Bumps [clap](https://github.com/clap-rs/clap) from 3.1.9 to 3.1.10.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p>
<blockquote>
<h2>[3.1.10] - 2022-04-19</h2>
<h3>Featues</h3>
<ul>
<li>Expose <code>Command::build</code> for custom help generation or other command introspection needs</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="0194568b03"><code>0194568</code></a> chore: Release</li>
<li><a href="62b1e4874a"><code>62b1e48</code></a> docs: Update changelog</li>
<li><a href="c818ef401d"><code>c818ef4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3642">#3642</a> from epage/build</li>
<li><a href="8f182067e3"><code>8f18206</code></a> feat(clap): Publicly expose <code>Command::build</code></li>
<li><a href="eddc04cbcc"><code>eddc04c</code></a> chore: Release</li>
<li><a href="84bcab77e5"><code>84bcab7</code></a> docs: Update changelog</li>
<li><a href="83f1b165ba"><code>83f1b16</code></a> perf(lex): Drop a dependency</li>
<li>See full diff in <a href="https://github.com/clap-rs/clap/compare/v3.1.9...v3.1.10">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
<!---
Thank you for contributing to Boa! Please fill out the template below, and remove or add any
information as you feel neccesary.
--->
This Pull Request provides initial implementation for DateTimeFormat constructor. It relates to #1562.
It changes the following:
- Adds `Intl.DateTimeFormat` property
- Partially implements `DateTimeFormat` constructor (`InitializeDateTimeFormat` step is postponed).
- Introduces `ObjectData::DateTimeFormat`
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.8 to 3.1.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p>
<blockquote>
<h2>v3.1.9</h2>
<h2>[3.1.9] - 2022-04-15</h2>
<h3>Fixes</h3>
<ul>
<li>Pin the <code>clap_derive</code> version so a compatible version is always used with <code>clap</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p>
<blockquote>
<h2>[3.1.9] - 2022-04-15</h2>
<h3>Fixes</h3>
<ul>
<li>Pin the <code>clap_derive</code> version so a compatible version is always used with <code>clap</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="7598c000f9"><code>7598c00</code></a> chore: Release</li>
<li><a href="d05c5dac41"><code>d05c5da</code></a> docs: Update changelog</li>
<li><a href="4abf9d7f2e"><code>4abf9d7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3636">#3636</a> from epage/derive</li>
<li><a href="027f2511c6"><code>027f251</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3634">#3634</a> from turrisxyz/naveen/feat/set-perms-actions</li>
<li><a href="ed57342bdd"><code>ed57342</code></a> fix(derive): Couple derive version to clap</li>
<li><a href="297b9cf594"><code>297b9cf</code></a> chore: Release</li>
<li><a href="b3cbfd0ae0"><code>b3cbfd0</code></a> docs(man): Update changelog</li>
<li><a href="7849c35a3e"><code>7849c35</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3635">#3635</a> from epage/port</li>
<li><a href="15d8b3b0cd"><code>15d8b3b</code></a> style: Make clippy happy</li>
<li><a href="2f0d91688a"><code>2f0d916</code></a> docs(lex): Fix links</li>
<li>Additional commits viewable in <a href="https://github.com/clap-rs/clap/compare/v3.1.8...v3.1.9">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [test262](https://github.com/tc39/test262) from `d7c0a20` to `f0bf5df`.
<details>
<summary>Commits</summary>
<ul>
<li><a href="f0bf5dfcea"><code>f0bf5df</code></a> parseInt: fix description typo</li>
<li><a href="4bbe20d52c"><code>4bbe20d</code></a> add missing TypedArray feature</li>
<li><a href="33a5433d1b"><code>33a5433</code></a> Temporal: PlainDateTime: Port Demitasse <code>until</code> and <code>since</code> tests</li>
<li><a href="84679fd7ed"><code>84679fd</code></a> Temporal: Add a test for PlainDateTime#withPlainDate with intl calendars. (<a href="https://github-redirect.dependabot.com/tc39/test262/issues/3">#3</a>...</li>
<li><a href="ff5af6fccf"><code>ff5af6f</code></a> Temporal: Consolidate tests for invalid string argument to round().</li>
<li><a href="1c19242ae4"><code>1c19242</code></a> Remove check for per-iteration detach check in TypedArray.prototype.set</li>
<li><a href="4dafd2158b"><code>4dafd21</code></a> Temporal: Remove some stray arguments to TemporalHelpers.assertDuration.</li>
<li><a href="c35ae2099d"><code>c35ae20</code></a> Temporal: Some more tests for PlainDateTime#with. (<a href="https://github-redirect.dependabot.com/tc39/test262/issues/3481">#3481</a>)</li>
<li><a href="d9616ed91f"><code>d9616ed</code></a> Add tests for direction of rounding functionality</li>
<li><a href="3905c0c80a"><code>3905c0c</code></a> Expand toString() rounding tests from PlainTime to cover other types</li>
<li>Additional commits viewable in <a href="d7c0a2076c...f0bf5dfcea">compare view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
It changes the following:
- `Symbol` object has `[[Construct]]` internal method
- Fix and comment step 1 in `Symbol` constructor.
- Implement step 1 in `BigInt` constructor.
Bumps [rayon](https://github.com/rayon-rs/rayon) from 1.5.1 to 1.5.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/rayon-rs/rayon/blob/master/RELEASES.md">rayon's changelog</a>.</em></p>
<blockquote>
<h1>Release rayon 1.5.2 / rayon-core 1.9.2 (2022-04-13)</h1>
<ul>
<li>The new <code>ParallelSlice::par_rchunks()</code> and <code>par_rchunks_exact()</code> iterate
slice chunks in reverse, aligned the against the end of the slice if the
length is not a perfect multiple of the chunk size. The new
<code>ParallelSliceMut::par_rchunks_mut()</code> and <code>par_rchunks_exact_mut()</code> are the
same for mutable slices.</li>
<li>The <code>ParallelIterator::try_*</code> methods now support <code>std::ops::ControlFlow</code> and
<code>std::task::Poll</code> items, mirroring the unstable <code>Try</code> implementations in the
standard library.</li>
<li>The <code>ParallelString</code> pattern-based methods now support <code>&[char]</code> patterns,
which match when any character in that slice is found in the string.</li>
<li>A soft limit is now enforced on the number of threads allowed in a single
thread pool, respecting internal bit limits that already existed. The current
maximum is publicly available from the new function <code>max_num_threads()</code>.</li>
<li>Fixed several Stacked Borrow and provenance issues found by <code>cargo miri</code>.</li>
</ul>
<h2>Contributors</h2>
<p>Thanks to all of the contributors for this release!</p>
<ul>
<li><a href="https://github.com/atouchet"><code>@atouchet</code></a></li>
<li><a href="https://github.com/bluss"><code>@bluss</code></a></li>
<li><a href="https://github.com/cuviper"><code>@cuviper</code></a></li>
<li><a href="https://github.com/fzyzcjy"><code>@fzyzcjy</code></a></li>
<li><a href="https://github.com/nyanzebra"><code>@nyanzebra</code></a></li>
<li><a href="https://github.com/paolobarbolini"><code>@paolobarbolini</code></a></li>
<li><a href="https://github.com/RReverser"><code>@RReverser</code></a></li>
<li><a href="https://github.com/saethlin"><code>@saethlin</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/rayon-rs/rayon/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This Pull Request fixes a faulty cast for `Array.splice`.
Negative values for delete_count were being directly casted to usize, which was not the intended behavior. This pull request fixes the issue by using a fallible conversion, defaulting to 0 if the conversion fails.
It changes the following:
- Replace cast in `Array.splice` prototype method with fallible conversion.
Bumps [test262](https://github.com/tc39/test262) from `926b096` to `d7c0a20`.
<details>
<summary>Commits</summary>
<ul>
<li><a href="d7c0a2076c"><code>d7c0a20</code></a> Remove check for per-comparator call detach check in TypedArray.prototype.sort</li>
<li><a href="3ac6b73369"><code>3ac6b73</code></a> Add test that TypedArray.prototype.set doesn't throw if a getter for an eleme...</li>
<li><a href="8b29141224"><code>8b29141</code></a> Remove check for per-iteration detach check in TypedArray.prototype.set</li>
<li><a href="f60d7cf67d"><code>f60d7cf</code></a> fixup! Fix false negative in for-in test</li>
<li><a href="384a4e1368"><code>384a4e1</code></a> Fix false negative in for-in test</li>
<li><a href="3c88e9b619"><code>3c88e9b</code></a> Fix false negative in for-in test</li>
<li><a href="833a784f20"><code>833a784</code></a> Tests for computing PlainYearMonth addition and subtraction in correct calend...</li>
<li><a href="c58ac691eb"><code>c58ac69</code></a> Test that "infinity" is not recognized as numeric</li>
<li><a href="c572588ea9"><code>c572588</code></a> Test that "INFINITY" is not recognized as numeric</li>
<li><a href="51822ff2d8"><code>51822ff</code></a> Update Symbol.species tests for TypedArray constructor</li>
<li>Additional commits viewable in <a href="926b0960d7...d7c0a2076c">compare view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This Pull Request changes the following:
- Remove syntax error for unicode escaped characters in keywords from the lexer.
- Adjust the lexer tokens for keywords to indicate if they contain unicode escaped characters.
- Throw syntax errors in parser, when keywords cannot contain unicode escaped characters.
This Pull Request changes the following:
- Allow `Initializer` after `ArrayBindingPattern` in `FormalParameter`
- Refactor `Initializer` detection in `FormalParameter` to avoid clones
This Pull Request changes the following:
- Allow `PropertyName`s in `BindingProperty`in `ObjectBindingPattern`. Previously only `BindingIdentifier`s where allowed.
This Pull Request supersedes #2018 and #2017.
It changes the following:
- Updates the wasm-bindgen dependency now that a new version without the clippy bug has been released
- Updates all dependencies to their latest versions
`ArrayBuffer.isView()` should check whether the object contains a `[[ViewedArrayBuffer]]` internal slot, which `DataView` has.
It changes the following:
- Fix `ArrayBuffer.isView()`
Bumps [webpack](https://github.com/webpack/webpack) from 5.71.0 to 5.72.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/webpack/webpack/releases">webpack's releases</a>.</em></p>
<blockquote>
<h2>v5.72.0</h2>
<h1>Features</h1>
<ul>
<li>make cache warnings caused by build errors less verbose</li>
<li>Allow banner to be placed as a footer with the BannerPlugin</li>
<li>allow to concatenate asset modules</li>
</ul>
<h1>Bugfixes</h1>
<ul>
<li>fix RemoteModules when using HMR (Module Federation + HMR)</li>
<li>throw error when using module concatenation and cacheUnaffected</li>
<li>fix <code>in</code> operator with nested exports</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d3a0f8de03"><code>d3a0f8d</code></a> 5.72.0</li>
<li><a href="360373d76e"><code>360373d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15563">#15563</a> from cool-little-fish/fix-12408</li>
<li><a href="b9b73c5418"><code>b9b73c5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15634">#15634</a> from webpack/fix/issue-15633</li>
<li><a href="216c3daa4e"><code>216c3da</code></a> fix ExportsInfo</li>
<li><a href="cb639b3efc"><code>cb639b3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15624">#15624</a> from webpack/add-warning-when-cache-unaffected-and-...</li>
<li><a href="c38caa2d82"><code>c38caa2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15515">#15515</a> from webpack/feat/concatenate-assets</li>
<li><a href="99a5793ca8"><code>99a5793</code></a> throw error when using module concatenation and cacheUnaffected</li>
<li><a href="19d1a9384e"><code>19d1a93</code></a> fix lint and tests</li>
<li><a href="05ebf5bba6"><code>05ebf5b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15617">#15617</a> from DavidTanner/bannerAsFooter</li>
<li><a href="2a58ce7883"><code>2a58ce7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15542">#15542</a> from wangjinyang/bugfix/mf-hmr-error</li>
<li>Additional commits viewable in <a href="https://github.com/webpack/webpack/compare/v5.71.0...v5.72.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This Pull Request fixes/closes #337.
It changes the following:
- Implement class declaration parsing.
- Implement class expression parsing.
- Implement class execution.
There are still some features like `super` missing and there are some early errors that are not implemented yet. But I think it makes sense to merge this, as we can branch out the missing features from here.
This Pull Request fixes `byteLength` for `ArrayBuffer`. It should be an accessor property rather than a method, per the spec.
It changes the following:
- Removes `byteLength` method for `ArrayBuffer` built-in.
- Add `byteLength` accessor property for `ArrayBuffer`.
- Change `byte_length` function name to `get_byte_length`, to match other function names used for accessor properties.
Bumps [test262](https://github.com/tc39/test262) from `0bccacd` to `926b096`.
<details>
<summary>Commits</summary>
<ul>
<li><a href="926b0960d7"><code>926b096</code></a> update nfv3 test for roundingIncrement (<a href="https://github-redirect.dependabot.com/tc39/test262/issues/3441">#3441</a>)</li>
<li><a href="4c7c24646a"><code>4c7c246</code></a> Check a variety of offset Etc/GMT timezones (<a href="https://github-redirect.dependabot.com/tc39/test262/issues/3403">#3403</a>)</li>
<li><a href="fe40aea50c"><code>fe40aea</code></a> Emit fallback day 1</li>
<li><a href="9aaa22cb06"><code>9aaa22c</code></a> Ensure fallback years values are present</li>
<li><a href="ee1f96235b"><code>ee1f962</code></a> Ensure reference data is emitted when calendarName = 'always'</li>
<li><a href="76b0bafba6"><code>76b0baf</code></a> Update test/built-ins/Temporal/Duration/compare/twenty-five-hour-day.js</li>
<li><a href="2aa754b7cf"><code>2aa754b</code></a> Add test for DST balancing</li>
<li><a href="3ab8adc237"><code>3ab8adc</code></a> Require String.prototype.localeCompare to check for canonical equivalence</li>
<li><a href="3eea1a7959"><code>3eea1a7</code></a> Add tests for various invalid ISO strings for PlainDate</li>
<li><a href="ad74a4ebba"><code>ad74a4e</code></a> Rename some "argument-string" tests to be more specific</li>
<li>Additional commits viewable in <a href="0bccacda69...926b0960d7">compare view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [webpack](https://github.com/webpack/webpack) from 5.70.0 to 5.71.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/webpack/webpack/releases">webpack's releases</a>.</em></p>
<blockquote>
<h2>v5.71.0</h2>
<h1>Features</h1>
<ul>
<li>choose smarter default for <code>uniqueName</code> when using a <code>output.library</code> which includes placeholders</li>
<li>add support for expressions with <code>in</code> of a imported binding</li>
<li>generate UMD code with arrow functions when possible</li>
</ul>
<h1>Bugfixes</h1>
<ul>
<li>fix source map source names for ContextModule to be relative</li>
<li>fix <code>chunkLoading</code> option in module module</li>
<li>fix edge case where <code>evaluateExpression</code> returns <code>null</code></li>
<li>retain optional chaining in imported bindings</li>
<li>include runtime code for the base URI even if not using chunk loading</li>
<li>don't throw errors in persistent caching when importing node.js builtin modules via ESM</li>
<li>fix crash when using <code>lazy-once</code> Context modules</li>
<li>improve handling of context modules with multiple contexts</li>
<li>fix race condition HMR chunk loading when importing chunks during HMR updating</li>
<li>handle errors in <code>runAsChild</code> callback</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c2079f7e76"><code>c2079f7</code></a> 5.71.0</li>
<li><a href="4a0937fdd0"><code>4a0937f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15578">#15578</a> from webpack/feat/catch-error-in-run-as-child</li>
<li><a href="c3f5897df9"><code>c3f5897</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15586">#15586</a> from webpack/bugfix/chunk-load-during-hmr</li>
<li><a href="c4f1e4e9f0"><code>c4f1e4e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15611">#15611</a> from webpack/bugfix/esm-build-deps</li>
<li><a href="ab40959467"><code>ab40959</code></a> support node.js builtin modules in esm build dependencies</li>
<li><a href="e1179bf9bb"><code>e1179bf</code></a> fix egde case where a HMR chunk is incorrectly downloaded when loading a unch...</li>
<li><a href="2c200d1656"><code>2c200d1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15585">#15585</a> from webpack/refactor/support-context-in-dependency</li>
<li><a href="3929e688a4"><code>3929e68</code></a> fix discussions</li>
<li><a href="129477d11d"><code>129477d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15536">#15536</a> from webpack/fix/issue-15518</li>
<li><a href="5d8a9719ca"><code>5d8a971</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/webpack/issues/15551">#15551</a> from webpack/fix/issue-15545</li>
<li>Additional commits viewable in <a href="https://github.com/webpack/webpack/compare/v5.70.0...v5.71.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.7 to 3.1.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p>
<blockquote>
<h2>v3.1.8</h2>
<h2>[3.1.8] - 2022-04-01</h2>
<h3>Fixes</h3>
<ul>
<li>Add <code>Debug</code> impls to more types</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p>
<blockquote>
<h2>[3.1.8] - 2022-04-01</h2>
<h3>Fixes</h3>
<ul>
<li>Add <code>Debug</code> impls to more types</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="08f74046dc"><code>08f7404</code></a> chore: Release</li>
<li><a href="6aa40ad2cb"><code>6aa40ad</code></a> docs: Update changelog</li>
<li><a href="732830a98c"><code>732830a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3598">#3598</a> from dragonrider7225/bring-back-debug-impls</li>
<li><a href="17fed36da3"><code>17fed36</code></a> fix: Bring forward Debug impls from v2</li>
<li>See full diff in <a href="https://github.com/clap-rs/clap/compare/v3.1.7...v3.1.8">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
<!---
Thank you for contributing to Boa! Please fill out the template below, and remove or add any
information as you feel neccesary.
--->
This Pull Request fixes/closes #1989.
It changes the following:
- Implements From<f32> for JsValue
Acked-by: Taylor Sutton <tsutton125@gmail.com>
This Pull Request fixes/closes #1998
The call to retrieve operands modifies pc, setting it to the index of
the *next* instruction. So, we save its initial value and use that
for printing.
Bumps [clap](https://github.com/clap-rs/clap) from 3.1.6 to 3.1.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/releases">clap's releases</a>.</em></p>
<blockquote>
<h2>v3.1.7</h2>
<h2>[3.1.7] - 2022-03-31</h2>
<h3>Fixes</h3>
<ul>
<li><code>*(derive)* Abort, rather than ignore, when deriving </code>ArgEnum` with non-unit unskipped variants</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's changelog</a>.</em></p>
<blockquote>
<h2>[3.1.7] - 2022-03-31</h2>
<h3>Fixes</h3>
<ul>
<li><code>*(derive)* Abort, rather than ignore, when deriving </code>ArgEnum` with non-unit unskipped variants</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c75d2642ef"><code>c75d264</code></a> chore: Release</li>
<li><a href="b774370565"><code>b774370</code></a> docs: Update changelog</li>
<li><a href="71ef8878c5"><code>71ef887</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3591">#3591</a> from Shir0kamii/fix-ArgEnum-non-unit</li>
<li><a href="fb4755d1c3"><code>fb4755d</code></a> feat(derive): Don't abort when non-unit variant is skipped</li>
<li><a href="ee3d12ec56"><code>ee3d12e</code></a> fix(derive): Abort on non-unit variant</li>
<li><a href="06f855f2ab"><code>06f855f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3582">#3582</a> from ducaale/fix-docs</li>
<li><a href="d55e46f65f"><code>d55e46f</code></a> docs(mangen): Fix docs for Man::section()</li>
<li><a href="731d18f300"><code>731d18f</code></a> docs(examples): Fix help output</li>
<li><a href="6835dfa978"><code>6835dfa</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/clap-rs/clap/issues/3577">#3577</a> from samueltardieu/fix-arg-help-doc</li>
<li><a href="ef3c2c73d5"><code>ef3c2c7</code></a> docs: arg! macro uses double quotes for help string</li>
<li>Additional commits viewable in <a href="https://github.com/clap-rs/clap/compare/v3.1.6...v3.1.7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [indexmap](https://github.com/bluss/indexmap) from 1.8.0 to 1.8.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/bluss/indexmap/blob/master/RELEASES.md">indexmap's changelog</a>.</em></p>
<blockquote>
<ul>
<li>
<p>1.8.1</p>
<ul>
<li>The new <code>IndexSet::replace_full</code> will return the index of the item along
with the replaced value, if any, by <a href="https://github.com/zakcutner"><code>@zakcutner</code></a> in PR <a href="https://github-redirect.dependabot.com/bluss/indexmap/pull/222">222</a>.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="275379c489"><code>275379c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/bluss/indexmap/issues/222">#222</a> from zakcutner/replace-full</li>
<li><a href="12162abeb0"><code>12162ab</code></a> Release 1.8.1</li>
<li><a href="feb816c4b8"><code>feb816c</code></a> Add a <code>replace_full</code> method on <code>IndexSet</code></li>
<li><a href="d6a9dd6c91"><code>d6a9dd6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/bluss/indexmap/issues/218">#218</a> from erickt/miri</li>
<li><a href="4dd6619b4c"><code>4dd6619</code></a> Add miri builder</li>
<li><a href="10ee11e56c"><code>10ee11e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/bluss/indexmap/issues/216">#216</a> from cuviper/dev-dependencies</li>
<li><a href="98de9abe37"><code>98de9ab</code></a> Update dev-dependencies</li>
<li>See full diff in <a href="https://github.com/bluss/indexmap/compare/1.8.0...1.8.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This removes the only use of the `git2` and `hex` dependencies by reading the test262 submodule commit id directly from the `.git` directory.
Because `git2` depends on a lot of other crates, this removes a bunch of dependencies.
This Pull Request lets true/false/null be used as object property identifiers, when using dot assignment.
`foo.null = 'bar';`
It changes the following:
- AST parsing of member expressions
Trying to fix the issue in #1982, I noticed that we didn't have a proper error handling for the boa tester.
This adds the `anyhow` dependency to the tester, which makes it much easier to handle errors and bubble them up with attached context. Thanks to this I was able to easily find out the issue, and I think it could be useful to have it. It gives errors such as this one:
```
Error: could not read the suite test
caused by: error reading sub-suite ./test262/test/built-ins
caused by: error reading sub-suite ./test262/test/built-ins/ShadowRealm
caused by: error reading sub-suite ./test262/test/built-ins/ShadowRealm/WrappedFunction
caused by: error reading test ./test262/test/built-ins/ShadowRealm/WrappedFunction/throws-typeerror-on-revoked-proxy.js
caused by: while scanning a block scalar, found a tab character where an indentation space is expected at line 4 column 3
caused by: while scanning a block scalar, found a tab character where an indentation space is expected at line 4 column 3
```
This Pull Request fixes length properties on multiple array prototype methods that were including rest parameters in the count. More tests should pass.
It changes the following:
- Length properties on some array prototype methods
This Pull Request fixes/closes #1645.
It changes the following:
- Add `features` field to `SuiteResult` structure
- Fetch features from `TestSuite` and propagate them via `SuiteResult`
- Add `FeaturesInfo` structure and serialize it to `features.json`
This Pull Request makes the non-octal-decimal-integer test pass. The test would previously fail for values with multiple leading zeroes.
It changes the following:
- Number lexer
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
<details>
<summary>Commits</summary>
<ul>
<li><a href="7efb22a518"><code>7efb22a</code></a> 1.2.6</li>
<li><a href="ef88b9325f"><code>ef88b93</code></a> security notice for additional prototype pollution issue</li>
<li><a href="c2b981977f"><code>c2b9819</code></a> isConstructorOrProto adapted from PR</li>
<li><a href="bc8ecee438"><code>bc8ecee</code></a> test from prototype pollution PR</li>
<li>See full diff in <a href="https://github.com/substack/minimist/compare/1.2.5...1.2.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/boa-dev/boa/network/alerts).
</details>
`Node::DoWhileLoop` ast node had a buggy bytecode generation where `self.patch_jump(exit)` was called after emitting `LoopEnd` opcode. This would patch the loop exit to the instruction following the do while code, which would panic in cases where do while was enclosed in a block statement.
This Pull Request fixes#1929.
It changes the following:
- Patch jump before emitting `Opcode::LoopEnd`
- Add test which has do while statement inside a block statement to demonstrate that the change fixes the panic.
This Pull Request fixes/closes #1962.
It changes the following:
- When executing arithmetic operations on `JsValue`s, try to use integer operations and fallback to `f64` operations on error.
- Adds tests for serde_json conversions from integer operations.
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.2.1 to 1.3.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's changelog</a>.</em></p>
<blockquote>
<h2>1.3.0 - 2022-03-17</h2>
<h3>Security</h3>
<ul>
<li>Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa
Yahyazadeh (<a href="mailto:moosa-yahyazadeh@uiowa.edu">moosa-yahyazadeh@uiowa.edu</a>).</li>
<li><strong>HIGH</strong>: Leniency in checking <code>digestAlgorithm</code> structure can lead to
signature forgery.
<ul>
<li>The code is lenient in checking the digest algorithm structure. This can
allow a crafted structure that steals padding bytes and uses unchecked
portion of the PKCS#1 encoded message to forge a signature when a low
public exponent is being used. For more information, please see
<a href="https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/">"Bleichenbacher's RSA signature forgery based on implementation
error"</a>
by Hal Finney.</li>
<li>CVE ID: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771">CVE-2022-24771</a></li>
<li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765">GHSA-cfm4-qjh2-4765</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: Failing to check tailing garbage bytes can lead to signature
forgery.
<ul>
<li>The code does not check for tailing garbage bytes after decoding a
<code>DigestInfo</code> ASN.1 structure. This can allow padding bytes to be removed
and garbage data added to forge a signature when a low public exponent is
being used. For more information, please see <a href="https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/">"Bleichenbacher's RSA
signature forgery based on implementation
error"</a>
by Hal Finney.</li>
<li>CVE ID: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772">CVE-2022-24772</a></li>
<li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g">GHSA-x4jg-mjrx-434g</a></li>
</ul>
</li>
<li><strong>MEDIUM</strong>: Leniency in checking type octet.
<ul>
<li><code>DigestInfo</code> is not properly checked for proper ASN.1 structure. This can
lead to successful verification with signatures that contain invalid
structures but a valid digest.</li>
<li>CVE ID: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773">CVE-2022-24773</a></li>
<li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr">GHSA-2r2c-g63r-vccr</a></li>
</ul>
</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>[asn1] Add fallback to pretty print invalid UTF8 data.</li>
<li>[asn1] <code>fromDer</code> is now more strict and will default to ensuring all input
bytes are parsed or throw an error. A new option <code>parseAllBytes</code> can disable
this behavior.
<ul>
<li><strong>NOTE</strong>: The previous behavior is being changed since it can lead to
security issues with crafted inputs. It is possible that code doing custom
DER parsing may need to adapt to this new behavior and optional flag.</li>
</ul>
</li>
<li>[rsa] Add and use a validator to check for proper structure of parsed ASN.1
<code>RSASSA-PKCS-v1_5</code> <code>DigestInfo</code> data. Additionally check that the hash
algorithm identifier is a known value from RFC 8017
<code>PKCS1-v1-5DigestAlgorithms</code>. An invalid <code>DigestInfo</code> or algorithm identifier
will now throw an error.
<ul>
<li><strong>NOTE</strong>: The previous lenient behavior is being changed to be more strict
since it could lead to security issues with crafted inputs. It is possible
that code may have to handle the errors from these stricter checks.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="6c5b90133d"><code>6c5b901</code></a> Release 1.3.0.</li>
<li><a href="0f3972ad58"><code>0f3972a</code></a> Update changelog.</li>
<li><a href="dc77b39dd3"><code>dc77b39</code></a> Fix error checking.</li>
<li><a href="bb822c02df"><code>bb822c0</code></a> Add advisory links.</li>
<li><a href="d4395fec83"><code>d4395fe</code></a> Update changelog.</li>
<li><a href="a4405bb9d6"><code>a4405bb</code></a> Improve signature verification tests.</li>
<li><a href="aa9372d6dd"><code>aa9372d</code></a> Add missing RFC 8017 algorithm identifiers.</li>
<li><a href="3f0b49a057"><code>3f0b49a</code></a> Fix signature verification issues.</li>
<li><a href="c20f309311"><code>c20f309</code></a> Adjust remaining length.</li>
<li><a href="e27f61230f"><code>e27f612</code></a> Remove unused option.</li>
<li>Additional commits viewable in <a href="https://github.com/digitalbazaar/forge/compare/v1.2.1...v1.3.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/boa-dev/boa/network/alerts).
</details>
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<ul>
<li>
<p>This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via <a href="https://docs.github.com/en/enterprise-server@3.0/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect">github connect</a> or manually copying the repo to their GHES instance.</p>
</li>
<li>
<p>Few dependencies and cache action usage examples have also been updated.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4b0cf6cc46"><code>4b0cf6c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/769">#769</a> from actions/users/ashwinsangem/bump_major_version</li>
<li><a href="60c606a2b4"><code>60c606a</code></a> Update licensed files</li>
<li><a href="b6e9a919a7"><code>b6e9a91</code></a> Revert "Updated to the latest version."</li>
<li><a href="c842503583"><code>c842503</code></a> Updated to the latest version.</li>
<li><a href="2b7da2a62c"><code>2b7da2a</code></a> Bumped up to a major version.</li>
<li><a href="deae296ab3"><code>deae296</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/651">#651</a> from magnetikonline/fix-golang-windows-example</li>
<li><a href="c7c46bcb6d"><code>c7c46bc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/707">#707</a> from duxtland/main</li>
<li><a href="6535c5fb5f"><code>6535c5f</code></a> Regenerated <code>examples.md</code> TOC</li>
<li><a href="3fdafa472e"><code>3fdafa4</code></a> Update GitHub Actions status badge markdown in <code>README.md</code></li>
<li><a href="341e6d75d9"><code>341e6d7</code></a> Merge branch 'actions:main' into fix-golang-windows-example</li>
<li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/v2.1.7...v3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
dependabot[bot]
NorbertGarfield
Halid Odat
lupd
raskad
Iban Eguia
Jordan Last
Taylor Sutton
pd
jedel1043