[Snyk] Upgrade snabbdom from 0.2.8 to 0.7.4

[snyk-bot]

Snyk has created this PR to upgrade snabbdom from 0.2.8 to 0.7.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 28 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2019-12-12.

Release notes

Package name: snabbdom

• 0.7.4 - 2019-12-12
  

  0.7.4

• 0.7.3 - 2018-12-20
  

  v0.7.3

• 0.7.2 - 2018-09-02
  

  Bugfixes

  • Improvements to TypeScript types #364. Thanks to @gfmio.
  • In some cases and browsers the style module would cause elements to not be removed correctly #367. Thanks to @jvanbruegge for fixing this tricky bug.
• 0.7.1 - 2017-12-16
  

  Version 0.7.1

• 0.7.0 - 2017-07-27
  

  Breaking change

  The way Snabbdom handles boolean attributes in the attributes module has been changed. Snabbdom no longer maintains a list of known boolean attributes. Not relying on such a list means that custom boolean attributes are supported, that performance is slightly better, and that the list doesn't have to be kept up to date.

  Whether or not to set a boolean attribute is now determined by looking at the value specified for the attribute. If the value is a boolean (i.e. strictly equal to true or false) it will be handled as a boolean attribute. If you're currently setting boolean attributes with booleans then this change does not affect you.

  h("div", {
    attrs: {
      foo: true // will be set a boolean attribute since `true` is a boolean
      bar: "baz" // will set a normal attribute
    }
  });

  The example above will result in the HTML: <div foo bar="baz" />. Even if bar is actually a boolean attribute. So for instance h("input", { attrs: { required: 12 } }) will no longer set a boolean attribute correctly.

  Previously h("input", { attrs: { required: 0 } }) would result in the HTML <input> since required was a know boolean attribute and 0 is falsey. Per the new behavior the HTML will be <input required="0">. To accomidate for the change always give boolean values for boolean attributes.

  Bugfixes

  • toVNode now handles DocumentFragment which makes it possible to patch into a fragment. #320. Thanks to @staltz.
  • Custom boolean attributes are handled correctly. #314. Thanks to @caridy.
  • Type improvement. VNode key property can be undefined #290. Thanks to @yarom82.
  • Data attributes are checked for existence before deleting. Old behavior caused error in Safari. #313. Thanks to @FeliciousX.

  Performance improvements

  • New handling of boolean attributes. #314. Thanks to @caridy.
• 0.6.9 - 2017-05-19
  

  Bug fixes

  • Fix style delayed and remove to be optional in TypeScript, #295
• 0.6.8 - 2017-05-16
  

  Bug fixes

  • Fix error when class is set by vdom selector in SVG, #217. Thanks to @caesarsol
  • Fix hyperscript to support undefined or null children in TypeScript, #226. Thanks to @ornicar
  • Fix thunk function so it is not called redundantly, #273. Thanks to @caesarsol
  • Improve TypeScript types of VNode props, #264 and #264. Thanks to @mightyiam
  • Fix toVNode() for comment nodes, lacking some fields, #266. Thanks to @staltz

  Performance improvements

  • Improvement for attribute patching, #257. Thanks to @diervo
• 0.6.7 - 2017-03-11
  

  Version 0.6.7

• 0.6.6 - 2017-03-07
  

  Bug fixes

  • The attributes module sets boolean attributes correctly according to the specificaiton. #254. Thanks to @PerWiklander for reporting the bug.
• 0.6.5 - 2017-02-25
  

  This is a patch version with a few bug fixes.

  Bug fixes

  • Fix toVNode() to handle text nodes correctly, #252. Thanks to @Steelfish
  • Fix dataset module to support old browsers, such as IE10. Thanks @staltz
  • Fix "create element" workflow to align with "update element" workflow, #234. Thanks @caridy
• 0.6.4 - 2017-02-09
• 0.6.3 - 2017-01-16
• 0.6.2 - 2017-01-16
• 0.6.1 - 2017-01-05
• 0.6.0 - 2017-01-05
• 0.5.4 - 2016-10-20
• 0.5.3 - 2016-09-09
• 0.5.2 - 2016-09-03
• 0.5.1 - 2016-07-21
• 0.5.0 - 2016-05-17
• 0.4.2 - 2016-03-14
• 0.4.1 - 2016-03-13
• 0.4.0 - 2016-03-04
• 0.3.4 - 2016-02-26
• 0.3.3 - 2016-02-15
• 0.3.2 - 2016-02-12
• 0.3.1 - 2016-01-23
• 0.3.0 - 2016-01-11
• 0.2.8 - 2015-12-15

from snabbdom GitHub release notes

Commit messages

Package name: snabbdom

• b39ada9 0.7.4
• 54b6b45 Merge pull request #449 from snabbdom/enable-ci-browsers
• 6e86a5a Merge pull request #460 from jvanbruegge/fix-animation-end
• f307db4 Fix element removal on transition end in Firefox70
• 3f85807 Merge pull request #452 from snabbdom/nodejs_version
• 98e9cdb chore: update nodejs versions
• e77ecfc Merge pull request #456 from snabbdom/package-json-husky-indent
• 79098d3 style: fix package.json husky field indent
• 179940d Merge pull request #453 from snabbdom/husky
• 9033c58 chore: git pre-commit hook npm test
• dcbc1e1 Revert "Disable failing browsers in CI configuration"
• f2b83d1 Merge pull request #448 from kl2134/firefox-transitionend-test-error-fix
• 529b46c test: use transitionend instead of settimeout
• 64c9bfe Merge pull request #446 from kl2134/update-karma-firefox-launcher
• 3e87660 test: update karma-firefox-launcher
• d3d4f08 Remove unused testem configuration
• ae3703d Add travis badge to readme and BrowserStack message
• 47f3afd Merge pull request #444 from snabbdom/disable-browsers-in-ci
• 7e09d27 Disable failing browsers in CI configuration
• 66f2e18 Merge pull request #443 from jvanbruegge/fix-http-browserstack
• 1ca1584 Remove travis browserstack addon to fix HTTP error
• b40ab1c Merge pull request #427 from mightyiam/npm-test-command-karma-start
• 63a0c04 Merge pull request #400 from jvanbruegge/finishCI
• 8787d60 Merge pull request #392 from trusktr/patch-1

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected security issues in this pull request:

Vulnerable Libraries (1)

• lodash@3.6.0 upgrade to >=4.17.12

More info on how to fix Vulnerable Libraries in Javascript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.