Webpack 4 template. Vue, Babel 7v, Sass / css / postcss (autoprefixer & css-nano & css-mqpacker)

By Evgenii Vedegis
Last update: Jan 6, 2023
Comments: 17

Webpack Template Document

Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset.

Author: To code | Youtube guide in Russian

Build Setup:

# Download repository:
git clone https://github.com/vedees/webpack-template webpack-template

# Go to the app:
cd webpack-template

# Install dependencies:
npm install

# Server with hot reload at http://localhost:8081/
npm run dev

# Output will be at dist/ folder
npm run build

Project Structure:

src/index.html - main app HTML
src/assets/scss - put custom app SCSS styles here. Don't forget to import them in index.js
src/assets/css - the same as above but CSS here. Don't forget to import them in index.js
src/assets/img - put images here. Don't forget to use correct path: assets/img/some.jpg
src/js - put custom app scripts here
src/index.js - main app file where you include/import all required libs and init app
src/components - folder with custom .vue components
src/store - app store for vue
static/ - folder with extra static assets that will be copied into output folder

Settings:

Main const:

Easy way to move all files. Default:

const PATHS = {
  // Path to main app dir
  src: path.join(__dirname, '../src'),
  // Path to Output dir
  dist: path.join(__dirname, '../dist'),
  // Path to Second Output dir (js/css/fonts etc folder)
  assets: 'assets/'
}

Customize:

Change any folders:

const PATHS = {
  // src must be src
  src: path.join(__dirname, '../src'),
  // dist to public
  dist: path.join(__dirname, '../public'),
  // assets to static
  assets: 'static/'
}

Import Another libs:

Install libs
Import libs in ./index.js

// React example
import React from 'react'
// Bootstrap example
import Bootstrap from 'bootstrap/dist/js/bootstrap.min.js'
import 'bootstrap/dist/js/bootstrap.min.js'

Import only SASS or CSS libs:

Install libs
Go to /assets/scss/utils/libs.scss
Import libs in node modules

// Sass librarys example:
@import '../../node_modules/spinners/stylesheets/spinners';
// CSS librarys example:
@import '../../node_modules/flickity/dist/flickity.css';

Import js files:

Create another js module in ./js/ folder
Import modules in ./js/index.js file

// another js file for example
import './common.js'

HTML Dir Folder:

Default:

.html dir: ./src
Configurations: in ./build/webpack.base.conf.js

const PAGES_DIR = PATHS.src

Usage: All files must be created in the ./src folder. Example:

./src/index.html
./src/about.html

Change HTML Default Dir Folder:

Example for ./src/pages:

Create folder for all html files in ./src. Be like: ./src/pages
Change ./build/webpack.base.conf.js const PAGES_DIR:

// Old path
// const PAGES_DIR = PATHS.src

// Your new path
const PAGES_DIR = `${PATHS.src}/pages`

Rerun webpack dev server

Usage: All files must be created in the ./src/pages folder. Example:

./src/pages/index.html
./src/pages/about.html

Create Another HTML Files:

Default:

Automatic creation any html pages:

Create another html file in ./src (main folder)
Open new page http://localhost:8081/about.html (Don't forget to RERUN dev server) See more - commit

Second method:

Manual (not Automaticlly) creation any html pages (Don't forget to RERUN dev server and COMMENT lines above)

Create another html file in ./src (main folder)
Go to ./build/webpack.base.conf.js
Comment lines above (create automaticlly html pages)
Create new page in html:

    new HtmlWebpackPlugin({
      template: `${PAGES_DIR}/index.html`,
      filename: './index.html',
      inject: true
    }),
    new HtmlWebpackPlugin({
      template: `${PAGES_DIR}/another.html`,
      filename: './another.html',
      inject: true
    }),

Open new page http://localhost:8081/about.html (Don't forget to RERUN dev server)

Third method: (BEST)

Сombine the first method and the second. Example:

    ...PAGES.map(page => new HtmlWebpackPlugin({
      template: `${PAGES_DIR}/${page}`,
      filename: `./${page}`
    })),
    new HtmlWebpackPlugin({
      template: `${PAGES_DIR}/about/index.html`,
      filename: './about/index.html',
      inject: true
    }),
    new HtmlWebpackPlugin({
      template: `${PAGES_DIR}/about/portfolio.html`,
      filename: './about/portfolio.html',
      inject: true
    }),

Vue install:

Default: already have

Install vue

npm install vue --save

Init vue index.js:

const app = new Vue({
  el: '#app'
})

Create div id app

<div id="app">
  <!-- content -->
</div>

Vuex install:

Install vuex

npm install vuex --save

Import Vuex

import store from './store'

Create index.js in ./store

import Vue from 'vue'
import Vuex from 'vuex'
Vue.use(Vuex)

export default new Vuex.Store({
  // vuex content
})

Add Vue Components:

Create your component in /components/

HTML Usage:

Init component in index.js:

Vue.component('example-component', require('./components/Example.vue').default)

Any html files:

 <example-component />

VUE Usage:

import components in .vue:

import example from '~/components/Example.vue'

  components: {
    example
  }

Init in vue component:

<example />

Add Fonts:

Сhoose one of the ways:

Handle menthod,
Use mixin;

Handle:

Add @font-face in /assets/scss/utils/fonts.scss:

// Example with Helvetica
@font-face {
  font-family: "Helvetica-Base";
  src: url('/assets/fonts/Helvetica/Base/Helvetica-Base.eot'); /* IE9 Compat Modes */
  src: url('/assets/fonts/Helvetica/Base/Helvetica-Base.eot?#iefix') format('embedded-opentype'), /* IE6-IE8 */
       url('/assets/fonts/Helvetica/Base/Helvetica-Base.woff') format('woff'), /* Pretty Modern Browsers */
       url('/assets/fonts/Helvetica/Base/Helvetica-Base.ttf')  format('truetype'), /* Safari, Android, iOS */
       url('/assets/fonts/Helvetica/Base/Helvetica-Base.svg') format('svg'); /* Legacy iOS */
}

Add vars for font in /assets/scss/utils/vars.scss:

$mySecontFont : 'Helvetica-Base', Arial, sans-serif;

Or with mixin:

By default template support only modern format fonts: .woff, .woffs;

If ypu need svg or more formaths use another mixin in src/assets/scss/utils/mixin.scss

Usage:

Put your font to src/assets/fonts/FOLDERNAME/FONTNAME. FOLLOW: Files Required: Example: .woff, .woffs formats;
Go to fonts.scss;
Use mixin Example: @include font-face("OpenSans", "../fonts/OpenSans/opensans");, Example 2: @include font-face("OpenSans", "../fonts/OpenSans/opensansItalic", 400, italic);.

License

MIT

Github

https://github.com/vedees/webpack-template

Comments(17)

1

Bump loader-utils from 1.2.3 to 1.4.1
Bumps loader-utils from 1.2.3 to 1.4.1.
Release notes

Sourced from loader-utils's releases.
v1.4.1

1.4.1 (2022-11-07)

Bug Fixes
- security problem (#220) (4504e34)
v1.4.0

1.4.0 (2020-02-19)

Features
- the resourceQuery is passed to the interpolateName method (#163) (cd0e428)
v1.3.0

1.3.0 (2020-02-19)

Features
- support the [query] template for the interpolatedName method (#162) (469eeba)
Changelog

Sourced from loader-utils's changelog.
1.4.1 (2022-11-07)

Bug Fixes
- security problem (#220) (4504e34)
1.4.0 (2020-02-19)

Features
- the resourceQuery is passed to the interpolateName method (#163) (cd0e428)
1.3.0 (2020-02-19)

