This PR contains the following updates:
Release Notes
ericelliott/cuid2 (@paralleldrive/cuid2)
Compare Source
Compare Source
Changed
- Remove collision-test from pre-commit hook to unblock release process
Fixed
- Replace BigInt with bignumber.js for broader browser support (legacy browsers)
- Add export module field to package.json for better ESM compatibility
Added
- Implement CSPRNG using crypto.getRandomValues for enhanced security
- Add validation to throw error when length > 32
Documentation
- Fix typo: Change "Pseudo" to "Pseudo" in README.md
- Update link for PleaseRobMe.com
Compare Source
Compare Source
kpdecker/jsdiff (diff)
Compare Source
- #616Restored compatibility of
diffSentences with old Safari versions. This was broken in 8.0.0 by the introduction of a regex with alookbehind assertion; these weren't supported in Safari prior to version 16.4. - #612Improved tree shakeability by marking the built CJS and ESM packages with
sideEffects: false.
Compare Source
- #610Fixes types for
diffJson which were broken by 8.0.0. The new bundled types in 8.0.0 only alloweddiffJson to be passed string arguments, but it should've been possible to pass either strings or objects (and now is). Thanks to Josh Kelley for the fix.
Compare Source
- #580Multiple tweaks to
diffSentences:- tokenization no longer takes quadratic time on pathological inputs (reported as a ReDOS vulnerability by Snyk); is now linear instead
- the final sentence in the string is now handled the same by the tokenizer regardless of whether it has a trailing punctuation mark or not. (Previously, "foo. bar." tokenized to
["foo.", " ", "bar."] but "foo. bar" tokenized to["foo.", " bar"] - i.e. whether the space between sentences was treated as a separate token depended upon whether the final sentence had trailing punctuation or not. This was arbitrary and surprising; it is no longer the case.) - in a string that starts with a sentence end, like "! hello.", the "!" is now treated as a separate sentence
- the README now correctly documents the tokenization behaviour (it was wrong before)
- #581 -fixed some regex operations used for tokenization in
diffWords taking O(n^2) time in pathological cases - #595 -fixed a crash in patch creation functions when handling a single hunk consisting of a very large number (e.g. >130k) of lines. (This was caused by spreading indefinitely-large arrays to
.push() using.apply or the spread operator and hitting the JS-implementation-specific limit on the maximum number of arguments to a function, as shown athttps://stackoverflow.com/a/56809779/1709587; thus the exact threshold to hit the error will depend on the environment in which you were running JsDiff.) - #596 -removed the
merge function. Previously JsDiff included an undocumented function calledmerge that was meant to, in some sense, merge patches. It had at least a couple of serious bugs that could lead to it returning unambiguously wrong results, and it was difficult to simply "fix" because it wasunclear precisely what it was meant to do. For now, the fix is to remove it entirely. - #591 - JsDiff's source code has been rewritten in TypeScript. This change entails the following changes for end users:
thediff package on npm now includes its own TypeScript type definitions. Users who previously used the@types/diff npm package from DefinitelyTyped should remove that dependency when upgrading JsDiff to v8.
Note that the transition from the DefinitelyTyped types to JsDiff's own type definitions includes multiple fixes and also removes many exported types previously used foroptions arguments to diffing and patch-generation functions. (There are now different exported options types for abortable calls - ones with atimeout ormaxEditLength that may give a result ofundefined - and non-abortable calls.) See the TypeScript section of the README for some usage tips.
TheDiff object is now a class. Custom extensions ofDiff, as described in the "Defining custom diffing behaviors" section of the README, can therefore now be done by writing aclass CustomDiff extends Diff and overriding methods, instead of the old way based on prototype inheritance. (Ithink code that did things the old way should still work, though!)
diff/lib/index.es6.js anddiff/lib/index.mjs no longer exist, and the ESM version of the library is no longer bundled into a single file.
TheignoreWhitespace option fordiffWords is no longer included in the type declarations. The effect of passingignoreWhitespace: true has always been to makediffWords just calldiffWordsWithSpace instead, which was confusing, because that behaviour doesn't seem properly described as "ignoring" whitespace at all. The property remains available to non-TypeScript applications for the sake of backwards compatibility, but TypeScript applications will now see a type error if they try to passignoreWhitespace: true todiffWords and should change their code to calldiffWordsWithSpace instead.
JsDiff no longer purports to support ES3 environments. (I'm pretty sure it never truly did, despite claiming to in its README, since even the 1.0.0 release usedArray.map which was added in ES5.)
- #601 -
diffJson'sstringifyReplacer option behaves more likeJSON.stringify'sreplacer argument now. In particular:- Each key/value pair now gets passed through the replacer once instead of twice
- The
key passed to the replacer when the top-level object is passed in asvalue is now"" (previously, wasundefined), and thekey passed with an array element is the array index as a string, like"0" or"1" (previously was whatever the key for the entire array was). Both the new behaviours match that ofJSON.stringify.
- #602 -diffing functions now consistently return
undefined when called in async mode (i.e. with a callback). Previously, there was an odd quirk where they would returntrue if the strings being diffed were equal andundefined otherwise.
Compare Source
Just a single (breaking) bugfix, undoing a behaviour change introduced accidentally in 6.0.0:
- #554
diffWords treats numbers and underscores as word characters again. This behaviour was broken in v6.0.0.
sindresorhus/filenamify (filenamify)
Compare Source
- Fix suport for spaces and periods in replacement string
0df0d46
Compare Source
Breaking
- Require Node.js 20
cc39041 - Fix Unicode normalization
ea8b961- Previously, it used the incorrect
NFD Unicode normalization. It now uses the correctNFC normalization. This could be a breaking change if you stored the filenames and then compare, as they won't match. You could run aNFC normalization on the stored once to fix that.
Improvements
- Use grapheme-safe truncation
98169ce - Fix trailing spaces and periods handling
43eea4d
Compare Source
Breaking
Improvements
- Prevent stripping of outer replaced characters (#38)
7d4846f
Compare Source
- Fix overstripping of replacement character (#33)
69989b8 - Fix
maxLength option being broken on files with no extension (#30)a2ee598 - Account for dotfiles (#32)
6badd76 - Account for extension length when truncating filename (#31)
a16c224
Compare Source
- Unicode normalize the filename
4a0d964
Compare Source
- Fix filenames truncated by
maxLength not keeping their extension (#27)8c52cb1
Compare Source
- Fix missing export of the
Options typefbb7353
Compare Source
Breaking
npm/validate-npm-package-name (validate-npm-package-name)
Compare Source
⚠️ BREAKING CHANGES
- align to npm 11 node engine range (#147)
Bug Fixes
Chores
Configuration
📅Schedule: Branch creation - "after 3am,before 9am" (UTC), Automerge - At any time (no schedule defined).
🚦Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻Immortal: This PR will be recreated if closed unmerged. Getconfig help if that's undesired.
This PR was generated byMend Renovate. View therepository job log.
Uh oh!
There was an error while loading.Please reload this page.
This PR contains the following updates:
2.3.1->3.0.45.2.3->8.0.06.0.0->8.0.24.3.0->7.0.16.0.2->7.0.0Release Notes
ericelliott/cuid2 (@paralleldrive/cuid2)
v3.0.4Compare Source
v3.0.2Compare Source
Changed
Fixed
Added
Documentation
v3.0.1Compare Source
v3.0.0Compare Source
kpdecker/jsdiff (diff)
v8.0.2Compare Source
diffSentenceswith old Safari versions. This was broken in 8.0.0 by the introduction of a regex with alookbehind assertion; these weren't supported in Safari prior to version 16.4.sideEffects: false.v8.0.1Compare Source
diffJsonwhich were broken by 8.0.0. The new bundled types in 8.0.0 only alloweddiffJsonto be passed string arguments, but it should've been possible to pass either strings or objects (and now is). Thanks to Josh Kelley for the fix.v8.0.0Compare Source
diffSentences:["foo.", " ", "bar."]but "foo. bar" tokenized to["foo.", " bar"]- i.e. whether the space between sentences was treated as a separate token depended upon whether the final sentence had trailing punctuation or not. This was arbitrary and surprising; it is no longer the case.)diffWordstaking O(n^2) time in pathological cases.push()using.applyor the spread operator and hitting the JS-implementation-specific limit on the maximum number of arguments to a function, as shown athttps://stackoverflow.com/a/56809779/1709587; thus the exact threshold to hit the error will depend on the environment in which you were running JsDiff.)mergefunction. Previously JsDiff included an undocumented function calledmergethat was meant to, in some sense, merge patches. It had at least a couple of serious bugs that could lead to it returning unambiguously wrong results, and it was difficult to simply "fix" because it wasunclear precisely what it was meant to do. For now, the fix is to remove it entirely.the
diffpackage on npm now includes its own TypeScript type definitions. Users who previously used the@types/diffnpm package from DefinitelyTyped should remove that dependency when upgrading JsDiff to v8.Note that the transition from the DefinitelyTyped types to JsDiff's own type definitions includes multiple fixes and also removes many exported types previously used for
optionsarguments to diffing and patch-generation functions. (There are now different exported options types for abortable calls - ones with atimeoutormaxEditLengththat may give a result ofundefined- and non-abortable calls.) See the TypeScript section of the README for some usage tips.The
Diffobject is now a class. Custom extensions ofDiff, as described in the "Defining custom diffing behaviors" section of the README, can therefore now be done by writing aclass CustomDiff extends Diffand overriding methods, instead of the old way based on prototype inheritance. (Ithink code that did things the old way should still work, though!)diff/lib/index.es6.jsanddiff/lib/index.mjsno longer exist, and the ESM version of the library is no longer bundled into a single file.The
ignoreWhitespaceoption fordiffWordsis no longer included in the type declarations. The effect of passingignoreWhitespace: truehas always been to makediffWordsjust calldiffWordsWithSpaceinstead, which was confusing, because that behaviour doesn't seem properly described as "ignoring" whitespace at all. The property remains available to non-TypeScript applications for the sake of backwards compatibility, but TypeScript applications will now see a type error if they try to passignoreWhitespace: truetodiffWordsand should change their code to calldiffWordsWithSpaceinstead.JsDiff no longer purports to support ES3 environments. (I'm pretty sure it never truly did, despite claiming to in its README, since even the 1.0.0 release used
Array.mapwhich was added in ES5.)diffJson'sstringifyReplaceroption behaves more likeJSON.stringify'sreplacerargument now. In particular:keypassed to the replacer when the top-level object is passed in asvalueis now""(previously, wasundefined), and thekeypassed with an array element is the array index as a string, like"0"or"1"(previously was whatever the key for the entire array was). Both the new behaviours match that ofJSON.stringify.undefinedwhen called in async mode (i.e. with a callback). Previously, there was an odd quirk where they would returntrueif the strings being diffed were equal andundefinedotherwise.v7.0.0Compare Source
Just a single (breaking) bugfix, undoing a behaviour change introduced accidentally in 6.0.0:
diffWordstreats numbers and underscores as word characters again. This behaviour was broken in v6.0.0.sindresorhus/filenamify (filenamify)
v7.0.1Compare Source
0df0d46v7.0.0Compare Source
Breaking
cc39041ea8b961NFDUnicode normalization. It now uses the correctNFCnormalization. This could be a breaking change if you stored the filenames and then compare, as they won't match. You could run aNFCnormalization on the stored once to fix that.Improvements
98169ce43eea4dv6.0.0Compare Source
Breaking
b5297ccImprovements
7d4846fv5.1.1Compare Source
69989b8maxLengthoption being broken on files with no extension (#30)a2ee5986badd76a16c224v5.1.0Compare Source
4a0d964v5.0.2Compare Source
maxLengthnot keeping their extension (#27)8c52cb1v5.0.1Compare Source
Optionstypefbb7353v5.0.0Compare Source
Breaking
c2000acnpm/validate-npm-package-name (validate-npm-package-name)
v7.0.0Compare Source
Bug Fixes
69e0cbb#147 align to npm 11 node engine range (#147) (@owlstronaut)Chores
c6866b9#146 bump@npmcli/template-oss from 4.26.0 to 4.27.1 (#146) (@dependabot[bot],@npm-cli-bot)Configuration
📅Schedule: Branch creation - "after 3am,before 9am" (UTC), Automerge - At any time (no schedule defined).
🚦Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻Immortal: This PR will be recreated if closed unmerged. Getconfig help if that's undesired.
This PR was generated byMend Renovate. View therepository job log.