A Laravel REST API backend with React/Redux, hot module reloading in development and route-level code splitting

Overview

React Laravel Boilerplate

Build Status

This is the boilerplate that I personally use for getting projects off the ground quickly using my favourite stack of technologies. It uses Laravel as a backend API service, and has a React single page application in the front end.

Features

  • Laravel Passport API authentication
  • Route level code splitting using React Lazy/Suspense
  • Login/signup functionality implemented and tested
  • Webpack configuration for development and production
  • React/Redux single page application using React Router
  • Some basic components already built in resources/assets/js/components
  • Simple form building using Formik
  • Component library and interactive component building via Storybook
  • Hot module reloading for your React components using Webpack Dev Server and React Hot Module Reloader
  • Tailwind CSS for utility class styling (see https://tailwindcss.com)
  • Support for scoped styling using React CSS modules using Gajus React CSS Modules
  • Continous build integration via Travis CI
  • Automatic code style fixing with Prettier

Installation

I personally use Vagrant and Homestead, so these installation instructions assume that you use Homestead as well, but the project's dependencies are very similar to the base Laravel installation, so if you use something else to develop locally, the instructions shouldn't change too much.

  • Clone the repository using git clone https://github.com/huwcarwyn/react-laravel-boilerplate
  • Fill out a .env file in the project root using the .env.example file as a template
  • Install composer dependencies using composer install
  • Run php artisan key:generate php artisan migrate php artisan passport:install and php artisan storage:link
  • Install NPM dependencies using npm install
  • Make sure to create two databases, one main and one for running the tests, then run php artisan migrate
  • If you want to use the webpack dev server, make sure that the proxy entry in the weback.dev.js points to the server that's running your Laravel installation.

Important note about development

Since this application takes advantage of webpack hashes to bust caches in production, the asset() and mix() helpers are used when loading front end assets. This means that it is important to set a correct value for ASSET_URL in your .env file. Otherwise Laravel will load assets from the wrong place.

If you are developing using npm run hot - make sure to set ASSET_URL to http://localhost:9000, otherwise for development set it to the root URL of your app.

In production you will need to set this value to the public root, that will usually be the same as your domain name.

Comments
  • Receiving this error on the local

    Receiving this error on the local

    In Connection.php line 664:
                                                                                                                                                                                                               
      SQLSTATE[42S02]: Base table or view not found: 1146 Table 'survey.oauth_clients' doesn't exist (SQL: insert into `oauth_clients` (`user_id`, `name`, `secret`, `redirect`, `personal_access_client`, `p  
      assword_client`, `revoked`, `updated_at`, `created_at`) values (, Laravel Personal Access Client, 2YSpiqaMQua4zRhKWd634H03Mn0KzIvCawBh9tvH, http://localhost, 1, 0, 0, 2019-04-08 17:58:42, 2019-04-08   
      17:58:42))                                                                                                                                                                                               
                                                                                                                                                                                                               
    
    In Connection.php line 452:
                                                                                                      
      SQLSTATE[42S02]: Base table or view not found: 1146 Table 'survey.oauth_clients' doesn't exist  
    
    opened by alinoudev 10
  • How to revoke tokens in session for user?

    How to revoke tokens in session for user?

    Hello again, I ran into some issues, not sure what I am missing:

    So I used the database driver in config/session.php so I can see the data. I don't use Repositories, but refactored the services code into the respective controller methods, but I have encountered a few issues below:

    1. The user_id is null in the sessions table instead of the current auth logged in user:

    screen shot 2018-11-10 at 3 53 45 pm

    1. If there is a logged in user with a laravel_token, and they are a spammer for example that must have their access revoked, I thought that removing the sessions db entry seen above that would invalidate their session/laravel_token, so on their next request they would be logged out, since they are revoked by the admin and their session no longer exists in the db. This could also happen on a password reset, if a user was logged into multiple device, lost their phone, and now resets password to invalidate all other sessions/tokens for this user.

    I seem to be missing something in my understanding on the above 2 points. Any idea what is going on?

    opened by MovingGifts 9
  • npm run dev not compiling app.scss

    npm run dev not compiling app.scss

    Hi! Huwcarwyn. Thank you for this wonderful boilerplate. I would just like to ask help regarding running npm run dev. It seems that its not compiling the app.scss so in the public folder no css are being loaded. Am I missing something from the weback.common.js

    Do i need to setup any configs to fix this. Thank you in advance.

    opened by ThinkDevStudios 8
  • React Boilerplate?

    React Boilerplate?

    Hi huwcarwyn. Just wondering if your using a specific react boilerplate or a custom one for this project. Trying to understand more how the react directories in this project works.

    opened by ThinkDevStudios 5
  • CRUD Functionality

    CRUD Functionality

    Hi Huwcarywn,

    I new to react-redux. I can't figure out how to use crud on this boilerplate.

    Can you add CRUD functionality?

    Great boilerplate btw.

    Thanks :)

    opened by yashiro089 5
  • View individual Post on a separate route ( how to setup the individual post selector on react store?)

    View individual Post on a separate route ( how to setup the individual post selector on react store?)

    Hi Huwcarwyn. I'm trying to create a separate page for the individual post.

    in my app.js <Route exact path="/post/:slug" component={PostWithDashboard} />

    How do I create a selector for an individual post?

    Action Creator

    export const GetPost = data => async dispatch => {
      const response = await dispatch(
        makeRequest(`get-post-${data.slug}`, () =>
          axios.put(`/api/posts/${data.slug}`, data)
        )
      )
    
      dispatch({
        type: actions.GET_POST,
        posts: response.data.data
      })
    }
    

    Selector

    export const selectCustomer = state => {
       ???
      return customer
    }
    
    opened by ThinkDevStudios 4
  • error running npm install

    error running npm install

    just cloned and followed the steps but it seems that npm install is not working out of the box

    ../../nan/nan_implementation_12_inl.h:103:42: error: no viable conversion from 'v8::Isolate *' to 'Local<v8::Context>'
      return scope.Escape(v8::Function::New( isolate
                                             ^~~~~~~
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:183:7: note: candidate constructor (the implicit copy constructor) not viable: no known conversion from 'v8::Isolate *' to 'const v8::Local<v8::Context> &' for 1st argument
    class Local {
          ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:183:7: note: candidate constructor (the implicit move constructor) not viable: no known conversion from 'v8::Isolate *' to 'v8::Local<v8::Context> &&' for 1st argument
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:187:13: note: candidate template ignored: could not match 'Local<type-parameter-0-0>' against 'v8::Isolate *'
      V8_INLINE Local(Local<S> that)
                ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:4126:22: note: passing argument to parameter 'context' here
          Local<Context> context, FunctionCallback callback,
                         ^
    In file included from ../src/binding.cpp:1:
    In file included from ../../nan/nan.h:203:
    In file included from ../../nan/nan_new.h:189:
    ../../nan/nan_implementation_12_inl.h:337:37: error: too few arguments to function call, expected 2, have 1
      return v8::StringObject::New(value).As<v8::StringObject>();
             ~~~~~~~~~~~~~~~~~~~~~      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:5380:3: note: 'New' declared here
      static Local<Value> New(Isolate* isolate, Local<String> value);
      ^
    In file included from ../src/binding.cpp:1:
    In file included from ../../nan/nan.h:203:
    In file included from ../../nan/nan_new.h:189:
    ../../nan/nan_implementation_12_inl.h:337:58: error: expected '(' for function-style cast or type construction
      return v8::StringObject::New(value).As<v8::StringObject>();
                                             ~~~~~~~~~~~~~~~~^
    ../../nan/nan_implementation_12_inl.h:337:60: error: expected expression
      return v8::StringObject::New(value).As<v8::StringObject>();
                                                               ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1034:44: error: no matching member function for call to 'ToString'
          v8::Local<v8::String> string = from->ToString();
                                         ~~~~~~^~~~~~~~
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:2528:44: note: candidate function not viable: requires single argument 'context', but no arguments were provided
      V8_WARN_UNUSED_RESULT MaybeLocal<String> ToString(
                                               ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:2544:35: note: candidate function not viable: requires single argument 'isolate', but no arguments were provided
                        Local<String> ToString(Isolate* isolate) const);
                                      ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1044:37: error: cannot initialize a parameter of type 'v8::Isolate *' with an lvalue of type 'char *'
            length_ = string->WriteUtf8(str_, static_cast<int>(len), 0, flags);
                                        ^~~~
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:2738:26: note: passing argument to parameter 'isolate' here
      int WriteUtf8(Isolate* isolate, char* buffer, int length = -1,
                             ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1818:28: warning: 'Set' is deprecated: Use maybe version [-Wdeprecated-declarations]
        New(persistentHandle)->Set(New(key).ToLocalChecked(), value);
                               ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3358:3: note: 'Set' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version",
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1824:28: warning: 'Set' is deprecated: Use maybe version [-Wdeprecated-declarations]
        New(persistentHandle)->Set(key, value);
                               ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3358:3: note: 'Set' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version",
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1830:28: warning: 'Set' is deprecated: Use maybe version [-Wdeprecated-declarations]
        New(persistentHandle)->Set(index, value);
                               ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3367:3: note: 'Set' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version",
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1836:32: warning: 'Get' is deprecated: Use maybe version [-Wdeprecated-declarations]
            New(persistentHandle)->Get(New(key).ToLocalChecked()));
                                   ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3412:3: note: 'Get' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version", Local<Value> Get(Local<Value> key));
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1842:48: warning: 'Get' is deprecated: Use maybe version [-Wdeprecated-declarations]
        return scope.Escape(New(persistentHandle)->Get(key));
                                                   ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3412:3: note: 'Get' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version", Local<Value> Get(Local<Value> key));
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:1847:48: warning: 'Get' is deprecated: Use maybe version [-Wdeprecated-declarations]
        return scope.Escape(New(persistentHandle)->Get(index));
                                                   ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3416:3: note: 'Get' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version", Local<Value> Get(uint32_t index));
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    In file included from ../../nan/nan.h:2657:
    ../../nan/nan_object_wrap.h:24:25: error: no member named 'IsNearDeath' in 'Nan::Persistent<v8::Object, v8::NonCopyablePersistentTraits<v8::Object> >'
        assert(persistent().IsNearDeath());
               ~~~~~~~~~~~~ ^
    /Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/assert.h:93:25: note: expanded from macro 'assert'
        (__builtin_expect(!(e), 0) ? __assert_rtn(__func__, __FILE__, __LINE__, #e) : (void)0)
                            ^
    In file included from ../src/binding.cpp:1:
    In file included from ../../nan/nan.h:2657:
    ../../nan/nan_object_wrap.h:67:18: warning: 'MarkIndependent' is deprecated: Weak objects are always considered independent. Use TracedGlobal when trying to use EmbedderHeapTracer. Use a strong handle when trying to keep an object alive.
          [-Wdeprecated-declarations]
        persistent().MarkIndependent();
                     ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:563:3: note: 'MarkIndependent' has been explicitly marked deprecated here
      V8_DEPRECATED(
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:307:29: note: expanded from macro 'V8_DEPRECATED'
      declarator __attribute__((deprecated(message)))
                                ^
    In file included from ../src/binding.cpp:1:
    In file included from ../../nan/nan.h:2657:
    ../../nan/nan_object_wrap.h:124:26: error: no member named 'IsNearDeath' in 'Nan::Persistent<v8::Object, v8::NonCopyablePersistentTraits<v8::Object> >'
        assert(wrap->handle_.IsNearDeath());
               ~~~~~~~~~~~~~ ^
    /Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/assert.h:93:25: note: expanded from macro 'assert'
        (__builtin_expect(!(e), 0) ? __assert_rtn(__func__, __FILE__, __LINE__, #e) : (void)0)
                            ^
    In file included from ../src/binding.cpp:1:
    ../../nan/nan.h:2337:9: warning: 'Set' is deprecated: Use maybe version [-Wdeprecated-declarations]
      recv->Set(name, GetFunction(tpl).ToLocalChecked());
            ^
    ../../nan/nan.h:2353:8: note: in instantiation of function template specialization 'Nan::imp::SetMethodAux<v8::Local<v8::Object> >' requested here
      imp::SetMethodAux(recv, fn_name, t, static_cast<T*>(0));
           ^
    ../src/binding.cpp:350:8: note: in instantiation of function template specialization 'Nan::SetMethod<v8::Object, Local>' requested here
      Nan::SetMethod(target, "render", render);
           ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8.h:3358:3: note: 'Set' has been explicitly marked deprecated here
      V8_DEPRECATE_SOON("Use maybe version",
      ^
    /Users/mohitg/.node-gyp/12.4.0/include/node/v8config.h:322:29: note: expanded from macro 'V8_DEPRECATE_SOON'
      declarator __attribute__((deprecated(message)))
                                ^
    10 warnings and 8 errors generated.
    make: *** [Release/obj.target/binding/src/binding.o] Error 1
    gyp ERR! build error
    gyp ERR! stack Error: `make` failed with exit code: 2
    gyp ERR! stack     at ChildProcess.onExit (/Users/mohitg/Projects/react-laravel-boilerplate/node_modules/node-gyp/lib/build.js:262:23)
    gyp ERR! stack     at ChildProcess.emit (events.js:200:13)
    gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
    gyp ERR! System Darwin 18.6.0
    gyp ERR! command "/Users/mohitg/.nvm/versions/node/v12.4.0/bin/node" "/Users/mohitg/Projects/react-laravel-boilerplate/node_modules/node-gyp/bin/node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
    gyp ERR! cwd /Users/mohitg/Projects/react-laravel-boilerplate/node_modules/node-sass
    gyp ERR! node -v v12.4.0
    gyp ERR! node-gyp -v v3.8.0
    gyp ERR! not ok
    Build failed with error code: 1
    npm WARN [email protected] requires a peer of ajv@^6.0.0 but none is installed. You must install peer dependencies yourself.
    npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
    npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] install: `node install`
    npm WARN optional SKIPPING OPTIONAL DEPENDENCY: Exit status 1
    
    npm ERR! code ELIFECYCLE
    npm ERR! errno 1
    npm ERR! [email protected] postinstall: `node scripts/build.js`
    npm ERR! Exit status 1
    npm ERR!
    npm ERR! Failed at the [email protected] postinstall script.
    npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
    
    npm ERR! A complete log of this run can be found in:
    
    opened by mo-hit 4
  • Initial login doesn't run the user data against the UserRepository resulting in a broken avatar link only on login.

    Initial login doesn't run the user data against the UserRepository resulting in a broken avatar link only on login.

    The following line of code just returns $this->auth->user()->toArray(), which skips the UserRepository being applied to the model.

    https://github.com/huwcarwyn/react-laravel-boilerplate/blob/3eeebe7efcc195b8b35b277090590ca023037630/app/Services/Session/LoginService.php#L48

    The result is that this line is never executed

    https://github.com/huwcarwyn/react-laravel-boilerplate/blob/3eeebe7efcc195b8b35b277090590ca023037630/app/Transformers/UserTransformer.php#L35

    and the avatar url doesn't include the /storage/ part of the path, making it a broken link. This only occurs on initial login as far as I can tell, which is probably because that's the only place the user model is returned without using the userRepo.

    I seem to have fixed this by dependency injecting App\Contracts\Repository\UserRepositoryContract into LoginService.php and replacing line 48 with return $this->response->success(['data' => $this->userRepo->currentUser()])->withCookie($apiCookie); after dependency injecting userRepo.

    While this works, I have no idea if this is a bad practice or not. I've never used model repositories before, but I thought I'd at least bring it to your attention and let you know what potential solution I found.

    Thanks for the project. It's really helping me explore the integration of react and laravel.

    opened by jmarikle 4
  • Can't make npm run hot work

    Can't make npm run hot work

    Hi! Currently trying to use npm run hot on local development. whenever i run npm run hot. it seems that it is compiling files but none is written on the public folder?

    Set the asset url to localhost:8080 and replaced port on the webpack.config.js to 8080 as well.

    When checking the browser i also get the following errors.

    react-hot-loader.production.min.js:1 React-Hot-Loader: misconfiguration detected, using production react-hot-loader.production.min.js:1 React-Hot-Loader: Hot Module Replacement is not enabled.

    Am i missing something?

    opened by ThinkDevStudios 3
  • CRED not updating values when using select fields

    CRED not updating values when using select fields

    Hi Huwcarwyn. I checked out the CRED sample and just wondering if you can provide a sample for select fields. The form can't seem to be able to capture the select fields' value.

    i tried using useState and setState hooks but when i submit the form only the input fields value are updated.

      const selectTypeProps = (initialValues ? initialValues.select_type : '')
      const [state, setState] = useState({
        select_type: selectTypeProps,
      })
    
    // This updates the selected field value but does not work on submit
      const selectTypeChange = state => {
        const target = state.target
        const name = target.name
        const value = target.value
        console.log(name + ': ' + value) // this works
        setState({
          ...state,
          [name]: value
        })
      }
    

    Hope you can help me. Thank you!

    opened by ThinkDevStudios 3
  • npm vulnerabilities

    npm vulnerabilities

    Seems like there are some vulnerabilities that appear when I run npm install

    $ npm audit
    
                           === npm audit security report ===
    
    # Run  npm update js-yaml --depth 6  to resolve 4 vulnerabilities
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ Moderate      │ Denial of Service                                            │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ js-yaml                                                      │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ @storybook/react [dev]                                       │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ @storybook/react > @storybook/core > postcss-loader >        │
    │               │ postcss-load-config > cosmiconfig > js-yaml                  │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://nodesecurity.io/advisories/788                       │
    └───────────────┴──────────────────────────────────────────────────────────────┘
    
    
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ Moderate      │ Denial of Service                                            │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ js-yaml                                                      │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ postcss-loader [dev]                                         │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ postcss-loader > postcss-load-config > cosmiconfig > js-yaml │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://nodesecurity.io/advisories/788                       │
    └───────────────┴──────────────────────────────────────────────────────────────┘
    
    
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ High          │ Code Injection                                               │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ js-yaml                                                      │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ @storybook/react [dev]                                       │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ @storybook/react > @storybook/core > postcss-loader >        │
    │               │ postcss-load-config > cosmiconfig > js-yaml                  │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://nodesecurity.io/advisories/813                       │
    └───────────────┴──────────────────────────────────────────────────────────────┘
    
    
    ┌───────────────┬──────────────────────────────────────────────────────────────┐
    │ High          │ Code Injection                                               │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Package       │ js-yaml                                                      │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Dependency of │ postcss-loader [dev]                                         │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ Path          │ postcss-loader > postcss-load-config > cosmiconfig > js-yaml │
    ├───────────────┼──────────────────────────────────────────────────────────────┤
    │ More info     │ https://nodesecurity.io/advisories/813                       │
    └───────────────┴──────────────────────────────────────────────────────────────┘
    
    
    found 4 vulnerabilities (2 moderate, 2 high) in 32010 scanned packages
      run `npm audit fix` to fix 4 of them.
    
    opened by Jarvvski 3
  • Bump json5, babel-plugin-react-css-modules, @storybook/react and loader-utils

    Bump json5, babel-plugin-react-css-modules, @storybook/react and loader-utils

    Bumps json5 to 2.2.3 and updates ancestor dependencies json5, json5, babel-plugin-react-css-modules, @storybook/react and loader-utils. These dependencies need to be updated together.

    Updates json5 from 1.0.1 to 2.2.3

    Release notes

    Sourced from json5's releases.

    v2.2.3

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2

    • Fix: Bump minimist to v1.2.5. (#222)

    v2.1.1

    • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
    • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
    • Fix: Spelling mistakes have been fixed. (#196)

    v2.1.0

    • New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

    v2.0.1

    • Fix: The browser builds in the dist directory support ES5. (#182)

    v2.0.0

    • Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

    • New: Support for Unicode 10 has been added.

    • New: The test framework has been migrated from Mocha to Tap.

    • New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

    • Fix: The warning has been made clearer when line and paragraph separators are

    ... (truncated)

    Changelog

    Sourced from json5's changelog.

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1 [code, diff]

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0 [code, diff]

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2 [code, diff]

    • Fix: Bump minimist to v1.2.5. (#222)

    v2.1.1 [code, [diff][d2.1.1]]

    ... (truncated)

    Commits
    • c3a7524 2.2.3
    • 94fd06d docs: update CHANGELOG for v2.2.3
    • 3b8cebf docs(security): use GitHub security advisories
    • f0fd9e1 docs: publish a security policy
    • 6a91a05 docs(template): bug -> bug report
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • Additional commits viewable in compare view

    Updates json5 from 2.1.1 to 2.2.3

    Release notes

    Sourced from json5's releases.

    v2.2.3

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2

    • Fix: Bump minimist to v1.2.5. (#222)

    v2.1.1

    • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
    • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
    • Fix: Spelling mistakes have been fixed. (#196)

    v2.1.0

    • New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

    v2.0.1

    • Fix: The browser builds in the dist directory support ES5. (#182)

    v2.0.0

    • Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

    • New: Support for Unicode 10 has been added.

    • New: The test framework has been migrated from Mocha to Tap.

    • New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

    • Fix: The warning has been made clearer when line and paragraph separators are

    ... (truncated)

    Changelog

    Sourced from json5's changelog.

    v2.2.3 [code, diff]

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1 [code, diff]

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0 [code, diff]

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2 [code, diff]

    • Fix: Bump minimist to v1.2.5. (#222)

    v2.1.1 [code, [diff][d2.1.1]]

    ... (truncated)

    Commits
    • c3a7524 2.2.3
    • 94fd06d docs: update CHANGELOG for v2.2.3
    • 3b8cebf docs(security): use GitHub security advisories
    • f0fd9e1 docs: publish a security policy
    • 6a91a05 docs(template): bug -> bug report
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • Additional commits viewable in compare view

    Updates babel-plugin-react-css-modules from 3.4.2 to 5.2.6

    Release notes

    Sourced from babel-plugin-react-css-modules's releases.

    v5.2.6

    5.2.6 (2019-05-11)

    Bug Fixes

    • update GitSpo badge URL (d6fdc38)

    v5.2.5

    5.2.5 (2019-05-09)

    Bug Fixes

    • correct GitSpo badge markdown (31c5626)

    v5.2.4

    5.2.4 (2019-03-29)

    Bug Fixes

    • don't break when spreading falsy value (#249) (f11d423)

    v5.2.3

    5.2.3 (2019-03-22)

    Bug Fixes

    • spread should not traverse children elements (#245) (4a47f35)

    v5.2.2

    5.2.2 (2019-03-21)

    Bug Fixes

    v5.2.1

    5.2.1 (2019-02-24)

    Bug Fixes

    • potential problem with default options (#235) (0e39c78)

    v5.2.0

    5.2.0 (2019-02-22)

    ... (truncated)

    Commits
    • d6fdc38 fix: update GitSpo badge URL
    • 31c5626 fix: correct GitSpo badge markdown
    • ff21df5 docs: add GitSpo mentions badge
    • f11d423 fix: don't break when spreading falsy value (#249)
    • 4a47f35 fix: spread should not traverse children elements (#245)
    • 05c2683 fix: handle spread (#243)
    • 70550bc Update hotmodule reloading webpack links (#241)
    • 0e39c78 fix: potential problem with default options (#235)
    • 23b3560 feat: add autoResolveMultiImports option (#234)
    • 37fe030 fix: unresolved optionsDefaults in babel helper (#233)
    • Additional commits viewable in compare view

    Updates @storybook/react from 4.1.18 to 6.5.15

    Release notes

    Sourced from @​storybook/react's releases.

    v6.5.15

    Bug Fixes

    • Support Angular 15.0.4 #20287
    • CLI: execute automigrations when pressing enter in the prompts #20208

    Maintenance

    • Ember: Remove global Ember usage #17843

    v6.5.15-alpha.1

    Bug Fixes

    • Support Angular 15.0.4 #20287
    • CLI: execute automigrations when pressing enter in the prompts #20208

    v6.5.15-alpha.0

    Maintenance

    • Ember: Remove global Ember usage #17843

    v6.5.14

    Bug Fixes

    • Angular: Fix "webpack_require.nmd is not a function issue" in Angular 15 #20043
    • CLI/React native: Fix addons template to import register instead of manager #19620

    Maintenance

    • Core: Patch preview-web and refs to support React Native #19975

    Dependency Upgrades

    • Upgrade loader-utils to 2.0.4 in storysource and source-loader #19891

    v6.5.14-alpha.2

    Bug Fixes

    • Angular: Fix "webpack_require.nmd is not a function issue" in Angular 15 #20043

    v6.5.14-alpha.1

    Maintenance

    • Core: Patch preview-web and refs to support React Native #19975

    v6.5.14-alpha.0

    Bug Fixes

    • CLI/React native: Fix addons template to import register instead of manager #19620

    ... (truncated)

    Changelog

    Sourced from @​storybook/react's changelog.

    6.5.15 (December 20, 2022)

    Bug Fixes

    • Support Angular 15.0.4 #20287
    • CLI: execute automigrations when pressing enter in the prompts #20208

    Maintenance

    • Ember: Remove global Ember usage #17843

    6.5.15-alpha.1 (December 20, 2022)

    Bug Fixes

    • Support Angular 15.0.4 #20287
    • CLI: execute automigrations when pressing enter in the prompts #20208

    6.5.15-alpha.0 (December 12, 2022)

    Maintenance

    • Ember: Remove global Ember usage #17843

    6.5.14 (December 2, 2022)

    Bug Fixes

    • Angular: Fix "webpack_require.nmd is not a function issue" in Angular 15 #20043
    • CLI/React native: Fix addons template to import register instead of manager #19620

    Maintenance

    • Core: Patch preview-web and refs to support React Native #19975

    Dependency Upgrades

    • Upgrade loader-utils to 2.0.4 in storysource and source-loader #19891

    6.5.14-alpha.2 (December 2, 2022)

    Bug Fixes

    • Angular: Fix "webpack_require.nmd is not a function issue" in Angular 15 #20043

    6.5.14-alpha.1 (November 27, 2022)

    Maintenance

    • Core: Patch preview-web and refs to support React Native #19975

    ... (truncated)

    Commits
    • feab19d v6.5.15
    • 075a8dd Update git head to 6.5.15-alpha.1, update yarn.lock [ci skip]
    • cfd775b v6.5.15-alpha.1
    • 9c19ef0 Update git head to 6.5.15-alpha.0, update yarn.lock [ci skip]
    • 095d6ad v6.5.15-alpha.0
    • ae06ca9 Update git head to 6.5.14, update yarn.lock [ci skip]
    • cf65eb7 v6.5.14
    • 6e1e6dd Update git head to 6.5.14-alpha.2, update yarn.lock [ci skip]
    • 71f07c4 v6.5.14-alpha.2
    • 885e7ac Update git head to 6.5.14-alpha.1, update yarn.lock [ci skip]
    • Additional commits viewable in compare view

    Updates loader-utils from 1.1.0 to 2.0.4

    Release notes

    Sourced from loader-utils's releases.

    v2.0.4

    2.0.4 (2022-11-11)

    Bug Fixes

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)

    v2.0.2

    2.0.2 (2021-11-04)

    Bug Fixes

    • base64 generation and unicode characters (#197) (8c2d24e)

    v2.0.1

    2.0.1 (2021-10-29)

    Bug Fixes

    v2.0.0

    2.0.0 (2020-03-17)

    ⚠ BREAKING CHANGES

    • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
    • the getOptions method returns empty object on empty query (#167) (b595cfb)
    • Use md4 by default

    v1.4.2

    1.4.2 (2022-11-11)

    Bug Fixes

    ... (truncated)

    Changelog

    Sourced from loader-utils's changelog.

