Sourced from loader-utils's releases.

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Sourced from loader-utils's changelog.

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from @​xmldom/xmldom's releases.

0.7.6

Commits

Fixed

• Avoid iterating over prototype properties [#441](https://github.com/xmldom/xmldom/issues/441) / [#437](https://github.com/xmldom/xmldom/issues/437) / [#436](https://github.com/xmldom/xmldom/issues/436)

Thank you, @​jftanner, @​Supraja9726 for your contributions

Sourced from @​xmldom/xmldom's changelog.

0.7.6

Fixed

• Avoid iterating over prototype properties [#441](https://github.com/xmldom/xmldom/issues/441) / [#437](https://github.com/xmldom/xmldom/issues/437) / [#436](https://github.com/xmldom/xmldom/issues/436)

Thank you, @​jftanner, @​Supraja9726 for your contributions

0.8.3

Fixed

• Avoid iterating over prototype properties [#437](https://github.com/xmldom/xmldom/issues/437) / [#436](https://github.com/xmldom/xmldom/issues/436)

Thank you, @​Supraja9726 for your contributions

0.9.0-beta.2

Fixed

• Avoid iterating over prototype properties [#437](https://github.com/xmldom/xmldom/issues/437) / [#436](https://github.com/xmldom/xmldom/issues/436)

Thank you, @​Supraja9726 for your contributions

0.8.3

Fixed

• Avoid iterating over prototype properties [#437](https://github.com/xmldom/xmldom/issues/437) / [#436](https://github.com/xmldom/xmldom/issues/436)

Thank you, @​Supraja9726 for your contributions

0.9.0-beta.1

Fixed

Only use HTML rules if mimeType matches [#338](https://github.com/xmldom/xmldom/issues/338), fixes [#203](https://github.com/xmldom/xmldom/issues/203)

In the living specs for parsing XML and HTML, that this library is trying to implement, there is a distinction between the different types of documents being parsed: There are quite some rules that are different for parsing, constructing and serializing XML vs HTML documents.

So far xmldom was always "detecting" whether "the HTML rules should be applied" by looking at the current namespace. So from the first time an the HTML default namespace (http://www.w3.org/1999/xhtml) was found, every node was treated as being part of an HTML document. This misconception is the root cause for quite some reported bugs.

BREAKING CHANGE: HTML rules are no longer applied just because of the namespace, but require the mimeType argument passed to DOMParser.parseFromString(source, mimeType) to match 'text/html'. Doing so implies all rules for handling casing for tag and attribute names when parsing, creation of nodes and searching nodes.

BREAKING CHANGE: Correct the return type of DOMParser.parseFromString to Document | undefined. In case of parsing errors it was always possible that "the returned Document" has not been created. In case you are using Typescript you now need to handle those cases.

BREAKING CHANGE: The instance property DOMParser.options is no longer available, instead use the individual readonly property per option (assign, domHandler, errorHandler, normalizeLineEndings, locator, xmlns). Those also provides the default value if the option was not passed. The 'locator' option is now just a boolean (default remains true).

BREAKING CHANGE: The following methods no longer allow a (non spec compliant) boolean argument to toggle "HTML rules":

• XMLSerializer.serializeToString
• Node.toString

... (truncated)

• 3ca016d 0.7.6
• b28e631 docs: Prepare CHANGELOG for 0.7.6
• 1f20aee fix: Backport PR-437 to 0.7.x branch
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from @​xmldom/xmldom's releases.

0.7.8

Commits

Fixed

• fix: Restore ES5 compatibility [#452](https://github.com/xmldom/xmldom/issues/452) / [#453](https://github.com/xmldom/xmldom/issues/453)

Thank you, @​fengxinming, for your contributions

0.7.7

Commits

Fixed

• Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353 In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly. In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead. This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior. Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity

Thank you, @​frumioj, @​cjbarth, @​markgollnick for your contributions

0.7.6

Commits

Fixed

• Avoid iterating over prototype properties [#441](https://github.com/xmldom/xmldom/issues/441) / [#437](https://github.com/xmldom/xmldom/issues/437) / [#436](https://github.com/xmldom/xmldom/issues/436)

Thank you, @​jftanner, @​Supraja9726 for your contributions

Sourced from @​xmldom/xmldom's changelog.

0.7.8

Fixed

• fix: Restore ES5 compatibility [#452](https://github.com/xmldom/xmldom/issues/452) / [#453](https://github.com/xmldom/xmldom/issues/453)

Thank you, @​fengxinming, for your contributions

0.9.0-beta.4

Fixed

• Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353 In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly. In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead. This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior. Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity

Chore

• update multiple devDependencies
• Add eslint-plugin-node for lib [#448](https://github.com/xmldom/xmldom/issues/448) / [#190](https://github.com/xmldom/xmldom/issues/190)
• style: Apply prettier to all code [#447](https://github.com/xmldom/xmldom/issues/447) / [#29](https://github.com/xmldom/xmldom/issues/29) / [#130](https://github.com/xmldom/xmldom/issues/130)

Thank you, @​XhmikosR, @​awwright, @​frumioj, @​cjbarth, @​markgollnick for your contributions

0.8.4

Fixed

• Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353 In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly. In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead. This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior. Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity

Thank you, @​frumioj, @​cjbarth, @​markgollnick for your contributions

0.7.7

Fixed

• Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353 In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly. In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead. This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior. Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity

... (truncated)

• 0d6e3a1 0.7.8
• 74e25a6 fix: Restore ES5 compatibility (#452)
• fe5b043 0.7.7
• 8a3173d docs: Prepare CHANGELOG for 0.7.7
• c02f786 Merge pull request from GHSA-crh6-fp67-6883
• 3ca016d 0.7.6
• b28e631 docs: Prepare CHANGELOG for 0.7.6
• 1f20aee fix: Backport PR-437 to 0.7.x branch
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from react-native-reanimated's releases.

2.10.0

🚀 Main changes

• Added useAnimatedKeyboard() hook
• Added useFrameCallback() hook
• Added support for React Native 0.70
• Added support for react-native-v8 (building from source only)
• Detect multiple versions of Reanimated.
• And many different fixes.

Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2889631689

Full Changelog: https://github.com/software-mansion/react-native-reanimated/compare/2.9.1...2.10.0

2.9.1

What's Changed

• Fix issue with duplicated libfolly_runtime.so - software-mansion/react-native-reanimated#3342

Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2595830511

🙌 Thank you for your contributions!

2.9.0

What's Changed

• Support for [email protected]
• Treeshaking - software-mansion/react-native-reanimated#3278
• Some fixes and improvements

Package contains binaries for react-native in version from 0.65 to 0.69

Build: https://github.com/software-mansion/react-native-reanimated/actions/runs/2590392729

🙌 Thank you for your contributions!

2.8.0

What's Changed

• Load RNGestureHandlerModule lazily on iOS by @​j-piasecki in software-mansion/react-native-reanimated#3166
• fix: Fix useAnimatedSensor return type by @​mrousavy in software-mansion/react-native-reanimated#3094
• Add opts for relative source location by @​jiulongw in software-mansion/react-native-reanimated#3141
• Fix JSCRuntime destroyed with a dangling API object by @​lukmccall in software-mansion/react-native-reanimated#3185

New Contributors

@​dylmye @​jiulongw @​lukmccall

Full Changelog: https://github.com/software-mansion/react-native-reanimated/compare/2.7.0...2.8.0

🙌 Thank you for your contributions!

2.7.0

What's Changed

• Remove opacity from native props list by @​tomekzaw in software-mansion/react-native-reanimated#3139

... (truncated)

• 1b61196 Release 2.10.0 (#3475)
• d3395e0 Revert "Exclude META-INF"
• c25c71f Exclude META-INF
• af31d7a Update Types
• 128f9c3 Patch 70
• 051e8e2 Set the newest RN version
• 3eca471 2.10.0
• 6668dd1 Update plugin error message (#3437)
• d42b63c Update NativeProxy.cpp (#3469)
• 98c628a Bumped gesture-handler and screens dependencies (#3468)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.