Bump the npm_and_yarn group across 3 directories with 27 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the /atomspace-explorer directory:

Package	From	To
jquery	3.5.0	3.7.1
@types/jquery	3.2.16	3.5.32
webpack-dev-server	5.1.0	5.2.1
@babel/helpers	7.25.7	7.28.2
minimatch	3.0.4	3.1.2
minimatch	2.0.10	3.1.2
semantic-ui	2.4.2	2.5.0
cross-spawn	7.0.3	7.0.6
http-proxy-middleware	2.0.7	2.0.9
js-yaml	3.7.0	3.14.1
loader-utils	1.4.0	1.4.2
nanoid	3.3.7	3.3.11
on-headers	1.0.2	1.1.0
compression	1.7.4	1.8.1

Bumps the npm_and_yarn group with 1 update in the /atomspace-explorer/src/assets/material-design-lite directory: prismjs.
Bumps the npm_and_yarn group with 15 updates in the /atomspace-typescript directory:

Package	From	To
@babel/helpers	7.18.9	7.28.2
cross-spawn	6.0.5	6.0.6
form-data	3.0.1	3.0.4
http-proxy-middleware	2.0.7	2.0.9
nanoid	3.3.4	3.3.11
on-headers	1.0.2	1.1.0
compression	1.7.4	1.8.1
path-to-regexp	0.1.10	0.1.12
express	4.21.1	4.21.2
@babel/runtime-corejs3	7.18.9	7.28.2
elliptic	6.6.0	6.6.1
ip	2.0.0	removed
@storybook/react	6.5.10	9.0.18
pbkdf2	3.1.2	3.1.3
store2	2.14.2	2.14.4

Updates jquery from 3.5.0 to 3.7.1

Release notes

Sourced from jquery's releases.

jQuery 3.7.1 Released: Reliable Table Row Dimensions

https://blog.jquery.com/2023/08/28/jquery-3-7-1-released-reliable-table-row-dimensions/

jQuery 3.7.0: Staying in Order

https://blog.jquery.com/2023/05/11/jquery-3-7-0-released-staying-in-order/

jQuery 3.6.4 Released: Selector Forgiveness

https://blog.jquery.com/2023/03/08/jquery-3-6-4-released-selector-forgiveness/

jQuery supports CSS.supports in jQuery 3.6.3

https://blog.jquery.com/2022/12/20/jquery-3-6-3-released-a-quick-selector-fix/

jQuery 3.6.2 :has arrived!

https://blog.jquery.com/2022/12/13/jquery-3-6-2-released/

jQuery 3.6.1 Maintenance Release

https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/

jQuery 3.6.0 Released!

https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

Commits

• f79d5f1 3.7.1
• 399b201 Release: revert change that broke release
• f85d521 Release: update authors
• 763ade6 Build: Generate the slim build on grunt & run compare_size on it
• a288838 CSS: Make the reliableTrDimensions support test work with Bootstrap CSS (3.x ...
• 87467a6 Selector: Only attach the unload handler in IE & Edge Legacy
• 3c18c1f Build: Make sure *.cjs & *.mjs files use UNIX line endings as well
• 72ae577 Build: switch preferred email for timmywil
• a370d7d Build: Build: Bump actions/checkout from 3.5.2 to 3.5.3
• 4a29888 Docs: Fix typos found by codespell
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by timmywil, a new releaser for jquery since your current version.

Updates @types/jquery from 3.2.16 to 3.5.32

Commits

• See full diff in compare view

Updates webpack-dev-server from 5.1.0 to 5.2.1

Release notes

Sourced from webpack-dev-server's releases.

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

v5.2.0

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

5.2.0 (2024-12-11)

Features

• added getClientEntry and getClientHotEntry methods to get clients entries (dc642a8)

Bug Fixes

• speed up initial client bundling (145b5d0)

Commits

• 0d22a08 chore(release): 5.2.1
• 6045b1e chore(deps): update (#5444)
• ffd0b86 fix: take the first network found instead of the last one, this restores the ...
• 9ea7b08 ci: update dependency-review-action (#5442)
• 5c9378b Merge commit from fork
• d2575ad Merge commit from fork
• 8c1abc9 fix: prevent overlay for errors caught by React error boundaries (#5431)
• 5a39c70 ci: update codecov/codecov-action to v5 (#5406)
• 55220a8 chore(deps-dev): bump the dependencies group across 1 directory with 4 update...
• 09f6f8e chore(deps): bump the dependencies group across 1 directory with 2 updates (#...
• Additional commits viewable in compare view

Updates ajv from 5.3.0 to 5.5.2

Release notes

Sourced from ajv's releases.

v5.5.0

Support chaining of methods add* and remove* (#625, @​pithu), see Api.

v5.4.0

Option logger to disable logging or to specify a custom logger (#618, @​meirotstein).

Commits

• cecd4ec 5.5.2
• b915832 docs: update performance chart
• 90bd281 chore: update typescript
• 33efef3 Merge branch 'Delagen-master'
• ef0fc0f Merge branch 'master' of ssh://github.com/Delagen/ajv into Delagen-master
• 7a7812f chore: regenerator semver
• 217c5e3 Merge branch 'greenkeeper/regenerator-0.12.2'
• 88b3018 replace Object to object due (Object=any), add CompilationContext interface
• 2e75568 chore(package): update regenerator to version 0.12.2
• 2d4ca22 Merge pull request #642 from epoberezkin/greenkeeper/json-schema-test-2.0.0
• Additional commits viewable in compare view

Updates @babel/helpers from 7.25.7 to 7.28.2

Release notes

Sourced from @​babel/helpers's releases.

v7.28.2 (2025-07-24)

Thanks @​souhailaS for your first PR!

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• SOUHAILA SERBOUT (@​souhailaS)
• @​liuxingbaoyu

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@​liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@​JLHwung)

↩️ Revert

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types
  • #17432 Do not mark OptionalMemberExpresion as LVal (@​JLHwung)

Committers: 3

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• @​liuxingbaoyu

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/helpers's changelog.

v7.28.2 (2025-07-24)

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@​liuxingbaoyu)

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@​liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@​JLHwung)

↩️ Revert

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types
  • #17432 Do not mark OptionalMemberExpresion as LVal (@​JLHwung)

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@​liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@​JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@​JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@​JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@​JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@​JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@​JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@​JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@​coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3

... (truncated)

Commits

• cac0ff4 v7.28.2
• f743094 fix: regeneratorDefine compatibility with es5 strict mode (#17441)
• baa4cb8 v7.27.6
• fdbf1b3 fix: finally causes unexpected return value (#17366)
• 7d06930 v7.27.4
• 5b9468d Reduce regenerator size more (#17287)
• cb78b5b [babel 8] Do not replace global regeneratorRuntime references in regenerato...
• 49c0dbb Fix iterator compatibility of regeneratorValues (#17335)
• d23a1bd Use shorter method names for regenerator context (#17334)
• 9dcd115 Restore behavior of regeneratorRuntime helper (#17329)
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates minimatch from 2.0.10 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates semantic-ui from 2.4.2 to 2.5.0

Release notes

Sourced from semantic-ui's releases.

Version 2.5.0 - Oct 6, 2022

Note

Special Note: If you run into any breaking changes with Gulp 4. Please reach out to me at [email protected] with bug reports

Critical Fix

• CSS - Fix extra semicolon causing CSS build of Semantic UI to fail compilation with various systems #7065 React Issue [CSS Repo Issue #81](Semantic-Org/Semantic-UI-CSS#81) [CSS Issue #75](Semantic-Org/Semantic-UI-CSS#75)

Breaking Changes

• Gulp - Updated all tasks to work with Gulp 4. This should fix SUI to install correctly on Node 12 or greater (see Gulp3 Issue for more details)
• Node - Updated scripts to build in Node 18 via vanilla install.

Build

• Theme - Allow site's global site theme to be missing #6876 Thanks @​cruzdanillo
• Meteor - Fix issue with misuse of api.addAssets #6790 Thanks @​gimco
• Gulp - Report errors in build #7005 Thanks @​bundyo

Examples

• Modal - Fixed mutation observer was not properly disconnected
• Sticky - Adds new example for sticky to highlight behavior when sticky/context height varies

Bug Fixes

• Dropdown - Fix issue where dropdown menu could not open to right when in right menu inside a ui menu (See examples/sticky.html) for use-case
• Sticky - Fix issue where element might be bound bottom (fixed to bottom of context) if the sticky element is larger than the context
• Sticky - Fix issue when sticky size is larger than context size caused context min-height not to be set correctly.
• Button - Fix usage of loading on in labeled button #7023 thanks @​flppv

Changelog

Sourced from semantic-ui's changelog.

Version 2.5.0 - Oct 6, 2022

Note

Special Note: If you run into any breaking changes with Gulp 4. Please reach out to me at [email protected] with bug reports

Critical Fix

• CSS - Fix extra semicolon causing CSS build of Semantic UI to fail compilation with various systems #7065 React Issue [CSS Repo Issue #81](Semantic-Org/Semantic-UI-CSS#81) [CSS Issue #75](Semantic-Org/Semantic-UI-CSS#75)

Breaking Changes

• Gulp 4 -All tasks have been rewritten to work with Gulp 4. This should fix SUI to install correctly on Node 12 or greater (see Gulp3 Issue for more details)

Build

• Node - Updated scripts to build in Node 18 via vanilla install.
• Theme - Allow site's global site theme to be missing #6876 Thanks @​cruzdanillo
• Meteor - Fix issue with misuse of api.addAssets #6790 Thanks @​gimco
• Gulp - Report errors in build #7005 Thanks @​bundyo

Examples

• Modal - Fixed mutation observer was not properly disconnected
• Sticky - Adds new example for sticky to highlight behavior when sticky/context height varies

Bug Fixes

• Dropdown - Fix issue where dropdown menu could not open to right when in right menu inside a ui menu (See examples/sticky.html) for use-case
• Sticky - Fix issue where element might be bound bottom (fixed to bottom of context) if the sticky element is larger than the context
• Sticky - Fix issue when sticky size is larger than context size caused context min-height not to be set correctly.
• Button - Fix usage of loading on in labeled button #7023 thanks @​flppv

Commits

• See full diff in compare view

Updates braces from 1.8.5 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed
• Require Node.js >= 8.3

Non-breaking changes

• Caching was removed

[2.3.2] - 2018-04-08

• start refactoring

... (truncated)

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates micromatch from 2.3.11 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

4.0.4

• fix: Update picomatch to fix regression #179 (8becb55)

4.0.3

• Enforce newer version of picomatch with bugfixes

bumps kind-of dep to ^3.0.2

thanks to @​paulmillr

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

• Adds support for options.onMatch. See the readme for details
• Adds support for options.onIgnore. See the readme for details
• Adds support for options.onResult. See the readme for details

Breaking changes

• Require Node.js >= 8.6
• Removed support for passing an array of brace patterns to micromatch.braces().
• To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
• cache - caching and all related options and methods have been removed
• options.unixify was renamed to options.windows
• options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
• options.snapdragon was removed, as snapdragon is no longer used.
• options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

• micromatch results are directly compared to bash results
• in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
• micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.7 to 2.0.9

Release notes

Sourced from http-proxy-middleware's releases.

v2.0.9

What's Changed

• fix(fixRequestBody): check readableLength by @​chimurai in chimurai/http-proxy-middleware#1097
• chore(package): v2.0.9 by @​chimurai in chimurai/http-proxy-middleware#1099

Full Changelog: chimurai/http-proxy-middleware@v2.0.8...v2.0.9

v2.0.8

What's Changed

• fix(fixRequestBody): prevent multiple .write() calls by @​chimurai in chimurai/http-proxy-middleware#1090
• fix(fixRequestBody): handle invalid request by @​chimurai in chimurai/http-proxy-middleware#1091
• chore(package): v2.0.8 by @​chimurai in chimurai/http-proxy-middleware#1094

Full Changelog: chimurai/http-proxy-middleware@v2.0.7...v2.0.8

Changelog

Sourced from http-proxy-middleware's changelog.

v2.0.9

• fix(fixRequestBody): check readableLength

v2.0.8

• fix(fixRequestBody): prevent multiple .write() calls
• fix(fixRequestBody): handle invalid request

Commits

• 617a7c9 chore(package): v2.0.9 (#1099)
• d22d587 fix(fixRequestBody): check readableLength (#1097)
• d03d51b chore(package): v2.0.8 (#1094)
• c50dd06 fix(fixRequestBody): handle invalid request (#1091)
• 76a9d8d fix(fixRequestBody): prevent multiple .write() calls (#1090)
• See full diff in compare view

Updates js-yaml from 3.7.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for safe/loadAll(input, options)
• d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• Additional commits viewable in compare view

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1