Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump json5, parcel and postcss-modules in /popcorn-viewer #18

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 1, 2023

Bumps json5 to 2.2.3 and updates ancestor dependencies json5, parcel and postcss-modules. These dependencies need to be updated together.

Updates json5 from 2.1.3 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

v2.2.2

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

v2.2.0

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

v2.2.2 [code, diff]

  • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

v2.2.0 [code, diff]

  • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
Commits
  • c3a7524 2.2.3
  • 94fd06d docs: update CHANGELOG for v2.2.3
  • 3b8cebf docs(security): use GitHub security advisories
  • f0fd9e1 docs: publish a security policy
  • 6a91a05 docs(template): bug -> bug report
  • 14f8cb1 2.2.2
  • 10cc7ca docs: update CHANGELOG for v2.2.2
  • 7774c10 fix: add proto to objects and arrays
  • edde30a Readme: slight tweak to intro
  • 97286f8 Improve example in readme
  • Additional commits viewable in compare view

Updates parcel from 1.12.4 to 2.8.2

Release notes

Sourced from parcel's releases.

v2.8.2

Fixed

  • Core
    • Ensure maxListeners for process.stdout accounts for workers – Details
  • JavaScript
    • Bump SWC to fix scoping issue with block-less loops – Details
    • Fix requires of external CommonJS SWC helpers – Details

v2.8.1

Fixed

  • Core
    • fix: remove @​parcel/utils dep in @​parcel/graphDetails
  • JavaScript
    • Don't retarget dependencies with *Details
    • Fix overriding single export of a export *Details
    • Add mjs and cjs to resolver extensions – Details
  • TypeScript
    • Make ts-types transformer work with TS >= 4.8 – Details
  • Web manifest
    • Parse shortcut icons in web app manifests – Details
  • SVG
    • Fix transformer-svg-react not finding .svgrrcDetails

v2.8.0

Blog post: https://parceljs.org/blog/v2-8-0/

Added

  • Core
    • Code splitting across reexports using symbol data by splitting dependencies – Details
    • Update without bundling for non-dependency related changes – Details
    • Improve performance of incremental bundling – Details
    • Only serialize and send shared references to workers that need them – Details
    • Improve performance of HMR by not waiting for packaging – Details
  • JavaScript
    • Verify version when resolving Node builtin polyfills – Details
    • Add loadBundleConfig method to Packager plugins – Details
  • SVG
    • Generate typescript for SVGs when using svgr and typescript option – Details
  • Bundler
    • Move experimental bundler to default – Details

Fixed

  • Core
    • Fix verbose warning: reexport all doesn't include default – Details
    • Support multiple edge types in Graph.hasEdge – Details
    • Ensure edge exists before removal in Graph.removeEdge – Details

... (truncated)

Changelog

Sourced from parcel's changelog.

[2.8.2] - 2022-12-14

  • Core
    • Ensure maxListeners for process.stdout accounts for workers – Details
  • JavaScript
    • Bump SWC to fix scoping issue with block-less loops – Details
    • Fix requires of external CommonJS SWC helpers – Details

[2.8.1] - 2022-12-07

Fixed

  • Core
    • fix: remove @​parcel/utils dep in @​parcel/graphDetails
  • JavaScript
    • Don't retarget dependencies with *Details
    • Fix overriding single export of a export *Details
    • Add mjs and cjs to resolver extensions – Details
  • TypeScript
    • Make ts-types transformer work with TS >= 4.8 – Details
  • Web manifest
    • Parse shortcut icons in web app manifests – Details
  • SVG
    • Fix transformer-svg-react not finding .svgrrcDetails

[2.8.0] - 2022-11-09

Added

  • Core
    • Code splitting across reexports using symbol data by splitting dependencies – Details
    • Update without bundling for non-dependency related changes – Details
    • Improve performance of incremental bundling – Details
    • Only serialize and send shared references to workers that need them – Details
    • Improve performance of HMR by not waiting for packaging – Details
  • JavaScript
    • Verify version when resolving Node builtin polyfills – Details
    • Add loadBundleConfig method to Packager plugins – Details
  • SVG
    • Generate typescript for SVGs when using svgr and typescript option – Details
  • Bundler
    • Move experimental bundler to default – Details

Fixed

  • Core
    • Fix verbose warning: reexport all doesn't include default – Details
    • Support multiple edge types in Graph.hasEdge – Details
    • Ensure edge exists before removal in Graph.removeEdge – Details
    • Disable splitting dependencies on symbols for non-scope hoisted bundles – Details

... (truncated)

Commits

Updates postcss-modules from 2.0.0 to 6.0.0

Changelog

Sourced from postcss-modules's changelog.

6.0.0

Breaking

The resolve option has two parameters now and can return null. Thanks to Rene Haas (@​KingSora) madyankin/postcss-modules@86d8135

Parameters:

  • file — a module we want to resolve
  • importer — the file that imports the module we want to resolve

Return value: string | null | Promise<string | null>

postcss([
	require("postcss-modules")({
    	resolve: function (file, importer) {
			return path.resolve(
				path.dirname(importer),
				file.replace(/^@/, process.cwd()
			);
    	},
  	}),
]);

Fixed

Improved

  • icss-replace-symbols replaced with with icss-utils by Jason Quense (@​jquense). The updated replacer works better and will replace values in selectors, which didn't work until now. madyankin/postcss-modules#145

5.0.0

4.3.1

4.3.0

4.2.2

... (truncated)

Commits
  • 325f0b3 6.0.0
  • a453783 Extract pluginFactory and localConvention into separate modules
  • e87c4ab Refactor to prepare the plugin to work in browsers
  • 1ad9a28 Flatten file hierarchy
  • d0c05d8 Format changelog
  • 09e0789 Increase line length to 100
  • 6afaf50 Drop the old resolve option's implementation
  • 86d8135 add fileResolve option
  • 7bb6d2d Fix #140 drive letter case insensitivity
  • dc5119e feat: update ICSS utils to current package
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [json5](https://github.com/json5/json5) to 2.2.3 and updates ancestor dependencies [json5](https://github.com/json5/json5), [parcel](https://github.com/parcel-bundler/parcel) and [postcss-modules](https://github.com/css-modules/postcss-modules). These dependencies need to be updated together.


Updates `json5` from 2.1.3 to 2.2.3
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.3...v2.2.3)

Updates `parcel` from 1.12.4 to 2.8.2
- [Release notes](https://github.com/parcel-bundler/parcel/releases)
- [Changelog](https://github.com/parcel-bundler/parcel/blob/v2/CHANGELOG.md)
- [Commits](https://github.com/parcel-bundler/parcel/compare/[email protected])

Updates `postcss-modules` from 2.0.0 to 6.0.0
- [Release notes](https://github.com/css-modules/postcss-modules/releases)
- [Changelog](https://github.com/madyankin/postcss-modules/blob/master/CHANGELOG.md)
- [Commits](madyankin/postcss-modules@v2.0.0...v6.0.0)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
- dependency-name: parcel
  dependency-type: direct:development
- dependency-name: postcss-modules
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants