Sourced from postcss's releases.

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

... (truncated)

Sourced from postcss's changelog.

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

... (truncated)

• d33f272 Release 8.4.18 version
• 75d6556 Update dependencies
• a11d868 Merge pull request #1788 from KingSora/main
• a1c0b8b delete package.lock
• 28be739 add toFileUrl function
• edfd3e0 improvement
• 3d0d204 improve test
• 3dac15c absolute sourcemaps have source content
• 767c83e Merge pull request #1787 from muddv/architecture-title-fix
• 567b976 Change title
• Additional commits viewable in compare view

Sourced from tailwindcss's releases.

v3.2.2

Fixed

• Escape special characters in resolved content base paths (#9650)
• Don't reuse container for array returning variant functions (#9644)
• Exclude non-relevant selectors when generating rules with the important modifier (#9677)
• Fix merging of arrays during config resolution (#9706)
• Ensure configured font-feature-settings are included in Preflight (#9707)
• Fix fractional values not being parsed properly inside arbitrary properties (#9705)
• Fix incorrect selectors when using @apply in selectors with combinators and pseudos (#9722)
• Fix cannot read properties of undefined (reading 'modifier') (#9656, aa979d6)

v3.2.1

Fixed

• Fix missing supports in types (#9616)
• Fix missing PostCSS dependencies in the CLI (#9617)
• Ensure micromatch is a proper CLI dependency (#9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551d)

v3.2.0

We just released Tailwind CSS v3.2! Read the announcement post for more details about the most exciting new features.

---

Added

• Add new @config directive (#9405)
• Add new relative: true option to resolve content paths relative to the config file (#9396)
• Add new supports-* variant (#9453)
• Add new min-* and max-* variants (#9558)
• Add new aria-* variants (#9557, #9588)
• Add new data-* variants (#9559, #9588)
• Add new break-keep utility for word-break: keep-all (#9393)
• Add new collapse utility for visibility: collapse (#9181)
• Add new fill-none utility for fill: none (#9403)
• Add new stroke-none utility for stroke: none (#9403)
• Add new place-content-baseline utility for place-content: baseline (#9498)
• Add new place-items-baseline utility for place-items: baseline (#9507)
• Add new content-baseline utility for align-content: baseline (#9507)
• Add support for configuring default font-feature-settings for a font family (#9039)
• Add standalone CLI build for 32-bit Linux on ARM (node16-linux-armv7) (#9084)
• Add future flag to disable color opacity utility plugins (#9088)
• Add negative value support for outline-offset (#9136)
• Add support for modifiers to matchUtilities (#9541)
• Allow negating utilities using min/max/clamp (#9237)
• Implement fallback plugins when there is ambiguity between plugins when using arbitrary values (#9376)
• Support sort function in matchVariant (#9423)
• Upgrade to postcss-nested v6.0 (#9546)

... (truncated)

Sourced from tailwindcss's changelog.

[3.2.2] - 2022-11-04

Fixed

• Escape special characters in resolved content base paths (#9650)
• Don't reuse container for array returning variant functions (#9644)
• Exclude non-relevant selectors when generating rules with the important modifier (#9677)
• Fix merging of arrays during config resolution (#9706)
• Ensure configured font-feature-settings are included in Preflight (#9707)
• Fix fractional values not being parsed properly inside arbitrary properties (#9705)
• Fix incorrect selectors when using @apply in selectors with combinators and pseudos (#9722)
• Fix cannot read properties of undefined (reading 'modifier') (#9656, aa979d6)

[3.2.1] - 2022-10-21

Fixed

• Fix missing supports in types (#9616)
• Fix missing PostCSS dependencies in the CLI (#9617)
• Ensure micromatch is a proper CLI dependency (#9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551db0f2726461371b4f3c6cd4c7090888504)

[3.2.0] - 2022-10-19

Added

• Add new @config directive (#9405)
• Add new relative: true option to resolve content paths relative to the config file (#9396)
• Add new supports-* variant (#9453)
• Add new min-* and max-* variants (#9558)
• Add new aria-* variants (#9557, #9588)
• Add new data-* variants (#9559, #9588)
• Add new break-keep utility for word-break: keep-all (#9393)
• Add new collapse utility for visibility: collapse (#9181)
• Add new fill-none utility for fill: none (#9403)
• Add new stroke-none utility for stroke: none (#9403)
• Add new place-content-baseline utility for place-content: baseline (#9498)
• Add new place-items-baseline utility for place-items: baseline (#9507)
• Add new content-baseline utility for align-content: baseline (#9507)
• Add support for configuring default font-feature-settings for a font family (#9039)
• Add standalone CLI build for 32-bit Linux on ARM (node16-linux-armv7) (#9084)
• Add future flag to disable color opacity utility plugins (#9088)
• Add negative value support for outline-offset (#9136)
• Add support for modifiers to matchUtilities (#9541)
• Allow negating utilities using min/max/clamp (#9237)
• Implement fallback plugins when there is ambiguity between plugins when using arbitrary values (#9376)
• Support sort function in matchVariant (#9423)
• Upgrade to postcss-nested v6.0 (#9546)

Fixed

... (truncated)

• 763fdde 3.2.2
• a5b6ec2 update changelog
• 260e392 Update cssnano to version 5.1.14
• 30d2595 Update autoprefixer to version 10.4.13
• 226be11 update changelog
• aa979d6 ensure we fallback to '' for backwards compatibility reasons
• bf28bf6 Fix cannot read properties of undefined (reading 'modifier') (#9656)
• 0a4ae77 Fix not rebuilding files when rename event is emit (#9689)
• d33b650 Fix incorrect selectors when using @apply in selectors with combinators and...
• c10ba4e Fix fractional values not being parsed properly inside arbitrary properties (...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from postcss's releases.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

... (truncated)

Sourced from postcss's changelog.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

... (truncated)

• c26baf3 Release 8.4.19 version
• ed5103d Update dependencies
• 8086ea3 Merge pull request #1790 from romainmenke/fix-whitespace-bug--passionate-afri...
• 4b38845 fix whitespace bug
• cf9425a Merge pull request #1789 from eduardopilati/patch-1
• ca04e0a Update plugins.md
• fe63768 Update dependencies
• 3b6ba56 Add Node.js 19
• d33f272 Release 8.4.18 version
• 75d6556 Update dependencies
• Additional commits viewable in compare view

Sourced from tailwindcss's releases.

v3.2.4

Added

• Add blocklist option to prevent generating unwanted CSS (#9812)

Fixed

• Fix watching of files on Linux when renames are involved (#9796)
• Make sure errors are always displayed when watching for changes (#9810)

v3.2.3

Fixed

• Fixed use of raw content in the CLI (#9773)
• Pick up changes from files that are both context and content deps (#9787)
• Sort pseudo-elements ONLY after classes when using variants and @apply (#9765)
• Support important utilities in the safelist (pattern must include a !) (#9791)

v3.2.2

Fixed

• Escape special characters in resolved content base paths (#9650)
• Don't reuse container for array returning variant functions (#9644)
• Exclude non-relevant selectors when generating rules with the important modifier (#9677)
• Fix merging of arrays during config resolution (#9706)
• Ensure configured font-feature-settings are included in Preflight (#9707)
• Fix fractional values not being parsed properly inside arbitrary properties (#9705)
• Fix incorrect selectors when using @apply in selectors with combinators and pseudos (#9722)
• Fix cannot read properties of undefined (reading 'modifier') (#9656, aa979d6)

v3.2.1

Fixed

• Fix missing supports in types (#9616)
• Fix missing PostCSS dependencies in the CLI (#9617)
• Ensure micromatch is a proper CLI dependency (#9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551d)

v3.2.0

We just released Tailwind CSS v3.2! Read the announcement post for more details about the most exciting new features.

---

Added

• Add new @config directive (#9405)
• Add new relative: true option to resolve content paths relative to the config file (#9396)
• Add new supports-* variant (#9453)
• Add new min-* and max-* variants (#9558)
• Add new aria-* variants (#9557, #9588)

... (truncated)

Sourced from tailwindcss's changelog.

[3.2.4] - 2022-11-11

Added

• Add blocklist option to prevent generating unwanted CSS (#9812)

Fixed

• Fix watching of files on Linux when renames are involved (#9796)
• Make sure errors are always displayed when watching for changes (#9810)

[3.2.3] - 2022-11-09

Fixed

• Fixed use of raw content in the CLI (#9773)
• Pick up changes from files that are both context and content deps (#9787)
• Sort pseudo-elements ONLY after classes when using variants and @apply (#9765)
• Support important utilities in the safelist (pattern must include a !) (#9791)

[3.2.2] - 2022-11-04

Fixed

• Escape special characters in resolved content base paths (#9650)
• Don't reuse container for array returning variant functions (#9644)
• Exclude non-relevant selectors when generating rules with the important modifier (#9677)
• Fix merging of arrays during config resolution (#9706)
• Ensure configured font-feature-settings are included in Preflight (#9707)
• Fix fractional values not being parsed properly inside arbitrary properties (#9705)
• Fix incorrect selectors when using @apply in selectors with combinators and pseudos (#9722)
• Fix cannot read properties of undefined (reading 'modifier') (#9656, aa979d6)

[3.2.1] - 2022-10-21

Fixed

• Fix missing supports in types (#9616)
• Fix missing PostCSS dependencies in the CLI (#9617)
• Ensure micromatch is a proper CLI dependency (#9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551db0f2726461371b4f3c6cd4c7090888504)

[3.2.0] - 2022-10-19

Added

• Add new @config directive (#9405)
• Add new relative: true option to resolve content paths relative to the config file (#9396)
• Add new supports-* variant (#9453)
• Add new min-* and max-* variants (#9558)

... (truncated)

• f2f1ee9 3.2.4
• 13eb1e2 update changelog
• 22d45dd Update CHANGELOG.md
• 602101d Allow users to block generation of certain utilities (#9812)
• 4ccc0fa Make sure errors are always displayed when watching for changes (#9810)
• 1482c75 Fix watching of files on Linux when renames are involved (#9796)
• 757a8d6 update changelog
• 6166e59 3.2.3
• 8a2f9ed Fix !important selectors not being classified as valid class inside safelist ...
• 6bd9912 Only sort pseudo elements after classes when using @apply and variants (#9765)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from loader-utils's releases.

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

Sourced from loader-utils's changelog.

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• See full diff in compare view

Sourced from loader-utils's releases.

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

Sourced from loader-utils's changelog.

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• See full diff in compare view

Sourced from resolve-url-loader's releases.

5.0.0

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform
• Fixes to end-to-end tests and test framework.

5.0.0-beta.1

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform
• Fixes to end-to-end tests and test framework.

5.0.0-alpha.1

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform

4.0.0

Features

• Better resolution of the original source location - You can more successfully use url() in variables and mixins.
• Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

• The engine option is deprecated which means the old rework engine is deprecated.
• The keepQuery behaviour is now the default, the keepQuery option has been removed.
• The removeCR option defaults to true when executing on Windows OS.
• The absolute option has been removed.
• The join option has changed.

Migrating

See the changlog.

... (truncated)

Sourced from resolve-url-loader's changelog.

resolve-url-loader

Version 5

Features

• Update postcss and completely remove rework parser.

Breaking Changes

• Require node@>=12.
• Support webpack@>=4 (no longer tested for earlier versions).
• The engine option has been removed.

Migrating

Remove the engine option if you are using it.

Version 4

Features

• Better resolution of the original source location - You can more successfully use url() in variables and mixins.
• Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

• The engine option is deprecated which means the old rework engine is deprecated.
• The keepQuery behaviour is now the default, the keepQuery option has been removed.
• The removeCR option defaults to true when executing on Windows OS.
• The absolute option has been removed.
• The join option has changed.

Migrating

Remove the engine option if you are using it - the default "postcss" engine is much more reliable. The "rework" engine will still work for now but will be removed in the next major version.

Remove the keepQuery option if you are using it.

Remove the absolute option, webpack should work fine without it. If you have a specific need to rebase url() then you should use a separate loader.

If you use a custom join function then you will need to refactor it to the new API. Refer to the advanced usage documentation.

If you wish to still use engine: "rework" then note that rework and rework-visit packages are now peerDependencies that must be explicitly installed by you.

Version 3

Features

• Use postcss parser by default. This is long overdue as the old rework parser doesn't cope with modern css.

... (truncated)

• bf01da9 5.0.0
• 78393f6 update branch references to v5
• 6787839 github actions for CI
• 1457038 update changelog and readme
• a01faf9 5.0.0-beta.1
• fb09fae remove the engine option harder, ensure deprecation warning is tested
• 5654fa4 remove the engine option and related tests, use getOptions from loader where ...
• 10f9cdb 5.0.0-alpha.1
• b168dd3 adjust deprecation message for engine option
• 29e142a normalise windows absolute paths to posix format in log messages
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from terser's changelog.

v4.8.1 (backport)

• Security fix for RegExps that should not be evaluated (regexp DDOS)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from guzzlehttp/guzzle's releases.

Release 7.4.5

See change log for changes.

Release 7.4.4

See change log for changes.

Sourced from guzzlehttp/guzzle's changelog.

7.4.5 - 2022-06-20

• Fix change in port should be considered a change in origin
• Fix CURLOPT_HTTPAUTH option not cleared on change of origin

7.4.4 - 2022-06-09

• Fix failure to strip Authorization header on HTTP downgrade
• Fix failure to strip the Cookie header on change in host or HTTP downgrade

• 1dd98b0 Release 7.4.5 (#3043)
• 8d2ce4e Stop pretending that PHP 8.1 is 8.0 in CI (#3024)
• e3ff079 Release 7.4.4 (#3023)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from guzzlehttp/guzzle's releases.

Release 7.4.4

See change log for changes.

Sourced from guzzlehttp/guzzle's changelog.

7.4.4 - 2022-06-09

• Fix failure to strip Authorization header on HTTP downgrade
• Fix failure to strip the Cookie header on change in host or HTTP downgrade

• e3ff079 Release 7.4.4 (#3023)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from ejs's releases.

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

• 5126ff5 Version 3.1.8
• 7d5a1c6 Merge branch 'main' of github.com:mde/ejs into main
• 551949d Minor mitigation
• 66f7471 Merge pull request #664 from netcode/patch-1
• 820855a Version 3.1.7
• 076dcb6 Don't use template literal
• faf8b84 Skip test -- error message vary depending on JS runtime
• c028c34 Update packages
• 839ad20 Update SECURITY.md
• c040180 Update README.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Sourced from resolve-url-loader's releases.

5.0.0

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform
• Fixes to end-to-end tests and test framework.

5.0.0-beta.1

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform
• Fixes to end-to-end tests and test framework.

5.0.0-alpha.1

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform

4.0.0

Features

• Better resolution of the original source location - You can more successfully use url() in variables and mixins.
• Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

• The engine option is deprecated which means the old rework engine is deprecated.
• The keepQuery behaviour is now the default, the keepQuery option has been removed.
• The removeCR option defaults to true when executing on Windows OS.
• The absolute option has been removed.
• The join option has changed.

Migrating

See the changlog.

... (truncated)

Sourced from resolve-url-loader's changelog.

resolve-url-loader

Version 5

Features

• Update postcss and completely remove rework parser.

Breaking Changes

• Require node@>=12.
• Support webpack@>=4 (no longer tested for earlier versions).
• The engine option has been removed.

Migrating

Remove the engine option if you are using it.

Version 4

Features

• Better resolution of the original source location - You can more successfully use url() in variables and mixins.
• Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

• The engine option is deprecated which means the old rework engine is deprecated.
• The keepQuery behaviour is now the default, the keepQuery option has been removed.
• The removeCR option defaults to true when executing on Windows OS.
• The absolute option has been removed.
• The join option has changed.

Migrating

Remove the engine option if you are using it - the default "postcss" engine is much more reliable. The "rework" engine will still work for now but will be removed in the next major version.

Remove the keepQuery option if you are using it.

Remove the absolute option, webpack should work fine without it. If you have a specific need to rebase url() then you should use a separate loader.

If you use a custom join function then you will need to refactor it to the new API. Refer to the advanced usage documentation.

If you wish to still use engine: "rework" then note that rework and rework-visit packages are now peerDependencies that must be explicitly installed by you.

Version 3

Features

• Use postcss parser by default. This is long overdue as the old rework parser doesn't cope with modern css.

... (truncated)

• bf01da9 5.0.0
• 78393f6 update branch references to v5
• 6787839 github actions for CI
• 1457038 update changelog and readme
• a01faf9 5.0.0-beta.1
• fb09fae remove the engine option harder, ensure deprecation warning is tested
• 5654fa4 remove the engine option and related tests, use getOptions from loader where ...
• 10f9cdb 5.0.0-alpha.1
• b168dd3 adjust deprecation message for engine option
• 29e142a normalise windows absolute paths to posix format in log messages
• Additional commits viewable in compare view

Sourced from vue-loader's releases.

v17.0.1

Bug Fixes

• add vue and @vue/compiler-sfc to optional peerDependencies (df0ded5), closes #1944
• merge custom queries rather than appending (#1911) (9e4249a)

v17.0.0

Features

• support reactivityTransform option (e07490e)

BREAKING CHANGES

• remove refSugar option, require vue@^3.2.13

v16.8.3

Bug Fixes

• HMR not working correctly with vue-class-component components (#1897) (76b1448)

v16.8.2

Bug Fixes

• should allow chaining with loaders for non-vue files (#1889) (f32f953), closes #1879 #1883 #1890
• plugin: use compiler.webpack when possible (#1884) (820d23c)

v16.8.1

Bug Fixes

• fix template options resolving for ts (91f581b)

v16.8.0

Bug Fixes

• hmr: fix hmr regression (bacc6a9)

Features

• enableTsInTemplate option (7613534)

  • When used with ts-loader, due to ts-loader's cache invalidation behavior, it sometimes prevents the template from being hot-reloaded in isolation, causing the component to reload despite only the template being edited. If this is annoying, you can set this option to false (and avoid using TS expressions in templates).

  • Alternatively, leave this option on (by default) and use esbuild-loader to transpile TS instead, which doesn't suffer from this problem (it's also a lot faster). However, do note you will need to rely on TS type checking from other sources (e.g. IDE or vue-tsc).

v16.7.1

Bug Fixes

• remove pure annotation for custom blocks (cd891e5)

... (truncated)

Sourced from vue-loader's changelog.

17.0.1 (2022-10-28)

Bug Fixes

• add vue and @vue/compiler-sfc to optional peerDependencies (df0ded5), closes #1944
• merge custom queries rather than appending (#1911) (9e4249a)

17.0.0 (2021-12-12)

Features

• support reactivityTransform option (e07490e)

BREAKING CHANGES

• remove refSugar option, require vue@^3.2.13

16.8.3 (2021-11-04)

Bug Fixes

• HMR not working correctly with vue-class-component components (#1897) (76b1448)

16.8.3 (2021-11-04)

Bug Fixes

• HMR not working correctly with vue-class-component components (#1897) (76b1448)

16.8.2 (2021-10-26)

Bug Fixes

• should allow chaining with loaders for non-vue files (#1889) (f32f953), closes #1879 #1883 #1890
• plugin: use compiler.webpack when possible (#1884) (820d23c)

... (truncated)

• 75d2b5d 17.0.1
• df0ded5 fix: add vue and @vue/compiler-sfc to optional peerDependencies
• b3265c9 chore: add repository property to package.json (#1934)
• 0a02377 chore: fix typo (#2010)
• 9e4249a fix: merge custom queries rather than appending (#1911)
• 6a293df chore: changelog [ci skip]
• e5c7ab4 v17.0.0
• e931434 chore: lockfile
• e07490e feat: support reactivityTransform option
• b391b04 chore: remove unncessary log
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from engine.io's releases.

6.2.1

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

• catch errors when destroying invalid upgrades (#658) (425e833)

Sourced from engine.io's changelog.

6.2.1 (2022-11-20)

:warning: This release contains an important security fix :warning:

A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

Please upgrade as soon as possible.

