Sourced from request's changelog.

Change Log

• See full diff in compare view

• See full diff in compare view

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

• 7fdf1ef chore: release 7.5.3
• bf53dd8 docs: add example for > comparator (#569)
• abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
• See full diff in compare view

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Sourced from webpack's releases.

v5.76.1

Fixed

• Added assert/strict built-in to NodeTargetPlugin

Revert

• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in webpack/webpack#16759

• 21be52b Merge pull request #16804 from webpack/chore-patch-release
• 1cce945 chore(release): 5.76.1
• e76ad9e Merge pull request #16803 from ryanwilsonperkin/revert-16759-real-content-has...
• 52b1b0e Revert "Improve performance of hashRegExp lookup"
• c989143 Merge pull request #16766 from piranna/patch-1
• 710eaf4 Merge pull request #16789 from dmichon-msft/contenthash-hashsalt
• 5d64468 Merge pull request #16792 from webpack/update-version
• 67af5ec chore(release): 5.76.0
• 07283fa Respect output.hashSalt in RealContentHashPlugin
• cb02826 Added assert/strict built-in
• See full diff in compare view

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

• 7c1fdf1 2.5.0
• 9ff4ba5 Qualify the store.removeAllCookies documentation
• 1855bf3 Additional documentation for removeAllCookies
• 5cc9bd2 Extract tests, cover multiple error path
• 28f0808 Only call removeAllCookies if actually implemented
• 62802ef remove all cookies from cookie jar at once (#115)
• 8783d46 Remove left-over mention of MPL from README
• 8302ebc Merge pull request #121 from salesforce/punycode-2.1
• d6ea115 Merge pull request #120 from salesforce/no-package-lock
• b897b49 Merge pull request #119 from salesforce/inline-version
• Additional commits viewable in compare view

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Sourced from tar's changelog.

Changelog

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)

... (truncated)

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

• 7fdf1ef chore: release 7.5.3
• bf53dd8 docs: add example for > comparator (#569)
• abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
• See full diff in compare view

Sourced from axios's releases.

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

• adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

... (truncated)

Sourced from axios's changelog.

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

1.7.0 (2024-05-19)

Features

• adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

... (truncated)

• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• 67d1373 chore(release): v1.7.1 (#6411)
• 733f15f fix(fetch): fixed ReferenceError issue when TextEncoder is not available in t...
• 3041c61 [Release] v1.7.0 (#6408)
• Additional commits viewable in compare view

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.