• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to url.href (#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• ad44493 [dist] 1.5.3
• c798461 [fix] Fix host parsing for file URLs (#210)
• 201034b [dist] 1.5.2
• 2d9ac2c [fix] Sanitize only special URLs (#209)
• fb128af [fix] Use 'null' as origin for non special URLs
• fed6d9e [fix] Add a leading slash only if the URL is special
• 94872e7 [fix] Do not incorrectly set the slashes property to true
• 81ab967 [fix] Ignore slashes after the protocol for special URLs
• ee22050 [ci] Use GitHub Actions
• d2979b5 [fix] Special case the file: protocol (#204)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from prismjs's releases.

v1.25.0

Release 1.25.0

v1.24.1

Release 1.24.1

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

Sourced from prismjs's changelog.

1.25.0 (2021-09-16)

New components

• AviSynth (#3071) 746a4b1a
• Avro IDL (#3051) 87e5a376
• Bicep (#3027) c1dce998
• GAP (CAS) (#3054) 23cd9b65
• GN (#3062) 4f97b82b
• Hoon (#2978) ea776756
• Kusto (#3068) e008ea05
• Magma (CAS) (#3055) a1b67ce3
• MAXScript (#3060) 4fbdd2f8
• Mermaid (#3050) 148c1eca
• Razor C# (#3064) 4433ccfc
• Systemd configuration file (#3053) 8df825e0
• Wren (#3063) 6a356d25

Updated components

• Bicep
  • Added support for multiline and interpolated strings and other improvements (#3028) 748bb9ac
• C#
  • Added with keyword & improved record support (#2993) fdd291c0
  • Added record, init, and nullable keyword (#2991) 9b561565
  • Added context check for from keyword (#2970) 158f25d4
• C++
  • Fixed generic function false positive (#3043) 5de8947f
• Clojure
  • Improved tokenization (#3056) 8d0b74b5
• Hoon
  • Fixed mixed-case aura tokenization (#3002) 9c8911bd
• Liquid
  • Added all objects from Shopify reference (#2998) 693b7433
  • Added empty keyword (#2997) fe3bc526
• Log file
  • Added support for Java stack traces (#3003) b0365e70
• Markup
  • Made most patterns greedy (#3065) 52e8cee9
  • Fixed ReDoS (#3078) 0ff371bb
• PureScript
  • Made ∀ a keyword (alias for forall) (#3005) b38fc89a
  • Improved Haskell and PureScript (#3020) 679539ec
• Python
  • Support for underscores in numbers (#3039) 6f5d68f7
• Sass
  • Fixed issues with CSS Extras (#2994) 14fdfe32
• Shell session
  • Fixed command false positives (#3048) 35b88fcf
  • Added support for the percent sign as shell symbol (#3010) 4492b62b

... (truncated)

• 99d94fa 1.25.0
• 6d8e547 Updated changelog (#3083)
• e008ea0 Added support for Kusto (#3068)
• 4433ccf Added support for ASP.NET Razor (#3064)
• 6a356d2 Added support for Wren (#3063)
• 4fbdd2f Added support for MAXScript (#3060)
• 746a4b1 Added AviSynth language definition (#3071)
• ffb2043 Twilight theme: Increase selector specificities of plugin overrides (#3081)
• 52e8cee Markup: Made most patterns greedy (#3065)
• c7b6a7f Previewers: Ensure popup is visible across themes (#3080)
• Additional commits viewable in compare view

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• bd4691c 6.1.5
• d694c4f ci: test on node 16
• 84acbd3 fix(unpack): fix hang on large file on open() fail
• 97c46fc fix(unpack): always resume parsing after an entry error
• 488ab8c chore: WriteEntry cleaner write() handling
• be89aaf WriteEntry backpressure
• ba73f5e chore: track fs state on WriteEntry class, not in arguments
• bf69383 6.1.4
• 06cbde5 Avoid an unlikely but theoretically possible redos
• 0b78386 6.1.3
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 843c897 4.4.15
• 46fe350 Remove paths from dirCache when no longer dirs
• df3aa4d 4.4.14
• 6d28013 add publishConfig tag
• efc6bb0 fix: strip absolute paths more comprehensively
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from prismjs's releases.

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

Sourced from prismjs's changelog.

1.24.0 (2021-06-27)

New components

• CFScript (#2771) b0a6ec85
• ChaiScript (#2706) 3f7d7453
• COBOL (#2800) 7e5f78ff
• Coq (#2803) 41e25d3c
• CSV (#2794) f9b69528
• DOT (Graphviz) (#2690) 1f91868e
• False (#2802) 99a21dc5
• ICU Message Format (#2745) bf4e7ba9
• Idris (#2755) e9314415
• Jexl (#2764) 7e51b99c
• KuMir (КуМир) (#2760) 3419fb77
• Log file (#2796) 2bc6475b
• Nevod (#2798) f84c49c5
• OpenQasm (#2797) 1a2347a3
• PATROL Scripting Language (#2739) 18c67b49
• Q# (#2804) 1b63cd01
• Rego (#2624) e38986f9
• Squirrel (#2721) fd1081d2
• URI (#2708) bbc77d19
• V (#2687) 72962701
• Wolfram language & Mathematica & Mathematica Notebook (#2921) c4f6b2cc

Updated components

• Fixed problems reported by regexp/no-dupe-disjunctions (#2952) f471d2d7
• Fixed some cases of quadratic worst-case runtime (#2922) 79d22182
• Fixed 2 cases of exponential backtracking (#2774) d85e30da
• AQL
  • Update for ArangoDB 3.8 (#2842) ea82478d
• AutoHotkey
  • Improved tag pattern (#2920) fc2a3334
• Bash
  • Accept hyphens in function names (#2832) e4ad22ad
  • Fixed single-quoted strings (#2792) e5cfdb4a
• C++
  • Added support for generic functions and made :: punctuation (#2814) 3df62fd0
  • Added missing keywords and modules (#2763) 88fa72cf
• Dart
  • Improved support for classes & generics (#2810) d0bcd074
• Docker
  • Improvements (#2720) 93dd83c2
• Elixir
  • Added missing keywords (#2958) 114e4626
  • Added missing keyword and other improvements (#2773) e6c0d298
  • Added defdelagate keyword and highlighting for function/module names (#2709) 59f725d7
• F#

... (truncated)

• 3432b4b 1.24.0
• 46d0720 Updated .npmignore (#2971)
• aef7f08 Changelog for v1.24.0 (#2965)
• e9477d8 Markdown: Improved code snippets (#2967)
• 4b55bd6 Made Match Braces and Custom Class compatible (#2947)
• e8d3b50 ESLint: Added regexp/strict rule (#2944)
• bfd7fde GraphQL: Fixed definition-query and definition-mutation tokens (#2964)
• 14e3868 Fixed reST test
• a7656de reST: Fixed inline pattern (#2946)
• b4ac061 ESLint: Use cache (#2959)
• Additional commits viewable in compare view

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• eb6d9f5 [dist] 1.5.1
• 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
• 3ac7774 [test] Make test consistent for browser testing
• 267a0c6 [dist] 1.5.0
• d1e7e88 [security] More backslash fixes (#197)
• d99bf4c [ignore] Remove npm-debug.log from .gitignore
• 422c8b5 [pkg] Replace nyc with c8
• 933809d [pkg] Move coveralls to dev dependencies
• 190b216 [pkg] Add .npmrc
• ce3783f [test] Do not test on all available versions of Edge and Safari
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from prismjs's releases.

v1.23.0

New components

• Apex (#2622) f0e2b70e
• DataWeave (#2659) 0803525b
• PromQL (#2628) 8831c706

Updated components

• Fixed multiple vulnerable regexes (#2584) c2f6a644
• Apache Configuration
  • Update directive-flag to match = (#2612) 00bf00e3
• C-like
  • Made all comments greedy (#2680) 0a3932fe
• C
  • Better class name and macro name detection (#2585) 129faf5c
• Content-Security-Policy
  • Added missing directives and keywords (#2664) f1541342
  • Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d
• CSS
  • Better HTML style attribute tokenization (#2569) b04cbafe
• Java
  • Improved package and class name detection (#2599) 0889bc7c
  • Added Java 15 keywords (#2567) 73f81c89
• Java stack trace
  • Added support stack frame element class loaders and modules (#2658) 0bb4f096
• Julia
  • Removed constants that are not exported by default (#2601) 093c8175
• Kotlin
  • Added support for backticks in function names (#2489) a5107d5c
• Latte
  • Fixed exponential backtracking (#2682) 89f1e182
• Markdown
  • Improved URL tokenization (#2678) 2af3e2c2
  • Added support for YAML front matter (#2634) 5cf9cfbc
• PHP
  • Added support for PHP 7.4 + other major improvements (#2566) 38808e64
  • Added support for PHP 8.0 features (#2591) df922d90
  • Removed C-like dependency (#2619) 89ebb0b7
  • Fixed exponential backtracking (#2684) 37b9c9a1
• Sass (Scss)
  • Added support for Sass modules (#2643) deb238a6
• Scheme
  • Fixed number pattern (#2648) e01ecd00
  • Fixed function and function-like false positives (#2611) 7951ca24
• Shell session
  • Fixed false positives because of links in command output (#2649) 8e76a978
• TSX
  • Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

... (truncated)

Sourced from prismjs's changelog.

1.23.0 (2020-12-31)

New components

• Apex (#2622) f0e2b70e
• DataWeave (#2659) 0803525b
• PromQL (#2628) 8831c706

Updated components

• Fixed multiple vulnerable regexes (#2584) c2f6a644
• Apache Configuration
  • Update directive-flag to match = (#2612) 00bf00e3
• C-like
  • Made all comments greedy (#2680) 0a3932fe
• C
  • Better class name and macro name detection (#2585) 129faf5c
• Content-Security-Policy
  • Added missing directives and keywords (#2664) f1541342
  • Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d
• CSS
  • Better HTML style attribute tokenization (#2569) b04cbafe
• Java
  • Improved package and class name detection (#2599) 0889bc7c
  • Added Java 15 keywords (#2567) 73f81c89
• Java stack trace
  • Added support stack frame element class loaders and modules (#2658) 0bb4f096
• Julia
  • Removed constants that are not exported by default (#2601) 093c8175
• Kotlin
  • Added support for backticks in function names (#2489) a5107d5c
• Latte
  • Fixed exponential backtracking (#2682) 89f1e182
• Markdown
  • Improved URL tokenization (#2678) 2af3e2c2
  • Added support for YAML front matter (#2634) 5cf9cfbc
• PHP
  • Added support for PHP 7.4 + other major improvements (#2566) 38808e64
  • Added support for PHP 8.0 features (#2591) df922d90
  • Removed C-like dependency (#2619) 89ebb0b7
  • Fixed exponential backtracking (#2684) 37b9c9a1
• Sass (Scss)
  • Added support for Sass modules (#2643) deb238a6
• Scheme
  • Fixed number pattern (#2648) e01ecd00
  • Fixed function and function-like false positives (#2611) 7951ca24
• Shell session
  • Fixed false positives because of links in command output (#2649) 8e76a978
• TSX
  • Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

... (truncated)

• 88a17b4 1.23.0
• 5dc7b42 Changelog v1.23.0 (#2681)
• 37b9c9a PHP: Fixed exponential backtracking (#2684)
• 89f1e18 Latte: Fixed exponential backtracking (#2682)
• 0a3932f C-like: Made all comments greedy (#2680)
• cdb24ab Line Highlight: Fixed print background color (#2668)
• e644178 Added test for polynomial backtracking (#2597)
• b40f8f4 Line highlight: Fixed top offset in combination with Line numbers (#2237)
• 2af3e2c Markdown: Improved URL tokenization (#2678)
• df0738e Test page: Don't trigger ad-blockers with class (#2677)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

• New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
• Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
• Fix: Spelling mistakes have been fixed. (#196)

v2.1.0

• New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

v2.0.1

• Fix: The browser builds in the dist directory support ES5. (#182)

v2.0.0

• Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

• New: Support for Unicode 10 has been added.

