Sourced from js-yaml's changelog.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

[3.10.0] - 2017-09-10

Fixed

• Fix condenseFlow output (quote keys for sure, instead of spaces), #371, #370.
• Dump astrals as codepoints instead of surrogate pair, #368.

[3.9.1] - 2017-07-08

Fixed

• Ensure stack is present for custom errors in node 7.+, #351.

[3.9.0] - 2017-07-08

Added

• Add condenseFlow option (to create pretty URL query params), #346.

Fixed

... (truncated)

• 665aadd 3.13.1 released
• da8ecf2 Browser files rebuild
• b2f9e88 Merge pull request #480 from nodeca/toString
• e18afbf Fix possible code execution in (already unsafe) load()
• 9d4ce5e 3.13.0 released
• f64c673 Browser files rebuild
• a567ef3 Restrict data types for object keys
• 59b6e76 Fix test name
• e4267fc 3.12.2 released
• 7231a49 Browser files rebuild
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from diff's changelog.

v3.5.0 - March 4th, 2018

• Omit redundant slice in join method of diffArrays - 1023590
• Support patches with empty lines - fb0f208
• Accept a custom JSON replacer function for JSON diffing - 69c7f0a
• Optimize parch header parser - 2aec429
• Fix typos - e89c832

Commits

v3.4.0 - October 7th, 2017

• #183 - Feature request: ability to specify a custom equality checker for diffArrays
• #173 - Bug: diffArrays gives wrong result on array of booleans
• #158 - diffArrays will not compare the empty string in array?
• comparator for custom equality checks - 30e141e
• count oldLines and newLines when there are conflicts - 53bf384
• Fix: diffArrays can compare falsey items - 9e24284
• Docs: Replace grunt with npm test - 00e2f94

Commits

v3.3.1 - September 3rd, 2017

• #141 - Cannot apply patch because my file delimiter is "/r/n" instead of "/n"
• #192 - Fix: Bad merge when adding new files (#189)
• correct spelling mistake - 21fa478

Commits

v3.3.0 - July 5th, 2017

• #114 - /patch/merge not exported
• Gracefully accept invalid newStart in hunks, same as patch(1) does. - d8a3635
• Use regex rather than starts/ends with for parsePatch - 6cab62c
• Add browser flag - e64f674
• refactor: simplified code a bit more - 8f8e0f2
• refactor: simplified code a bit - b094a6f
• fix: some corrections re ignoreCase option - 3c78fd0
• ignoreCase option - 3cbfbb5
• Sanitize filename while parsing patches - 2fe8129
• Added better installation methods - aced50b
• Simple export of functionality - 8690f31

Commits

• e9ab948 v3.5.0
• b73884c Update release notes
• 8953021 Update release notes
• 1023590 Omit redundant slice in join method of diffArrays
• c72ef4a Add missing test coverage
• b9ef24f Support patches with empty lines
• 10aaabb Support patches with empty lines
• 196d3aa Support patches with empty lines
• e24d789 Support patches with empty lines
• 8616a02 Support patches with empty lines
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• fee31c5 0.0.6
• 2f4a9d4 Merge pull request #9 from mhart/fix-buffer-constructor-vuln
• afbc744 Ensure data is not a number in Buffer constructor
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from handlebars's changelog.

v4.7.2 - January 13th, 2020

Bugfixes:

• fix: don't wrap helpers that are not functions - 9d5aa36, #1639

Chore/Build:

• chore: execute saucelabs-task only if access-key exists - a4fd391

Compatibility notes:

• No breaking changes are to be expected

Commits

v4.7.1 - January 12th, 2020

Bugfixes:

• fix: fix log output in case of illegal property access - f152dfc
• fix: log error for illegal property access only once per property - 3c1e252

Compatibility notes:

• no incompatibilities are to be expected.

Commits

v4.7.0 - January 10th, 2020

Features:

• feat: default options for controlling proto access - 7af1c12, #1635
  • This makes it possible to disable the prototype access restrictions added in 4.6.0
  • an error is logged in the console, if access to prototype properties is attempted and denied and no explicit configuration has taken place.

Compatibility notes:

• no compatibilities are expected

Commits

v4.6.0 - January 8th, 2020

Features:

• feat: access control to prototype properties via whitelist (#1633)- d03b6ec

... (truncated)

• 586e672 v4.7.2
• f0c6c4c Update release notes
• a4fd391 chore: execute saucelabs-task only if access-key exists
• 9d5aa36 fix: don't wrap helpers that are not functions
• 14ba3d0 v4.7.1
• 4cddfe7 Update release notes
• f152dfc fix: fix log output in case of illegal property access
• 3c1e252 fix: log error for illegal property access only once per property
• 0d5c807 v4.7.0
• 1f0834b Update release notes
• Additional commits viewable in compare view

This version was pushed to npm by knappi, a new releaser for handlebars since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

3.0.1 / 2017-04-27

• [Fix] deep extending should work with a non-object (#46)
• [Dev Deps] update tape, eslint, @ljharb/eslint-config
• [Tests] up to node v7.9, v6.10, v4.8; improve matrix
• [Docs] Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
• [Docs] Add example to readme (#34)

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• 138b515 v3.0.1
• 7e19a6f [Tests] up to node v7.9, v6.10, v4.8; improve matrix
• 0191e27 [Dev Deps] update tape, eslint, @ljharb/eslint-config
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• ddfd9b1 Bump to v4.17.15.
• b185fce Rebuild lodash and docs.
• be87d30 Bump to v4.17.14.
• a6fe6b1 Rebuild lodash and docs.
• e371828 Bump to v4.17.13.
• 357e899 Rebuild lodash and docs.
• fd9a062 Bump to v4.17.12.
• e77d681 Rebuild lodash and docs.
• 629d186 Update OpenJS references.
• 2406eac Fix minified build.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from brace-expansion's releases.

1.1.11

No release notes provided.

v1.1.11

brace-expansion

Brace expansion, as known from sh/bash, in JavaScript.

Example

var expand = require('brace-expansion');

expand('file-{a,b,c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']

expand('-v{,,}')
// => ['-v', '-v', '-v']

expand('file{0..2}.jpg')
// => ['file0.jpg', 'file1.jpg', 'file2.jpg']

expand('file-{a..c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']

expand('file{2..0}.jpg')
// => ['file2.jpg', 'file1.jpg', 'file0.jpg']

expand('file{0..4..2}.jpg')
// => ['file0.jpg', 'file2.jpg', 'file4.jpg']

expand('file-{a..e..2}.jpg')
// => ['file-a.jpg', 'file-c.jpg', 'file-e.jpg']

expand('file{00..10..5}.jpg')
// => ['file00.jpg', 'file05.jpg', 'file10.jpg']

expand('{{A..C},{a..c}}')
// => ['A', 'B', 'C', 'a', 'b', 'c']

expand('ppp{,config,oe{,conf}}')
// => ['ppp', 'pppconfig', 'pppoe', 'pppoeconf']

... (truncated)

• e52ad1c Merge pull request #42 from juliangruber/greenkeeper/update-to-node-10
• fb4c692 Update to node 10 in .travis.yml
• 01a21de 1.1.11
• d7c93ee sponsors
• 54a6176 1.1.10
• 327c729 Merge pull request #40 from Parcley/add-license-1
• b6ba2e0 create LICENSE file
• 0f82dab 1.1.9
• acd1754 support
• 40ff02d Merge pull request #39 from EdwardBetts/spelling
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• e4dfb0a 2.3.4
• 7d66ffd Update public suffix list
• 7564c06 Merge pull request #100 from salesforce/no-re-parser
• 751da6d Document removal of 256 space limit
• 8452ccd Convert date-time parser from regexp, expand tests
• 8614dbf More String#repeat polyfill
• 2a4775c Avoid unbounded Regexp parts in date parsing
• c9bd79d Parse cookie-pair part without regexp
• 12d4266 2.3.3
• 98e0916 Merge pull request #97 from salesforce/spaces-ReDoS
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.