Depfu

🚨 [security] Update xo 0.44.0 → 1.2.3 (major)

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ xo (0.44.0 → 1.2.3) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @babel/code-frame (indirect, 7.12.11 → 7.27.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 63 commits:

↗️ @babel/helper-validator-identifier (indirect, 7.14.9 → 7.27.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 63 commits:

↗️ @eslint/eslintrc (indirect, 0.4.3 → 3.3.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @types/eslint (indirect, 7.28.0 → 8.56.12) · Repo

Sorry, we couldn’t find anything useful about this release.

↗️ @types/estree (indirect, 0.0.50 → 1.0.8) · Repo

Sorry, we couldn’t find anything useful about this release.

↗️ @types/json-schema (indirect, 7.0.9 → 7.0.15) · Repo

Sorry, we couldn’t find anything useful about this release.

↗️ @typescript-eslint/eslint-plugin (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 35 commits:

↗️ @typescript-eslint/parser (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 35 commits:

↗️ @typescript-eslint/scope-manager (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 35 commits:

↗️ @typescript-eslint/types (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 35 commits:

↗️ @typescript-eslint/typescript-estree (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 35 commits:

↗️ @typescript-eslint/visitor-keys (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 35 commits:

↗️ acorn (indirect, 7.4.1 → 8.15.0) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ansi-escapes (indirect, 4.3.2 → 6.2.1) · Repo

Release Notes

6.2.1

Fix compatibility with TypeScript 5.4 3b1f99e

v6.2.0...v6.2.1

6.2.0

Add escapes for entering/exiting the alternative screen (#33) 2f25a50

v6.1.0...v6.2.0

6.1.0

Support browser usage (#31) 3aaa131

v6.0.0...v6.1.0

6.0.0

Breaking

Require Node.js 14 96312e0

Improvements

Update dependencies 96312e0

v5.0.0...v6.0.0

5.0.0

Breaking

Require Node.js 12 986e516

This package is now pure ESM. Please read this.

v4.3.2...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 13 commits:

↗️ ansi-regex (indirect, 5.0.0 → 6.2.2) · Repo

Security Advisories 🚨

🚨 Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes.

Proof of Concept
import ansiRegex from 'ansi-regex';
for(var i = 1; i <= 50000; i++) {
    var time = Date.now();
    var attack_str = "\u001B["+";".repeat(i*10000);
    ansiRegex().test(attack_str)
    var time_cost = Date.now() - time;
    console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}
The ReDOS is mainly due to the sub-patterns [[\\]()#;?]* and (?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*

🚨 Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes.

Proof of Concept
import ansiRegex from 'ansi-regex';
for(var i = 1; i <= 50000; i++) {
    var time = Date.now();
    var attack_str = "\u001B["+";".repeat(i*10000);
    ansiRegex().test(attack_str)
    var time_cost = Date.now() - time;
    console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}
The ReDOS is mainly due to the sub-patterns [[\\]()#;?]* and (?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*

Release Notes

6.2.2

Fix vulnerability in 6.2.1, see: chalk/chalk#656

6.2.0

Support colon separated parameters to control sequences (#62) df7d75f

v6.1.0...v6.2.0

6.1.0

Match cursorSave and cursorRestore escape codes (#45) 02fa893

Fix: Handle all valid ST characters (#58) 9cba40d

v6.0.1...v6.1.0

6.0.1

Fixes

Fix ReDoS in certain cases (#37)
You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

v6.0.0...v6.0.1

Thank you @yetingli for the patch and reproduction case!

6.0.0

Breaking

Require Node.js 12 1b337ad

This package is now pure ESM. Please read this.

v5.0.0...v6.0.0

5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

Fix ReDoS in certain cases (#37)
You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @yetingli for the patch and reproduction case!

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 17 commits:

↗️ argparse (indirect, 1.0.10 → 2.0.1) · Repo · Changelog

Release Notes

2.0.1 (from changelog)

Fixed

Fix issue with process.argv when used with interpreters (coffee, ts-node, etc.), #150.

2.0.0 (from changelog)

Changed

Full rewrite. Now port from python 3.9.0 & more precise following. See doc for difference and migration info.

node.js 10+ required

Removed most of local docs in favour of original ones.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 15 commits:

↗️ array-includes (indirect, 3.1.3 → 3.1.9) · Repo · Changelog

Release Notes

3.1.9 (from changelog)

Commits

[Deps] update call-bind, es-abstract, es-object-atoms, get-intrinsic, is-string 3b934ae

[Refactor] use call-bound and math-intrinsics directly 160ea60

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, auto-changelog, hastrict-mode, tape 4e4c67d

[Tests] replace aud with npm audit 9c5ec1c

[Dev Deps] add missing peer dep 863d207

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 40 commits:

↗️ array.prototype.flat (indirect, 1.2.4 → 1.3.3) · Repo · Changelog

Release Notes

1.3.3 (from changelog)

Commits

[actions] split out node 10-20, and 20+ 1afcd57

[Deps] update call-bind, define-properties, es-abstract, es-shim-unscopables 152c437

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, auto-changelog, function-bind npmignore, object-inspect, tape e39e33d

[Tests] replace aud with npm audit 6868723

[Dev Deps] add missing peer dep 800f3e3

1.3.2 (from changelog)

Commits

[Deps] update define-properties, es-abstract fb625eb

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, aud, object-inspect, tape 1fde275

1.3.1 (from changelog)

Commits

[meta] use npmignore to autogenerate an npmignore file e339ed7

[meta] add auto-changelog bb5cbd6

[Deps] update define-properties, es-abstract 8067910

[actions] update rebase action to use reusable workflow d4d9b28

[Dev Deps] update aud, object-inspect, tape d9d7300

1.3.0 (from changelog)

[New] shim/auto: add flat to Symbol.unscopables

[Deps] update es-abstract

[actions] reuse common workflows

[actions] update codecov uploader

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, aud, auto-changelog, object-inspect, safe-publish-latest, tape

1.2.5 (from changelog)

[readme] add github actions/codecov badges; remove travis badge

[Deps] update call-bind, es-abstract

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, aud, has-strict-mode, object-inspect, tape

[meta] use prepublishOnly, for npm 7+

[actions] use node/install instead of node/run; use codecov action

[actions] update workflows

[Tests] increase coverage

[meta] fix changelog for v1.2.4

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 37 commits:

↗️ brace-expansion (indirect, 1.1.11 → 2.0.2) · Repo

Security Advisories 🚨

🚨 brace-expansion Regular Expression Denial of Service vulnerability

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.

🚨 brace-expansion Regular Expression Denial of Service vulnerability

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.

Release Notes

2.0.2

pkg: publish on tag 2.x 14f1d91

fmt ed7780a

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

v2.0.1...v2.0.2

1.1.12

pkg: publish on tag 1.x c460dbd

fmt ccb8ac6

Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

v1.1.11...v1.1.12

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 17 commits:

↗️ braces (indirect, 3.0.2 → 3.0.3) · Repo · Changelog

Security Advisories 🚨

🚨 Uncontrolled resource consumption in braces

The NPM package braces fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Commits

See the full diff on Github. The new version differs by 12 commits:

↗️ browserslist (indirect, 4.16.7 → 4.26.3) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ builtin-modules (indirect, 3.2.0 → 5.0.0) · Repo

Release Notes

5.0.0

Breaking

Remove punycode since it's deprecated

Improvements

Update module list (#18) 7a54302

v4.0.0...v5.0.0

4.0.0

Breaking

Require Node.js 18 75f59d3

This package is now pure ESM. Please read this.

This package now only exports a static list of built-ins 75f59d3

To get a list of built-ins for the current Node.js version, use the built-in API: import {builtinModules} from 'node:module'

v3.3.0...v4.0.0

3.3.0

Update static list of built-in modules e95a7b5

Improve browser compatibility (#15) 0a73da3

v3.2.0...v3.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 9 commits:

↗️ call-bind (indirect, 1.0.2 → 1.0.8) · Repo · Changelog

Release Notes

1.0.8 (from changelog)

Commits

[Refactor] extract out some helpers and avoid get-intrinsic usage 407fd5e

[Refactor] replace code with extracted call-bind-apply-helpers 81018fb

[Tests] use set-function-length/env 0fc311d

[actions] split out node 10-20, and 20+ 77a0cad

[Dev Deps] update @ljharb/eslint-config, auto-changelog, es-value-fixtures, gopd, object-inspect, tape a145d10

[Tests] replace aud with npm audit 30ca3dd

[Deps] update set-function-length 57c79a3

[Dev Deps] add missing peer dep 601cfa5

1.0.7 (from changelog)

Commits

[Refactor] use es-define-property 09b76a0

[Deps] update get-intrinsic, set-function-length ad5136d

1.0.6 (from changelog)

Commits

[Dev Deps] update aud, npmignore, tape d564d5c

[Deps] update get-intrinsic, set-function-length cfc2bdc

[Refactor] use es-errors, so things that only need those do not need get-intrinsic 64cd289

[meta] add missing engines.node 32a4038

1.0.5 (from changelog)

Commits

[Fix] throw an error on non-functions as early as possible f262408

[Deps] update set-function-length 3fff271

1.0.3 (from changelog)

Commits

[actions] reuse common workflows a994df6

[meta] use npmignore to autogenerate an npmignore file eef3ef2

[readme] flesh out content 1845ccf

[actions] use node/install instead of node/run; use codecov action 5b47d53

[Refactor] use set-function-length a0e165c

[Dev Deps] update @ljharb/eslint-config, aud, tape 9c50103

[meta] simplify "exports" 019c6d0

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, safe-publish-latest, tape 23bd718

[actions] update codecov uploader 62552d7

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape ec81665

[Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape 35d67fc

[Dev Deps] update eslint, @ljharb/eslint-config, aud, tape 0266d8d

[Dev Deps] update @ljharb/eslint-config, aud, tape 43a5b28

[Deps] update define-data-property, function-bind, get-intrinsic 780eb36

[Dev Deps] update aud, tape 90d50ad

[meta] use prepublishOnly script for npm 7+ 44c5433

[Deps] update get-intrinsic 86bfbfc

[Deps] update get-intrinsic 5c53354

[actions] update checkout action 4c393a8

[Deps] update get-intrinsic 4e70bde

[Deps] update get-intrinsic 55ae803

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 43 commits:

↗️ caniuse-lite (indirect, 1.0.30001249 → 1.0.30001748) · Repo · Changelog

↗️ ci-info (indirect, 3.2.0 → 4.3.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ confusing-browser-globals (indirect, 1.0.10 → 1.0.11) · Repo · Changelog

Release Notes

1.0.11

1.0.11 (2017-08-09)

🐛 Bug Fix

create-react-app

#2884 Improve offline heuristic for proxied environments. (@bsyk)

When a Yarn proxy is set, we will check its connectivity if we cannot reach Yarn's registry. This is often the case when DNS lookups must be made through the proxy.

#2853 Allow use of scoped packages with a pinned version. (@wileybenet)

react-dev-utils

#2796 Properly escape HTML tags in error overlay. (@ccloli)

Elements printed in their entirety would sometimes render as HTML. This should no longer happen and should properly render as text.

react-dev-utils, react-scripts

#2834 Make formatWebpackMessages return all messages (@onigoetz)

react-scripts

#2806 Fix SockJS version compatibility. (@christianbundy)

#2738 Fix Jest node file resolution. (@mostafah)

💅 Enhancement

react-scripts

#2818 Allow sourcemaps to be disabled. (@viankakrisna)

As applications grow more complex, it is possible webpack may run out of memory while generating source maps. They may now be disabled by setting GENERATE_SOURCEMAP=false.

#2913 Allow flags to be passed to node when running react-scripts. (@koistya)

#2574 Upgrade to webpack@3. (@themre)

#2747 Simplify webpack configuration using Rule.oneOf. (@Furizaa)

react-dev-utils, react-scripts

#2468 Allow importing package.json. (@iamdoron)

#2650 Make UglifyJS error friendlier. (@viankakrisna)

create-react-app

#2785 Change error wording and list conflicting files when initializing app. (@OwenFlood)

react-dev-utils

#2761 Don't prompt to install serve if already installed. (@OwenFlood)

#2754 Auto-detect JetBrains IDEs. (@danrr)

#2740 Support PyCharm in launchEditor. (@danrr)

#2723 Reorder vim arguments in launchEditor so --remote works. (@trygveaa)

eslint-config-react-app, react-scripts

#2735 Upgrade to eslint@4. (@trungdq88)

eslint-config-react-app

#2701 Set allowTaggedTemplates to true (eslint). (@denkristoffer)

📝 Documentation

Other

#2728 Add Electrode to alternatives. (@animesh10)

#2788 Update link for motion. (@viankakrisna)

#2697 Fix env list ordering. (@alexeyraspopov)

react-dev-utils

#2798 Update note about webpackHotDevClient support. (@ForbesLindesay)

react-scripts

#2822 Add explicit "Opting Out of Caching" header. (@gaearon)

#2725 Fixed typo. (@zeel)

#2668 Document basename feature in react-router. (@viankakrisna)

#2719 Remove Windows note for source-map-explorer. (@hodanny)

babel-preset-react-app

#2732 Update link to issue blocking JSX hoisting. (@ForbesLindesay)

🏠 Internal

create-react-app, eslint-config-react-app, react-dev-utils, react-error-overlay, react-scripts

#2923 Update deps. (@Timer)

eslint-config-react-app

#2718 Re-enable flowtype warning. (@oskarkook)

Other

#2700 Unstage yarn.lock pre-commit. (@jdcrensh)

react-scripts

#2873 Use template strings. (@monkindey)

Committers: 26

864907600cc (ccloli)

Ade Viankakrisna Fadlil (viankakrisna)

Alexey Raspopov (alexeyraspopov)

Andreas Hoffmann (Furizaa)

Animesh Dutta (animesh10)

Ben Sykes (bsyk)

Christian Bundy (christianbundy)

Dan Abramov (gaearon)

Dan Ristea (danrr)

Danny Ho (hodanny)

Forbes Lindesay (ForbesLindesay)

Joe Haddad (Timer)

Jon Crenshaw (jdcrensh)

Kiho · Cham (monkindey)

Konstantin Tarkus (koistya)

Kristoffer (denkristoffer)

Mostafa Hajizadeh (mostafah)

Oskar Köök (oskarkook)

Owen Flood (OwenFlood)

Stéphane Goetz (onigoetz)

Trygve Aaberge (trygveaa)

Wiley Bennett (wileybenet)

iamdoron

themre

zeel (zeel)

Đinh Quang Trung (trungdq88)

Migrating from 1.0.10 to 1.0.11

Inside any created project that has not been ejected, run:
npm install --save --save-exact react-scripts@1.0.11
or
yarn add --exact react-scripts@1.0.11

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 39 commits:

↗️ cosmiconfig (indirect, 7.0.0 → 9.0.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cross-spawn (indirect, 7.0.3 → 7.0.6) · Repo · Changelog

Security Advisories 🚨

🚨 Regular Expression Denial of Service (ReDoS) in cross-spawn

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Release Notes

7.0.6 (from changelog)

Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (from changelog)

Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (from changelog)

Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 15 commits:

↗️ debug (indirect, 4.3.2 → 4.4.3) · Repo · Changelog

Security Advisories 🚨

🚨 debug@4.4.2 contains malware after npm account takeover

Impact

On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments.

Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt.

The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload.

Patches

npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper.

On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. This version is functionally identical to the previously known-good version, published as a patch version bump above the compromised version.

Users should upgrade to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch.

Those operating private registries or registry mirrors should purge the offending versions from any caches.

References

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack

https://www.ox.security/blog/npm-packages-compromised/

Point of Contact

In the event suspicious behavior is still observed for the package listed in this security advisory after performing all of the above cleaning operations (see Patches above), please reach out via one of the following channels of communication:

Bluesky, package owner: https://bsky.app/profile/bad-at-computer.bsky.social

debug repository, tracking issue (applies to all packages affected in the breach): #1005

Release Notes

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see #1005.

4.4.1

What's Changed

fix(Issue-996): replace whitespaces in namespaces string with commas globally by @pdahal-cx in #997

fixes #987 fallback to localStorage.DEBUG if debug is not defined by @lzilioli in #988

New Contributors

@pdahal-cx made their first contribution in #997

@lzilioli made their first contribution in #988

Full Changelog: 4.4.0...4.4.1

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: 4.3.7...4.4.0

4.3.7

What's Changed

Upgrade ms to version 2.1.3 by @realityking in #819

Full Changelog: 4.3.6...4.3.7

4.3.6

What's Changed

Avoid using deprecated RegExp.$1 by @bluwy in #969

New Contributors

@bluwy made their first contribution in #969

Full Changelog: 4.3.5...4.3.6

4.3.5

Patch

cac39b1 Fix/debug depth (#926)

Thank you @calvintwr for the fix.

4.3.4

What's Changed

Add section about configuring JS console to show debug messages by @gitname in #866

Replace deprecated String.prototype.substr() by @CommanderRoot in #876

New Contributors

@gitname made their first contribution in #866

@CommanderRoot made their first contribution in #876

Full Changelog: 4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.

Updates repository maintainership information

Updates the copyright (no license terms change has been made)

Removes accidental epizeuxis (#828)

Adds README section regarding usage in child procs (#850)

Thank you to @taylor1791 and @kristofkalocsai for their contributions.

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@Qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

I understand there are a lot of edge cases so please open issues as needed so I can assist in any way necessary.

Q: Why was the repository transferred?

I'll just list them off in no particular order.

The old organization was defunct and abandoned.

I was not an owner of the old organization and thus could not ban the non-trivial amount of spam users or the few truly abusive users from the org. This hindered my ability to properly maintain this package.

The debug ecosystem intends to grow beyond a single package, and since new packages could not be created in the old org (nor did it make sense for them to live there), a new org made the most sense - especially from a security point of view.

The old org has way, way too many approved members with push access, for which there was nothing I could do. This presented a pretty sizable security risk given that many packages in recent years have fallen victim to backdoors and the like due to lax security access.

Q: Was this approved?

Yes.^[archive]

Q: Do I need to worry about another migration sometime in the future?

No.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 26 commits:

↗️ deep-is (indirect, 0.1.3 → 0.1.4) · Repo

Commits

See the full diff on Github. The new version differs by 3 commits:

↗️ define-properties (indirect, 1.1.3 → 1.2.1) · Repo · Changelog

Release Notes

1.2.1 (from changelog)

Commits

[Refactor] use define-data-property e7782a7

[actions] use reusable rebase action cd249c3

[Dev Deps] update @ljharb/eslint-config, aud, tape 8205f97

1.2.0 (from changelog)

Commits

[New] if the predicate is boolean true, it compares the existing value with === as the predicate d8dd6fc

[meta] add auto-changelog 7ebe2b0

[meta] use npmignore to autogenerate an npmignore file 647478a

[Dev Deps] update @ljharb/eslint-config, aud, tape e620d70

[Dev Deps] update aud, tape f1e5072

[actions] update checkout action 628b3af

1.1.4 (from changelog)

[Refactor] use has-property-descriptors

[readme] add github actions/codecov badges

[Docs] fix header parsing; remove testling

[Deps] update object-keys

[meta] use prepublishOnly script for npm 7+

[meta] add funding field; create FUNDING.yml

[actions] add "Allow Edits" workflow; automatic rebasing / merge commit blocking

[actions] reuse common workflows

[actions] update codecov uploader

[actions] use node/install instead of node/run; use codecov action

[Tests] migrate tests to Github Actions

[Tests] run nyc on all tests; use tape runner

[Tests] use shared travis-ci config

[Tests] use npx aud instead of nsp or npm audit with hoops

[Tests] remove jscs

[Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape; add aud, safe-publish-latest

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 43 commits:

⁉️ doctrine (downgrade, 3.0.0 → 2.1.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ electron-to-chromium (indirect, 1.3.799 → 1.5.233) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 2 commits:

↗️ emoji-regex (indirect, 8.0.0 → 10.5.0) · Repo

Commits

See the full diff on Github. The new version differs by 48 commits:

↗️ enhanced-resolve (indirect, 0.9.1 → 5.18.3) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ env-editor (indirect, 0.4.2 → 1.3.0) · Repo

Release Notes

1.3.0

Add support for PhpStorm 08c327f

v1.2.0...v1.3.0

1.2.0

Add support for Visual Studio Code - Insiders db5f1b8

Add vi as keyword for Vim editor d525056

v1.1.0...v1.2.0

1.1.0

Add support for VSCodium (#13) c336163

v1.0.0...v1.1.0

1.0.0

Breaking

Require Node.js 12.20 20a6e38

This package is now pure ESM. Please read this.

v0.5.0...v1.0.0

0.5.0

Add support for Xcode (#11) 045672c

v0.4.2...v0.5.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 13 commits:

↗️ error-ex (indirect, 1.3.2 → 1.3.4) · Repo

Security Advisories 🚨

🚨 error-ex@1.3.3 contains malware after npm account takeover

Impact

On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments.

Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct <script> inclusion, or via a bundling tool such as Babel, Rollup, Vite, Next.js, etc.) there is a chance the malware still exists and such bundles will need to be rebuilt.

The malware seemingly only targets cryptocurrency transactions and wallets such as MetaMask. See references below for more information on the payload.

Patches

npm removed the offending package from the registry over the course of the day on 8 September, preventing further downloads from npm proper.

On 13 September, the package owner published new patch versions to help cache-bust those using private registries who might still have the compromised version cached. This version is functionally identical to the previously known-good version, published as a patch version bump above the compromised version.

Users should update to the latest patch version, completely remove their node_modules directory, clean their package manager's global cache, and rebuild any browser bundles from scratch.

Those operating private registries or registry mirrors should purge the offending versions from any caches.

References

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack

https://www.ox.security/blog/npm-packages-compromised/

Point of Contact

In the event suspicious behavior is still observed for the package listed in this security advisory after performing all of the above cleaning operations (see Patches above), please reach out via one of the following channels of communication:

Bluesky, compromised publishing account owner: https://bsky.app/profile/bad-at-computer.bsky.social

debug repository, tracking issue (applies to all packages affected in the breach): debug-js/debug#1005

Release Notes

1.3.4

Functionally identical release to 1.3.2.

Version 1.3.3 is compromised. Please see debug-js/debug#1005.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

↗️ es-abstract (indirect, 1.18.5 → 1.24.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ es-to-primitive (indirect, 1.2.1 → 1.3.0) · Repo · Changelog

Release Notes

1.3.0 (from changelog)

Commits

[actions] reuse common workflows bb72efc

[Tests] use es-value-fixtures a912f7b

[Tests] migrate tests to Github Actions 510baf0

[New] add types 69ba1fd

[meta] remove unused Makefile 4ea66e6

[actions] use node/install instead of node/run; use codecov action 3c31937

[meta] do not publish github action workflow files 389567e

[meta] use npmignore to autogenerate an npmignore file 9f3aa76

[actions] split out node 10-20, and 20+ c60d7d8

[Tests] run nyc on all tests; use tape runner 29cbb89

[meta] add auto-changelog ea744b2

[Dev Deps] update eslint, @ljharb/eslint-config, aud, function.prototype.name, has-symbols, object-inspect, object-is, tape e5c3c79

[actions] add automatic rebasing / merge commit blocking a5a6f00

[Dev Deps] update @ljharb/eslint-config, es-value-fixtures, function.prototype.name, npmignore, object-inspect, object-is, tape 7941fd5

[Dev Deps] update eslint, @ljharb/eslint-config, aud, es-value-fixtures, foreach, object-inspect, tape eb1c79c

[Dev Deps] update eslint, @ljharb/eslint-config, function.prototype.name, object-inspect, safe-publish-latest, tape 249b42f

[Dev Deps] update eslint, @ljharb/eslint-config, aud, function.prototype.name, object-inspect, object-is, tape d57d5e9

[actions] update codecov uploader 003b62c

[actions] add "Allow Edits" workflow 75ee990

[Dev Deps] update eslint, @ljharb/eslint-config, tape, object-is; add safe-publish-latest ba5da7b

[readme] remove travis badge 6f7aec7

[Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, tape 3291fd5

[Dev Deps] update eslint, @ljharb/eslint-config, function.prototype.name, has-symbols, object-inspect 53007f2

[actions] update checkout action 69640db

[Dev Deps] update eslint, @ljharb/eslint-config, object-is, tape; add aud c9d644e

[Tests] use for-each instead of foreach e9117bb

[readme] add github actions/codecov badges 53cd375

[Deps] update is-callable, is-date-object, is-symbol 8116c68

[Tests] fix test skipping for Symbol.toPrimitive e6268ef

[actions] switch Automatic Rebase workflow to pull_request_target event da41c40

[Deps] update is-callable, is-date-object 96fe13f

[Tests] replace aud with npm audit 0b53154

[meta] use prepublishOnly script for npm 7+ 9d7d485

[Deps] update is-callable 3c990b6

[Deps] update is-callable 9bcfff2

[Deps] update is-callable 1eb5478

[meta] only run aud on prod deps 1fcd896

[Deps] update is-symbol 7174a47

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 39 commits:

↗️ escalade (indirect, 3.1.1 → 3.2.0) · Repo

Release Notes

3.2.0

Patches

Declare separate ESM and CommonJS TypeScript definitions: a72e1c3
Previously, only ESM definitions were shipped but were exported in a way that could cause tool/resolution ambiguity.

Chores

Update Node.js version matrix in CI suite: a8c6820

Full Changelog: v3.1.2...v3.2.0

3.1.2

Patches

Support TypeScript’s nodenext module resolution mode (#10): d872fbd

Thank you @NMinhNguyen

Chores

Add licenses.dev badge to README: 02dcb8b

Update CI matrix versions: 3c916b2

Full Changelog: v3.1.1...v3.1.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 7 commits:

↗️ eslint (indirect, 7.32.0 → 9.37.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 23 commits:

↗️ eslint-config-xo (indirect, 0.38.0 → 0.46.0) · Repo

Release Notes

0.46.0

New rules

@stylistic/indent-binary-ops d91defd

@stylistic/function-paren-newline fb5e204

@stylistic/block-spacing cb6b443

@stylistic/multiline-ternary 3dea281

Breaking

Require Node.js 18.18

Migrate to flat config and require ESLint 9 (#86) ec210f2

Migrate config: https://eslint.org/docs/latest/use/configure/migration-guide

Improvements

Migrate deprecated rules to @stylistic 0f81063

Enable permissive max-len and max-lines as warning (#84) e669d26

Revert "Add option to no-extra-boolean-cast" (#87) f010b63

Add option to no-extra-boolean-cast a6dc171

v0.45.0...v0.46.0

0.45.0

Allow class fields with no blank lines between (#85) 6f2ff13

v0.44.0...v0.45.0

0.44.0

Breaking

Require Node.js 18 f2060de

New rules

logical-assignment-operators 27049c1

prefer-object-has-own 288a3ca

object-curly-newline (#83) 3a5448b

Improvements

Ban atob and btoa dfa969c

Replace deprecated no-new-object rule 7f8f92e

no-unused-vars: Allow ignoring variables by prefixing with underscore b31ab8a

v0.43.1...v0.44.0

0.43.1

Disable logical-assignment-operators rule until we target Node.js 16 ffb7d6e

v0.43.0...v0.43.1

0.42.0

Allow lower case type-coverage comments (#79) 257f2c1

v0.41.0...v0.42.0

0.41.0

Add no-constant-binary-expression rule af63ee6

Enforce single-quotes for JSX (#78) 0a302bd

v0.40.0...v0.41.0

0.40.0

Breaking

Require ESLint 8 and Node.js 12 da1fd09

Improvements

Remove default-param-last rule 5f341e2

Avoid explicit return arrows in object-shorthand rule (#76) db4809a

v0.39.0...v0.40.0

0.39.0

Use 'latest' for ecmaVersion 66bc17e

Add no-bitwise rule 9d9eae9

v0.38.0...v0.39.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 48 commits:

↗️ eslint-config-xo-typescript (indirect, 0.44.0 → 7.0.0) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ eslint-formatter-pretty (indirect, 4.1.0 → 6.0.1) · Repo

Release Notes

6.0.1

Fix compatibility with xterm (#61) a9323c9

v6.0.0...v6.0.1

6.0.0

Breaking

Require Node.js 18 13383af

v5.0.0...v6.0.0

5.0.0

Breaking

Require Node.js 14 ee9a212

Improvements

Update @types/eslint dependency (#57) 7de05cb

v4.1.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 11 commits:

↗️ eslint-plugin-ava (indirect, 12.0.0 → 15.1.0) · Repo

Release Notes

15.1.0

Disallow extra properties in rule options (#359) dfc0993

v15.0.1...v15.1.0

15.0.1

Fix flat config eb6088b

v15.0.0...v15.0.1

15.0.0

Breaking

Require Node.js 18 (#357) b5561e4

Require ESLint 9 (#357) b5561e4

v14.0.0...v15.0.0

14.0.0

Breaking

Require Node.js 14 and ESLint 8 bd8c4c6

Fixes

prefer-t-regex: Prevent some type errors (#350) 40aaadc

v13.2.0...v14.0.0

13.2.0

What's Changed

use-test: Ignore type import by @futpib in #343

Full Changelog: v13.1.0...v13.2.0

13.1.0

Support ESLint 8.x by @fisker in #336

Full Changelog: v13.0.0...v13.1.0

13.0.0

This release contains changes for compatibility with AVA 4, but can still be used with AVA 3 projects. Note however that test.cb() is being removed in AVA 4 and is no longer covered by this plugin.

Support the default modifier in AVA 4 64cc8c6

Match AVA 4 supported Node.js versions (^12.22, ^14.17, ^16.4) 98f7613

Remove callback-test related rules, this is being removed in AVA 4 2f8a226

Support test.macro(), new in AVA 4 abc162f

Other changes:

Fix fixable flag of no-incorrect-deep-equal 7ce7a43

Fix no-identical-title when there is no title cf361f1

Simplify use-t to only check the first parameter c1cd7da

v12.0.0...v13.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 38 commits:

↗️ eslint-plugin-no-use-extend-native (indirect, 0.5.0 → 0.7.2) · Repo

Commits

See the full diff on Github. The new version differs by 39 commits:

↗️ eslint-plugin-promise (indirect, 5.1.0 → 7.2.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ eslint-plugin-unicorn (indirect, 35.0.0 → 59.0.1) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ eslint-rule-docs (indirect, 1.1.231 → 1.1.235) · Repo

Sorry, we couldn’t find anything useful about this release.

↗️ eslint-scope (indirect, 5.1.1 → 8.4.0) · Repo · Changelog

Release Notes

8.0.2

8.0.2 (2024-07-08)

Bug Fixes

Definition#name in catch patterns should be Identifier node (#127) (8082caa)

8.0.1

8.0.1 (2024-03-20)

Documentation

document Security Policy (#122) (0d03700)

Chores

switch to eslint flat config (#121) (59b1606)

upgrade espree@10.0.1, eslint-visitor-keys@4.0.0 (#119) (6f95a94)

8.0.0

8.0.0 (2024-01-04)

⚠ BREAKING CHANGES

use ESTree directive property when searching for "use strict" (#118)

class extends is evaluated in the class scope (#116)

Require Node.js ^18.18.0 || ^20.9.0 || >=21.1.0 (#115)

Features

Require Node.js ^18.18.0 || ^20.9.0 || >=21.1.0 (#115) (ed67857)

use ESTree directive property when searching for "use strict" (#118) (23fe81f)

Bug Fixes

class extends is evaluated in the class scope (#116) (42ef7a9)

Documentation

Update README with analyze() options (#111) (2122fdb), closes #110

Chores

Remove add-to-triage (#106) (dc75851)

run tests in Node.js 21 (#109) (957748e)

standardize npm script names (#105) (115ded3)

7.2.2

7.2.2 (2023-07-27)

Chores

Add PRs to triage (#104) (a4dd888)

generate provenance statements when release (#102) (a27ce6b)

7.2.1

7.2.1 (2023-05-31)

Chores

run tests on Node.js v20 (#97) (675f7de)

set up release-please (#99) (6bc2619)

7.2.0

Features

70c8db1 feat: Add isGlobalReturn method on scopeManager. (#96) (Nicholas C. Zakas)

Documentation

25abacf docs: add badges (#89) (Milos Djermanovic)

Build Related

a8811b8 build: add node v18 (#91) (唯然)

Chores

3dbad80 chore: add triage action (#95) (Milos Djermanovic)

34ffedc ci: add Node v19 (#94) (Milos Djermanovic)

4c00534 ci: update Github actions (#93) (Deepshika S)

6c8ccf2 chore: add funding field (#92) (Deepshika S)

7.1.1

Bug Fixes

4e1d24c fix: ignore "use strict" directives in ES3 (#87) (Milos Djermanovic)

Chores

8938109 chore: upgrade espree@9.3.1 eslint-visitor-keys@3.3.0 (#88) (Milos Djermanovic)

ceb8bdd ci: use node v16 (#84) (Nitin Kumar)

62e147b test: add tests with year-based ecmaVersion (#83) (Milos Djermanovic)

7.1.0

Features

d756f1e feat: Add sourceType:commonjs support (#81) (Nicholas C. Zakas)

7.0.0

Breaking Changes

22a55c0 feat!: support class static blocks (#80) (Milos Djermanovic)

Build Related

4aafb61 build: upgrade eslint-release to v3.2.0 to support conventional commits (#79) (Milos Djermanovic)

263c762 Build: add node v17 (#76) (唯然)

6.0.0

4ee1d80 Fix: Ensure correct version in package (#73) (Nicholas C. Zakas)

82a7e6d Breaking: Switch to ESM (fixes #70) (#71) (Brett Zamir)

0b4a5f1 Update: support class fields (refs eslint/eslint#14343) (#69) (Toru Nagashima)

39f8cfc Chore: upgrade estraverse to version 5 (#68) (Rouven Weßling)

ae27ff3 Docs: Add range to espree options in README (fixes #66) (#67) (Alan Liang)

Does any of this look wrong? Please let us know.

↗️ eslint-utils (indirect, 2.1.0 → 3.0.0) · Repo

Release Notes

3.0.0

💥 Breaking Changes

9a5c4fb, 5361c33 dropped old Node.js support. The new range is ^10.0.0 || ^12.0.0 || >= 14.0.0.

5361c33 added the exports field to package.json. Now direct accesses to internal files are disallowed.

c5574ce, 46771e1 changed the result of getFunctionNameWithKind(node) function in some cases.

Functions at method places prefer the method name than function's id. E.g., { foo: function bar() {} } is method 'foo'.

Arrow functions at method places are now methods. E.g., { foo: () => {} } is method 'foo'.

Function expressions at variable initializers or the RHS of assignments are named. E.g. foo = function() {} is function 'foo'.

✨ Enhancements

05b8390 supports the new class features of ES2022: public class fields, private class members, and static of them.

46771e1 added the optional second parameter to getFunctionNameWithKind(node). If you give context.getSourceCode() to that, the getFunctionNameWithKind(node, sourceCode) function handles the name of computed properties. E.g., { [foo]() {} } is method [foo].

🐛 Bug fixes

994ee18 fixed misleading result from getStaticValue() on expressions that re-use Symbol()s (#12)

b8820bc fixed isParenthesized() on CatchClause.param should be false (#15)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 15 commits:

↗️ eslint-visitor-keys (indirect, 2.1.0 → 4.2.1) · Repo · Changelog

Release Notes

4.0.0

4.0.0 (2024-02-08)

⚠ BREAKING CHANGES

Require Node.js ^18.18.0 || ^20.9.0 || >=21.1.0 (#63)

Features

Require Node.js ^18.18.0 || ^20.9.0 || >=21.1.0 (#63) (388b2ac)

Chores

run tests in Node.js 21 (#61) (b23bfb7)

3.4.3

3.4.3 (2023-08-08)

Chores

Add back add-to-triage (#59) (5ea8b12)

Remove add-to-triage (#56) (45d4c17)

standardize npm script names (#55) (0461695)

update typedef in build keys template (#58) (eb6c66d)

3.4.2

3.4.2 (2023-07-27)

Documentation

fix spelling mistakes (#50) (4ce1c17)

remove release script reference from README (#52) (4640146)

Chores

Add PRs to triage (#54) (a7b64b4)

generate provenance statements when release (#53) (7b09698)

3.4.1

3.4.1 (2023-05-05)

Bug Fixes

correct types for node16 resolution (#47) (7bd1fc1)

Chores

run tests on Node.js v20 (#45) (c982093)

set up release-please (#48) (a7fb4c7)

3.4.0

Features

6ece4bd feat: add JSXSpreadChild and tool to build keys out of AST definitions (#36) (Brett Zamir)

Bug Fixes

e9a070f fix: remove useless sourcemap url (fixes #43) (#44) (余腾靖)

Documentation

4beb7a7 docs: update badges (#37) (Milos Djermanovic)

Build Related

81c0732 build: add node v18 (#39) (唯然)

Chores

0398109 chore: add triage action (#42) (Milos Djermanovic)

bcffbe5 ci: add Node v19 (#41) (Milos Djermanovic)

c24f2e4 chore: update github actions and add funding field (#40) (Deepshika S)

3.3.0

Features

7f10327 feat: Bundle JSDoc-built TypeScript declaration file (#34) (Brett Zamir)

3.2.0

Features

5c53218 feat: add missing JSXOpeningFragment and JSXClosingFragment (#33) (Richard Huang)

Documentation

2a5c9a6 docs: readme add syntax highlighting (#32) (coderaiser)

3.1.0

Enhancements

5f5b232 Update: add StaticBlock (#29) (Milos Djermanovic)

Documentation

7b756cd Docs: Update the minimum Node.js version requirement (#26) (0uep)

Build Related

5e3e687 build: upgrade eslint-release to v3.2.0 to support conventional commits (#31) (Milos Djermanovic)

53d3939 Build: add node v17 (#30) (唯然)

Chores

e89bff9 Chore: use actions/setup-node@v2 (薛定谔的猫)

3.0.0

701b67d Breaking: drop node v10/v13/v15 (refs eslint/eslint#14023) (#23) (薛定谔的猫)

f584b12 Breaking: Switch to ESM (#24) (Brett Zamir)

7279e73 Build: Update branch reference in CI (#25) (Milos Djermanovic)

c6846d6 Upgrade: eslint-release (#21) (Nicholas C. Zakas)

Does any of this look wrong? Please let us know.

↗️ espree (indirect, 7.3.1 → 10.4.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

↗️ esquery (indirect, 1.4.0 → 1.6.0) · Repo

Commits

See the full diff on Github. The new version differs by 26 commits:

↗️ estraverse (indirect, 4.3.0 → 5.3.0) · Repo

Commits

See the full diff on Github. The new version differs by 9 commits:

↗️ execa (indirect, 5.1.1 → 9.6.0) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ fast-glob (indirect, 3.2.7 → 3.3.3) · Repo

Release Notes

3.3.3

Full Changelog: 3.3.2...3.3.3

💬 Common

Refer to micromatch@4.0.8 to avoid annoying npm audit spam (#443, #444, #454, #456, #457, #461)

🐛 Bug fixes

Apply absolute negative patterns to full path instead of file path (#441, thanks @webpro)

3.3.2

Full Changelog: 3.3.1...3.3.2

🐛 Bug fixes

Handle square brackets as a special character on Windows in escape functions (#425)

Keep escaping after brace expansion (#422)

3.3.1

Full Changelog: 3.3.0...3.3.1

This release fixes a regression for cases where the ignore option is used with a string (#403, #404).

The public interface of this package does not support a string as the value for the ignore option since 2018 year (release).

So, in the next major release, we will reintroduce method implementations that do not involve strings in the ignore option.

3.3.0

Full Changelog: 3.2.12...3.3.0

🚀 Improvements

Method aliases

New methods (glob, globSync, globStream) have been added in addition to the current methods (default import, sync, stream), which eliminate the need to rename the method when importing. In addition, an async alias has been added for the default import, which makes it possible to use this packet with ESM.

Method to convert paths to globs

A new method (convertPathToPattern) has been added in this release to convert a path to a pattern. The primary goal is to enable users to avoid processing Windows paths in each location where this package is used by utilities from third-party packages.

See more details in the pull request.

🐛 Bug fixes

In the past, we mishandled patterns that contained slashes when the baseNameMatch option was enabled, which went against the documented behavior. (#312)

Several problems with matching patterns that contain brace expansion have been resolved. The primary issue solved is when the pattern has duplicate slashes after it is expanded (#394), or the micromatch package does not correctly generate a regular expression (#365).

All negative patterns will now have the dot option enabled when matching paths. Previously, the !**/* patterns did not exclude hidden files (start with a dot). (#343)

The issue that led to duplicates in the results when overlapping or duplicate patterns were present among the patterns has been fixed. At the moment, we are only talking about leading dot. Other cases are not included. For example, running with the patterns ['./file.md', 'file.md', '*'] will now only include file.md once in the results. (#190)

📖 Documentation

A clarifying note has been added for the concurrency option, which provides more detailed information about the Thread Pool utilization.

⚙️ Infrastructure

The benchmark in CI is now running on Node.js 20.

The benchmark now uses the public package bencho instead of an in-house implementation. You may want to try this solution for your packages and provide feedback.

🥇 New Contributors

@josh-hemphill made their first contribution in #383

@mairaw made their first contribution in #401

🐛 Bug fixes

Fixed an issue introduced in 3.2.7 related to incorrect application of patterns to entries with a trailing slash when the entry is not a directory.

Before changes:

fg.sync('**/!(*.md)')
// ['file.md', 'a/file.md', 'a/file.txt']

After fix:

fg.sync('**/!(*.md)')
// ['a/file.txt']

Thanks @AgentEnder for the issue (#357).

🚀 Improvements

This release includes performance improvements for the asynchronous method. For this method we now use an asynchronous directory traversal interface instead of using a streaming interface. This gives up to 15% acceleration for medium and large directories. The result depends a lot on hardware.

You can find the benchmark results for this release in CI here.

Here are a few of measurements on my laptop:

===> Benchmark pattern "*" with 100 launches (regression, async)
===> Max stdev: 7 | Retries: 3 | Options: {}

Name                   Time, ms  Time stdev, %  Memory, MB  Memory stdev, %  Entries  Errors  Retries
---------------------  --------  -------------  ----------  ---------------  -------  ------  -------
fast-glob-current.js   4.390     0.252          6.253       0.015            4        0       1
fast-glob-previous.js  5.653     0.633          6.051       0.056            4        0       1

===> Benchmark pattern "**" with 100 launches (regression, async)
===> Max stdev: 7 | Retries: 3 | Options: {}

Name                   Time, ms  Time stdev, %  Memory, MB  Memory stdev, %  Entries  Errors  Retries
---------------------  --------  -------------  ----------  ---------------  -------  ------  -------
fast-glob-current.js   34.587    1.287          10.654      0.607            11835    0       1
fast-glob-previous.js  41.972    2.086          10.236      1.224            11835    0       1

3.2.11

Full Changelog: 3.2.10...3.2.11

🐛 Bug fixes

Yeap, this is another release aimed at fixing problems with detecting brace expansions in patterns. This time, patterns like abc/{a.txt,b.js} was not marked as a dynamic pattern. So, now the regex has been rewritten to a generalized solution as a function to avoid future problems due to the complexity of the regular expression.

Thanks @MurzNN for the report of this problem (#351).

3.2.10

Full Changelog: 3.2.9...3.2.10

🐛 Bug fixes

Fixed a regression in 3.2.8 when the {a,b,c} pattern no longer considered a dynamic pattern (thanks @amitdahan, #347).

🥇 New Contributors

@amitdahan made their first contribution in #348

3.2.9

Full Changelog: 3.2.8...3.2.9

🐛 Bug fixes

Fixed a regression in 3.2.8 with invalid regular expression on older node.js versions (#345).

3.2.8

Full Changelog: 3.2.7...3.2.8

🐛 Bug fixes

Fix directory matching with trailing slashes (#290)

Thanks @Trott for investigating the problem and the detailed description.

Previously the src/*/ pattern did not work as expected (like src/*).

Double-slash in the middle of the pattern is not collapsed (#330)

Starting from this release, patterns like src//* will work like similar patterns without duplicate slashes. This was done for continuity with other solutions (glob, ls src//*, python, golang, …).

Adjust inefficient regular expressions (#336, #342, #344)

Thanks @Trott for fixing bugs and @XhmikosR for adding the CodeQL action to CI pipeline.

📖 Documentation

Some documentation improvements (#327, thanks @MarcelloTheArcane).

⚙️ Infrastructure

The CodeQL action has been added to CI pipeline (#338, thanks @XhmikosR).

🥇 New Contributors

@MarcelloTheArcane made their first contribution in #327

@Trott made their first contribution in #336

@XhmikosR made their first contribution in #338

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ fastq (indirect, 1.11.1 → 1.19.1) · Repo

Release Notes

1.19.1

What's Changed

Bump nyc from 15.1.0 to 17.0.0 by @dependabot in #84

add comments to type declarations by @qpwo in #92

Do not run coverage on older nodes by @mcollina in #93

New Contributors

@qpwo made their first contribution in #92

Full Changelog: v1.19.0...v1.19.1

1.19.0

What's Changed

Expose paused status flag by @greguz in #91

New Contributors

@greguz made their first contribution in #91

Full Changelog: v1.18.0...v1.19.0

1.18.0

What's Changed

fix: ensure drained() resolves after async tasks complete by @todoroff in #89

New Contributors

@todoroff made their first contribution in #89

Full Changelog: v1.17.1...v1.18.0

1.17.1

What's Changed

Emit drain event after pause/resume combo by @mcollina in #82

Full Changelog: v1.17.0...v1.17.1

1.17.0

What's Changed

Bump typescript from 4.9.5 to 5.0.4 by @dependabot in #68

fix ci by @Uzlopak in #72

add running to typescript definition by @Uzlopak in #71

fix: unshift with worker throwing error (#77) by @aguegu in #78

Consistently respect the configured concurrency by @mart-jansink in #81

New Contributors

@dependabot made their first contribution in #68

@Uzlopak made their first contribution in #72

@aguegu made their first contribution in #78

@mart-jansink made their first contribution in #81

Full Changelog: v1.15.0...v1.17.0

1.16.0

What's Changed

Bump typescript from 4.9.5 to 5.0.4 by @dependabot in #68

fix ci by @Uzlopak in #72

add running to typescript definition by @Uzlopak in #71

fix: unshift with worker throwing error (#77) by @aguegu in #78

New Contributors

@dependabot made their first contribution in #68

@Uzlopak made their first contribution in #72

@aguegu made their first contribution in #78

Full Changelog: v1.15.0...v1.16.0

1.15.0

What's Changed

fix: queueAsPromised.drained() resolves while queue is idle by @0xOlias in #64

New Contributors

@0xOlias made their first contribution in #64

Full Changelog: v1.14.0...v1.15.0

1.14.0

What's Changed

Update README on error callback expected behaviour by @giovanni-bertoncelli in #59

fix(typings): pass generic type to error handler by @AVVS in #62

New Contributors

@giovanni-bertoncelli made their first contribution in #59

@AVVS made their first contribution in #62

Full Changelog: v1.13.0...v1.14.0

1.13.0

What's Changed

feat: run to completion by @gillesdemey in #57

New Contributors

@gillesdemey made their first contribution in #57

Full Changelog: v1.12.0...v1.13.0

1.12.0

What's Changed

Added node v16 to CI by @mcollina in #55

Fire and forget promises by @mcollina in #54

Full Changelog: v1.11.1...v1.12.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 28 commits:

↗️ file-entry-cache (indirect, 6.0.1 → 8.0.0) · Repo · Changelog

Release Notes

8.0.0

Removing support for Nodejs 10, 12, and 14

This is updating modules to the latest versions and supporting Nodejs >=16 moving forward with v8.0.0

What's Changed

removing support for nodejs 12 and 14 by @jaredwray in #43

Full Changelog: v7.0.2...v8.0.0

7.0.2

What's Changed

removing del module as no longer needed by @jaredwray in #40

upgrading flat-cache to 3.2.0 by @jaredwray in #41

Full Changelog: v7.0.1...v7.0.2

7.0.1

What's Changed

upgrading flat-cache to 3.1.1 by @jaredwray in #37

upgrading chai to 4.3.10 by @jaredwray in #38

upgrading eslint to 8.50.0 and mocha plugin by @jaredwray in #39

Full Changelog: v7.0.0...v7.0.1

7.0.0

What's Changed

upgrading chai and mocha to latest by @jaredwray in #32

removing package-lock and setting tests to nodejs versions by @jaredwray in #33

adding code coverage reporting via codecov by @jaredwray in #34

updating tests for master by @jaredwray in #35

removing support for Nodejs version 10 by @jaredwray in #36

Full Changelog: v6.0.1...v7.0.0

Does any of this look wrong? Please let us know.

↗️ fill-range (indirect, 7.0.1 → 7.1.1) · Repo

Commits

See the full diff on Github. The new version differs by 7 commits:

↗️ flat-cache (indirect, 3.0.4 → 4.0.1) · Repo · Changelog

Release Notes

4.0.1

What's Changed

removing rimraf as core dependency by @jaredwray in #87

chore: run prettier separately from eslint by @uncenter in #88

refactor: prefer let/const over var by @uncenter in #89

upgrading c8 to 9.1.0 by @jaredwray in #92

upgrading prettier to 3.2.4 by @jaredwray in #93

upgrading moch to 10.3.0 by @jaredwray in #95

removing parts of keyv as a dependency by @jaredwray in #97

New Contributors

@uncenter made their first contribution in #88

Full Changelog: v4.0.0...v4.0.1

4.0.0

Major version release

To stay up to date with latest module dependencies we moved to supporting nodejs >=16 with this release. All other functionality stayed the same.

What's Changed

removing the testing on 21 by @jaredwray in #85

removing support for node 10, 12, and 14 by @jaredwray in #86

Full Changelog: v3.2.0...v4.0.0

3.2.0

What's Changed

[Fix] restore node 10 compat by @ljharb in #81

New Contributors

@ljharb made their first contribution in #81

Full Changelog: v3.1.1...v3.2.0

3.1.1

What's Changed

updating repo to use github actions and codecov by @jaredwray in #64

updating mocha and chai by @jaredwray in #65

adding in codecov badge by @jaredwray in #66

upgrading flatted to 3.2.7 by @jaredwray in #67

updating workflows with prs by @jaredwray in #71

updating coverage reporting to work with codecov by @jaredwray in #72

updating to show correct branch by @jaredwray in #73

intoducing keyv to flat-cache - non invasive by @jaredwray in #74

clean up of package.json by @jaredwray in #75

upgrading chai to 4.3.10 by @jaredwray in #77

upgrading flatted to 3.2.9 by @jaredwray in #78

New Contributors

@jaredwray made their first contribution in #64

Full Changelog: v3.0.4...v3.1.1

Does any of this look wrong? Please let us know.

↗️ flatted (indirect, 3.2.2 → 3.3.3) · Repo

Commits

See the full diff on Github. The new version differs by 49 commits:

↗️ function-bind (indirect, 1.1.1 → 1.1.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 26 commits:

↗️ get-intrinsic (indirect, 1.1.1 → 1.3.0) · Repo · Changelog

Release Notes

1.3.0 (from changelog)

Commits

[Dev Deps] update es-abstract, es-value-fixtures, for-each, object-inspect 9b61553

[Deps] update call-bind-apply-helpers, es-object-atoms, get-proto a341fee

[New] add Float16Array de22116

1.2.7 (from changelog)

Commits

[Refactor] use get-proto directly 00ab955

[Deps] update math-intrinsics c716cdd

[Dev Deps] update call-bound, es-abstract dc648a6

1.2.6 (from changelog)

Commits

[Refactor] use math-intrinsics 841be86

[Refactor] use es-object-atoms 42057df

[Deps] update call-bind-apply-helpers 45afa24

[Dev Deps] update call-bound 9cba9c6

1.2.5 (from changelog)

Commits

[actions] split out node 10-20, and 20+ 6e2b9dd

[Refactor] use dunder-proto and call-bind-apply-helpers instead of has-proto c095d17

[Refactor] use gopd 9841d5b

[Dev Deps] update @ljharb/eslint-config, auto-changelog, es-abstract, es-value-fixtures, gopd, mock-property, object-inspect, tape 2d07e01

[Deps] update gopd, has-proto, has-symbols, hasown 974d8bf

[Dev Deps] update call-bind, es-abstract, tape df9dde1

[Refactor] cache es-define-property as well 43ef543

[Deps] update has-proto, has-symbols, hasown ad4949d

[Tests] use call-bound directly ad5c406

[Deps] update has-proto, hasown 45414ca

[Tests] replace aud with npm audit 18d3509

[Deps] update es-define-property aadaa3b

[Dev Deps] add missing peer dep c296a16

1.2.4 (from changelog)

Commits

[Refactor] use all 7 <+ ES6 Errors from es-errors bcac811

1.2.3 (from changelog)

Commits

[Refactor] use es-errors, so things that only need those do not need get-intrinsic f11db9c

[Dev Deps] update aud, es-abstract, mock-property, npmignore b7ac7d1

[meta] simplify exports faa0cc6

[meta] add missing engines.node 774dd0b

[Dev Deps] update tape 5828e8e

[Robustness] use null objects for lookups eb9a11f

[meta] add sideEffects flag 89bcc7a

1.2.2 (from changelog)

Commits

[Dev Deps] update @ljharb/eslint-config, aud, call-bind, es-abstract, mock-property, object-inspect, tape f51bcf2

[Refactor] use hasown instead of has 18d14b7

[Deps] update function-bind 6e109c8

1.2.1 (from changelog)

Commits

[Fix] avoid a crash in envs without __proto__ 7bad8d0

[Dev Deps] update es-abstract c60e6b7

1.2.0 (from changelog)

Commits

[actions] update checkout action ca6b12f

[Dev Deps] update @ljharb/eslint-config, es-abstract, object-inspect, tape 41a3727

[Fix] ensure Error.prototype is undeniable c511e97

[Dev Deps] update aud, es-abstract, tape 1bef8a8

[Dev Deps] update aud, es-abstract 0d41f16

[New] add BigInt64Array and BigUint64Array a6cca25

[Tests] use gopd ecf7722

1.1.3 (from changelog)

Commits

[Dev Deps] update es-abstract, es-value-fixtures, tape 07ff291

[Fix] properly check for % signs 50ac176

1.1.2 (from changelog)

Fixed

[Fix] properly validate against extra % signs #16

Commits

[actions] reuse common workflows 0972547

[meta] use npmignore to autogenerate an npmignore file 5ba0b51

[actions] use node/install instead of node/run; use codecov action c364492

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, es-abstract, object-inspect, tape dc04dad

[Dev Deps] update eslint, @ljharb/eslint-config, es-abstract, object-inspect, safe-publish-latest, tape 1c14059

[Tests] use mock-property b396ef0

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, tape c2c758d

[Dev Deps] update eslint, @ljharb/eslint-config, aud, es-abstract, es-value-fixtures, object-inspect, tape 29e3c09

[actions] update codecov uploader 8cbc141

[Dev Deps] update @ljharb/eslint-config, es-abstract, es-value-fixtures, object-inspect, tape 10b6f5c

[readme] add github actions/codecov badges 4e25400

[Tests] use for-each instead of foreach c05b957

[Dev Deps] update es-abstract 29b05ae

[meta] use prepublishOnly script for npm 7+ 95c285d

[Deps] update has-symbols 593cb4f

[readme] fix repo URLs 1c8305b

[Deps] update has-symbols c7138b6

[Dev Deps] remove unused has-bigints bd63aff

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 75 commits:

↗️ get-set-props (indirect, 0.1.0 → 0.2.0) · Repo

Commits

See the full diff on Github. The new version differs by 24 commits:

↗️ get-stream (indirect, 6.0.1 → 9.0.1) · Repo

Release Notes

9.0.1

Upgrade ReadableStream[Symbol.asyncIterator] ponyfill (#128) df42674

v9.0.0...v9.0.1

9.0.0

Breaking

Require Node.js 18 (#111) 7ccab70

Improvements

Fix browser support (#122) 4d233d3

Allow multiple readers at once (#121) a51d085

v8.0.1...v9.0.0

8.0.1

Fixes

Ensure error.bufferedData is as full as possible. (#106)

Fix the maxBuffer option being one byte off in some edge case. (#105)

v8.0.0...v8.0.1

8.0.0

Huge thanks to @ehmicky for doing all the work for this release 🙌

Breaking

Remove the encoding option. (#69, #67)

This package handles binary, UTF-8 and object streams.

For other encodings like UTF-16, hexacimal and base64, please see the following tip. (#84)

Methods like buffer.toString('hex') or buffer.toString('base64') can also be used.

Improvements

Support any JavaScript environment, including browsers. (#85)

Support web streams (ReadableStream). (#82, #78, #79, #80)

Support async iterables. (#69, #93)

Add getStreamAsArray() method to pass streams in object mode. (#86)

Add getStreamAsArrayBuffer() method to return the stream as an ArrayBuffer. (#81)

When the stream is larger than the maximum size for a string, buffer or ArrayBuffer, set error.bufferedData with the partially read data instead of leaving it empty. (#68, #48)

Fixes

Do not crash on big streams (with one/many GBs). (#66)

Ensure maxBuffer stops infinite streams. (#62)

Stop consuming the streaming when hitting maxBuffer. (#42, #69).

Set error.bufferedData when the stream errors for other reasons than maxBuffer. (#56, #63)

Ensure error.bufferedData is smaller than maxBuffer. (#89)

TypeScript types

The stream argument must be a Readable, ReadableStream or AsyncIterable. (#71)

Documentation

Add tips on alternatives, Blob and JSON streaming. (#58, #95, #96, #97)

Performance

Do not block the event loop when the stream ends. (#92)

v7.0.1...v8.0.0

7.0.1

Work around issue with handling large sizes e58d141

v7.0.0...v7.0.1

7.0.0

Breaking

Require Node.js 16 70571f8

This package is now pure ESM. Please read this.

Removed getStream.array()

It complicated the codebase considerably and I personally never used it.

You can use readableStream.toArray() instead. Example

const getStream = require('get-stream'); getStream.buffer(…); → import {getStreamAsBuffer} from 'get-stream'; getStreamAsBuffer(…);

const getStream = require('get-stream'); getStream.MaxBufferError; → import {MaxBufferError} from 'get-stream'; MaxBufferError;

Tip

You may not need this package anymore.

v6.0.1...v7.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 68 commits:

↗️ glob-parent (indirect, 5.1.2 → 6.0.2) · Repo · Changelog

Security Advisories 🚨

🚨 glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service

glob-parent 6.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS). This issue is fixed in version 6.0.1.

This vulnerability is separate from GHSA-ww39-953v-wcq6.

Release Notes

6.0.2

Bug Fixes

Improve performance (#53) (843f8de)

6.0.1

Bug Fixes

Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0

⚠ BREAKING CHANGES

Correct mishandled escaped path separators (#34)

upgrade scaffold, dropping node <10 support

Bug Fixes

Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

upgrade scaffold, dropping node <10 support (e83d0c5)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 16 commits:

↗️ globals (indirect, 13.10.0 → 16.4.0) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ globby (indirect, 12.0.0 → 14.1.0) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 68 commits:

↗️ graceful-fs (indirect, 4.2.8 → 4.2.11) · Repo

Commits

See the full diff on Github. The new version differs by 17 commits:

↗️ has-bigints (indirect, 1.0.1 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0 (from changelog)

Commits

[meta] use npmignore to autogenerate an npmignore file a411cea

[actions] split out node 10-20, and 20+ 4515878

[New] add types c888241

[actions] update rebase action to use reusable workflow 6f44338

[Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape ffa1e4d

[Dev Deps] update aud, tape 0f5d096

[meta] add missing engines.node 3f73c71

[Tests] replace aud with npm audit b007efd

[Dev Deps] add missing peer dep 459c612

1.0.2 (from changelog)

Commits

[actions] reuse common workflows a655b7f

[actions] use node/install instead of node/run; use codecov action 730a2e5

[readme] add github actions/codecov badges; update URLs 9a83788

[Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape b1edc52

[actions] update codecov uploader cbb1bd0

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape 8717e6d

[Dev Deps] update eslint, @ljharb/eslint-config, auto-changelog, safe-publish-latest, tape 5f70eab

[Dev Deps] update eslint, @ljharb/eslint-config, aud, tape a1446bc

[meta] use prepublishOnly script for npm 7+ f2dd197

[actions] use checkout v3 1ba72f1

[Refactor] use a global variable to get the original BigInt instead of a global property a7ccfac

[actions] skip npm ls on older nodes 62d31e7

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 23 commits:

↗️ has-symbols (indirect, 1.0.2 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0 (from changelog)

Commits

[actions] update workflows 548c0bf

[actions] further shard; update action deps bec56bb

[meta] use npmignore to autogenerate an npmignore file ac81032

[New] add types 6469cbf

[actions] update rebase action to use reusable workflow 9c9d4d0

[Dev Deps] update eslint, @ljharb/eslint-config, aud, tape adb5887

[Dev Deps] update @ljharb/eslint-config, aud, tape 13ec198

[Dev Deps] update auto-changelog, core-js, tape 941be52

[Tests] replace aud with npm audit 74f49e9

[Dev Deps] update npmignore 9c0ac04

[Dev Deps] add missing peer dep 52337a5

1.0.3 (from changelog)

Commits

[actions] use node/install instead of node/run; use codecov action 518b28f

[meta] add bugs and homepage fields; reorder package.json c480b13

[actions] reuse common workflows 01d0ee0

[actions] update codecov uploader 6424ebe

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape dfa7e7f

[Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape 0c8d436

[Dev Deps] update eslint, @ljharb/eslint-config, aud, tape 9026554

[readme] add actions and codecov badges eaa9682

[Dev Deps] update eslint, tape bc7a3ba

[Dev Deps] update eslint, auto-changelog 0ace00a

[meta] use prepublishOnly script for npm 7+ 093f72b

[Tests] test on all 16 minors 9b80d3d

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 25 commits:

↗️ human-signals (indirect, 2.1.0 → 8.0.1) · Repo · Changelog

Release Notes

8.0.1

Documentation

Improve documentation in README.md

8.0.0

Breaking changes (types)

The SignalNumber and Signal['number'] types in TypeScript are now stricter. They only allow valid signal numbers like 1 or 9. They do not allow invalid signal numbers like -1, 1.5 or 999. Please note that 0 is not considered a valid signal number, although it can be passed to process.kill().

Types

The signalsByName[signalName] and signalsByNumber[signalNumber] types in TypeScript are now Signal instead of Signal | undefined. This means you can now do signalsByName[signalName].description instead of signalsByName[signalName]!.description.

7.0.0

Breaking changes (types)

The SignalName and Signal['name'] types in TypeScript are now stricter. They only allow valid signal names like 'SIGINT'. They do not allow lowercase signals like 'sigint' nor unknown signals like 'SIGOTHER'.

6.0.0

Breaking changes

Minimal supported Node.js version is now 18.18.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ignore (indirect, 4.0.6 → 5.3.2) · Repo · Changelog

Release Notes

5.3.0

5.3.0

MINOR export Options interface (#105)

An upgrade is safe for all dependents

It allows typing external methods which expect Options as a param, by importing the Options interface.
import {Options} from 'ignore'

5.2.4

PATCH fixes normal single asterisk and normal consecutive asterisks defined in gitignore spec (#57)

PATCH invalid trailing backslash will not throw unexpectedly

An upgrade is recommended for all dependents

The following rules could be not properly parsed with previous ignore versions
**foo
*bar
qu*ux
abc\   # `ignore` would throw if no whitespace after `\`

5.2.0

PATCH support readonly arrays of typescript. (#70)

MINOR bring backward compatibility with relative paths. (#75)

An upgrade is recommended for all dependents.
ignore().ignores('../foo/bar.js') // will throw
And the code below will not throw, however it is not recommended
ignore({
  allowRelativePaths: true
}).ignores('../foo/bar.js')
Recommend:
ignore().ignores('foo/bar.js')

5.1.9

PATCH fixes ignorecase when internal cache is hit. (#74)

An upgrade is recommended for all dependents.

5.1.5

PATCH fixes escaping for square brackets (#59)

An upgrade is recommended for all dependents.

5.1.1

PATCH fixes isPathValid on Windows (#54)

On Windows, if path is an absolute path, ig.ignores(path), ig.test(path) and related methods will now throw an error as expected.

5.1.0

FEATURE: Typescript: export interface Ignore (#53)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ import-fresh (indirect, 3.3.0 → 3.3.1) · Repo

Release Notes

3.3.1

Fix Bun compatibility (#32) 972690b

v3.3.0...v3.3.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

↗️ irregular-plurals (indirect, 3.3.0 → 3.5.0) · Repo

Release Notes

3.5.0

Add some more words (#25) 333ed37

v3.4.1...v3.5.0

3.4.1

Fix compatibility with bundlers fe4ec96

v3.4.0...v3.4.1

3.4.0

Add some more words (#22) e7f3af1

v3.3.0...v3.4.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 7 commits:

↗️ is-bigint (indirect, 1.0.3 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0 (from changelog)

Commits

[actions] reuse common workflows 0e63a44

[meta] use npmignore to autogenerate an npmignore file 47584ee

[Tests] use for-each and es-value-fixtures f226864

[New] add types 78e2c47

[actions] split out node 10-20, and 20+ 4395a8d

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, has-symbols, object-inspect, tape c188501

[Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, safe-publish-latest, tape 5360d32

[actions] update rebase action to use reusable workflow d5c1775

[actions] update codecov uploader c7478c7

[Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, object-inspect, tape 6fbce66

[meta] add missing engines.node 6f9ed42

[Tests] replace aud with npm audit 21846c3

[Dev Deps] remove unused has-symbols, add missing has-tostringtag b378d94

[Deps] update has-bigints f46c35b

[Dev Deps] add missing peer dep 2b9be16

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 21 commits:

↗️ is-boolean-object (indirect, 1.1.2 → 1.2.2) · Repo · Changelog

Release Notes

1.2.2 (from changelog)

Fixed

[Fix] do not be tricked by fake Booleans #25

Commits

[Dev Deps] update @arethetypeswrong/cli, @ljharb/tsconfig, @types/tape, core-js a27608b

[Deps] update call-bound b19953f

1.2.1 (from changelog)

Commits

[Refactor] use call-bound directly bb5aa26

1.2.0 (from changelog)

Commits

[actions] reuse common workflows 380fa25

[meta] use npmignore to autogenerate an npmignore file befa203

[actions] split out node 10-20, and 20+ ca31663

[New] add types 6d58609

[Dev Deps] update eslint, @ljharb/eslint-config, core-js, safe-publish-latest, tape 06cc67e

[actions] update codecov uploader 0722346

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape 100acdf

[actions] update rebase action to use reusable workflow 26333ff

[Dev Deps] update eslint, @ljharb/eslint-config, aud, core-js, tape fde97ee

[Dev Deps] update @ljharb/eslint-config, auto-changelog, core-js, npmignore, tape f5ed3c8

[Deps] update call-bind, has-tostringtag 61912e2

[Tests] replace aud with npm audit c6a0db5

[meta] better eccheck command 3a59ec6

[Dev Deps] add missing peer dep c0e10db

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 21 commits:

↗️ is-builtin-module (indirect, 3.1.0 → 5.0.0) · Repo

Release Notes

5.0.0

Breaking

Remove punycode since it's deprecated

Improvements

Update module list (#16) 24876d2

v4.0.0...v5.0.0

4.0.0

Breaking

Require Node.js 18 52df82e

This package is now pure ESM. Please read this.

This package now matches based a static list of modules from the latest Node.js version. If you want to check for a module in the current Node.js (previous behavior), use the core isBuiltin method.

v3.2.1...v4.0.0

3.2.1

Module names that end in a trialing slash should not be considered builtin (#13) 4d9b398

v3.2.0...v3.2.1

3.2.0

Add TypeScript definition (#11) cbcb463

v3.1.0...v3.2.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 10 commits:

↗️ is-callable (indirect, 1.2.4 → 1.2.7) · Repo · Changelog

Release Notes

1.2.7 (from changelog)

Commits

[Fix] recognize document.all in IE 6-10 06c1db2

[Tests] improve logic for FF 20-35 0f7d9b9

[Fix] handle document.all in FF 27 (and +, probably) 696c661

[Tests] fix proxy tests in FF 42-63 985df0d

[readme] update tested browsers 389e919

[Fix] detect document.all in Opera 12.16 b9f1022

[Fix] HTML elements: properly report as callable in Opera 12.16 17391fe

[Tests] fix inverted logic in FF3 test 056ebd4

1.2.6 (from changelog)

Commits

[Fix] work for document.all in Firefox 3 and IE 6-8 015132a

[Test] skip function toString check for nullish values 8698116

[readme] add "supported engines" section 0442207

[Tests] skip one of the fixture objects in FF 3.6 a501141

[Tests] allow class constructor tests to fail in FF v45 - v54, which has undetectable classes b12e4a4

[Fix] Safari 4: regexes should not be considered callable 4b732ff

[Fix] properly recognize document.all in Safari 4 3193735

1.2.5 (from changelog)

Commits

[actions] reuse common workflows 5bb4b32

[meta] better eccheck command b9bd597

[meta] use npmignore to autogenerate an npmignore file 3192d38

[Fix] for HTML constructors, always use tryFunctionObject even in pre-toStringTag browsers 3076ea2

[Dev Deps] update eslint, @ljharb/eslint-config, available-typed-arrays, object-inspect, safe-publish-latest, tape 8986746

[meta] add auto-changelog 7dda9d0

[Fix] properly report document.all da90b2b

[actions] update codecov uploader c8f847c

[Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, tape 899ae00

[Dev Deps] update eslint, @ljharb/eslint-config, es-value-fixtures, object-inspect, tape 344e913

[meta] remove greenkeeper config 737dce5

[meta] npmignore coverage output 680a883

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 30 commits:

↗️ is-core-module (indirect, 2.5.0 → 2.16.1) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 64 commits:

↗️ is-date-object (indirect, 1.0.5 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0 (from changelog)

Commits

[actions] reuse common workflows 35c5af0

[meta] use npmignore to autogenerate an npmignore file db6113c

[New] add types 4f1d9b3

[actions] split out node 10-20, and 20+ c9a1e4f

[Dev Deps] update eslint, @ljharb/eslint-config, core-js, safe-publish-latest, tape 35a2864

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape b670bca

[actions] update rebase action to use reusable workflow d6bb341

[actions] update codecov uploader f850678

[Robustness] use call-bound 18ed326

[Dev Deps] update @ljharb/eslint-config, auto-changelog, core-js, npmignore, tape f0e792f

[meta] add exports field 342351f

[Tests] replace aud with npm audit 9b9b9cf

[Deps] update has-tostringtag 1bc37ab

[meta] add sideEffects flag 86d3a16

[Dev Deps] add missing peer dep fee274d

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 16 commits:

↗️ is-docker (indirect, 2.2.1 → 3.0.0) · Repo

Release Notes

3.0.0

Breaking

Require Node.js 12.20 4358e61

This package is now pure ESM. Please read this.

v2.2.1...v3.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

↗️ is-get-set-prop (indirect, 1.0.0 → 2.0.0) · Repo

Commits

See the full diff on Github. The new version differs by 44 commits:

↗️ is-glob (indirect, 4.0.1 → 4.0.3) · Repo

Commits

See the full diff on Github. The new version differs by 8 commits:

↗️ is-js-type (indirect, 2.0.0 → 3.0.0) · Repo

Commits

See the full diff on Github. The new version differs by 16 commits:

↗️ is-negative-zero (indirect, 2.0.1 → 2.0.3) · Repo · Changelog

Release Notes

2.0.3 (from changelog)

Commits

add types e28f0d5

[meta] use npmignore to autogenerate an npmignore file f68ec13

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape 70abff7

[actions] update rebase action to use reusable workflow 6e1356e

[Dev Deps] update @ljharb/eslint-config, aud, npmignore, tape c00d4ab

[meta] add sideEffects flag 9c45539

2.0.2 (from changelog)

Commits

[actions] reuse common workflows ece923d

[actions] use node/install instead of node/run; use codecov action 3a26f43

[meta] do not publish workflow files 2cea0c2

[readme] add github actions/codecov badges; update URLs 0c0be3e

[Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape a93d16e

[meta] create FUNDING.yml b4f425e

[actions] update codecov uploader 7999db3

[Dev Deps] update eslint, @ljharb/eslint-config, auto-changelog, safe-publish-latest, tape 140e4d9

[Dev Deps] update eslint, @ljharb/eslint-config, aud, tape 23a8b6d

[readme] add actions and codecov badges fe92126

[readme] fix repo URLs 50c428e

[Dev Deps] update eslint, @ljharb/eslint-config, tape 688155f

[meta] use prepublishOnly script for npm 7+ 83171f9

[actions] update workflows e9823db

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 22 commits:

↗️ is-number-object (indirect, 1.0.6 → 1.1.1) · Repo · Changelog

Release Notes

1.1.1 (from changelog)

Commits

[Dev Deps] update @arethetypeswrong/cli, @ljharb/tsconfig, @types/tape 00d566d

[Refactor] use call-bound directly 073d5df

[Deps] update call-bind 36c84af

1.1.0 (from changelog)

Commits

[meta] use npmignore to autogenerate an npmignore file cb8423c

[New] add types 273e406

[actions] split out node 10-20, and 20+ 3da6267

[Robustness] use call-bind 834c098

[actions] update rebase action to use reusable workflow 84a8a9f

[Dev Deps] update @ljharb/eslint-config, auto-changelog, core-js, npmignore, tape 7275bca

[Dev Deps] update eslint, @ljharb/eslint-config, aud, core-js, tape 49a83aa

[Tests] replace aud with npm audit 061492b

[Refactor] avoid an expensive check, for null 08d29a8

[Deps] update has-tostringtag 4e2ad65

[Dev Deps] add missing peer dep 8228bfa

1.0.7 (from changelog)

Commits

[actions] reuse common workflows 8f9a1b0

[meta] better eccheck command 9dc8dff

[Dev Deps] update eslint, @ljharb/eslint-config, core-js, safe-publish-latest, tape c50ecbf

[actions] update codecov uploader f1a2560

[Dev Deps] update eslint, @ljharb/eslint-config, aud, core-js, tape 4b06ace

[Dev Deps] update eslint, @ljharb/eslint-config, auto-changelog, core-js, tape 3dc0e8b

[meta] add bugs/homepage package.json fields d7e0bcf

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

↗️ is-obj-prop (indirect, 1.0.0 → 2.0.0) · Repo

Commits

See the full diff on Github.

Sorry, we couldn’t find anything useful about this release.

↗️ is-plain-obj (indirect, 1.1.0 → 4.1.0) · Repo

Release Notes

4.1.0

Improve performance (#16) e334e11

Make it work across realms (#14) b51c26a

v4.0.0...v4.1.0

4.0.0

Breaking

Require Node.js 12 69581e4

This package is now pure ESM. Please read this.

v3.0.0...v4.0.0

3.0.0

Breaking

Require Node.js 10 1e18041

Breaking for TypeScript users

Make the TypeScript types stricter (#10) e20ccc1

v2.1.0...v3.0.0

2.1.0

Internal refactoring (#8) 13acf59

v2.0.0...v2.1.0

2.0.0

Breaking:

Require Node.js 8 9748067

Enhancements:

Add TypeScript definition (#4) 1ee301e

v1.1.0...v2.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

↗️ is-proto-prop (indirect, 2.0.0 → 3.0.1) · Repo

Commits

See the full diff on Github. The new version differs by 18 commits:

↗️ is-regex (indirect, 1.1.4 → 1.2.1) · Repo · Changelog

Release Notes

1.2.1 (from changelog)

Commits

[Refactor] use call-bound directly dbabfe3

[Deps] update call-bind, gopd d5343a0

[Dev Deps] update @arethetypeswrong/cli, @ljharb/tsconfig cc081eb

1.2.0 (from changelog)

Fixed

[Tests] allow tests to pass if zero traps are triggered #35

Commits

[actions] reuse common workflows be7bf6a

[New] add types 39066a4

[meta] use npmignore to autogenerate an npmignore file 8938588

[Refactor] reorganize code 2f76f26

[actions] split out node 10-20, and 20+ 8c9aedf

[meta] better eccheck command 6b39408

[Dev Deps] update eslint, @ljharb/eslint-config, safe-publish-latest, tape e38cf3c

[actions] update codecov uploader 487c75d

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, core-js, foreach, tape 0d7da87

[Dev Deps] update eslint, @ljharb/eslint-config, aud, core-js, tape c1c1198

[actions] update rebase action to use reusable workflow 213646e

[Dev Deps] update @ljharb/eslint-config, auto-changelog, core-js, npmignore, tape 0a44e77

[Refactor] use hasown d939332

[Deps] update call-bind, has-tostringtag 46bfdc9

[Tests] use for-each instead of foreach 138b3f2

[Tests] replace aud with npm audit 37ed80a

[Deps] update gopd 6fd4097

[Dev Deps] update core-js 97c1c60

[Dev Deps] add missing peer dep 7329b8e

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 25 commits:

↗️ is-stream (indirect, 2.0.1 → 4.0.1) · Repo

Release Notes

4.0.1

Fix docs 022693d

v4.0.0...v4.0.1

3.0.0

Breaking

Require Node.js 12.20 5831295

This package is now pure ESM. Please read this.

Changed from a default export to named exports.

v2.0.1...v3.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 9 commits:

↗️ is-string (indirect, 1.0.7 → 1.1.1) · Repo · Changelog

Release Notes

1.1.1 (from changelog)

Commits

[Dev Deps] update @arethetypeswrong/cli, @ljharb/tsconfig, @types/tape c1f7ef7

[Refactor] use call-bound directly ba8a78f

[Deps] update call-bind 93c352f

1.1.0 (from changelog)

Commits

[actions] reuse common workflows 12aa75b

[meta] use npmignore to autogenerate an npmignore file 6401572

[actions] split out node 10-20, and 20+ 223540c

[New] add types 7e83d67

[Dev Deps] update eslint, @ljharb/eslint-config, core-js, safe-publish-latest, tape febd26e

[readme] add github actions/codecov badges; update URLs f6bf065

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, core-js, tape 8afc37a

[Robustness] use call-bind ac86dd7

[actions] update rebase action to use reusable workflow 77058c8

[actions] update codecov uploader 4312be5

[Dev Deps] update eslint, @ljharb/eslint-config, aud, core-js, tape 98c3779

[Dev Deps] update @ljharb/eslint-config, auto-changelog, core-js, npmignore, tape 7d8e0e5

[Dev Deps] update eslint, @ljharb/eslint-config, core-js, safe-publish-latest, tape 3284ad1

[Tests] replace aud with npm audit 8cb7ea7

[Refactor] skip expensive check, for null 20fde50

[Deps] update has-tostringtag b67a78d

[meta] fix repo URL 1a2ee6b

[meta] better eccheck command 6913c75

[Dev Deps] add missing peer dep 8ac8551

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

↗️ is-symbol (indirect, 1.0.4 → 1.1.1) · Repo · Changelog

Release Notes

1.1.1 (from changelog)

Commits

[actions] re-add finishers 9b9d06f

[Deps] update call-bind, has-symbols, safe-regex-test 07f3647

[Refactor] use call-bound directly 799402d

[Dev Deps] update @arethetypeswrong/cli, @ljharb/tsconfig 4b8b2f9

[types] remove unneeded DT packages 398abaa

1.1.0 (from changelog)

Commits

[actions] reuse common workflows acf85f0

[meta] use npmignore to autogenerate an npmignore file 77c818e

[Tests] use for-each and es-value-fixtures 93dfed0

[New] add types ed6a057

[actions] split out node 10-20, and 20+ 7f81ccc

[Robustness] use call-bind and safe-regex-test dc7e142

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, tape 70f87c2

[Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, safe-publish-latest, tape 3f02ff4

[Dev Deps] update @ljharb/eslint-config, auto-changelog, has-tostringtag, npmignore, object-inspect, tape 9588872

[actions] update rebase action to use reusable workflow 59e2f68

[actions] update codecov uploader e4759f8

[Dev Deps] update eslint, auto-changelog, object-inspect, tape 33990c0

[Tests] use has-tostringtag for more robust Symbol.toStringTag detection d6154e1

[Tests] replace aud with npm audit 3215a60

[Refactor] avoid an expensive check, for primitives 59f1a42

[Deps] update has-symbols 06be1a9

[Dev Deps] add missing peer dep 799b0da

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

↗️ is-wsl (indirect, 2.2.0 → 3.1.0) · Repo

Release Notes

3.1.0

Support Podman (#11) 8bbf07d

v3.0.0...v3.1.0

3.0.0

Breaking

Require Node.js 16 a3d3762

This package is now pure ESM. Please read this.

v2.2.0...v3.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 6 commits:

↗️ js-types (indirect, 1.0.0 → 4.0.0) · Repo

Release Notes

4.0.0

Breaking

Require Node.js 18.20 8d668e6

This package is now pure ESM. Please read this.

v3.0.0...v4.0.0

3.0.0

Breaking

Require Node.js 18 3fc3683

Improvements

Update list of types 327c634

v2.1.0...v3.0.0

2.1.0

Add SharedArrayBuffer 1fa2421

Add TypeScript definition (#1) ffaff59

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 14 commits:

↗️ js-yaml (indirect, 3.14.1 → 4.1.0) · Repo · Changelog

Release Notes

4.1.0 (from changelog)

Added

Types are now exported as yaml.types.XXX.

Every type now has options property with original arguments kept as they were (see yaml.types.int.options as an example).

Changed

Schema.extend() now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as abcd instead of cbad).

4.0.0 (from changelog)

Changed

Check migration guide to see details for all breaking changes.

Breaking: "unsafe" tags !!js/function, !!js/regexp, !!js/undefined are moved to js-yaml-js-types package.

Breaking: removed safe* functions. Use load, loadAll, dump instead which are all now safe by default.

yaml.DEFAULT_SAFE_SCHEMA and yaml.DEFAULT_FULL_SCHEMA are removed, use yaml.DEFAULT_SCHEMA instead.

yaml.Schema.create(schema, tags) is removed, use schema.extend(tags) instead.

!!binary now always mapped to Uint8Array on load.

Reduced nesting of /lib folder.

Parse numbers according to YAML 1.2 instead of YAML 1.1 (01234 is now decimal, 0o1234 is octal, 1:23 is parsed as string instead of base60).

dump() no longer quotes :, [, ], (, ) except when necessary, #470, #557.

Line and column in exceptions are now formatted as (X:Y) instead of at line X, column Y (also present in compact format), #332.

Code snippet created in exceptions now contains multiple lines with line numbers.

dump() now serializes undefined as null in collections and removes keys with undefined in mappings, #571.

dump() with skipInvalid=true now serializes invalid items in collections as null.

Custom tags starting with ! are now dumped as !tag instead of !<!tag>, #576.

Custom tags starting with tag:yaml.org,2002: are now shorthanded using !!, #258.

Added

Added .mjs (es modules) support.

Added quotingType and forceQuotes options for dumper to configure string literal style, #290, #529.

Added styles: { '!!null': 'empty' } option for dumper (serializes { foo: null } as "foo: "), #570.

Added replacer option (similar to option in JSON.stringify), #339.

Custom Tag can now handle all tags or multiple tags with the same prefix, #385.

Fixed

Astral characters are no longer encoded by dump(), #587.

"duplicate mapping key" exception now points at the correct column, #452.

Extra commas in flow collections (e.g. [foo,,bar]) now throw an exception instead of producing null, #321.

__proto__ key no longer overrides object prototype, #164.

Removed bower.json.

Tags are now url-decoded in load() and url-encoded in dump() (previously usage of custom non-ascii tags may have led to invalid YAML that can't be parsed).

Anchors now work correctly with empty nodes, #301.

Fix incorrect parsing of invalid block mapping syntax, #418.

Throw an error if block sequence/mapping indent contains a tab, #80.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jsesc (indirect, 2.5.2 → 3.1.0) · Repo

Commits

See the full diff on Github. The new version differs by 18 commits:

↗️ line-column-path (indirect, 2.0.0 → 3.0.0) · Repo

Release Notes

3.0.0

Breaking

Require Node.js 12.20 8c5d1f2

This package is now pure ESM. Please read this.

Changed from a default export to named exports.

v2.0.0...v3.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 4 commits:

↗️ lines-and-columns (indirect, 1.1.6 → 1.2.4) · Repo

Sorry, we couldn’t find anything useful about this release.

↗️ log-symbols (indirect, 4.1.0 → 6.0.0) · Repo

Release Notes

6.0.0

Breaking

Require Node.js 18 22e0d8c

Improvements

Add exports.types to package.json (#32) d547f18

v5.1.0...v6.0.0

5.1.0

Upgrade dependencies 2ee4f5d

v5.0.0...v5.1.0

5.0.0

Breaking

Require Node.js 12 3721d57

This package is now pure ESM. Please read this.

v4.1.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 7 commits:

↗️ lowercase-keys (indirect, 1.0.1 → 3.0.0) · Repo

Release Notes

3.0.0

Breaking

Require Node.js 12.20 c3d4e47

This package is now pure ESM. Please read this.

v2.0.0...v3.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 11 commits:

↗️ meow (indirect, 10.1.1 → 13.2.0) · Repo

Release Notes

13.2.0

Add helpIndent option (#241) e9a55cd

v13.1.0...v13.2.0

13.1.0

Remove hardRejection option 99fe7a6

It's the default behavior in Node.js since Node.js 16.

v13.0.0...v13.1.0

13.0.0

Breaking

Require Node.js 18 2ecd29d

Improvements

Update dependencies 2ecd29d

v12.1.1...v13.0.0

12.1.1

Fix TypeScript types (#245) 8a4cecd

v12.1.0...v12.1.1

12.1.0

Bundle dependencies (#242) 41e628c

meow is now dependency-less!

v12.0.1...v12.1.0

12.0.1

Fix flag default values validation (#238) c3bf62b

v12.0.0...v12.0.1

12.0.0

Breaking

Require Node.js 16 (#235) 24d5e9c

Rename alias flag option to shortFlag (#225) 14e870d

Short flag is a more correct term for what alias was previously used for. We now have a separate aliases option for actual aliases.

Improvements

Add aliases flag option (#226) 901b9fc

Add choices flag option (#228) 149d7af

Add error when flag.default isn't a valid choice (#231) b2d7ce7

Don't indent single line help / description text (#232) a5d15e8

Thanks to @tommy-mitchell for doing most of the work on this release 🙌

v11.0.0...v12.0.0

11.0.0

Breaking

Require Node.js 14 01cf2a5

Improvements

Improve TypeScript types (#218) 6c57fc8

v10.1.5...v11.0.0

10.1.5

Fix for custom config for help (#217) d0dc0d7

v10.1.4...v10.1.5

10.1.4

Fix autoHelp and autoVersion with allowUnknownFlags set to false (#215) 25a0903

v10.1.3...v10.1.4

10.1.3

Fix return type for .showHelp() (#213) db55316

v10.1.2...v10.1.3

10.1.2

Fix engines field (#203) 1368ae0

v10.1.1...v10.1.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 39 commits:

↗️ micromatch (indirect, 4.0.4 → 4.0.8) · Repo · Changelog

Security Advisories 🚨

🚨 Regular Expression Denial of Service (ReDoS) in micromatch

The NPM package micromatch prior to version 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in micromatch.braces() in index.js because the pattern .* will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persisted prior to #266. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.

Commits

See the full diff on Github. The new version differs by 26 commits:

↗️ minimatch (indirect, 3.0.4 → 9.0.5) · Repo · Changelog

Security Advisories 🚨

🚨 minimatch ReDoS vulnerability

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ms (indirect, 2.1.2 → 2.1.3) · Repo

Release Notes

2.1.3

Patches

Rename zeit to vercel: #151

Bump eslint from 4.12.1 to 4.18.2: #122

Add prettier as a dev dependency: #135 #153

Use GitHub Actions CI: #154

Credits

Huge thanks to @getsnoopy for helping!

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 6 commits:

↗️ node-releases (indirect, 1.1.73 → 2.0.23) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ npm-run-path (indirect, 4.0.1 → 6.0.0) · Repo

Release Notes

6.0.0

Breaking

Require Node.js 18 (#19) 3ef8d0a

Improvements

Make it idempotent (#20) 8cfb372

Handle empty PATH better (#21) 973c107

v5.3.0...v6.0.0

5.3.0

Add preferLocal and addExecaPath options (#18) 09419af

v5.2.0...v5.3.0

5.2.0

Allow execPath to be a file URL (#16) e07cc59

v5.1.0...v5.2.0

5.1.0

Allow cwd option to be a URL (#15) fd16028

v5.0.1...v5.1.0

5.0.1

Fix a typo 5ae23bc

v5.0.0...v5.0.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 19 commits:

↗️ obj-props (indirect, 1.3.0 → 2.0.0) · Repo

Commits

See the full diff on Github. The new version differs by 6 commits:

↗️ object-inspect (indirect, 1.11.0 → 1.13.4) · Repo · Changelog

Release Notes

1.13.4 (from changelog)

Commits

[Fix] avoid being fooled by a Symbol.toStringTag fa5870d

[Tests] fix tests in node v6.0 - v6.4 2abfe1b

[Dev Deps] update es-value-fixtures, for-each, has-symbols 3edfb01

1.13.3 (from changelog)

Commits

[actions] split out node 10-20, and 20+ 44395a8

[Fix] quoteStyle: properly escape only the containing quotes 5137f8f

[Refactor] clean up quoteStyle code 450680c

[Tests] add quoteStyle escaping tests e997c59

[Dev Deps] update auto-changelog, es-value-fixtures, tape d5a469c

[Tests] replace aud with npm audit fb7815f

[Dev Deps] update mock-property 11c817b

1.13.2 (from changelog)

Commits

[readme] update badges 8a51e6b

[Dev Deps] update @ljharb/eslint-config, tape ef05f58

[Dev Deps] update error-cause, has-tostringtag, tape c0c6c26

[Fix] Don't throw when global is not defined d4d0965

[meta] add missing engines.node 17a352a

[Dev Deps] update globalthis 9c08884

[Dev Deps] update error-cause 6af352d

[Dev Deps] update npmignore 94e617d

[Dev Deps] update mock-property 2ac24d7

[Dev Deps] update tape 46125e5

1.13.1 (from changelog)

Commits

[Fix] in IE 8, global can !== window despite them being prototypes of each other 30d0859

1.13.0 (from changelog)

Commits

[New] add special handling for the global object 431bab2

[Dev Deps] update @ljharb/eslint-config, aud, tape fd4f619

[Dev Deps] update mock-property, tape b453f6c

[Dev Deps] update error-cause e8ffc57

[Dev Deps] update tape 054b8b9

[Dev Deps] temporarily remove aud due to breaking change in transitive deps 2476845

[Dev Deps] pin glob, since v10.3.8+ requires a broken jackspeak 383fa5e

[Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6 68c244c

1.12.3 (from changelog)

Commits

[Fix] in eg FF 24, collections lack forEach 75fc226

[actions] update rebase action to use reusable workflow 250a277

[Dev Deps] update aud, es-value-fixtures, tape 66a19b3

[Dev Deps] update @ljharb/eslint-config, aud, error-cause c43d332

[Tests] add @pkgjs/support to postlint e2618d2

1.12.2 (from changelog)

Commits

[Fix] use util.inspect for a custom inspection symbol method e243bf2

[meta] add support info ca20ba3

[Fix] ignore cause in node v16.9 and v16.10 where it has a bug 86aa553

1.12.1 (from changelog)

Commits

[Tests] use mock-property 4ec8893

[meta] use npmignore to autogenerate an npmignore file 07f868c

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, tape b05244b

[Dev Deps] update @ljharb/eslint-config, error-cause, es-value-fixtures, functions-have-names, tape d037398

[Fix] properly handle callable regexes in older engines 848fe48

1.12.0 (from changelog)

Commits

[New] add numericSeparator boolean option 2d2d537

[Robustness] cache more prototype methods 191533d

[New] ensure an Error’s cause is displayed 53bc2ce

[Dev Deps] update eslint, @ljharb/eslint-config bc164b6

[Robustness] cache RegExp.prototype.test a314ab8

[meta] fix auto-changelog settings 5ed0983

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 65 commits:

↗️ object.assign (indirect, 4.1.2 → 4.1.7) · Repo · Changelog

Release Notes

4.1.7 (from changelog)

[Deps] add missing es-object-atoms (#86)

4.1.6 (from changelog)

[Refactor] use call-bound directly; use es-object-atoms

[Deps] update call-bind, has-symbols

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, hasown, mock-property, ses, tape

[actions] split out node 10-20, and 20+

[actions] remove redundant finisher

[Tests] replace aud with npm audit

4.1.5 (from changelog)

[meta] republish without testing HTML file (#85)

[Deps] update call-bind, define-properties

[Dev Deps] use hasown instead of has

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, aud, npmignore, mock-property, tape

[actions] update rebase action

4.1.4 (from changelog)

[meta] fix npmignore integration (#83)

4.1.3 (from changelog)

[Refactor] make steps closer to actual spec

[Refactor] simplify object coercible check

[readme] remove defunct badges, add coverage and actions badges

[eslint] ignore coverage output

[meta] use npmignore to autogenerate an npmignore file

[meta] remove audit-level

[Deps] update call-bind, define-properties, has-symbols

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, aud, functions-have-names, safe-publish-latest, ses, tape

[actions] use node/install instead of node/run; use codecov action

[actions] reuse common workflows

[actions] update codecov uploader

[Tests] add implementation tests

[Tests] use mock-property

[Tests] disable posttest pending aud handling file: deps

[Tests] migrate remaining tests to Github Actions (#81)

[Tests] gitignore coverage output

[Tests] test node v1-v9 on Github Actions instead of travis; resume testing all minors (#80)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 63 commits:

↗️ object.values (indirect, 1.1.4 → 1.2.1) · Repo · Changelog

Release Notes

1.1.7 (from changelog)

Commits

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, aud, tape 7a52cb5

[Deps] update define-properties, es-abstract 4adc158

1.1.6 (from changelog)

Commits

[actions] reuse common workflows 4072b71

[meta] use npmignore to autogenerate an npmignore file 6881278

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, array.prototype.map, safe-publish-latest, tape 28c21e6

[Dev Deps] update eslint, @ljharb/eslint-config, array.prototype.map, aud, auto-changelog, functions-have-names, tape 0e78caa

[actions] update rebase action to use reusable workflow 6f37c60

[actions] update codecov uploader d7c5f30

[Deps] update define-properties, es-abstract 911ca0e

1.1.5 (from changelog)

Commits

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, tape c397925

[Deps] update es-abstract f98d0da

[Robustness] use a call-bound Array.prototype.push 72a3213

[meta] npmignore coverage output 3b0433f

Does any of this look wrong? Please let us know.

↗️ open (indirect, 7.4.2 → 10.2.0) · Repo

Release Notes

10.2.0

Add support for Brave browser (#362) b62b99e

v10.1.2...v10.2.0

10.1.2

Fix detection of Windows default browser from WSL (#358) 6187a82

v10.1.1...v10.1.2

10.1.1

Fix: Use correct bundle ID for Microsoft Edge (#356) 55537f1

v10.1.0...v10.1.1

10.1.0

Linux: Update xdg-open to 1.2.1 (#338) c702c66

v10.0.4...v10.1.0

10.0.4

Fix support for passing predefined app to openApp() (#335) d9e7422

v10.0.3...v10.0.4

10.0.3

Fix target option on macOS (#332) b597dec

v10.0.2...v10.0.3

10.0.2

Fix Linux compatibility 798cd93

v10.0.1...v10.0.2

10.0.1

Add Windows environment variable fallback for some broken systems (#328) 8e69be4

v10.0.0...v10.0.1

10.0.0

Breaking

Require Node.js 18 5628dc8

v9.1.0...v10.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 72 commits:

↗️ open-editor (indirect, 3.0.0 → 5.1.0) · Repo

Release Notes

5.1.0

Add support for Zed (#22) a7fcc14

v5.0.0...v5.1.0

5.0.0

Breaking

Require Node.js 18 (#21) 1c76dba

Improvements

Update dependencies (#20) 5e73d26

v4.1.1...v5.0.0

4.1.1

Fix usage without any options (#19) d4731b4

v4.1.0...v4.1.1

4.1.0

Add wait option (#17) d86c940

Add VSCodium (#16) 7eb89f4

v4.0.0...v4.1.0

4.0.0

Breaking

Require Node.js 12.20 053506d

This package is now pure ESM. Please read this.

openEditor.make moved to a named export called getEditorInfo.

The EditorRunConfig TypeScript type was renamed to EditorInfo.

v3.0.0...v4.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 14 commits:

↗️ optionator (indirect, 0.9.1 → 0.9.4) · Repo · Changelog

↗️ path-exists (indirect, 4.0.0 → 5.0.0) · Repo

Release Notes

5.0.0

Breaking

Require Node.js 12.20 3e66105

This package is now pure ESM. Please read this.

Changed from a default export to named exports.

v4.0.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 9 commits:

↗️ path-type (indirect, 4.0.0 → 6.0.0) · Repo

Release Notes

6.0.0

Breaking

Require Node.js 18 2d7d7cb

v5.0.0...v6.0.0

5.0.0

Breaking

Require Node.js 12 (#8) 24e52d3

This package is now pure ESM

This means you need to use import {isFile} from 'path-type' instead of const {isFile} = require('path-type').

I would recommend moving to ESM. ESM can still import CommonJS packages, but CommonJS cannot import ESM packages synchronously.

If you cannot move to ESM yet, don't upgrade to this version.

v4.0.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 9 commits:

↗️ picomatch (indirect, 2.3.0 → 4.0.3) · Repo · Changelog

Release Notes

2.3.1

Fixed

Fixes bug when a pattern containing an expression after the closing parenthesis (/!(*.d).{ts,tsx}) was incorrectly converted to regexp (9f241ef).

Changed

Some documentation improvements (f81d236, 421e0e7).

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 43 commits:

↗️ pkg-dir (indirect, 4.2.0 → 5.0.0) · Repo

Release Notes

5.0.0

Breaking

Require Node.js 10 (#9) d3919a8

v4.2.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 5 commits:

↗️ plur (indirect, 4.0.0 → 5.1.0) · Repo

Release Notes

5.1.0

Make the count parameter optional (#29) 6cd0b37

v5.0.0...v5.1.0

5.0.0

Breaking

Require Node.js 12.20 5c1138b

This package is now pure ESM. Please read this.

v4.0.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 7 commits:

↗️ prettier (indirect, 1.19.1 → 3.6.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ regexp-tree (indirect, 0.1.23 → 0.1.27) · Repo

Sorry, we couldn’t find anything useful about this release.

↗️ resolve (indirect, 1.20.0 → 2.0.0-next.5) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ resolve-from (indirect, 4.0.0 → 5.0.0) · Repo

Commits

See the full diff on Github. The new version differs by 2 commits:

↗️ reusify (indirect, 1.0.4 → 1.1.0) · Repo

Release Notes

1.1.0

What's Changed

Fixed a typo in the README by @arliang in #10

typescript support by @doichev-kostia in #13

Modernize CI by @mcollina in #15

Bump @types/node from 20.17.6 to 22.9.0 by @dependabot in #20

Bump neostandard from 0.11.9 to 0.12.0 by @dependabot in #21

New Contributors

@arliang made their first contribution in #10

@doichev-kostia made their first contribution in #13

@dependabot made their first contribution in #20

Full Changelog: v1.0.4...v1.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 8 commits:

↗️ semver (indirect, 7.3.5 → 7.7.3) · Repo · Changelog

Security Advisories 🚨

🚨 semver vulnerable to Regular Expression Denial of Service

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ side-channel (indirect, 1.0.4 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0 (from changelog)

Commits

[Refactor] extract implementations to side-channel-weakmap, side-channel-map, side-channel-list ada5955

[New] add channel.delete c01d2d3

[types] improve types 0c54356

[readme] add content be24868

[actions] split out node 10-20, and 20+ c4488e2

[types] use shared tsconfig 0e0d57c

[Dev Deps] update @ljharb/eslint-config, @ljharb/tsconfig, @types/get-intrinsic, @types/object-inspect, @types/tape, auto-changelog, tape fb4f622

[Deps] update call-bind, get-intrinsic, object-inspect b78336b

[Tests] replace aud with npm audit ee3ab46

[Dev Deps] add missing peer dep c03e21a

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 33 commits:

↗️ signal-exit (indirect, 3.0.3 → 4.1.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 34 commits:

↗️ slash (indirect, 4.0.0 → 5.1.0) · Repo

Release Notes

5.1.0

Improve performance (#26) 03cce86

v5.0.1...v5.1.0

5.0.1

Fix TypeScript doc comment (#23) 9532dfb

v5.0.0...v5.0.1

5.0.0

Breaking

Require Node.js 14 5c5d1d6

Improvements

Remove non-ASCII limitation (#20) b83ed2a

v4.0.0...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 8 commits:

↗️ string-width (indirect, 4.2.2 → 7.2.0) · Repo

Release Notes

7.2.0

Handle more edge-cases be33439

v7.1.0...v7.2.0

7.1.0

Improve performance (#54) b0dd0fa

v7.0.0...v7.1.0

7.0.0

Breaking

Require Node.js 18 97b50e8

Improvements

It now uses the most recent Unicode data, which fixes some false-positives 97b50e8

v6.1.0...v7.0.0

6.1.0

Improve performance (#49) fe356d8

v6.0.0...v6.1.0

6.0.0

Breaking

Require Node.js 16 (#47) f85812f

Improvements

Add countAnsiEscapeCodes option (#48) 6e6993b

Improve compatibility with some languages (#47) f85812f

v5.1.2...v6.0.0

5.1.2

Internal refactor (#40) 2fe6df9

v5.1.1...v5.1.2

5.1.1

Fix incorrect default for ambiguousIsNarrow option 483baa1

v5.1.0...v5.1.1

5.1.0

Add ambiguousIsNarrow option (#34) 8438ea2

v5.0.1...v5.1.0

5.0.1

Upgrade dependencies (#31) 0a37b98

v5.0.0...v5.0.1

5.0.0

Breaking

Require Node.js 12 cec9757

This package is now pure ESM. Please read this.

v4.2.2...v5.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 25 commits:

↗️ string.prototype.trimend (indirect, 1.0.4 → 1.0.9) · Repo · Changelog

Release Notes

1.0.9 (from changelog)

Commits

[actions] split out node 10-20, and 20+ 7e5ffdc

[meta] sort package.json mildly 2f99c8b

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, auto-changelog, tape 2774fe6

[Refactor] use call-bound directly 9e3bbec

[Tests] replace aud with npm audit cb9a462

[meta] add missing engines.node f46c829

[Deps] update call-bind e892c32

[Dev Deps] add missing peer dep e1a59da

1.0.7 (from changelog)

Commits

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, aud, tape 1a10293

[Deps] update define-properties, es-abstract 6ba2e19

1.0.6 (from changelog)

Commits

[meta] use npmignore to autogenerate an npmignore file 1d1e717

[actions] update rebase action to use reusable workflow 83f2683

[Dev Deps] update aud, tape a3a9129

[Deps] update es-abstract a6e476d

1.0.5 (from changelog)

Commits

[actions] reuse common workflows 69a56ce

[actions] use node/install instead of node/run; use codecov action 5d7db31

[Fix] ensure main entry point properly checks the receiver in ES3 engines bb1983d

[Fix] as of unicode v6, the mongolian vowel separator is no longer whitespace 10a1091

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, safe-publish-latest, tape a08e14b

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, functions-have-names, tape 1c4c8da

[actions] update codecov uploader 70c4a7c

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, aud, auto-changelog, tape 4b08ed7

[readme] add github actions/codecov badges 9805501

[Dev Deps] update eslint, tape 50ec335

[actions] update workflows bf9c32e

[meta] use prepublishOnly script for npm 7+ 9d921bd

[Deps] update define-properties 15617ce

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 34 commits:

↗️ string.prototype.trimstart (indirect, 1.0.4 → 1.0.8) · Repo · Changelog

Release Notes

1.0.7 (from changelog)

Commits

[Dev Deps] update @es-shims/api, @ljharb/eslint-config, aud, tape 58e7aa6

[Deps] update define-properties, es-abstract 8d9a7bf

1.0.6 (from changelog)

Commits

[meta] use npmignore to autogenerate an npmignore file 0838ae4

[actions] update rebase action to use reusable workflow d6bb784

[Dev Deps] update aud, tape 8734d9a

[Deps] update es-abstract 30f593f

1.0.5 (from changelog)

Commits

[actions] reuse common workflows 61d4009

[actions] use node/install instead of node/run; use codecov action bfe39c4

[Fix] ensure main entry point properly checks the receiver in ES3 engines 36e3730

[Fix] as of unicode v6, the mongolian vowel separator is no longer whitespace 4f77eed

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, safe-publish-latest, tape 59fcb99

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, functions-have-names, tape 486ffcf

[actions] update codecov uploader b33ac48

[Dev Deps] update eslint, @ljharb/eslint-config, @es-shims/api, aud, auto-changelog, tape 3c89fa5

[readme] add github actions/codecov badges 00be6b3

[Dev Deps] update eslint, tape 13a08f5

[actions] update workflows 6ac576d

[meta] use prepublishOnly script for npm 7+ fa382ca

[Deps] update define-properties d57bffe

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 28 commits:

↗️ strip-ansi (indirect, 6.0.0 → 7.1.2) · Repo

Release Notes

7.1.2

Fix vulnerability in 7.1.1, see: chalk/chalk#656

v7.1.0...v7.1.2

7.1.0

Improve performance (#49) 840a5ea

v7.0.1...v7.1.0

7.0.1

Upgrade dependencies ed41f38

v7.0.0...v7.0.1

7.0.0

Breaking

Require Node.js 12 7cda68d

This package is now pure ESM. Please read this.

v6.0.0...v7.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 13 commits:

↗️ strip-final-newline (indirect, 2.0.0 → 4.0.0) · Repo

Release Notes

4.0.0

Breaking

Require Node.js 18 (#7) 077250c

When specifying a Uint8Array, the returned value is no longer copied. Learn more

Improvements

Improve performance for Uint8Array (#5) e6e647d

Add TypeScript types (#6) 13555b0

v3.0.0...v4.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 13 commits:

↗️ strip-indent (indirect, 4.0.0 → 4.1.0) · Repo

Release Notes

4.1.0

Add dedent named export (#14) ade6b1e

v4.0.0...v4.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 5 commits:

↗️ supports-hyperlinks (indirect, 2.2.0 → 3.2.0) · Repo

Release Notes

3.1.0

Add support for Windows Terminal (#8) e161d1d

v3.0.0...v3.1.0

3.0.0

Breaking

Require Node.js 14

Improvements

Add TypeScript types (#21) a2546da

v2.3.0...v3.0.0

2.3.0

Add VSCode support (#17) 45ff1a8

Add WezTerm support (#14) 6fda6c4

Fix Netlify support (#12) 579ca4c

v2.2.0...v2.3.0

Does any of this look wrong? Please let us know.

Sorry, we couldn’t find anything useful about this release.

↗️ tapable (indirect, 0.1.10 → 2.3.0) · Repo

Release Notes

2.3.0

Features

[TYPES] Added TypedHookMap type.

2.2.3

Fixes

Async hook catch an error when reject a falsy value

[typescript] Support to pass return type for waterfall hooks

2.2.2

Developer Experience

add interceptors type to hook class

2.2.1

Developer Experience

fix some incorrect typings

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ tslib (indirect, 1.14.1 → 2.8.1) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ type-fest (indirect, 0.20.2 → 4.41.0) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by 5 commits:

↗️ typescript (indirect, 4.3.5 → 5.9.3) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unbox-primitive (indirect, 1.0.1 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0 (from changelog)

Commits

[meta] use npmignore to autogenerate an npmignore file 348a5ad

[New] add types a324230

[Tests] use es-value-fixtures a321ae5

[actions] split out node 10-20, and 20+ 04a0e0d

[Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, object-inspect, object-is, tape 7fff971

[actions] update rebase action 91d6807

[Deps] update call-bind, has-symbols, which-boxed-primitive f8b6597

[Dev Deps] update aud, object-inspect, tape b3362a1

[Refactor] use call-bound directly e29ff5f

[meta] add missing engines.node d3420bc

[Tests] replace aud with npm audit 5e6a6d0

[Deps] update which-boxed-primitive 0ff873d

[Dev Deps] update aud dd0e373

[Dev Deps] add missing peer dep 4f79b24

1.0.2 (from changelog)

Commits

[actions] reuse common workflows e6420b9

[actions] update codecov uploader b90aff2

[readme] add github actions/codecov badges; update URLs bcc39b9

[Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, safe-publish-latest, tape a704a32

[Refactor] use call-bind instead of function-bind 0a609f1

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, safe-publish-latest, tape 6a45317

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, tape 795c76f

[Deps] update has-bigints, has-symbols 257a065

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

↗️ which-boxed-primitive (indirect, 1.0.2 → 1.1.1) · Repo · Changelog

Release Notes

1.1.1 (from changelog)

Commits

[Deps] update is-boolean-object, is-number-object, is-string, is-symbol 5266e0c

[Dev Deps] update @arethetypeswrong/cli, @ljharb/tsconfig, @types/tape a660339

1.1.0 (from changelog)

Commits

[actions] reuse common workflows 893df44

[meta] use npmignore to autogenerate an npmignore file bab1ff8

[Tests] use es-value-fixtures and for-each ecacfa0

[New] add types ab38e78

[actions] split out node 10-20, and 20+ 7ee9c3c

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, object-inspect, safe-publish-latest, tape 142215a

[Dev Deps] update eslint, @ljharb/eslint-config, aud, auto-changelog, has-symbols, object-inspect, tape 3559371

[actions] update rebase action to use reusable workflow 928901a

[Deps] update is-bigint, is-boolean-object, is-number-object, is-string, is-symbol f7b14be

[Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, object-inspect, tape 5296738

[Deps] update is-bigint, is-boolean-object, is-number-object, is-string, is-symbol caa6d1c

[meta] add missing engines.node ca40880

[Tests] replace aud with npm audit b0f4069

[Dev Deps] update aud 8d0e336

[Deps] update is-number-object eafcabf

[Dev Deps] add missing peer dep ec4dd52

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 20 commits:

↗️ word-wrap (indirect, 1.2.3 → 1.2.5) · Repo

Security Advisories 🚨

🚨 word-wrap vulnerable to Regular Expression Denial of Service

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Release Notes

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: 1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in #24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in #41

🔒 fix: CVE-2023-26115 by @aashutoshrathi in #33

chore: publish workflow by @OlafConijn in #42

New Contributors

@mohd-akram made their first contribution in #24

@OlafConijn made their first contribution in #41

@aashutoshrathi made their first contribution in #33

Full Changelog: 1.2.3...1.2.4

🚨 [security] Update xo 0.44.0 → 1.2.3 (major)

What changed?

✳️ xo (0.44.0 → 1.2.3) · Repo

↗️ @​babel/code-frame (indirect, 7.12.11 → 7.27.1) · Repo · Changelog

↗️ @​babel/helper-validator-identifier (indirect, 7.14.9 → 7.27.1) · Repo · Changelog

↗️ @​eslint/eslintrc (indirect, 0.4.3 → 3.3.1) · Repo · Changelog

↗️ @​types/eslint (indirect, 7.28.0 → 8.56.12) · Repo

↗️ @​types/estree (indirect, 0.0.50 → 1.0.8) · Repo

↗️ @​types/json-schema (indirect, 7.0.9 → 7.0.15) · Repo

↗️ @​typescript-eslint/eslint-plugin (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @​typescript-eslint/parser (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @​typescript-eslint/scope-manager (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @​typescript-eslint/types (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @​typescript-eslint/typescript-estree (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @​typescript-eslint/visitor-keys (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ acorn (indirect, 7.4.1 → 8.15.0) · Repo

↗️ ansi-escapes (indirect, 4.3.2 → 6.2.1) · Repo

Breaking

Improvements

Breaking

↗️ ansi-regex (indirect, 5.0.0 → 6.2.2) · Repo

Fixes

Breaking

Fixes (backport of 6.0.1 to v5)

↗️ argparse (indirect, 1.0.10 → 2.0.1) · Repo · Changelog

2.0.1 (from changelog)

Fixed

2.0.0 (from changelog)

Changed

↗️ array-includes (indirect, 3.1.3 → 3.1.9) · Repo · Changelog

3.1.9 (from changelog)

Commits

↗️ array.prototype.flat (indirect, 1.2.4 → 1.3.3) · Repo · Changelog

1.3.3 (from changelog)

Commits

1.3.2 (from changelog)

Commits

1.3.1 (from changelog)

Commits

1.3.0 (from changelog)

1.2.5 (from changelog)

↗️ brace-expansion (indirect, 1.1.11 → 2.0.2) · Repo

↗️ braces (indirect, 3.0.2 → 3.0.3) · Repo · Changelog

↗️ browserslist (indirect, 4.16.7 → 4.26.3) · Repo · Changelog

↗️ builtin-modules (indirect, 3.2.0 → 5.0.0) · Repo

Breaking

Improvements

Breaking

↗️ call-bind (indirect, 1.0.2 → 1.0.8) · Repo · Changelog

1.0.8 (from changelog)

Commits

1.0.7 (from changelog)

Commits

1.0.6 (from changelog)

Commits

1.0.5 (from changelog)

1.0.3 (from changelog)

↗️ caniuse-lite (indirect, 1.0.30001249 → 1.0.30001748) · Repo · Changelog

↗️ ci-info (indirect, 3.2.0 → 4.3.1) · Repo · Changelog

↗️ confusing-browser-globals (indirect, 1.0.10 → 1.0.11) · Repo · Changelog

1.0.11 (2017-08-09)

🐛 Bug Fix

💅 Enhancement

📝 Documentation

🏠 Internal

Committers: 26

Migrating from 1.0.10 to 1.0.11

↗️ cosmiconfig (indirect, 7.0.0 → 9.0.0) · Repo · Changelog

↗️ cross-spawn (indirect, 7.0.3 → 7.0.6) · Repo · Changelog

7.0.6 (from changelog)

Bug Fixes

7.0.5 (from changelog)

Bug Fixes

7.0.4 (from changelog)

Bug Fixes

↗️ debug (indirect, 4.3.2 → 4.4.3) · Repo · Changelog

Impact

Patches

References

Point of Contact

↗️ @babel/code-frame (indirect, 7.12.11 → 7.27.1) · Repo · Changelog

↗️ @babel/helper-validator-identifier (indirect, 7.14.9 → 7.27.1) · Repo · Changelog

↗️ @eslint/eslintrc (indirect, 0.4.3 → 3.3.1) · Repo · Changelog

↗️ @types/eslint (indirect, 7.28.0 → 8.56.12) · Repo

↗️ @types/estree (indirect, 0.0.50 → 1.0.8) · Repo

↗️ @types/json-schema (indirect, 7.0.9 → 7.0.15) · Repo

↗️ @typescript-eslint/eslint-plugin (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @typescript-eslint/parser (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @typescript-eslint/scope-manager (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @typescript-eslint/types (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @typescript-eslint/typescript-estree (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

↗️ @typescript-eslint/visitor-keys (indirect, 4.29.1 → 8.46.0) · Repo · Changelog

Fixes (backport of `6.0.1` to v5)