• New: The test framework has been migrated from Mocha to Tap.

• New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

• Fix: The warning has been made clearer when line and paragraph separators are

... (truncated)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Sourced from css-loader's releases.

v6.7.3

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

v6.7.2

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

v6.7.1

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

v6.7.0

6.7.0 (2022-03-04)

Features

• re-export defaultGetLocalIdent (#1423) (207cf36)

v6.6.0

6.6.0 (2022-02-02)

Features

• added the hashStrategy option (ca4abce)

v6.5.1

6.5.1 (2021-11-03)

Bug Fixes

• regression with unicode characters in locals (b7a8441)
• runtime path generation (#1393) (feafea8)

v6.5.0

... (truncated)

Sourced from css-loader's changelog.

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

6.7.0 (2022-03-04)

Features

• re-export defaultGetLocalIdent (#1423) (207cf36)

6.6.0 (2022-02-02)

Features

• added the hashStrategy option (ca4abce)

6.5.1 (2021-11-03)

Bug Fixes

• regression with unicode characters in locals (b7a8441)
• runtime path generation (#1393) (feafea8)

6.5.0 (2021-10-26)

Features

• support absolute URL in url() when experiments.buildHttp enabled (#1389) (8946be4)

... (truncated)

• ef749f2 chore(release): 6.7.3
• 36fb945 chore: fix cspell
• 962924c fix: remove sourceURL from emitted CSS (#1487)
• 3f3f302 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1486)
• 04ca713 chore: update dependencies to the latest version (#1485)
• 9449827 chore: update styfle/cancel-workflow-action (#1484)
• 6c67af8 chore: add cSpell to check spelling issues (#1482)
• 239b9ac chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#1481)
• 394d200 chore(release): 6.7.2
• 2f4c273 fix: css modules generation with inline syntax (#1480)
• Additional commits viewable in compare view

Sourced from tsconfig-paths's changelog.

[3.10.1] - 2021-07-06

Fixed

• Add register.js to published files

[3.10.0] - 2021-07-06

Added

• feat(tsconfig-loader): extends config from node_modules (#106). Thanks to @​zorji for this PR!

Fixed

• Update CHANGELOG.md (#96). Thanks to @​OliverJAsh for this PR!
• Fix "bootstraping" typo (#111). Thanks to @​KRMisha for this PR!
• Update Readme fixes #116 (#123). Thanks to @​benwinding for this PR!
• Fixed typo (#144). Thanks to @​mprinc for this PR!
• [TYPO] src/mapping-entry.ts (#145). Thanks to @​mprinc for this PR!
• docs(README): fix typos (#156). Thanks to @​PiDelport for this PR!
• deps: bump json5 to use type definition provided officially (#158). Thanks to @​koba04 for this PR!
• Update tsconfig-loader.ts (#161). Thanks to @​fecqs for this PR!
• fix typo (#165). Thanks to @​wonda-tea-coffee for this PR!
• Add file extenstion to typings property value (#151). Thanks to @​dangrussell for this PR!

• 80bc810 v3.10.1
• beb9a47 Add changelog for 3.10.1
• 893b76d Add register.js to published files
• 9327fa1 v3.10.0
• 766a0e8 Update changelog for 3.10.0
• 2cf8b21 Categorize changelog
• fb67ba2 Update changelog with unreleased PRs
• 079285a Add file extenstion to typings property value (#151)
• c49386c feat(tsconfig-loader): extends config from node_modules without './node_modul...
• f289c99 fix typo (#165)
• Additional commits viewable in compare view

Sourced from file-loader's releases.

v6.2.0

6.2.0 (2020-10-27)

Features

• added the sourceFilename property to asset info with original filename (#393) (654e0d6)

Bug Fixes

• immutable flag when the name option have hash in query string (#392) (381d8bd)

v6.1.1

6.1.1 (2020-10-09)

Chore

• update schema-utils

v6.1.0

6.1.0 (2020-08-31)

Features

• pass immutable flag to asset info (#383) (40fcde8)

v6.0.0

6.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• use md4 by default for hashing (#369) (ad39022)

Sourced from file-loader's changelog.

6.2.0 (2020-10-27)

Features

• added the sourceFilename property to asset info with original filename (#393) (654e0d6)

Bug Fixes

• immutable flag when the name option have hash in query string (#392) (381d8bd)

6.1.1 (2020-10-09)

Chore

• update schema-utils

6.1.0 (2020-08-31)

Features

• pass immutable flag to asset info (#383) (40fcde8)

6.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• use md4 by default for hashing (#369) (ad39022)

• c423008 chore(release): 6.2.0
• 654e0d6 feat: added the sourceFilename property to asset info with original filenam...
• 381d8bd fix: immutable flag when the name option have hash in query string (#392)
• 14ed4c9 ci: updated webpack versions (#389)
• 6fadfbe chore(release): 6.1.1
• 60508cf chore(deps): update
• 25e2668 chore(release): 6.1.0
• 6e22f6e test: fix
• 40fcde8 feat: pass immutable flag to asset info (#383)
• 718aef5 chore(deps): update (#375)
• Additional commits viewable in compare view

Sourced from mini-css-extract-plugin's releases.

v2.7.2

2.7.2 (2022-12-06)

Bug Fixes

• don't crash in web workers (#1004) (4d98d4b)

v2.7.1

2.7.1 (2022-11-29)

Bug Fixes

• preserve order of link tags on HMR (#982) (6ea0922)

v2.7.0

2.7.0 (2022-11-16)

Features

• add function support for locals (loader) (#985) (65519d0)

v2.6.1

2.6.1 (2022-06-15)

Bug Fixes

• do not attempt hot reloading when emit is false (#953) (b426f04)

v2.6.0

2.6.0 (2022-03-03)

Features

• added baseUri option support (from entry options) (#915) (6004d95)

v2.5.3

2.5.3 (2022-01-25)

Bug Fixes

• types (#903) (6650691)

v2.5.2

2.5.2 (2022-01-17)

... (truncated)

Sourced from mini-css-extract-plugin's changelog.

2.7.2 (2022-12-06)

Bug Fixes

• don't crash in web workers (#1004) (4d98d4b)

2.7.1 (2022-11-29)

Bug Fixes

• preserve order of link tags on HMR (#982) (6ea0922)

2.7.0 (2022-11-16)

Features

• add function support for locals (loader) (#985) (65519d0)

2.6.1 (2022-06-15)

Bug Fixes

• do not attempt hot reloading when emit is false (#953) (b426f04)

2.6.0 (2022-03-03)

Features

• added baseUri option support (from entry options) (#915) (6004d95)

2.5.3 (2022-01-25)

Bug Fixes

• types (#903) (6650691)

2.5.2 (2022-01-17)

Bug Fixes

• types (dfb9afd)

2.5.1 (2022-01-17)

... (truncated)

• b616093 chore(release): 2.7.2
• 4d98d4b fix: don't crash in web workers (#1004)
• 5ef989b chore(deps): bump minimist from 1.2.5 to 1.2.6 (#928)
• cd7d933 chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#993)
• 9178a0c chore: update dependencies to the latest version (#1003)
• 7053ce2 chore(release): 2.7.1
• 82ed663 refactor: fix compatibility with old browsers (#1000)
• 7585663 chore(deps): update (#999)
• 6ea0922 fix: preserve order of link tags on HMR (#982)
• 2633446 chore: update styfle/cancel-workflow-action (#996)
• Additional commits viewable in compare view

Sourced from url-loader's releases.

v4.1.1

4.1.1 (2020-10-09)

Chore

• update schema-utils

v4.1.0

4.1.0 (2020-04-08)

Features

• the mimetype option can be Boolean
• added the encoding option
• added the generator option

v4.0.0

4.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• deps: migrate on mime-types package, some rare types may have other mimetype

Sourced from url-loader's changelog.

4.1.1 (2020-10-09)

Chore

• update schema-utils

4.1.0 (2020-04-08)

Features

• the mimetype option can be Boolean
• added the encoding option
• added the generator option

4.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• deps: migrate on mime-types package, some rare types may have other mimetype

Bug Fixes

• description on the esModule option (#204) (a2f127d)

• deps: migrate on mime-types package (#209) (fc8721f)

• acf4eb1 chore(release): 4.1.1
• 20c744b chore(deps): update (#220)
• 1811901 chore: remove unnecessary deps
• 35eeed1 ci: migrate on github actions (#213)
• 06d270a chore(release): 4.1.0
• 488b6ec refactor: code (#212)
• 36f1354 feat: add encoding & generator options (#210)
• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on mime-types package (#209)
• f13757a chore(deps): update (#208)
• Additional commits viewable in compare view

Sourced from vue-loader's releases.

v16.8.3

Bug Fixes

• HMR not working correctly with vue-class-component components (#1897) (76b1448)

v16.8.2

Bug Fixes

• should allow chaining with loaders for non-vue files (#1889) (f32f953), closes #1879 #1883 #1890
• plugin: use compiler.webpack when possible (#1884) (820d23c)

v16.8.1

Bug Fixes

• fix template options resolving for ts (91f581b)

v16.8.0

Bug Fixes

• hmr: fix hmr regression (bacc6a9)

Features

• enableTsInTemplate option (7613534)

  • When used with ts-loader, due to ts-loader's cache invalidation behavior, it sometimes prevents the template from being hot-reloaded in isolation, causing the component to reload despite only the template being edited. If this is annoying, you can set this option to false (and avoid using TS expressions in templates).

  • Alternatively, leave this option on (by default) and use esbuild-loader to transpile TS instead, which doesn't suffer from this problem (it's also a lot faster). However, do note you will need to rely on TS type checking from other sources (e.g. IDE or vue-tsc).

v16.7.1

Bug Fixes

• remove pure annotation for custom blocks (cd891e5)

v16.7.0

Features

• support optional @​vue/compiler-sfc peer dep (21725a4)

v16.6.0

Bug Fixes

• generate treeshaking friendly code (11e3cb8)

Features

• support ts in template expressions (573fbd2)

... (truncated)

Sourced from vue-loader's changelog.

16.8.3 (2021-11-04)

Bug Fixes

• HMR not working correctly with vue-class-component components (#1897) (76b1448)

16.8.3 (2021-11-04)

Bug Fixes

• HMR not working correctly with vue-class-component components (#1897) (76b1448)

16.8.2 (2021-10-26)

Bug Fixes

• should allow chaining with loaders for non-vue files (#1889) (f32f953), closes #1879 #1883 #1890
• plugin: use compiler.webpack when possible (#1884) (820d23c)

16.8.1 (2021-09-22)

Bug Fixes

• fix template options resolving for ts (91f581b)

16.8.0 (2021-09-22)

Bug Fixes

• hmr: fix hmr regression (bacc6a9)

Features

• enableTsInTemplate option (7613534)

  • When used with ts-loader, due to ts-loader's cache invalidation behavior, it sometimes prevents the template from being hot-reloaded in isolation, causing the component to reload despite only the template being edited. If this is annoying, you can set this option to false (and avoid using TS expressions in templates).

  • Alternatively, leave this option on (by default) and use esbuild-loader to transpile TS instead, which doesn't suffer from this problem (it's also a lot faster). However, do note you will need to rely on TS type checking from other sources (e.g. IDE or vue-tsc).

... (truncated)

• 7347ae9 16.8.3
• 76b1448 fix: HMR not working correctly with vue-class-component components (#1897)
• 9e47e8e chore: v16.8.2 changelog
• a0243bd 16.8.2
• f32f953 fix: should allow chaining with loaders for non-vue files (#1889)
• 820d23c fix(plugin): use compiler.webpack when possible (#1884)
• 2eccc0e refactor: use import type
• 63fdf8d chore: remove duplicate entries from changelog
• 8ed3af4 chore: changelog fix [ci skip]
• 1607fb8 chore: changelog [ci skip]
• Additional commits viewable in compare view

Sourced from webpack's releases.

v5.75.0

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

... (truncated)

• 8241da7 5.75.0
• a91d923 Merge pull request #16458 from webpack/bugfix/semi
• 4608b11 Merge pull request #16457 from webpack/tooling/update
• dfdd0b0 Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback
• 23b9a1c Merge pull request #16167 from exposir/fixts
• 6f2c5e8 Merge pull request #16257 from alexzhang1030/calc_deterministic_verbose
• f7f36ad Merge pull request #16339 from Liamolucko/wasm-i64
• 761a542 fix semicolon position
• 2403a36 Merge pull request #16345 from ahabhgk/fix-eval-nosources
• c18203c update tooling
• Additional commits viewable in compare view

Sourced from webpack-cli's releases.

v5.0.1

5.0.1 (2022-12-05)

Bug Fixes

• make define-process-env-node-env alias node-env (#3514) (346a518)

v5.0.0

5.0.0 (2022-11-17)

Bug Fixes

• improve description of the --disable-interpret option (#3364) (bdb7e20)
• remove the redundant utils export (#3343) (a9ce5d0)
• respect NODE_PATH env variable (#3411) (83d1f58)
• show all CLI specific flags in the minimum help output (#3354) (35843e8)

Features

• failOnWarnings option (#3317) (c48c848)
• update commander to v9 (#3460) (6621c02)
• added the --define-process-env-node-env option
• update interpret to v3 and rechoir to v0.8
• add an option for preventing interpret (#3329) (c737383)

BREAKING CHANGES

• the minimum supported webpack version is v5.0.0 (#3342) (b1af0dc), closes #3342
• webpack-cli no longer supports webpack v4, the minimum supported version is webpack v5.0.0
• webpack-cli no longer supports webpack-dev-server v3, the minimum supported version is webpack-dev-server v4.0.0
• remove the migrate command (#3291) (56b43e4), closes #3291
• remove the --prefetch option in favor the PrefetchPlugin plugin
• remove the --node-env option in favor --define-process-env-node-env
• remove the --hot option in favor of directly using the HotModuleReplacement plugin (only for build command, for serve it will work)
• the behavior logic of the --entry option has been changed - previously it replaced your entries, now the option adds a specified entry, if you want to return the previous behavior please use webpack --entry-reset --entry './src/my-entry.js'

v4.10.0

4.10.0 (2022-06-13)

Bug Fixes

• changeTime is already in milliseconds (#3198) (d390d32)
• improve parsing of --env flag (#3286) (402c0fe)

Features

• added types (8ec1375)

v4.9.2

4.9.2 (2022-01-24)

... (truncated)

Sourced from webpack-cli's changelog.

5.0.1 (2022-12-05)

Bug Fixes

• make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

Bug Fixes

• improve description of the --disable-interpret option (#3364) (bdb7e20)
• remove the redundant utils export (#3343) (a9ce5d0)
• respect NODE_PATH env variable (#3411) (83d1f58)
• show all CLI specific flags in the minimum help output (#3354) ( opened by dependabot[bot] 0

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

... (truncated)

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]

... (truncated)

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: [email protected]
• f56ce73 build: [email protected]
• 24b3dc5 deps: [email protected]
• 689d175 deps: [email protected]
• 340be0f build: [email protected]
• 33e8dc3 docs: use Node.js name style
• 644f646 build: [email protected]
• ecd7572 build: [email protected]
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.