chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
axios	1.4.0	1.7.4
react-pdf	7.0.1	7.7.3
postcss	8.4.23	8.5.2
vite	4.3.5	4.5.9
semver	6.3.0	6.3.1
@babel/traverse	7.21.5	7.26.8
braces	3.0.2	3.0.3
dompurify	2.4.9	2.5.8

Updates axios from 1.4.0 to 1.7.4

Release notes

Sourced from axios's releases.

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

Release v1.7.3

Release notes:

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov
• Đỗ Trọng Hải

1.7.3 (2024-08-01)

Bug Fixes

• adapter: fix progress event emitting; (#6518) (e3c76fc)
• fetch: fix withCredentials request config (#6505) (85d4d0e)
• xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

• Dmitriy Mozgovoy
• Valerii Sidorenko
• prianYu

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

... (truncated)

Commits

• abd24a7 chore(release): v1.7.4 (#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (#6539) (#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)
• c6cce43 chore(release): v1.7.3 (#6521)
• e3c76fc fix(adapter): fix progress event emitting; (#6518)
• 85d4d0e fix(fetch): fix withCredentials request config (#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md (#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (#6515)
• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• Additional commits viewable in compare view

Updates react-pdf from 7.0.1 to 7.7.3

Release notes

Sourced from react-pdf's releases.

v7.7.3

Bug fixes

• Force isEvalSupported to false. Fixes GHSA-87hq-q4gp-9wr4 (caused by GHSA-wgrm-67xf-hhpq).

v7.7.2

This version shipped an incorrect fix for a security vulnerability and thus has been deprecated.

Bug fixes

• Force isEvalSupported to true. Fixes GHSA-87hq-q4gp-9wr4 (caused by GHSA-wgrm-67xf-hhpq).

v7.7.1

Bug fixes

• Fixed Outline, Page and Thumbnail components crashing when placed outside Document, but provided with pdf prop (#1709).
• Fixed documentation for using vite-plugin-static-copy suggesting a solution that doesn't work on Windows.

v7.7.0

What's new?

• Detect not memoized file and options props.

What's changed?

• Updated documentation to make it clear SVG renderMode is deprecated and will be removed in the future.
• Replaced tiny-warning with more popular (and equally tiny!) warning.

v7.6.0

What's new?

• Improved developer experience by moving prop documentation to JSDoc. This means that you can now see descriptions, default values, and examples for all props in your IDE.
• Improved documentation.

v7.5.1

What's new?

• Package is now published with npm provenance statements.

v7.5.0

What's new?

• Exported PasswordResponses type to make it easier to create custom password prompts (#1615). Thanks, @​pstevovski!
• Updated documentation on options prop and usage with Next.js.

Bug fixes

• Fixed customTextRenderer not called on items outside of marked content (#1593, #1623).

... (truncated)

Commits

• 1a69776 v7.7.3
• 208f28d Force isEvalSupported to false
• 8ca4d07 v7.7.2
• 260295b Force isEvalSupported to true
• 93b09c3 v7.7.1
• f01d41e Bump eslint-config-wojtekmaj from 0.9.0 to 0.11.0
• a9d0b52 Bump eslint from 8.37.0 to 8.56.0
• 57eaaf7 Bump jsdom from 21.1.1 to 24.0.0
• e339525 Fix Outline, Page and Thumbnail components crashing when placed outside Document
• cf5327b Add missing linkService in DocumentContext in unit tests
• Additional commits viewable in compare view

Updates postcss from 8.4.23 to 8.5.2

Release notes

Sourced from postcss's releases.

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

... (truncated)

Commits

• 692fcde Release 8.5.2 version
• b70e98f Update dependencies
• ba587e3 Fix end position of rules with ownSemicon (#2012)
• 7b02c75 Release 8.5.1 version
• 4c15339 Update dependencies
• 7efe91e Improve backwards compat for Input#document (#2000)
• 6873270 Release 8.5 version
• 4223bb9 Fix 80 columns limit
• 80e2401 Add Input#document (#1996)
• 6f86879 Update dependencies
• Additional commits viewable in compare view

Updates vite from 4.3.5 to 4.5.9

Release notes

Sourced from vite's releases.

v4.5.9

Please refer to CHANGELOG.md for details.

v4.5.8

Please refer to CHANGELOG.md for details.

v4.5.7

Please refer to CHANGELOG.md for details.

v4.5.6

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v4.5.5

Please refer to CHANGELOG.md for details.

v4.5.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

4.5.9 (2025-01-21)

• fix: preview.allowedHosts with specific values was not respected (#19246) (0bc52e0), closes #19246
• fix: allow CORS from loopback addresses by default (#19249) (8f63cd6), closes #19249

4.5.8 (2025-01-20)

• fix: try parse server.origin URL (#19241) (3680bad), closes #19241

4.5.7 (2025-01-20)

• fix: crypto.getRandomValues is not available in old Node versions (#19237) (f4d3c46), closes #19237

4.5.6 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (ef1049d)
• fix!: default server.cors: false to disallow fetching from untrusted origins (07b36d5)
• fix: verify token for HMR WebSocket connection (c065a77)

4.5.5 (2024-09-16)

4.5.4 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (e812716), closes #18115
• fix: backport #18112, fs raw query (b901438), closes #18112

4.5.3 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

4.5.2 (2024-01-19)

• fix: fs deny for case insensitive systems (#15653) (eeec23b), closes #15653

... (truncated)

Commits

• edad4d2 release: v4.5.9
• 8f63cd6 fix: allow CORS from loopback addresses by default (#19249)
• 0bc52e0 fix: preview.allowedHosts with specific values was not respected (#19246)
• 947f0c1 release: v4.5.8
• 3680bad fix: try parse server.origin URL (#19241)
• fe86acb release: v4.5.7
• f4d3c46 fix: crypto.getRandomValues is not available in old Node versions (#19237)
• 9e460f5 release: v4.5.6
• ef1049d fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• c065a77 fix: verify token for HMR WebSocket connection
• Additional commits viewable in compare view

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

6.2.0

• Coerce numbers to strings when passed to semver.coerce()
• Add rtl option to coerce from right to left

6.1.3

• Handle X-ranges properly in includePrerelease mode

6.1.2

• Do not throw when testing invalid version strings

6.1.1

• Add options support for semver.coerce()
• Handle undefined version passed to Range.test

6.1.0

• Add semver.compareBuild function
• Support * in semver.intersects

6.0

• Fix intersects logic.

  This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

• 44d27bc chore: release 6.3.1
• 928e56d fix: better handling of whitespace (#591)
• 39f6326 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates @babel/traverse from 7.21.5 to 7.26.8

Release notes

Sourced from @​babel/traverse's releases.

v7.26.8 (2025-02-08)

🏠 Internal

• babel-preset-env
  • #17097 Update dependency babel-plugin-polyfill-corejs3 to ^0.11.0

v7.26.7 (2025-01-24)

Thanks @​branchseer and @​tquetano-netflix for your first PRs!

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Tony Quetano (@​tquetano-netflix)
• @​branchseer
• @​liuxingbaoyu

v7.26.6 (2025-01-13)

🐛 Bug Fix

• babel-plugin-transform-nullish-coalescing-operator
  • #17061 fix: Chaining nullish coalescing operators output size regression (@​liuxingbaoyu)

Committers: 1

• @​liuxingbaoyu

v7.26.5 (2025-01-10)

👓 Spec Compliance

• babel-parser
  • #17011 Allow the dynamic import.defer() form of import defer (@​babel-bot)

🐛 Bug Fix

• babel-plugin-transform-block-scoped-functions
  • #17024 chore: Avoid calling isInStrictMode in Babel 7 (@​liuxingbaoyu)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

Changelog

Tags:

• 💥 [Breaking Change]
• 👓 [Spec Compliance]
• 🚀 [New Feature]
• 🐛 [Bug Fix]
• 📝 [Documentation]
• 🏠 [Internal]
• 💅 [Polish]

Note: Gaps between patch versions are faulty, broken or test releases.

This file contains the changelog starting from v7.15.0.

• See CHANGELOG - v7.0.0 to v7.14.9 for v7.0.0 to v7.14.9 changes.
• See CHANGELOG - v7 prereleases for v7.0.0-alpha.1 to v7.0.0-rc.4 changes.
• See CHANGELOG - v4, CHANGELOG - v5, and CHANGELOG - v6 for v4.x-v6.x changes.
• See CHANGELOG - 6to5 for the pre-4.0.0 version changelog.
• See Babylon's CHANGELOG for the Babylon pre-7.0.0-beta.29 version changelog.
• See babel-eslint's releases for the changelog before @babel/eslint-parser 7.8.0.
• See eslint-plugin-babel's releases for the changelog before @babel/eslint-plugin 7.8.0.

v7.26.7 (2025-01-24)

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

v7.26.6 (2025-01-13)

🐛 Bug Fix

• babel-plugin-transform-nullish-coalescing-operator
  • #17061 fix: Chaining nullish coalescing operators output size regression (@​liuxingbaoyu)

v7.26.5 (2025-01-10)

👓 Spec Compliance

... (truncated)

Commits

• 0593941 v7.26.8
• e02b0ff [Babel 8] Create TSTemplateLiteralType (#17066)
• 2d95140 v7.26.7
• ad572fd fix: Remove type-only import x = y.z (#17025)
• 74181cf v7.26.5
• d35794e [Babel 8] Create TSEnumBody for TSEnumDeclaration (#16979)
• cd24cc0 chore: Update TS 5.7 (#17053)
• cf7b9cd v7.26.4
• f33704a Revert "perf: Improve scope information collection performance" (#17005)
• 36ca8fa v7.26.3
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates dompurify from 2.4.9 to 2.5.8

Release notes

Sourced from dompurify's releases.

DOMPurify 2.5.8

• Fixed two conditional sanitizer bypasses discovered by @​parrot409 and @​Slonser
• Updated the attribute clobbering checks to prevent future bypasses, thanks @​parrot409

DOMPurify 2.5.7

• Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
• Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa

DOMPurify 2.5.6

• Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
• Fixed a minor problem with the bower file pointing to the wrong dist path
• Updated several development dependencies

DOMPurify 2.5.5

• Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
• Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

DOMPurify 2.5.4

• Fixed a bug with latest isNaN checks affecting MSIE, thanks @​tulach
• Fixed the tests for MSIE and fixed related test-runner

DOMPurify 2.5.3

• Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
• Added better configurability for comment scrubbing default behavior
• Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
• Fixed some smaller issues in README and other documentation

DOMPurify 2.5.2

• Addressed and fixed a mXSS variation found by @​kevin-mizu
• Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
• Updated tests for older Safari and Chrome versions

DOMPurify 2.5.1

• Fixed an mXSS sanitizer bypass reported by @​icesfont
• Added new code to track element nesting depth
• Added new code to enforce a maximum nesting depth of 255
• Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

DOMPurify 2.5.0

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

Commits

• ee992fc test: Updated a custom element test for IE11 on Windows 10
• 8b68e9e test: Trying to work around a false alert in IE11 Win 8.1
• 0d770cd chore: Preparing 2.5.8 release
• 9cd4f11 fix: Added same attribute clobbering check for 2.x branch
• f7120a3 fix: Fixed two conditional bypasses discovered by @​parrot409 and @​Slonser
• 193eef2 Update README.md
• f7712e4 Update README.md
• 1bb377b Update README.md
• 71683cb chore: Preparing 2.5.7 release
• d78f241 chore: Preparing 2.5.6 release
• Additional commits viewable in compare view

Updates esbuild from 0.17.18 to 0.18.20

Release notes

Sourced from esbuild's releases.

v0.18.20

• Support advanced CSS @import rules (#953, #3137)

  CSS @import statements have been extended to allow additional trailing tokens after the import path. These tokens sort of make the imported file behave as if it were wrapped in a @layer, @supports, and/or @media rule. Here are some examples:

  @import url(foo.css);
  @import url(foo.css) layer;
  @import url(foo.css) layer(bar);
  @import url(foo.css) layer(bar) supports(display: flex);
  @import url(foo.css) layer(bar) supports(display: flex) print;
  @import url(foo.css) layer(bar) print;
  @import url(foo.css) supports(display: flex);
  @import url(foo.css) supports(display: flex) print;
  @import url(foo.css) print;

  You can read more about this advanced syntax here. With this release, esbuild will now bundle @import rules with these trailing tokens and will wrap the imported files in the corresponding rules. Note that this now means a given imported file can potentially appear in multiple places in the bundle. However, esbuild will still only load it once (e.g. on-load plugins will only run once per file, not once per import).

v0.18.19

• Implement composes from CSS modules (#20)

  This release implements the composes annotation from the CSS modules specification. It provides a way for class selectors to reference other class selectors (assuming you are using the local-css loader). And with the from syntax, this can even work with local names across CSS files. For example:

  // app.js
  import { submit } from './style.css'
  const div = document.createElement('div')
  div.className = submit
  document.body.appendChild(div)

  /* style.css */
  .button {
    composes: pulse from "anim.css";
    display: inline-block;
  }
  .submit {
    composes: button;
    font-weight: bold;
  }

  /* anim.css */
  @keyframes pulse {
    from, to { opacity: 1 }
    50% { opacity: 0.5 }
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.18.20

• Support advanced CSS @import rules (#953, #3137)

  CSS @import statements have been extended to allow additional trailing tokens after the import path. These tokens sort of make the imported file behave as if it were wrapped in a @layer, @supports, and/or @media rule. Here are some examples:

  @import url(foo.css);
  @import url(foo.css) layer;
  @import url(foo.css) layer(bar);
  @import url(foo.css) layer(bar) supports(display: flex);
  @import url(foo.css) layer(bar) supports(display: flex) print;
  @import url(foo.css) layer(bar) print;
  @import url(foo.css) supports(display: flex);
  @import url(foo.css) supports(display: flex) print;
  @import url(foo.css) print;

  You can read more about this advanced syntax here. With this release, esbuild will now bundle @import rules with these trailing tokens and will wrap the imported files in the corresponding rules. Note that this now means a given imported file can potentially appear in multiple places in the bundle. However, esbuild will still only load it once (e.g. on-load plugins will only run once per file, not once per import).

0.18.19

• Implement composes from CSS modules (#20)

  This release implements the composes annotation from the CSS modules specification. It provides a way for class selectors to reference other class selectors (assuming you are using the local-css loader). And with the from syntax, this can even work with local names across CSS files. For example:

  // app.js
  import { submit } from './style.css'
  const div = document.createElement('div')
  div.className = submit
  document.body.appendChild(div)

  /* style.css */
  .button {
    composes: pulse from "anim.css";
    display: inline-block;
  }
  .submit {
    composes: button;
    font-weight: bold;
  }

  /* anim.css */
  @keyframes pulse {
    from, to { opacity: 1 }

... (truncated)

Commits

• 22f0818 publish 0.18.20 to npm
• 89b98d9 css: test coverage for some external test cases
• 4bb897f fix #953, fix #3137: advanced css @import syntax
• 6892b1b css: change ast format for @import conditions
• d770d53 remove unnecessary file slice.go
• 0e5b5fb add test-e2e-yarn
• e08ee89 publish 0.18.19 to npm
• d2bc26c css: attempt to warn about undefined composes
• a0910fd fix #20: implement composes from css modules
• a470f0a css: a basic implementation of local composes
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates pdfjs-dist from 3.6.172 to 3.11.174

Release notes

Sourced from pdfjs-dist's releases.

v3.11.174

This release primarily features accessibility improvements for the annotation editor and fixes for the type definitions.

Changes since v3.10.111

• Bump versions in pdfjs.config by @​timvandermeij in mozilla/pdf.js#16876
• Add tagged annotations in the structure tree (bug 1850797) by @​calixteman in mozilla/pdf.js#16886
• Fix the id used in aria-controls used to make a relationship between the popup and its parent by @​calixteman in mozilla/pdf.js#16889
• Fix JSDoc types by @​stof in mozilla/pdf.js#16888
• Ignore null-chars when using structTree-data in the viewer by @​Snuffleupagus in mozilla/pdf.js#16891
• Stop using removeNullCharacters in the addLinkAttributes helper function by @​Snuffleupagus in mozilla/pdf.js#16892
• [Type-definitions] Fix type generator to support import maps by @​stof in mozilla/pdf.js#16890
• Update packages and translations by @​Snuffleupagus in mozilla/pdf.js#16895
• A couple of small InternalRenderTaskDescription has been truncated