Bump the npm_and_yarn group across 1 directory with 31 updates

[dependabot]

Bumps the npm_and_yarn group with 29 updates in the / directory:

Package	From	To
bootstrap	3.4.0	3.4.1
debug	4.1.1	4.3.1
fast-json-patch	2.0.7	3.1.1
jquery	3.3.1	3.5.0
jszip	3.1.5	3.8.0
markdown-it	8.4.2	12.3.2
openpgp	4.4.7	4.10.11
prismjs	1.15.0	1.27.0
jsdom	13.2.0	16.5.0
katex	0.10.1	0.16.10
minimist	1.2.0	1.2.6
@babel/traverse	7.2.3	7.24.8
ajv	6.8.1	6.12.6
browserify-sign	4.0.4	4.2.3
cached-path-relative	1.0.2	1.1.0
decode-uri-component	0.2.0	0.2.2
es5-ext	0.10.47	0.10.64
express	4.16.4	4.19.2
follow-redirects	1.6.1	1.15.6
fsevents	1.2.7	1.2.13
handlebars	4.0.12	4.7.8
hosted-git-info	2.7.1	2.8.9
loader-utils	1.2.3	1.4.2
moment	2.24.0	2.30.1
node-fetch	2.3.0	2.7.0
path-parse	1.0.6	1.0.7
remarkable	1.7.1	1.7.4
semver	5.6.0	5.7.2
shell-quote	1.6.1	1.8.1

Updates bootstrap from 3.4.0 to 3.4.1

Release notes

Sourced from bootstrap's releases.

v3.4.1

• Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
• Handle bad selectors (#) in data-target for Dropdowns
• Clarified tooltip selector documentation
• Added support for NuGet contentFiles

Commits

• 68b0d23 Dist
• 2ccfa57 handle # selector for dropdown
• a43077d Bump version to 3.4.1.
• d821de2 Backport sanitize docs from v4.
• 5cd9ef4 Add wdm gem for Windows.
• d6b8501 ES5 fixes.
• 2c8abb9 Add sanitize for tooltips and popovers html content.
• d4129df Bump year.
• 0d64d6a less/modals.less: Add missing semicolon.
• 48c5d7b Use https.
• Additional commits viewable in compare view

Updates debug from 4.1.1 to 4.3.1

Release notes

Sourced from debug's releases.

4.3.1

Patch release 4.3.1

• Fixes a ReDOS regression (#458) - see #797 for details.

4.3.0

Minor release

• Deprecated debugInstance.destroy(). Future major versions will not have this method; please remove it from your codebases as it currently does nothing.
• Fixed quoted percent sign
• Fixed memory leak within debug instances that are created dynamically

4.2.0

Minor Release

• Replaced phantomJS with chrome backend for browser tests
• Deprecated and later removed Changelog.md in lieu of releases page
• Removed bower.json (#602)
• Removed .eslintrc (since we've switched to XO)
• Removed .coveralls.yml
• Removed the build system that was in place for various alternate package managers
• Removed the examples folder (#650)
• Switched to console.debug in the browser only when it is available (#600)
• Copied custom logger to namespace extension (#646)
• Added issue and pull request templates
• Added "engines" key to package.json
• Added ability to control selectColor (#747)
• Updated dependencies
• Marked supports-color as an optional peer dependency

Commits

• 0d3d66b 4.3.1
• b6d12fd fix regression
• 3f56313 4.3.0
• e2d3bc9 add deprecation notice for debug.destroy()
• 72e7f86 fix memory leak within debug instance
• 27152ca add test for enable/disable of existing instances
• 22e13fe fix quoted percent sign
• 80ef62a 4.2.0
• 09914af Marks supports-color as an optional peer dependency
• db306db Update and pin ms to 2.1.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates fast-json-patch from 2.0.7 to 3.1.1

Release notes

Sourced from fast-json-patch's releases.

3.1.1

Security Fix for Prototype Pollution - huntr.dev #262

Bug fixes and ES6 modules

Use ES6 Modules

• package now exports non-bundled ES module Starcounter-Jack/JSON-Patch#232
• main still points to CommonJS module for backward compatibility
• README recommends use of named ES imports

List of changes Starcounter-Jack/JSON-Patch@v2.2.1...3.0.0-0

Use ES6 Modules

• package now exports non-bundled ES module Starcounter-Jack/JSON-Patch#232
• main still points to CommonJS module for backward compatibility
• README recommends use of named ES imports

Full list of changes Starcounter-Jack/JSON-Patch@v2.2.1...3.0.0-0

Fix default import

This patch release fixes a regression introduced in 2.2.0, namely: the default import using ES6 with Webpack/Babel stopped working (Starcounter-Jack/JSON-Patch#233).

This version fixes the problem by adding an explicit default import.

Generate invertible test operations

New feature:

• Ability to generate test operations for original values in the first object, also known as "invertible" operations. Search fro the word invertible in README.md for details about usage (PR #228, PR #226).

Code quality:

• Replace deep-equal with fast-deep-equal (PR #227)
• Remove traces for support for legacy browsers which were broken since v2.0.7 (PR #229)
• Fix testing framework

Enhancements and bug fixes

• applyOperation and applyReducer now accept an optional index parameter. This param is used to create more elaborate error messages when invalid operations occur in your patches, Starcounter-Jack/JSON-Patch#221.

• Error messages are now nicely-formatted, they look like:

	The specified index MUST NOT be greater than the number of elements in the array
    name: OPERATION_VALUE_OUT_OF_BOUNDS
    index: 1
    operation: {
      "op": "add",
      "path": "/root/1",
      "value": "val"
    }
    tree: {
</tr></table> 

... (truncated)

Commits

• 9d313ac fix(tests): Updated tests to reflect new error message
• e4f4eb3 3.1.1
• d7903fb fix: typescript codegen changes
• 5f04488 Bumping version number
• 7e9fe13 Typescript provided
• 097864a Documentation updated
• 51964ed feat: Cleaned up vars vs consts
• 8a6a360 New build
• adeb422 Update .gitignore
• 59336fe Merge pull request #292 from Starcounter-Jack/dependabot/npm_and_yarn/ajv-6.12.6
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mountain-jack, a new releaser for fast-json-patch since your current version.

Updates jquery from 3.3.1 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates jszip from 3.1.5 to 3.8.0

Changelog

Sourced from jszip's changelog.

v3.8.0 2022-03-30

• Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

• Fix build of dist files.
  • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

v3.7.0 2021-07-23

• Fix: Use a null prototype object for this.files (see #766)
  • This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

v3.6.0 2021-02-09

• Fix: redirect main to dist on browsers (see #742)
• Fix duplicate require DataLengthProbe, utils (see #734)
• Fix small error in read_zip.md (see #703)

v3.5.0 2020-05-31

• Fix 'End of data reached' error when file extra field is invalid (see #544).
• Typescript definitions: Add null to return types of functions that may return null (see #669).
• Typescript definitions: Correct nodeStream's type (see #682)
• Typescript definitions: Add string output type (see #666)

v3.4.0 2020-04-19

• Add Typescript type definitions (see #601).

v3.3.0 2020-04-1

• Change browser module resolution to support Angular packager (see #614).

v3.2.2 2019-07-04

• No public changes, but a number of testing dependencies have been updated.
• Tested browsers are now: Internet Explorer 11, Chrome (most recent) and Firefox (most recent). Other browsers (specifically Safari) are still supported however testing them on Saucelabs is broken and so they were removed from the test matrix.

v3.2.1 2019-03-22

• Corrected built dist files

v3.2.0 2019-02-21

• Update dependencies to reduce bundle size (see #532).
• Fix deprecated Buffer constructor usage and add safeguards (see #506).

Commits

• 3b98cfc 3.8.0
• 2edab36 Sanitize filenames with loadAsync to prevent zip slip attacks
• 1f631b0 Update contributing
• 459ff79 Add tests for utils that remove leading slash
• d4702a7 Merge pull request #541 from PatricSteffen/patch-1
• 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
• 85c4989 Merge pull request #796 from Stuk/ghci
• 40cc7f4 Add dependency caching
• 5ee321e Install deps needed for Playwright on Github Actions
• eeb841e Remove code and dependencies used for Saucelabs
• Additional commits viewable in compare view

Updates markdown-it from 8.4.2 to 12.3.2

Changelog

Sourced from markdown-it's changelog.

[12.3.2] - 2022-01-08

Security

• Fix possible ReDOS in newline rule. Thanks to @​MakeNowJust.

[12.3.1] - 2022-01-07

Fixed

• Fix corner case when tab prevents paragraph continuation in lists, #830.

[12.3.0] - 2021-12-09

Changed

• StateInline.delimiters[].jump is removed.

Fixed

• Fixed quadratic complexity in pathological ***<10k stars>***a***<10k stars>*** case.

[12.2.0] - 2021-08-02

Added

• Ordered lists: add order value to token info.

Fixed

• Always suffix indented code block with a newline, #799.

[12.1.0] - 2021-07-01

Changed

• Updated CM spec compatibility to 0.30.

[12.0.6] - 2021-04-16

Fixed

• Newline in alt should be rendered, #775.

[12.0.5] - 2021-04-15

Fixed

• HTML block tags with === inside are no longer incorrectly interpreted as headers, #772.
• Fix table/list parsing ambiguity, #767.

[12.0.4] - 2020-12-20

Fixed

• Fix crash introduced in 12.0.3 when processing strikethrough (~~) and similar plugins, #742.
• Avoid fenced token mutation, #745.

[12.0.3] - 2020-12-07

Fixed

... (truncated)

Commits

• d72c68b 12.3.2 released
• aca3396 dist rebuild
• ffc49ab Fix possible ReDOS in newline rule.
• 76469e8 12.3.1 released
• ae5a243 dist rebuild
• 1cd8a51 Fix tab preventing paragraph continuation in lists
• 830757c Fix spelling error in question Github Template (#835)
• 2e31d34 12.3.0 released
• 393354c Dist rebuild
• 8564eed Dev deps bump
• Additional commits viewable in compare view

Updates openpgp from 4.4.7 to 4.10.11

Release notes

Sourced from openpgp's releases.

v4.10.11 (legacy)

Reject cleartext messages with extraneous data preceeding hash, addressing: GHSA-ch3c-v47x-4pgp.

v4.10.10

• Update tweetnacl-js to v1.0.3 (fixing a security issue with generating Ed25519 signatures)
• Fix ElGamal parameter range and PKCS1 decoding (#1169)

v4.10.9

• WKD: Fix "TypeError: fetch is not a function" in Node.js environment (#1181)
• Fix and test dummy key conversion (#1172)
• Fix documentation of the HKP keyId option (#1151)

v4.10.8

• Add config option to allow insecure decryption with RSA signing keys (#1148)
• Allow decryption with revoked keys (#1135)
• Support non-human-readable notation values (#983)
• Add test case for unknown binary notations (#1140)
• Add SecretKey.prototype.makeDummy (#1131)
• Use correct algorithm in ECC validation tests

v4.10.7

• Handle CORS errors during WKD lookup (#1125)
  • Throw in WKD lookup on HTTP errors instead of returning undefined
• Refactor WKD lookup code (#1123)
• Fix key validation tests
• Fix decryption tests

v4.10.6

• Don't zero-copy transfer buffers from the worker by default Fixes signing messages using the same key multiple times in one worker.

v4.10.5

• Faster and more secure, cipher-specific key validation (#1116). Also,
  • Validate keys during decryption
  • Check binding signatures for decryption keys when decrypting messages
  • Do not always fallback on Web Crypto ECC errors
• Add support for advanced WKD lookup (#1115)
• Fix stream-encrypting+signing a message using the Worker (#1112)
• Pass around KDF params as objects (#1104)
• Fix keyId types in JSDoc comments (#1100)
• Also create issuer fingerprint subpacket for v4 keys, not just v5 keys (#1097)

v4.10.4

• Fix normalizing \n after \r\n (broken in v4.10.3)

v4.10.3

• Support compressed data packets with algorithm=uncompressed (#1085)
• Fix memory usage when non-streaming-en/decrypting large files (broken in v4.10.2)
• Drop support for \r as EOL (#1073)
• Fix verification of EdDSA signatures with short MPIs (#1083)

... (truncated)

Commits

• d8a1e25 Release new version
• 8aa633c Reject cleartext messages with extraneous data preceeding hash header
• 1f237e6 Release new version
• 38ec531 Fix ElGamal param range and PKCS1 decoding (#1169)
• d5373ef Update tweetnacl-js
• 21f4ba4 Release new version
• a4b56c9 WKD: Fix "TypeError: fetch is not a function" in Node.js environment (#1181)
• 08fc7b3 Fix and test dummy key conversion (#1172)
• 929b016 Fix documentation of the HKP keyId option (#1151)
• aa89893 Release new version
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by twiss, a new releaser for openpgp since your current version.

Updates prismjs from 1.15.0 to 1.27.0

Release notes

Sourced from prismjs's releases.

v1.27.0

Release 1.27.0

v1.26.0

Release 1.26.0

v1.25.0

Release 1.25.0

v1.24.1

Release 1.24.1

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

v1.22.0

Release 1.22.0

v1.21.0

Release 1.21.0

v1.20.0

Release 1.20.0

v1.19.0

Release 1.19.0

v1.18.0

Release 1.18.0

v1.17.1

Release 1.17.1

v1.17.0

Release 1.17.0

v1.16.0

Release 1.16.0

Changelog

Sourced from prismjs's changelog.

1.27.0 (2022-02-17)

New components

• UO Razor Script (#3309) 3f8cc5a0

Updated components

• AutoIt
  • Allow hyphen in directive (#3308) bcb2e2c8
• EditorConfig
  • Change alias of section from keyword to selector (#3305) e46501b9
• Ini
  • Swap out header for section (#3304) deb3a97f
• MongoDB
  • Added v5 support (#3297) 8458c41f
• PureBasic
  • Added missing keyword and fixed constants ending with $ (#3320) d6c53726
• Scala
  • Added support for interpolated strings (#3293) 441a1422
• Systemd configuration file
  • Swap out operator for punctuation (#3306) 2eb89e15

Updated plugins

• Command Line
  • Escape markup in command line output (#3341) e002e78c
  • Add support for line continuation and improved colors (#3326) 1784b175
  • Added span around command and output (#3312) 82d0ca15

Other

• Core
  • Added better error message for missing grammars (#3311) 2cc4660b

1.26.0 (2022-01-06)

New components

• Atmel AVR Assembly (#2078) b5a70e4c
• Go module (#3209) 8476a9ab
• Keepalived Configure (#2417) d908e457
• Tremor & Trickle & Troy (#3087) ec25ba65
• Web IDL (#3107) ef53f021

Updated components

• Use \d for [0-9] (#3097) 9fe2f93e
• 6502 Assembly
  • Use standard tokens and minor improvements (#3184) 929c33e0

... (truncated)

Commits

• 703881e 1.27.0
• 7ac1373 Updated changelog for v1.27.0 (#3342)
• e002e78 Command Line: Escape markup in command line output (#3341)
• 13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (#3338)
• f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (#3334)
• 9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (#3333)
• 3fcca6b Bump pathval from 1.1.0 to 1.1.1 (#3331)
• 1784b17 Command Line: Add support for line continuation and improved colors (#3326)
• f545843 ESLint: Allow Map and Set in ES5 code (#3328)
• d6c5372 PureBasic: Added missing keyword and fixed constants ending with $ (#3320)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

Updates jsdom from 13.2.0 to 16.5.0

Release notes

Sourced from jsdom's releases.

Version 16.5.0

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

Version 16.4.0

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

Version 16.3.0

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

Version 16.2.2

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
• Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
• Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
• Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
• Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

... (truncated)

Changelog

Sourced from jsdom's changelog.

16.5.0

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

16.4.0

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

16.3.0

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

16.2.2

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

... (truncated)

Commits

• 2d82763 Version 16.5.0
• 9741311 Fix loading of subresources with Unicode filenames
• 5e46553 Use domenic's ESLint config as the base
• 19b35da Fix the URL of about:blank iframes
• 017568e Support inputType on InputEvent
• 29f4fdf Upgrade dependencies
• e2f7639 Refactor create‑event‑accessor.js to remove code duplication
• ff69a75 Convert JSDOM to use callback functions
• 19df6bc Update links in contributing guidelines
• 1e34ff5 Test triage
• Additional commits viewable in compare view

Updates katex from 0.10.1 to 0.16.10

Release notes

Sourced from katex's releases.

v0.16.10

0.16.10 (2024-03-24)

Bug Fixes

• \edef bypassing maxExpand via exponential blowup (e88b4c3)
• escape \includegraphics src and alt (c5897fc)
• force protocol to be lowercase for better protocol filtering (fc5af64), closes /datatracker.ietf.org/doc/html/rfc3986#section-3
• maxExpand limit with Unicode sub/superscripts (085e21b)

v0.16.9

0.16.9 (2023-10-02)

Features

• Support bold Fraktur (#3777) (240d5ae)

v0.16.8

0.16.8 (2023-06-24)

Features

• expose error length and raw error message on ParseError (#3820) (710774a)

v0.16.7

0.16.7 (2023-04-28)

Bug Fixes

• docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)

v0.16.6

0.16.6 (2023-04-17)

Bug Fixes

• Support \let via macros option (#3738) (bdb0be2), closes #3737 #3737

v0.16.5

0.16.5 (2023-04-17)

Features

• __defineFunction API exposing internal defineFunction (#3805) (c7b1f84), closes #3756

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.10 (2024-03-24)

Bug Fixes

• \edef bypassing maxExpand via exponential blowup (e88b4c3)
• escape \includegraphics src and alt (c5897fc)
• force protocol to be lowercase for better protocol filtering (fc5af64), closes /datatracker.ietf.org/doc/html/rfc3986#section-3
• maxExpand limit with Unicode sub/superscripts (085e21b)

0.16.9 (2023-10-02)

Features

• Support bold Fraktur (#3777) (240d5ae)

0.16.8 (2023-06-24)

Features

• expose error length and raw error message on ParseError (#3820) (710774a)

0.16.7 (2023-04-28)

Bug Fixes

• docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)

0.16.6 (2023-04-17)

Bug Fixes

• Support \let via macros option (#3738) (bdb0be2), closes #3737 #3737

0.16.5 (2023-04-17)

Features

• __defineFunction API exposing internal defineFunction (#3805) (c7b1f84), closes #3756

0.16.4 (2022-12-07)

Bug Fixes

... (truncated)

Commits

• ab32359 chore(release): 0.16.10 [ci skip]
• fc5af64 fix: force protocol to be lowercase for better protocol filtering
• 085e21b fix: maxExpand limit with Unicode sub/superscripts
• e88b4c3 fix: \edef bypassing maxExpand via exponential blowup
• c5897fc fix: escape \includegraphics src and alt
• 5677f37 chore: fix some typos (#3936)
• d9640f1 chore(deps): update dependency json-stable-stringify to v1.1.1 [skip netlify]...
• 9a1f2f2 chore(deps): update dependency css-loader to v6.10.0 [skip netlify] (#3887)
• 1851860 chore(deps): update dependency cssnano to v5.1.15 [skip netlify] (#3883)