Features
- support the [query] template for the interpolatedName method (#162) (469eeba)
Commits
- 8f082b3 chore(release): 1.4.1
- 4504e34 fix: security problem (#220)
- d95b8b5 chore(release): 1.4.0
- cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
- 06d36cf chore(release): 1.3.0
- 469eeba feat: support the [query] template for the interpolatedName method (#162)
- 909c99d chore: funding.yml config and CI fix (#159)
- b5b74f0 Set up CI with Azure Pipelines
- 7970c48 docs: small grammar change (#144)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
2

Bump url-parse from 1.4.7 to 1.5.7
Bumps url-parse from 1.4.7 to 1.5.7.
Commits
- 8b3f5f2 1.5.7
- ef45a13 [fix] Readd the empty userinfo to url.href (#226)
- 88df234 [doc] Add soft deprecation notice
- 78e9f2f [security] Fix nits
- e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
- 4c9fa23 1.5.6
- 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
- e4a5807 1.5.5
- 193b44b [minor] Simplify whitespace regex
- 319851b [fix] Remove CR, HT, and LF
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
3

Bump follow-redirects from 1.9.0 to 1.14.7
Bumps follow-redirects from 1.9.0 to 1.14.7.
Commits
- 2ede36d Release version 1.14.7 of the npm package.
- 8b347cb Drop Cookie header across domains.
- 6f5029a Release version 1.14.6 of the npm package.
- af706be Ignore null headers.
- d01ab7a Release version 1.14.5 of the npm package.
- 40052ea Make compatible with Node 17.
- 86f7572 Fix: clear internal timer on request abort to avoid leakage
- 2e1eaf0 Keep Authorization header on subdomain redirects.
- 2ad9e82 Carry over Host header on relative redirects (#172)
- 77e2a58 Release version 1.14.4 of the npm package.
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
4

Bump url-parse from 1.4.7 to 1.5.3
Bumps url-parse from 1.4.7 to 1.5.3.
Commits
- ad44493 [dist] 1.5.3
- c798461 [fix] Fix host parsing for file URLs (#210)
- 201034b [dist] 1.5.2
- 2d9ac2c [fix] Sanitize only special URLs (#209)
- fb128af [fix] Use 'null' as origin for non special URLs
- fed6d9e [fix] Add a leading slash only if the URL is special
- 94872e7 [fix] Do not incorrectly set the slashes property to true
- 81ab967 [fix] Ignore slashes after the protocol for special URLs
- ee22050 [ci] Use GitHub Actions
- d2979b5 [fix] Special case the file: protocol (#204)
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
5

Bump postcss from 7.0.25 to 7.0.36
Bumps postcss from 7.0.25 to 7.0.36.
Release notes

Sourced from postcss's releases.
7.0.36
- Backport ReDoS vulnerabilities from PostCSS 8.
7.0.35
- Add migration guide link to PostCSS 8 error text.
7.0.34
- Fix compatibility with postcss-scss 2.
7.0.33
- Add error message for PostCSS 8 plugins.
7.0.32
- Fix error message (by @admosity).
7.0.31
- Use only the latest source map annotation (by @emzoumpo).
7.0.30
- Fix TypeScript definition (by @nex3)
7.0.29
- Update Processor#version.
7.0.28
- Fix TypeScript definition (by @nex3).
7.0.27
- Fix TypeScript definition (by @nex3).
7.0.26
- Fix TypeScript definition (by @nex3)
Changelog

