🚨 [security] Update gh-pages 3.2.3 → 6.1.1 (major)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ gh-pages (3.2.3 → 6.1.1) · Repo · Changelog

Security Advisories 🚨

🚨 tschaub gh-pages vulnerable to prototype pollution

Prototype pollution vulnerability in tschaub gh-pages via the partial variable in util.js.

Release Notes

6.1.1

Fixes

• fix: Add missing cname option not passed to the config by @WillBAnders in #535

Dependency Updates

• Bump eslint from 8.53.0 to 8.55.0 by @dependabot in #538
• Bump fs-extra from 11.1.1 to 11.2.0 by @dependabot in #537
• Bump eslint from 8.55.0 to 8.56.0 by @dependabot in #539

New Contributors

• @WillBAnders made their first contribution in #535

Full Changelog: v6.1.0...v6.1.1

6.1.0

What's Changed

• Bump eslint from 8.46.0 to 8.49.0 by @dependabot in #516
• Bump actions/checkout from 3 to 4 by @dependabot in #515
• Bump chai from 4.3.7 to 4.3.8 by @dependabot in #513
• Bump dir-compare from 4.0.0 to 4.2.0 by @dependabot in #512
• Add --nojekyll and --cname options by @tschaub in #533
• Bump actions/setup-node from 3 to 4 by @dependabot in #527
• Bump chai from 4.3.8 to 4.3.10 by @dependabot in #520
• Bump eslint from 8.49.0 to 8.53.0 by @dependabot in #530
• Bump commander from 11.0.0 to 11.1.0 by @dependabot in #524
• Bump async from 3.2.4 to 3.2.5 by @dependabot in #529
• Bump sinon from 15.2.0 to 17.0.1 by @dependabot in #531

Full Changelog: v6.0.0...v6.1.0

6.0.0

This release drops support for Node 14. Otherwise, there are no special upgrade considerations.

What's Changed

• Update readme.md by @harveer07 in #440
• Bump sinon from 15.0.1 to 15.0.3 by @dependabot in #474
• Bump eslint from 8.32.0 to 8.38.0 by @dependabot in #477
• Bump fs-extra from 8.1.0 to 11.1.1 by @dependabot in #473
• Add error message when --dist is not specified. by @domsleee in #504
• Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in #505
• Bump eslint from 8.38.0 to 8.46.0 by @dependabot in #506
• Bump semver from 6.3.0 to 6.3.1 by @dependabot in #500
• Bump sinon from 15.0.3 to 15.2.0 by @dependabot in #495
• Dependency updates and drop Node 14 by @tschaub in #507

New Contributors

• @harveer07 made their first contribution in #440
• @domsleee made their first contribution in #504

Full Changelog: v5.0.0...v6.0.0

5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

What's Changed

• Assorted updates by @tschaub in #452
• Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. by @Nezteb in #445
• Bump actions/checkout from 2 to 3 by @dependabot in #453
• Bump actions/setup-node from 1 to 3 by @dependabot in #455
• Bump email-addresses from 3.0.1 to 5.0.0 by @dependabot in #454
• Bump async from 2.6.4 to 3.2.4 by @dependabot in #459
• Remove quotation marks by @Vicropht in #438

New Contributors

• @Nezteb made their first contribution in #445
• @Vicropht made their first contribution in #438

Full Changelog: v4.0.0...v5.0.0

4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @dependabot in #423
• Bump async from 2.6.1 to 2.6.4 by @dependabot in #427
• Bump path-parse from 1.0.6 to 1.0.7 by @dependabot in #431
• Bump ansi-regex from 3.0.0 to 3.0.1 by @dependabot in #430
• Updated dev dependencies and formatting by @tschaub in #432

Full Changelog: v3.2.3...v4.0.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ajv (indirect, 8.11.0 → 8.12.0) · Repo

Release Notes

8.12.0

• fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @piliugin-anton)
• empty JTD "values" schema (#2191)
• empty object to work with JTD utility type (#2158, @erikbrinkman)
• fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
• correctly narrow "number" type to "integer" (#2192, @JacobLey)
• update Node.js versions in CI to 14, 16, 18 and 19

8.11.2

Update dependencies

Export ValidationError and MissingRefError (#1840, @dannyb648)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 39 commits:

• 8.12.0
• update node versions (#2195)
• fix JTD discriminator with more than 8 properties, fixes #1971 (#2194)
• build(deps-dev): bump @rollup/plugin-commonjs from 23.0.7 to 24.0.0 (#2184)
• build(deps-dev): bump @rollup/plugin-typescript from 9.0.2 to 10.0.1 (#2193)
• build(deps-dev): bump @rollup/plugin-json from 5.0.2 to 6.0.0 (#2183)
• special case empty object for jtd (#2158)
• build(deps-dev): bump @rollup/plugin-typescript from 8.5.0 to 9.0.2 (#2160)
• correctly narrow "number" type to "integer", fixes #1935 (#2192)
• JTD empty values schema, fixes #1949 (#2191)
• remove leading comma in JTD serialisation result, fixes #2001, fixes #2171, fixes #2181 (#2190)
• build(deps-dev): bump @types/mocha from 9.1.1 to 10.0.0 (#2162)
• build(deps-dev): bump @rollup/plugin-json from 4.1.0 to 5.0.1 (#2159)
• readme: update group link
• 8.11.2
• 8.11.1
• export ValidationError and MissingRefError, closes #1926, closes #1840 (#2020)
• build(deps-dev): bump lint-staged from 12.5.0 to 13.0.3 (#2019)
• build(deps-dev): bump mocha from 9.2.2 to 10.0.0 (#1972)
• build(deps-dev): bump @types/node from 17.0.45 to 18.11.9 (#2151)
• build(deps-dev): bump @rollup/plugin-node-resolve from 13.3.0 to 15.0.1 (#2143)
• docs: remove invisible character in README (#1990)
• Update security.md -> ReDoS Attack Section (#1953)
• docs: fix broken links (#2006)
• build(deps-dev): bump fast-uri from 1.0.1 to 2.1.0 (#2007)
• build(deps-dev): bump @rollup/plugin-commonjs from 21.1.0 to 23.0.2 (#2142)
• docs: fix link for useDefaults (#1955)
• fix: typo (#2010)
• ensure that nullable is not set for required parameters (#2079)
• build(deps-dev): bump husky from 7.0.4 to 8.0.2 (#2153)
• docs: parsing does not support non-standard JTD keywords (#2072)
• Doc: update the documentation of addKeyword args (#2090)
• npm installs version 8 by default (#2088)
• Remove unnecessary console.log (#2138)
• update typescript, fix broken annotation (#2157)
• Update README.md
• Update README.md
• Update README.md
• build(deps-dev): bump glob from 7.2.0 to 8.0.2 (#1981)

↗️ email-addresses (indirect, 3.1.0 → 5.0.0) · Repo · Changelog

Release Notes

5.0.0 (from changelog)

Note: Again there is a major version bump because of changes to the typescript definitions. If you are not a typescript user, this is more like a minor version bump.

• Added "addressListSeperator" option (#57)
• Typescript: improvements to the type definitions (#58, #59)

4.0.0 (from changelog)

Note: Again there is a major version bump because of changes to the typescript definitions. Some of the typescript changes are really bug fixes, noting where null is a possible value. If you are not a typescript user, this is more like a minor version bump.

• Added "commaInDisplayName" option (#54)
• Typescript: improvements to the type definitions (#44, #45, #47)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 8 commits:

• version 5.0.0 (minor bump except for typescript)
• Merge pull request #59 from rctay/master
• Document and add typings for startAt options
• Add to Options typings: atInDisplayName, commaInDisplayName, addressListSeparator
• Merge pull request #58 from leafac/patch-1
• Fix types for .name field
• Merge pull request #57 from rctay/master
• Allow address list separator to be specified

↗️ fs-extra (indirect, 8.1.0 → 11.2.0) · Repo · Changelog

Release Notes

11.2.0 (from changelog)

• Copy directory contents in parallel for better performance (#1026)
• Refactor internal code to use async/await (#1020)

11.1.1 (from changelog)

• Preserve timestamps when moving files across devices (#992, #994)

11.1.0 (from changelog)

• Re-add main field to package.json for better TypeScript compatibility (#979, #981)

11.0.0 (from changelog)

Breaking Changes

• Don't allow requiring fs-extra/lib/SOMETHING (switched to exports) (#974)
• Require Node v14.14+ (#968, #969)

New Features

• Add fs-extra/esm for ESM named export support; see docs for details (#746, #974)
• Add promise support for fs.readv() (#970)

Bugfixes

• Don't stat filtered items in copy* (#965, #971)
• Remove buggy stats check in copy (#918, #976)

10.1.0 (from changelog)

• Warn if fs.realpath.native does not exist, instead of erroring (#953)
• Allow explicitly passing undefined options to move() (#947, #955)
• Use process.emitWarning instead of console.warn (#954)

10.0.1 (from changelog)

• Add sideEffects: false to package.json (#941)

10.0.0 (from changelog)

Breaking changes

• Require Node.js v12+ (#886, #893, #890, #894, #895)
• Allow copying broken symlinks (#779, #765, #638, #761)

The following changes, although technically semver-major, will not affect the vast majority of users:

• Ensure correct type when destination exists for ensureLink*()/ensureSymlink*() (#826, #786, #870)
• Error when attempting to copy*() unknown file type (#880)
• Remove undocumented options for remove*() (#882)

Improvements

• Allow changing case of filenames with move*(), even on technically case-insensitive filesystems (#759, #801)
• Use native fs.rm*() for remove*() in environments that support it (#882, #806)
• Improve emptyDir() performance (#885)

Bugfixes

• Ensure copy*()'s filter function is not called more than necessary (#883, #809)
• Fix move*() raising EPERM error when moving a file to the root of a drive on Windows (#897, #819)

Miscellaneous changes

• Do not use at-least-node as a dependency (#896)
• Improve documentation (#888, #830, #884, #843)

9.1.0 (from changelog)

• Add promise support for fs.rm() (#841, #860)
• Upgrade universalify for performance improvments (#825)

9.0.1 (from changelog)

• Fix issue with ensureFile() when used with Jest on Windows (#804, #805)
• Remove unneeded process.umask() call (#791)
• Docs improvements (#753, #795, #797)

9.0.0 (from changelog)

Breaking changes

• Requires Node.js version 10 or greater (#725, #751)
• Switched ensureDir* to use a fork of https://github.com/sindresorhus/make-dir to make use of native recursive fs.mkdir where possible (#619, #756)
• Properly preserve atime for copy* with preserveTimestamps option (#633)

The following changes, allthough technically breaking, will not affect the vast majority of users:

• outputJson now outputs objects as they were when the function was called, even if they are mutated later (#702, #768)
• Cannot pass null as an options parameter to *Json* methods (#745, #768)

Improvements

• Add promise shims for fs.writev & fs.opendir (#747)
• Better errors for ensureFile (#696, #744)
• Better file comparison for older Node versions (#694)

Miscellaneous changes

• Peformance optimizations (#762, #764)
• Add missing documentation for aliases (#758, #766)
• Update universalify dependency (#767)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 async (added, 3.2.5)

🆕 commander (added, 11.1.0)

🆕 universalify (added, 2.0.1)

🗑️ async (removed)

🗑️ async (removed)

🗑️ find-cache-dir (removed)

🗑️ jsonfile (removed)

🗑️ universalify (removed)

🗑️ universalify (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
sudoku-iqgq	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 23, 2024 0:08am