• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to url.href (#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 2ede36d Release version 1.14.7 of the npm package.
• 8b347cb Drop Cookie header across domains.
• 6f5029a Release version 1.14.6 of the npm package.
• af706be Ignore null headers.
• d01ab7a Release version 1.14.5 of the npm package.
• 40052ea Make compatible with Node 17.
• 86f7572 Fix: clear internal timer on request abort to avoid leakage
• 2e1eaf0 Keep Authorization header on subdomain redirects.
• 2ad9e82 Carry over Host header on relative redirects (#172)
• 77e2a58 Release version 1.14.4 of the npm package.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• ad44493 [dist] 1.5.3
• c798461 [fix] Fix host parsing for file URLs (#210)
• 201034b [dist] 1.5.2
• 2d9ac2c [fix] Sanitize only special URLs (#209)
• fb128af [fix] Use 'null' as origin for non special URLs
• fed6d9e [fix] Add a leading slash only if the URL is special
• 94872e7 [fix] Do not incorrectly set the slashes property to true
• 81ab967 [fix] Ignore slashes after the protocol for special URLs
• ee22050 [ci] Use GitHub Actions
• d2979b5 [fix] Special case the file: protocol (#204)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from postcss's releases.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.32

• Fix error message (by @​admosity).

7.0.31

• Use only the latest source map annotation (by @​emzoumpo).

Sourced from postcss's changelog.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.32

• Fix error message (by @​admosity).

7.0.31

• Use only the latest source map annotation (by Emmanouil Zoumpoulakis).

• 67e3d7b Release 7.0.36 version
• 54cbf3c Backport ReDoS vulnerabilities from PostCSS 8
• 12832f3 Release 7.0.35 version
• 4455ef6 Use OpenCollective in funding
• e867c79 Add migration guide to PostCSS 8 error
• 32a22a9 Release 7.0.34 version
• 2293982 Lock build targets
• 2c3a111 Release 7.0.33 version
• 4105f21 Use yaspeller instead of yaspeller-ci
• c8d02a0 Revert yaspeller-ci removal
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• eb6d9f5 [dist] 1.5.1
• 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
• 3ac7774 [test] Make test consistent for browser testing
• 267a0c6 [dist] 1.5.0
• d1e7e88 [security] More backslash fixes (#197)
• d99bf4c [ignore] Remove npm-debug.log from .gitignore
• 422c8b5 [pkg] Replace nyc with c8
• 933809d [pkg] Move coveralls to dev dependencies
• 190b216 [pkg] Add .npmrc
• ce3783f [test] Do not test on all available versions of Edge and Safari
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from postcss's releases.

7.0.39

• Reduce package size.
• Backport nanocolors to picocolors migration.

7.0.38

• Update Processor#version.

7.0.37

• Backport chalk to nanocolors migration.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.32

• Fix error message (by @​admosity).

7.0.31

• Use only the latest source map annotation (by @​emzoumpo).

Sourced from postcss's changelog.

7.0.39

• Reduce package size.
• Backport nanocolors to picocolors migration.

7.0.38

• Update Processor#version.

7.0.37

• Backport chalk to nanocolors migration.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.32

• Fix error message (by @​admosity).

7.0.31

• Use only the latest source map annotation (by Emmanouil Zoumpoulakis).

• e17c1ef Release 7.0.39 version
• 6791bd3 Reduce npm package
• 44c581a Replace nanocolors with picocolors
• 8ba21fd Remove eslint-ci
• 3994c4a Release 7.0.38 version
• 6944e1d Remove development keys from package.json
• 4dd0af0 Release 7.0.37 version
• 8408eb4 Add compilation step
• 0c68063 Move tests to GitHub Actions
• 98b61ba Replace chalk to nanocolors
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from terser's changelog.

v4.8.1 (backport)

• Security fix for RegExps that should not be evaluated (regexp DDOS)

v4.8.0

• Support for numeric separators (million = 1_000_000) was added.
• Assigning properties to a class is now assumed to be pure.
• Fixed bug where yield wasn't considered a valid property key in generators.

v4.7.0

• A bug was fixed where an arrow function would have the wrong size
• arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.
• Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from highlight.js's changelog.

Release v9.18.5

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• enh: Post-install script can be disabled with HLJS_HIDE_UPGRADE_WARNING=yes
• fix: Deprecation notice logged at library startup a console.log vs console.warn.
  • Notice only shown if actually highlighting code, not just requiring the library.
  • Node.js treats warn the same as error and that was problematic.
  • You (or perhaps your indirect dependency) may disable the notice with the hideUpgradeWarningAcceptNoSupportOrSecurityUpdates option
  • You can also set HLJS_HIDE_UPGRADE_WARNING=yes in your envionment to disable the warning

Example:

hljs.configure({
  hideUpgradeWarningAcceptNoSupportOrSecurityUpdates: true
})

Reference: highlightjs/highlight.js#2877

Release v9.18.4

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• fix(livescript) fix potential catastrophic backtracking (#2852) [commit]

Version 9.18.3

• fix(parser) Freezing issue with illegal 0 width illegals (#2524)
  • backported from v10.x

Version 9.18.2

Fixes:

• fix(night) Prevent object prototype values from being returned by getLanguage (#2636) night

• f54e96c 9.18.5
• c34318b fix the link since i saw it
• d2e9bdd include date of last release
• f5e0645 typos and tweaks
• 2e0e8ee changelog
• dc45f7c fix(livescript) fix potential catastrophic backtracking
• 0a2624a update readme
• d571b23 add warning
• ec0bfd5 9.18.4
• 2a04835 bump v9.18.3
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 8647803 6.5.3
• 856fe4d signature: prevent malleability and overflows
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Sourced from @​vue/cli-plugin-babel's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-plugin-babel's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 4a0655f v5.0.7
• ef08a08 v5.0.6
• 98c66c9 v5.0.5
• ca97fc2 v5.0.4
• dd53f26 v5.0.3
• a859b1f v5.0.2
• 92d80a8 v5.0.1
• c913cdc v5.0.0
• 75a6d69 v5.0.0-rc.3
• Additional commits viewable in compare view

Sourced from @​vue/cli-plugin-eslint's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-plugin-eslint's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 4a0655f v5.0.7
• ef08a08 v5.0.6
• 98c66c9 v5.0.5
• ca97fc2 v5.0.4
• dd53f26 v5.0.3
• a859b1f v5.0.2
• 92d80a8 v5.0.1
• c913cdc v5.0.0
• 75a6d69 v5.0.0-rc.3
• Additional commits viewable in compare view

Sourced from @​vue/cli-service's releases.

v5.0.8

:bug: Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

:bug: Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

• Andrei (@​AndreiSoroka)
• Haoqun Jiang (@​sodatea)

v5.0.3

... (truncated)

Sourced from @​vue/cli-service's changelog.

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

:bug: Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

5.0.4 (2022-03-22)

:bug: Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

Committers: 1

... (truncated)

• b154dbd v5.0.8
• 0260e4d fix: add devServer.server.type to useHttps judgement (#7222)
• 4a0655f v5.0.7
• beffe8a fix: allow disabling progress plugin via devServer.client.progress
• 558dea2 fix: support devServer.server option, avoid deprecation warning
• bddd64d fix: optimize the judgment on whether HTTPS has been set in options (#7202)
• ef08a08 v5.0.6
• fcf27e3 fixup! fix: compatibility with Vue 2.7
• a648958 fix: compatibility with Vue 2.7
• 98c66c9 v5.0.5
• Additional commits viewable in compare view

Sourced from sass-loader's releases.

v13.2.0

13.2.0 (2022-11-09)

Features

• add support for node-sass v8 (#1100) (e5581b7)

v13.1.0

13.1.0 (2022-10-06)

Features

• allow to extend conditionNames (#1092) (6e02c64)

v13.0.2

13.0.2 (2022-06-27)

Bug Fixes

• hide error stacktrace on Sass errors (#1069) (5e6a61b)

v13.0.1

13.0.1 (2022-06-24)

Bug Fixes

• optimize debug message formatting, #1065 (#1066) (49a578a)

v13.0.0

13.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0 (#1048)
• emit @warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

Bug Fixes

• do not crash on importers for modern API (#1052) (095814e)
• do not store original sass error in webpack error(#1053) (06d7533)

v12.6.0

12.6.0 (2022-02-15)

... (truncated)

Sourced from sass-loader's changelog.

13.2.0 (2022-11-09)

Features

• add support for node-sass v8 (#1100) (e5581b7)

13.1.0 (2022-10-06)

Features

• allow to extend conditionNames (#1092) (6e02c64)

13.0.2 (2022-06-27)

Bug Fixes

• hide error stacktrace on Sass errors (#1069) (5e6a61b)

13.0.1 (2022-06-24)

Bug Fixes

• optimize debug message formatting, #1065 (#1066) (49a578a)

13.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0 (#1048)
• emit @warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

Bug Fixes

• do not crash on importers for modern API (#1052) (095814e)
• do not store original sass error in webpack error(#1053) (06d7533)

12.6.0 (2022-02-15)

Features

• added support for automatic loading of sass-embedded (#1025) (c8dae87)

12.5.0 (2022-02-14)

... (truncated)

• e8fbc79 chore(release): 13.2.0
• e5581b7 feat: add support for node-sass v8 (#1100)
• acb3ce0 chore(deps): bump loader-utils from 2.0.2 to 2.0.3 (#1099)
• 1cdea4e chore: update dependencies to the latest version (#1098)
• 094a303 docs: update cla link (#1096)
• c32f63a ci: add dependency review action (#1094)
• b31751d chore(release): 13.1.0
• 6e02c64 feat: allow to extend conditionNames (#1092)
• edab08f chore: update dependencies to the latest version (#1093)
• 3a34fef chore: update commitlint action (#1091)
• Additional commits viewable in compare view

Sourced from vuetify-loader's releases.

v1.9.2

Bug Fixes

• auto-import directives with v-on and v-bind (d0e115c), closes #258

v1.9.1

Bug Fixes

• expand sharp peerDependency version (fd2bd7f), closes #253
• load external templates (#251) (33a75b6), closes #250
• support pug 3 (#254) (6185962)

v1.9.0

Features

• support vue 2.7 (#247) (c0dd7cf), closes #240

v1.7.3

Bug Fixes

• add check before calling find on vue rule (#170) (22e2492)
• add warning when used with asset modules (d5446df)
• clone rules before adding oneOf (9a99f29), closes #186

v1.7.2

Bug Fixes

• support cjs image modules (bccfe6d), closes #169

v1.7.1

Bug Fixes

• undefined is not a function (#168) (766c034), closes #167

v1.7.0

Features

• add support for SSR style injection (#126) (dd38100)
• support webpack 5 (4de3c94), closes #136

v1.6.0

Bug Fixes

• don't try to load custom blocks in .vue files (86751a1)
• handle multiple vue-loader rules (9f0e669), closes #106

Features

• export VuetifyLoaderPlugin from index.js (660faf9), closes #138

... (truncated)

• 5b115d7 v1.9.2
• d0e115c fix: auto-import directives with v-on and v-bind
• adc2d84 v1.9.1
• 33a75b6 fix: load external templates (#251)
• fd2bd7f fix: expand sharp peerDependency version
• 6185962 fix: support pug 3 (#254)
• 298670e v1.9.0
• c0dd7cf feat: support vue 2.7 (#247)
• fb6cf15 v1.8.0
• d43460a feat: support vue 2.7
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from express's releases.

4.18.2

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]

... (truncated)

Sourced from express's changelog.

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]

... (truncated)

• 8368dc1 4.18.2
• 61f4049 docs: replace Freenode with Libera Chat
• bb7907b build: [email protected]
• f56ce73 build: [email protected]
• 24b3dc5 deps: [email protected]
• 689d175 deps: [email protected]
• 340be0f build: [email protected]
• 33e8dc3 docs: use Node.js name style
• 644f646 build: [email protected]
• ecd7572 build: [email protected]
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from vuetify's releases.

v2.6.10

:wrench: Bug Fixes

• VCalendar: prevent XSS from eventName function (ade1434), closes #15757
• VDialog: don't try to focus tabindex="-1" or hidden inputs (89e3850), closes #15745
• VMenu: disable activatorFixed when attach is enabled (#15709) (464529a), closes #14922
• VTextField: only show clear icon on hover or when focused (7a51ad0)
• VTextField: prevent tabbing to clear button (f8ee680), closes #11202
• web-types: add support for VDataTable pattern slots (#15694) (ac45c98)

:microscope: Code Refactoring

• VSelect: render highlight with vnodes instead of innerHTML (4468e3c)

BREAKING CHANGES

• VCalendar: eventName function can no longer render arbitrary HTML, convert to VNodes instead. eventSummary can no longer be used with v-html, replace with <component :is="{ render: eventSummary }" />

v2.6.9

:wrench: Bug Fixes

• VCalendar: add aria roles to monthly calendar (#14640) (2cd34b4), closes #14604
• VCalendar: forward all bound events to internal elements (#15592) (299330c)
• VCarousel: add keys to delimiter buttons (#15459) (8d3895b)
• VPagination: ignore invalid length values (f3f8d15), closes #15499
• VRadio: change icon color when disabled (0cc43e2)
• VSwitch: only affect control opacity when disabled (1e0a4ad)

v2.6.8

:wrench: Bug Fixes

• VDataTable: display header text instead of value in group headers (100053f), closes #11516
• VItemGroup: use valueComparator when updating value (#15395) (8bedb7c), closes #15394
• VSimpleCheckbox: directly specify ripple directive definition (00a9668), closes #12224

v2.6.7

:wrench: Bug Fixes

• styles: resolve css validation errors (621f273), closes #15320
• VDialog: focus on internal content when shown (#14584) (ffbaae1), closes #14581
• VInput: allow text selection in disabled inputs (#14465) (760490d), closes #14238
• VList: don't trigger keyboard events on disabled items (#15339) (817df79), closes #15322
• VOtpInput: support paste and autofill on mobile (8c67ed8), closes #14801
• VRadio: use correct disabled color for icons (3115798)
• VSelect: allow keyboard selection of items with value 0 (969aba4), closes #15166
• VTabs: use ResizeObserver if available (ff519c6), closes #4733 #10455 #12783 #14195 #15316
• VTimeline: disable arrow shadow on clickable cards (27ba2c9), closes #14193

... (truncated)

• fdfb6fc chore(release): publish v2.6.10
• cd193e4 fix(VSelectList): correct mask class
• 89e3850 fix(VDialog): don't try to focus tabindex="-1" or hidden inputs
• 4468e3c refactor(VSelect): render highlight with vnodes instead of innerHTML
• ade1434 fix(VCalendar): prevent XSS from eventName function
• 464529a fix(VMenu): disabled activatorFixed when attach is enabled (#15709)
• 7a51ad0 fix(VTextField): only show clear icon on hover or when focused
• f8ee680 fix(VTextField): prevent tabbing to clear button
• 170c7d1 chore(release): publish v2.6.9
• 2cd34b4 fix(VCalendar): add aria roles to monthly calendar (#14640)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.