Skip to content

Bump underscore and mammoth #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump underscore and mammoth #2

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 15, 2023

Bumps underscore to 1.13.6 and updates ancestor dependency mammoth. These dependencies need to be updated together.

Updates underscore from 1.4.4 to 1.13.6

Commits
  • bd2d35c Merge remote-tracking branch 'upstream/master'
  • 2e7c0f2 Update generated files, tag 1.13.6 release
  • 732cafe Underscore 1.13.6
  • e8f86fb Add changelog entry for versioin 1.13.6
  • 43e827a Bump the version to 1.13.6 (hotfix)
  • 1c1d1a2 Remove patch-package postinstall script
  • 4eb6894 Merge pull request #2974 from paulsmithkc/patch-1
  • 2edcdc1 Hostfix for broken builds
  • 66ee70d Verify that production and doc builds still work in CI
  • 68e5eb6 Update generated sources, tag 1.13.5 release
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.


Updates mammoth from 1.4.9 to 1.6.0

Changelog

Sourced from mammoth's changelog.

1.6.0

  • Add transformDocument to the TypeScript declarations.

  • Support merged paragraphs when revisions are tracked.

  • Use xmldom instead of sax to parse XML documents. This should remove the need to polyfill stream in the browser.

  • Adjust the internal implementation to remove the use of Buffer on the critical path, and provide APIs to read images and documents with embedded style maps without using Buffer. This should remove the need to polyfill Buffer in the browser. Since TextDecoder is now used, the minimum version of node.js is now v12.

  • Remove the use of the util module. This should remove the need to polyfill util in the browser.

1.5.1

  • Fix: npm 7 changed the behaviour of prepublish, causing the browser build not to be updated before publishing to npm. We now use prepare instead of prepublish, which has the same behaviour that prepublish previously had.

1.5.0

  • Only use the alt text of image elements as a fallback. If an alt attribute is returned from the function passed to mammoth.images.imgElement, that value will now be preferred to the alt text of the image element.

1.4.21

  • Ignore w:u elements when w:val is missing.

1.4.20

  • Emit warning instead of throwing exception when image file cannot be found for a:blip elements.

1.4.19

  • Add TypeScript declarations.

1.4.18

  • When extracting raw text, convert tab elements to tab characters.

  • Handle internal hyperlinks created with complex fields.

  • Update JSZip to 3.2.0. This addresses CVE-2021-23413 in JSZip.

... (truncated)

Commits
  • a975f4c Bump version to 1.6.0
  • 75526ff Update NEWS
  • bb744a1 Check TypeScript declarations are valid
  • b02278f Add additional read methods to Image in TypeScript declarations
  • aabc9cf Update NEWS for removal of polyfills
  • e12c1e5 Add toArrayBuffer when embedding a style map
  • 84fffea Remove mention of polyfills in README
  • ad794b9 Document that read methods return promises
  • 20dda84 Update docs for reading images
  • 82f8d24 Support readAsBuffer() on images
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump underscore and mammoth
6047c3f 
Bumps [underscore](https://github.com/jashkenas/underscore) to 1.13.6 and updates ancestor dependency [mammoth](https://github.com/mwilliamson/mammoth.js). These dependencies need to be updated together.


Updates `underscore` from 1.4.4 to 1.13.6
- [Commits](jashkenas/underscore@1.4.4...1.13.6)

Updates `mammoth` from 1.4.9 to 1.6.0
- [Release notes](https://github.com/mwilliamson/mammoth.js/releases)
- [Changelog](https://github.com/mwilliamson/mammoth.js/blob/master/NEWS)
- [Commits](mwilliamson/mammoth.js@1.4.9...1.6.0)

---
updated-dependencies:
- dependency-name: underscore
  dependency-type: indirect
- dependency-name: mammoth
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants