• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v15.5.5

Release Notes for v15.5.5

Other Changes

• Backported fix for CVE-2022-1482. #34040
• Backported fix for CVE-2022-1483. #34009
• Backported fix for CVE-2022-1497. #34075

electron v15.5.4

Release Notes for v15.5.4

Other Changes

• Backported fix for CVE-2022-1138. #33682
• Backported fix for CVE-2022-1478. #34045
• Backported fix for CVE-2022-1479. #34037
• Backported fix for CVE-2022-1480. #34019
• Backported fix for CVE-2022-1492. #34051

electron v15.5.3

Release Notes for v15.5.3

Fixes

• Fixed a network service crash that could occur when using setCertificateVerifyProc. #33256 (Also in 16, 17, 18)
• shell.openExternal() now reports more detailed errors on Windows. #33656 (Also in 16, 17, 18, 19)

Other Changes

• Backported fix for CVE-2022-1134. #33763
• Backported fix for CVE-2022-1305. #33860
• Backported fix for CVE-2022-1310. #33831
• Backported fix for CVE-2022-1314. #33884
• Backported fix for CVE-2022-1364. #33836
• Backported fix for chromium:1286816. #33679
• Backported fix for chromium:1291482. #33676
• Backported fix for chromium:1310761. #33856
• Security: backported fix for CVE-2022-0116 and CVE-2022-1306. #33852
• Security: backported fix for CVE-2022-23308. #33670
• Security: backported fix for chromium:1280743. #33715
• Security: backported fix for chromium:1280852. #33673

electron v15.5.2

Release Notes for v15.5.2

Fixes

• Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #33523 (Also in 16, 18)

Other Changes

... (truncated)

• f988853 Bump v15.5.5
• 8bc25e8 build: change upload-to-s3 vars to upload-to-storage (#34142)
• a8f8b50 build: use azure function to hash assets instead of lambda (#34119)
• eb320cb build: stop uploading assets to S3 (#34112)
• 37eab5c chore: cherry-pick 5be8e065f43e from chromium (#34040)
• fc91202 chore: cherry-pick 5361d836ae from chromium (#34009)
• 6aa0609 chore: cherry-pick 6b66a45021 from chromium (#34075)
• 620d615 test: fix nativeModulesEnabled in spec/webview-spec.js (#34063)
• ec7baba Bump v15.5.4
• f8ba4d6 chore: cherry-pick d27d9d059b51 from angle (#34045)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v15.5.5

Release Notes for v15.5.5

Other Changes

• Backported fix for CVE-2022-1482. #34040
• Backported fix for CVE-2022-1483. #34009
• Backported fix for CVE-2022-1497. #34075

electron v15.5.4

Release Notes for v15.5.4

Other Changes

• Backported fix for CVE-2022-1138. #33682
• Backported fix for CVE-2022-1478. #34045
• Backported fix for CVE-2022-1479. #34037
• Backported fix for CVE-2022-1480. #34019
• Backported fix for CVE-2022-1492. #34051

electron v15.5.3

Release Notes for v15.5.3

Fixes

• Fixed a network service crash that could occur when using setCertificateVerifyProc. #33256 (Also in 16, 17, 18)
• shell.openExternal() now reports more detailed errors on Windows. #33656 (Also in 16, 17, 18, 19)

Other Changes

• Backported fix for CVE-2022-1134. #33763
• Backported fix for CVE-2022-1305. #33860
• Backported fix for CVE-2022-1310. #33831
• Backported fix for CVE-2022-1314. #33884
• Backported fix for CVE-2022-1364. #33836
• Backported fix for chromium:1286816. #33679
• Backported fix for chromium:1291482. #33676
• Backported fix for chromium:1310761. #33856
• Security: backported fix for CVE-2022-0116 and CVE-2022-1306. #33852
• Security: backported fix for CVE-2022-23308. #33670
• Security: backported fix for chromium:1280743. #33715
• Security: backported fix for chromium:1280852. #33673

electron v15.5.2

Release Notes for v15.5.2

Fixes

• Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #33523 (Also in 16, 18)

Other Changes

... (truncated)

• f988853 Bump v15.5.5
• 8bc25e8 build: change upload-to-s3 vars to upload-to-storage (#34142)
• a8f8b50 build: use azure function to hash assets instead of lambda (#34119)
• eb320cb build: stop uploading assets to S3 (#34112)
• 37eab5c chore: cherry-pick 5be8e065f43e from chromium (#34040)
• fc91202 chore: cherry-pick 5361d836ae from chromium (#34009)
• 6aa0609 chore: cherry-pick 6b66a45021 from chromium (#34075)
• 620d615 test: fix nativeModulesEnabled in spec/webview-spec.js (#34063)
• ec7baba Bump v15.5.4
• f8ba4d6 chore: cherry-pick d27d9d059b51 from angle (#34045)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v15.3.5

Release Notes for v15.3.5

Fixes

• Allowed specifying x64 arch on Mac Rosetta via npm_config_arch. #32380 (Also in 16, 17)
• Bug fixed for registering protocol in windows which used to set invalid command if the execution path included space. #32330 (Also in 14, 16, 17)
• Fixed window.open not overriding parent's webPreferences. #32109 (Also in 16, 17)
• Fixed a crash caused by app.getLocaleCountryCode(). #32332 (Also in 16, 17)
• Fixed crash when playing media files on Windows 7/8 or macOS 10.11/10.12. #32213 (Also in 13, 14, 16, 17)
• Fixed incorrect skipTransformProcessType option parsing in win.setVisibleOnAllWorkspaces(). #32396 (Also in 13, 14, 16, 17)
• No Notes. #32245 (Also in 13, 14, 16, 17)

Other Changes

• Backported fix for CVE-2021-38006. #32009
• Backported fix for CVE-2021-38008. #32011
• Backported fix for CVE-2021-38018. #32257
• Backported fix for CVE-2021-4056. #32235
• Backported fix for CVE-2021-4057. #32232
• Backported fix for CVE-2021-4058. #32223
• Backported fix for CVE-2021-4059. #32210
• Backported fix for CVE-2021-4078. #32216
• Backported fix for CVE-2021-4079. #32226
• Backported fix for CVE-2021-4098. #32181
• Backported fix for CVE-2021-4099. #32187
• Backported fix for CVE-2021-4101. #32190

electron v15.3.4

Release Notes for v15.3.4

Fixes

• Assertion failure happening in the showSaveDialogSync() code path has been fixed. (Fixes #31997). #32081 (Also in 14, 16, 17)
• No Notes. #32197 (Also in 13, 14, 16, 17)

electron v15.3.3

Release Notes for v15.3.3

Fixes

• Fixed a potential issue when setting backgroundColor on BrowserViews. #31946 (Also in 14, 16, 17)
• Fixed respecting aspect ratio when maximum size is set on BrowserWindow. #31956 (Also in 14, 16, 17)
• Fixed window frame glitch when calling setContentProtection. #31830 (Also in 13, 14, 16)

Other Changes

• Backported fix for CVE-2021-38005. #31919
• Backported fix for CVE-2021-38007. #31910
• Backported fix for CVE-2021-38009. #31927
• Backported fix for CVE-2021-38010. #31902
• Backported fix for CVE-2021-38011. #31899

... (truncated)

• 9f08e46 Bump v15.3.5
• 6a70d8a fix: incorrect skipTransformProcessType option parsing in `win.setVisibleOn...
• aab276c chore: cherry-pick da11d71a0227 from chromium (#32181)
• 053fea1 chore: cherry-pick 05e69c75905f from angle (#32190)
• 0b0e991 chore: cherry-pick 809830f1b3 from webrtc (#32226)
• ec7408a chore: cherry-pick 891020ed64d4 from angle (#32223)
• 250b7ed docs: left is a valid mode in contents.openDevTools() options (#32372) (#32404)
• d136430 chore: cherry-pick dbde8795233a from chromium (#32210)
• 79abfe7 chore: cherry-pick 05ccacee14 from v8. (#32216)
• a18a460 fix: Allow npm_config_arch override on mac (#32380)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v15.3.5

Release Notes for v15.3.5

Fixes

• Allowed specifying x64 arch on Mac Rosetta via npm_config_arch. #32380 (Also in 16, 17)
• Bug fixed for registering protocol in windows which used to set invalid command if the execution path included space. #32330 (Also in 14, 16, 17)
• Fixed window.open not overriding parent's webPreferences. #32109 (Also in 16, 17)
• Fixed a crash caused by app.getLocaleCountryCode(). #32332 (Also in 16, 17)
• Fixed crash when playing media files on Windows 7/8 or macOS 10.11/10.12. #32213 (Also in 13, 14, 16, 17)
• Fixed incorrect skipTransformProcessType option parsing in win.setVisibleOnAllWorkspaces(). #32396 (Also in 13, 14, 16, 17)
• No Notes. #32245 (Also in 13, 14, 16, 17)

Other Changes

• Backported fix for CVE-2021-38006. #32009
• Backported fix for CVE-2021-38008. #32011
• Backported fix for CVE-2021-38018. #32257
• Backported fix for CVE-2021-4056. #32235
• Backported fix for CVE-2021-4057. #32232
• Backported fix for CVE-2021-4058. #32223
• Backported fix for CVE-2021-4059. #32210
• Backported fix for CVE-2021-4078. #32216
• Backported fix for CVE-2021-4079. #32226
• Backported fix for CVE-2021-4098. #32181
• Backported fix for CVE-2021-4099. #32187
• Backported fix for CVE-2021-4101. #32190

electron v15.3.4

Release Notes for v15.3.4

Fixes

• Assertion failure happening in the showSaveDialogSync() code path has been fixed. (Fixes #31997). #32081 (Also in 14, 16, 17)
• No Notes. #32197 (Also in 13, 14, 16, 17)

electron v15.3.3

Release Notes for v15.3.3

Fixes

• Fixed a potential issue when setting backgroundColor on BrowserViews. #31946 (Also in 14, 16, 17)
• Fixed respecting aspect ratio when maximum size is set on BrowserWindow. #31956 (Also in 14, 16, 17)
• Fixed window frame glitch when calling setContentProtection. #31830 (Also in 13, 14, 16)

Other Changes

• Backported fix for CVE-2021-38005. #31919
• Backported fix for CVE-2021-38007. #31910
• Backported fix for CVE-2021-38009. #31927
• Backported fix for CVE-2021-38010. #31902
• Backported fix for CVE-2021-38011. #31899

... (truncated)

• 9f08e46 Bump v15.3.5
• 6a70d8a fix: incorrect skipTransformProcessType option parsing in `win.setVisibleOn...
• aab276c chore: cherry-pick da11d71a0227 from chromium (#32181)
• 053fea1 chore: cherry-pick 05e69c75905f from angle (#32190)
• 0b0e991 chore: cherry-pick 809830f1b3 from webrtc (#32226)
• ec7408a chore: cherry-pick 891020ed64d4 from angle (#32223)
• 250b7ed docs: left is a valid mode in contents.openDevTools() options (#32372) (#32404)
• d136430 chore: cherry-pick dbde8795233a from chromium (#32210)
• 79abfe7 chore: cherry-pick 05ccacee14 from v8. (#32216)
• a18a460 fix: Allow npm_config_arch override on mac (#32380)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from vm2's releases.

3.9.7

Fixes

b7f794dfb3034d2173b9da957f48425adc4081c3: Custom Resolver is allowed to return undefined 568934f58cf72339a3dd2a2c578cc28550c19d27: Fixed some bugs introduced in v3.9.6 b6581b4a9cf9a4706b2967fceb5930a3de4d2ac7: Fixed root path checking

3.9.6

Fixes

532120d5cdec7da8225fc6242e154ebabc63fe4d: Internal restructuring and security improvements

3.9.5

New Features

d9af94ca3a701b9ba6283264fafeef4827786702: Added editor config

Fixes

4f0db94bfa250089d903083fcd6c6cf6cd11b8a9: Fix Promise.then not working 419806086ccbef7b9f11abbd8420d01d9fe6d18c: Fix for missing CallSite properties

3.9.4

New Features

4ead241540bb3d6ffcca64ce98d3b263c8f15cb4: Added strict option

Fixes

b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886: Fix breakouts in VM. e95165b36fd07d20febd00a7b08fc8292ccc703e: Fix for bound function causes TypeError 42c7b83ce8dded5e3ae03142736dcf8306a2c2a8: Allow extending of frozen objects

Sourced from vm2's changelog.

v3.9.7 (2022-02-10)

[fix] Allow relative require from base script
[fix] Fix issue with modules with exports clause in package json
[fix] Added missing whitelist check before custom require
[fix] Revert plain object toString behavior
[fix] Root path check improved

v3.9.6 (2022-02-08)

[fix] Security fixes (XmiliaH)

v3.9.5 (2021-10-17)

[new] Editor config (aubelsb2)
[fix] Fix for Promise.then breaking
[fix] Fix for missing properties on CallSite

v3.9.4 (2021-10-12)

[new] Added strict option
[fix] Security fixes (XmiliaH)
[fix] Fixed bound function causes TypeError (XmiliaH)
[fix] Allow extending of frozen objects

• 4541794 Merge pull request #400 from XmiliaH/bugfixes
• b4d9dce Merge pull request #401 from youngbob/fix-resolver-type
• b7f794d Fix custom resolver type
• 31c7200 Fix formatting for changelog
• b6581b4 Prepare release 3.9.7
• 568934f Some bugfixes for v3.9.6
• 532120d Merge pull request #395 from XmiliaH/security-fixes
• 94bf918 Update release date
• 2353ce6 Internal changes and security improvements
• 3a21c36 Merge branch 'master' of https://github.com/patriksimek/vm2
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from vm2's releases.

3.9.5

New Features

d9af94ca3a701b9ba6283264fafeef4827786702: Added editor config

Fixes

4f0db94bfa250089d903083fcd6c6cf6cd11b8a9: Fix Promise.then not working 419806086ccbef7b9f11abbd8420d01d9fe6d18c: Fix for missing CallSite properties

3.9.4

New Features

4ead241540bb3d6ffcca64ce98d3b263c8f15cb4: Added strict option

Fixes

b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886: Fix breakouts in VM. e95165b36fd07d20febd00a7b08fc8292ccc703e: Fix for bound function causes TypeError 42c7b83ce8dded5e3ae03142736dcf8306a2c2a8: Allow extending of frozen objects

Sourced from vm2's changelog.

v3.9.5 (2021-10-17)

[new] Editor config (aubelsb2) [fix] Fix for Promise.then breaking [fix] Fix for missing properties on CallSite

v3.9.4 (2021-10-12)

[new] Added strict option
[fix] Security fixes (XmiliaH)
[fix] Fixed bound function causes TypeError (XmiliaH)
[fix] Allow extending of frozen objects

• 05e5e65 Update to 3.9.5
• 4198060 Merge pull request #372 from XmiliaH/fix-371
• 469958d Fix if CallSite does not have all properties
• 4f0db94 Merge pull request #369 from XmiliaH/fix-368
• d9af94c Merge pull request #361 from aubelsb2/editorconfig
• 5d6b462 More settings for editors
• 4675e51 Fix problem with promise
• 5122769 Update CHANGELOG.md
• 1eabc2a Update Version
• 6820f56 Merge pull request #367 from XmiliaH/security-fix
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.