Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency esm to v3.1.0 [security] #226

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency esm to v3.1.0 [security] #226

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 20, 2019
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
esm 3.0.62 -> 3.1.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-qx4v-6gc5-f2vv

A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

Release Notes

standard-things/esm

v3.1.0

Compare Source

  • Added support for export-ns-from syntax
  • Added support for options.wasm
  • Avoided “__global__ has already been declared” errors (#​671)
  • Ensured esm passes all applicable test262 compliance tests
  • Ensured esm works with globally installed tink (#​702)
  • Ensured esm works with lit-node (#​679)
  • Ensured esm works with Node --use-strict and avoids CSP errors in Electron (#​607)
  • Ensured the module.id of esm is string before using it (#​681)
  • Ensured preloaded modules are reloaded when using Node -p or -e flags
  • Fixed detection of shadowed identifiers (#​622)
  • Fixed dynamic import support in Electron (#​692)
  • Fixed fs.realpathSync.native detection (#​646)
  • Fixed options.mainFields support (#​693)
  • Fixed Puppeteer support (#​654)
  • Fixed re-export test case (#​629)
  • Fixed regexp DoS issue (#​694)
  • Raised minimum Node support for options.await to Node 10+
  • Reduced instrumentation of console and Reflect (#​675)

v3.0.84

Compare Source

  • Ensured esm paths aren’t reloaded when preloading modules
  • Fixed regression translating empty export-from lists

v3.0.83

Compare Source

  • Added support for the ESM_DISABLE_CACHE environment variable (#​595)
  • Ensured any CLI modules preloaded before esm are reloaded
  • Ensured esm doesn’t trigger unsafe-eval CSP errors (#​601)
  • Ensured .js files are found before .mjs files with options.cjs.paths
  • Fixed regression introduced by standard-things/esm@6ce0385

v3.0.82

Compare Source

  • Ensured inspector doesn’t throw initialization errors in workers (#​591)
  • Ensured read-only CJS exports don’t throw proxy trap errors (#​589)
  • Fixed regression resolving real paths (#​588)
  • Made esm cache more portable (#​586)

v3.0.81

Compare Source

  • Ensured shebang is stripped for side effect only ES modules (#​583)
  • Ensured yield insertions are not stored in cache files (#​585)

v3.0.80

Compare Source

Avoided cache conflicts with nyc (#​579)
Ensured Object is instanceof itself in Jest (#​577)
Ensured re-exporting hoisted function declarations is supported (#​578)

v3.0.79

Compare Source

  • Fixed console logs in Electron

v3.0.78

Compare Source

  • Ensured instanceof works for builtin constructors in Jest (#​570)
  • Ensured options.cache works as bridge options (#​566)
  • Ensured options.mainFields works for package dependencies (#​567)
  • Ensured support for ts-node/register (#​568)
  • Removed problematic "SIGINT" and "SIGTERM" event handlers (#​569)

v3.0.77

Compare Source

  • Ensured Error.prepareStackTrace() works in Jest

v3.0.76

Compare Source

  • Ensured Module._extensions is initialized without esm wrapper symbols (#​563)

v3.0.75

Compare Source

  • Avoided wrapping inspected values when not needed (#​555)
  • Deferred more errors to the runtime instead of handling them with acorn (#​546)
  • Ensured a syntax error is thrown for duplicate import specifiers (#​562)
  • Ensured a syntax error is thrown for invalid escaped reserved words (#​561)
  • Ensure function declarations are lexically scoped in ESM (#​547)
  • Ensured module.paths is set through the ESM loader (#​548)
  • Ensured parse errors are converted to regular errors (#​560)
  • Ensured real paths of directories are resolved in Module._findPath() (#​551)
  • Ensured specific named exports are not resolved before throwing in cycles (#​544)
  • Ensured the process is exited for SIGINT and SIGTERM (#​552)

v3.0.74

Compare Source

  • Fixed feature test regression in minified build (#​541)

v3.0.73

Compare Source

  • Ensured builtin module references are shared between loader instances (#​524)
  • Ensured cache creation on SIGINT and SIGTERM (#​530)
  • Ensured console can be used in shorthand property names (#​526)
  • Ensured muon is supported
  • Ensured namespace objects have only enumerable module.exports properties (#​516)
  • Ensured query/fragments are accounted for in main filenames (#​531)
  • Ensured support for node-chakracore 10.6.0
  • Ensured top-level async iterators work with options.await (#​534)
  • Fixed regression resolving paths of hard links (#​514)
  • Made options.sourceMap enabled for ndb
  • Made options.sourceMap enabled for NODE_ENV="development"

v3.0.72

Compare Source

  • Ensured request query/fragments can contain encoded slashes (#​512)
  • Ensured stream can be subclassed (#​510)
  • Fixed Electron developer tools disconnect on global access (#​507)
  • Fixed module load regression (#​504)
  • Improved metadata handling
  • Improved runtime performance

v3.0.71

Compare Source

  • Added support for applying options to all module loads with options.force (#​501)

v3.0.70

Compare Source

  • Enabled package resolution in RunKit

v3.0.69

Compare Source

  • Continued to reduced use of cache read fast path

v3.0.68

Compare Source

  • Reduced use of less stable cache read fast path

v3.0.67

Compare Source

  • Added more guards to pseudo private methods use

v3.0.66

Compare Source

  • Fixed regression resolving builtin modules in Node < 6.13.0 (#​499)

v3.0.65

Compare Source

  • Improved console, eval, and TDZ transforms

v3.0.64

Compare Source

  • Ensured console logs piped to developer tools unwrap internal proxies

v3.0.63

Compare Source

  • Ensured AST visitors are reset for each compiler run (#​493)
  • Ensured console.Console can be subclassed in Jest (#​491)
  • Ensured esm is initialized with an empty module cache in Jest (#​492)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate
Copy link
Contributor Author

renovate bot commented Mar 24, 2023
edited

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@renovate-bot