[Security] Bump nth-check and cheerio
Bumps nth-check to 2.1.1 and updates ancestor dependency cheerio. These dependencies need to be updated together.
Updates nth-check
from 1.0.2 to 2.1.1 This update includes a security fix.
Vulnerabilities fixed
Inefficient Regular Expression Complexity in nth-check nth-check is vulnerable to Inefficient Regular Expression Complexity
Patched versions: 2.0.1 Affected versions: < 2.0.1
Release notes
Sourced from nth-check's releases.
v2.1.1
- The ESM code had some issues that are now fixed aeeb067
https://github.com/fb55/nth-check/compare/v2.1.0...v2.1.1
v2.1.0
What's Changed
nth-check
is now a dual CommonJS and ESM module fb55/nth-check#206- With the new
sequence
andgenerate
methods, it is now possible to generate a sequence of indices for a given formula fb55/nth-check#207Full Changelog: https://github.com/fb55/nth-check/compare/v2.0.1...v2.1.0
v2.0.1
Fixes:
- Replace regex with hand-rolled parser for nth-expressions (#9) 9894c1d
- Ensures parsing will always have linear time complexity.
Internal:
- chore(ci): Use GitHub Actions, Dependabot (#10) e02b4dd
- Bump dependencies
https://github.com/fb55/nth-check/compare/v2.0.0...v2.0.1
v2.0.0
- Port module to TS, Jest, ESLint
Breaking:
- The main export is now a default export.
- The module now throws regular
Error
s on invalid selectors instead ofSyntaxError
s.
Commits
-
639fd2a
2.1.1 -
0eec65b
fix(test): AddmoduleNameMapper
-
aeeb067
fix: Fix ESM -
432ebc6
2.1.0 -
3e8cd1e
feat: Addgenerate
andsequence
methods (#207) -
57a5c62
feat: Add ESM (#206) -
1ce0c7c
chore(deps-dev): Bump@types/node
from 17.0.34 to 17.0.35 (#205) -
eebb040
chore(deps-dev): Bump@typescript-eslint/parser
from 5.24.0 to 5.25.0 (#204) -
a316aaa
chore(deps-dev): Bump@typescript-eslint/eslint-plugin
(#203) -
454c0de
chore(deps-dev): Bump@typescript-eslint/eslint-plugin
(#202) - Additional commits viewable in compare view
Updates cheerio
from 0.22.0 to 1.0.0-rc.12
Release notes
Sourced from cheerio's releases.
v1.0.0-rc.12
Bugfix release. Fixed issues:
- Align
prop
undefined handling with jQuery by@fb55
in cheeriojs/cheerio#2557- Allow deep imports of
cheerio/lib/utils
by@blixt
in cheeriojs/cheerio#2601New Contributors
@blixt
made their first contribution in cheeriojs/cheerio#2601Full Changelog: https://github.com/cheeriojs/cheerio/compare/v1.0.0-rc.11...v1.0.0-rc.12
v1.0.0-rc.11
cheerio@1.0.0-rc.11
is hopefully the last RC before the 1.0.0 release of Cheerio. There are two APIs that will be added for the next major release: Anexract
method (cheeriojs/cheerio#2523) and NodeJS specific loader methods (cheeriojs/cheerio#2051). These are still in flux and I'd appreciate feedback on the proposals.A big thank you to everyone that contributed to this release! This includes code contributors, as well as the amazing financial support on GitHub Sponsors!
Under the hood, a lot of work for this release went into updating parse5, cheerio's default HTML parser. Have a look at parse5's release notes to see what has changed there.
Breaking
- Cheerio is now a dual CommonJS and ESM module. That means that deep imports will now fail in newer versions of Node. cheeriojs/cheerio#2508
script
andstyle
contents are added again in.text()
cheeriojs/cheerio#2509
- To keep the old behavior, switch
.text()
to.prop('innerText')
- The TypeScript types inherited from upstream dependencies have changed. cheeriojs/cheerio#2503
- Node types are now using tagged unions, which will make consumption a bit easier.
Features
- Relevant options are now forwarded to
cheerio-select
cheeriojs/cheerio#2511
- Custom pseudo classes can now be specified using the
pseudos
option.- For the
.prop()
method:
- Add
textContent
andinnerText
props cheeriojs/cheerio#2214- Users can now specify a
baseURI
option, which will lead tohref
andsrc
props to be resolved as URLs. cheeriojs/cheerio#2510- Added a
slim
export, which will always use htmlparser2 cheeriojs/cheerio#1960Fixes
- Have
text
turn passed values to strings cheeriojs/cheerio#2047- Include
undefined
in the return type ofget
by@glen-84
in cheeriojs/cheerio#2392- Recognise comments as HTML cheeriojs/cheerio#2504
- Add missing
undefined
return value cheeriojs/cheerio#2505- Export missing static methods cheeriojs/cheerio#2506
- Have style parsing add malformed fields to previous field cheeriojs/cheerio#2521
Refactor
- Use
domutils
module directly cheeriojs/cheerio#1928- Hand-roll
isHTML
cheeriojs/cheerio#1935- Move initialization logic to
load
cheeriojs/cheerio#1951- Only return elements in
closest
cheeriojs/cheerio#2057
... (truncated)
Changelog
Sourced from cheerio's changelog.
Starting with 1.0.0-rc.4, release notes are exclusively tracked in GitHub Releases.
1.0.0-rc.3 / 2019-04-06
This release corrects a test expectation that was fixed by one of the project's dependencies.
1.0.0-rc.2 / 2017-07-02
This release changes Cheerio's default parser to the Parse5 HTML parser. Parse5 is an excellent project that rigorously conforms to the HTML standard. It does not support XML, so Cheerio continues to use
htmlparser2
when working with XML documents.This switch addresses many long-standing bugs in Cheerio, but some users may experience slower behavior in performance-critical applications. In addition,
htmlparser2
is more forgiving of invalid markup which can be useful when input sourced from a third party and cannot be corrected. For these reasons, theload
method also accepts a DOM structure as produced by thehtmlparser2
library. See the project's "readme" file for more details on this usage pattern.Migrating from version 0.x
cheerio.load( html[, options ] )
This method continues to act as a "factory" function. It produces functions that define an API that is similar to the globaljQuery
function provided by the jQuery library. The generated function operates on a DOM structure based on the provided HTML.In releases prior to version 1.0, the provided HTML was interpreted as a document fragment. Following version 1.0, strings provided to the
load
method are interpreted as documents. The same example will produce a$
function that operates on a full HTML document, including an<html>
document element with nested<head>
and<body>
tags. This mimics web browser behavior much more closely, but may require alterations to existing code.For example, the following code will produce different results between 0.x and 1.0 releases:
var $ = cheerio.load('<p>Hello, <b>world</b>!</p>'); $.root().html(); //=> In version 0.x: '<p>Hello, <b>world</b>!</p>' //=> In version 1.0: '<html><head></head><body><p>Hello, <b>world</b>!</p></body></html>'
Users wishing to parse, manipulate, and render full documents should not need to modify their code. Likewise, code that does not interact with the "root"
... (truncated)
Commits
-
d1cbc66
1.0.0-rc.12 -
4b4432f
chore: Update license to 2022 -
72e3c42
chore(deps): Remove tslib dependency -
810ce07
build(deps-dev): bump@types/node
from 17.0.43 to 18.0.0 (#2596) -
b6bdc24
doc(comments): fix minor spelling mistake (#2585) -
aef3205
Update Sponsors (#2599) -
febcb41
build(deps-dev): bump jsdom from 19.0.0 to 20.0.0 (#2606) -
16a3adb
docs: update History.md (#2588) -
43d9f50
fix(package): Allow imports ofcheerio/lib/utils
(#2601) -
6fe629a
build(deps-dev): bump@types/jest
from 28.1.2 to 28.1.3 (#2609) - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts