargs-parser
.Recommendation
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
Sorry, we couldn't find anything useful about this release.
π @βgulpjs/messages (added, 1.1.0)
π @βgulpjs/to-absolute-glob (added, 4.0.0)
π ansi-styles (added, 4.3.0)
π bare-events (added, 2.2.2)
π base64-js (added, 1.5.1)
π bl (added, 5.1.0)
π buffer (added, 6.0.3)
π chalk (added, 4.1.2)
π color-convert (added, 2.0.1)
π color-name (added, 1.1.4)
π emoji-regex (added, 8.0.0)
π escalade (added, 3.1.2)
π fast-fifo (added, 1.3.2)
π fast-levenshtein (added, 3.0.0)
π fastest-levenshtein (added, 1.0.16)
π fastq (added, 1.17.1)
π gulp-cli (added, 3.0.0)
π has-flag (added, 4.0.0)
π hasown (added, 2.0.2)
π iconv-lite (added, 0.6.3)
π ieee754 (added, 1.2.1)
π is-core-module (added, 2.13.1)
π picomatch (added, 2.3.1)
π queue-tick (added, 1.0.1)
π reusify (added, 1.0.4)
π safer-buffer (added, 2.1.2)
π stream-composer (added, 1.0.2)
π streamx (added, 2.16.1)
π supports-color (added, 7.2.0)
π supports-preserve-symlinks-flag (added, 1.0.0)
π sver (added, 1.8.4)
π teex (added, 1.0.1)
π vinyl-contents (added, 2.0.0)
π οΈ ansi-colors (removed)
π οΈ ansi-gray (removed)
π οΈ ansi-wrap (removed)
π οΈ append-buffer (removed)
π οΈ archy (removed)
π οΈ arr-diff (removed)
π οΈ arr-filter (removed)
π οΈ arr-flatten (removed)
π οΈ arr-map (removed)
π οΈ arr-union (removed)
π οΈ array-initial (removed)
π οΈ array-last (removed)
π οΈ array-sort (removed)
π οΈ array-unique (removed)
π οΈ assign-symbols (removed)
π οΈ async-each (removed)
π οΈ atob (removed)
π οΈ balanced-match (removed)
π οΈ base (removed)
π οΈ brace-expansion (removed)
π οΈ buffer-equal (removed)
π οΈ buffer-from (removed)
π οΈ cache-base (removed)
π οΈ camelcase (removed)
π οΈ class-utils (removed)
π οΈ clone-buffer (removed)
π οΈ cloneable-readable (removed)
π οΈ code-point-at (removed)
π οΈ collection-map (removed)
π οΈ collection-visit (removed)
π οΈ color-support (removed)
π οΈ component-emitter (removed)
π οΈ concat-map (removed)
π οΈ concat-stream (removed)
π οΈ copy-descriptor (removed)
π οΈ core-util-is (removed)
π οΈ d (removed)
π οΈ debug (removed)
π οΈ decamelize (removed)
π οΈ decode-uri-component (removed)
π οΈ default-compare (removed)
π οΈ default-resolution (removed)
π οΈ define-properties (removed)
π οΈ define-property (removed)
π οΈ duplexify (removed)
π οΈ error-ex (removed)
π οΈ es5-ext (removed)
π οΈ es6-iterator (removed)
π οΈ es6-symbol (removed)
π οΈ es6-weak-map (removed)
π οΈ expand-brackets (removed)
π οΈ extend-shallow (removed)
π οΈ extglob (removed)
π οΈ fancy-log (removed)
π οΈ find-up (removed)
π οΈ flush-write-stream (removed)
π οΈ fragment-cache (removed)
π οΈ fs.realpath (removed)
π οΈ get-value (removed)
π οΈ glob (removed)
π οΈ has-symbols (removed)
π οΈ has-value (removed)
π οΈ has-values (removed)
π οΈ hosted-git-info (removed)
π οΈ inflight (removed)
π οΈ invert-kv (removed)
π οΈ is-accessor-descriptor (removed)
π οΈ is-arrayish (removed)
π οΈ is-buffer (removed)
π οΈ is-data-descriptor (removed)
π οΈ is-descriptor (removed)
π οΈ is-extendable (removed)
π οΈ is-utf8 (removed)
π οΈ isarray (removed)
π οΈ json-stable-stringify-without-jsonify (removed)
π οΈ just-debounce (removed)
π οΈ kind-of (removed)
π οΈ lazystream (removed)
π οΈ lcid (removed)
π οΈ load-json-file (removed)
π οΈ make-iterator (removed)
π οΈ map-visit (removed)
π οΈ matchdep (removed)
π οΈ minimatch (removed)
π οΈ mixin-deep (removed)
π οΈ ms (removed)
π οΈ nan (removed)
π οΈ nanomatch (removed)
π οΈ next-tick (removed)
π οΈ normalize-package-data (removed)
π οΈ number-is-nan (removed)
π οΈ object-copy (removed)
π οΈ object-keys (removed)
π οΈ object-visit (removed)
π οΈ object.assign (removed)
π οΈ object.map (removed)
π οΈ object.reduce (removed)
π οΈ ordered-read-streams (removed)
π οΈ os-locale (removed)
π οΈ parse-json (removed)
π οΈ parse-node-version (removed)
π οΈ pascalcase (removed)
π οΈ path-dirname (removed)
π οΈ path-exists (removed)
π οΈ path-is-absolute (removed)
π οΈ path-type (removed)
π οΈ pify (removed)
π οΈ pinkie (removed)
π οΈ pinkie-promise (removed)
π οΈ posix-character-classes (removed)
π οΈ pretty-hrtime (removed)
π οΈ process-nextick-args (removed)
π οΈ pump (removed)
π οΈ pumpify (removed)
π οΈ read-pkg (removed)
π οΈ read-pkg-up (removed)
π οΈ regex-not (removed)
π οΈ remove-bom-buffer (removed)
π οΈ remove-bom-stream (removed)
π οΈ repeat-element (removed)
π οΈ repeat-string (removed)
π οΈ require-main-filename (removed)
π οΈ resolve-url (removed)
π οΈ ret (removed)
π οΈ safe-regex (removed)
π οΈ set-blocking (removed)
π οΈ set-value (removed)
π οΈ snapdragon (removed)
π οΈ snapdragon-node (removed)
π οΈ snapdragon-util (removed)
π οΈ source-map (removed)
π οΈ source-map-resolve (removed)
π οΈ source-map-url (removed)
π οΈ spdx-correct (removed)
π οΈ spdx-exceptions (removed)
π οΈ spdx-expression-parse (removed)
π οΈ spdx-license-ids (removed)
π οΈ split-string (removed)
π οΈ stack-trace (removed)
π οΈ static-extend (removed)
π οΈ stream-shift (removed)
π οΈ strip-bom (removed)
π οΈ sver-compat (removed)
π οΈ through2 (removed)
π οΈ through2-filter (removed)
π οΈ time-stamp (removed)
π οΈ to-absolute-glob (removed)
π οΈ to-object-path (removed)
π οΈ to-regex (removed)
π οΈ typedarray (removed)
π οΈ union-value (removed)
π οΈ unique-stream (removed)
π οΈ unset-value (removed)
π οΈ upath (removed)
π οΈ urix (removed)
π οΈ use (removed)
π οΈ validate-npm-package-license (removed)
π οΈ which-module (removed)
π οΈ xtend (removed)
π No CI detected
You don't seem to have any Continuous Integration service set up!
Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.
This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:
* Circle CI, Semaphore and Github Actions are all excellent options. * If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github. * If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you donβt want it to run on every branch, you can whitelist branches starting with `depfu/`.Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase
.
All Depfu comment commands
- @βdepfu rebase
- Rebases against your default branch and redoes this update
- @βdepfu recreate
- Recreates this PR, overwriting any edits that you've made to it
- @βdepfu merge
- Merges this PR once your tests are passing and conflicts are resolved
- @βdepfu cancel merge
- Cancels automatic merging of this PR
- @βdepfu close
- Closes this PR and deletes the branch
- @βdepfu reopen
- Restores the branch and reopens this PR (if it's closed)
- @βdepfu pause
- Ignores all future updates for this dependency and closes this PR
- @βdepfu pause [minor|major]
- Ignores all future minor/major updates for this dependency and closes this PR
- @βdepfu resume
- Future versions of this dependency will create PRs again (leaves this PR as is)