    2.0.4 (2022-11-11)

    Bug Fixes

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)

    2.0.2 (2021-11-04)

    Bug Fixes

    • base64 generation and unicode characters (#197) (8c2d24e)

    2.0.1 (2021-10-29)

    Bug Fixes

    2.0.0 (2020-03-17)

    ⚠ BREAKING CHANGES

    • minimum required Node.js version is 8.9.0 (#166) (c937e8c)
    • the getOptions method returns empty object on empty query (#167) (b595cfb)
    • Use md4 by default

    1.4.0 (2020-02-19)

    Features

    • the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

    1.3.0 (2020-02-19)

    ... (truncated)

    Commits
    Maintainer changes

    This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.


    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump express from 4.16.4 to 4.18.2

    Bump express from 4.16.4 to 4.18.2

    Bumps express from 4.16.4 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump qs and express

    Bump qs and express

    Bumps qs, express and express. These dependencies needed to be updated together. Updates qs from 6.5.2 to 6.5.3

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Updates express from 4.16.4 to 4.18.2

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Updates express from 4.17.1 to 4.18.2

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump terser from 4.0.2 to 4.8.1

    Bump terser from 4.0.2 to 4.8.1

    Bumps terser from 4.0.2 to 4.8.1.

    Changelog

    Sourced from terser's changelog.

    v4.8.1 (backport)

    • Security fix for RegExps that should not be evaluated (regexp DDOS)

    v4.8.0

    • Support for numeric separators (million = 1_000_000) was added.
    • Assigning properties to a class is now assumed to be pure.
    • Fixed bug where yield wasn't considered a valid property key in generators.

    v4.7.0

    • A bug was fixed where an arrow function would have the wrong size
    • arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.
    • Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

    v4.6.13

    • Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.
    • Fixed parsing of BigInt with lowercase e in them.

    v4.6.12

    • Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]
    • Printing of unicode identifiers has been improved

    v4.6.11

    • Read unused classes' properties and method keys, to figure out if they use other variables.
    • Prevent inlining into block scopes when there are name collisions
    • Functions are no longer inlined into parameter defaults, because they live in their own special scope.
    • When inlining identity functions, take into account the fact they may be used to drop this in function calls.
    • Nullish coalescing operator (x ?? y), plus basic optimization for it.
    • Template literals in binary expressions such as + have been further optimized

    v4.6.10

    • Do not use reduce_vars when classes are present

    v4.6.9

    • Check if block scopes actually exist in blocks

    v4.6.8

    • Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.

    v4.6.7

    • Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump jsdom from 11.12.0 to 16.5.0

    Bump jsdom from 11.12.0 to 16.5.0

    Bumps jsdom from 11.12.0 to 16.5.0.

    Release notes

    Sourced from jsdom's releases.

    Version 16.5.0

    • Added window.queueMicrotask().
    • Added window.event.
    • Added inputEvent.inputType. (diegohaz)
    • Removed ondragexit from Window and friends, per a spec update.
    • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
    • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
    • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
    • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
    • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
    • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
    • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
    • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
    • Fixed xhr.response to return null for failures that occur during the middle of the download.
    • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
    • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
    • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

    Version 16.4.0

    • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
    • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
    • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
    • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
    • Fixed el.focus() to work on SVG elements. (zjffun)
    • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
    • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
    • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
    • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
    • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
    • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

    Version 16.3.0

    • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
    • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
    • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
    • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
    • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
    • Fixed drawing an empty canvas into another canvas. (zjffun)

    Version 16.2.2

    • Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
    • Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
    • Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
    • Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
    • Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
    • Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
    • Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
    • Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
    • Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
    • Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

    ... (truncated)

    Changelog

    Sourced from jsdom's changelog.

    16.5.0

    • Added window.queueMicrotask().
    • Added window.event.
    • Added inputEvent.inputType. (diegohaz)
    • Removed ondragexit from Window and friends, per a spec update.
    • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
    • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
    • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
    • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
    • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
    • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
    • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
    • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
    • Fixed xhr.response to return null for failures that occur during the middle of the download.
    • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
    • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
    • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

    16.4.0

    • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
    • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
    • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
    • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
    • Fixed el.focus() to work on SVG elements. (zjffun)
    • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
    • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
    • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
    • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
    • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
    • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

    16.3.0

    • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
    • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
    • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
    • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
    • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
    • Fixed drawing an empty canvas into another canvas. (zjffun)

    16.2.2

    • Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
    • Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
    • Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
    • Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
    • Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
    • Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

    ... (truncated)

    Commits
    • 2d82763 Version 16.5.0
    • 9741311 Fix loading of subresources with Unicode filenames
    • 5e46553 Use domenic's ESLint config as the base
    • 19b35da Fix the URL of about:blank iframes
    • 017568e Support inputType on InputEvent
    • 29f4fdf Upgrade dependencies
    • e2f7639 Refactor create‑event‑accessor.js to remove code duplication
    • ff69a75 Convert JSDOM to use callback functions
    • 19df6bc Update links in contributing guidelines
    • 1e34ff5 Test triage
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
Owner
Carwyn Stephen
Love Laravel/React/Redux
Carwyn Stephen
Symfony React Blank is a blank symfony and react project, use this template to start your app using Symfony as an backend api and React as a frontend library.

Symfony React Blank Symfony React Blank is a blank symfony and react project, use this template to start your app using Symfony as an backend api and

Antoine Kingue 2 Nov 5, 2021
WP React Plugin Boilerplate - WordPress Setting via React and Rest API

WP React Plugin Boilerplate is a starter WordPress plugin to develop WordPress Plugin via React and Rest API. WP React Plugin Boilerplate WP React Plu

Santosh Kunwar 36 Dec 6, 2022
CodeIgniter 3 + Vue.js 3 + Vite with supported Hot Module Replacement (HMR)

CodeIgniter 3 + Vue.js 3 + Vite Looking for Vue 2? Please check branch vue2 Just a basic example how to integrating CodeIgniter 3 + Vue.js 3 + Vite wi

Nur Muhammad 44 Dec 15, 2022
A full-featured Webpack + vue-loader setup with hot reload, linting, testing & css extraction.

#Vue-Cli Template for Larvel + Webpack + Hotreload (HMR) I had a really tough time getting my workflow rocking between Laravel and VueJS projects. I f

Gary Williams 73 Nov 29, 2022
🔪 WordPress + React Starter Kit: Spin up a WordPress-powered React app in one step

Postlight's Headless WordPress + React Starter Kit is an automated toolset that will spin up three things: A WordPress backend that serves its data vi

Postlight 4.3k Jan 8, 2023
Start WordPress Plugin Development with React JS Package in just few steps

React Js & Wordpress Plugin Package Start WordPress Plugin Development with React JS Package in just few steps Getting Started with this Setup Clone t

Devang Vachheta 2 Aug 17, 2022
LaraAdmin is a Open source Laravel Admin Panel / CMS which can be used as Admin Backend, Data Management Tool or CRM boilerplate for Laravel with features like Advanced CRUD Generation, Module Manager, Backups and many more.

LaraAdmin 1.0 LaraAdmin is a Open source CRM for quick-start Admin based applications with features like Advanced CRUD Generation, Schema Manager and

Dwij IT Solutions 1.5k Dec 29, 2022
Base Laravel project with React and Laravel Sanctum authentication

About this project This is a base Laravel project with ReactJS frontend and Laravel Sanctum API authentication. You could read more about here. Instal

David Toth 8 Oct 25, 2022
React laravel starter kit with tailwind css and vite js(laravel 9)

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Jerald Tonmoy Dias 2 Dec 23, 2022
A Laravel 5.8 API Boilerplate to create a ready-to-use REST API in seconds.

Laravel API Boilerplate (JWT Edition) for Laravel 5.8 Laravel API Boilerplate is a "starter kit" you can use to build your first API in seconds. As yo

Francesco Malatesta 1.2k Dec 18, 2022
Laravel, react, and inertiajs for LevelUp Feel-IT 2021

How To Install hehe Clone the repository: Create your environment file: cp .env.example .env The app key is used to salt passwords. If you need to wor

Raihan Parama 2 Nov 14, 2021
live chat with laravel and react mix

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Bayzid Aman 4 Oct 21, 2022
An open source blog, made using Laravel, Inertia.js, and React.js. Also a learning repository.

Blog An open source Laravel-based blog. Still in progress, will be updated regularly as I wrote articles on my blog. Configurations Shared-hosting, an

Aghits Nidallah 8 Dec 6, 2022
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go

Pterodactyl Panel Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Designed with security in mind, Pterodac

Pterodactyl 4.5k Dec 31, 2022
Create a new project using QuidPHP, LemurCMS and React

QuidPHP/React About QuidPHP/React repository contains a sample application project built on top of the QuidPHP framework. This application is using Le

QuidPHP 2 May 23, 2022
Laravel React Webpack Starter Kit

About Laravel Laravel React Webpack Starter Kit This starter kit is designed to get you up and running with with react.js with Laravel, built on top o

Biju Nakarmi 32 Nov 24, 2022
A preconfigured Laravel, React, Typescript, Docker boilerplate to save you time!

Laravel - React - Docker - Boilerplate This repo is built with the following: Laravel 9 React 17 Vite 3 ESLint 8 TypeScript 4.7 Husky/Commit lint PHP

Lockhinator 23 Dec 14, 2022
Exemplary RealWorld backend API built with Laravel PHP framework.

Example of a PHP-based Laravel application containing real world examples (CRUD, auth, advanced patterns, etc) that adheres to the RealWorld API spec.

Yury 66 Dec 31, 2022
Api first backend boilerplate build with laravel 🎯 you can use as a template 😉

Laravel Backend Template i use this as a starting point for my backend projects , it saves time with basic auth functionalities and has code examples

Hijen EL Khalifi 4 Nov 14, 2022