Sourced from jest's releases.

26.6.3

Fixes

• [jest-resolve-dependencies] Continue dependency resolution if mock dependency can't be found (#10779)

26.6.2

Features

• [jest-core] Add findRelatedTests and nonFlagArgs in allowed config options for updateConfigAndRun in watch plugins (#10659)

Fixes

• [babel-plugin-jest-hoist] Preserve order of hoisted mock nodes within containing block (#10536)
• [babel-plugin-jest-hoist] Hoist pure constants to support experimental JSX transform in hoisted mocks (#10723)
• [babel-preset-jest] Update babel-preset-current-node-syntax to support top level await (#10747)
• [expect] Revert "Fix objectContaining to work recursively into sub-objects (#10508)" (#10766)
• [jest-circus, jest-jasmine2] fix: don't assume stack is always a string (#10697)
• [jest-config] Fix bug introduced in watch mode by PR #10678 (#10692)
• [jest-config] Throw correct error for missing preset modules (#10737)
• [jest-resolve-dependencies] Resolve mocks as dependencies (#10713)
• [jest-runtime] Handle file URLs in dynamic imports (#10744)
• [jest-runtime, babel-jest] Pass more ESM options to @jest/transform (#10752)
• [jest-runtime] Properly inject extraGlobals into the runtime (#10758)
• [jest-transform] Link to ESM docs on syntax errors (#10748)

Chore & Maintenance

• [docs] Add docs for using mocks in TypeScript (#10415)
• [eslint-config-fb-strict] Move package from this repo to fbjs repo (#10739)
• [examples] Update TypeScript example to show use of newer Jest types (#10399)
• [jest-cli] chore: standardize files and folder names (#10698)

26.6.1

Features

• [jest-runtime] Support named exports from CommonJS as named ES Module imports (#10673)
• [jest-validate] Add support for recursiveDenylist option as an alternative to recursiveBlacklist (#10236)

Fixes

• [expect] Fix objectContaining to work recursively into sub-objects (#10508)
• [jest-cli, jest-core, jest-config, jest-types] Fix --onlyFailures flag to work in non-watch mode (#10678)
• [jest-config] Fix for the jest.config.ts compiler to not interfere with tsconfig.json files (#10675)
• [jest-message-util] Update to work properly with Node 15 (#10660)
• [jest-mock] Allow to mock methods in getters (TypeScript 3.9 export) (#10156)

26.6.0

Features

• [jest-cli, jest-config] Add support for the jest.config.ts configuration file (#10564)

Sourced from jest's changelog.

26.6.3

Fixes

• [jest-resolve-dependencies] Continue dependency resolution if mock dependency can't be found (#10779)

26.6.2

Features

• [jest-core] Add findRelatedTests and nonFlagArgs in allowed config options for updateConfigAndRun in watch plugins (#10659)

Fixes

• [babel-plugin-jest-hoist] Preserve order of hoisted mock nodes within containing block (#10536)
• [babel-plugin-jest-hoist] Hoist pure constants to support experimental JSX transform in hoisted mocks (#10723)
• [babel-preset-jest] Update babel-preset-current-node-syntax to support top level await (#10747)
• [expect] Revert "Fix objectContaining to work recursively into sub-objects (#10508)" (#10766)
• [jest-circus, jest-jasmine2] fix: don't assume stack is always a string (#10697)
• [jest-config] Fix bug introduced in watch mode by PR #10678 (#10692)
• [jest-config] Throw correct error for missing preset modules (#10737)
• [jest-resolve-dependencies] Resolve mocks as dependencies (#10713)
• [jest-runtime] Handle file URLs in dynamic imports (#10744)
• [jest-runtime, babel-jest] Pass more ESM options to @jest/transform (#10752)
• [jest-runtime] Properly inject extraGlobals into the runtime (#10758)
• [jest-transform] Link to ESM docs on syntax errors (#10748)

Chore & Maintenance

• [docs] Add docs for using mocks in TypeScript (#10415)
• [eslint-config-fb-strict] Move package from this repo to fbjs repo (#10739)
• [examples] Update TypeScript example to show use of newer Jest types (#10399)
• [jest-cli] chore: standardize files and folder names (#10698)

26.6.1

Features

• [jest-runtime] Support named exports from CommonJS as named ES Module imports (#10673)
• [jest-validate] Add support for recursiveDenylist option as an alternative to recursiveBlacklist (#10236)

Fixes

• [expect] Fix objectContaining to work recursively into sub-objects (#10508)
• [jest-cli, jest-core, jest-config, jest-types] Fix --onlyFailures flag to work in non-watch mode (#10678)
• [jest-config] Fix for the jest.config.ts compiler to not interfere with tsconfig.json files (#10675)
• [jest-message-util] Update to work properly with Node 15 (#10660)
• [jest-mock] Allow to mock methods in getters (TypeScript 3.9 export) (#10156)

26.6.0

• 2f6931e v26.6.3
• ce5d39d chore: update changelog for release
• ca92599 Don't throw an error if mock dependency can't be found (#10779)
• a7ae4f2 chore: bump babel core types (#10772)
• 6bd96a0 chore: update lockfile after publish
• 4c46930 v26.6.2
• a0ce2d8 chore: update changelog for release
• 54d162f chore: refresh lockfiles (#10768)
• 36a9434 chore: run yarn with immutable flag (#10767)
• 1dbdd67 Revert "fix(expect): objectContaining should recurse into sub-objects (#105...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from The GitHub Security Advisory Database.

Prototype Pollution

Overview

The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution.

POC

const y18n = require('y18n')();
y18n.setLocale('proto');
y18n.updateLocale({polluted: true});
console.log(polluted); // true

Recommendation

Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.

Affected versions: = 4.0.0

Sourced from y18n's changelog.

Change Log

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.0.5 (2020-10-25)

Bug Fixes

• address prototype pollution issue (#108) (a9ac604)

5.0.4 (2020-10-16)

Bug Fixes

• exports: node 13.0 and 13.1 require the dotted object form with a string fallback (#105) (4f85d80)

5.0.3 (2020-10-16)

Bug Fixes

• exports: node 13.0-13.6 require a string fallback (#103) (e39921e)

5.0.2 (2020-10-01)

Bug Fixes

• deno: update types for deno ^1.4.0 (#100) (3834d9a)

5.0.1 (2020-09-05)

Bug Fixes

• main had old index path (#98) (124f7b0)

5.0.0 (2020-09-05)

⚠ BREAKING CHANGES

• exports maps are now used, which modifies import behavior.
• drops Node 6 and 4. begin following Node.js LTS schedule (#89)

Features

• add support for ESM and Deno #95) (4d7ae94)

... (truncated)

• See full diff in compare view

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from release-it's releases.

Release 14.4.1

• Update dependencies (2900dc3)
• Skip checks when in GitLab CI with Job-token (757288d)
• Explicitly set gitlab.tokenHeader (and gitlab.tokenRef) option (efcc591)

Release 14.4.0

• Merge branch 'gitlab-job-token' (5e81b7c)
• Fix and use "community edition" gitlab url's (9ac6a54)

Release 14.4.0-next.0

• Add and fix up tests (9ef0dbe)
• Fix variables attached to this in gitlab plugin (8a32d72)
• Use Job-Token over Private-Token header if CI_JOB_TOKEN is set (f1b1144)

Release 14.3.0

No release notes provided.

Release 14.3.0-next.1

• Stream stdout/err logging in sh.exec process (fixes #727 (80241e1)

Release 14.3.0-next.0

• Update dependencies (50f4169)
• Account for custom tag name when retrieving latest tag (#722) (b90728a)
• Fix remote in test (closes #730) (4fdc6cf)
• Update dependencies (b21476a)
• Add support for German empty commits (closes #728) (c6c7a9e)
• Add missing stubs in github test (e56f378)
• Fix links (2899530)
• Add markdown-link-checker as GH Action (46030dc)
• Fix README link (#721) (abcf92d)
• Update dependencies (cd4e30f)
• Update some links/redirects (be84fa4)

Release 14.2.2

• Fix lint issue (a2b68ed)
• Update dependencies (2ebeadb)
• Fix failing test by ignoring OS-based path (0b9aa23)
• Add test for plugin context (c628990)
• Remove unusde variables (3082fc5)

Release 14.2.1

• Update dependencies (5373cee)
• Remove isCI argument and restructure tests a bit (e267697)
• Fix prerelease continuation increased patch version in CI mode (#715) (3021d18)
• Add link to plugin-starterkit (1e2e8f3)
• Make test helper a bit more readable (3a38d4f)
• Improve plugin docs (re. peerDependencies in #713) (7d8ce87)

Release 14.2.0

• Update dependencies (08f1161)

... (truncated)

• 4fb8eb6 Release 14.4.1
• 2900dc3 Update dependencies
• 757288d Skip checks when in GitLab CI with Job-token
• efcc591 Explicitly set gitlab.tokenHeader (and gitlab.tokenRef) option
• 8907954 Release 14.4.0
• 5e81b7c Merge branch 'gitlab-job-token'
• 9ac6a54 Fix and use "community edition" gitlab url's
• 0dbc400 Release 14.4.0-next.0
• 9ef0dbe Add and fix up tests
• 8a32d72 Fix variables attached to this in gitlab plugin
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from postcss's releases.

8.2.6

• Fixed Maximum call stack size exceeded in Node#toJSON.
• Fixed docs (by @inokawa).

8.2.5

• Fixed escaped characters handling in list.split (by @nex3).

8.2.4

• Added plugin name to postcss.plugin() warning (by @Alphy11).
• Fixed docs (by @billcolumbia).

8.2.3

• Fixed JSON.stringify(Node[]) support (by @mischnic).

8.2.2

• Fixed CSS-in-JS support (by @43081j).
• Fixed plugin types (by @ludofischer).
• Fixed Result#warn() types.

8.2.1

• Fixed Node#toJSON() and postcss.fromJSON() (by @mischnic).

8.2 “Prince Orobas”

PostCSS 8.2 added a new API to serialize and deserialize CSS AST to JSON.

import { parse, fromJSON } from 'postcss'
let root = parse('a{}', { from: 'input.css' })
let json = root.toJSON()
// save to file, send by network, etc
let root2 = fromJSON(json)

Thanks to @mischnic for his work.

8.1.14

• Fixed parser performance regression.

8.1.13

• Fixed broken AST after moving nodes in visitor API.

8.1.12

• Fixed Autoprefixer regression.

8.1.11

• Added PostCSS update suggestion on unknown event in plugin.

... (truncated)

Sourced from postcss's changelog.

8.2.6

• Fixed Maximum call stack size exceeded in Node#toJSON.
• Fixed docs (by inokawa).

8.2.5

• Fixed escaped characters handling in list.split (by Natalie Weizenbaum).

8.2.4

• Added plugin name to postcss.plugin() warning (by Tom Williams).
• Fixed docs (by Bill Columbia).

8.2.3

• Fixed JSON.stringify(Node[]) support (by Niklas Mischkulnig).

8.2.2

• Fixed CSS-in-JS support (by James Garbutt).
• Fixed plugin types (by Ludovico Fischer).
• Fixed Result#warn() types.

8.2.1

• Fixed Node#toJSON() and postcss.fromJSON() (by Niklas Mischkulnig).

8.2 “Prince Orobas”

• Added Node#toJSON() and postcss.fromJSON() (by Niklas Mischkulnig).

• 9fe29cc Release 8.2.6 version
• d00b35d Update dependebcies
• 5797a43 Fix Node#toJSON and proxyCache
• faac7d0 Merge pull request #1525 from inokawa/patch-1
• 35865b8 Fix typo in doc
• 416b3b9 Fix changelog note
• 52a80ae Release 8.2.5 version
• bca83e3 Update dependencies
• 7cba504 Clean up code
• 7234b1a Use latest version of action to install Node.js
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Sourced from postcss's releases.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

... (truncated)

Sourced from postcss's changelog.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

... (truncated)

• c26baf3 Release 8.4.19 version
• ed5103d Update dependencies
• 8086ea3 Merge pull request #1790 from romainmenke/fix-whitespace-bug--passionate-afri...
• 4b38845 fix whitespace bug
• cf9425a Merge pull request #1789 from eduardopilati/patch-1
• ca04e0a Update plugins.md
• fe63768 Update dependencies
• 3b6ba56 Add Node.js 19
• d33f272 Release 8.4.18 version
• 75d6556 Update dependencies
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from tailwindcss's releases.

v3.2.1

Fixed

• Fix missing supports in types (#9616)
• Fix missing PostCSS dependencies in the CLI (#9617)
• Ensure micromatch is a proper CLI dependency (#9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551d)

v3.2.0

We just released Tailwind CSS v3.2! Read the announcement post for more details about the most exciting new features.

---

Added

• Add new @config directive (#9405)
• Add new relative: true option to resolve content paths relative to the config file (#9396)
• Add new supports-* variant (#9453)
• Add new min-* and max-* variants (#9558)
• Add new aria-* variants (#9557, #9588)
• Add new data-* variants (#9559, #9588)
• Add new break-keep utility for word-break: keep-all (#9393)
• Add new collapse utility for visibility: collapse (#9181)
• Add new fill-none utility for fill: none (#9403)
• Add new stroke-none utility for stroke: none (#9403)
• Add new place-content-baseline utility for place-content: baseline (#9498)
• Add new place-items-baseline utility for place-items: baseline (#9507)
• Add new content-baseline utility for align-content: baseline (#9507)
• Add support for configuring default font-feature-settings for a font family (#9039)
• Add standalone CLI build for 32-bit Linux on ARM (node16-linux-armv7) (#9084)
• Add future flag to disable color opacity utility plugins (#9088)
• Add negative value support for outline-offset (#9136)
• Add support for modifiers to matchUtilities (#9541)
• Allow negating utilities using min/max/clamp (#9237)
• Implement fallback plugins when there is ambiguity between plugins when using arbitrary values (#9376)
• Support sort function in matchVariant (#9423)
• Upgrade to postcss-nested v6.0 (#9546)

Fixed

• Use absolute paths when resolving changed files for resilience against working directory changes (#9032)
• Fix ring color utility generation when using respectDefaultRingColorOpacity (#9070)
• Sort tags before classes when @apply-ing a selector with joined classes (#9107)
• Remove invalid outline-hidden utility (#9147)
• Honor the hidden attribute on elements in preflight (#9174)
• Don't stop watching atomically renamed files (#9173, #9215)
• Fix duplicate utilities issue causing memory leaks (#9208)
• Fix fontFamily config TypeScript types (#9214)
• Handle variants on complex selector utilities (#9262)
• Fix shared config mutation issue (#9294)

... (truncated)

Sourced from tailwindcss's changelog.

[3.2.1] - 2022-10-21

Fixed

• Fix missing supports in types (#9616)
• Fix missing PostCSS dependencies in the CLI (#9617)
• Ensure micromatch is a proper CLI dependency (#9620)
• Ensure modifier values exist when using a modifiers object for matchVariant (ba6551db0f2726461371b4f3c6cd4c7090888504)

[3.2.0] - 2022-10-19

Added

• Add new @config directive (#9405)
• Add new relative: true option to resolve content paths relative to the config file (#9396)
• Add new supports-* variant (#9453)
• Add new min-* and max-* variants (#9558)
• Add new aria-* variants (#9557, #9588)
• Add new data-* variants (#9559, #9588)
• Add new break-keep utility for word-break: keep-all (#9393)
• Add new collapse utility for visibility: collapse (#9181)
• Add new fill-none utility for fill: none (#9403)
• Add new stroke-none utility for stroke: none (#9403)
• Add new place-content-baseline utility for place-content: baseline (#9498)
• Add new place-items-baseline utility for place-items: baseline (#9507)
• Add new content-baseline utility for align-content: baseline (#9507)
• Add support for configuring default font-feature-settings for a font family (#9039)
• Add standalone CLI build for 32-bit Linux on ARM (node16-linux-armv7) (#9084)
• Add future flag to disable color opacity utility plugins (#9088)
• Add negative value support for outline-offset (#9136)
• Add support for modifiers to matchUtilities (#9541)
• Allow negating utilities using min/max/clamp (#9237)
• Implement fallback plugins when there is ambiguity between plugins when using arbitrary values (#9376)
• Support sort function in matchVariant (#9423)
• Upgrade to postcss-nested v6.0 (#9546)

Fixed

• Use absolute paths when resolving changed files for resilience against working directory changes (#9032)
• Fix ring color utility generation when using respectDefaultRingColorOpacity (#9070)
• Sort tags before classes when @apply-ing a selector with joined classes (#9107)
• Remove invalid outline-hidden utility (#9147)
• Honor the hidden attribute on elements in preflight (#9174)
• Don't stop watching atomically renamed files (#9173, #9215)
• Fix duplicate utilities issue causing memory leaks (#9208)
• Fix fontFamily config TypeScript types (#9214)
• Handle variants on complex selector utilities (#9262)
• Fix shared config mutation issue (#9294)
• Fix ordering of parallel variants (#9282)
• Handle variants in utility selectors using :where() and :has() (#9309)

... (truncated)

• 547f9f6 3.2.1
• 8967a51 update changelog
• 726b023 update changelog
• 0bbca33 ensure we also check wether the modifier exists in the modifiers object
• 1445aaf Ensure micromatch is a proper CLI dependency (#9620)
• 3c7fc69 Workflow improvements (#9609)
• 40f6b4f Fix missing PostCSS dependencies in the CLI (#9617)
• 4dfb1e3 Fix missing supports in types (#9616)
• 2faf86f Resolve broken relative logo sources on npmjs (relative → absolute) (#9610)
• 1dc4a76 increase jest test timeout
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from jest's releases.

