Bump the npm_and_yarn group with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 20 updates:

Package	From	To
express	4.17.1	4.20.0
moment	2.29.2	2.29.4
moment-timezone	0.5.33	0.5.35
@sentry/browser	6.13.2	7.119.1
ajv	6.12.6	7.0.0
fast-xml-parser	3.20.0	4.1.2
libxmljs2	0.28.0	0.35.0
postcss	8.3.6	8.4.31
semver	7.3.5	7.5.2
tar	6.1.11	7.4.3
webpack	5.90.3	5.94.0
braces	3.0.2	3.0.3
cross-spawn	7.0.3	7.0.6
es5-ext	0.10.53	0.10.64
follow-redirects	1.14.8	1.15.9
http-proxy-middleware	2.0.1	2.0.7
micromatch	4.0.4	4.0.8
nanoid	3.1.25	3.3.3
webpack-dev-middleware	5.1.0	5.3.4
word-wrap	1.2.3	1.2.5

Updates express from 4.17.1 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• [email protected] by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]

... (truncated)

Commits

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 [email protected] (#5902)
• 2a980ad [email protected] (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: [email protected] (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates moment from 2.29.2 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates moment-timezone from 0.5.33 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

• Updated data to IANA TZDB 2021e

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

• Updated data to IANA TZDB 2021e

Commits

• b8fb1ba Build moment-timezone 0.5.35
• f1b5e5a Add changelog for 0.5.35
• 8b0eb0c Bump version to 0.5.35
• 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
• ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
• 9430b4c Merge remote-tracking branch 'origin/master' into develop
• feaf900 Updated contributing.md + added 2021e files
• 704cfac updated contributing.md
• 877c863 Updated contributing.md + added 2021e files
• 5a3015c updated contributing.md
• Additional commits viewable in compare view

Updates @sentry/browser from 6.13.2 to 7.119.1

Release notes

Sourced from @​sentry/browser's releases.

7.119.1

• fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

• backport(tracing): Report dropped spans for transactions (#13343)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.96 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.89 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.14 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.52 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	35.77 KB
@​sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.66 KB
@​sentry/browser (incl. Feedback) - Webpack (gzipped)	31.71 KB
@​sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.72 KB
@​sentry/browser - Webpack (gzipped)	22.91 KB
@​sentry/browser (incl. Tracing, Replay, Feedback) - ES6 CDN Bundle (gzipped)	79.17 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (gzipped)	70.49 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (gzipped)	36.17 KB
@​sentry/browser - ES6 CDN Bundle (gzipped)	25.41 KB
@​sentry/browser (incl. Tracing, Replay) - ES6 CDN Bundle (minified & uncompressed)	221.92 KB
@​sentry/browser (incl. Tracing) - ES6 CDN Bundle (minified & uncompressed)	109.52 KB
@​sentry/browser - ES6 CDN Bundle (minified & uncompressed)	76.24 KB
@​sentry/browser (incl. Tracing) - ES5 CDN Bundle (gzipped)	39.45 KB
@​sentry/react (incl. Tracing, Replay) - Webpack (gzipped)	72.4 KB
@​sentry/react - Webpack (gzipped)	22.94 KB
@​sentry/nextjs Client (incl. Tracing, Replay) - Webpack (gzipped)	90.16 KB
@​sentry/nextjs Client - Webpack (gzipped)	54.27 KB
@​sentry-internal/feedback - Webpack (gzipped)	17.34 KB

7.118.0

• fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

Bundle size 📦

Path	Size
@​sentry/browser (incl. Tracing, Replay, Feedback) - Webpack (gzipped)	80.83 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack (gzipped)	71.77 KB
@​sentry/browser (incl. Tracing, Replay with Canvas) - Webpack (gzipped)	76.02 KB
@​sentry/browser (incl. Tracing, Replay) - Webpack with treeshaking flags (gzipped)	65.38 KB
@​sentry/browser (incl. Tracing) - Webpack (gzipped)	35.64 KB
@​sentry/browser (incl. browserTracingIntegration) - Webpack (gzipped)	35.53 KB
@​sentry/browser (incl. Feedback) - Webpack (gzipped)	31.6 KB
@​sentry/browser (incl. sendFeedback) - Webpack (gzipped)	31.61 KB

... (truncated)

Changelog

Sourced from @​sentry/browser's changelog.

7.119.1

• fix(browser/v7): Ensure wrap() only returns functions (#13838 backport)

Work in this release contributed by @​legobeat. Thank you for your contribution!

7.119.0

• backport(tracing): Report dropped spans for transactions (#13343)

7.118.0

• fix(v7/bundle): Ensure CDN bundles do not overwrite window.Sentry (#12579)

7.117.0

• feat(browser/v7): Publish browserprofling CDN bundle (#12224)
• fix(v7/publish): Add v7 tag to @sentry/replay (#12304)

7.116.0

• build(craft): Publish lambda layer under its own name for v7 (#12098) (#12099)

This release publishes a new AWS Lambda layer under the name SentryNodeServerlessSDKv7 that users still running v7 can use instead of pinning themselves to SentryNodeServerlessSDK:235.

7.115.0

• feat(v7): Add support for global onUnhandled Error/Promise for Bun (#11959)
• fix(replay/v7): Fix user activity not being updated in start() (#12003)
• ref(api): Remove lastEventId deprecation warnings (#12042)

7.114.0

Important Changes

• fix(browser/v7): Continuously record CLS (#11935)

This release fixes a bug that caused the cumulative layout shift (CLS) web vital not to be reported in a majority of the cases where it should have been reported. With this change, the CLS web vital should now always be reported for pageloads with layout shift. If a pageload did not have layout shift, no CLS web vital should be reported.

Please note that upgrading the SDK to this version may cause data in your dashboards to drastically change.

Other Changes

• build(aws-lambda/v7): Turn off lambda layer publishing (#11875)
• feat(v7): Add tunnel support to multiplexed transport (#11851)
• fix(opentelemetry-node): support HTTP_REQUEST_METHOD attribute (#11929)
• fix(react/v7): Fix react router v4/v5 span names (#11940)

... (truncated)

Commits

• c8452e1 release: 7.119.1
• 5a88ff6 fix(browser/v7): Ensure wrap() only returns functions (#13838 backport) (#1...
• 5adcbf9 Merge branch 'release/7.119.0' into v7
• f58bf69 release: 7.119.0
• a6bc39f fix(ci): GH dropped macos-11 at the end of June 24 (#13360)
• 2060d84 meta(changelog): Update CHANGELOG.md for 7.119.0 (#13350)
• f54c97a backport(tracing): Report dropped spans for transactions (#13343)
• eeae3cf test(v7/loader): Update Loader Script to latest (#12765)
• d3e2c7b meta(v7): Ignore pem for tests (#13051)
• 47f1710 Merge branch 'release/7.118.0' into v7
• Additional commits viewable in compare view

Updates ajv from 6.12.6 to 7.0.0

Release notes

Sourced from ajv's releases.

v7.0.0

Please note: this document covers the changes from v6.12.6.

The main changes

• support of JSON Schema draft-2019-09 features: unevaluatedProperties and unevaluatedItems, dynamic recursive references and other additional keywords.
• comprehensive support for standalone validation code - compiling one or multiple schemas to standalone modules with one or multiple exports.
• to reduce the mistakes in JSON schemas and unexpected validation results, strict mode is added - it prohibits ignored or ambiguous JSON Schema elements. See Strict mode and Options for more details
• to make code injection from untrusted schemas impossible, code generation is fully re-written to be type-level safe against code injection.
• to simplify Ajv extensions, the new keyword API that is used by pre-defined keywords is available to user-defined keywords - it is much easier to define any keywords now, especially with subschemas.
• schemas are compiled to ES6 code (ES5 code generation is supported with an option).
• to improve reliability and maintainability the code is migrated to TypeScript.
• separate Ajv classes from draft-07 and draft-2019-09 support with different default imports (see Getting started or v7.0.0-beta.5 for the details).

