Bump the npm_and_yarn group across 6 directories with 26 updates

[dependabot]

Bumps the npm_and_yarn group with 14 updates in the / directory:

Package	From	To
react-draft-wysiwyg	1.14.7	1.15.0
ejs	2.7.4	3.1.10
express	4.18.1	4.19.2
webpack	4.46.0	5.94.0
webpack-cli	3.3.12	5.1.4
@babel/traverse	7.18.6	7.25.4
braces	3.0.2	3.0.3
webpack-dev-server	3.11.3	5.0.4
json5	1.0.1	1.0.2
loader-utils	2.0.2	2.0.4
loader-utils	1.4.0	2.0.4
postcss	7.0.39	8.4.41
css-loader	3.6.0	7.1.2
ua-parser-js	0.7.31	0.7.38
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 6 updates in the /examples/cra directory:

Package	From	To
express	4.18.2	4.19.2
@babel/traverse	7.22.11	7.25.4
browserify-sign	4.2.1	4.2.3
elliptic	6.5.4	6.5.7
follow-redirects	1.15.2	1.15.6
ua-parser-js	0.7.35	0.7.38

Bumps the npm_and_yarn group with 15 updates in the /examples/custom directory:

Package	From	To
express	4.17.2	4.19.2
webpack	4.46.0	5.94.0
@babel/traverse	7.16.7	7.25.4
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.14.6	1.15.6
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
node-fetch	2.6.6	2.7.0
isomorphic-fetch	2.2.1	3.0.0
cross-fetch	3.1.4	3.1.8
node-forge	0.10.0	1.3.1
webpack-dev-server	3.11.3	5.0.4
postcss	5.2.18	8.4.41
css-loader	0.28.11	7.1.2
ua-parser-js	0.7.31	0.7.38

Bumps the npm_and_yarn group with 7 updates in the /examples/demo directory:

Package	From	To
express	4.18.1	4.19.2
webpack	4.46.0	5.94.0
@babel/traverse	7.18.9	7.25.4
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.15.1	1.15.6
ua-parser-js	0.7.31	0.7.38
ws	6.2.2	6.2.3

Bumps the npm_and_yarn group with 3 updates in the /examples/mongo directory: react-draft-wysiwyg, next and node-sass.
Bumps the npm_and_yarn group with 5 updates in the /examples/next directory:

Package	From	To
react-draft-wysiwyg	1.13.2	1.14.6
express	4.18.1	4.19.2
braces	3.0.2	3.0.3
ua-parser-js	0.7.31	0.7.38
next	12.3.1	14.1.1

Updates react-draft-wysiwyg from 1.14.7 to 1.15.0

Commits

• See full diff in compare view

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.18.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates webpack from 4.46.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import
• Fixed consumption of eager shared modules for module federation
• Strip slash for pretty regexp
• Calculate correct contenthash for CSS generator options

New Features

• Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
• Added the modern-module library value for tree shakable output
• Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

• Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates webpack-cli from 3.3.12 to 5.1.4

Release notes

Sourced from webpack-cli's releases.

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

• multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

• regression for custom configurations (#3834) (bb4f8eb)

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

• improve check for custom webpack and webpack-dev-server package existance (0931ab6)
• improve help for some flags (f468614)
• improved support for .cts and .mts extensions (a77daf2)

v5.1.1

5.1.1 (2023-05-09)

Bug Fixes

• false positive warning when --watch used (#3783) (c0436ba)

v5.1.0

5.1.0 (2023-05-07)

Features

• shareable webpack configs using extends (#3738) (d04d0b9)

Performance Improvements

• simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

v5.0.2

5.0.2 (2023-04-21)

Bug Fixes

• error message for missing default export in configuration (#3685) (e0a4a09)
• perf: reduced startup time (3b79059)

v5.0.1

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

5.1.4 (2023-06-07)

Bug Fixes

• multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

• regression for custom configurations (#3834) (bb4f8eb)

5.1.2 (2023-06-04)

Bug Fixes

• improve check for custom webpack and webpack-dev-server package existance (0931ab6)
• improve help for some flags (f468614)
• improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

Bug Fixes

• false positive warning when --watch used (#3783) (c0436ba)

5.1.0 (2023-05-07)

Features

• shareable webpack configs using extends (#3738) (d04d0b9)

Performance Improvements

• simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

5.0.2 (2023-04-21)

Bug Fixes

• error message for missing default export in configuration (#3685) (e0a4a09)
• perf: reduced startup time (3b79059)

5.0.1 (2022-12-05)

Bug Fixes

• make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

... (truncated)

Commits

• e07f0e5 chore(release): publish new version
• 0345c6f chore(deps-dev): bump @​typescript-eslint/parser from 5.59.8 to 5.59.9 (#3839)
• f659624 fix: multi compiler progress output
• 0d1ff01 chore(deps-dev): bump webpack from 5.85.0 to 5.85.1 (#3837)
• a7ec146 chore(deps-dev): bump @​typescript-eslint/eslint-plugin (#3838)
• 9464635 chore(deps-dev): bump eslint from 8.41.0 to 8.42.0 (#3835)
• cf1796f docs: update changelog
• 7899c39 chore(release): publish new version
• bb4f8eb fix: regression for custom configurations (#3834)
• 14b9c18 docs: update changelog
• Additional commits viewable in compare view

Updates @babel/traverse from 7.18.6 to 7.25.4

Release notes

Sourced from @​babel/traverse's releases.

v7.25.4 (2024-08-22)

🐛 Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread
  • #16712 Avoid printing unnecessary parens around object destructuring (@​nicolo-ribaudo)

🔬 Output optimization

• babel-generator
  • #16740 Avoid extra spaces between comments/regexps in compact mode (@​nicolo-ribaudo)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.3 (2024-07-31)

🐛 Bug Fix

• babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse
  • #16699 Avoid validating visitors produced by traverse.visitors.merge (@​nicolo-ribaudo)

🏠 Internal

• babel-parser
  • #16688 Add @babel/types as a dependency of @babel/parser (@​nicolo-ribaudo)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.25.2 (2024-07-30)

🐛 Bug Fix

• babel-core, babel-traverse
  • #16695 Ensure that requeueComputedKeyAndDecorators is available (@​nicolo-ribaudo)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.4 (2024-08-22)

🐛 Bug Fix

• babel-traverse
  • #16756 fix: Skip computed key when renaming (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16755 fix: Decorator 2018-09 may throw an exception (@​liuxingbaoyu)
• babel-types
  • #16710 Visit AST fields nodes according to their syntactical order (@​nicolo-ribaudo)
• babel-generator
  • #16709 Print semicolon after TS export namespace as A (@​nicolo-ribaudo)

💅 Polish

• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-typescript, babel-runtime-corejs2, babel-runtime, babel-traverse
  • #16722 Avoid unnecessary parens around sequence expressions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-transform-class-properties
  • #16714 Avoid unnecessary parens around exported arrow functions (@​nicolo-ribaudo)
• babel-generator, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-transform-object-rest-spread
  • #16712 Avoid printing unnecessary parens around object destructuring (@​nicolo-ribaudo)

🔬 Output optimization

• babel-generator
  • #16740 Avoid extra spaces between comments/regexps in compact mode (@​nicolo-ribaudo)

v7.25.3 (2024-07-31)

🐛 Bug Fix

• babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse
  • #16699 Avoid validating visitors produced by traverse.visitors.merge (@​nicolo-ribaudo)

🏠 Internal

• babel-parser
  • #16688 Add @babel/types as a dependency of @babel/parser (@​nicolo-ribaudo)

v7.25.2 (2024-07-30)

🐛 Bug Fix

• babel-core, babel-traverse
  • #16695 Ensure that requeueComputedKeyAndDecorators is available (@​nicolo-ribaudo)

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

v7.25.0 (2024-07-26)

... (truncated)

Commits

• cbf124c v7.25.4
• 2b289fb fix: skip computed key when renaming (#16756)
• 575863c Avoid unnecessary parens around sequence expressions (#16722)
• 5174ad1 Clean all always enabled parser plugins (#16572)
• 52718ab Discontinue babel-eslint-config-internal (#16718)
• dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
• 787c7cd v7.25.3
• 992c6e0 Avoid validating visitors produced by traverse.visitors.merge (#16699)
• 44efb5f print @​babel/traverse version on unknown AST types (#16701)
• 0f8f408 v7.25.2
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates webpack-dev-server from 3.11.3 to 5.0.4

Release notes

Sourced from webpack-dev-server's releases.

v5.0.4

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

v5.0.3

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

v5.0.2

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

v5.0.1

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

v5.0.0

5.0.0 (2024-02-12)

Migration Guide and Changes.

v4.15.2

4.15.2 (2024-03-20)

Bug Fixes

• security: bump webpack-dev-middleware (4116209)

v4.15.1

4.15.1 (2023-06-09)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

5.0.0 (2024-02-12)

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#4856) (874c44b)
• types: compatibility with @types/ws (#4899) (34bcec2)

4.15.0 (2023-05-07)

Features

• overlay displays unhandled promise rejection (#4849) (d1dd430)

4.14.0 (2023-05-06)

... (truncated)

Commits

• 64a1860 chore(release): 5.0.4
• aab576a fix(security): bump webpack-dev-middleware (#5112)
• fb6f22a chore(deps-dev): bump @​commitlint/config-conventional (#5104)
• ba9dfb6 chore(deps-dev): bump @​commitlint/cli from 19.0.3 to 19.1.0 (#5103)
• 08cab58 chore(release): 5.0.3
• 37f4760 chore(deps-dev): bump @​types/node from 20.11.25 to 20.11.26 (#5102)
• 6e1aed3 fix(types): proxy (#5101)
• 8ea7cb8 chore(deps): bump open from 10.0.4 to 10.1.0 (#5100)
• c6a3586 chore(deps-dev): bump puppeteer from 22.4.0 to 22.4.1 (#5099)
• 2201442 chore(deps): update (#5096)
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates loader-utils from 2.0.2 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

Commits

• 6688b50 chore(release): 2.0.4
• ac09944 fix: ReDoS problem (#225)
• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• See full diff in compare view

Updates loader-utils from 1.4.0 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

Commits

• 6688b50 chore(release): 2.0.4
• ac09944 fix: ReDoS problem (#225)
• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• Description has been truncated

  Summary by CodeRabbit

  • New Features

    • Updated several key dependencies, including webpack, next, and react-draft-wysiwyg, introducing potential new features and enhancements.

  • Bug Fixes

    • Upgraded dependencies may include bug fixes that enhance overall application stability and performance.

  • Chores

    • General maintenance of the package.json to keep dependencies current, ensuring improved security and functionality.

[coderabbitai]

Walkthrough

The updates involve significant version changes to various dependencies in multiple package.json files across different examples. Key libraries such as webpack, next, css-loader, and react-draft-wysiwyg have been upgraded to their latest versions, which may include breaking changes, new features, and optimisations. These modifications reflect an effort to keep the project dependencies current and aligned with modern development practices.

Changes

Files	Change Summary
examples/custom/package.json	Upgraded isomorphic-fetch to ^3.0.0, css-loader to ^7.1.2, webpack to ^5.94.0, and webpack-dev-server to ^5.0.4.
examples/demo/package.json	Upgraded webpack to ^5.94.0.
examples/mongo/package.json	Upgraded next to ^14.2.7, node-sass to ^9.0.0, and react-draft-wysiwyg to 1.14.6.
examples/next/package.json	Upgraded react-draft-wysiwyg to 1.14.6 and next to ^14.1.1.
package.json	Upgraded react-draft-wysiwyg to ^1.15.0, css-loader to ^7.1.2, ejs to ^3.1.10, express to ^4.19.2, webpack to ^5.94.0, webpack-cli to ^5.1.4, and webpack-dev-server to ^5.0.4.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant PackageManager
    participant Project

    Developer->>PackageManager: Update dependencies
    PackageManager->>Project: Install new versions
    Project->>Project: Adjust code for breaking changes
    Project->>Developer: Notify of successful updates

Loading

🐰 "Hopping through the code, oh what a sight,
With versions so fresh, everything feels right.
From webpack to next, we leap and we bound,
New features await, let joy abound!
In this garden of code, we'll dance and we'll play,
Celebrating changes, hip-hip-hooray!" 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.