v29.2.2

Fixes

• [@jest/test-sequencer] Make sure sharding does not produce empty groups (#13476)
• [jest-circus] Test marked as todo are shown as todo when inside a focussed describe (#13504)
• [jest-mock] Ensure mock resolved and rejected values are promises from correct realm (#13503)
• [jest-snapshot] Don't highlight passing asymmetric property matchers in snapshot diff (#13480)

Chore & Maintenance

• [docs] Update link to Jest 28 upgrade guide in error message (#13483)
• [jest-runner, jest-watcher] Update emittery (#13490)

New Contributors

• @​moonrailgun made their first contribution in facebook/jest#13483
• @​halldorbjarni made their first contribution in facebook/jest#13491

Full Changelog: https://github.com/facebook/jest/compare/v29.2.1...v29.2.2

v29.2.1

Features

• [@jest/globals, jest-mock] Add jest.Spied* utility types (#13440)

Fixes

• [jest-environment-node] make globalThis.performance writable for Node 19 and fake timers (#13467)
• [jest-mock] Revert #13398 to restore mocking of setters (#13472)

Performance

• [*] Use sha1 instead of sha256 for hashing (#13421)

Full Changelog: https://github.com/facebook/jest/compare/v29.2.0...v29.2.1

v29.2.0

Features

• [@jest/cli, jest-config] A seed for the test run will be randomly generated, or set by a CLI option (#13400)
• [@jest/cli, jest-config] --show-seed will display the seed value in the report, and can be set via a CLI flag or through the config file (#13400)
• [jest-config] Add readInitialConfig utility function (#13356)
• [jest-core] Allow testResultsProcessor to be async (#13343)
• [@jest/environment, jest-environment-node, jest-environment-jsdom, jest-runtime] Add getSeed() to the jest object (#13400)
• [expect, @jest/expect-utils] Allow isA utility to take a type argument (#13355)
• [expect] Expose AsyncExpectationResult and SyncExpectationResult types (#13411)

Fixes

• [babel-plugin-jest-hoist] Ignore TSTypeQuery when checking for hoisted references (#13367)

... (truncated)

Sourced from jest's changelog.

29.2.2

Fixes

• [@jest/test-sequencer] Make sure sharding does not produce empty groups (#13476)
• [jest-circus] Test marked as todo are shown as todo when inside a focussed describe (#13504)
• [jest-mock] Ensure mock resolved and rejected values are promises from correct realm (#13503)
• [jest-snapshot] Don't highlight passing asymmetric property matchers in snapshot diff (#13480)

Chore & Maintenance

• [docs] Update link to Jest 28 upgrade guide in error message (#13483)
• [jest-runner, jest-watcher] Update emittery (#13490)

29.2.1

Features

• [@jest/globals, jest-mock] Add jest.Spied* utility types (#13440)

Fixes

• [jest-environment-node] make globalThis.performance writable for Node 19 and fake timers (#13467)
• [jest-mock] Revert #13398 to restore mocking of setters (#13472)

Performance

• [*] Use sha1 instead of sha256 for hashing (#13421)

29.2.0

Features

• [@jest/cli, jest-config] A seed for the test run will be randomly generated, or set by a CLI option (#13400)
• [@jest/cli, jest-config] --show-seed will display the seed value in the report, and can be set via a CLI flag or through the config file (#13400)
• [jest-config] Add readInitialConfig utility function (#13356)
• [jest-core] Allow testResultsProcessor to be async (#13343)
• [@jest/environment, jest-environment-node, jest-environment-jsdom, jest-runtime] Add getSeed() to the jest object (#13400)
• [expect, @jest/expect-utils] Allow isA utility to take a type argument (#13355)
• [expect] Expose AsyncExpectationResult and SyncExpectationResult types (#13411)

Fixes

• [babel-plugin-jest-hoist] Ignore TSTypeQuery when checking for hoisted references (#13367)
• [jest-core] Fix detectOpenHandles false positives for some special objects such as TLSWRAP (#13414)
• [jest-mock] Fix mocking of getters and setters on classes (#13398)
• [jest-reporters] Revert: Transform file paths into hyperlinks (#13399)
• [@jest/types] Infer type of each table correctly when the table is a tuple or array (#13381)
• [@jest/types] Rework typings to allow the *ReturnedWith matchers to be called with no argument (#13385)

... (truncated)

• 0a8edbe v29.2.2
• 4551c0f v29.2.1
• ee5b37a v29.2.0
• 22322c9 refactor: use a single root tsconfig for type tests (#13358)
• 3c31dd6 v29.1.2
• fd9cd90 v29.1.1
• 51f1030 v29.1.0
• 77f865d v29.0.3
• 616fcf5 v29.0.2
• 132e815 chore: update to TypeScript 4.8 (#13177)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from release-it's releases.

Release 15.5.0

• Update dependencies (5d035be)
• Add npm.versionArgs option (5efc57f)

Release 15.4.3

• Update dependencies (67da5d9)
• Update got to 12.5.1 (#943) (a9c8c34)

Release 15.4.2

• Update dependencies (97095d5)
• Defer dry run bail out in asset globbing (to include the warning in dry runs) (bf6ccc8)
• Housekeeping for Actions (feff2eb)

Release 15.4.1

• Handle file paths and dots in git urls (055a4ff)
• Update dependencies (including git-url-parse) (1851650)

Release 15.4.0

• Add npm.name to config.context and extend context for tagName (closes #933) (627763f)

Release 15.3.0

• Add new features to docs (e2101ed)
• Add tests for branchName in tag name (a6f6eff)
• Update dependencies (ae9ccb9)
• add branchName for template (#897) (9aa9a5d)
• add new --changelog option (#912) (5798a7a)

Release 15.2.0

• Update dependencies (b78eb1e)
• Add package.json to exports (acc66f7)
• Fixes loading scoped plugins to ensure name is preserved (#926) (145fc71)
• Add workaround for Windows by removing drive letter from git url (#924) (ce3a726)
• Enable manual triggers and disable tag triggers in test pipeline (b830876)
• Fix plugin links (b7cd505)

Release 15.1.4

• Migrate to git-url-parse v12 (41aad00)
• Updates README with new plugin package names (#922) (322ef9a)

Release 15.1.3

• Update dependencies (00566e0)
• fix: Fixes exports to correctly export test utils (#921) (a5abf60)

Release 15.1.2

• Explicitly use node-fetch (nock doesn't intercept native fetch in Node 18) (b6d5813)
• Update dependencies (8a8149e)
• Use extension-based export for test/util.js (fixes #920) (529bc1f)
• Print interpolated assets (fixes #898) (31068de)

Release 15.1.1

... (truncated)

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: https://github.com/release-it/release-it/releases

v15 (2022-04-30)

• Removed support for Node.js v10 and v12.
• Removed support for GitLab v12.4 and lower.
• Removed anonymous metrics (and the option to disable it).
• Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

• Removed global property from plugins. Use this.config[key] instead.
• Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

• Dropped support for Node v8
• Dropped support for GitLab v11.6 and lower.
• Deprecated scripts are removed (in favor of hooks).
• Removed deprecated --non-interactive (-n) argument. Use --ci instead.
• Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

v12 (2019-05-03)

• The --follow-tags argument for git push has been moved to the default configuration. This is only a breaking change if git.pushArgs was not empty (it was empty by default).

v11

• The custom conventional-changelog increment (e.g. "increment": "conventional:angular") with additional script configuration is replaced with a plugin. Please see conventional changelog how to use this plugin.
• The pkgFiles option has been removed. If there's a need to bump other files than what npm version bumps, it should be (part of) a plugin.
• By default, the latest version was derived from the latest Git tag. From v11, if the repo has a package.json then that version is used instead. The use option has been removed. Also see latest version.
• scripts.changelog has been moved to git.changelog

v10

• Dropped support for Node v6

... (truncated)

• bad5f64 Release 15.5.0
• 5d035be Update dependencies
• 5efc57f Add npm.versionArgs option
• 4040727 Release 15.4.3
• 67da5d9 Update dependencies
• a9c8c34 Update got to 12.5.1 (#943)
• 1b7f287 Release 15.4.2
• 97095d5 Update dependencies
• bf6ccc8 Defer dry run bail out in asset globbing (to include the warning in dry runs)
• feff2eb Housekeeping for Actions
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from postcss's releases.

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

... (truncated)

Sourced from postcss's changelog.

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

... (truncated)

• d33f272 Release 8.4.18 version
• 75d6556 Update dependencies
• a11d868 Merge pull request #1788 from KingSora/main
• a1c0b8b delete package.lock
• 28be739 add toFileUrl function
• edfd3e0 improvement
• 3d0d204 improve test
• 3dac15c absolute sourcemaps have source content
• 767c83e Merge pull request #1787 from muddv/architecture-title-fix
• 567b976 Change title
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from postcss's releases.

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

8.4.3

• Fixed this.css.replace is not a function error.

... (truncated)

Sourced from postcss's changelog.

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

8.4.3

• Fixed this.css.replace is not a function error.

... (truncated)

• 34c0de4 Release 8.4.17 version
• 9454dcc Merge pull request #1781 from romainmenke/fix-issue-1778--practical-snowy-owl...
• 7278432 recalculate the insertion index after normalizing a node
• e1538a4 Merge pull request #1780 from romainmenke/add-test-for-sorting-nodes--courage...
• 24c1432 add test for sorting container.nodes
• c047e0a Fix index
• b163f07 Clean up CI
• a002d8e Update docs
• cedc6a5 Merge pull request #1779 from muddv/docs-index
• 967d584 Update docs/writing-a-plugin.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from postcss's releases.

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

... (truncated)

Sourced from postcss's changelog.

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

• Fixed Root AST migration.

8.4.15

• Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

... (truncated)

• 1d4c509 Release 8.4.20 version
• 905082a Add Node.js 10 to CI
• 20122e5 Fix childless at-rule map generation
• ff7e8ce Merge pull request #1801 from romainmenke/invalid-sourcemap-with-at-layer--pr...
• d585976 Fix CI
• 744b15f Update dependencies
• db935f1 invalid sourcemap with at layer
• 3cac84a Fix type tests
• 5113edb Update dependencies
• c26baf3 Release 8.4.19 version
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from release-it's releases.

Release 15.6.0

• Fix specs for #966 (39a318b)
• Move space (quickfix) (cfae247)
• fix: use spec formdata (#958) (c21e6b6)
• Fix npm.isCollaborator() on npm v9 (#966) (3bd405a)
• feat(git): added option to use --exclude option on git describe (#963) (2b484bf)

Release 15.5.1

• Update dependencies (aa89cbd)
• Prompt for npm OTP in --only-version (fixes #948) (ff626d1)
• Remove unused export/function (331b0de)
• Add knip + config (ee99f63)

Release 15.5.0

• Update dependencies (5d035be)
• Add npm.versionArgs option (5efc57f)

Release 15.4.3

• Update dependencies (67da5d9)
• Update got to 12.5.1 (#943) (a9c8c34)

Release 15.4.2

• Update dependencies (97095d5)
• Defer dry run bail out in asset globbing (to include the warning in dry runs) (bf6ccc8)
• Housekeeping for Actions (feff2eb)

Release 15.4.1

• Handle file paths and dots in git urls (055a4ff)
• Update dependencies (including git-url-parse) (1851650)

Release 15.4.0

• Add npm.name to config.context and extend context for tagName (closes #933) (627763f)

Release 15.3.0

• Add new features to docs (e2101ed)
• Add tests for branchName in tag name (a6f6eff)
• Update dependencies (ae9ccb9)
• add branchName for template (#897) (9aa9a5d)
• add new --changelog option (#912) (5798a7a)

Release 15.2.0

• Update dependencies (b78eb1e)
• Add package.json to exports (acc66f7)
• Fixes loading scoped plugins to ensure name is preserved (#926) (145fc71)
• Add workaround for Windows by removing drive letter from git url (#924) (ce3a726)
• Enable manual triggers and disable tag triggers in test pipeline (b830876)
• Fix plugin links (b7cd505)

Release 15.1.4

• Migrate to git-url-parse v12 (41aad00)

... (truncated)

Sourced from release-it's changelog.

Changelog

This document lists breaking changes for each major release.

See the GitHub Releases page for detailed changelogs: https://github.com/release-it/release-it/releases

v15 (2022-04-30)

• Removed support for Node.js v10 and v12.
• Removed support for GitLab v12.4 and lower.
• Removed anonymous metrics (and the option to disable it).
• Programmatic usage and plugins only through ES Module syntax (import)

Use release-it v14 in legacy environments.

v14 (2020-09-03)

• Removed global property from plugins. Use this.config[key] instead.
• Removed deprecated npm.access option. Set this in package.json instead.

v13 (2020-03-07)

• Dropped support for Node v8
• Dropped support for GitLab v11.6 and lower.
• Deprecated scripts are removed (in favor of hooks).
• Removed deprecated --non-interactive (-n) argument. Use --ci instead.
• Removed old %s and [REV_RANGE] syntax in command substitutions. Use ${version} and ${latestTag} instead.

v12 (2019-05-03)

• The --follow-tags argument for git push has been moved to the default configuration. This is only a breaking change if git.pushArgs was not empty (it was empty by default).

v11

• The custom conventional-changelog increment (e.g. "increment": "conventional:angular") with additional script configuration is replaced with a plugin. Please see conventional changelog how to use this plugin.
• The pkgFiles option has been removed. If there's a need to bump other files than what npm version bumps, it should be (part of) a plugin.
• By default, the latest version was derived from the latest Git tag. From v11, if the repo has a package.json then that version is used instead. The use option has been removed. Also see latest version.
• scripts.changelog has been moved to git.changelog

v10

• Dropped support for Node v6

... (truncated)

• 922827d Release 15.6.0
• 39a318b Fix specs for #966
• cfae247 Move space (quickfix)
• c21e6b6 fix: use spec formdata (#958)
• 3bd405a Fix npm.isCollaborator() on npm v9 (#966)
• 2b484bf feat(git): added option to use --exclude option on git describe (#963)
• 5c02079 Release 15.5.1
• aa89cbd Update dependencies
• ff626d1 Prompt for npm OTP in --only-version (fixes #948)
• 331b0de Remove unused export/function
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from jest's releases.

v29.3.1

Fixes

• [jest-config] Do not warn about preset in ProjectConfig #13583

Performance

• [jest-transform] Defer creation of cache directory #13420

v29.3.0

Features

• [jest-runtime] Support WebAssembly (Wasm) imports in ESM modules (#13505)

Fixes

• [jest-config] Add config validation for projects option (#13565)
• [jest-mock] Treat cjs modules as objects so they can be mocked (#13513)
• [jest-worker] Throw an error instead of hanging when jest workers terminate unexpectedly (#13566)

Chore & Maintenance

• [@jest/transform] Update convert-source-map (#13509)
• [docs] Mention toStrictEqual in UsingMatchers docs. (#13560)

New Contributors

• @​Tofandel made their first contribution in facebook/jest#13513
• @​RyWilliams made their first contribution in facebook/jest#13520
• @​waikoo made their first contribution in facebook/jest#13447
• @​kachkaev made their first contribution in facebook/jest#13505
• @​ibuibu made their first contribution in facebook/jest#13565
• @​necipallef made their first contribution in facebook/jest#13560
• @​ravshansbox made their first contribution in facebook/jest#13533

Full Changelog: https://github.com/facebook/jest/compare/v29.2.2...v29.3.0

v29.2.2

Fixes

• [@jest/test-sequencer] Make sure sharding does not produce empty groups (#13476)
• [jest-circus] Test marked as todo are shown as todo when inside a focussed describe (#13504)
• [jest-mock] Ensure mock resolved and rejected values are promises from correct realm (#13503)
• [jest-snapshot] Don't highlight passing asymmetric property matchers in snapshot diff (#13480)

Chore & Maintenance

• [docs] Update link to Jest 28 upgrade guide in error message (#13483)
• [jest-runner, jest-watcher] Update emittery (#13490)

New Contributors

... (truncated)

Sourced from jest's changelog.

29.3.1

Fixes

• [jest-config] Do not warn about preset in ProjectConfig (#13583)

Performance

• [jest-transform] Defer creation of cache directory (#13420)

29.3.0

Features

• [jest-runtime] Support WebAssembly (Wasm) imports in ESM modules (#13505)

Fixes

• [jest-config] Add config validation for projects option (#13565)
• [jest-mock] Treat cjs modules as objects so they can be mocked (#13513)
• [jest-worker] Throw an error instead of hanging when jest workers terminate unexpectedly (#13566)

Chore & Maintenance

• [@jest/transform] Update convert-source-map (#13509)
• [docs] Mention toStrictEqual in UsingMatchers docs. (#13560)

29.2.2

Fixes

• [@jest/test-sequencer] Make sure sharding does not produce empty groups (#13476)
• [jest-circus] Test marked as todo are shown as todo when inside a focussed describe (#13504)
• [jest-mock] Ensure mock resolved and rejected values are promises from correct realm (#13503)
• [jest-snapshot] Don't highlight passing asymmetric property matchers in snapshot diff (#13480)

Chore & Maintenance

• [docs] Update link to Jest 28 upgrade guide in error message (#13483)
• [jest-runner, jest-watcher] Update emittery (#13490)

29.2.1

Features

• [@jest/globals, jest-mock] Add jest.Spied* utility types (#13440)

Fixes

• [jest-environment-node] make globalThis.performance writable for Node 19 and fake timers (#13467)

... (truncated)

• 05deb83 v29.3.1
• 84b8de9 v29.3.0
• 0a8edbe v29.2.2
• 4551c0f v29.2.1
• ee5b37a v29.2.0
• 22322c9 refactor: use a single root tsconfig for type tests (#13358)
• 3c31dd6 v29.1.2
• fd9cd90 v29.1.1
• 51f1030 v29.1.0
• 77f865d v29.0.3
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)