Bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
electron	27.1.0	40.10.1
webpack-dev-server	5.2.0	5.2.4
@xmldom/xmldom	0.8.10	0.8.13
brace-expansion	1.1.11	5.0.6
ip-address	9.0.5	10.2.0
lodash	4.17.21	4.18.1
picomatch	2.3.1	4.0.4
serialize-javascript	6.0.2	7.0.5
tar	6.2.1	7.5.15

Updates electron from 27.1.0 to 40.10.1

Release notes

Sourced from electron's releases.

electron v40.10.1

Release Notes for v40.10.1

Other Changes

• Backported a batch of upstream fixes for memory-safety and validation issues across media, GPU, networking, accessibility, compositing and the ANGLE GL backend. #51671
• Backported fixes for several use-after-free and object-lifetime issues in input, UI, Aura, HID and file-system teardown paths, and a runtime-effect validation gap in Skia. #51648
• Security: backported 20 High-severity fixes from Chrome 148 stable release. #51618

electron v40.10.0

Release Notes for v40.10.0

Fixes

• Fixed app.getLoginItemSettings() returning undefined for executableWillLaunchAtLogin on macOS; the property is now always a boolean. #51509 (Also in 41, 42)

Other Changes

• Updated Node.js to v24.15.0. #51087

electron v40.9.3

Release Notes for v40.9.3

Fixes

• Ensured cross-origin fetch() and XHR are blocked for custom protocols registered with supportFetchAPI: true unless corsEnabled: true is also set; cross-origin mode: 'no-cors' requests now receive an opaque response. #51271 (Also in 39, 41, 42)
• Fixed webContents.printToPDF rejecting on all subsequent calls after a prior call was rejected with an invalid pageRanges value. #51220 (Also in 41, 42)
• Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback. #51364 (Also in 41, 42)
• Fixed a crash that could occur when an autofill suggestion popup was shown while a window was closing. #51334 (Also in 41, 42)
• Fixed an issue where app-region: drag inside a hidden WebContentsView would still drag the parent window on Windows. #51247 (Also in 41, 42)
• Fixed an issue where an Electron macOS update would not be applied if another app was previously blocking the macOS system update loop. #51211 (Also in 41, 42)
• Fixed buggy behavior where Backspace would accept macOS text replacements inside contenteditable elements. #51345 (Also in 41, 42)

Other Changes

• Backported a fix for route_id validation in the GPU command buffer. #51320
• Backported security fixes for 493319454, 494158331, 493234757, 492736100, 493413432, 492668885, 496281816. #51258
• Backported several fixes in Skia, ANGLE, and WebRTC from upstream. #51265

electron v40.9.2

Release Notes for v40.9.2

Fixes

• Fixed an issue where nodeIntegrationInWorker didn't always work in AudioWorklet. #51004 (Also in 41, 42)
• Fixed bug that could occasionally cause browserWindow's always-on-top-changed even to fire with incorrect values. #51134 (Also in 41, 42)
• Fixed test scaffolding bug when running tests locally on Linux. #51151 (Also in 41, 42)

Other Changes

• Fixed gn gen failing to resolve electron_version when building from a git worktree checkout. #51164 (Also in 39, 41, 42)
• Security: backported fixes for CVE-2026-6297, CVE-2026-6299, CVE-2026-6358, CVE-2026-6359, CVE-2026-6300, CVE-2026-6303, CVE-2026-6308, CVE-2026-6309, CVE-2026-6360, CVE-2026-6311, CVE-2026-6313, CVE-2026-6314, CVE-2026-6316, CVE-2026-6362, CVE-2026-6301, CVE-2026-6307, CVE-2026-6363, CVE-2026-6298, CVE-2026-6304, CVE-2026-6364, CVE-2026-6296, CVE-2026-6305, CVE-2026-6306, CVE-2026-6361, CVE-2026-6302, CVE-2026-6318. #51139

... (truncated)

Commits

• 0ba898f fix: don't let tests hang for an hour (#51687)
• 23d8ece fix: skip current instance's child processes in Windows orphan killer (#51683)
• b687fe8 chore: cherry-pick 20 changes from chromium, angle (40-x-y) (#51671)
• fbe40a8 chore: cherry-pick 7 changes from chromium, skia (40-x-y) (#51648)
• cda7083 test: wait for navigation to settle in loadURL tests (#51641)
• 8455e0d chore: cherry-pick 20 security fixes for 40-x-y (#51618)
• 064f0e2 test: make sure there are no orphaned electron processes running (#51585)
• 08f4bb8 ci: pin Homebrew version in CI runs (#51555)
• cdecff0 chore: use oxfmt and oxlint in 40-x-y (#51500)
• c9e5205 ci: skip job in rerun apply patches if too old (#51525)
• Additional commits viewable in compare view

Updates webpack-dev-server from 5.2.0 to 5.2.4

Release notes

Sourced from webpack-dev-server's releases.

v5.2.4

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

v5.2.3

5.2.3 (2026-01-12)

Bug Fixes

• add cause for errorObject (#5518) (37b033d)
• compatibility with event target and universal target and lazy compilation (574026c)
• overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
• progress indicator styles (#5557) (41a53a1)
• upgrade selfsigned to v5

v5.2.2

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

v5.2.1

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

Changelog

Sourced from webpack-dev-server's changelog.

5.2.4 (2026-05-11)

Bug Fixes

• set Cross-Origin-Resource-Policy header to prevent source code theft over HTTP

5.2.3 (2026-01-12)

Bug Fixes

• add cause for errorObject (#5518) (37b033d)
• compatibility with event target and universal target and lazy compilation (574026c)
• overlay: add ESC key to dismiss overlay (#5598) (f91baa8)
• progress indicator styles (#5557) (41a53a1)
• upgrade selfsigned to v5

5.2.2 (2025-06-03)

Bug Fixes

• "Overlay enabled" false positive (18e72ee)
• do not crush when error is null for runtime errors (#5447) (309991f)
• remove unnecessary header X_TEST (#5451) (64a6124)
• respect the allowedHosts option for cross-origin header check (#5510) (03d1214)

5.2.1 (2025-03-26)

Security

• cross-origin requests are not allowed unless allowed by Access-Control-Allow-Origin header
• requests with an IP addresses in the Origin header are not allowed to connect to WebSocket server unless configured by allowedHosts or it different from the Host header

The above changes may make the dev server not work if you relied on such behavior, but unfortunately they carry security risks, so they were considered as fixes.

Bug Fixes

• prevent overlay for errors caught by React error boundaries (#5431) (8c1abc9)
• take the first network found instead of the last one, this restores the same behavior as 5.0.4 (#5411) (ffd0b86)

Commits

• fd40130 chore(release): 5.2.4
• ece4f36 chore: update deps (#5661)
• a216144 ci: fix test (#5658)
• df073c5 Merge commit from fork
• b550a70 chore(release): 5.2.3
• 9704dc5 chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)
• 92bf644 chore: bump express to update qs (#5621)
• 792b2f0 chore(deps-dev): bump the dependencies group with 4 updates (#5606)
• 6d587ca chore(deps): bump the dependencies group across 1 directory with 27 updates (...
• f91baa8 fix(overlay): add ESC key to dismiss overlay (#5598)
• Additional commits viewable in compare view

Updates @babel/plugin-transform-modules-systemjs from 7.25.0 to 7.25.9

Release notes

Sourced from @​babel/plugin-transform-modules-systemjs's releases.

v7.25.9 (2024-10-22)

Thanks @​victorenator for your first PR!

🐛 Bug Fix

• babel-parser, babel-template, babel-types
  • #16905 fix: Keep type annotations in syntacticPlaceholders mode (@​liuxingbaoyu)
• babel-helper-compilation-targets, babel-preset-env
  • #16907 fix: support BROWSERSLIST{,_CONFIG} env (@​JLHwung)
• Other
  • #16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@​victorenator)

🏠 Internal

• babel-helper-transform-fixture-test-runner
  • #16914 remove test options flaky (@​JLHwung)
• Every package
  • #16917 fix: Accidentally published tsconfig files (@​liuxingbaoyu)

🏃‍♀️ Performance

• babel-parser, babel-types
  • #16918 perf: Make VISITOR_KEYS etc. faster to access (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Viktar Vaŭčkievič (@​victorenator)
• @​liuxingbaoyu

v7.25.8 (2024-10-10)

🐛 Bug Fix

• babel-core
  • #16888 Restore public API of resolvePlugin/resolvePreset (@​nicolo-ribaudo)

🏠 Internal

• babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env
  • #16824 Inline one-line syntax plugins (@​nicolo-ribaudo)

Committers: 3

• Babel Bot (@​babel-bot)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.7 (2024-10-02)

Thanks @​DylanPiercey and @​YuHyeonWook for your first PRs!

🐛 Bug Fix

• babel-helper-validator-identifier
  • #16825 fix: update identifier to unicode 16 (@​JLHwung)

... (truncated)

Commits

• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
• b7dcfdd Simplify test fixtures (#16793)
• dba45d3 Ignore devDependencies when generating tsconfig.json (#16659)
• See full diff in compare view

Updates @xmldom/xmldom from 0.8.10 to 0.8.13

Release notes

Sourced from @​xmldom/xmldom's releases.

0.8.13

Commits

Fixed

• Security: XMLSerializer.serializeToString() (and Node.toString(), NodeList.toString()) now accept a requireWellFormed option (fourth argument, after isHtml and nodeFilter). When { requireWellFormed: true } is passed, the serializer throws InvalidStateError for injection-prone node content, preventing XML injection via attacker-controlled node data. GHSA-j759-j44w-7fr8 GHSA-x6wf-f3px-wcqx GHSA-f6ww-3ggp-fr8h
  • Comment: throws when data contains -->
  • ProcessingInstruction: throws when data contains ?>
  • DocumentType: throws when publicId fails PubidLiteral, systemId fails SystemLiteral, or internalSubset contains ]>
• Security: DOM traversal operations (XMLSerializer.serializeToString(), Node.prototype.normalize(), Node.prototype.cloneNode(true), Document.prototype.importNode(node, true), node.textContent getter, getElementsByTagName() / getElementsByTagNameNS() / getElementsByClassName() / getElementById()) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable RangeError. GHSA-2v35-w6hq-6mfw

Thank you, @​Jvr2022, @​praveen-kv, @​TharVid, @​decsecre583, @​tlsbollei, @​KarimTantawey, for your contributions

0.8.12

Commits

Fixed

• preserve trailing whitespace in ProcessingInstruction data [#962](https://github.com/xmldom/xmldom/issues/962) / [#42](https://github.com/xmldom/xmldom/issues/42)
• Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp
• Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

xmldom/xmldom#357

0.8.11

0.8.11

Fixed

• update ownerDocument when moving nodes between documents [#933](https://github.com/xmldom/xmldom/issues/933) / [#932](https://github.com/xmldom/xmldom/issues/932)

Thank you, @​shunkica, for your contributions

Changelog

Sourced from @​xmldom/xmldom's changelog.

0.8.13

Fixed

• Security: XMLSerializer.serializeToString() (and Node.toString(), NodeList.toString()) now accept a requireWellFormed option (fourth argument, after isHtml and nodeFilter). When { requireWellFormed: true } is passed, the serializer throws InvalidStateError for injection-prone node content, preventing XML injection via attacker-controlled node data. GHSA-j759-j44w-7fr8 GHSA-x6wf-f3px-wcqx GHSA-f6ww-3ggp-fr8h
  • Comment: throws when data contains -->
  • ProcessingInstruction: throws when data contains ?>
  • DocumentType: throws when publicId fails PubidLiteral, systemId fails SystemLiteral, or internalSubset contains ]>
• Security: DOM traversal operations (XMLSerializer.serializeToString(), Node.prototype.normalize(), Node.prototype.cloneNode(true), Document.prototype.importNode(node, true), node.textContent getter, getElementsByTagName() / getElementsByTagNameNS() / getElementsByClassName() / getElementById()) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable RangeError. GHSA-2v35-w6hq-6mfw

Thank you, @​Jvr2022, @​praveen-kv, @​TharVid, @​decsecre583, @​tlsbollei, @​KarimTantawey, for your contributions

0.9.9

Added

• implement ParentNode.children getter [#960](https://github.com/xmldom/xmldom/issues/960) / [#410](https://github.com/xmldom/xmldom/issues/410)

Fixed

• Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp
• Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp
• correctly traverse ancestor chain in Node.contains [#931](https://github.com/xmldom/xmldom/issues/931)

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

• updated dependencies

Thank you, @​stevenobiajulu, @​yoshi389111, @​thesmartshadow, for your contributions

0.8.12

Fixed

• preserve trailing whitespace in ProcessingInstruction data [#962](https://github.com/xmldom/xmldom/issues/962) / [#42](https://github.com/xmldom/xmldom/issues/42)

... (truncated)

Commits

• e5c1480 0.8.13
• 9611e20 style: drop unused import in test file
• dc4dff3 docs: add 0.8.13 changelog entry
• 842fa38 fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)
• aeff69f test: add normalize behavioral coverage to node.test.js
• cbdb0d7 fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)
• 0b543d3 test: assert namespace declarations are isolated between siblings in serializ...
• c007c51 refactor: migrate serializeToString to walkDOM
• 2bb3899 test: add serializeToString coverage for uncovered branches
• e69f38d refactor: migrate importNode to walkDOM
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by karfau, a new releaser for @​xmldom/xmldom since your current version.

Updates brace-expansion from 1.1.11 to 5.0.6

Release notes

Sourced from brace-expansion's releases.

v4.0.1

• fmt 5a5cc17
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 0b6a978

---

juliangruber/brace-expansion@v4.0.0...v4.0.1

v4.0.0

• feat: use string replaces instead of splits (#64) 278132b
• fmt dd72a59
• add tea.yaml 70e4c1b

juliangruber/brace-expansion@v3.0.0...v4.0.0

As a precaution to not risk breaking anything with 278132b, this is a new semver major release

v3.0.1

• pkg: publish on tag 3.x 3059c07
• fmt 8229e6f
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 15f9b3c

---

juliangruber/brace-expansion@v3.0.0...v3.0.1

v3.0.0

• Switch to ES Modules and balanced-match 3.0.0 (#62) c0360e8
• added jsdoc (#55) 68c0e37
• node 16 is EOL 9e781e9
• add standard 3494c4d
• use const and let (#57) dd5a4cb
• docs 6dad209
• remove test e3dd8ae
• ci: update node versions d23ede9
• docs: add @​lanodan to contributors 1eb3fa4
• docs 1e7c9cd
• switch from tape to test module (#60) 2520537
• Bump minimist from 1.2.5 to 1.2.6 (#59) 61a94f1
• Bump path-parse from 1.0.6 to 1.0.7 (#51) dc741cf
• docs: add back ci badge 8ee5626
• Add github actions, remove travis. Closes #52 (#53) 5c8756a
• CI: Drop unused sudo: false Travis directive (#50) 05978a7

juliangruber/brace-expansion@v2.0.1...v3.0.0

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

... (truncated)

Commits

• 46317b5 5.0.6
• c0b095b Merge commit from fork
• ec56020 Bump picomatch from 4.0.3 to 4.0.4 (#93)
• 8793901 5.0.5
• 9a02af5 Merge commit from fork
• daa71bc Bump tar from 7.5.10 to 7.5.11 (#92)
• 799e5f7 Bump tar from 7.5.9 to 7.5.10 (#90)
• 012c230 5.0.4
• 243c491 Fix handling of brackets. Closes #87
• 609f858 Correct incorrect brace-expansion import (#89)
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates fast-uri from 3.0.1 to 3.0.6

Release notes

Sourced from fast-uri's releases.

v3.0.6

What's Changed

• chore: simplify checks by @​gurgunday in fastify/fast-uri#123
• refactor(lib/schemes): remove useless assertions by @​Fdawgs in fastify/fast-uri#124
• build(dependabot): reduce npm updates to monthly by @​Fdawgs in fastify/fast-uri#125

Full Changelog: fastify/fast-uri@v3.0.5...v3.0.6

v3.0.5

What's Changed

• ensure node support since node 10 by @​Uzlopak in fastify/fast-uri#119

Full Changelog: fastify/fast-uri@v3.0.4...v3.0.5

v3.0.4

What's Changed

• style: remove trailing whitespace by @​Fdawgs in fastify/fast-uri#103
• docs(readme): update ci badge syntax by @​Fdawgs in fastify/fast-uri#105
• build(deps-dev): replace standard with neostandard by @​Fdawgs in fastify/fast-uri#106
• build(deps-dev): bump neostandard from 0.11.9 to 0.12.0 by @​dependabot in fastify/fast-uri#107
• build(deps-dev): add eslint, peer dep of neostandard by @​Fdawgs in fastify/fast-uri#108
• chore(package): add contribs and funding by @​Fdawgs in fastify/fast-uri#109
• docs(readme): grammar fixes by @​Fdawgs in fastify/fast-uri#111
• chore(package): grammar fix in desc by @​Fdawgs in fastify/fast-uri#112
• refactor(index): prefix unused param with underscore by @​Fdawgs in fastify/fast-uri#114
• perf(lib/utils): cache ipv4 regex by @​Fdawgs in fastify/fast-uri#115
• perf(index): use optional chaining by @​Fdawgs in fastify/fast-uri#113
• refactor: remove unused params by @​Fdawgs in fastify/fast-uri#110

Full Changelog: fastify/fast-uri@v3.0.3...v3.0.4

v3.0.3

What's Changed

• Correctly set license to BSD-3-Clause in package.json by @​mcollina in fastify/fast-uri#102

New Contributors

• @​mcollina made their first contribution in fastify/fast-uri#102

Full Changelog: fastify/fast-uri@v3.0.2...v3.0.3

v3.0.2

What's Changed

• use tape by @​gurgunday in fastify/fast-uri#95
• perf(index): merge concurrent array.push calls by @​Fdawgs in fastify/fast-uri#97
• build(deps): bump fastify/workflows from 4.2.1 to 5.0.0 by @​dependabot in fastify/fast-uri#98
• fix: properly parse userinfo in uri by @​zekth in fastify/fast-uri#101

... (truncated)

Commits

• d40b400 v3.0.6
• 6e824ad build(dependabot): reduce npm updates to monthly (#125)
• fb3f219 refactor(lib/schemes): remove useless assertions (#124)
• 0c6b8f2 simplify checks (#123)
• a045145 3.0.5
• 1d4278a fix: ensure node support since node 10 (#119)
• 4f6922a 3.0.4
• bbcf839 refactor: remove unused params (#110)
• 70f9356 perf(index): use optional chaining (#113)
• 3f27cca perf(lib/utils): cache ipv4 regex (#115)
• Additional commits viewable in compare view

Updates flatted from 3.3.1 to 3.3.2

Commits

• e63f8c0 3.3.2
• 98c2404 Fix #81 - Removed published pycache from npm
• See full diff in compare view

Updates follow-redirects from 1.15.9 to 1.16.0

Commits

• 0c23a22 Release version 1.16.0 of the npm package.
• 844c4d3 Add sensitiveHeaders option.
• 5e8b8d0 ci: add Node.js 24.x to the CI matrix
• 7953e22 ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6
• 86dc1f8 Sanitizing input.
• 21ef28a Release version 1.15.11 of the npm package.
• 7c88135 Roll back tree shaking.
• 6e389ba Release version 1.15.10 of the npm package.
• 5bc496e Shake me up before you go-go.
• 694d6b4 Bump minimist from 1.2.5 to 1.2.8
• See full diff in compare view

Updates immutable from 4.3.7 to 5.0.3

Release notes

Sourced from immutable's releases.

v5.0.3

What's Changed

• Fix List.VNode.removeAfter() / removeBefore() issue on some particular case by @​alexvictoor in immutable-js/immutable-js#2030

New Contributors

• @​alexvictoor made their first contribution in immutable-js/immutable-js#2030

Full Changelog: immutable-js/immutable-js@v5.0.2...v5.0.3

v5.0.2

Changed

• Fix wrong path for esm module after fix in 5.0.1

Full Changelog: immutable-js/immutable-js@v5.0.1...v5.0.2

v5.0.1

What's Changed

Fixes

• Fix circular dependency issue with ESM build by @​iambumblehead in immutable-js/immutable-js#2035

Internal

• Upgrade TSTyche by @​mrazauskas in immutable-js/immutable-js#2034

Full Changelog: immutable-js/immutable-js@v5.0.0...v5.0.1

v5.0.0

Breaking changes

To sum up, the big change in 5.0 is a Typescript change related to Map that is typed closer to the JS object. This is a huge change for TS users, but do not impact the runtime behavior. (see Improve TypeScript definition for Map for more details)

Other breaking changes are:

[BREAKING] Remove deprecated methods:

Released in 5.0.0-rc.1

• Map.of('k', 'v'): use Map([ [ 'k', 'v' ] ]) or Map({ k: 'v' })
• Collection.isIterable: use isIterable directly
• Collection.isKeyed: use isKeyed directly
• Collection.isIndexed: use isIndexed directly
• Collection.isAssociative: use isAssociative directly
• Collection.isOrdered: use isOrdered directly

[BREAKING] OrdererMap and OrderedSet hashCode implementation has been fixed

... (truncated)

Changelog

Sourced from immutable's changelog.

[5.0.3]

• Fix List.VNode.removeAfter() / removeBefore() issue on some particular case #2030 by @​alexvictoor

[5.0.2]

• Fix wrong path for esm module after fix in 5.0.1

[5.0.1]

• Fix circular dependency issue with ESM build by @​iambumblehead in #2035 by @​iambumblehead

[5.0.0]

Breaking changes

To sum up, the big change in 5.0 is a Typescript change related to Map that is typed closer to the JS object. This is a huge change for TS users, but do not impact the runtime behavior. (see Improve TypeScript definition for Map for more details)

Other breaking changes are:

[BREAKING] Remove deprecated methods:

Released in 5.0.0-rc.1

• Map.of('k', 'v'): use Map([ [ 'k', 'v' ] ]) or Map({ k: 'v' })
• Collection.isIterable: use isIterable directly
• Collection.isKeyed: use isKeyed directly
• Collection.isIndexed: use isIndexed directly
• Collection.isAssociative: use isAssociative directly
• Collection.isOrdered: use isOrdered directly

[BREAKING] OrdererMap and OrderedSet hashCode implementation has been fixed

Released in 5.0.0-rc.1

Fix issue implementation of hashCode for OrdererMap and OrderedSet where equal objects might not return the same hashCode.

Changed in #2005

[BREAKING] Range function needs at least two defined parameters

Released in 5.0.0-beta.5

Range with undefined would end in an infinite loop. Now, you need to define at least the start and end values.

If you need an infinite range, you can use Range(0, Infinity).

Changed in #1967 by @​jdeniau

[Minor BC break] Remove default export

... (truncated)

Commits

• 0fc45d3 5....

  Description has been truncated