• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from yargs-parser's changelog.

15.0.0 (2019-10-07)

Features

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality (ef771ca)

BREAKING CHANGES

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality

14.0.0 (2019-09-06)

Bug Fixes

• boolean arrays with default values (#185) (7d42572)
• boolean now behaves the same as other array types (#184) (17ca3bd)
• eatNargs() for 'opt.narg === 0' and boolean typed options (#188) (c5a1db0)
• maybeCoerceNumber now takes precedence over coerce return value (#182) (2f26436)
• take into account aliases when appending arrays from config object (#199) (f8a2d3f)

Features

• add configuration option to "collect-unknown-options" (#181) (7909cc4)
• maybeCoerceNumber() now takes into account arrays (#187) (31c204b)

BREAKING CHANGES

• unless "parse-numbers" is set to "false", arrays of numeric strings are now parsed as numbers, rather than strings.
• we have dropped the broken "defaulted" functionality; we would like to revisit adding this in the future.
• maybeCoerceNumber now takes precedence over coerce return value (#182)

• See full diff in compare view

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 8647803 6.5.3
• 856fe4d signature: prevent malleability and overflows
• 6048941 6.5.2
• 9984964 package: bump dependencies
• ec735ed utils: leak less information in getNAF()
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 9a2e9b6 Mark version 6.4.1
• 90a9548 More rigorously check surrogate pairs in regexp validator
• df0cf1a Mark version 6.4.0
• 5303412 Also export Parser via Parser.acorn
• efe273e give token types and etc to plugins
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from webpack-cli's releases.

v5.0.1

5.0.1 (2022-12-05)

Bug Fixes

• make define-process-env-node-env alias node-env (#3514) (346a518)

v5.0.0

5.0.0 (2022-11-17)

Bug Fixes

• improve description of the --disable-interpret option (#3364) (bdb7e20)
• remove the redundant utils export (#3343) (a9ce5d0)
• respect NODE_PATH env variable (#3411) (83d1f58)
• show all CLI specific flags in the minimum help output (#3354) (35843e8)

Features

• failOnWarnings option (#3317) (c48c848)
• update commander to v9 (#3460) (6621c02)
• added the --define-process-env-node-env option
• update interpret to v3 and rechoir to v0.8
• add an option for preventing interpret (#3329) (c737383)

BREAKING CHANGES

• the minimum supported webpack version is v5.0.0 (#3342) (b1af0dc), closes #3342
• webpack-cli no longer supports webpack v4, the minimum supported version is webpack v5.0.0
• webpack-cli no longer supports webpack-dev-server v3, the minimum supported version is webpack-dev-server v4.0.0
• remove the migrate command (#3291) (56b43e4), closes #3291
• remove the --prefetch option in favor the PrefetchPlugin plugin
• remove the --node-env option in favor --define-process-env-node-env
• remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
• the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'

v4.10.0

4.10.0 (2022-06-13)

Bug Fixes

• changeTime is already in milliseconds (#3198) (d390d32)
• improve parsing of --env flag (#3286) (402c0fe)

Features

• added types (8ec1375)

v4.9.2

4.9.2 (2022-01-24)

... (truncated)

Sourced from webpack-cli's changelog.

5.0.1 (2022-12-05)

Bug Fixes

• make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

Bug Fixes

• improve description of the --disable-interpret option (#3364) (bdb7e20)
• remove the redundant utils export (#3343) (a9ce5d0)
• respect NODE_PATH env variable (#3411) (83d1f58)
• show all CLI specific flags in the minimum help output (#3354) (35843e8)

Features

• failOnWarnings option (#3317) (c48c848)
• update commander to v9 (#3460) (6621c02)
• added the --define-process-env-node-env option
• update interpret to v3 and rechoir to v0.8
• add an option for preventing interpret (#3329) (c737383)

BREAKING CHANGES

• the minimum supported webpack version is v5.0.0 (#3342) (b1af0dc), closes #3342
• webpack-cli no longer supports webpack v4, the minimum supported version is webpack v5.0.0
• webpack-cli no longer supports webpack-dev-server v3, the minimum supported version is webpack-dev-server v4.0.0
• remove the migrate command (#3291) (56b43e4), closes #3291
• remove the --prefetch option in favor the PrefetchPlugin plugin
• remove the --node-env option in favor --define-process-env-node-env
• remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
• the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'

4.10.0 (2022-06-13)

Bug Fixes

• changeTime is already in milliseconds (#3198) (d390d32)
• improve parsing of --env flag (#3286) (402c0fe)

Features

• added types (8ec1375)

4.9.2 (2022-01-24)

Bug Fixes

• respect negatedDescription for flags from schema (#3102) (463b731)

... (truncated)

• 4a0f893 chore(release): publish new version
• 9de982c chore: fix cspell
• 32d26c8 chore(deps-dev): bump cspell from 6.15.1 to 6.16.0 (#3517)
• 2788bf9 chore(deps-dev): bump eslint from 8.28.0 to 8.29.0 (#3516)
• ac88ee4 chore(deps-dev): bump lint-staged from 13.0.4 to 13.1.0 (#3515)
• 346a518 fix: make define-process-env-node-env alias node-env (#3514)
• 3ec7b16 chore(deps): bump yeoman-environment from 3.12.1 to 3.13.0 (#3508)
• c8adfa6 chore(deps-dev): bump @​types/node from 18.11.9 to 18.11.10 (#3513)
• 0ad8cc2 chore(deps-dev): bump cspell from 6.15.0 to 6.15.1 (#3512)
• d30f261 chore(deps-dev): bump ts-loader from 9.4.1 to 9.4.2 (#3511)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from terser's changelog.

v5.14.2

• Security fix for RegExps that should not be evaluated (regexp DDOS)
• Source maps improvements (#1211)
• Performance improvements in long property access evaluation (#1213)

v5.14.1

• keep_numbers option added to TypeScript defs (#1208)
• Fixed parsing of nested template strings (#1204)

v5.14.0

• Switched to @​jridgewell/source-map for sourcemap generation (#1190, #1181)
• Fixed source maps with non-terminated segments (#1106)
• Enabled typescript types to be imported from the package (#1194)
• Extra DOM props have been added (#1191)
• Delete the AST while generating code, as a means to save RAM

v5.13.1

• Removed self-assignments (varname=varname) (closes #1081)
• Separated inlining code (for inlining things into references, or removing IIFEs)
• Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#1176)

v5.13.0

• All calls to eval() were removed (#1171, #1184)
• source-map was updated to 0.8.0-beta.0 (#1164)
• NavigatorUAData was added to domprops to avoid property mangling (#1166)

v5.12.1

• Fixed an issue with function definitions inside blocks (#1155)
• Fixed parens of new in some situations (closes #1159)

v5.12.0

• TERSER_DEBUG_DIR environment variable
• @​copyright comments are now preserved with the comments="some" option (#1153)

v5.11.0

• Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#1147)
• acorn is now a regular dependency

v5.10.0

• Massive optimization to max_line_len (#1109)
• Basic support for import assertions
• Marked ES2022 Object.hasOwn as a pure function
• Fix delete optional?.property
• New CI/CD pipeline with github actions (#1057)

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from browserslist's changelog.

4.16.6

• Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).

4.16.5

• Fixed unsafe RegExp (by Yeting Li).

4.16.4

• Fixed unsafe RegExp.
• Added artifactory support to --update-db (by Ittai Baratz).

4.16.3

• Fixed --update-db.

4.16.2

• Fixed --update-db (by @​ialarmedalien).

• 6fe3614 Release 4.16.6 version
• 33ebac9 Update dependencies
• 2128170 Add support for npm-shrinkwrap files alongside package-lock (#595)
• 7cc2aed Release 4.16.5 version
• 27e4afd Update dependencies
• 1013a18 Fix version RegExp
• b879a1a Use Node.js 16 on CI
• bd1e9e0 Fix ReDoS (#593)
• 209adf9 Release 4.16.4 version
• 3e2ae3b Fix types
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.