{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":206620712,"defaultBranch":"main","name":"statusboard","ownerLogin":"npm","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2019-09-05T17:29:00.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/6078720?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1714784070.0","currentOid":""},"activityList":{"items":[{"before":"c4e52e60a7d7208d944450655bf99248fb43f44a","after":"1bc59351f52b08f1d7b9e9cad45f4e150ca21d64","ref":"refs/heads/dependabot/npm_and_yarn/main/proc-log-4.2.0","pushedAt":"2024-05-04T00:55:39.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"deps: bump proc-log from 3.0.0 to 4.2.0\n\nBumps [proc-log](https://github.com/npm/proc-log) from 3.0.0 to 4.2.0.\n- [Release notes](https://github.com/npm/proc-log/releases)\n- [Changelog](https://github.com/npm/proc-log/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/npm/proc-log/compare/v3.0.0...v4.2.0)\n\n---\nupdated-dependencies:\n- dependency-name: proc-log\n dependency-type: direct:production\n update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] Sourced from pacote's\r\nreleases. Sourced from pacote's\r\nchangelog. Sourced from undici's\r\nreleases. Full Changelog: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 Fixes: Full Changelog: https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3 Sourced from esbuild's\r\nreleases. Support TypeScript experimental decorators on With this release, you can now use TypeScript experimental decorators\r\non // Old output (with --loader=ts\r\n--tsconfig-raw={"compilerOptions":{"experimentalDecorators":true}})\r\nconst log = (x, y) => console.log(y);\r\nclass Foo {\r\n}\r\nnew class extends Foo {\r\nfoo = "";\r\n}(); // New output (with --loader=ts\r\n--tsconfig-raw={"compilerOptions":{"experimentalDecorators":true}})\r\nconst log = (x, y) => console.log(y);\r\nclass Foo {\r\n}\r\n__decorateClass([\r\nlog\r\n], Foo.prototype, "foo", 2);\r\nnew class extends Foo {\r\nfoo = "";\r\n}();\r\nRelease notes
\r\n\r\n
\r\nv18.0.3
\r\n18.0.3\r\n(2024-04-30)
\r\nDependencies
\r\n\r\nv18.0.2
\r\n18.0.2\r\n(2024-04-24)
\r\nBug Fixes
\r\n\r\n
\r\n116b277
\r\n#358 don't\r\nstrip underscore attributes in .manifest() (#358) (@wraithgar
)v18.0.1
\r\n18.0.1\r\n(2024-04-23)
\r\nBug Fixes
\r\n\r\n
\r\nb547e0d
\r\n#356 use\r\n@npmcli/package-json
(#356) (@lukekarrys
)v18.0.0
\r\n18.0.0\r\n(2024-04-15)
\r\n⚠️ BREAKING CHANGES
\r\n\r\n
\r\nsilent
option was used to control whether\r\n@npmcli/run-script
would write a banner via\r\nconsole.log
. Now ouput will be emitted via an\r\nprocess.emit('output')
.Features
\r\n\r\n
\r\n0c04569
\r\n#352\r\nremove silent option (@lukekarrys
)Dependencies
\r\n\r\n
\r\ncb3abc2
\r\n#352 bump\r\n@npmcli/run-script
from 7.0.4 to 8.0.0 (@dependabot
[bot])Chores
\r\n\r\n
\r\n7089bb1
\r\n#355\r\npostinstall for dependabot template-oss PR (@lukekarrys
)4952672
\r\n#355 bump\r\n@npmcli/template-oss
from 4.21.3 to 4.21.4 (@dependabot
[bot])Changelog
\r\n\r\n
\r\n18.0.3\r\n(2024-04-30)
\r\nDependencies
\r\n\r\n18.0.2\r\n(2024-04-24)
\r\nBug Fixes
\r\n\r\n
\r\n116b277
\r\n#358 don't\r\nstrip underscore attributes in .manifest() (#358) (@wraithgar
)18.0.1\r\n(2024-04-23)
\r\nBug Fixes
\r\n\r\n
\r\nb547e0d
\r\n#356 use\r\n@npmcli/package-json
(#356) (@lukekarrys
)18.0.0\r\n(2024-04-15)
\r\n⚠️ BREAKING CHANGES
\r\n\r\n
\r\nsilent
option was used to control whether\r\n@npmcli/run-script
would write a banner via\r\nconsole.log
. Now ouput will be emitted via an\r\nprocess.emit('output')
.Features
\r\n\r\n
\r\n0c04569
\r\n#352\r\nremove silent option (@lukekarrys
)Dependencies
\r\n\r\n
\r\ncb3abc2
\r\n#352 bump\r\n@npmcli/run-script
from 7.0.4 to 8.0.0 (@dependabot
[bot])Chores
\r\n\r\n
\r\n7089bb1
\r\n#355\r\npostinstall for dependabot template-oss PR (@lukekarrys
)4952672
\r\n#355 bump\r\n@npmcli/template-oss
from 4.21.3 to 4.21.4 (@dependabot
[bot])Commits
\r\n\r\n
\r\n8ae0b79
\r\nchore: release 18.0.3 (#361)5ecce7a
\r\ndeps: npm-registry-fetch@17.0.0 (#360)c4f6821
\r\nchore: release 18.0.2 (#359)116b277
\r\nfix: don't strip underscore attributes in .manifest() (#358)0cd82be
\r\nchore: release 18.0.1 (#357)b547e0d
\r\nfix: use @npmcli/package-json
(#356)066ead2
\r\nchore: release 18.0.0 (#354)7089bb1
\r\nchore: postinstall for dependabot template-oss PR4952672
\r\nchore: bump @npmcli/template-oss
from 4.21.3 to\r\n4.21.40c04569
\r\nfeat!: remove silent option
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pacote&package-manager=npm_and_yarn&previous-version=17.0.7&new-version=18.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n\r\n
\r\nv5.28.4
\r\n:warning: Security Release :warning:
\r\n\r\n
\r\nv5.28.3
\r\n⚠️ Security Release ⚠️
\r\n\r\n
\r\nCommits
\r\n\r\n
\r\nfb98306
\r\nBumped v5.28.42b39440
\r\nMerge pull request from GHSA-9qxr-qj54-h67264e3402
\r\nMerge pull request from GHSA-m4v8-wqvr-p9f7723c4e7
\r\nRevert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"0e9d54b
\r\nskip failing test due to Node.js changese71cb4c
\r\nBumped v5.28.320c65b8
\r\nFix tests for Node.js v20.11.0 (#2618)8ec52cd
\r\nFix tests for Node.js v21 (#2609)d3aa574
\r\nMerge pull request from GHSA-3787-6prv-h9w3
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=undici&package-manager=npm_and_yarn&previous-version=5.28.2&new-version=5.28.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\nDependabot commands and options
\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show Release notes
\r\n\r\n
v0.20.2
\r\n\r\n
abstract
\r\nclass fields (#3684)abstract
class fields. This was silently compiled\r\nincorrectly in esbuild 0.19.7 and below, and was an error from esbuild\r\n0.19.8 to esbuild 0.20.1. Code such as the following should now work\r\ncorrectly:// Original code\r\nconst log = (x: any, y: string) => console.log(y)\r\nabstract class Foo { @log abstract foo: string }\r\nnew class extends Foo { foo = '' }\r\n
JSON loader now preserves __proto__
properties (#3700)
Copying JSON source code into a JavaScript file will change its\r\nmeaning if a JSON object contains the __proto__
key. A\r\nliteral __proto__
property in a JavaScript object literal\r\nsets the prototype of the object instead of adding a property named\r\n__proto__
, while a literal __proto__
property\r\nin a JSON object literal just adds a property named\r\n__proto__
. With this release, esbuild will now work around\r\nthis problem by converting JSON to JavaScript with a computed property\r\nkey in this case:
// Original code\r\nimport data from\r\n'data:application/json,{"__proto__":{"fail":true}}'\r\nif (Object.getPrototypeOf(data)?.fail) throw 'fail'\r\n// Old output (with --bundle)\r\n(() => {\r\n//\r\n<data:application/json,{"proto":{"fail":true}}>\r\nvar json_proto_fail_true_default = { proto: { fail:\r\ntrue } };
\r\n// entry.js\r\nif (Object.getPrototypeOf(json_proto_fail_true_default)?.fail)\r\nthrow "fail";\r\n})();
\r\n
\r\n... (truncated)
\r\n\r\nSourced from esbuild's\r\nchangelog.
\r\n\r\n\r\n0.20.2
\r\n\r\n
\r\n\r\n- \r\n
\r\nSupport TypeScript experimental decorators on
\r\nabstract
\r\nclass fields (#3684)With this release, you can now use TypeScript experimental decorators\r\non
\r\nabstract
class fields. This was silently compiled\r\nincorrectly in esbuild 0.19.7 and below, and was an error from esbuild\r\n0.19.8 to esbuild 0.20.1. Code such as the following should now work\r\ncorrectly:\r\n// Original code\r\nconst log = (x: any, y: string) => console.log(y)\r\nabstract class Foo { @log abstract foo: string }\r\nnew class extends Foo { foo = '' }\r\n
// Old output (with --loader=ts\r\n--tsconfig-raw={"compilerOptions":{"experimentalDecorators":true}})\r\nconst log = (x, y) => console.log(y);\r\nclass Foo {\r\n}\r\nnew class extends Foo {\r\nfoo = "";\r\n}();
\r\n// New output (with --loader=ts\r\n--tsconfig-raw={"compilerOptions":{"experimentalDecorators":true}})\r\nconst log = (x, y) => console.log(y);\r\nclass Foo {\r\n}\r\n__decorateClass([\r\nlog\r\n], Foo.prototype, "foo", 2);\r\nnew class extends Foo {\r\nfoo = "";\r\n}();\r\n
- \r\n
\r\nJSON loader now preserves
\r\n__proto__
properties (#3700)Copying JSON source code into a JavaScript file will change its\r\nmeaning if a JSON object contains the
\r\n__proto__
key. A\r\nliteral__proto__
property in a JavaScript object literal\r\nsets the prototype of the object instead of adding a property named\r\n__proto__
, while a literal__proto__
property\r\nin a JSON object literal just adds a property named\r\n__proto__
. With this release, esbuild will now work around\r\nthis problem by converting JSON to JavaScript with a computed property\r\nkey in this case:\r\n// Original code\r\nimport data from\r\n'data:application/json,{"__proto__":{"fail":true}}'\r\nif (Object.getPrototypeOf(data)?.fail) throw 'fail'\r\n
// Old output (with --bundle)\r\n(() => {\r\n//\r\n<data:application/json,{"proto":{"fail":true}}>\r\nvar json_proto_fail_true_default = { proto: { fail:\r\ntrue } };
\r\n// entry.js\r\nif (Object.getPrototypeOf(json_proto_fail_true_default)?.fail)\r\nthrow "fail";\r\n})();\r\n
... (truncated)
\r\n617edda
\r\npublish 0.20.2 to npm4780075
\r\nfix #3700:\r\njson loader preserves __proto__
keys30bed2d
\r\nbetter errors for invalid js decorator syntax300eeb7
\r\nts: allow non-null assertions in js decorators4d997d9
\r\nfix #3698:\r\nyarn pnp edge case with tsconfig.json
cf42954
\r\nresolver: improve some debug loggingb0765ae
\r\nfix some lintsdfa6206
\r\nfix some comments (closes #3683)ae5cc17
\r\nfix #3684:\r\nabstract
experimental decoratorsc809af0
\r\nfix #2388:\r\nallow consuming types without dom types (#3679)