[Snyk] Upgrade config from 3.3.3 to 4.1.1 #31
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade config from 3.3.3 to 4.1.1. See this package in npm: config See this project in Snyk: https://app.snyk.io/org/denisecase/project/2297d3a9-c4de-4ddf-b3f6-e99eee85f2ed?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade config from 3.3.3 to 4.1.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 12 versions ahead of your current version.
The recommended version was released 5 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-JSON5-3182856
SNYK-JS-MINIMIST-2429795
Release notes
Package name: config
-
4.1.1 - 2025-08-15
- Remove vows from tests. by @ jdmarshall in #854
-
4.1.0 - 2025-07-23
- Config.getSources() no longer contains files read by parseFile outside of the load process
- when
- Config.getSources() now agrees with
- #687 - you can now have deferConfig lines in submodules
- #822 - setModuleDefaults calls are now additive (slightly higher memory usage for defaults as a consequence)
- #827 - more accurate tracking of sources
-
4.0.1 - 2025-07-15
- Finished extraction of util functions to lib/util.js
- Documentation of how to utilize this code for testing, or to drive
-
4.0.0 - 2025-05-14
- removes the unused
- removes deprecated support for loading runtime.[ext] files.
- changes the load order of APP_INSTANCE files to match other file sets
- ci: add unit tests to PR CI by @ jeremy-daley-kr in #776
- fix: bypass Proxy for RegExp and Date objects by @ jeremy-daley-kr in #775
- fix: add runs-on to pr ci tests by @ jeremy-daley-kr in #778
- feat: add
- Fix GH-746 - Loading config files order with APP_INSTANCE by @ sgaestel in #747
- Add nyc for code coverage by @ jdmarshall in #788
- Remove all references to runtime.json and runtime config by @ ZachFontenot in #782
- Fix over-recursion in async and deferred processing by @ jdmarshall in #792
- Replace arguments fiddling with spread operator. by @ jdmarshall in #791
- drop stripComments - dead code by @ markstos in #794
- Add mjs support by @ jdmarshall in #800
- Fix for empty entries in NODE_CONFIG_DIR by @ jdmarshall in #798
- Add support for jsonc file extension by @ rerodrigues in #802
- @ jeremy-daley-kr made their first contribution in #776
- @ daleyjem made their first contribution in #779
- @ sgaestel made their first contribution in #747
- @ ZachFontenot made their first contribution in #782
- @ rerodrigues made their first contribution in #802
-
3.3.12 - 2024-06-25
- Remove usage of deprecated utils to fix warnings in Node 22 by @ KidkArolis in #764
- @ KidkArolis made their first contribution in #764
-
3.3.11 - 2024-02-01
- fix: webpack bundling compatibility by @ cbazureau in #757
- @ cbazureau made their first contribution in #757
-
3.3.10 - 2024-01-09
- replace var to let and const by @ jamashita in #720
- refactor: 💡 xxx === undefined => typeof xxx === 'undefined' by @ jamashita in #729
- Fix source maps when using ts config files, improve performance loading ts config files by @ andrzej-woof in #721
- fix: lack of comments removal, invalid regexp by @ DeutscherDude in #745
- @ jamashita made their first contribution in #720
- @ andrzej-woof made their first contribution in #721
- @ DeutscherDude made their first contribution in #745
-
3.3.9 - 2023-01-17
- Support loading transpiled JS config files by @ Tomas2D in #692
- fix(vulnerability): upgrade json5 version from 2.2.1 to 2.2.2 by @ veekays in #713
- @ Tomas2D made their first contribution in #692
- @ veekays made their first contribution in #713
-
3.3.8 - 2022-09-09
- bump json5 dep to 2.2.1
- Cleanup of file scoped environment variables by @ jdmarshall in #667
- Allow multiple relative directory paths separated by path.delimiter to work by @ inside in #661
- Reentrancy bugs by @ jdmarshall in #668
- Fixed property mutation. Throw an exception on such an attempt. Updat… by @ fgheorghe in #516
- docs: update copyright & fix misspelling by @ DigitalGreyHat in #677
- @ jdmarshall made their first contribution in #667
- @ inside made their first contribution in #661
- @ DigitalGreyHat made their first contribution in #677
-
3.3.7 - 2022-01-11
- No code changes. Resolving versioning / release mix-up
-
3.3.6 - 2021-03-08
-
3.3.4 - 2021-02-27
-
3.3.3 - 2020-11-26
from config GitHub release notesWhat's Changed
This release includes only test and devDependency changes
Full Changelog: v4.1.0...v4.1.1
Breaking Changes
Several bugs were fixed that a user code might theoretically rely on, but most likely not:
setModuleDefaults('modulename', ...)is called twice, the second call can overwrite values from the firstsetModuleDefaults, no matter how often it is calledWhat's Changed
Bugs fixed:
This release finalizes some work to extract 'util' functionality from lib/config.js into lib/util.js.
Breaking Changes
None known
What's Changed
setModuleDefaults()This release adds support for .jsonc and .mjs files. Note that MJS support requires Node 24 or recent patch releases of 20 or 22.
Breaking Changes
stripComments()functionWhat's Changed
gettrap to Proxy for agnostic prototype access by @ daleyjem in #779New Contributors
Full Changelog: v3.3.12...v4.0.0
What's Changed
New Contributors
Full Changelog: v3.3.11...v3.3.12
What's Changed
New Contributors
Full Changelog: v3.3.10...v3.3.11
What's Changed
New Contributors
Full Changelog: v3.3.9...v3.3.10
What's Changed
New Contributors
Full Changelog: v3.3.8...v3.3.9
What's Changed
New Contributors
Full Changelog: v3.3.7...v3.3.8
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: