Sourced from file-type's releases.

v17.1.3

• Fix: Malformed MKV could cause an infinite loop 2c4d120
  • CVE-2022-36313
  • Also backported to 16.5.4

https://github.com/sindresorhus/file-type/compare/v17.1.2...v17.1.3

• 41d13a3 17.1.3
• 2c4d120 Fix: Malformed MKV could cause an infinite loop
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

v8.31.0

Compare Source

Features

• 52c7c73 feat: check assignment patterns in no-underscore-dangle (#​16693) (Milos Djermanovic)
• b401cde feat: add options to check destructuring in no-underscore-dangle (#​16006) (Morten Kaltoft)
• 30d0daf feat: group properties with values in parentheses in key-spacing (#​16677) (Francesco Trotta)

Bug Fixes

• 35439f1 fix: correct syntax error in prefer-arrow-callback autofix (#​16722) (Francesco Trotta)
• 87b2470 fix: new instance of FlatESLint should load latest config file version (#​16608) (Milos Djermanovic)

Documentation

• 4339dc4 docs: Update README (GitHub Actions Bot)
• 4e4049c docs: optimize code block structure (#​16669) (Sam Chen)
• 54a7ade docs: do not escape code blocks of formatters examples (#​16719) (Sam Chen)
• e5ecfef docs: Add function call example for no-undefined (#​16712) (Elliot Huffman)
• a3262f0 docs: Add mastodon link (#​16638) (Amaresh S M)
• a14ccf9 docs: clarify files property (#​16709) (Sam Chen)
• 3b29eb1 docs: fix npm link (#​16710) (Abdullah Osama)
• a638673 docs: fix search bar focus on Esc (#​16700) (Shanmughapriyan S)
• f62b722 docs: country flag missing in windows (#​16698) (Shanmughapriyan S)
• 4d27ec6 docs: display zh-hans in the docs language switcher (#​16686) (Percy Ma)
• 8bda20e docs: remove manually maintained anchors (#​16685) (Percy Ma)
• b68440f docs: User Guide Getting Started expansion (#​16596) (Ben Perlmutter)

Chores

• 65d4e24 chore: Upgrade @​eslint/eslintrc@​1.4.1 (#​16729) (Brandon Mills)
• 8d93081 chore: fix CI failure (#​16721) (Sam Chen)
• 8f17247 chore: Set up automatic updating of README (#​16717) (Nicholas C. Zakas)
• 4cd87cb ci: bump actions/stale from 6 to 7 (#​16713) (dependabot[bot])
• fd20c75 chore: sort package.json scripts in alphabetical order (#​16705) (Darius Dzien)
• 10a5c78 chore: update ignore patterns in eslint.config.js (#​16678) (Milos Djermanovic)

v8.30.0

Compare Source

Features

• 075ef2c feat: add suggestion for no-return-await (#​16637) (Daniel Bartholomae)
• 7190d98 feat: update globals (#​16654) (Sébastien Règne)

Bug Fixes

• 1a327aa fix: Ensure flat config unignores work consistently like eslintrc (#​16579) (Nicholas C. Zakas)
• 9b8bb72 fix: autofix recursive functions in no-var (#​16611) (Milos Djermanovic)

Documentation

• 6a8cd94 docs: Clarify Discord info in issue template config (#​16663) (Nicholas C. Zakas)
• ad44344 docs: CLI documentation standardization (#​16563) (Ben Perlmutter)
• 293573e docs: fix broken line numbers (#​16606) (Sam Chen)
• fa2c64b docs: use relative links for internal links (#​16631) (Percy Ma)
• 75276c9 docs: reorder options in no-unused-vars (#​16625) (Milos Djermanovic)
• 7276fe5 docs: Fix anchor in URL (#​16628) (Karl Horky)
• 6bef135 docs: don't apply layouts to html formatter example (#​16591) (Tanuj Kanti)
• dfc7ec1 docs: Formatters page updates (#​16566) (Ben Perlmutter)
• 8ba124c docs: update the prefer-const example (#​16607) (Pavel)
• e6cb05a docs: fix css leaking (#​16603) (Sam Chen)

Chores

• f2c4737 chore: upgrade @​eslint/eslintrc@​1.4.0 (#​16675) (Milos Djermanovic)
• ba74253 chore: standardize npm script names per #​14827 (#​16315) (Patrick McElhaney)
• 0d9af4c ci: fix npm v9 problem with file: (#​16664) (Milos Djermanovic)
• 90c9219 refactor: migrate off deprecated function-style rules in all tests (#​16618) (Bryan Mishkin)

v19.3.0: 2022-12-14, Version 19.3.0 (Current), @​targos

Compare Source

Notable Changes

Updated npm to 9.2.0

Based on the list of guidelines we've established on integrating npm and node, here is a grouped list of the breaking changes with the reasoning as to why they fit within the guidelines linked above. Note that all the breaking changes were made in 9.0.0. All subsequent minor and patch releases after [email protected] do not contain any breaking changes.

Engines

Explanation: the node engines supported by npm@9 make it safe to allow npm@9 as the default in any LTS version of 14 or 16, as well as anything later than or including 18.0.0

• npm is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Filesystem

Explanation: when run as root previous versions of npm attempted to manage file ownership automatically on the user's behalf. this behavior was problematic in many cases and has been removed in favor of allowing users to manage their own filesystem permissions

• npm will no longer attempt to modify ownership of files it creates.

Auth

Explanation: any errors thrown from users having unsupported auth configurations will show npm config fix in the remediation instructions, which will allow the user to automatically have their auth config fixed.

• The presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors.

Login

Explanation: the default auth-type has changed and users can opt back into the old behavior with npm config set auth-type=legacy. login and adduser have also been seperated making each command more closely match it's name instead of being aliases for each other.

• Legacy auth types sso, saml & legacy have been consolidated into "legacy".
• auth-type defaults to "web"
• login and adduser are now separate commands that send different data to the registry.
• auth-type config values web and legacy only try their respective methods, npm no longer tries them all and waits to see which one doesn't fail.

Tarball Packing

Explanation: previously using multiple ignore/allow lists when packing was an undefined behavior, and now the order of operations is strictly defined when packing a tarball making it easier to follow and should only affect users relying on the previously undefined behavior.

• npm pack now follows a strict order of operations when applying ignore rules. If a files array is present in the package.json, then rules in .gitignore and .npmignore files from the root will be ignored.

Display/Debug/Timing Info

Explanation: these changes center around the display of information to the terminal including timing and debug log info. We do not anticipate these changes breaking any existing workflows.

• Links generated from git urls will now use HEAD instead of master as the default ref.
• timing has been removed as a value for --loglevel.
• --timing will show timing information regardless of --loglevel, except when --silent.
• When run with the --timing flag, npm now writes timing data to a file alongside the debug log data, respecting the logs-dir option and falling back to <CACHE>/_logs/ dir, instead of directly inside the cache directory.
• The timing file data is no longer newline delimited JSON, and instead each run will create a uniquely named <ID>-timing.json file, with the <ID> portion being the same as the debug log.
• npm now outputs some json errors on stdout. Previously npm would output all json formatted errors on stderr, making it difficult to parse as the stderr stream usually has logs already written to it.

Config/Command Deprecations or Removals

Explanation: install-links is the only config or command in the list that has an effect on package installs. We fixed a number of issues that came up during prereleases with this change. It will also only be applied to new package trees created without a package-lock.json file. Any install with an existing lock file will not be changed.

• Deprecate boolean install flags in favor of --install-strategy.
• npm config set will no longer accept deprecated or invalid config options.
• install-links config defaults to "true".
• node-version config has been removed.
• npm-version config has been removed.
• npm access subcommands have been renamed.
• npm birthday has been removed.
• npm set-script has been removed.
• npm bin has been removed (use npx or npm exec to execute binaries).

Other notable changes

• [03db415540] - build: disable v8 snapshot compression by default (Joyee Cheung) #​45716
• [9f51b9e50d] - doc: add doc-only deprecation for headers/trailers setters (Rich Trott) #​45697
• [b010820c4e] - doc: add Rafael Gonzaga to the TSC (Michael Dawson) #​45691
• [b8b13dccd9] - (SEMVER-MINOR) net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) #​44731
• [5d7cd363ab] - (SEMVER-MINOR) src: add uvwasi version (Jithil P Ponnan) #​45639
• [4165dcddf0] - (SEMVER-MINOR) test_runner: add t.after() hook (Colin Ihrig) #​45792
• [d1bd7796ad] - (SEMVER-MINOR) test_runner: don't use a symbol for runHook() (Colin Ihrig) #​45792
• [691f58e76c] - tls: remove trustcor root ca certificates (Ben Noordhuis) #​45776

Commits

• [382efdf460] - benchmark: add variety of inputs to text-encoder (Yagiz Nizipli) #​45787
• [102c2dc071] - benchmark: make benchmarks runnable in older versions of Node.js (Joyee Cheung) #​45746
• [e2caf7ced9] - bootstrap: lazy load non-essential modules (Joyee Cheung) #​45659
• [49840d443c] - buffer: remove unnecessary lazy loading (Antoine du Hamel) #​45807
• [17847683dc] - buffer: make decodeUTF8 params loose (Yagiz Nizipli) #​45610
• [03db415540] - build: disable v8 snapshot compression by default (Joyee Cheung) #​45716
• [95a23e24f3] - build: add python 3.11 support for android (Mohammed Keyvanzadeh) #​45765
• [09bc89daba] - build: rework gyp files for zlib (Richard Lau) #​45589
• [b5b56b6b45] - crypto: simplify lazy loading of internal modules (Antoine du Hamel) #​45809
• [2e4d37e3f0] - crypto: fix CipherBase Update int32 overflow (Marco Ippolito) #​45769
• [573eab9235] - crypto: refactor ArrayBuffer to bigint conversion utils (Antoine du Hamel) #​45567
• [845f805490] - crypto: refactor verify acceptable key usage functions (Filip Skokan) #​45569
• [7cc9998737] - crypto: fix ECDH webcrypto public CryptoKey usages (Filip Skokan) #​45569
• [d030963f37] - crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair (Filip Skokan) #​45569
• [9cd106efdc] - crypto: use DataError for CFRG webcrypto raw and jwk import key checks (Filip Skokan) #​45569
• [9e2e3de6ce] - crypto: use DataError for webcrypto keyData import failures (Filip Skokan) #​45569
• [40037b4e79] - crypto: fix X25519 and X448 webcrypto public CryptoKey usages (Filip Skokan) #​45569
• [de2b6b97b9] - crypto: ensure "x" is present when importing private CFRG webcrypto keys (Filip Skokan) #​45569
• [75dbce9a07] - deps: upgrade npm to 9.2.0 (npm team) #​45780
• [677eb62bf2] - deps: upgrade npm to 9.1.3 (npm team) #​45693
• [1d823a6d30] - Revert "deps: fix zlib compilation for CPUs without SIMD features" (Luigi Pinca) #​45589
• [6b15994597] - deps: update undici to 5.13.0 (Node.js GitHub Bot) #​45634
• [fbd2d27789] - deps: update corepack to 0.15.2 (Node.js GitHub Bot) #​45635
• [60c9ac5178] - deps: update nghttp2 to 1.51.0 (Yagiz Nizipli) #​45537
• [c8421204b0] - deps: patch V8 to 10.8.168.21 (Michaël Zasso) #​45749
• [c5277417c9] - diagnostics_channel: fix diagnostics channel memory leak (theanarkh) #​45633
• [8a90f5c784] - doc: buffer.fill empty value (Marco Ippolito) #​45794
• [9d6af617ea] - doc: add args of filter option of fs.cp (MURAKAMI Masahiko) #​45739
• [8c728d2f02] - doc: disambiguate native module to addon (Daeyeon Jeong) #​45673
• [7718ff82a4] - doc: using console.error for error cases in crypto and events (emirgoren) #​45640
• [029060e6e4] - doc: fix actual result of example is different in events (Deokjin Kim) #​45656
• [9f51b9e50d] - doc: add doc-only deprecation for headers/trailers setters (Rich Trott) #​45697
• [801fe30488] - doc: add detail on how api docs are published (Michael Dawson) #​45626
• [e124e2a6ee] - doc: use console.error for error case in child_process and dgram (Deokjin Kim) #​45690
• [1b920287b6] - doc: move streaming instruc to doc/contributing (Michael Dawson) #​45582
• [b010820c4e] - doc: add Rafael to the tsc (Michael Dawson) #​45691
• [4fb7cf88e2] - doc: add missing line in debugger (Deokjin Kim) #​45632
• [c0df265fea] - doc: fix actual result of example is different in stream (Deokjin Kim) #​45619
• [027e738064] - doc: add options parameter to eventTarget.removeEventListener (Deokjin Kim) #​45667
• [23ff5057b2] - doc: define "react-native" community condition (Alex Hunt) #​45367
• [2e767bf18b] - doc: move os.machine() docs to sorted position (Colin Ihrig) #​45647
• [aabfdef861] - doc: use console.error for error case in fs, https, net and process (Deokjin Kim) #​45606
• [3a02d50d35] - doc: add link to doc with social processes (Michael Dawson) #​45584
• [e4316124fa] - fs: fix nonNativeWatcher watching folder with existing files (Moshe Atlow) #​45500
• [d272faa54d] - fs: fix nonNativeWatcher leak of StatWatchers (Moshe Atlow) #​45501
• [d64e773168] - http: make OutgoingMessage more streamlike (Robert Nagy) #​45672
• [ed8ae88f30] - lib: remove unnecessary lazy loading in internal/encoding (Antoine du Hamel) #​45810
• [302c5240c5] - lib: allow Writeable.toWeb() to work on http.Outgoing message (Debadree Chatterjee) #​45642
• [e8745083b9] - lib: check number of arguments in EventTarget's function (Deokjin Kim) #​45668
• [9f7bb5ce0e] - lib: disambiguate native module to binding (Daeyeon Jeong) #​45673
• [353339a552] - lib: disambiguate native module to builtin module (Daeyeon Jeong) #​45673
• [99410efd19] - lib: added SuiteContext class (Debadree Chatterjee) #​45687
• [a79f37a0a7] - lib: add missing type of removeEventListener in question (Deokjin Kim) #​45676
• [e0750467e8] - meta: update AUTHORS (Node.js GitHub Bot) #​45814
• [376f3468b9] - meta: update AUTHORS (Node.js GitHub Bot) #​45732
• [a6e2cf2d6f] - meta: add .mailmap entry for Stefan Stojanovic (Rich Trott) #​45703
• [eb9a383d2a] - meta: update AUTHORS info for nstepien (Nicolas Stepien) #​45692
• [049ef342c6] - meta: update AUTHORS (Node.js GitHub Bot) #​45637
• [b9c2fc7623] - net: check autoSelectFamilyAttemptTimeout is positive (Deokjin Kim) #​45740
• [b8b13dccd9] - (SEMVER-MINOR) net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna) #​44731
• [6962ef0df1] - readline: improve robustness against prototype mutation (Antoine du Hamel) #​45614
• [7892e23e68] - repl: do not define wasi on global with no flag (Kohei Ueno) #​45595
• [349b4f8817] - src: add internal isArrayBufferDetached (Yagiz Nizipli) #​45568
• [5d7cd363ab] - (SEMVER-MINOR) src: add uvwasi version (Jithil P Ponnan) #​45639
• [8a03684018] - src: simplify NodeBIO::GetMethod initialization (Anna Henningsen) #​45799
• [b35ebebc0e] - src: make structuredClone work for process.env (Ben Noordhuis) #​45698
• [81ab54035f] - src: mark generated snapshot_data as const (Anna Henningsen) #​45786
• [79edf257bb] - src: cleanup on disambiguating native modules (Michael Dawson) #​45665
• [c9cba2e873] - src: use enum class instead of enum in node_i18n (Deokjin Kim) #​45646
• [818028caba] - src: rename internal module declaration as internal bindings (Chengzhong Wu) #​45551
• [2fbe2f9f0a] - src,lib: group properties used as constants from util binding (Daeyeon Jeong) #​45539
• [56eee72abb] - stream: use structuredClone instead of v8 (Yagiz Nizipli) #​45611
• [b297dd5393] - test: remove flaky parallel/test-process-wrap test (Ben Noordhuis) #​45806
• [924f6ab3a1] - test: order list alphabetically in test-bootstrap-modules (Antoine du Hamel) #​45808
• [5c4475dab9] - test: fix invalid output TAP if there newline in test name (Pulkit Gupta) #​45742
• [4c51c5c97a] - test: fix -Wunused-variable on report-fatalerror (Santiago Gimeno) #​45747
• [764725040c] - test: fix test-watch-mode (Stefan Stojanovic) #​45585
• [cd36250fcb] - test: fix test-watch-mode-inspect (Stefan Stojanovic) #​45586
• [b55bd6e8c1] - test: fix typos in test/parallel (Deokjin Kim) #​45583
• [358e2fe217] - test,crypto: update WebCryptoAPI WPT (Filip Skokan) #​45569
• [424419c2b4] - test_runner: refactor tap_lexer to use more primordials (Antoine du Hamel) #​45744
• [ffc0f3d7be] - test_runner: refactor tap_parser to use more primordials (Antoine du Hamel) #​45745
• [4165dcddf0] - (SEMVER-MINOR) test_runner: add t.after() hook (Colin Ihrig) #​45792
• [d1bd7796ad] - (SEMVER-MINOR) test_runner: don't use a symbol for runHook() (Colin Ihrig) #​45792
• [6bc7b7e6f4] - test_runner: add resetCalls to MockFunctionContext (MURAKAMI Masahiko) #​45710
• [3e485365ec] - test_runner: don't parse TAP from stderr (Colin Ihrig) #​45618
• [efc44567c9] - test_runner: add getter and setter to MockTracker (MURAKAMI Masahiko) #​45506
• [c9cbd1d396] - test_runner: remove stdout and stderr from error (Colin Ihrig) #​45592
• [691f58e76c] - tls: remove trustcor root ca certificates (Ben Noordhuis) #​45776
• [d384b73f76] - tools: update lint-md-dependencies (Node.js GitHub Bot) #​45730
• [324ae3d5dd] - tools: add GitHub token permissions to label flaky-test issues (Gabriela Gutierrez) #​45308
• [418ae9be56] - tools: remove dependency vulnerability checker (Facundo Tuesca) #​45675
• [238fc64c38] - tools: update lint-md-dependencies to [email protected] (Node.js GitHub Bot) #​45638
• [1b98f17876] - tools: update doc to [email protected] (Node.js GitHub Bot) #​45636
• [470384e7be] - util: use private symbols in JS land directly (Joyee Cheung) #​45379
• [cee6f382d8] - watch: add CLI flag to preserve output (Debadree Chatterjee) #​45717

v2.8.1

Compare Source

diff

Fix SCSS map in arguments (#​9184 by @​agamkrbit)

// Input
$display-breakpoints: map-deep-merge(
  (
    "print-only": "only print",
    "screen-only": "only screen",
    "xs-only": "only screen and (max-width: #{map-get($grid-breakpoints, "sm")-1})",
  ),
  $display-breakpoints
);

// Prettier 2.8.0
$display-breakpoints: map-deep-merge(
  (
    "print-only": "only print",
    "screen-only": "only screen",
    "xs-only": "only screen and (max-width: #{map-get($grid-breakpoints, " sm
      ")-1})",
  ),
  $display-breakpoints
);

// Prettier 2.8.1
$display-breakpoints: map-deep-merge(
  (
    "print-only": "only print",
    "screen-only": "only screen",
    "xs-only": "only screen and (max-width: #{map-get($grid-breakpoints, "sm")-1})",
  ),
  $display-breakpoints
);

Support auto accessors syntax (#​13919 by @​sosukesuzuki)

Support for Auto Accessors Syntax landed in TypeScript 4.9.

(Doesn't work well with babel-ts parser)

class Foo {
  accessor foo: number = 3;
}

.github/workflows/codeql.yml

• actions/checkout v3
• github/codeql-action v2
• github/codeql-action v2
• github/codeql-action v2

.github/workflows/eslint.yml

• actions/checkout v3

.github/workflows/node.js.yml

• actions/checkout v3
• actions/setup-node v3

package.json

• discord.js ^14.5.0
• dotenv ^16.0.3
• mongoose ^6.6.2
• pino ^8.6.1
• pino-pretty ^9.1.0
• undici ^5.10.0
• eslint 8.31.0
• husky 8.0.2
• lint-staged 13.1.0
• node 19.3.0
• prettier 2.8.1