Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

• dependencies option in to require the presence of keywords in the same schema.

... (truncated)

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

• See full diff in compare view

Sourced from color-string's releases.

1.9.0

Minor Release 1.9.0

• Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @​babycannotsay for their contribution!

1.8.2

Patch release 1.8.2

• Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @​gerdasi and @​mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1

• Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @​clytras for their contribution!

1.8.0

Minor release 1.8.0

• Add anchors to keyword regex (#64)

Thanks to @​cq360767996 for their contribution!

1.7.4

Patch Release 1.7.4

• Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)

1.7.3

Patch Release 1.7.3

• Fix hue modulo operation (#50)

Thanks to @​adroitwhiz for their contributions.

1.7.2

Patch Release 1.7.2

• Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)

Thanks to @​tolmasky for their contributions.

1.7.1

Patch release 1.7.1

... (truncated)

• d9b04bb 1.9.1
• 937b690 fix to.keyword returning Object.prototype values (#67)
• 4daceef 1.9.0
• 94a429e add parsing of exponential alpha values for HWB and HSL
• fc2f880 1.8.2
• 32f3e00 fix incorrect handling of optional comma in rgb() regex (fixes #65)
• 0766ca7 1.8.1
• 0710543 Fix rgb alpha percentage parsing from int to float
• ab299a7 1.8.0
• bea8702 add anchors to keyword regex
• Additional commits viewable in compare view

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

This version was pushed to npm by tootallnate, a new releaser for debug since your current version.

Sourced from docusaurus's releases.

v1.14.7

[1.14.7] - 2021-03-09

🏠 Internal

• docusaurus-1.x

  • #4270 chore: upgrade react-dev-utils (@​yangshun)

Committers: 1

• Yangshun Tay (@​yangshun)

v1.14.6

[1.14.6] - 2020-08-05

🐛 Bug Fix

• docusaurus-1.x

  • #3213 fix(v1): fresh install failing due to <> syntax (@​slorber)

📝 Documentation

• #3186 docs(v1): formatting changelog (@​slorber)

Committers: 1

• Sébastien Lorber (@​slorber)

v1.14.5

[1.14.5] - 2020-08-01

🚀 New Feature

• docusaurus-1.x
  • #2955 feat(v1): add deletedDocs config to fix unwanted versioning fallback (@​aldeed)
  • #3124 feat(v1): add 'slugPreprocessor' config option to allow users customize the hash links (@​Simek)

📝 Documentation

• docusaurus-1.x
  • #2955 feat(v1): add deletedDocs config to fix unwanted versioning fallback (@​aldeed)
• #3011 docs(v1): external links (@​slorber)
  • #2388 docs(v1): showcase user Day.js (@​iamkun)
• #2307 docs(v1): fix Windows instructions for GitHub Pages publishing (@​jartuso)

Committers: 6

• @​aldeed

... (truncated)

Sourced from docusaurus's changelog.

[1.14.7] - 2021-03-09

🏠 Internal

• docusaurus-1.x

  • #4270 chore: upgrade react-dev-utils (@​yangshun)

Committers: 1

• Yangshun Tay (@​yangshun)

[1.14.6] - 2020-08-05

🐛 Bug Fix

• docusaurus-1.x

  • #3213 fix(v1): fresh install failing due to <> syntax (@​slorber)

📝 Documentation

• #3186 docs(v1): formatting changelog (@​slorber)

Committers: 1

• Sébastien Lorber (@​slorber)

[1.14.5] - 2020-08-01

🚀 New Feature

• docusaurus-1.x
  • #2955 feat(v1): add deletedDocs config to fix unwanted versioning fallback (@​aldeed)
  • #3124 feat(v1): add 'slugPreprocessor' config option to allow users customize the hash links (@​Simek)

📝 Documentation

• docusaurus-1.x
  • #2955 feat(v1): add deletedDocs config to fix unwanted versioning fallback (@​aldeed)
  • #3011 docs(v1): external links (@​slorber)
  • #2388 docs(v1): showcase user Day.js (@​iamkun)
  • #2307 docs(v1): fix Windows instructions for GitHub Pages publishing (@​jartuso)

Committers: 6

• @​aldeed
• @​Simek
• @​slorber
• @​iamkun

... (truncated)

• 9c882ba v1.14.7
• 45e6648 1.14.7
• 2d4db63 revert version + update changelog
• 1b3da6a upgrade v1 versions
• 9f5f393 chore(v2): upgrade react-dev-utils (#4270)
• f13448d chore(v2): upgrade dependencies + require Node 12 (#4223)
• 175d9c3 feat(v2): support/use React v17 by default (#4218)
• 3fc29f4 chore(v2): prepare v2.0.0.alpha-70 release (#3933)
• f37987f chore(v2): fix ignore paths and Prettier commands in themes (#3865)
• 3166fab feat(v2): core v2 i18n support + Docusaurus site Crowdin integration (#3325)
• Additional commits viewable in compare view

This version was pushed to npm by slorber, a new releaser for docusaurus since your current version.

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: path-to-regexp@0.1.8 by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• path-to-regexp@0.1.10 by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1

... (truncated)

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (#5902)
• 2a980ad merge-descriptors@1.0.3 (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: path-to-regexp@0.1.8 (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• See full diff in compare view

Sourced from highlight.js's releases.

11.10.0 - Welcome to the 2024 Mega-smorgisbord update.

Sorry for the wait, this one is a doozie, thanks to all the contributors who made it possible!

---

CAVEATS / POTENTIALLY BREAKING CHANGES

[!IMPORTANT] This version drops support for Node 16.x, which is no longer supported by Node.js.

