Bumps json5 to 2.2.3 and updates ancestor dependencies json5, babel-loader and html-webpack-plugin. These dependencies need to be updated together.
Updates json5
from 2.1.3 to 2.2.3
Release notes
Sourced from json5's releases.
v2.2.3
v2.2.2
- Fix: Properties with the name
__proto__
are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
v2.2.1
- Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
v2.2.0
- New: Accurate and documented TypeScript declarations are now included. There is no need to install
@types/json5
. (#236, #244)
Changelog
Sourced from json5's changelog.
- Fix: Properties with the name
__proto__
are added to objects and arrays.
(#199) This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (#295).
- Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
- New: Accurate and documented TypeScript declarations are now included. There
is no need to install
@types/json5
. (#236, #244)
Commits
Updates babel-loader
from 8.1.0 to 8.3.0
Release notes
Sourced from babel-loader's releases.
v8.3.0
New features
Full Changelog: https://github.com/babel/babel-loader/compare/v8.2.5...v8.3.0
v8.2.5
What's Changed
New Contributors
Full Changelog: https://github.com/babel/babel-loader/compare/v8.2.4...v8.2.5
v8.2.4
What's Changed
Thanks @βloveDstyle
, @βstianjensen
and @βpathmapper
for your first PRs!
8.2.3
This release fixes compatibility with Node.js 17
Thanks @βReptarsrage
!
8.2.1
8.2.0
- Replace
mkdirp
with make-dir
47958ca3857e489e450b27c6f3266375015cba82 (@βJLHwung
)
- Use async config loading when available d8cff97ff387ded0fc9b5cbc489228c96c5ab14a (
@βthe-spyke
)
Commits
Maintainer changes
This version was pushed to npm by nicolo-ribaudo, a new releaser for babel-loader since your current version.
Updates html-webpack-plugin
from 4.5.0 to 5.5.0
Changelog
Sourced from html-webpack-plugin's changelog.
5.5.0 (2021-10-25)
Features
- Support type=module via scriptLoading option (1e42625), closes #1663
5.4.0 (2021-10-15)
Features
5.3.2 (2021-06-22)
Bug Fixes
- update lodash and pretty error (9c7fba0
5.3.1 (2021-03-09)
Bug Fixes
- remove loader-utils from plugin core (82d0ee8)
5.3.0 (2021-03-07)
Features
- allow to modify the interpolation options in webpack config (d654f5b)
- drop loader-utils dependency (41d7a50)
5.2.0 (2021-02-19)
Features
5.1.0 (2021-02-12)
Features
- omit html tag attribute with null/undefined/false value (aa6e78d), closes #1598
5.0.0 (2021-02-03)
... (truncated)
Commits
873d75b
chore(release): 5.5.0
ddeb774
chore: update examples
1e42625
feat: Support type=module via scriptLoading option
7d3645b
Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
79be779
[chore] changes actions to run on pull_requests
b7e5859
[chore] fixes CI to avoid race conditions
48131d3
chore(release): 5.4.0
16a841a
[chore] rebuild examples
3bb7c17
Update index.js
e38ac97
Update index.js
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
@dependabot merge
will merge this PR after your CI passes on it
@dependabot squash and merge
will squash and merge this PR after your CI passes on it
@dependabot cancel merge
will cancel a previously requested merge and block automerging
@dependabot reopen
will reopen this PR if it is closed
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
dependencies javascript