build(deps): bump the npm_and_yarn group across 4 directories with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
deep-object-diff	1.1.7	1.1.9
immer	9.0.16	10.1.1
vite	2.9.15	2.9.18
node-fetch	3.2.10	3.3.0
undici	5.12.0	5.28.4
express	4.18.2	4.19.2
fast-jwt	3.1.1	3.3.2
minimatch	6.1.6	9.0.4
zod	3.21.4	3.22.3

Bumps the npm_and_yarn group with 3 updates in the /examples/standard-nextjs directory: async, next and postcss.
Bumps the npm_and_yarn group with 2 updates in the /packages/console directory: immer and vite.
Bumps the npm_and_yarn group with 4 updates in the /packages/sst directory: immer, undici, fast-jwt and minimatch.

Updates deep-object-diff from 1.1.7 to 1.1.9

Release notes

Sourced from deep-object-diff's releases.

v1.1.9

Vulnerability patch

Details outlined here: #85. TLDR: The prototype of the returned diff object could be polluted but not globally on all objects.

Fix: mattphillips/deep-object-diff#87

Thanks @​Retr02332 for highlighting the issue and validating the fix.

This vulnerability was introduced in https://github.com/mattphillips/deep-object-diff/releases/tag/v1.1.6

v1.1.8

Patch

• Fix typings resolution when using TypeScript 4.7+ with ESM #83
• improve return type for detailedDiff #72

Credits

Thanks @​Nitive and @​icholy for your PRs

Commits

• See full diff in compare view

Updates immer from 9.0.16 to 10.1.1

Release notes

Sourced from immer's releases.

v10.1.1

10.1.1 (2024-04-27)

Bug Fixes

• export lost types (#1116) (5a8f6e7)
• Make applyPatches to accept readonly Patch[] (#1094) (4da2e0d)

v10.1.0

10.1.0 (2024-04-27)

Features

• performance: Make non-strict mode faster for classes. Addresses #1071 (53e3203). Immer 10.x solved slow iteration for plain JS objects. This update applies the same handling to class instances. In cases this makes class instance handling 3 times faster. Note that this slightly modifies the behavior of Immer with classes in obscure corner cases, in ways that match current documentation, but do not match previous behavior. If you run into issues with this release icmw. class instances, use setUseStrictShallowCopy("class_only") to revert to the old behavior. For more details see https://immerjs.github.io/immer/complex-objects#semantics-in-detail

v10.0.4

10.0.4 (2024-03-09)

Bug Fixes

• Fix handling of Symbol and non-enumerable properties in finalization / freeze. Fixes #1096, #1087, #1091 (#1105)) (8949a3e)

v10.0.3

10.0.3 (2023-10-02)

Bug Fixes

• don't use .mjs file for react-native, which isn't supported by default. Fixes #1058 #1065 (#1075) (f6736a4)

v10.0.2

10.0.2 (2023-05-09)

Bug Fixes

• export Objectish type (#1043) (75e004d)
• Move index.js.flow from dist/ -> dist/cjs/ to match index.js (#1038) (a3b5603)

v10.0.1

10.0.1 (2023-04-17)

Bug Fixes

... (truncated)

Commits

• e2d222b docs: [Doc]: Update /zh-CN/ (#1067)
• 4da2e0d fix: Make applyPatches to accept readonly Patch[] (#1094)
• 073d634 chore: Fix typo in comment in common.ts (#1113)
• a3a7d0c chore(deps): bump express from 4.18.2 to 4.19.2 in /website (#1112)
• 5a8f6e7 fix: export lost types (#1116)
• 53e3203 feat(performance): Make non-strict mode faster for classes. Addresses #1071
• 511ccee introduce StrictMode enum
• 85a8f7b Introduce class_only strict mode setting
• 7f1b3b9 Merge branch 'main' into faster-unstrict-mode
• 9713677 chore: fix git ignore with watchman
• Additional commits viewable in compare view

Updates vite from 2.9.15 to 2.9.18

Changelog

Sourced from vite's changelog.

2.9.18 (2024-03-24)

• fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657
• fix: port #16250 to v2 (#16254) (011bbca), closes #16250 #16254
• release: v2.9.17 (bfc5649)

2.9.17 (2024-01-19)

• fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657

2.9.16 (2023-05-26)

• fix: port #13348 to v2, fs.deny with leading double slash (#13350) (7d8100a), closes #13348 #13350

Commits

• 5936352 release: v2.9.18
• 011bbca fix: port #16250 to v2 (#16254)
• bfc5649 release: v2.9.17
• 1f855dc fix: port #15653 to v2 (#15657)
• ea814d7 release: v2.9.16
• 7d8100a fix: port #13348 to v2, fs.deny with leading double slash (#13350)
• See full diff in compare view

Updates node-fetch from 3.2.10 to 3.3.0

Release notes

Sourced from node-fetch's releases.

v3.3.0

3.3.0 (2022-11-10)

Features

• add static Response.json (#1670) (55a4870)

Commits

• 55a4870 feat: add static Response.json (#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
• 6f72caa docs: fix missing comma in example (#1623)
• See full diff in compare view

Updates undici from 5.12.0 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

• Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
• Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

• CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

• fix: remove optional chainning for compatible with Nodejs12 and below by @​bugb in nodejs/undici#2470
• fix: remove node: prefix by @​tsctx in nodejs/undici#2471
• perf: avoid Headers initialization by @​tsctx in nodejs/undici#2468
• fix: handle SharedArrayBuffer correctly by @​tsctx in nodejs/undici#2466
• fix: Add null type to signal in RequestInit by @​gebsh in nodejs/undici#2455
• fix: correctly handle data URL with hashes. by @​tsctx in nodejs/undici#2475
• fix: check response for timinginfo allow flag by @​ToshB in nodejs/undici#2477
• Make call to onBodySent conditional in RetryHandler by @​MzUgM in nodejs/undici#2478
• refactor: better integrity check by @​tsctx in nodejs/undici#2462
• fix: Added support for inline URL username:password proxy auth by @​matt-way in nodejs/undici#2473
• build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @​dependabot in nodejs/undici#2472
• build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @​dependabot in nodejs/undici#2405
• build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @​dependabot in nodejs/undici#2396
• build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @​dependabot in nodejs/undici#2395
• build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @​dependabot in nodejs/undici#2392
• build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @​dependabot in nodejs/undici#2389
• build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @​dependabot in nodejs/undici#2302

New Contributors

• @​bugb made their first contribution in nodejs/undici#2470
• @​gebsh made their first contribution in nodejs/undici#2455
• @​ToshB made their first contribution in nodejs/undici#2477
• @​MzUgM made their first contribution in nodejs/undici#2478
• @​matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

• perf: Improve normalizeMethod by @​tsctx in nodejs/undici#2456
• fix: dispatch error handling by @​ronag in nodejs/undici#2459

... (truncated)

Commits

• fb98306 Bumped v5.28.4
• 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
• 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
• 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
• 0e9d54b skip failing test due to Node.js changes
• e71cb4c Bumped v5.28.3
• 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
• 8ec52cd Fix tests for Node.js v21 (#2609)
• d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
• 9a14e5f Bumped v5.28.2
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates fast-jwt from 3.1.1 to 3.3.2

Release notes

Sourced from fast-jwt's releases.

v3.3.2

What's Changed

• [OPTIC-RELEASE-AUTOMATION] release/v3.3.1 by @​optic-release-automation in nearform/fast-jwt#390
• fix: add missingRequiredClaim to TokenValidationErrorCode by @​TimLehner in nearform/fast-jwt#403
• fix(typescript): fix typescript type DecodedJwt by @​qoomon in nearform/fast-jwt#407

New Contributors

• @​TimLehner made their first contribution in nearform/fast-jwt#403
• @​qoomon made their first contribution in nearform/fast-jwt#407

Full Changelog: nearform/fast-jwt@v3.3.1...v3.3.2

v3.3.1

What's Changed

• [OPTIC-RELEASE-AUTOMATION] release/v3.3.0 by @​optic-release-automation in nearform/fast-jwt#382
• fix: removed pre publish step by @​williamlines in nearform/fast-jwt#385

Full Changelog: nearform/fast-jwt@v3.3.0...v3.3.1

v3.3.0

What's Changed

• [OPTIC-RELEASE-AUTOMATION] release/v3.2.0 by @​optic-release-automation in nearform/fast-jwt#367
• chore(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @​dependabot in nearform/fast-jwt#371
• chore: drop support for Node 14 by @​simoneb in nearform/fast-jwt#378
• perf: use node: prefix to bypass require.cache call for builtins by @​Fdawgs in nearform/fast-jwt#375
• Allow expiresIn to be a string by @​felixmosh in nearform/fast-jwt#376

New Contributors

• @​Fdawgs made their first contribution in nearform/fast-jwt#375
• @​felixmosh made their first contribution in nearform/fast-jwt#376

Full Changelog: nearform/fast-jwt@v3.2.0...v3.3.0

v3.2.0

What's Changed

• [OPTIC-RELEASE-AUTOMATION] release/v3.1.1 by @​optic-release-automation in nearform/fast-jwt#345
• chore(deps-dev): bump @​sinonjs/fake-timers from 10.2.0 to 11.0.0 by @​dependabot in nearform/fast-jwt#346
• chore: update dependabot config by @​williamlines in nearform/fast-jwt#349
• chore(deps-dev): bump prettier from 2.8.8 to 3.0.0 by @​dependabot in nearform/fast-jwt#353
• support notBefore and expiresIn as strings by @​relvao in nearform/fast-jwt#364

New Contributors

• @​williamlines made their first contribution in nearform/fast-jwt#349
• @​relvao made their first contribution in nearform/fast-jwt#364

Full Changelog: nearform/fast-jwt@v3.1.1...v3.2.0

Commits

• 6604166 Release v3.3.2
• 15a6e92 Merge pull request from GHSA-c2ff-88x2-x9pg
• a5ef39b fix(typescript): fix typescript type DecodedJwt (#407)
• 4d8c66f fix: add missingRequiredClaim to TokenValidationErrorCode (#403)
• 52e94dd Release v3.3.1 (#390)
• 05b02d7 fix: removed pre publish step (#385)
• 0fd4664 Release v3.3.0 (#382)
• 7b3d317 Allow expiresIn to be a string (#376)
• f836ce1 perf: use node: prefix to bypass require.cache call for builtins (#375)
• 6e5242b chore: drop support for Node 14 (#378)
• Additional commits viewable in compare view

Updates minimatch from 6.1.6 to 9.0.4

Changelog

Sourced from minimatch's changelog.

change log

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

• Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

• Add nocaseMagicOnly flag

6.1

... (truncated)

Commits

• cb4be48 9.0.4
• c091ce2 build with tshy, update tap
• 87c8677 fix: override with fastTest as property on regex object
• ef8f267 add github link to typedocs
• 05b464d ci: remove node 14 from matrix
• f8b46a3 9.0.3
• f617a2a fix typo
• 402b059 update deps
• b7bd6d6 9.0.2
• 37f6df6 Prevent dots only at the start of repeat patterns
• Additional commits viewable in compare view

Updates zod from 3.21.4 to 3.22.3

Release notes

Sourced from zod's releases.

v3.22.3

Commits:

• 1e23990bcdd33d1e81b31e40e77a031fcfd87ce1 Commit
• 9bd3879b482f139fd03d5025813ee66a04195cdd docs: remove obsolete text about readonly types (#2676)
• f59be093ec21430d9f32bbcb628d7e39116adf34 clarify datetime ISO 8601 (#2673)
• 64dcc8e2b16febe48fa8e3c82c47c92643e6c9e3 Update sponsors
• 18115a8f128680b4526df58ce96deab7dce93b93 Formatting
• 28c19273658b164c53c149785fa7a8187c428ad4 Update sponsors
• ad2ee9ccf723c4388158ff6b8669c2a6cdc85643 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
• ae0f7a2c15e7741ee1b23c03a3bfb9acebd86551 docs: update ref to discriminated-unions docs (#2485)
• 2ba00fe2377f4d53947a84b8cdb314a63bbd6dd4 [2609] fix ReDoS vulnerability in email regex (#2824)
• 1e61d76cdec05de9271fc0df58798ddf9ce94923 3.22.3

v3.22.2

Commits:

• 13d9e6bda286cbd4c1b177171273695d8309e5de Fix lint
• 0d49f10b3c25a8e4cbb6534cc0773b195c56d06d docs: add typeschema to ecosystem (#2626)
• 8e4af7b56df6f2e3daf0dd825b986f1d963025ce X to Zod: add app.quicktype.io (#2668)
• 792b3ef0d41c144cd10641c6966b98dae1222d82 Fix superrefine types

v3.22.1

Commits:

Fix handing of this in ZodFunction schemas. The parse logic for function schemas now requires the Reflect API.

const methodObject = z.object({
  property: z.number(),
  method: z.function().args(z.string()).returns(z.number()),
});
const methodInstance = {
  property: 3,
  method: function (s: string) {
    return s.length + this.property;
  },
};
const parsed = methodObject.parse(methodInstance);
parsed.method("length=8"); // => 11 (8 length + 3 property)

• 932cc472d2e66430d368a409b8d251909d7d8d21 Initial prototype fix for issue #2651 (#2652)
• 0a055e726ac210ef6efc69aa70cd2491767f6060 3.22.1

v3.22.0

ZodReadonly

This release introduces ZodReadonly and the .readonly() method on ZodType.

... (truncated)

Commits

• 1e61d76 3.22.3
• 2ba00fe [2609] fix ReDoS vulnerability in email regex (#2824)
• ae0f7a2 docs: update ref to discriminated-unions docs (#2485)
• ad2ee9c 2718 Updated Custom Schemas documentation example to use type narrowing (#2778)
• 28c1927 Update sponsors
• 18115a8 Formatting
• 64dcc8e Update sponsors
• f59be09 clarify datetime ISO 8601 (#2673)
• 9bd3879 docs: remove obsolete text about readonly types (#2676)
• 1e23990 Commit
• Additional commits viewable in compare view

Updates async from 3.2.4 to 3.2.5

Changelog

Sourced from async's changelog.

v3.2.5

• Ensure Error objects such as AggregateError are propagated without modification (#1920)

Commits

• 87e94e6 Version 3.2.5
• 44ed0fb Update built files
• af02a3d work around compiler quirk
• 3c7a711 path to config file
• 91fd894 requireConfigFile: false
• 0412f8d Ensure error objects are propagated without modification (#1920)
• ab3c56a Update .eslintrc.json to use es2021
• 8610499 Run lint on node 20
• ffd4cfb Run coverage on node 20
• 253f5dc Update Node version matrix in CI
• Additional commits viewable in compare view

Updates next from 13.5.3 to 14.2.3

Release notes

Sourced from next's releases.

v14.2.3

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix: resolve mixed re-exports module as cjs (#64681)
• fix: mixing namespace import and named import client components (#64809)
• Fix mixed exports in server component with barrel optimization (#64894)
• Fix next/image usage in mdx(#64875)
• fix(fetch-cache): fix additional typo, add type & data validation (#64799)
• prevent erroneous route interception during lazy fetch (#64692)
• fix root page revalidation when redirecting in a server action (#64730)
• fix: remove traceparent from cachekey should not remove traceparent from original object (#64727)
• Clean-up fetch metrics tracking (#64746)

Credits

Huge thanks to @​huozhi, @​samcx, @​ztanner, @​Jeffrey-Zutt, and @​ijjk for helping!

v14.2.2

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix Server Action error logs for unhandled POST requests (#64315)
• Improve rendering performance (#64408)
• Fix the method prop case in Server Actions transform (#64398)
• fix(next-lint): update option --report-unused-disable-directives to --report-unused-disable-directives-severity (#64405)
• tweak test for Azure (#64424)
• router restore should take priority over pending actions (#64449)
• Fix client boundary inheritance for barrel optimization (#64467)
• improve turborepo caching (#64493)
• feat: strip traceparent header from cachekey (#64499)
• Fix more Turbopack build tests
• Update lockfile for compatibility with turbo (#64360)
• Fix typo in dynamic-rendering.ts (#64365)
• Fix DynamicServerError not being thrown in fetch (#64511)
• fix(next): Metadata.openGraph values not resolving basic values when type is set (#63620)
• disable production chunking in dev (#64488)
• Fix cjs client components tree-shaking (#64558)
• fix refresh behavior for discarded actions (#64532)
• fix: filter out middleware requests in logging (#64549)
• Turbopack: Allow client components to be imported in app routes (#64520)
• Fix ASL bundling for dynamic css (#64451)
• add pathname normalizer for actions (#64592)
• fix incorrect refresh request when basePath is set (#64589)
• test: skip turbopack build test (#64356)
• hotfix(turbopack): Update with patch for postcss.config.js path resolution on Windows (#64677)

... (truncated)

Commits

• 2e7a96a v14.2.3
• a230be4 Clean-up fetch metrics tracking (#64746)
• 73c2d63 fix: remove traceparent from cachekey should not remove traceparent from orig...
• dd44191 fix root page revalidation when redirecting in a server action (#64730)
• 8b4c234 prevent erroneous route interception during lazy fetch (#64692)
• d6a7ca0 fix(fetch-cache): fix additional typo, add type & data validation (#64799)
• 4a6b511 Fix next/image usage in mdx (#64875)
• 04cc13c Fix mixed exports in server component with barrel optimization (#64894)
• 8d01d49 fix: mixing namespace import and named import client components (#64809)
• de84e3a Fix: resolve mixed re-exports module as cjs (#64681)
• Additional commits viewable in compare view

Updates postcss from 8.4.30 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

Changelog

Sourced from postcss's changelog.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

Commits

• a69d45e Release 8.4.38 version
• 64e35d9 Update dependencies
• c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
• b45e7e9 fix endIndex
• 1bea246 failing test: for endIndex 0 in rangeBy
• 0fd1d86 Add changelog auto release on Github
• 49c906e Release 8.4.37 version
• b5bd92c Fix another broken prev source map issue
• 2882039 Update dependencies
• e5ad939 Release 8.4.36 version
• Additional commits viewable in compare view

Updates immer from 9.0.21 to 10.1.1

Release notes

Sourced from immer's releases.

v10.1.1

10.1.1 (2024-04-27)

Bug Fixes

• export lost types (#1116) (5a8f6e7)
• Make applyPatches to accept readonly Patch[] (