---

Core Grammars:

• enh(typescript) add support for satisfies operator [Kisaragi Hiu][]
• enc(c) added more C23 keywords [Melkor-1][]
• enh(json) added jsonc as an alias [BackupMiles][]
• enh(gml) updated to latest language version (GML v2024.2) [gnysek][]
• enh(c) added more C23 keywords and preprcoessor directives [Eisenwave][]
• enh(js/ts) support namespaced tagged template strings [Aral Balkan][]
• enh(perl) fix false-positive variable match at end of string [Josh Goebel][]
• fix(cpp) not all kinds of number literals are highlighted correctly [Lê Duy Quang][]
• fix(css) fix overly greedy pseudo class matching [Bradley Mackey][]
• enh(arcade) updated to ArcGIS Arcade version 1.24 [Kristian Ekenes][]
• fix(typescript): params types [Mohamed Ali][]
• fix(rust) fix escaped double quotes in string [Mohamed Ali][]
• fix(rust) fix for r# raw identifier not being highlighted correctly. [JaeBaek Lee][]
• enh(rust) Adding union to be recognized as a keyword in Rust. [JaeBaek Lee][]
• fix(yaml) fix for yaml with keys having brackets highlighted incorrectly [Aneesh Kulkarni][]
• fix(csharp) add raw string highlighting for C# 11. [Tara][]
• fix(bash) fix # within token being detected as the start of a comment [Felix Uhl][]
• fix(python) fix or conflicts with string highlighting [Mohamed Ali][]
• enh(python) adds a scope to the self variable [Lee Falin][]
• enh(delphi) allow digits to be omitted for hex and binary literals [Jonah Jeleniewski][]
• enh(delphi) add support for digit separators [Jonah Jeleniewski][]
• enh(delphi) add support for character strings with non-decimal numerics [Jonah Jeleniewski][]
• fix(javascript) incorrect function name highlighting [CY Fung][]
• fix(1c) fix escaped symbols "+-;():=,[]" literals [Vitaly Barilko][]
• fix(swift) correctly highlight generics and conformances in type definitions [Bradley Mackey][]
• enh(swift) add package keyword [Bradley Mackey][]
• fix(swift) ensure keyword attributes highlight correctly [Bradley Mackey][]
• fix(types) fix interface LanguageDetail > keywords [Patrick Chiu]
• enh(java) add goto to be recognized as a keyword in Java [Alvin Joy][]
• enh(bash) add keyword sudo [Alvin Joy][]
• fix(haxe) captures new keyword without capturing it within variables/class names [Cameron Taylor][]
• fix(go) fix go number literals to accept _ separators, add hex p exponents [Lisa Ugray][]
• enh(markdown) add entity support [David Schach][] [TaraLei][]
• enh(css) add justify-items and justify-self attributes [Vasily Polovnyov][]
• enh(css) add accent-color, appearance, color-scheme, rotate, scale and translate attributes [Carl Räfting][]
• fix(fortran) fixes parsing of keywords delimited by dots [Julien Bloino][]

... (truncated)

Sourced from highlight.js's changelog.

Release v9.18.5

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• enh: Post-install script can be disabled with HLJS_HIDE_UPGRADE_WARNING=yes
• fix: Deprecation notice logged at library startup a console.log vs console.warn.
  • Notice only shown if actually highlighting code, not just requiring the library.
  • Node.js treats warn the same as error and that was problematic.
  • You (or perhaps your indirect dependency) may disable the notice with the hideUpgradeWarningAcceptNoSupportOrSecurityUpdates option
  • You can also set HLJS_HIDE_UPGRADE_WARNING=yes in your envionment to disable the warning

Example:

hljs.configure({
  hideUpgradeWarningAcceptNoSupportOrSecurityUpdates: true
})

Reference: highlightjs/highlight.js#2877

Release v9.18.4

Version 9 has reached end-of-support and will not receive future updates or fixes.

Please see VERSION_10_UPGRADE.md and perhaps SECURITY.md.

• fix(livescript) fix potential catastrophic backtracking (#2852) [commit]

Version 9.18.3

• fix(parser) Freezing issue with illegal 0 width illegals (#2524)
  • backported from v10.x

Version 9.18.2

Fixes:

• fix(night) Prevent object prototype values from being returned by getLanguage (#2636) night

... (truncated)

• f54e96c 9.18.5
• c34318b fix the link since i saw it
• d2e9bdd include date of last release
• f5e0645 typos and tweaks
• 2e0e8ee changelog
• dc45f7c fix(livescript) fix potential catastrophic backtracking
• 0a2624a update readme
• d571b23 add warning
• ec0bfd5 9.18.4
• 2a04835 bump v9.18.3
• Additional commits viewable in compare view

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

• New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
• Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
• Fix: Spelling mistakes have been fixed. (#196)

v2.1.0

• New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

v2.0.1

• Fix: The browser builds in the dist directory support ES5. (#182)

v2.0.0

• Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

• New: Support for Unicode 10 has been added.

• New: The test framework has been migrated from Mocha to Tap.

• New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

• Fix: The warning has been made clearer when line and paragraph separators are

... (truncated)

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, [diff][d2.1.1]]

... (truncated)

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

• 97e9edc Bump to v4.17.5.
• ce32a89 Rebuild lodash and docs.
• 5e58cd2 Fix style nits.
• 5adb4ee Make _.defaults avoid accessing property values it doesn't need to. [closes #...
• a73b92b Avoid using the values toString method in _.invert if it’s not a function. [c...
• a1b5305 Add 4.17.5 branch to travis.
• dac890a Enable _.words to detect ordinals in compound words. [closes #3561]
• 7167a78 Replacing a regex in stringToPath with a quick character code check. (#3308)
• f831977 Avoid shadowing result in remainingWait. (#3280)
• 20c5307 stringToPath: avoid shadowing variable. (#3226)
• Additional commits viewable in compare view