dependabot[bot] 12768908eb build(deps): bump json5 from 1.0.1 to 1.0.2 in /addons (#380) ... Summary: Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/releases">json5's releases</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">https://github.com/facebook/sapling/issues/199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">https://github.com/facebook/sapling/issues/295</a>). This has been backported to v1. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/298">https://github.com/facebook/sapling/issues/298</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's changelog</a>.</em></p> <blockquote> <h3>Unreleased [<a href="https://github.com/json5/json5/tree/main">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.3...HEAD">diff</a>]</h3> <h3>v2.2.3 [<a href="https://github.com/json5/json5/tree/v2.2.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3">diff</a>]</h3> <ul> <li>Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/299">https://github.com/facebook/sapling/issues/299</a>)</li> </ul> <h3>v2.2.2 [<a href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">https://github.com/facebook/sapling/issues/199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">https://github.com/facebook/sapling/issues/295</a>).</li> </ul> <h3>v2.2.1 [<a href="https://github.com/json5/json5/tree/v2.2.1">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1">diff</a>]</h3> <ul> <li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/266">https://github.com/facebook/sapling/issues/266</a>)</li> </ul> <h3>v2.2.0 [<a href="https://github.com/json5/json5/tree/v2.2.0">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0">diff</a>]</h3> <ul> <li>New: Accurate and documented TypeScript declarations are now included. There is no need to install <code>types/json5</code>. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/236">https://github.com/facebook/sapling/issues/236</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/244">https://github.com/facebook/sapling/issues/244</a>)</li> </ul> <h3>v2.1.3 [<a href="https://github.com/json5/json5/tree/v2.1.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3">diff</a>]</h3> <ul> <li>Fix: An out of memory bug when parsing numbers has been fixed. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/228">https://github.com/facebook/sapling/issues/228</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/229">https://github.com/facebook/sapling/issues/229</a>)</li> </ul> <h3>v2.1.2 [<a href="https://github.com/json5/json5/tree/v2.1.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2">diff</a>]</h3> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="a62db1e51e"><code>a62db1e</code></a> 1.0.2</li> <li><a href="e0c23fe458"><code>e0c23fe</code></a> docs: update CHANGELOG for v1.0.2</li> <li><a href="62a6540840"><code>62a6540</code></a> fix: add <strong>proto</strong> to objects and arrays</li> <li>See full diff in <a href="https://github.com/json5/json5/compare/v1.0.1...v1.0.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/sapling/network/alerts). </details> Pull Request resolved: https://github.com/facebook/sapling/pull/380 Reviewed By: evangrayk Differential Revision: D42596278 Pulled By: bolinfest fbshipit-source-id: cc056b3704dc7f8f71eaf427fa0fc892d1dce9a3		2023-01-19 11:01:47 -08:00
..
.vscode	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
eslint-rules	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
isl	Add context menu	2023-01-13 09:14:31 -08:00
isl-server	Add tests for run-proxy	2023-01-18 16:46:53 -08:00
reviewstack	reviewstack: fix parsing logic to hide stack info from PR body	2022-12-21 21:32:14 -08:00
reviewstack.dev	reviewstack: include the screencast on the home page	2022-12-20 12:36:37 -08:00
shared	Add context menu	2023-01-13 09:14:31 -08:00
textmate	upgrade prettier to 2.7.1	2022-11-15 19:56:38 -08:00
vscode	Platform API for copying to clipboard	2023-01-12 16:40:50 -08:00
.eslintrc.js	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
.gitignore	internal build script	2022-11-22 11:57:15 -08:00
.prettierignore	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
.prettierrc	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
LICENSE	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
package.json	upgrade prettier to 2.7.1	2022-11-15 19:56:38 -08:00
verify-addons-folder.py	Re-sync with internal repository	2022-11-15 00:48:09 -08:00
yarn.lock	build(deps): bump json5 from 1.0.1 to 1.0.2 in /addons (#380)	2023-01-19 11:01:47 -08:00