Bump the npm_and_yarn group across 1 directory with 26 updates

[dependabot]

Bumps the npm_and_yarn group with 26 updates in the /examples/react-webapp directory:

Package	From	To
@babel/traverse	7.12.1	7.25.1
browserify-sign	4.2.1	4.2.3
color-string	1.5.4	1.9.1
decode-uri-component	0.2.0	0.2.2
dns-packet	1.3.1	1.3.4
es5-ext	0.10.53	0.10.64
eventsource	1.0.7	1.1.2
express	4.17.1	4.19.2
follow-redirects	1.13.0	1.15.6
hosted-git-info	2.8.8	2.8.9
json5	1.0.1	1.0.2
lodash	4.17.20	4.17.21
merge-deep	3.0.2	3.0.3
minimist	1.2.5	1.2.8
nanoid	3.1.15	3.3.7
path-parse	1.0.6	1.0.7
qs	6.5.2	6.5.3
semver	5.7.1	5.7.2
shelljs	0.8.4	0.8.5
ssri	6.0.1	6.0.2
tar	6.0.5	6.2.1
terser	4.8.0	4.8.1
tmpl	1.0.4	1.0.5
url-parse	1.4.7	1.5.10
word-wrap	1.2.3	1.2.5
ws	6.2.1	6.2.3

Updates @babel/traverse from 7.12.1 to 7.25.1

Release notes

Sourced from @​babel/traverse's releases.

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

Committers: 4

• Adrian (@​nerodesu017)
• Huáng Jùnliàng (@​JLHwung)
• @​keiseiTi
• @​liuxingbaoyu

v7.25.0 (2024-07-26)

Thanks @​davidtaylorhq and @​slatereax for your first PR!

You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

👓 Spec Compliance

• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16537 await using normative updates (@​JLHwung)
• babel-plugin-transform-typescript
  • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@​liuxingbaoyu)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
  • #16658 Move ensureFunctionName to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
  • #16644 Move hoistVariables to Scope.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
  • #16645 Move splitExportDeclaration to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
  • #16649 Move environment-visitor helper into @babel/traverse (@​nicolo-ribaudo)
• babel-core, babel-parser
  • #16480 Expose wether a module has TLA or not as .extra.async (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
  • #16569 Introduce bugfix-safari-class-field-initializer-scope (@​davidtaylorhq)
• babel-plugin-transform-block-scoping, babel-traverse, babel-types
  • #16551 Add NodePath#getAssignmentIdentifiers (@​JLHwung)
• babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
  • #16579 Add uncheckedRequire option for JSON imports to CJS (@​nicolo-ribaudo)
• babel-helper-transform-fixture-test-runner, babel-node
  • #16642 Allow using custom config in babel-node --eval (@​slatereax)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

v7.25.0 (2024-07-26)

👓 Spec Compliance

• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16537 await using normative updates (@​JLHwung)
• babel-plugin-transform-typescript
  • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@​liuxingbaoyu)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
  • #16658 Move ensureFunctionName to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
  • #16644 Move hoistVariables to Scope.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
  • #16645 Move splitExportDeclaration to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
  • #16649 Move environment-visitor helper into @babel/traverse (@​nicolo-ribaudo)
• babel-core, babel-parser
  • #16480 Expose wether a module has TLA or not as .extra.async (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
  • #16569 Introduce bugfix-safari-class-field-initializer-scope (@​davidtaylorhq)
• babel-plugin-transform-block-scoping, babel-traverse, babel-types
  • #16551 Add NodePath#getAssignmentIdentifiers (@​JLHwung)
• babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
  • #16579 Add uncheckedRequire option for JSON imports to CJS (@​nicolo-ribaudo)
• babel-helper-transform-fixture-test-runner, babel-node
  • #16642 Allow using custom config in babel-node --eval (@​slatereax)
• babel-compat-data, babel-helper-create-regexp-features-plugin, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-preset-env, babel-standalone
  • #16445 Add duplicate-named-capturing-groups-regex to preset-env (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16678 Print parens around as expressions on the LHS (@​nicolo-ribaudo)
• babel-template, babel-types
  • #15286 fix: Props are lost when the template replaces the node (@​liuxingbaoyu)

🏠 Internal

• Other

... (truncated)

Commits

• 6bfc823 v7.25.1
• 801d3cb fix: improve variable declarator removal (#16587)
• d2e3ee2 v7.25.0
• d364545 Move ensureFunctionName to NodePath.prototype (#16658)
• 7c31ad1 Move hoistVariables to Scope.prototype (#16644)
• f3f4685 Move splitExportDeclaration to NodePath.prototype (#16645)
• 4579032 Move environment-visitor helper into @babel/traverse (#16649)
• 47d8259 Add NodePath#getAssignmentIdentifiers (#16551)
• 482008c Simplify helper-function-name logic (#16652)
• ddfd86c Revert "Move environment-visitor helper into @babel/traverse" (#16647)
• Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates color-string from 1.5.4 to 1.9.1

Release notes

Sourced from color-string's releases.

1.9.0

Minor Release 1.9.0

• Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @​babycannotsay for their contribution!

1.8.2

Patch release 1.8.2

• Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @​gerdasi and @​mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1

• Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @​clytras for their contribution!

1.8.0

Minor release 1.8.0

• Add anchors to keyword regex (#64)

Thanks to @​cq360767996 for their contribution!

1.7.4

Patch Release 1.7.4

• Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)

1.7.3

Patch Release 1.7.3

• Fix hue modulo operation (#50)

Thanks to @​adroitwhiz for their contributions.

1.7.2

Patch Release 1.7.2

• Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)

Thanks to @​tolmasky for their contributions.

1.7.1

Patch release 1.7.1

... (truncated)

Commits

• d9b04bb 1.9.1
• 937b690 fix to.keyword returning Object.prototype values (#67)
• 4daceef 1.9.0
• 94a429e add parsing of exponential alpha values for HWB and HSL
• fc2f880 1.8.2
• 32f3e00 fix incorrect handling of optional comma in rgb() regex (fixes #65)
• 0766ca7 1.8.1
• 0710543 Fix rgb alpha percentage parsing from int to float
• ab299a7 1.8.0
• bea8702 add anchors to keyword regex
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates dns-packet from 1.3.1 to 1.3.4

Commits

• ebdf849 1.3.4
• ac57872 move all allocUnsafes to allocs for easier maintenance
• c64c950 1.3.3
• 0598ba1 fix .. in encodingLength
• 010aedb 1.3.2
• 0d0d593 backport encodingLength fix to v1
• See full diff in compare view

Updates es5-ext from 0.10.53 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates eventsource from 1.0.7 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2

• Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

• Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0

• Improve performance for large messages across many chunks (#130 Trent Willis)
• Add createConnection option for http or https requests (#120 Vasily Lavrov)
• Support HTTP 302 redirects (#116 Ryan Bonte)
• Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
• Add new to correct test (#111 Stéphane Alnet)
• Fix reconnections attempts now happen more than once (#136 Icy Fish)

Commits

• 0a8b85b 1.1.2
• f99ae66 docs: update history for 1.1.2
• 06c9721 chore: rebuild polyfill
• 9494642 fix: inline origin resolution, drop original dependency (#281)
• aa7a408 1.1.1
• 56d489e chore: rebuild polyfill
• 4a951e5 docs: update history for 1.1.1
• f9f6416 fix: strip sensitive headers on redirect to different origin
• 9dd0687 1.1.0
• 49497ba Update history for 1.1.0 (#146)
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.13.0 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full di...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.