Sourced from postcss's changelog.
7.0.36
- Backport ReDoS vulnerabilities from PostCSS 8.
7.0.35
- Add migration guide link to PostCSS 8 error text.
7.0.34
- Fix compatibility with postcss-scss 2.
7.0.33
- Add error message for PostCSS 8 plugins.
7.0.36
- Backport ReDoS vulnerabilities from PostCSS 8.
7.0.35
- Add migration guide link to PostCSS 8 error text.
7.0.34
- Fix compatibility with postcss-scss 2.
7.0.33
- Add error message for PostCSS 8 plugins.
7.0.32
- Fix error message (by @admosity).
7.0.31
- Use only the latest source map annotation (by Emmanouil Zoumpoulakis).
7.0.30
- Fix TypeScript definition (by Natalie Weizenbaum).
7.0.29
- Update Processor#version.
7.0.28
- Fix TypeScript definition (by Natalie Weizenbaum).
7.0.27
- Fix TypeScript definition (by Natalie Weizenbaum).
7.0.26
- Fix TypeScript definition (by Natalie Weizenbaum).
Commits
- 67e3d7b Release 7.0.36 version
- 54cbf3c Backport ReDoS vulnerabilities from PostCSS 8
- 12832f3 Release 7.0.35 version
- 4455ef6 Use OpenCollective in funding
- e867c79 Add migration guide to PostCSS 8 error
- 32a22a9 Release 7.0.34 version
- 2293982 Lock build targets
- 2c3a111 Release 7.0.33 version
- 4105f21 Use yaspeller instead of yaspeller-ci
- c8d02a0 Revert yaspeller-ci removal
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
6

Bump ws from 6.2.1 to 6.2.2
Bumps ws from 6.2.1 to 6.2.2.
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
7

Bump dns-packet from 1.3.1 to 1.3.4
Bumps dns-packet from 1.3.1 to 1.3.4.
Commits
- ebdf849 1.3.4
- ac57872 move all allocUnsafes to allocs for easier maintenance
- c64c950 1.3.3
- 0598ba1 fix .. in encodingLength
- 010aedb 1.3.2
- 0d0d593 backport encodingLength fix to v1
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
8

Bump browserslist from 4.8.2 to 4.16.6
Bumps browserslist from 4.8.2 to 4.16.6.
Changelog

Sourced from browserslist's changelog.
4.16.6
- Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).
4.16.5
- Fixed unsafe RegExp (by Yeting Li).
4.16.4
- Fixed unsafe RegExp.
- Added artifactory support to --update-db (by Ittai Baratz).
4.16.3
- Fixed --update-db.
4.16.2
- Fixed --update-db (by @ialarmedalien).
4.16.1
- Fixed Chrome 4 with mobileToDesktop (by Aron Woost).
4.16
- Add browserslist config query.
4.15
- Add TypeScript types (by Dmitry Semigradsky).
4.14.7
- Fixed Yarn Workspaces support to --update-db (by Fausto Núñez Alberro).
- Added browser changes to --update-db (by @AleksandrSl).
- Added color output to --update-db.
- Updated package.funding to have link to our Open Collective.
4.14.6
- Fixed Yarn support in --update-db (by Ivan Storck).
- Fixed npm 7 support in --update-db.
4.14.5
- Fixed last 2 electron versions query (by Sergey Melyukov).
4.14.4
- Fixed Unknown version 59 of op_mob error.
4.14.3
- Update Firefox ESR.
4.14.2
- Fixed --update-db on Windows (by James Ross).
- Improved --update-db output.
4.14.1
- Added --update-db explanation (by Justin Zelinsky).
... (truncated)
Commits
- 6fe3614 Release 4.16.6 version
- 33ebac9 Update dependencies
- 2128170 Add support for npm-shrinkwrap files alongside package-lock (#595)
- 7cc2aed Release 4.16.5 version
- 27e4afd Update dependencies
- 1013a18 Fix version RegExp
- b879a1a Use Node.js 16 on CI
- bd1e9e0 Fix ReDoS (#593)
- 209adf9 Release 4.16.4 version
- 3e2ae3b Fix types
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
9

Bump hosted-git-info from 2.8.5 to 2.8.9
Bumps hosted-git-info from 2.8.5 to 2.8.9.
Changelog

Sourced from hosted-git-info's changelog.
2.8.9 (2021-04-07)

Bug Fixes
- backport regex fix from #76 (29adfe5), closes #84
2.8.8 (2020-02-29)

Bug Fixes
- #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66
2.8.7 (2020-02-26)

Bug Fixes
- Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
- Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60
2.8.6 (2020-02-25)
Commits
- 8d4b369 chore(release): 2.8.9
- 29adfe5 fix: backport regex fix from #76
- afeaefd chore(release): 2.8.8
- 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
- 7440afa chore(release): 2.8.7
- 2d0bb66 fix: Do not attempt to use url.URL when unavailable
- f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
- e1b83df chore(release): 2.8.6
- ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
- See full diff in compare view
Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
10

Bump lodash from 4.17.15 to 4.17.21
Bumps lodash from 4.17.15 to 4.17.21.
Commits
- f299b52 Bump to v4.17.21
- c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
- 3469357 Prevent command injection through _.template's variable option
- ded9bc6 Bump to v4.17.20.
- 63150ef Documentation fixes.
- 00f0f62 test.js: Remove trailing comma.
- 846e434 Temporarily use a custom fork of lodash-cli.
- 5d046f3 Re-enable Travis tests on 4.17 branch.
- aa816b3 Remove /npm-package.
- d7fbc52 Bump to v4.17.19
- Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
11

Bump url-parse from 1.4.7 to 1.5.1
Bumps url-parse from 1.4.7 to 1.5.1.
Commits
- eb6d9f5 [dist] 1.5.1
- 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
- 3ac7774 [test] Make test consistent for browser testing
- 267a0c6 [dist] 1.5.0
- d1e7e88 [security] More backslash fixes (#197)
- d99bf4c [ignore] Remove npm-debug.log from .gitignore
- 422c8b5 [pkg] Replace nyc with c8
- 933809d [pkg] Move coveralls to dev dependencies
- 190b216 [pkg] Add .npmrc
- ce3783f [test] Do not test on all available versions of Edge and Safari
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
12

Bump json5 from 1.0.1 to 1.0.2
Bumps json5 from 1.0.1 to 1.0.2.
Release notes

Sourced from json5's releases.
v1.0.2
- Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)
Changelog

Sourced from json5's changelog.
Unreleased [code, diff]

v2.2.3 [code, diff]
- Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)
v2.2.2 [code, diff]
- Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).
v2.2.1 [code, diff]
- Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)
v2.2.0 [code, diff]
- New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)
v2.1.3 [code, diff]
- Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)
v2.1.2 [code, diff]
... (truncated)
Commits
- a62db1e 1.0.2
- e0c23fe docs: update CHANGELOG for v1.0.2
- 62a6540 fix: add proto to objects and arrays
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
13

Bump express from 4.17.1 to 4.18.2
Bumps express from 4.17.1 to 4.18.2.
Release notes

Sourced from express's releases.
4.18.2
- Fix regression routing a large stack in a single route
- deps: [email protected]
  
  deps: [email protected]
  
  perf: remove unnecessary object clone
- deps: [email protected]
4.18.1
- Fix hanging on large stack of sync routes
4.18.0
- Add "root" option to res.download
- Allow options without filename in res.download
- Deprecate string and non-integer arguments to res.status
- Fix behavior of null/undefined as maxAge in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore Object.prototype values in settings through app.set/app.get
- Invoke default with same arguments as types in res.format
- Support proper 205 responses using res.send
- Use http-errors for res.format error
- deps: [email protected]
  
  Fix error message for json parse whitespace in strict
  
  Fix internal error when inflated body exceeds limit
  
  Prevent loss of async hooks context
  
  Prevent hanging when request already read
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
- deps: [email protected]
  
  Add priority option
  
  Fix expires option to reject invalid dates
- deps: [email protected]
  
  Replace internal eval usage with Function constructor
  
  Use instance methods on process to check for listeners
- deps: [email protected]
  
  Remove set content headers that break response
  
  deps: [email protected]
  
  deps: [email protected]
- deps: [email protected]
  
  Prevent loss of async hooks context
- deps: [email protected]
- deps: [email protected]
  
  Fix emitted 416 error missing headers property
  
  Limit the headers removed for 304 response
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
... (truncated)
Changelog

Sourced from express's changelog.
4.18.2 / 2022-10-08
- Fix regression routing a large stack in a single route
- deps: [email protected]
  
  deps: [email protected]
  
  perf: remove unnecessary object clone
- deps: [email protected]
4.18.1 / 2022-04-29
- Fix hanging on large stack of sync routes
4.18.0 / 2022-04-25
- Add "root" option to res.download
- Allow options without filename in res.download
- Deprecate string and non-integer arguments to res.status
- Fix behavior of null/undefined as maxAge in res.cookie
- Fix handling very large stacks of sync middleware
- Ignore Object.prototype values in settings through app.set/app.get
- Invoke default with same arguments as types in res.format
- Support proper 205 responses using res.send
- Use http-errors for res.format error
- deps: [email protected]
  
  Fix error message for json parse whitespace in strict
  
  Fix internal error when inflated body exceeds limit
  
  Prevent loss of async hooks context
  
  Prevent hanging when request already read
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
  
  deps: [email protected]
- deps: [email protected]
  
  Add priority option
  
  Fix expires option to reject invalid dates
- deps: [email protected]
  
  Replace internal eval usage with Function constructor
  
  Use instance methods on process to check for listeners
- deps: [email protected]
  
  Remove set content headers that break response
  
  deps: [email protected]
  
  deps: [email protected]
- deps: [email protected]
  
  Prevent loss of async hooks context
- deps: [email protected]
- deps: [email protected]
... (truncated)
Commits
- 8368dc1 4.18.2
- 61f4049 docs: replace Freenode with Libera Chat
- bb7907b build: [email protected]
- f56ce73 build: [email protected]
- 24b3dc5 deps: [email protected]
- 689d175 deps: [email protected]
- 340be0f build: [email protected]
- 33e8dc3 docs: use Node.js name style
- 644f646 build: [email protected]
- ecd7572 build: [email protected]
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
14

Bump qs from 6.5.2 to 6.5.3
Bumps qs from 6.5.2 to 6.5.3.
Changelog

Sourced from qs's changelog.
6.5.3
- [Fix] parse: ignore __proto__ keys (#428)
- [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
- [Fix] correctly parse nested arrays
- [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
- [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
- [Fix] when parseArrays is false, properly handle keys ending in []
- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
- [Fix] utils.merge: avoid a crash with a null target and an array source
- [Refactor] utils: reduce observable [[Get]]s
- [Refactor] use cached Array.isArray
- [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
- [Refactor] parse: only need to reassign the var once
- [Robustness] stringify: avoid relying on a global undefined (#427)
- [readme] remove travis badge; add github actions/codecov badges; update URLs
- [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
- [Docs] Clarify the need for "arrayLimit" option
- [meta] fix README.md (#399)
- [meta] add FUNDING.yml
- [actions] backport actions from main
- [Tests] always use String(x) over x.toString()
- [Tests] remove nonexistent tape option
- [Dev Deps] backport from main
Commits
- 298bfa5 v6.5.3
- ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
- 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
- 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
- 12ac1c4 [meta] fix README.md (#399)
- 0338716 [actions] backport actions from main
- 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
- 51b8a0b add FUNDING.yml
- 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
- f814a7f [Dev Deps] backport from main
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
15

Bump decode-uri-component from 0.2.0 to 0.2.2
Bumps decode-uri-component from 0.2.0 to 0.2.2.
Release notes

Sourced from decode-uri-component's releases.
v0.2.2
- Prevent overwriting previously decoded tokens 980e0bf
https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1
- Switch to GitHub workflows 76abc93
- Fix issue where decode throws - fixes #6 746ca5d
- Update license (#1) 486d7e2
- Tidelift tasks a650457
- Meta tweaks 66e1c28
https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1
Commits
- a0eea46 0.2.2
- 980e0bf Prevent overwriting previously decoded tokens
- 3c8a373 0.2.1
- 76abc93 Switch to GitHub workflows
- 746ca5d Fix issue where decode throws - fixes #6
- 486d7e2 Update license (#1)
- a650457 Tidelift tasks
- 66e1c28 Meta tweaks
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
16

Bump loader-utils from 1.2.3 to 1.4.2
Bumps loader-utils from 1.2.3 to 1.4.2.
Release notes

Sourced from loader-utils's releases.
v1.4.2

1.4.2 (2022-11-11)

Bug Fixes
- ReDoS problem (#226) (17cbf8f)
v1.4.1

1.4.1 (2022-11-07)

Bug Fixes
- security problem (#220) (4504e34)
v1.4.0

1.4.0 (2020-02-19)

Features
- the resourceQuery is passed to the interpolateName method (#163) (cd0e428)
v1.3.0

1.3.0 (2020-02-19)

Features
- support the [query] template for the interpolatedName method (#162) (469eeba)
Changelog

Sourced from loader-utils's changelog.
1.4.2 (2022-11-11)

Bug Fixes
- ReDoS problem (#226) (17cbf8f)
1.4.1 (2022-11-07)

Bug Fixes
- security problem (#220) (4504e34)
1.4.0 (2020-02-19)

Features
- the resourceQuery is passed to the interpolateName method (#163) (cd0e428)
1.3.0 (2020-02-19)

Features
- support the [query] template for the interpolatedName method (#162) (469eeba)
Commits
- 331ad50 chore(release): 1.4.2
- 17cbf8f fix: ReDoS problem (#226)
- 8f082b3 chore(release): 1.4.1
- 4504e34 fix: security problem (#220)
- d95b8b5 chore(release): 1.4.0
- cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
- 06d36cf chore(release): 1.3.0
- 469eeba feat: support the [query] template for the interpolatedName method (#162)
- 909c99d chore: funding.yml config and CI fix (#159)
- b5b74f0 Set up CI with Azure Pipelines
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
17

Bump terser from 4.4.3 to 4.8.1
Bumps terser from 4.4.3 to 4.8.1.
Changelog

Sourced from terser's changelog.
v4.8.1 (backport)
- Security fix for RegExps that should not be evaluated (regexp DDOS)
v4.8.0
- Support for numeric separators (million = 1_000_000) was added.
- Assigning properties to a class is now assumed to be pure.
- Fixed bug where yield wasn't considered a valid property key in generators.
v4.7.0
- A bug was fixed where an arrow function would have the wrong size
- arguments object is now considered safe to retrieve properties from (useful for length, or 0) even when pure_getters is not set.
- Fixed erroneous const declarations without value (which is invalid) in some corner cases when using collapse_vars.
v4.6.13
- Fixed issue where ES5 object properties were being turned into ES6 object properties due to more lax unicode rules.
- Fixed parsing of BigInt with lowercase e in them.
v4.6.12
- Fixed subtree comparison code, making it see that [1,[2, 3]] is different from [1, 2, [3]]
- Printing of unicode identifiers has been improved
v4.6.11
- Read unused classes' properties and method keys, to figure out if they use other variables.
- Prevent inlining into block scopes when there are name collisions
- Functions are no longer inlined into parameter defaults, because they live in their own special scope.
- When inlining identity functions, take into account the fact they may be used to drop this in function calls.
- Nullish coalescing operator (x ?? y), plus basic optimization for it.
- Template literals in binary expressions such as + have been further optimized
v4.6.10
- Do not use reduce_vars when classes are present
v4.6.9
- Check if block scopes actually exist in blocks
v4.6.8
- Take into account "executed bits" of classes like static properties or computed keys, when checking if a class evaluation might throw or have side effects.
v4.6.7
- Some new performance gains through a AST_Node.size() method which measures a node's source code length without printing it to a string first.
... (truncated)
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.