fix(deps): update dependency esm to v3.1.0 [security] #226
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.0.62
->3.1.0
GitHub Vulnerability Alerts
GHSA-qx4v-6gc5-f2vv
A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.
Release Notes
standard-things/esm
v3.1.0
Compare Source
options.wasm
__global__
has already been declared” errors (#671)esm
passes all applicable test262 compliance testsesm
works with globally installedtink
(#702)esm
works withlit-node
(#679)esm
works with Node--use-strict
and avoids CSP errors in Electron (#607)module.id
ofesm
is string before using it (#681)-p
or-e
flagsimport
support in Electron (#692)fs.realpathSync.native
detection (#646)options.mainFields
support (#693)options.await
to Node 10+console
andReflect
(#675)v3.0.84
Compare Source
esm
paths aren’t reloaded when preloading modulesv3.0.83
Compare Source
ESM_DISABLE_CACHE
environment variable (#595)esm
are reloadedesm
doesn’t trigger unsafe-eval CSP errors (#601).js
files are found before.mjs
files withoptions.cjs.paths
v3.0.82
Compare Source
inspector
doesn’t throw initialization errors in workers (#591)esm
cache more portable (#586)v3.0.81
Compare Source
yield
insertions are not stored in cache files (#585)v3.0.80
Compare Source
Avoided cache conflicts with
nyc
(#579)Ensured
Object
isinstanceof
itself in Jest (#577)Ensured re-exporting hoisted function declarations is supported (#578)
v3.0.79
Compare Source
console
logs in Electronv3.0.78
Compare Source
instanceof
works for builtin constructors in Jest (#570)options.cache
works as bridge options (#566)options.mainFields
works for package dependencies (#567)ts-node/register
(#568)v3.0.77
Compare Source
Error.prepareStackTrace()
works in Jestv3.0.76
Compare Source
Module._extensions
is initialized withoutesm
wrapper symbols (#563)v3.0.75
Compare Source
acorn
(#546)module.paths
is set through the ESM loader (#548)Module._findPath()
(#551)SIGINT
andSIGTERM
(#552)v3.0.74
Compare Source
v3.0.73
Compare Source
SIGINT
andSIGTERM
(#530)console
can be used in shorthand property names (#526)muon
is supportedmodule.exports
properties (#516)node-chakracore
10.6.0options.await
(#534)options.sourceMap
enabled forndb
options.sourceMap
enabled forNODE_ENV="development"
v3.0.72
Compare Source
stream
can be subclassed (#510)global
access (#507)v3.0.71
Compare Source
options.force
(#501)v3.0.70
Compare Source
v3.0.69
Compare Source
v3.0.68
Compare Source
v3.0.67
Compare Source
v3.0.66
Compare Source
v3.0.65
Compare Source
console
,eval
, and TDZ transformsv3.0.64
Compare Source
console
logs piped to developer tools unwrap internal proxiesv3.0.63
Compare Source
console.Console
can be subclassed in Jest (#491)esm
is initialized with an empty module cache in Jest (#492)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.