• 8b3f5f2 1.5.7
• ef45a13 [fix] Readd the empty userinfo to url.href (#226)
• 88df234 [doc] Add soft deprecation notice
• 78e9f2f [security] Fix nits
• e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
• 4c9fa23 1.5.6
• 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
• e4a5807 1.5.5
• 193b44b [minor] Simplify whitespace regex
• 319851b [fix] Remove CR, HT, and LF
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 4a54e57 Bump version to 1.1.4
• ebf8b45 Merge pull request #34 from ibraheemdev/patch-1
• 3d69afa Fix memory ordering in RawIter::next
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 8cd4c6c 1.5.10
• ce7a01f [fix] Improve handling of empty port
• 0071490 [doc] Update JSDoc comment
• a7044e3 [minor] Use more descriptive variable name
• d547792 [security] Add credits for CVE-2022-0691
• ad23357 1.5.9
• 0e3fb54 [fix] Strip all control characters from the beginning of the URL
• 61864a8 [security] Add credits for CVE-2022-0686
• bb0104d 1.5.8
• d5c6479 [fix] Handle the case where the port is specified but empty
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from mongoose's releases.

6.4.6 / 2022-07-20

• fix(schema): disallow setting proto when creating schema with dotted properties #12085
• fix(document): avoid mutating original object passed to $set() when applying defaults to nested properties #12102
• fix(query): apply lean transform option to top-level document #12093
• docs(migrating_to_6): correct example for isObjectIdOrHexString() #12123 LokeshKanumoori

6.4.5 / 2022-07-18

• fix(model+timestamps): set timestamps on subdocuments in insertMany() #12060
• fix: correct isAtlas check #12110 skrtheboss
• fix(types): fix various issues with auto typed schemas #12042 mohammad0-0ahmad
• fix(types): allow any value for AddFields #12096
• fix(types): allow arbitrary expressions for ConcatArrays #12058
• fix(types): make $addToSet fields mutable to allow programatically constructing $addToSet #12091
• fix(types): add $let as a possible expression to $addFields #12087 AbdelrahmanHafez
• fix(types): fix $switch expression type #12088 AbdelrahmanHafez
• fix(types): correct options type for syncIndexes() #12101 lpizzinidev
• fix(types): avoid treating | undefined types as any in Require_id to better support _id: String with auto-typed schemas #12070
• docs: fix up various jsdoc issues #12086 hasezoey
• docs: add sanitizeFilter to mongoose.set() options #12112 pathei-kosmos

6.4.4 / 2022-07-08

• fix(types): allow using an object to configure timestamps #12061 lantw44
• fix(types): support findOneAndReplace with rawResult #12062 lantw44
• docs: upgrade API documentation parser #12078 #12072 #12071 #12024 hasezoey
• docs(document): add more info on $isNew #11990
• docs: add SchemaType doValidate() to docs #12068

6.4.3 / 2022-07-05

• fix(document): handle validating deeply nested subdocuments underneath nested paths with required: false #12021
• fix(types): infer schematype type from schema paths when calling SchemaType.path() #11987
• fix(types): add $top and $topN aggregation operators #12053
• fix(types): clean up a couple of issues with $add and $ifNull #12017
• fix(types): allow $cond with $in #12028
• docs: add path level descending index example in docs #12023 MitchellCash
• docs: add Buffer, Decimal128, Map to docs #11971

6.4.2 / 2022-07-01

• fix: keep autoIndex & autoCreate as true by default if read preference is primaryPreferred #11976
• fix(types): improve inferred Schema Type to handle nested paths and ObjectIds #12007 iammola
• fix(types): avoid inferring doc type from param to create() #12001
• fix(types): make populate Paths generic consistently overwrite doc interface #11955
• fix(types): allow null at ne expression second parameter #11996 jyeros
• fix(types): change index "weights" to be more explicit #11997 hasezoey

6.4.1 / 2022-06-27

... (truncated)

Sourced from mongoose's changelog.

6.4.6 / 2022-07-20

• fix(schema): disallow setting proto when creating schema with dotted properties #12085
• fix(document): avoid mutating original object passed to $set() when applying defaults to nested properties #12102
• fix(query): apply lean transform option to top-level document #12093
• docs(migrating_to_6): correct example for isObjectIdOrHexString() #12123 LokeshKanumoori

6.4.5 / 2022-07-18

• fix(model+timestamps): set timestamps on subdocuments in insertMany() #12060
• fix: correct isAtlas check #12110 skrtheboss
• fix(types): fix various issues with auto typed schemas #12042 mohammad0-0ahmad
• fix(types): allow any value for AddFields #12096
• fix(types): allow arbitrary expressions for ConcatArrays #12058
• fix(types): make $addToSet fields mutable to allow programatically constructing $addToSet #12091
• fix(types): add $let as a possible expression to $addFields #12087 AbdelrahmanHafez
• fix(types): fix $switch expression type #12088 AbdelrahmanHafez
• fix(types): correct options type for syncIndexes() #12101 lpizzinidev
• fix(types): avoid treating | undefined types as any in Require_id to better support _id: String with auto-typed schemas #12070
• docs: fix up various jsdoc issues #12086 hasezoey
• docs: add sanitizeFilter to mongoose.set() options #12112 pathei-kosmos

6.4.4 / 2022-07-08

• fix(types): allow using an object to configure timestamps #12061 lantw44
• fix(types): support findOneAndReplace with rawResult #12062 lantw44
• docs: upgrade API documentation parser #12078 #12072 #12071 #12024 hasezoey
• docs(document): add more info on $isNew #11990
• docs: add SchemaType doValidate() to docs #12068

6.4.3 / 2022-07-05

• fix(document): handle validating deeply nested subdocuments underneath nested paths with required: false #12021
• fix(types): infer schematype type from schema paths when calling SchemaType.path() #11987
• fix(types): add $top and $topN aggregation operators #12053
• fix(types): clean up a couple of issues with $add and $ifNull #12017
• fix(types): allow $cond with $in #12028
• docs: add path level descending index example in docs #12023 MitchellCash
• docs: add Buffer, Decimal128, Map to docs #11971

6.4.2 / 2022-07-01

• fix: keep autoIndex & autoCreate as true by default if read preference is primaryPreferred #11976
• fix(types): improve inferred Schema Type to handle nested paths and ObjectIds #12007 iammola
• fix(types): avoid inferring doc type from param to create() #12001
• fix(types): make populate Paths generic consistently overwrite doc interface #11955
• fix(types): allow null at ne expression second parameter #11996 jyeros
• fix(types): change index "weights" to be more explicit #11997 hasezoey

6.4.1 / 2022-06-27

... (truncated)

• 5449ab9 chore: release 6.4.6
• b8c99cf Merge pull request #11892 from Automattic/netlify-functions-example
• 2751883 fix tests
• eced2c7 Merge branch 'master' into netlify-functions-example
• 92cb6fb Merge branch 'master' into vkarpov15/gh-12085
• 422f9da test(schema): add coverage for calling plugin() with options
• 2262a77 fix(document): avoid mutating original object passed to $set() when applying ...
• 2e6b064 made requested changes
• b70a0dc Merge pull request #12123 from LokeshKanumoori/patch-1
• 086bd9f fix(query): apply lean transform option to top-level document
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from regex's changelog.

1.5.5 (2022-03-08)

This releases fixes a security bug in the regex compiler. This bug permits a vector for a denial-of-service attack in cases where the regex being compiled is untrusted. There are no known problems where the regex is itself trusted, including in cases of untrusted haystacks.

• SECURITY #GHSA-m5pq-gvj9-9vr8: Fixes a bug in the regex compiler where empty sub-expressions subverted the existing mitigations in place to enforce a size limit on compiled regexes. The Rust Security Response WG published an advisory about this: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw

• d130381 1.5.5
• ae70b41 security: fix denial-of-service bug in compiler
• b92ffd5 cargo: use SPDX license format
• f6e52da syntax: fix 'unused' warnings
• 5197f21 fuzz: do not use inherits in Cargo.toml
• 3662851 doc: fix typo
• 63ee669 syntax/doc: fix 'their' typo
• d6bc7a4 readme: remove broken badge
• bd74660 fuzz: try to fix build issue
• bd0a142 readme: fix badges
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from crossbeam-utils's releases.

crossbeam-utils 0.8.8

• Fix a bug when unstable loom support is enabled. (#787)

crossbeam-utils 0.8.7

• Add AtomicCell<{i*,u*}>::{fetch_max,fetch_min}. (#785)
• Add AtomicCell<{i*,u*,bool}>::fetch_nand. (#785)
• Fix unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64 (#781)

crossbeam-utils 0.8.6

• Re-add AtomicCell<{i,u}64>::{fetch_add,fetch_sub,fetch_and,fetch_or,fetch_xor} that were accidentally removed in 0.8.0 0.7.1 on targets that do not support Atomic{I,U}64. (#767)
• Re-add AtomicCell<{i,u}128>::{fetch_add,fetch_sub,fetch_and,fetch_or,fetch_xor} that were accidentally removed in 0.8.0 0.7.1. (#767)

• 5b4d808 Merge #800
• 6fa7246 Prepare for the next release
• 8efcd02 Merge #798
• baedeb0 channel: Do not panic on very large timeout
• 113daf4 Merge #799
• 5cb7cac Update no_atomic.rs
• 0081fcc Merge #789 #797
• 7b2d65f Update to stabilized const_fn_trait_bound
• bd75c3c Add force_push to ArrayQueue
• b11f1a8 Merge #793
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from nodemon's releases.

v2.0.20

2.0.20 (2022-09-16)

Bug Fixes

• remove postinstall script (e099e91)

v2.0.19

2.0.19 (2022-07-05)

Bug Fixes

• Replace update notifier with simplified deps (#2033) (176c4a6), closes #1961 #2028

v2.0.18

2.0.18 (2022-06-23)

Bug Fixes

• revert update-notifier forcing esm (1b3bc8c)

v2.0.17

2.0.17 (2022-06-23)

Bug Fixes

• bump update-notifier to v6.0.0 (#2029) (0144e4f)
• update packge-lock (27e91c3)

v2.0.16

2.0.16 (2022-04-29)

Bug Fixes

• support windows by using path.delimiter (e26aaa9)

• e099e91 fix: remove postinstall script
• 05de353 chore: supports
• 876d60c chore: supporters
• 188f2d3 chore: supporters
• a1ad44a chore: supporters update
• 8abd3fc chore: supporters update
• 30c80f8 chore: add unused files to .npmignore (#2055)
• 3dd38de docs: added link on banner (#1944)
• fb51359 docs: add important note about ignore rules
• 8fe7d77 chore: supporters
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from tokio's releases.

Tokio v1.13.1

1.13.1 (November 15, 2021)

This release fixes a data race when sending and receiving on a closed oneshot channel (RUSTSEC-2021-0124).

Fixed

• sync: fix a data race between oneshot::Sender::send and awaiting a oneshot::Receiver when the oneshot has been closed (#4226)

Tokio v1.13.0

1.13.0 (October 29, 2021)

Fixed

• sync: fix Notify to clone the waker before locking its waiter list (#4129)
• tokio: add riscv32 to non atomic64 architectures (#4185)

Added

• net: add poll_{recv,send}_ready methods to udp and uds_datagram (#4131)
• net: add try_*, readable, writable, ready, and peer_addr methods to split halves (#4120)
• sync: add blocking_lock to Mutex (#4130)
• sync: add watch::Sender::send_replace (#3962, #4195)
• sync: expand Debug for Mutex<T> impl to unsized T (#4134)
• tracing: instrument time::Sleep (#4072)
• tracing: use structured location fields for spawned tasks (#4128)

Changed

• io: add assert in copy_bidirectional that poll_write is sensible (#4125)
• macros: use qualified syntax when polling in select! (#4192)
• runtime: handle block_on wakeups better (#4157)
• task: allocate callback on heap immediately in debug mode (#4203)
• tokio: assert platform-minimum requirements at build time (#3797)

Documented

• docs: conversion of doc comments to indicative mood (#4174)
• docs: add returning on the first error example for try_join! (#4133)
• docs: fixing broken links in tokio/src/lib.rs (#4132)
• signal: add example with background listener (#4171)
• sync: add more oneshot examples (#4153)
• time: document Interval::tick cancel safety (#4152)

#3797: tokio-rs/tokio#3797 #3962: tokio-rs/tokio#3962

... (truncated)

• 2a3c803 chore: prepare Tokio v1.13.1 (#4235)
• 7d8de50 oneshot: document UnsafeCell invariants (#4229)
• ab0e60d sync: fix racy UnsafeCell access on a closed oneshot (#4226)
• ac89d89 chore: prepare Tokio v1.13.0 (#4196)
• e184205 chore: prepare tokio-macros 1.6.0 (#4197)
• 44a1aad task: allocate callback on heap immediately in debug mode (#4203)
• 75c0777 sync: make watch::send_replace infallible (#4195)
• 268ed5e task: add more tips + links to spawn_blocking docs (#4150)
• 0c68b89 codec: update stream impl for Framed to return None after Err (#4166)
• 827694a ci: fix nightly version for cirrus ci (#4200)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from protobufjs's releases.

v6.11.3

6.11.3 (2022-05-20)

Bug Fixes

• deps: use eslint 8.x (#1728) (a8681ce)
• do not let setProperty change the prototype (#1731) (b5f1391)

Sourced from protobufjs's changelog.

6.11.3 (2022-05-20)

Bug Fixes

• deps: use eslint 8.x (#1728) (a8681ce)
• do not let setProperty change the prototype (#1731) (b5f1391)

• b130dfd chore(6.x): release 6.11.3 (#1737)
• c2c17ae build: publish to main
• b2c6a5c build: run tests if ci label added (#1734)
• a8681ce fix(deps): use eslint 8.x (#1728)
• b5f1391 fix: do not let setProperty change the prototype (#1731)
• 7afd0a3 build: configure 6.x as default branch
• 37285d0 build: configure backports
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.