chore(deps): bump the npm_and_yarn group across 3 directories with 22 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
esbuild	0.19.9	0.25.0
mysql2	2.1.0	3.9.8
express	4.16.4	4.20.0
yargs-parser	13.1.2	15.0.1
plotly.js	1.48.3	2.25.2
d3-color	1.2.8	1.4.1
ejs	3.1.9	3.1.10
es5-ext	0.10.50	0.10.64
mixin-deep	1.3.1	1.3.2
moment	2.26.0	2.30.1
serialize-javascript	6.0.1	6.0.2
store2	2.14.2	2.14.4
underscore	1.9.1	1.13.7
webpack-dev-middleware	6.1.1	6.1.3
webpack	5.89.0	5.99.9

Bumps the npm_and_yarn group with 1 update in the /docs/recipes/docker-server directory: mysql2.
Bumps the npm_and_yarn group with 3 updates in the /packages/server directory: express, body-parser and plotly.js.

Updates esbuild from 0.19.9 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates mysql2 from 2.1.0 to 3.9.8

Release notes

Sourced from mysql2's releases.

v3.9.8

3.9.8 (2024-05-26)

Bug Fixes

• security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

v3.9.7

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)

v3.9.6

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

v3.9.5

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

v3.9.4

3.9.4 (2024-04-09)

Bug Fixes

• SSL: separate each certificate into an individual item #2542 (63f1055)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
  • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• security: improve results object creation (#2574) (4a964a3)
  • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• docs: improve the contribution guidelines (#2552) (8a818ce)

v3.9.3

3.9.3 (2024-03-26)

... (truncated)

Changelog

Sourced from mysql2's changelog.

3.9.8 (2024-05-26)

Bug Fixes

• security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)

3.9.7 (2024-04-21)

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection (#2608) (7d4b098)

3.9.6 (2024-04-18)

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)

3.9.5 (2024-04-17)

Bug Fixes

• revert breaking change in results creation (#2591) (f7c60d0)

3.9.4 (2024-04-09)

Bug Fixes

• docs: improve the contribution guidelines (#2552) (8a818ce)
• security: improve results object creation (#2574) (4a964a3)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)

3.9.3 (2024-03-26)

Bug Fixes

• security: improve cache key formation (#2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#2131) (d9dccfd)

3.9.2 (2024-02-26)

... (truncated)

Commits

• f637d3f chore(master): release 3.9.8 (#2700)
• efe3db5 fix(security): sanitize fields and tables when using nestTables (#2702)
• 2e03694 fix: support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2...
• 8b5f691 fix(typings): typo from jonServerPublicKey to onServerPublicKey (#2699)
• 5c75802 build(deps-dev): bump tsx from 4.10.5 to 4.11.0 in /website (#2695)
• 179769f build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#2696)
• 56289e2 build(deps-dev): bump poku from 1.12.1 to 1.13.0 (#2698)
• b029308 build(deps-dev): bump poku from 1.12.1 to 1.13.0 in /website (#2697)
• 539acb8 build(deps): bump lucide-react from 0.378.0 to 0.379.0 in /website (#2693)
• dc80580 build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 i...
• Additional commits viewable in compare view

Updates express from 4.16.4 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• [email protected] by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]

... (truncated)

Commits

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 [email protected] (#5902)
• 2a980ad [email protected] (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: [email protected] (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates yargs-parser from 13.1.2 to 15.0.1

Commits

• See full diff in compare view

Updates body-parser from 1.18.3 to 1.20.3

Release notes

Sourced from body-parser's releases.

v2.2.0

What's Changed

• test: remove --bail from test script by @​Phillip9587 in expressjs/body-parser#583
• ci: separate lint step by @​Phillip9587 in expressjs/body-parser#582
• fix: remove skip of test by @​bjohansebas in expressjs/body-parser#589
• ci: use lcovonly reporter for the test-ci script by @​Phillip9587 in expressjs/body-parser#584
• docs: remove security file by @​bjohansebas in expressjs/body-parser#590
• fix(docs): replace var with let or const in ReadMe by @​Binilkks in expressjs/body-parser#581
• chore: update test dependencies by @​Phillip9587 in expressjs/body-parser#585
• dep: upgrade iconv-lite to ^0.6.3 by @​aqeelat in expressjs/body-parser#588
• Refactor parameterCount to optimize performance by @​wojtekmaj in expressjs/body-parser#591
• refactor: normalize common options for all parsers by @​Phillip9587 in expressjs/body-parser#551
• refactor: cleanup parser options by @​Phillip9587 in expressjs/body-parser#596
• Release 2.2.0 by @​UlisesGascon in expressjs/body-parser#597

New Contributors

• @​Binilkks made their first contribution in expressjs/body-parser#581
• @​aqeelat made their first contribution in expressjs/body-parser#588
• @​wojtekmaj made their first contribution in expressjs/body-parser#591

Full Changelog: expressjs/body-parser@v2.1.0...v2.2.0

v2.1.0

What's Changed

• fix: update package.json engines field to reflect minimum supported node version by @​Phillip9587 in expressjs/body-parser#541
• fix: remove brotli support check by @​Phillip9587 in expressjs/body-parser#542
• fix: remove unpipe package and use native unpipe method by @​Phillip9587 in expressjs/body-parser#543
• Remove unused devDependency methods by @​Phillip9587 in expressjs/body-parser#548
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/body-parser#546
• Remove devDependency safe-buffer by @​Phillip9587 in expressjs/body-parser#547
• test: remove AsyncLocalStorage check by @​Phillip9587 in expressjs/body-parser#549
• perf: use the node require cache instead of custom caching by @​Phillip9587 in expressjs/body-parser#562
• ci: disable fail-fast in CI workflow by @​Phillip9587 in expressjs/body-parser#565
• chore(deps): update type-is to v2.0.0 by @​Phillip9587 in expressjs/body-parser#571
• refactor: prefix built-in node module imports by @​Phillip9587 in expressjs/body-parser#573
• fix: remove obsolete dependency destroy by @​Phillip9587 in expressjs/body-parser#570
• cleanup: remove obsolete test env file by @​Phillip9587 in expressjs/body-parser#569
• Refactor decompression stream creation to remove code duplication by @​Phillip9587 in expressjs/body-parser#564
• Add caret for body-parser dependencies by @​wesleytodd in expressjs/body-parser#577
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/body-parser#559
• chore(deps): update debug to ^4.4.0 by @​Phillip9587 in expressjs/body-parser#579
• Release v2.1.0 by @​wesleytodd in expressjs/body-parser#578

Full Changelog: expressjs/body-parser@2.0.1...v2.1.0

2.0.2

What's Changed

• fix: update package.json engines field to reflect minimum supported node version by @​Phillip9587 in expressjs/body-parser#541
• fix: remove brotli support check by @​Phillip9587 in expressjs/body-parser#542

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.2.0 / 2025-03-27

• refactor: normalize common options for all parsers
• deps:
  • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

• deps:
  • type-is@^2.0.0
  • debug@^4.4.0
  • Removed destroy
• refactor: prefix built-in node module imports
• use the node require cache instead of custom caching

2.0.2 / 2024-10-31

• remove unpipe package and use native unpipe() method

2.0.1 / 2024-09-10

• Restore expected behavior extended to false

2.0.0 / 2024-09-10

• Propagate changes from 1.20.3
• add brotli support #406
• Breaking Change: Node.js 18 is the minimum supported version

2.0.0-beta.2 / 2023-02-23

This incorporates all changes after 1.19.1 up to 1.20.2.

• Remove deprecated bodyParser() combination middleware
• deps: [email protected]
  • Add DEBUG_HIDE_DATE environment variable
  • Change timer to per-namespace instead of global
  • Change non-TTY date format
  • Remove DEBUG_FD environment variable support
  • Support 256 namespace colors
• deps: [email protected]
  • Add encoding cp720
  • Add encoding UTF-32
• deps: [email protected]

... (truncated)

Commits

• 0aa4e11 2.2.0 (#597)
• 4d85c4c refactor: cleanup parser options (#596)
• d11899b refactor: normalize common options for all parsers (#551)
• f27f2ce perf: refactor parameterCount to optimize performance (#591)
• ccad155 dep: upgrade [email protected] (#588)
• f75bd25 chore: update test dependencies (#585)
• 0f12509 fix(docs): replace var with let or const in ReadMe (#581)
• 5e6dd08 fix(docs): remove security file (#590)
• d127b9c ci: use lcovonly reporter for the test-ci script (#584)
• d0bf2be fix: remove skip of test (#589)
• Additional commits viewable in compare view

Updates plotly.js from 1.48.3 to 2.25.2

Release notes

Sourced from plotly.js's releases.

v2.25.2

Changed

• Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

• Fix potential prototype pollution in plot API calls [#6703, 6704]

v2.25.1

Fixed

• Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

v2.25.0

Added

• Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
• Add options to include legends for shapes and newshape [#6653]
• Add Plotly.deleteActiveShape command [#6679]

Fixed

• Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
• Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
• Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

v2.24.3

Fixed

• Fix double clicking one item in a legend hides traces in other legends [#6655]
• Fix double click pie slices when having multiple legends [#6657]
• Fix per legend group and traceorder defaults when having multiple legends [#6664]

v2.24.2

Fixed

• Fix legend groups toggle (regression introduced in 2.22.0) #6639
• Fix waterfall hovertemplate not showing delta on totals similar #6635

v2.24.1

Fixed

• Fix minimal copying of arrays in minExtend function (regression introduced in 2.24.0) #6632

v2.24.0

Added

• add pattern to pie, funnelarea, sunburst, icicle and treemap traces [#6601, #6619, #6622, #6626, #6627, #6628, #6629], with thanks to @​thierryVergult for the contribution!

Fixed

• Fix to prevent accessing undefined (hoverText.hoverLabels) in case all currently shown markers have hoverinfo: "none" (regression introduced in 2.6.0) #6614,

... (truncated)

Changelog

Sourced from plotly.js's changelog.

[2.25.2] -- 2023-08-11

Changed

• Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

• Fix potential prototype pollution in plot API calls [#6703, 6704]

[2.25.1] -- 2023-08-02

Fixed

• Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

[2.25.0] -- 2023-07-25

Added

• Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
• Add options to include legends for shapes and newshape [#6653]
• Add Plotly.deleteActiveShape command [#6679]

Fixed

• Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
• Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
• Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

[2.24.3] -- 2023-07-05

Fixed

• Fix double clicking one item in a legend hides traces in other legends [#6655]
• Fix double click pie slices when having multiple legends [#6657]
• Fix per legend group and traceorder defaults when having multiple legends [#6664]

[2.24.2] -- 2023-06-09

Fixed

• Fix legend groups toggle (regression introduced in 2.22.0) #6639
• Fix waterfall hovertemplate not showing delta on totals similar #6635

[2.24.1] -- 2023-06-07

Fixed

... (truncated)

Commits

• e824199 2.25.2
• 920a50e update readme and changelog for v2.25.2
• 27932d6 Merge pull request #6705 from plotly/reduce-flakiness
• 0249840 Merge pull request #6704 from plotly/nestedProperty-proto
• a4a69d5 reduce flakiness on CI
• a860a32 Merge pull request #6690 from Mkranj/croatian_translation
• 5cfbd6e add test
• 2bec998 guard against polluting proto in nestedProperty
• 5efd2a1 Merge pull request #6703 from plotly/expandObjectPaths-proto
• e1e3175 fix delay in test
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by archmoj, a new releaser for plotly.js since your current version.

Updates bl from 1.2.2 to 2.2.1

Release notes

Sourced from bl's releases.

v2.2.1

Fix unintialized memory access

v2.2.0

• Add indexOf docs #60
• fix empty shallowSlice return #65

v2.1.2

• use ES3 only #62

v2.1.1

• Use native indexOf whenever possible #61

v2.1.0

• Added indexOf #59

v2.0.1

• Use require('readable-stream').Duplex #56

v2.0.0

• Added support for readUIntLE and companions #55

Commits

• 8cb93f4 Bumped v2.2.1
• dacc4ac Fix unintialized memory access
• b6284a8 Bumped v2.2.0.
• 538a988 Merge pull request #60 from reconbot/reconbot/indexof-readme
• 635b6ce Merge pull request #65 from reconbot/reconbot/empty-slice
• 9b80b00 fix: empty shallowSlice return
• 055a3ff Merge pull request #63 from nwoltman/patch-1
• c768eb8 Use Buffer.from() in the documentation
• 270e5f5 Bumped v2.1.2
• 91cbaf9 Merge pull request #62 from jhaenchen/DontUseES2015Const
• Additional commits viewable in compare view

Updates cookie from 0.3.1 to 0.6.0

Release notes

Sourced from cookie's releases.

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

0.4.1

• Fix maxAge option to reject invalid values

0.4.0

• Add SameSite=None support

Changelog

Sourced from cookie's changelog.

0.6.0 / 2023-11-06

• Add partitioned option

0.5.0 / 2022-04-11

• Add priority option
• Fix expires option to reject invalid dates
• perf: improve default decode speed
• perf: remove slow string split in parse

0.4.2 / 2022-02-02

• perf: read value only when assigning in parse
• perf: remove unnecessary regexp in parse

0.4.1 / 2020-04-21

• Fix maxAge option to reject invalid values

0.4.0 / 2019-05-15

• Add SameSite=None support

Commits