Please note:

• the support for JSON-Schema draft-04 is removed - if you have schemas using "id" attributes you have to replace them with "$id" (or continue using version 6 that will be supported until 02/28/2021).
• all formats are separated to ajv-formats package - they have to be explicitly added if you use them.
• Ajv instance can only be created with new keyword, as Ajv is now ES6 class.
• browser bundles are automatically published to ajv-dist package (but still available on cdnjs.com).
• order of schema keyword validation changed - keywords that apply to all types (allOf etc.) are now validated first, before the keywords that apply to specific data types. You can still define custom keywords that apply to all types AND are validated after type-specific keywords using option post: true in keyword definition.
• regular expressions in keywords "pattern" and "patternProperties" are now used as if they had unicode "u" flag, as required by JSON Schema specification - it means that some regular expressions that were valid with Ajv v6 are now invalid (and vice versa).

Better TypeScript support:

• Methods compile and compileAsync now return type-guards - see Getting started.
• Method validate is a type-guard.
• Better separation of asynchronous schemas on type level.
• Type utility JSONSchemaType that generates the type for JSON Schema for type interface in the type parameter - it simplifies writing schemas (no unions support at the moment).

API changes:

• addVocabulary - NEW method that allows to add an array of keyword definitions.
• addKeyword - keyword name should be passed as property in definition object, not as the first parameter (old API works with "deprecated" warning). Also "inline" keywords support is removed, code generation keywords can now be defined with "code" keyword - the same definition format that is used by all pre-defined keywords
• Ajv no longer allows to create the instance without new keyword (it is ES6 class).

Added options (and defaults):

• strict: true - strict mode
• strictTypes: "log" - prevent mistakes related to type keywords and keyword applicability (see Strict Types)
• strictTuples: "log" - prevent incomplete tuple schemas (see Prohibit unconstrained tuples)
• allowUnionTypes: false - allow multiple non-null types in "type" keyword
• allowMatchingProperties: false - allow overlap between "properties" and "patternProperties" keywords
• loopEnum: Infinity - optimise validation of enums, similar to loopRequired
• validateFormats: true - enable format validation
• code: {optimize: number|boolean} - control code optimisation
• code: {es5: true} - generate ES5 code, the default is to generate ES6 code.
• code: {lines: true} - add line breaks to generated code - simplifies debugging of compiled schemas when you need it

Changed options:

• keywords - now expects the array of keyword definitions (old API works with "deprecated" warning)

Removed options:

• errorDataPath - was deprecated, now removed.

... (truncated)

Commits

• cd7c6a8 7.0.0
• 0809171 docs: update to release v7
• f1f4b74 update build workflow
• e9962b5 update website script
• cd81777 update CONTRIBUTING
• 736e680 website workflow
• 12690ac 7.0.0-rc.5
• 108dbe6 update publish-bundles script
• 82d0521 7.0.0-rc.4
• 544eb9d fix publish bundle script
• Additional commits viewable in compare view

Updates fast-xml-parser from 3.20.0 to 4.1.2

Release notes

Sourced from fast-xml-parser's releases.

v4

• Generating different combined, parser only, builder only, validator only browser bundles
• Keeping cjs modules as they can be imported in cjs and esm modules both. Otherwise refer esm branch.

4.0.0-beta.8 / 2021-12-13

• call tagValueProcessor for stop nodes

4.0.0-beta.7 / 2021-12-09

• fix Validator bug when an attribute has no value but '=' only
• XML Builder should suppress unpaired tags by default.
• documents update for missing features
• refactoring to use Object.assign
• refactoring to remove repeated code

4.0.0-beta.6 / 2021-12-05

• Support PI Tags processing
• Support suppressBooleanAttributes by XML Builder for attributes with value true.

4.0.0-beta.5 / 2021-12-04

• fix: when a tag with name "attributes"

4.0.0-beta.4 / 2021-12-02

• Support HTML document parsing
• skip stop nodes parsing when building the XML from JS object
• Support external entites without DOCTYPE
• update dev dependency: strnum v1.0.5 to fix long number issue

4.0.0-beta.3 / 2021-11-30

• support global stopNodes expression like "*.stop"
• support self-closing and paired unpaired tags
• fix: CDATA should not be parsed.
• Fix typings for XMLBuilder (#396)(By Anders Emil Salvesen)
• supports XML entities, HTML entities, DOCTYPE entities

⚠️ 4.0.0-beta.2 / 2021-11-19

• rename attrMap to attibutes in parser output when preserveOrder:true
• supports unpairedTags

⚠️ 4.0.0-beta.1 / 2021-11-18

• Parser returns an array now
  • to make the structure common
  • and to return root level detail
• renamed cdataTagName to cdataPropName
• Added commentPropName
• fix typings

⚠️ 4.0.0-beta.0 / 2021-11-16

• Name change of many configuration properties.
  • attrNodeName to attributesGroupName
  • attrValueProcessor to attributeValueProcessor

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.5.0 / 2024-09-03

• feat #666: ignoreAttributes support function, and array of string or regex (By ArtemM)

4.4.1 / 2024-07-28

• v5 fix: maximum length limit to currency value
• fix #634: build attributes with oneListGroup and attributesGroupName (#653)(By Andreas Naziris)
• fix: get oneListGroup to work as expected for array of strings (#662)(By Andreas Naziris)

4.4.0 / 2024-05-18

• fix #654: parse attribute list correctly for self closing stop node.
• fix: validator bug when closing tag is not opened. (#647) (By Ryosuke Fukatani)
• fix #581: typings; return type of tagValueProcessor & attributeValueProcessor (#582) (By monholm)

4.3.6 / 2024-03-16

• Add support for parsing HTML numeric entities (#645) (By Jonas Schade )

4.3.5 / 2024-02-24

• code for v5 is added for experimental use

4.3.4 / 2024-01-10

• fix: Don't escape entities in CDATA sections (#633) (By wackbyte)

4.3.3 / 2024-01-10

• Remove unnecessary regex

4.3.2 / 2023-10-02

• fix jObj.hasOwnProperty when give input is null (By Arda TANRIKULU)

4.3.1 / 2023-09-24

• revert back "Fix typings for builder and parser to make return type generic" to avoid failure of existing projects. Need to decide a common approach.

4.3.0 / 2023-09-20

• Fix stopNodes to work with removeNSPrefix (#607) (#608) (By [Craig Andrews]https://github.com/candrews))
• Fix #610 ignore properties set to Object.prototype
• Fix typings for builder and parser to make return type generic (By Sarah Dayan)

4.2.7 / 2023-07-30

• Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
• Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

• Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

• change code implementation

4.2.4 / 2023-06-06

• fix security bug

... (truncated)

Commits

• 2b032a4 Update package detail
• 7a7dbac update package for release
• b6ee2a5 update tests for #540
• 62f9e4b common logic to build text and obj node
• 83069d8 update package for release
• ed962e0 Merge branch 'dev'
• c959d13 update package detail
• 6ebcb14 make eNotation optional
• 30624d7 Fix '<' or '>' in DTD comment throwing an error. (#533)
• 40a2176 update package detail
• Additional commits viewable in compare view

Updates libxmljs2 from 0.28.0 to 0.35.0

Release notes

Sourced from libxmljs2's releases.

v0.35.0

No release notes provided.

v0.33.0

support node 21

BREAKING Drop node 16 & 19

v0.32.0

feat: support node 20,

BREAKING: only 20, 19, 18 and 16 are supported now.

v0.31.0

No release notes provided.

v0.30.1

Feature:

• added node 18 support

v0.30.0

PLEASE IGNORE THIS AND DIRECTLY USE 0.30.1

BREAKING:

• dropped node 12 support (EOL in 5 days, 2022-04-30)
• dropped node 17 support (EOL in ~5 Weeks, 2022-06-01)

Feature:

• added node 18 support

v0.29.0

• feat: node 17 (#148) fad87c8
• chore(deps-dev): bump prettier from 2.3.2 to 2.4.0 (#135) d8ea3c4
• chore(deps-dev): bump typescript from 4.4.2 to 4.4.3 (#133) 260f1bd

marudor/libxmljs2@v0.28.0...v0.29.0

Commits

• 478d57d chore: support node 22
• 28c7258 fix: correct prebuild stuff
• 7ef018c NO LONGER MAINTAINED
• 9b42607 fix: correct artifact path to upload
• 0dbbcf2 chore: test prebuild as node-pre-gyp is no longer working
• e0eb378 chore: bump to 0.33.0
• c028a85 chore: support node21 (#201)
• 793352d fix: use older ubuntu to build, lowers needed gcc to 2.31
• bef4c83 feat: node 20 support, drop eol nodes (#193)
• 60661b3 feat: node 19, drop node 12 (#189)
• Additional commits viewable in compare view

Updates postcss from 8.3.6 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates semver from 7.3.5 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0