[pull] master from parallax:master #90
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* chore: update dompurify version fixes the high vulnerability GHSA-mmhx-hmjr-r674 * upgrade node versions in GitHub workflows * upgrade @types/node, typescript and karma-typescript to fix test-typings job * fix typings for older TS versions, remove node 10 configuration * set correct @types/node version for typescript 4.0 --------- Co-authored-by: Lukas Hollaender <lukas.hollaender@yworks.com>
Snyk has created this PR to upgrade fflate from 0.4.8 to 0.8.1. See this package in npm: https://www.npmjs.com/package/fflate See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Lukas Hollaender <lukas.hollaender@yworks.com>
Snyk has created this PR to upgrade core-js from 3.6.5 to 3.33.0. See this package in npm: https://www.npmjs.com/package/core-js See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Lukas Hollaender <lukas.hollaender@yworks.com>
* fix: upgrade @babel/runtime from 7.14.6 to 7.23.2 Snyk has created this PR to upgrade @babel/runtime from 7.14.6 to 7.23.2. See this package in npm: https://www.npmjs.com/package/@babel/runtime See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr * fix package-lock.json --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Lukas Hollaender <lukas.hollaender@yworks.com>
2.5.2
Snyk has created this PR to upgrade @babel/runtime from 7.23.2 to 7.25.6. See this package in npm: @babel/runtime See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Snyk has created this PR to upgrade @babel/runtime from 7.25.6 to 7.26.0. See this package in npm: @babel/runtime See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Bumps [rollup](https://github.com/rollup/rollup) from 2.21.0 to 2.79.2. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.21.0...v2.79.2) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ify` v3 (#3827) * fix(sec): remove MSIE support to allow upgrading to vuln-free `dompurify` v3 Signed-off-by: hainenber <dotronghai96@gmail.com> * feat: remove all IE11 verifiers in `src` and `examples` Signed-off-by: hainenber <dotronghai96@gmail.com> * chore(ci): remove IE11 as browser testing target Signed-off-by: hainenber <dotronghai96@gmail.com> * chore: remove obsolete isOldIE verifiers Signed-off-by: hainenber <dotronghai96@gmail.com> * chore(ci): remove IE as browser testing target in Karma's common config Signed-off-by: hainenber <dotronghai96@gmail.com> --------- Signed-off-by: hainenber <dotronghai96@gmail.com> Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>
- fix a ReDoS vulnerability
Snyk has created this PR to upgrade @babel/runtime from 7.26.0 to 7.26.7. See this package in npm: @babel/runtime See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>
Snyk has created this PR to upgrade @babel/runtime from 7.26.7 to 7.26.9. See this package in npm: @babel/runtime See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
- remove atob and btoa dependencies and use native implementations for node build, as well - replace built-in PNG parser with the fast-png 3rd party dependency - consistently support 16bit color spaces - fix compression being applied with compression="NONE" in some cases
Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>
- fix compression of other than 8-bit images - fix soft mask for other than 8-bit images - fix potential byte order issue for 16-bit images - fix writing an empty mask (error) for indexed images without transparency
Snyk has created this PR to upgrade @babel/runtime from 7.28.3 to 7.28.4. See this package in npm: @babel/runtime See this project in Snyk: https://app.snyk.io/org/mrrio/project/50515eb1-b03b-4f42-9f17-cce1a33d5d1a?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>
Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )