Bump the npm_and_yarn group across 2 directories with 52 updates

[dependabot]

Bumps the npm_and_yarn group with 48 updates in the / directory:

Package	From	To
jquery	3.3.1	3.7.1
jsrsasign	8.0.12	11.0.0
katex	0.11.1	0.16.10
moment	2.22.2	2.30.1
@accounts/server	0.0.18	0.33.1
cypress	4.0.2	4.12.1
moment-timezone	0.5.27	0.5.35
pdfjs-dist	2.0.943	4.2.67
semver	5.6.0	5.7.2
sharp	0.22.1	0.32.6
ua-parser-js	0.7.19	0.7.39
xml2js	0.4.19	0.6.2
aws-sdk	2.368.0	2.1692.0
webdav	2.10.0	5.7.1
xmldom	0.1.27	0.6.0
@rocket.chat/livechat	1.4.0	1.9.0
postcss	7.0.6	8.4.31
simple-git	1.107.0	3.16.0
@babel/traverse	7.1.6	7.25.9
@babel/traverse	7.6.2	7.25.9
@babel/traverse	7.8.4	7.25.9
lodash	4.17.11	4.17.21
node-fetch	2.3.0	2.7.0
node-fetch	2.6.0	2.7.0
@nivo/bar	0.61.1	0.88.0
@nivo/heatmap	0.61.0	0.88.0
@nivo/line	0.61.1	0.88.0
@nivo/pie	0.61.1	0.88.0
cross-fetch	2.2.3	2.2.6
browserify-sign	4.0.4	4.2.3
css-what	2.1.2	2.1.3
cheerio	0.19.0	0.22.0
decode-uri-component	0.2.0	0.2.2
dicer	0.2.5	removed
busboy	0.2.14	1.6.0
elliptic	6.4.1	6.6.1
eventsource	1.0.7	1.1.2
follow-redirects	1.5.10	1.15.9
react-inspector	4.0.0	4.0.1
fsevents	1.2.9	1.2.13
mongodb	2.2.36	3.7.4
@accounts/mongo	0.0.12	0.34.1
mongo-unit	1.4.4	1.5.1
nodemailer	4.6.8	6.9.13
mailparser	2.4.3	3.7.1
prismjs	1.17.1	removed
@storybook/addon-actions	5.3.9	8.4.5
@storybook/addon-knobs	5.3.9	8.0.1
@storybook/addon-viewport	5.3.9	8.4.5
@storybook/react	5.3.9	8.4.5
url-parse	1.4.7	1.5.10

Bumps the npm_and_yarn group with 1 update in the /private/node_scripts/unsubscribe_csv directory: mongodb.

Updates jquery from 3.3.1 to 3.7.1

Release notes

Sourced from jquery's releases.

jQuery 3.7.1 Released: Reliable Table Row Dimensions

https://blog.jquery.com/2023/08/28/jquery-3-7-1-released-reliable-table-row-dimensions/

jQuery 3.7.0: Staying in Order

https://blog.jquery.com/2023/05/11/jquery-3-7-0-released-staying-in-order/

jQuery 3.6.4 Released: Selector Forgiveness

https://blog.jquery.com/2023/03/08/jquery-3-6-4-released-selector-forgiveness/

jQuery supports CSS.supports in jQuery 3.6.3

https://blog.jquery.com/2022/12/20/jquery-3-6-3-released-a-quick-selector-fix/

jQuery 3.6.2 :has arrived!

https://blog.jquery.com/2022/12/13/jquery-3-6-2-released/

jQuery 3.6.1 Maintenance Release

https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/

jQuery 3.6.0 Released!

https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• f79d5f1 3.7.1
• 399b201 Release: revert change that broke release
• f85d521 Release: update authors
• 763ade6 Build: Generate the slim build on grunt & run compare_size on it
• a288838 CSS: Make the reliableTrDimensions support test work with Bootstrap CSS (3.x ...
• 87467a6 Selector: Only attach the unload handler in IE & Edge Legacy
• 3c18c1f Build: Make sure *.cjs & *.mjs files use UNIX line endings as well
• 72ae577 Build: switch preferred email for timmywil
• a370d7d Build: Build: Bump actions/checkout from 3.5.2 to 3.5.3
• 4a29888 Docs: Fix typos found by codespell
• Additional commits viewable in compare view

Updates jsrsasign from 8.0.12 to 11.0.0

Release notes

Sourced from jsrsasign's releases.

remove RSA and RSAOAEP encryption for Marvin attack

• Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
  • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
  • src/crypto.js
    • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
  • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

• Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
  • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
    • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
    • default prf is changed from hmacWithSHA1 to hmacWithSHA256
  • src/keyutil.js
    • more encrypted PKCS#8 private key support
      • KEYUTIL.getKey now supports encrypted PKCS#8 private key with aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as psudorandom function.
      • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM priavte key.
  • src/crypto.js
    • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
  • src/base64x.js
    • function inttohex and twoscompl are added
  • src/asn1.js
    • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
  • src/asn1x509.js
    • aes*-CBC and hmacWithSHA* OIDs are added
  • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
    • update and add some test cases for above
  • stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix

• Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
  • src/x509.js
    • another bugfix X509.getExtSubjectDirectoryAttributes method

X509.getExtSubjectDirectoryAttributes bugfix

• Changes from 10.8.4 to 10.8.5 (2023-Apr-26)
  • src/x509.js
    • bugfix X509.getExtSubjectDirectoryAttributes method

more SubjectDirectoryExtension support

• Changes from 10.8.3 to 10.8.4 (2023-Apr-26)
  • src/asn1x509.js
    • SubjectDirectoryAttributes class
      • add array of array support for arbitrary attribute value
  • src/x509.js
    • add X509.getExtSubjectDirectoryAttributes method for ExtSubjectDirectoryAttributes extension

... (truncated)

Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

• Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
  • src/crypto.js
    • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

• Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
  • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
  • src/crypto.js
    • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
  • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

• Changes from 10.8.6 to 10.9.0 (2023-Nov-27)
  • KEYUTIL.getPEM is updated not to use weak ciphers (#599)
    • default encryptionScheme is changed from des-EDE3-CBC to aes256-CBC
    • default prf is changed from hmacWithSHA1 to hmacWithSHA256
  • src/keyutil.js
    • more encrypted PKCS#8 private key support
      • KEYUTIL.getKey now supports encrypted PKCS#8 private key with aes128-CBC, aes256-CBC encrypted and using hmacWithSHA224/256/384/512 as psudorandom function.
      • KEYUTIL.getPEM now supports such as above encrypted PKCS#8 PEM priavte key.
  • src/crypto.js
    • Cipher.decrypt/encrypt now supports symmetric ciphers (des-EDE3-CBC,aes128-CBC,aes256-CBC)
  • src/base64x.js
    • function inttohex and twoscompl are added
  • src/asn1.js
    • ASN1Util.bigIntToMinTwosComplementsHex is now DEPRECATED. use twoscompl.
  • src/asn1x509.js
    • aes*-CBC and hmacWithSHA* OIDs are added
  • test/qunit-do-{base64x,crypto-cipher,keyutil-eprv,keyutil,keyutil-p8egen}.html
    • update and add some test cases for above
  • stop bower support (bower.json removed)

X509.getExtSubjectDirectoryAttributes another bugfix

• Changes from 10.8.5 to 10.8.6 (2023-Apr-26)
  • src/x509.js
    • another bugfix X509.getExtSubjectDirectoryAttributes method

X509.getExtSubjectDirectoryAttributes bugfix

• Changes from 10.8.4 to 10.8.5 (2023-Apr-26)
  • src/x509.js
    • bugfix X509.getExtSubjectDirectoryAttributes method

... (truncated)

Commits

• d73befc 11.0.0 release
• 32f73af update jsdoc
• df54d0b enhanced support for encrypted PKCS8
• 59920c4 10.8.6 release
• c195be8 10.8.5 release
• 04af7f5 10.8.4 release
• d679050 10.8.3 release
• 97921fb 10.8.2 release
• d332357 Merge pull request #583 from davedoesdev/master
• 1cfd939 Fix OAEP padding
• Additional commits viewable in compare view

Updates katex from 0.11.1 to 0.16.10

Release notes

Sourced from katex's releases.

v0.16.10

0.16.10 (2024-03-24)

Bug Fixes

• \edef bypassing maxExpand via exponential blowup (e88b4c3)
• escape \includegraphics src and alt (c5897fc)
• force protocol to be lowercase for better protocol filtering (fc5af64), closes /datatracker.ietf.org/doc/html/rfc3986#section-3
• maxExpand limit with Unicode sub/superscripts (085e21b)

v0.16.9

0.16.9 (2023-10-02)

Features

• Support bold Fraktur (#3777) (240d5ae)

v0.16.8

0.16.8 (2023-06-24)

Features

• expose error length and raw error message on ParseError (#3820) (710774a)

v0.16.7

0.16.7 (2023-04-28)

Bug Fixes

• docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)

v0.16.6

0.16.6 (2023-04-17)

Bug Fixes

• Support \let via macros option (#3738) (bdb0be2), closes #3737 #3737

v0.16.5

0.16.5 (2023-04-17)

Features

• __defineFunction API exposing internal defineFunction (#3805) (c7b1f84), closes #3756

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.10 (2024-03-24)

Bug Fixes

• \edef bypassing maxExpand via exponential blowup (e88b4c3)
• escape \includegraphics src and alt (c5897fc)
• force protocol to be lowercase for better protocol filtering (fc5af64), closes /datatracker.ietf.org/doc/html/rfc3986#section-3
• maxExpand limit with Unicode sub/superscripts (085e21b)

0.16.9 (2023-10-02)

Features

• Support bold Fraktur (#3777) (240d5ae)

0.16.8 (2023-06-24)

Features

• expose error length and raw error message on ParseError (#3820) (710774a)

0.16.7 (2023-04-28)

Bug Fixes

• docs/support_table.md: delete redundant "varPsi" (#3814) (33a1b98)

0.16.6 (2023-04-17)

Bug Fixes

• Support \let via macros option (#3738) (bdb0be2), closes #3737 #3737

0.16.5 (2023-04-17)

Features

• __defineFunction API exposing internal defineFunction (#3805) (c7b1f84), closes #3756

0.16.4 (2022-12-07)

Bug Fixes

... (truncated)

Commits

• ab32359 chore(release): 0.16.10 [ci skip]
• fc5af64 fix: force protocol to be lowercase for better protocol filtering
• 085e21b fix: maxExpand limit with Unicode sub/superscripts
• e88b4c3 fix: \edef bypassing maxExpand via exponential blowup
• c5897fc fix: escape \includegraphics src and alt
• 5677f37 chore: fix some typos (#3936)
• d9640f1 chore(deps): update dependency json-stable-stringify to v1.1.1 [skip netlify]...
• 9a1f2f2 chore(deps): update dependency css-loader to v6.10.0 [skip netlify] (#3887)
• 1851860 chore(deps): update dependency cssnano to v5.1.15 [skip netlify] (#3883)
• e69d8b1 chore(deps): update dependency browserslist to v4.23.0 [skip netlify] (#3886)
• Additional commits viewable in compare view

Updates moment from 2.22.2 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

• Release Dec 27, 2023
• Revert moment/moment#5827, because it's breaking a lot of TS code.

2.30.0 Full changelog

• Release Dec 26, 2023

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

• Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

• 485d9a7 Build 2.30.1
• e048b09 Bump version to 2.30.1
• f9f2d58 Update changelog for 2.30.1
• a52ffb2 Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"
• ddd6809 Build 2.30.0
• be64d00 Bump version to 2.30.0
• ad41179 Update changelog for 2.30.0
• 63fe479 [misc] Make code ES6 compatible
• 0f0195f Revert "Merge pull request #5599 from Alanscut:issue_4985"
• 15b82f5 Revert "Merge pull request #5597 from Alanscut:issue-5596"
• Additional commits viewable in compare view

Updates @accounts/server from 0.0.18 to 0.33.1

Release notes

Sourced from @​accounts/server's releases.

@​accounts/server@​0.33.1

Patch Changes

• #1173 1cf53c32 Thanks @​pradel! - emailTemplates option can now be set partially

• #1170 e81eb578 Thanks @​pradel! - Upgrade tslib to 2.3.0

• Updated dependencies [e81eb578]:

  • @​accounts/types@​0.33.1

Commits

• 83280af chore: version packages (#1171)
• 975ced7 fix: fix compatibility issue with MongoDB 4.X (#1180)
• 926b421 chore: upgrade graphql-codegen (#1163)
• 1cf53c3 feat: allow partial emailTemplates option (#1173)
• 17ef4e1 fix: changeset file
• e81eb57 chore: upgrade tslib to 2.3.0 (#1170)
• 1eb36fe chore: upgrade dev deps (#1169)
• dd37999 chore: update versions (#1168)
• 1afdb00 ci: fix
• 0244796 ci: fix publish release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by leopradel, a new releaser for @​accounts/server since your current version.

Updates cypress from 4.0.2 to 4.12.1

Commits

• 2156e3e release 4.12.1 [skip ci]
• a54d793 chore(deps): update dependency markdown-it to version .x 🌟 (#8183)
• 640505e chore(deps): update dependency react-inspector to version .x 🌟 (#8182)
• d3e90d6 fix(deps): update dependency electron-context-menu to version .x 🌟 (#8180)
• 996fe97 fix(deps): update dependency md5 to version 2.3.0 🌟 (#8161)
• 3ad06db fix: it.skip no longer causes hooks to be assigned to the wrong test (#8113)
• 580087d release 4.12.0 [skip ci]
• 9d19a9f fix: Capture env vars from AWS Code Build (#8159)
• e0f587e fix: iFrame input focus should not cause blur if input already activeElement ...
• 19393e0 fix(reporter): minor UI fixes and improvements (#8153)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by chrisbreiding, a new releaser for cypress since your current version.

Updates moment-timezone from 0.5.27 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

• Updated data to IANA TZDB 2021e

Release 0.5.33

• Updated data to IANA TZDB 2021a

Release 0.5.32

• Updated data to IANA TZDB 2020d

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

• Updated data to IANA TZDB 2020a
• Fixed typescript definitions

NOTE: You might need to un-install @types/moment-timezone. Check moment/moment-timezone#858 for more info.

Release 0.5.29

• Fixed es6 module loading issue moment/moment-timezone@1fd4234
• Fixed typescript declarations moment/moment-timezone@ed529ea
• Fixed changelog moment/moment-timezone@adb7d7b

Release 0.5.28

Merged pull request #410 from @​adgrace:

• Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
• Added a method moment.tz(timezone_id).countries() to get countries for some time zone
• Added a method moment.tz.countries() to get all country codes
• And as you know moment.tz.names() already exists

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

• Updated data to IANA TZDB 2021e

0.5.33 2021-02-06

• Updated data to IANA TZDB 2021a

0.5.32 2020-11-14

• Updated data to IANA TZDB 2020d

0.5.31 2020-05-16

• Fixed Travis builds for Node.js 4 and 6

0.5.30 2020-05-16

• Updated data to IANA TZDB 2020a
• Fixed typescript definitions

NOTE: You might need to un-install @​types/moment-timezone. Check moment/moment-timezone#858 for more info

0.5.29 2020-05-16

• Merged fix of es6 module loading issue moment/moment-timezone@1fd4234
• Merged PR with typescript declarations moment/moment-timezone@ed529ea
• Merged fixes to changelog moment/moment-timezone@adb7d7b

0.5.28 2020-02-21

Merged pull request #410 from @​adgrace:

• Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
• Added a method moment.tz(timezone_id).countries() to get countries for some time zone
• Added a method moment.tz.countries() to get all country codes
• And as you know moment.tz.zones() already exists

Commits

• b8fb1ba Build moment-timezone 0.5.35
• f1b5e5a Add changelog for 0.5.35
• 8b0eb0c Bump version to 0.5.35
• 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
• ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
• 9430b4c Merge remote-tracking branch 'origin/master' into develop
• feaf900 Updated contributing.md + added 2021e files
• 704cfac updated contributing.md
• 877c863 Updated contributing.md + added 2021e files
• 5a3015c updated contributing.md
• Additional commits viewable in compare view

Updates pdfjs-dist from 2.0.943 to 4.2.67

Release notes

Sourced from pdfjs-dist's releases.

v4.2.67

This release includes a new JPX decoder, based on OpenJPEG, which improves JPX image rendering performance and correctness. Moreover, this release contains improvements for the annotation editor, font conversion and the viewer.

Note that text selection boxes for some PDF files may overlap visually. This is a known issue that we currently track in mozilla/pdf.js#17561.

Changes since v4.1.392

• Bump the stable version in pdfjs.config by @​timvandermeij in mozilla/pdf.js#17924
• Convert the history code to use proper private methods by @​timvandermeij in mozilla/pdf.js#17925
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#17927
• Remove the tag for missing font subset when trying to find a substitution by @​calixteman in mozilla/pdf.js#17930
• Fix resetting of cursor-tools when closing the document (PR 17464 follow-up) by @​Snuffleupagus in mozilla/pdf.js#17933
• Warn when a non-embedded font has an invalid name by @​calixteman in mozilla/pdf.js#17934
• Remove the mkdirp dependency in favor of the built-in Node.js fs.mkdirSync by @​timvandermeij in mozilla/pdf.js#17935
• Improve type definitions for the viewer by @​ex37 in mozilla/pdf.js#17879
• Fix the "must check that invisible fields are made visible" scripting integration test by @​timvandermeij in mozilla/pdf.js#17940
• Remove the rimraf dependency in favor of the built-in Node.js fs.rmSync in the test folder by @​timvandermeij in mozilla/pdf.js#17938
• [api-minor] Update the minimum supported Safari version to 16.4 by @​Snuffleupagus in mozilla/pdf.js#17942
• Fix the "must check that a field has the correct value when a choice is changed" scripting integration test by @​timvandermeij in mozilla/pdf.js#17947
• [api-minor] Add a jpx decoder based on OpenJPEG 2.5.2 by @​calixteman in mozilla/pdf.js#17946
• Bump library version to 4.2 by @​Snuffleupagus in mozilla/pdf.js#17949
• Build the openjpeg-based decoder in a web environment in order to avoid issues when used in node by @​calixteman in mozilla/pdf.js#17954
• Fix JpxImage API issues (PR 17946 follow-up) by @​timvandermeij in mozilla/pdf.js#17951
• [JPX] Throw an exception with the error messages returned by openjpeg by @​calixteman in mozilla/pdf.js#17956
• [Editor] Provide an element to render in the annotation layer after a freetext has been edited (bug 1890535) by @​calixteman in mozilla/pdf.js#17914
• Remove waitForTimeout usage from the helper functions by @​timvandermeij in mozilla/pdf.js#17966
• Remove some event listeners with signal in the viewer by @​Snuffleupagus in mozilla/pdf.js#17964
• [Editor] Don't show the context menu when resizing by @​calixteman in mozilla/pdf.js#17973
• Correctly update the xref table when an annotation is deleted by @​calixteman in mozilla/pdf.js#17970
• Update dependencies and translations to the most recent versions by @​timvandermeij in mozilla/pdf.js#17972
• Improve jpx decoding by around 20% in enabling simd support when compiling OpenJPEG by @​calixteman in mozilla/pdf.js#17983
• [api-minor] Remove the image-related error message prefixes by @​Snuffleupagus in mozilla/pdf.js#17979
• Use the pdf.js warn when using jpx decoder by @​calixteman in mozilla/pdf.js#17985
• Extend the globally cached image main-thread copying to "complex" images as well (PR 17428 follow-up) by @​Snuffleupagus in mozilla/pdf.js#17978
• Update JpxImage.parseImageProperties to support TypedArray data in IMAGE_DECODERS builds by @​Snuffleupagus in mozilla/pdf.js#17977
• Add signal-support in the EventBus, and utilize it in the viewer (PR 17964 follow-up) by @​Snuffleupagus in mozilla/pdf.js#17967
• Set correctly the change property for the event triggered when a choice list is changed by @​calixteman in mozilla/pdf.js#17999
• Remove all waitForTimeout usage from the annotation integration tests by @​timvandermeij in mozilla/pdf.js#17969
• Validate explicit destinations on the worker-thread to prevent DataCloneError (issue 17981) by @​Snuffleupagus in mozilla/pdf.js#17984
• Allow to insert several annotations under the same parent in the structure tree by @​calixteman in mozilla/pdf.js#17986
• Always enable smoothing when rendering downscaled image by @​calixteman in mozilla/pdf.js#17868
• Simplify the way to pass the glyph drawing instructions from the worker to the main thread by @​calixteman in mozilla/pdf.js#18015
• Validate additional font-dictionary properties by @​Snuffleupagus in mozilla/pdf.js#18014
• Add more validation of width-data by @​Snuffleupagus in mozilla/pdf.js#18017
• Reduce code-duplication when caching data in CompiledFont.getPathJs by @​Snuffleupagus in mozilla/pdf.js#18018
• Re-factor SimpleLinkService to extend PDFLinkService by @​Snuffleupagus in mozilla/pdf.js#18013
• [api-minor] Move the page reference/number caching into the API by @​Snuffleupagus in mozilla/pdf.js#18001

v4.1.392

This release features improvements, bugfixes and optimizations for accessibility, annotation rendering, annotation editing, font rendering, form handling, image rendering, text selection and the viewer.

... (truncated)

Commits

• 49b3881 Merge pull request #18001 from Snuffleupagus/api-pageRefCache
• 150964d Remove unnecessary check from PDFLinkService.goToDestination (PR 17984 foll...
• f6cd039 [api-minor] Move the page reference/number caching into the API
• fa69d9a Inline the helper method in PDFLinkService.goToDestination
• 3052e99 Merge pull request #18013 from Snuffleupagus/SimpleLinkService-extends-PDFLin...
• 2b2ade7 Merge pull request #18018 from Snuffleupagus/CompiledFont-tweak-caching
• 627fe2d Merge pull request #18017 from Snuffleupagus/validate-widths
• 85ff8f3 Reduce code-duplication when caching data in CompiledFont.getPathJs
• d411a07 Add more validation of width-data
• 234067e Merge pull request #18014 from Snuffleupagus/validate-font-properties
• Additional commits viewable in compare view

Updates semver from 5.6.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• 8055dda 5.7.0
• 604e73d auto-publishing scripts
• bed01e2 remove the nomin comments, since we don't minify any more anyway
• 9cb68f1 document parse method
• 38d42ca 5.7 changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates sharp from 0.22.1 to 0.32.6

Changelog

Sourced from sharp's changelog.

v0.32.6 - 18th September 2023

• Upgrade to libvips v8.14.5 for upstream bug fixes.

• Ensure composite tile images are fully decoded (regression in 0.32.0). #3767

• Ensure withMetadata can add ICC profiles to RGB16 output. #3773

• Ensure withMetadata does not reduce 16-bit images to 8-bit (regression in 0.32.5). #3773

• TypeScript: Add definitions for block and unblock. #3799 @​ldrick

v0.32.5 - 15th August 2023

• Upgrade to libvips v8.14.4 for upstream bug fixes.

• TypeScript: Add missing WebpPresetEnum to definitions. #3748 @​pilotso11

• Ensure compilation using musl v1.2.4. #3755 @​kleisauke

• Ensure resize with a fit of inside respects 90/270 degree rotation. #3756

• TypeScript: Ensure minSize property of WebpOptions is boolean. #3758 @​sho-xizz

• Ensure withMetadata adds default sRGB profile. #3761

v0.32.4 - 21st July 2023

• Upgrade to libvips v8.14.3 for upstream bug fixes.

• Expose ability to (un)block low-level libvips operations by name.

• Prebuilt binaries: restore support for tile-based output. #3581

v0.32.3 - 14th July 2023

... ...

Description has been truncated