Sourced from electron's releases.

electron v13.6.6

Release Notes for v13.6.6

Fixes

• Fixed a JavaScript exception from webContents if render frame was disposed in WebFrameMain, resets the value of render_frame_disposed_ after updating render frame host. #32130 (Also in 14, 15, 16)
• No Notes. #32241 (Also in 14, 15, 16, 17)

Other Changes

• Backported fix for CVE-2021-4056. #32237
• Backported fix for CVE-2021-4057. #32234
• Backported fix for CVE-2021-4102. #32194

electron v13.6.3

Release Notes for v13.6.3

Fixes

• Fixed window frame glitch when calling setContentProtection. #31829 (Also in 14, 15, 16)
• Generate valid config.gypi file in Node.js headers. #31989 (Also in 14, 15, 16)

Other Changes

• Backported fix for CVE-2021-38005. #31921
• Backported fix for CVE-2021-38007. #31912
• Backported fix for CVE-2021-38011. #31901

electron v13.6.2

Release Notes for v13.6.2

Fixes

• Fixed an issue where Content-Disposition filenames would be incorrectly truncated at the first comma for a filename attachment which contained one. #31691 (Also in 14, 15, 16)
• Fixed an issue which caused print settings to not work properly when printing silently. #31618 (Also in 14, 15, 16)

Other Changes

• Backported fix for CVE-2021-37998. #31678
• Backported fix for CVE-2021-38001. #31673
• Backported fix for CVE-2021-38002. #31671
• Backported fix for CVE-2021-38003. #31665
• Backported fix for chromium:1252858. #31682

electron v13.6.1

Release Notes for v13.6.1

Fixes

• Fixed an issue where MediaMetadata did not work properly. #31532 (Also in 14, 15, 16)
• Fixed black window when screen capturing a content-protected BrowserWindow on Windows 10. #31550 (Also in 14, 15, 16)

Other Changes

... (truncated)

• 776ee48 Bump v13.6.6
• 8283f19 fix: reset render_frame_disposed_ after render frame host change (#32130)
• 316f0bc chore: cherry-pick 2b978fb482 from chromium (#32234)
• 9b94d70 chore: cherry-pick 04a58fedd5 from v8 (#32237)
• ab94340 fix: check for single bluetooth listener (#32241)
• ca112e2 chore: cherry-pick 418c276ef228 from v8 (#32194)
• fd4b311 Bump v13.6.5
• a22cfb6 Bump v13.6.4
• bc66991 Revert "Bump v13.6.4" (#32229)
• 4067ec6 Bump v13.6.4
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v8.5.2

Release Notes for v8.5.2

Fixes

• Fixed multiple dock icons being left in system when calling dock.show/hide on macOS. #25302 (Also in 8, 9, 10, 11)

Other Changes

• Security: backported fix for 1098860. #25290
• Security: backported fix for 1111737. #25394

electron v8.5.1

Release Notes for v8.5.1

Fixes

• • Fixes the following issues for frameless when maximized on Windows:

• fix unreachable task bar when auto hidden with position top
• fix 1px extending to secondary monitor
• fix 1px overflowing into taskbar at certain resolutions
• fix white line on top of window under 4k resolutions. #25219

• Fixed powerMonitor not emitting suspend/resume events on some Windows machines. #25163
• Fixed an issue where notifications with a reply button could potentially be destroyed too early when a user clicked on the notification body before replying. #25102
• Fixed an issue where some Node.js methods would not work with URL instances constructed in the renderer process. #24861
• Fixed frameless window's size being changed when restored from minimized state. #25057
• Fixed inactive windows having active titlebar on Windows. #24875
• Fixed network permission error when there are multiple WebContents sharing same session are created with web security disabled. #25181
• Fixed node's TLS stack not allowing renegotiation. #25042
• Fixed window size being changed after unmaximizing. #25148

Other Changes

• Backported the fix to CVE-2020-6532: Use after free in SCTP. #24886
• Security: Backported fix for CVE-2020-6541. #25025
• Security: backported fix for 1095584. #25227
• Security: backported fix for 1103827. #25244
• Security: backported fix for 1104046. #25243
• Security: backported fix for 1105202. #25262
• Security: backported fix for 1105426. #25241
• Security: backported fix for 1106682,1109467. #25239
• Security: backported fix for 1107433. #25235
• Security: backported fix for 1107815. #25232
• Security: backported fix for 1115345. #25266

electron v8.5.0

Release Notes for v8.5.0

Fixes

• Fixed an issue where suspend/resume were emitted twice on macOS. #24844

... (truncated)

• 2c0166b Bump v8.5.2
• 9041201 Revert "Bump v8.5.2"
• 1d085d5 Bump v8.5.2
• eb8c6a8 fix: handle electron script errors better (#25331) (#25454)
• b87c39d chore: cherry-pick 1283160e334f from chromium (#25394)
• 32c7b35 chore: sync 8-x-y release notes script to master (#25306)
• ac7389d fix: multiple dock icons when calling dock.show/hide (#25302)
• fd3d252 chore: cherry-pick f6cb89728f04 from chromium (#25290)
• 5b9088a Bump v8.5.1
• 656ae25 chore: cherry-pick 72ee7c437c88 from chromium (#25243)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v8.5.1

Release Notes for v8.5.1

Fixes

• • Fixes the following issues for frameless when maximized on Windows:

• fix unreachable task bar when auto hidden with position top
• fix 1px extending to secondary monitor
• fix 1px overflowing into taskbar at certain resolutions
• fix white line on top of window under 4k resolutions. #25219

• Fixed powerMonitor not emitting suspend/resume events on some Windows machines. #25163
• Fixed an issue where notifications with a reply button could potentially be destroyed too early when a user clicked on the notification body before replying. #25102
• Fixed an issue where some Node.js methods would not work with URL instances constructed in the renderer process. #24861
• Fixed frameless window's size being changed when restored from minimized state. #25057
• Fixed inactive windows having active titlebar on Windows. #24875
• Fixed network permission error when there are multiple WebContents sharing same session are created with web security disabled. #25181
• Fixed node's TLS stack not allowing renegotiation. #25042
• Fixed window size being changed after unmaximizing. #25148

Other Changes

• Backported the fix to CVE-2020-6532: Use after free in SCTP. #24886
• Security: Backported fix for CVE-2020-6541. #25025
• Security: backported fix for 1095584. #25227
• Security: backported fix for 1103827. #25244
• Security: backported fix for 1104046. #25243
• Security: backported fix for 1105202. #25262
• Security: backported fix for 1105426. #25241
• Security: backported fix for 1106682,1109467. #25239
• Security: backported fix for 1107433. #25235
• Security: backported fix for 1107815. #25232
• Security: backported fix for 1115345. #25266

electron v8.5.0

Release Notes for v8.5.0

Fixes

• Fixed an issue where suspend/resume were emitted twice on macOS. #24844
• Fixed crash when navigating from a page with webview that has inherited zoom level. #24766

electron v8.4.1

Release Notes for v8.4.1

Fixes

• Fix: DCHECK failure in value.IsHeapObject() in objectsdebug.cc. (Chromium security issue 1084820). #24565
• Fix: PDFium Javascript Active Document memory corruption. (Chromium security issue 1091404). #24570
• Fix: XSS on chrome://histograms/ with a compromised renderer. (Chromium security issue 1073409). #24626
• Fix: heap-use-after-free in content::NavigationRequest::OnWillProcessResponseProcessed. (Chromium security issue 1090543). #24568

... (truncated)

• 5b9088a Bump v8.5.1
• 656ae25 chore: cherry-pick 72ee7c437c88 from chromium (#25243)
• 9db7354 chore: cherry-pick 9ad8c9610d0a from chromium (#25241)
• 4ad543c chore: cherry-pick 0dc563cbbca5 from chromium (#25239)
• 2cf35c0 chore: cherry-pick c4f3b713800f from swiftshader (#25266)
• ceb2915 chore: cherry-pick af5b008a9546 from angle (#25262)
• 9330ec2 fix: save normal window bounds when maximizing (#25148)
• a2d4b65 chore: cherry-pick 138b748dd0a4 from chromium (#25232)
• d5c911b chore: cherry-pick e50772b2a25e from skia (#25244)
• 41b7ab3 chore: cherry-pick 44bb4d7abee6 from angle (#25235)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from lodash's releases.

4.17.16

• d7fbc52 Bump to v4.17.19
• 2e1c0f2 Add npm-package
• 1b6c282 Bump to v4.17.18
• a370ac8 Bump to v4.17.17
• 1144918 Rebuild lodash and docs
• 3a3b0fd Bump to v4.17.16
• c84fe82 fix(zipObjectDeep): prototype pollution (#4759)
• e7b28ea Sanitize sourceURL so it cannot affect evaled code (#4518)
• 0cec225 Fix lodash.isEqual for circular references (#4320) (#4515)
• 94c3a81 Document matches* shorthands for over* methods (#4510) (#4514)
• Additional commits viewable in compare view

This version was pushed to npm by mathias, a new releaser for lodash since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v11.5.0

Release Notes for v11.5.0

Other Changes

• Security: Backported fix for 1227933. #30614 (Also in 12)
• Security: Backported fix for 1231134. #30761
• Security: Backported fix for 1233564. #30755
• Security: Backported fix for 1234009. #30751
• Security: Backported fix for 1234764. #30659 (Also in 12)

End of Support for 11.x.y

Electron 11.x.y has reached end-of-support as per the project's support policy. Developers and applications are encouraged to upgrade to a newer version of Electron.

electron v11.4.12

Release Notes for v11.4.12

Fixes

• Security: backported fix for https://crbug.com/1204814. #30399

electron v11.4.11

Release Notes for v11.4.11

Other Changes

• Security: backported fix for 1205059,1196302. #30267
• Security: backported fix for CVE-2021-30541. #30200
• Security: backported fix for CVE-2021-30560. #30183
• Security: backported fix for CVE-2021-30562. #30196
• Security: backported fix for CVE-2021-30563. #30199
• Security: backported fix for CVE-2021-30568. #30228
• Security: backported fix for CVE-2021-30569. #30296
• Security: backported fix for CVE-2021-30572. #30262
• Security: backported fix for CVE-2021-30573. #30253

electron v11.4.10

Release Notes for v11.4.10

Other Changes

• Backported fix for chromium:1211215. #29785
• Security: backported fix for CVE-2021-30522. #29879
• Security: backported fix for CVE-2021-30523. #29877
• Security: backported fix for CVE-2021-30547. #29790
• Security: backported fix for CVE-2021-30553. #29819
• Security: backported fix for CVE-2021-30554. #29823
• Security: backported fix for chromium:1194689. #29817
• Security: backported fix for chromium:1209558. #29815

... (truncated)

• 3d0705d Bump v11.5.0
• 04995cd chore: cherry-pick fix for 1231134 from chromium (#30761)
• b0085b1 chore: cherry-pick fix for 1234009 from chromium (#30751)
• 7576621 chore: cherry-pick fix for 1233564 from chromium (#30755)
• de5a1d1 chore: cherry-pick fix for 1234764 from v8 (#30659)
• 585eea3 fix: remove ipc wrapper for nativeImage.createThumbnailFromPath (#30738)
• 5dbcb9f chore: cherry-pick fix for 1227933 from chromium (#30614)
• 2502e28 Bump v11.4.12
• 4e4ab9d ci: update git on CI machines (#30526) (#30573)
• cb5c9b8 Revert "Bump v11.4.12"
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• See full diff in compare view

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from electron's releases.

electron v15.5.5

Release Notes for v15.5.5

Other Changes

• Backported fix for CVE-2022-1482. #34040
• Backported fix for CVE-2022-1483. #34009
• Backported fix for CVE-2022-1497. #34075

electron v15.5.4

Release Notes for v15.5.4

Other Changes

• Backported fix for CVE-2022-1138. #33682
• Backported fix for CVE-2022-1478. #34045
• Backported fix for CVE-2022-1479. #34037
• Backported fix for CVE-2022-1480. #34019
• Backported fix for CVE-2022-1492. #34051

electron v15.5.3

Release Notes for v15.5.3

Fixes

• Fixed a network service crash that could occur when using setCertificateVerifyProc. #33256 (Also in 16, 17, 18)
• shell.openExternal() now reports more detailed errors on Windows. #33656 (Also in 16, 17, 18, 19)

Other Changes

• Backported fix for CVE-2022-1134. #33763
• Backported fix for CVE-2022-1305. #33860
• Backported fix for CVE-2022-1310. #33831
• Backported fix for CVE-2022-1314. #33884
• Backported fix for CVE-2022-1364. #33836
• Backported fix for chromium:1286816. #33679
• Backported fix for chromium:1291482. #33676
• Backported fix for chromium:1310761. #33856
• Security: backported fix for CVE-2022-0116 and CVE-2022-1306. #33852
• Security: backported fix for CVE-2022-23308. #33670
• Security: backported fix for chromium:1280743. #33715
• Security: backported fix for chromium:1280852. #33673

electron v15.5.2

Release Notes for v15.5.2

Fixes

• Fixed behavior of BrowserWindow.maximize on macOS for not shown windows. #33523 (Also in 16, 18)

Other Changes

... (truncated)

• f988853 Bump v15.5.5
• 8bc25e8 build: change upload-to-s3 vars to upload-to-storage (#34142)
• a8f8b50 build: use azure function to hash assets instead of lambda (#34119)
• eb320cb build: stop uploading assets to S3 (#34112)
• 37eab5c chore: cherry-pick 5be8e065f43e from chromium (#34040)
• fc91202 chore: cherry-pick 5361d836ae from chromium (#34009)
• 6aa0609 chore: cherry-pick 6b66a45021 from chromium (#34075)
• 620d615 test: fix nativeModulesEnabled in spec/webview-spec.js (#34063)
• ec7baba Bump v15.5.4
• f8ba4d6 chore: cherry-pick d27d9d059b51 from angle (#34045)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.