Bug Fixes

• catch errors when destroying invalid upgrades (#658) (425e833)

3.6.0 (2022-06-06)

Bug Fixes

• add extension in the package.json main entry (#608) (3ad0567)
• do not reset the ping timer after upgrade (1f5d469), closes socketio/socket.io-client-swift#1309

Features

• decrease the default value of maxHttpBufferSize (58e274c)

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

• increase the default value of pingTimeout (f55a79a)

• 24b847b chore(release): 6.2.1
• 425e833 fix: catch errors when destroying invalid upgrades (#658)
• 99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...
• d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#660)
• 7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (#659)
• 535a01d ci: add Node.js 18 in the test matrix
• 1b71a6f docs: remove "Vanilla JS" highlight from README (#656)
• 917d1d2 refactor: replace deprecated String.prototype.substr() (#646)
• 020801a chore: add changelog for version 3.6.0
• ed1d6f9 test: make test script work on Windows (#643)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

... (truncated)

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

... (truncated)

• 6688b50 chore(release): 2.0.4
• ac09944 fix: ReDoS problem (#225)
• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• 5fb5562 chore(release): 2.0.1
• 1069f61 fix: md4 support on Node.js v17 (#193)
• d9f4e23 chore(release): 2.0.0
• 865dc03 refactor: switch to md4 by default (#168)
• Additional commits viewable in compare view

Sourced from resolve-url-loader's releases.

5.0.0

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform
• Fixes to end-to-end tests and test framework.

5.0.0-beta.1

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform
• Fixes to end-to-end tests and test framework.

5.0.0-alpha.1

Breaking changes

• Require node>=12.
• Support only webpack>=4.
• Update to postcss@^8.
• Remove rework engine (which was deprecated in V4).

Bugfixes

• Fix log messages not correctly normalising absolute paths to posix style on Windows platform

4.0.0

Features

• Better resolution of the original source location - You can more successfully use url() in variables and mixins.
• Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

• The engine option is deprecated which means the old rework engine is deprecated.
• The keepQuery behaviour is now the default, the keepQuery option has been removed.
• The removeCR option defaults to true when executing on Windows OS.
• The absolute option has been removed.
• The join option has changed.

Migrating

See the changlog.

... (truncated)

Sourced from resolve-url-loader's changelog.

resolve-url-loader

Version 5

Features

• Update postcss and completely remove rework parser.

Breaking Changes

• Require node@>=12.
• Support webpack@>=4 (no longer tested for earlier versions).
• The engine option has been removed.

Migrating

Remove the engine option if you are using it.

Version 4

Features

• Better resolution of the original source location - You can more successfully use url() in variables and mixins.
• Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

• The engine option is deprecated which means the old rework engine is deprecated.
• The keepQuery behaviour is now the default, the keepQuery option has been removed.
• The removeCR option defaults to true when executing on Windows OS.
• The absolute option has been removed.
• The join option has changed.

Migrating

Remove the engine option if you are using it - the default "postcss" engine is much more reliable. The "rework" engine will still work for now but will be removed in the next major version.

Remove the keepQuery option if you are using it.

Remove the absolute option, webpack should work fine without it. If you have a specific need to rebase url() then you should use a separate loader.

If you use a custom join function then you will need to refactor it to the new API. Refer to the advanced usage documentation.

If you wish to still use engine: "rework" then note that rework and rework-visit packages are now peerDependencies that must be explicitly installed by you.

Version 3

Features

• Use postcss parser by default. This is long overdue as the old rework parser doesn't cope with modern css.

... (truncated)

• bf01da9 5.0.0
• 78393f6 update branch references to v5
• 6787839 github actions for CI
• 1457038 update changelog and readme
• a01faf9 5.0.0-beta.1
• fb09fae remove the engine option harder, ensure deprecation warning is tested
• 5654fa4 remove the engine option and related tests, use getOptions from loader where ...
• 10f9cdb 5.0.0-alpha.1
• b168dd3 adjust deprecation message for engine option
• 29e142a normalise windows absolute paths to posix format in log messages
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.