Sourced from webpack's releases.
\n\n\nv5.94.0
\nBug Fixes
\n\n
\n- Added runtime condition for harmony reexport checked
\n- Handle properly
\ndata
/http
/https
protocols in source maps- Make
\nbigint
optimistic when browserslist not found- Move
\n@types/eslint-scope
to dev deps- Related in asset stats is now always an array when no related found
\n- Handle ASI for export declarations
\n- Mangle destruction incorrect with export named default properly
\n- Fixed unexpected asi generation with sequence expression
\n- Fixed a lot of types
\nNew Features
\n\n
\n- Added new external type "module-import"
\n- Support
\nwebpackIgnore
fornew URL()
construction- [CSS]
\n`@import`
pathinfo supportSecurity
\n\n
\n- Fixed DOM clobbering in auto public path
\nv5.93.0
\nBug Fixes
\n\n
\n- Generate correct relative path to runtime chunks
\n- Makes
\nDefinePlugin
quieter under default log level- Fixed mangle destructuring default in namespace import
\n- Fixed consumption of eager shared modules for module federation
\n- Strip slash for pretty regexp
\n- Calculate correct contenthash for CSS generator options
\nNew Features
\n\n
\n- Added the
\nbinary
generator option for asset modules to explicitly keep source maps produced by loaders- Added the
\nmodern-module
library value for tree shakable output- Added the
\noverrideStrict
option to override strict or non-strict mode for javascript modulesv5.92.1
\nBug Fixes
\n\n
\n- Doesn't crash with an error when the css experiment is enabled and contenthash is used
\nv5.92.0
\nBug Fixes
\n\n
\n\n- Correct tidle range's comutation for module federation
\n- Consider runtime for pure expression dependency update hash
\n- Return value in the
\nsubtractRuntime
function for runtime logic
... (truncated)
\neabf85d
chore(release): 5.94.0955e057
security: fix DOM clobbering in auto public path9822387
test: fixcbb86ed
test: fix5ac3d7f
fix: unexpected asi generation with sequence expression2411661
security: fix DOM clobbering in auto public pathb8c03d4
fix: unexpected asi generation with sequence expressionf46a03c
revert: do not use heuristic fallback for "module-import"60f1898
fix: do not use heuristic fallback for "module-import"66306aa
Revert "fix: module-import get fallback from externalsPresets"zh_TW
translation (pan93412)"}},{"before":null,"after":"09c8a749f4fa0479d27214f4ef27a67aa609d4ee","ref":"refs/heads/dependabot/npm_and_yarn/webpack-5.94.0","pushedAt":"2024-08-30T17:33:15.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump webpack from 5.90.1 to 5.94.0\n\nBumps [webpack](https://github.com/webpack/webpack) from 5.90.1 to 5.94.0.\n- [Release notes](https://github.com/webpack/webpack/releases)\n- [Commits](https://github.com/webpack/webpack/compare/v5.90.1...v5.94.0)\n\n---\nupdated-dependencies:\n- dependency-name: webpack\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] Sourced from micromatch's releases.
\n\n\n4.0.8
\nUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.
\n
Sourced from micromatch's changelog.
\n\n\n[4.0.8] - 2024-08-22
\n\n
\n- backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch
\n[4.0.7] - 2024-05-22
\n\n
\n- this is basically v4.0.5, with some README updates
\n- it is vulnerable to CVE-2024-4067
\n- Updated braces to v3.0.3 to avoid CVE-2024-4068
\n- does NOT break API compatibility
\n[4.0.6] - 2024-05-21
\n\n
\n- Added
\nhasBraces
to check if a pattern contains braces.- Fixes CVE-2024-4067
\n- BREAKS API COMPATIBILITY
\n- Should be labeled as a major release, but it's not.
\n
8bd704e
4.0.8a0e6841
run verb to generate README documentation4ec2884
Merge branch 'v4' into hauserkristof-feature/v4.0.803aa805
Merge pull request #266 from hauserkristof/feature/v4.0.8814f5f7
lint67fcce6
fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5113f2e3
fix: CVE numbers in CHANGELOGd9dbd9a
feat: updated CHANGELOG2ab1315
fix: use actions/setup-node@v41406ea3
feat: rework test to work on macos with node 10,12 and 14Sourced from trix's releases.
\n\n\nv2.1.4
\nWhat's Changed
\n\n
\n- Fix XSS vulnerability on paste by
\n@afcapel
in basecamp/trix#1156Full Changelog: https://github.com/basecamp/trix/compare/2.1.3...v2.1.4
\n2.1.3
\nNo release notes provided.
\nv2.1.2
\n\n
\n- Fix for problem with suggestions in iOS 18 beta by
\n@jorgemanrubia
in #1165v2.1.1
\nWhat's Changed
\n\n
\n- Bump tar from 6.2.0 to 6.2.1 by
\n@dependabot
in basecamp/trix#1146- Sanitize noscript to prevent copy and paste XSS by
\n@lewispb
in basecamp/trix#1147- Sanitize HTML content in data-trix-* attributes by
\n@lewispb
&@afcapel
in basecamp/trix#1149New Contributors
\n\n
\n- \n
@lewispb
made their first contribution in basecamp/trix#1147Full Changelog: https://github.com/basecamp/trix/compare/v2.1.0...v2.1.1
\nv2.1.0
\nWhat's Changed
\n\n
\n- Bump ip from 1.1.8 to 1.1.9 by
\n@dependabot
in basecamp/trix#1136- Bump follow-redirects from 1.15.4 to 1.15.6 by
\n@dependabot
in basecamp/trix#1140- Allow custom HTML attributes in blocks by
\n@afcapel
in basecamp/trix#1138Full Changelog: https://github.com/basecamp/trix/compare/v2.0.10...v2.1.0
\nv2.0.10
\nWhat's Changed
\n\n
\n- Use the target range to insert the replacement text by
\n@afcapel
in basecamp/trix#1131Full Changelog: https://github.com/basecamp/trix/compare/v2.0.9...v2.0.10
\nv2.0.9
\nWhat's Changed
\n\n
\n\n- Pass invoking element as event data by
\n@swanson
in basecamp/trix#1112- Update unpkg revision by
\n@jmscholen
in basecamp/trix#1115- Bump follow-redirects from 1.15.3 to 1.15.4 by
\n@dependabot
in basecamp/trix#1118- Rebrand back to 37signals by
\n@northeastprince
in basecamp/trix#1123- Add default word-break to trix-content by
\n@afcapel
in basecamp/trix#1126- Request render after insertReplacementText by
\n@afcapel
in basecamp/trix#1129- Only run test on SauceLabs when SAUCE_ACCESS_KEY is set by
\n@afcapel
in basecamp/trix#1130
... (truncated)
\n9579e33
v2.1.47656f57
Merge pull request #1156 from basecamp/paste-vuln626a4f4
Support browsers where getHTML is not supportedc8dbd3d
Ensure we always sanitize HTML we set as innerHTMLbeabac2
Drop defunct bin/release superseded by yarn releaseb29b663
bin/release: upload .map files to release90c1006
bin/release: narrow release fileseca01a1
bin/release: drop needless copyright year updates and src commitsf7793b6
bin/release: dist/ is no longer version controlled4d6dd1b
boopThis version was pushed to npm by jorgemanrubia, a new releaser for trix since your current version.
\n