Update Mend: high confidence minor and patch dependency updates #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![mend-for-github-com[bot]](https://avatars.githubusercontent.com/in/30796?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.0.0-rc.4->2.6.41.15.1->1.20.24.13.4->4.18.21.13.0->1.17.31.0.1->1.6.11.2.0->1.4.31.8.3->1.13.6Release Notes
caolan/async
v2.6.4Compare Source
v2.6.3Compare Source
v2.6.2Compare Source
v2.6.1Compare Source
npm auditwarnings. (#1532, #1533)async-esmore optimized for webpack users (#1517)v2.6.0Compare Source
require('async/find')or useasync.anyLimit. (#1483)queueperformance. (#1448, #1454)v2.5.0Compare Source
concatLimit, theLimitequivalent ofconcat(#1426, #1430)concatimprovements: it now preserves order, handles falsy values and theiterateecallback takes a variable number of arguments (#1437, #1436)queuewhere there was a size discrepancy betweenworkersList().lengthandrunning()(#1428, #1429)v2.4.1Compare Source
timeout()from being re-used. (#1418, #1419)v2.4.0Compare Source
tryEach, for running async functions in parallel, where you only expect one to succeed. (#1365, #687)parallelandwaterfall(#1395)queue.remove(), for removing items in aqueue(#1397, #1391)eval, preventing Async from running in pages with Content Security Policy (#1404, #1403)asyncifyed function's callback being caught by the underlying Promise (#1408)queue.empty()(#1367)v2.3.0Compare Source
asyncfunctions. Wherever you can pass a Node-style/CPS function that uses a callback, you can also pass anasyncfunction. Previously, you had to wrapasyncfunctions withasyncify. The caveat is that it will only work ifasyncfunctions are supported natively in your environment, transpiled implementations can't be detected. (#1386, #1390)v2.2.0Compare Source
groupBy, and theSeries/Limitequivalents, analogous to_.groupBy(#1364)transformbug whencallbackwas not passed (#1381)reflecttoparalleldocs (#1385)v2.1.5Compare Source
autobug when function names collided with Array.prototype (#1358)some,everyandfindwhere processing would continue after the result was determined.some,everyandfindv2.1.4Compare Source
v2.1.2Compare Source
detect,some,everyon large inputs (#1293).v2.1.1Compare Source
v2.1.0Compare Source
retryandretryablenow support an optionalerrorFilterfunction that determines if thetaskshould retry on the error (#1256, #1261)race,cargo,queue, andpriorityQueue(#1253)v2.0.1Compare Source
each,map,filter, etc (#1245, #1246, #1247).v2.0.0Compare Source
Lots of changes here!
First and foremost, we have a slick new site for docs. Special thanks to @hargasinski for his work converting our old docs to
jsdocformat and implementing the new website. Also huge ups to @ivanseidel for designing our new logo. It was a long process for both of these tasks, but I think these changes turned out extraordinary well.The biggest feature is modularization. You can now
require("async/series")to only require theseriesfunction. Every Async library function is available this way. You still canrequire("async")to require the entire library, like you could do before.We also provide Async as a collection of ES2015 modules. You can now
import {each} from 'async-es'orimport waterfall from 'async-es/waterfall'. If you are using only a few Async functions, and are using a ES bundler such as Rollup, this can significantly lower your build size.Major thanks to @Kikobeats, @aearly and @megawac for doing the majority of the modularization work, as well as @jdalton and @Rich-Harris for advisory work on the general modularization strategy.
Another one of the general themes of the 2.0 release is standardization of what an "async" function is. We are now more strictly following the node-style continuation passing style. That is, an async function is a function that:
There were several cases where Async accepted some functions that did not strictly have these properties, most notably
auto,every,some,filter,rejectanddetect.Another theme is performance. We have eliminated internal deferrals in all cases where they make sense. For example, in
waterfallandauto, there was asetImmediatebetween each task -- these deferrals have been removed. AsetImmediatecall can add up to 1ms of delay. This might not seem like a lot, but it can add up if you are using many Async functions in the course of processing a HTTP request, for example. Nearly all asynchronous functions that do I/O already have some sort of deferral built in, so the extra deferral is unnecessary. The trade-off of this change is removing our built-in stack-overflow defense. Many synchronous callback calls in series can quickly overflow the JS call stack. If you do have a function that is sometimes synchronous (calling its callback on the same tick), and are running into stack overflows, wrap it withasync.ensureAsync().Another big performance win has been re-implementing
queue,cargo, andpriorityQueuewith doubly linked lists instead of arrays. This has lead to queues being an order of magnitude faster on large sets of tasks.New Features
require()d from the main package. (require('async/auto')) (#984, #996)async-espackage. (import {forEachSeries} from 'async-es') (#984, #996)race, analogous toPromise.race(). It will run an array of async tasks in parallel and will call its callback with the result of the first task to respond. (#568, #1038)each,map,parallel, etc.. (#579, #839, #1074)mapValues, for mapping over the properties of an object and returning an object with the same keys. (#1157, #1177)timeout, a wrapper for an async function that will make the task time-out after the specified time. (#1007, #1027)reflectandreflectAll, analagous toPromise.reflect(), a wrapper for async tasks that always succeeds, by gathering results and errors into an object. (#942, #1012, #1095)constantsupports dynamic arguments -- it will now always use its last argument as the callback. (#1016, #1052)setImmediateandnextTicknow support arguments to partially apply to the deferred function, like the node-native versions do. (#940, #1053)autonow supports resolving cyclic dependencies using Kahn's algorithm (#1140).autoInject, a relative ofautothat automatically spreads a task's dependencies as arguments to the task function. (#608, #1055, #1099, #1100)autotasks. (#635, #637)retryable, a relative ofretrythat wraps an async function, making it retry when called. (#1058)retrynow supports specifying a function that determines the next time interval, useful for exponential backoff, logging and other retry strategies. (#1161)retrywill now pass all of the arguments the task function was resolved with to the callback (#1231).q.unsaturated-- callback called when aqueue's number of running workers falls below a threshold. (#868, #1030, #1033, #1034)q.error-- a callback called whenever aqueuetask calls its callback with an error. (#1170)applyEachandapplyEachSeriesnow pass results to the final callback. (#1088)Breaking changes
waterfall. If you were relying on this behavior, you should more accurately represent your control flow as an event emitter or stream. (#814, #815, #1048, #1050)autotask functions now always take the callback as the last argument. If a task has dependencies, theresultsobject will be passed as the first argument. To migrate old task functions, wrap them with_.flip(#1036, #1042)setImmediatecalls have been refactored away. This may make existing flows vulnerable to stack overflows if you use many synchronous functions in series. UseensureAsyncto work around this. (#696, #704, #1049, #1050)mapused to return an object when iterating over an object.mapnow always returns an array, like in other libraries. The previous object behavior has been split out intomapValues. (#1157, #1177)filter,reject,some,every,detectand their families like{METHOD}Seriesand{METHOD}Limitnow expect an error as the first callback argument, rather than just a simple boolean. Passnullas the first argument, or usefs.accessinstead offs.exists. (#118, #774, #1028, #1041){METHOD}and{METHOD}Seriesare now implemented in terms of{METHOD}Limit. This is a major internal simplification, and is not expected to cause many problems, but it does subtly affect how functions execute internally. (#778, #847)retry's callback is now optional. Previously, omitting the callback would partially apply the function, meaning it could be passed directly as a task toseriesorauto. The partially applied "control-flow" behavior has been separated out intoretryable. (#1054, #1058)whilst,until, andduringused to be passed non-error args from the iteratee function's callback, but this led to weirdness where the first call of the test function would be passed no args. We have made it so the test function is never passed extra arguments, and only thedoWhilst,doUntil, anddoDuringfunctions pass iteratee callback arguments to the test function (#1217, #1224)q.tasksarray has been renamedq._tasksand is now implemented as a doubly linked list (DLL). Any code that used to interact with this array will need to be updated to either use the provided helpers or support DLLs (#1205).q.saturated()callback in aqueuehas been modified to better reflect when tasks pushed to the queue will start queueing. (#724, #1078)iteratormethod in favour of ES2015 iterator protocol which natively supports arrays (#1237)Bug Fixes
auto&autoInject(#1147).asyncifywithPromisescould resolve twice (#1197).Other
someSeriesandeverySeriesfor symmetry, as well as a complete set ofany/anyLimit/anySeriesandall//allLmit/allSeriesaliases.findas an alias fordetect. (as well asfindLimitandfindSeries`).Thank you @aearly and @megawac for taking the lead on version 2 of async.
v2.0.0-rc.6Compare Source
v2.0.0-rc.5Compare Source
expressjs/body-parser
v1.20.2Compare Source
===================
v1.20.1Compare Source
===================
v1.20.0Compare Source
===================
strictevalusage withFunctionconstructorprocessto check for listenersv1.19.2Compare Source
===================
__proto__keysv1.19.1Compare Source
===================
v1.19.0Compare Source
===================
pb) supportthrowon invalid typev1.18.3Compare Source
===================
v1.18.2Compare Source
===================
v1.18.1Compare Source
===================
v1.18.0Compare Source
===================
bodyproperty on verify errorstypeproperty on all generated errorshttp-errorsto set status code on errorsBufferloadinghttp-errorsfor standard emitted errorsthrowwhen missing charsetv1.17.2Compare Source
===================
DEBUG_MAX_ARRAY_LENGTHv1.17.1Compare Source
===================
[v1.17.0Compare Source
===================
messageproperty enumerable forHttpErrorsv1.16.1Compare Source
===================
DEBUG_FDset to1or2v1.16.0Compare Source
===================
DEBUG_FDenvironment variablev1.15.2Compare Source
===================
setprototypeofmodule to replace__proto__settingexpressjs/express
v4.18.2Compare Source
===================
v4.18.1Compare Source
===================
v4.18.0Compare Source
===================
res.downloadoptionswithoutfilenameinres.downloadres.statusnull/undefinedasmaxAgeinres.cookieObject.prototypevalues in settings throughapp.set/app.getdefaultwith same arguments as types inres.formatres.sendhttp-errorsforres.formaterrorstrictpriorityoptionexpiresoption to reject invalid datesevalusage withFunctionconstructorprocessto check for listeners425 Unordered Collectionto standard425 Too Earlyv4.17.3Compare Source
===================
__proto__keysv4.17.2Compare Source
===================
undefinedinres.jsonpundefinedwhen"json escape"is enabledRegExpsres.jsonp(obj, status)deprecation messageres.isJSDocmaxAgeoption to reject invalid valuesreq.socketover deprecatedreq.connectionv4.17.1Compare Source
===================
null/undefinedtores.status"v4.17.0Compare Source
===================
express.rawto parse bodies intoBufferexpress.textto parse bodies into stringres.sendFilenull/undefinedtores.statusX-Forwarded-Hostpb) supportSameSite=NonesupportContent-Security-Policyheaderpath.normalizecall103 Early Hintsthrowon invalid typev4.16.4Compare Source
===================
"Request aborted"may be logged inres.sendfileRouterconstructorv4.16.3Compare Source
===================
%as last characterv4.16.2Compare Source
===================
TypeErrorinres.sendwhen givenBufferandETagheader setX-Forwarded-Protoheaderv4.16.1Compare Source
===================
rootis incorrectly set to a filev4.16.0Compare Source
===================
"json escape"setting forres.jsonandres.jsonpexpress.jsonandexpress.urlencodedto parse bodiesoptionsargument tores.downloadBufferencoding when not generating ETag for small responsesafe-bufferfor improved Buffer APIres.headersSentwhen availableRegExpX-Forwarded-ForX-Forwarded-Forheaderimmutableoption</html>in default error & redirectsimmutableoption.charsetset inres.jsonpv4.15.5Compare Source
===================
If-None-Matchtoken parsingIf-Matchtoken parsingv4.15.4Compare Source
===================
Bufferloadingv4.15.3Compare Source
===================
res.setcannot add charset toContent-TypeDEBUG_MAX_ARRAY_LENGTH</html>in HTML documentv4.15.2Compare Source
===================
[v4.15.1Compare Source
===================
Date.parsedoes not returnNaNon invalid dateDate.parsedoes not returnNaNon invalid datev4.15.0Compare Source
===================
next("router")to exit from routerrouter.useskipped requests routes did notres._headersprivate fieldreq.urlis not set%oin path debug to tell types apartObject.createto setup request & response prototypessetprototypeofmodule to replace__proto__settingstatusesinstead ofhttpmodule for status messagesDEBUG_FDenvironment variable set to3or highererrcannot be converted to a stringContent-Security-Policy: default-src 'self'headerno-cacherequest directiveIf-None-Matchhas both*and ETagsETagmatching to match specIf-None-Matchwhen noETagheaderDate.parseinstead ofnew Dateno-cacherequest directiveIf-None-Matchhas both*and ETagsETagmatching to match specres._headersprivate fieldIf-MatchandIf-Unmodified-Sinceheadersres.getHeaderNames()when availableres.headersSentwhen availableno-cacherequest directiveIf-None-Matchhas both*and ETagsETagmatching to match specres._headersprivate fieldIf-MatchandIf-Unmodified-Sinceheadersres.getHeaderNames()when availableres.headersSentwhen available*routereq.ipsperformancev4.14.1Compare Source
===================
err.headersis not an objectv4.14.0Compare Source
===================
acceptRangesoption tores.sendFile/res.sendfilecacheControloption tores.sendFile/res.sendfileoptionsargument toreq.rangecombineoptionres.location/res.redirectif not already encodedres.sendFile/res.sendfilereq.get()res.json/res.jsonpin most casesRangeheader handling inres.sendFile/res.sendfileAcceptparsingAcceptparameters with quoted equalsAcceptparameters with quoted semicolonssameSiteoptionMax-Ageto never be a floating point numberencodeis not a functionexpiresis not aDateserializeerr.statusCodeiferr.statusis invaliderr.headersobjectstatusesinstead ofhttpmodule for status messagesConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.