Skip to content

Bump json5, loader-utils and nuxt-edge #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump json5, loader-utils and nuxt-edge #28

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 4, 2023
edited
Loading

Bumps json5 to 1.0.2 and updates ancestor dependencies json5, loader-utils and nuxt-edge. These dependencies need to be updated together.

Updates json5 from 0.5.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

v1.0.1

This release includes a bug fix and minor change.

  • Fix: parse throws on unclosed objects and arrays.

  • New: package.json5 has been removed until an easier way to keep it in sync with package.json is found.

v1.0.0

This release includes major internal changes and public API enhancements.

  • Major JSON5 officially supports Node.js v4 and later. Support for Node.js v0.10 and v0.12 have been dropped.

  • New: Unicode property names and Unicode escapes in property names are supported. (#1)

  • New: stringify outputs trailing commas in objects and arrays when a space option is provided. (#66)

  • New: JSON5 allows line and paragraph separator characters (U+2028 and U+2029) in strings in order to be compatible with JSON. However, ES5 does not allow these characters in strings, so JSON5 gives a warning when they are parsed and escapes them when they are stringified. (#70)

  • New: stringify accepts an options object as its second argument. The supported options are replacer, space, and a new quote option that specifies the quote character used in strings. (#71)

  • New: The CLI supports STDIN and STDOUT and adds --out-file, --space, and --validate options. See json5 --help for more information. (#72, #84, and #108)

  • New: In addition to the white space characters space \t, \v, \f, \n, \r, and \xA0, the additional white space characters \u2028, \u2029, and all other characters in the Space Separator Unicode category are allowed.

  • New: In addition to the character escapes \', \", \\, \b, \f, \n, \r, and \t, the additional character escapes \v and \0, hexadecimal escapes like \x0F, and unnecessary escapes like \a are allowed in string values and string property names.

  • New: stringify outputs strings with single quotes by default but intelligently uses double quotes if there are more single quotes than double quotes inside the string. (i.e. stringify('Stay here.') outputs 'Stay here.' while stringify('Let\'s go.') outputs "Let's go.")

... (truncated)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

  • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

v1.4.0

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

  • support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

  • interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

1.4.1 (2022-11-07)

Bug Fixes

1.4.0 (2020-02-19)

Features

  • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

  • support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

  • interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.


Updates nuxt-edge from 2.0.0-25603961.baaf67d to 2.16.0-27720022.54e852f

Release notes

Sourced from nuxt-edge's releases.

v2.15.8

🐛 Bug Fixes

  • vue-app
    • #9460 Don't normalise route path if it's valid
  • babel
    • #9631 Loose option for babel private-property-in-object

v2.15.7

🔰 Security advisory

Please upgrade to nuxt@^2.15.7 if using [email protected] or [email protected]

🐛 Bug Fixes

  • vue-app
    • #9431 Check whether a route exists within the nuxt app before replacing

v2.15.6

🐛 Bug Fixes

v2.15.5

🐛 Bug Fixes

  • babel
    • #9232 Loose option for babel class-properties and private-methods (resolves #9224)
  • vue-app
    • #9201 Use route.replace instead of router.push to trigger navigation guards (resolves #9111)
  • builder
    • #9153 Resolve aliases in build.watch paths (resolves #9045)
  • cli
    • #9152 Add warning for css-loader < 4.2 (resolves #9117)

💖 Thanks to

v2.15.4

🐛 Bug Fixes

  • vue-app
    • #8978 Reload page once after loading chunk error (resolves #3389)
    • #9008 Fallback to global nuxt instance of $root is not available (resolves #8995)

... (truncated)

Changelog

Sourced from nuxt-edge's changelog.

Release Plan

Starting with version v2.4, Nuxt will adhere to a formalized release plan (as good as possible). Also, an end of life for older major versions is defined with this document.

Major versions (3.x -> 4.0)

Nuxt major releases are planned every 6 months. This depends on a few factors though:

  • If there are no breaking changes waiting for a release, no new major version will be published. Instead, another minor one will be released
  • In case of unexpected major updates of important dependencies like Vue, Webpack, and so on, major versions might be released earlier than planned

The goal is to provide a migration guide for each major version as well, as escape hatches, so existing code won't "just break".

Minor versions (2.1 -> 2.2)

The release cycle for Nuxt minor versions is roughly 4 weeks.

Three of the four weeks will be used for actual feature implementations while the last week will be used for testing, fixing bugs and thorough audits.

That also means a feature freeze for the next minor version after these three weeks. Features that aren't ready will be moved to the next cycle. "Waiting" for features (for a longer time) will be avoided as good as possible to keep releases lean, concise, predictable and digestible.

Patch releases (2.2.3 -> 2.2.4)

The last patch releases were mostly bundled fixes or single hotfixes. In the future, fixes will be released as soon as possible after the actual PR/commit so people won't have to switch to nuxt-edge for bugfixes. This should improve the stability of Nuxt.

Fixes can or will include:

  • Updates of dependencies (for various reasons, like a "faulty/buggy" dependency or an newer versions that works better with the Nuxt code)
  • Fixes for our code

Bugfixes for upcoming features won't be ported of course.

Edge Release Channel

After experimenting with nuxt-edge releases in the last time, the decision to do nightly releases for now instead of releasing a version after each commit was made.

End of Life

Starting with v2.4, every major Nuxt version will have an End of Life. Previous releases will receive security updates and bugfixes for one year and two weeks, counted from the first release on. As Nuxt majors are approximately released once every 6 months, this will allow developers to "skip one major version" without being stuck with a broken or unsecure Nuxt dependency. The EOL also applies to the documentation.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump json5, loader-utils and nuxt-edge
f45665d 
Bumps [json5](https://github.com/json5/json5) to 1.0.2 and updates ancestor dependencies [json5](https://github.com/json5/json5), [loader-utils](https://github.com/webpack/loader-utils) and [nuxt-edge](https://github.com/nuxt/nuxt.js). These dependencies need to be updated together.


Updates `json5` from 0.5.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v0.5.1...v1.0.2)

Updates `loader-utils` from 1.1.0 to 1.4.2
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.1.0...v1.4.2)

Updates `nuxt-edge` from 2.0.0-25603961.baaf67d to 2.16.0-27720022.54e852f
- [Release notes](https://github.com/nuxt/nuxt.js/releases)
- [Changelog](https://github.com/nuxt/nuxt.js/blob/dev/RELEASE_PLAN.md)
- [Commits](https://github.com/nuxt/nuxt.js/commits)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
- dependency-name: loader-utils
  dependency-type: indirect
- dependency-name: nuxt-edge
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants