From 4485373e87b466d8201051f751fb50e7b79d80f0 Mon Sep 17 00:00:00 2001 From: jordigh Date: Wed, 21 Jun 2023 16:20:04 -0400 Subject: [PATCH] Update CHANGELOG.md --- CHANGELOG.md | 249 ++------------------------------------------------- 1 file changed, 5 insertions(+), 244 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df5ea34..85694e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,251 +1,12 @@ ### v9.0.1 (2023-06-21) ---- NOTES NEEDS REVIEW --- -Updated the slack invite link --------------------------- - -Updated semver to 7.5.2. - +* Updated the slack invite link +* Updated semver to 7.5.2. * Updated README links to point to new forum link due to repolinter ruleset change - ---- NOTES NEEDS REVIEW --- -Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) from 0.4.19 to 0.5.0. -
-Commits - -
-
- - -[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=xml2js&package-manager=npm_and_yarn&previous-version=0.4.19&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - -Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -
-Dependabot commands and options -
- -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/node-native-metrics/network/alerts). - -
--------------------------- - -* Update README header image to latest OSS office required images - ---- NOTES NEEDS REVIEW --- -# Proposed release notes - -* update nan to version 2.17.0 - -# Snyk has created this PR to upgrade nan from 2.16.0 to 2.17.0. - -:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. --------------------------- - ---- NOTES NEEDS REVIEW --- -# Proposed release notes - -* Update https-proxy-agent to 5.0.1 - -# Snyk has created this PR to upgrade https-proxy-agent from 5.0.0 to 5.0.1. - -:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. --------------------------- - ---- NOTES NEEDS REVIEW --- -Bumps [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2. -
-Release notes -

Sourced from json5's releases.

-
-

v2.2.2

-
    -
  • Fix: Properties with the name __proto__ are added to objects and arrays. -(#199) This also fixes a prototype pollution vulnerability reported by -Jonathan Gregson! (#295).
    • -
-
-
-
-Changelog -

Sourced from json5's changelog.

-
-

v2.2.2 [code, diff]

-
    -
  • Fix: Properties with the name __proto__ are added to objects and arrays. -(#199) This also fixes a prototype pollution vulnerability reported by -Jonathan Gregson! (#295).
    • -
-
-
-
-Commits - -
-
- - -[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=2.2.1&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - -Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -
-Dependabot commands and options -
- -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language -- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language -- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language -- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - -You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/node-native-metrics/network/alerts). - -
--------------------------- - +* Updated [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) to 0.5.0. +* Updated [json5](https://github.com/json5/json5) from 2.2.1 to 2.2.2. * Added lockfile checks to CI workflow to prevent malicious changes - ---- NOTES NEEDS REVIEW --- -Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. -
-Changelog -

Sourced from qs's changelog.

-
-

6.5.3

-
    -
  • [Fix] parse: ignore __proto__ keys (#428)
    • -
  • [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array source
    • -
  • [Fix] correctly parse nested arrays
    • -
  • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • -
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • -
  • [Fix] when parseArrays is false, properly handle keys ending in []
    • -
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • -
  • [Fix] utils.merge: avoid a crash with a null target and an array source
    • -
  • [Refactor] utils: reduce observable [[Get]]s
    • -
  • [Refactor] use cached Array.isArray
    • -
  • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • -
  • [Refactor] parse: only need to reassign the var once
    • -
  • [Robustness] stringify: avoid relying on a global undefined (#427)
    • -
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • -
  • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • -
  • [Docs] Clarify the need for "arrayLimit" option
    • -
  • [meta] fix README.md (#399)
    • -
  • [meta] add FUNDING.yml
    • -
  • [actions] backport actions from main
    • -
  • [Tests] always use String(x) over x.toString()
    • -
  • [Tests] remove nonexistent tape option
    • -
  • [Dev Deps] backport from main
    • -
-
-
-
-Commits - -
-
- - -[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=qs&package-manager=npm_and_yarn&previous-version=6.5.2&new-version=6.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) - -Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. - -[//]: # (dependabot-automerge-start) -[//]: # (dependabot-automerge-end) - ---- - -
-Dependabot commands and options -
- -You can trigger Dependabot actions by commenting on this PR: -- `@dependabot rebase` will rebase this PR -- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it -- `@dependabot merge` will merge this PR after your CI passes on it -- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it -- `@dependabot cancel merge` will cancel a previously requested merge and block automerging -- `@dependabot reopen` will reopen this PR if it is closed -- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language -- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language -- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language -- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - -You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/newrelic/node-native-metrics/network/alerts). - -
--------------------------- +* Updated [qs](https://github.com/ljharb/qs) to 6.5.3. ### v9.0.0 (2022-08-01)