Bump url-parse from 1.5.7 to 1.5.10 in /examples/canvas_webgl_minimal/www
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.7 to 1.5.10.
<details>
<summary>Commits</summary>
<ul>
<li><a href="8cd4c6c643"><code>8cd4c6c</code></a> 1.5.10</li>
<li><a href="ce7a01f2e1"><code>ce7a01f</code></a> [fix] Improve handling of empty port</li>
<li><a href="00714900ea"><code>0071490</code></a> [doc] Update JSDoc comment</li>
<li><a href="a7044e3e8b"><code>a7044e3</code></a> [minor] Use more descriptive variable name</li>
<li><a href="d547792414"><code>d547792</code></a> [security] Add credits for CVE-2022-0691</li>
<li><a href="ad23357ad5"><code>ad23357</code></a> 1.5.9</li>
<li><a href="0e3fb542d6"><code>0e3fb54</code></a> [fix] Strip all control characters from the beginning of the URL</li>
<li><a href="61864a8ecc"><code>61864a8</code></a> [security] Add credits for CVE-2022-0686</li>
<li><a href="bb0104d643"><code>bb0104d</code></a> 1.5.8</li>
<li><a href="d5c64791ef"><code>d5c6479</code></a> [fix] Handle the case where the port is specified but empty</li>
<li>Additional commits viewable in <a href="https://github.com/unshiftio/url-parse/compare/1.5.7...1.5.10">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump tar from 4.4.8 to 4.4.19 in /examples/canvas_webgl_minimal/www
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
<details>
<summary>Commits</summary>
<ul>
<li><a href="9a6faa017c"><code>9a6faa0</code></a> 4.4.19</li>
<li><a href="70ef812593"><code>70ef812</code></a> drop dirCache for symlink on all platforms</li>
<li><a href="3e35515c09"><code>3e35515</code></a> 4.4.18</li>
<li><a href="52b09e309b"><code>52b09e3</code></a> fix: prevent path escape using drive-relative paths</li>
<li><a href="bb93ba2437"><code>bb93ba2</code></a> fix: reserve paths properly for unicode, windows</li>
<li><a href="2f1bca0272"><code>2f1bca0</code></a> fix: prune dirCache properly for unicode, windows</li>
<li><a href="9bf70a8cf7"><code>9bf70a8</code></a> 4.4.17</li>
<li><a href="6aafff0a86"><code>6aafff0</code></a> fix: skip extract if linkpath is stripped entirely</li>
<li><a href="5c5059a69c"><code>5c5059a</code></a> fix: reserve paths case-insensitively</li>
<li><a href="fd6accba69"><code>fd6accb</code></a> 4.4.16</li>
<li>Additional commits viewable in <a href="https://github.com/npm/node-tar/compare/v4.4.8...v4.4.19">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump url-parse from 1.5.1 to 1.5.7 in /examples/canvas_webgl_minimal/www
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.7.
<details>
<summary>Commits</summary>
<ul>
<li><a href="8b3f5f2c88"><code>8b3f5f2</code></a> 1.5.7</li>
<li><a href="ef45a13553"><code>ef45a13</code></a> [fix] Readd the empty userinfo to <code>url.href</code> (<a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/226">#226</a>)</li>
<li><a href="88df234685"><code>88df234</code></a> [doc] Add soft deprecation notice</li>
<li><a href="78e9f2f412"><code>78e9f2f</code></a> [security] Fix nits</li>
<li><a href="e6fa43422c"><code>e6fa434</code></a> [security] Add credits for incorrect handling of userinfo vulnerability</li>
<li><a href="4c9fa234c0"><code>4c9fa23</code></a> 1.5.6</li>
<li><a href="7b0b8a6671"><code>7b0b8a6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/223">#223</a> from unshiftio/fix/at-sign-handling-in-userinfo</li>
<li><a href="e4a5807d95"><code>e4a5807</code></a> 1.5.5</li>
<li><a href="193b44baf3"><code>193b44b</code></a> [minor] Simplify whitespace regex</li>
<li><a href="319851bf1c"><code>319851b</code></a> [fix] Remove CR, HT, and LF</li>
<li>Additional commits viewable in <a href="https://github.com/unshiftio/url-parse/compare/1.5.1...1.5.7">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump ajv from 6.5.3 to 6.12.6 in /examples/canvas_webgl_minimal/www
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.5.3 to 6.12.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ajv-validator/ajv/releases">ajv's releases</a>.</em></p>
<blockquote>
<h2>v6.12.6</h2>
<p>Fix performance issue of "url" format.</p>
<h2>v6.12.5</h2>
<p>Fix uri scheme validation (<a href="https://github.com/ChALkeR"><code>@ChALkeR</code></a>).
Fix boolean schemas with strictKeywords option (<a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1270">#1270</a>)</p>
<h2>v6.12.4</h2>
<p>Fix: coercion of one-item arrays to scalar that should fail validation (<a href="https://runkit.com/esp/5f3672ba2f6642001ae27411">failing example</a>).</p>
<h2>v6.12.3</h2>
<p>Pass schema object to processCode function
Option for strictNumbers (<a href="https://github.com/issacgerges"><code>@issacgerges</code></a>, <a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1128">#1128</a>)
Fixed vulnerability related to untrusted schemas (<a href="https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2020-15366">CVE-2020-15366</a>)</p>
<h2>v6.12.2</h2>
<p>Removed post-install script</p>
<h2>v6.12.1</h2>
<p>Docs and dependency updates</p>
<h2>v6.12.0</h2>
<p>Improved hostname validation (<a href="https://github.com/sambauers"><code>@sambauers</code></a>, <a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1143">#1143</a>)
Option <code>keywords</code> to add custom keywords (<a href="https://github.com/franciscomorais"><code>@franciscomorais</code></a>, <a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1137">#1137</a>)
Types fixes (<a href="https://github.com/boenrobot"><code>@boenrobot</code></a>, <a href="https://github.com/MattiAstedrone"><code>@MattiAstedrone</code></a>)
Docs:</p>
<ul>
<li><a href="https://github.com/epoberezkin/ajv#error-logging">error logging</a> example (<a href="https://github.com/RadiationSickness"><code>@RadiationSickness</code></a>)</li>
<li>TypeScript usage notes (<a href="https://github.com/thetric"><code>@thetric</code></a>)</li>
</ul>
<h2>v6.11.0</h2>
<p>Time formats support two digit and colon-less variants of timezone offset (<a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1061">#1061</a> , <a href="https://github.com/cjpillsbury"><code>@cjpillsbury</code></a>)
Docs: RegExp related security considerations
Tests: Disabled failing typescript test</p>
<h2>v6.10.2</h2>
<p>Fix: the unknown keywords were ignored with the option <code>strictKeywords: true</code> (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.</p>
<h2>v6.10.1</h2>
<p>Fix types
Fix addSchema (<a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1001">#1001</a>)
Update dependencies</p>
<h2>v6.10.0</h2>
<p>Option <code>strictDefaults</code> to report ignored defaults (<a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/957">#957</a>, <a href="https://github.com/not-an-aardvark"><code>@not-an-aardvark</code></a>)
Option <code>strictKeywords</code> to report unknown keywords (<a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/781">#781</a>)</p>
<h2>v6.9.0</h2>
<p>OpenAPI keyword <code>nullable</code> can be any boolean (and not only <code>true</code>).
Custom keyword definition changes:</p>
<ul>
<li><code>dependencies</code> option in to require the presence of keywords in the same schema.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="fe591439f3"><code>fe59143</code></a> 6.12.6</li>
<li><a href="d580d3e8ac"><code>d580d3e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1298">#1298</a> from ajv-validator/fix-url</li>
<li><a href="fd363896a8"><code>fd36389</code></a> fix: regular expression for "url" format</li>
<li><a href="490e34c484"><code>490e34c</code></a> docs: link to v7-beta branch</li>
<li><a href="9cd93a1bdb"><code>9cd93a1</code></a> docs: note about v7 in readme</li>
<li><a href="877d286e7f"><code>877d286</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/ajv-validator/ajv/issues/1262">#1262</a> from b4h0-c4t/refactor-opt-object-type</li>
<li><a href="f1c8e45b9c"><code>f1c8e45</code></a> 6.12.5</li>
<li><a href="764035e201"><code>764035e</code></a> Merge branch 'ChALkeR-chalker/fix-comma'</li>
<li><a href="37981602ce"><code>3798160</code></a> Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...</li>
<li><a href="a3c7ebab22"><code>a3c7eba</code></a> Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...</li>
<li>Additional commits viewable in <a href="https://github.com/ajv-validator/ajv/compare/v6.5.3...v6.12.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Add a capi feature to support current cargo-c
It also possibly simplifies the building instructions since it will pick automatically the crates in the workspace marked with a `capi` feature.
This avoids an edgecase where presumably some floating point rounding error results in predicting a `to_tile_coords` that isn't actually stepped on, causing the loop to loop forever.
Update canvas_nanovg example
The `canvas_nanovg` example would not run on my Linux machine due to the bug in `winit` 0.19 (rust-windowing/winit#1773)
In this PR, I updated `winit` and `surfman` and made the minimum necessary changes so that the example would compile and run.
Bump ws from 6.2.1 to 6.2.2 in /examples/canvas_webgl_minimal/www
Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/websockets/ws/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump dns-packet from 1.3.1 to 1.3.4 in /examples/canvas_webgl_minimal/www
Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4.
<details>
<summary>Commits</summary>
<ul>
<li><a href="ebdf849da5"><code>ebdf849</code></a> 1.3.4</li>
<li><a href="ac578722f2"><code>ac57872</code></a> move all allocUnsafes to allocs for easier maintenance</li>
<li><a href="c64c9507e5"><code>c64c950</code></a> 1.3.3</li>
<li><a href="0598ba19d1"><code>0598ba1</code></a> fix .. in encodingLength</li>
<li><a href="010aedb33c"><code>010aedb</code></a> 1.3.2</li>
<li><a href="0d0d593f8d"><code>0d0d593</code></a> backport encodingLength fix to v1</li>
<li>See full diff in <a href="https://github.com/mafintosh/dns-packet/compare/v1.3.1...v1.3.4">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
1. Order of application of transformations: While processing a
path the order of transformations are from the inner most to the
outer most.
For example: In the graphic
<svg>
<g transform=A>
<g transform=B>
<path ... />
</g>
</g>
</svg>
Path control points will be calculated by pre-multiplying
with A * B, not B * A as per the current code.
2. Applying transformation to clip paths: The transformations
of the ancestors are applied to the clip path property of a path.
For example:
<svg>
<defs>
<clipPath id="clippath">
<path id="clipper" ... />
<clipPath/>
</defs>
<g transform=A>
<path id="clippee" clip-path="url(#clippath)" ... />
</g>
</svg>
Then, the transform A is applied to both the clippee and
the clipper.
Bump ssri from 6.0.1 to 6.0.2 in /examples/canvas_webgl_minimal/www
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md">ssri's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/zkat/ssri/compare/v6.0.1...v6.0.2">6.0.2</a> (2021-04-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>backport regex change from 8.0.1 (<a href="https://github.com/zkat/ssri/commit/b30dfdb">b30dfdb</a>), closes <a href="https://github-redirect.dependabot.com/zkat/ssri/issues/19">#19</a></li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b7c8c7c61d"><code>b7c8c7c</code></a> chore(release): 6.0.2</li>
<li><a href="b30dfdb00b"><code>b30dfdb</code></a> fix: backport regex change from 8.0.1</li>
<li>See full diff in <a href="https://github.com/npm/ssri/compare/v6.0.1...v6.0.2">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~nlf">nlf</a>, a new releaser for ssri since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump lodash from 4.17.19 to 4.17.21 in /examples/canvas_webgl_minimal/www
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
<details>
<summary>Commits</summary>
<ul>
<li><a href="f299b52f39"><code>f299b52</code></a> Bump to v4.17.21</li>
<li><a href="c4847ebe7d"><code>c4847eb</code></a> Improve performance of <code>toNumber</code>, <code>trim</code> and <code>trimEnd</code> on large input strings</li>
<li><a href="3469357cff"><code>3469357</code></a> Prevent command injection through <code>_.template</code>'s <code>variable</code> option</li>
<li><a href="ded9bc6658"><code>ded9bc6</code></a> Bump to v4.17.20.</li>
<li><a href="63150ef764"><code>63150ef</code></a> Documentation fixes.</li>
<li><a href="00f0f62a97"><code>00f0f62</code></a> test.js: Remove trailing comma.</li>
<li><a href="846e434c7a"><code>846e434</code></a> Temporarily use a custom fork of <code>lodash-cli</code>.</li>
<li><a href="5d046f39cb"><code>5d046f3</code></a> Re-enable Travis tests on <code>4.17</code> branch.</li>
<li><a href="aa816b36d4"><code>aa816b3</code></a> Remove <code>/npm-package</code>.</li>
<li>See full diff in <a href="https://github.com/lodash/lodash/compare/4.17.19...4.17.21">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~bnjmnt4n">bnjmnt4n</a>, a new releaser for lodash since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump url-parse from 1.4.7 to 1.5.1 in /examples/canvas_webgl_minimal/www
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.1.
<details>
<summary>Commits</summary>
<ul>
<li><a href="eb6d9f51e3"><code>eb6d9f5</code></a> [dist] 1.5.1</li>
<li><a href="750d8e8a9d"><code>750d8e8</code></a> [fix] Fixes relative path resolving <a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/199">#199</a> <a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/200">#200</a> (<a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/201">#201</a>)</li>
<li><a href="3ac777474b"><code>3ac7774</code></a> [test] Make test consistent for browser testing</li>
<li><a href="267a0c6f7e"><code>267a0c6</code></a> [dist] 1.5.0</li>
<li><a href="d1e7e8822f"><code>d1e7e88</code></a> [security] More backslash fixes (<a href="https://github-redirect.dependabot.com/unshiftio/url-parse/issues/197">#197</a>)</li>
<li><a href="d99bf4cf25"><code>d99bf4c</code></a> [ignore] Remove npm-debug.log from .gitignore</li>
<li><a href="422c8b5e4c"><code>422c8b5</code></a> [pkg] Replace nyc with c8</li>
<li><a href="933809d630"><code>933809d</code></a> [pkg] Move coveralls to dev dependencies</li>
<li><a href="190b216803"><code>190b216</code></a> [pkg] Add .npmrc</li>
<li><a href="ce3783f4ea"><code>ce3783f</code></a> [test] Do not test on all available versions of Edge and Safari</li>
<li>Additional commits viewable in <a href="https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump y18n from 4.0.0 to 4.0.1 in /examples/canvas_webgl_minimal/www
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/yargs/y18n/blob/master/CHANGELOG.md">y18n's changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p>
<h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.4...v5.0.5">5.0.5</a> (2020-10-25)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>address prototype pollution issue (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/108">#108</a>) (<a href="a9ac604abf">a9ac604</a>)</li>
</ul>
<h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.3...v5.0.4">5.0.4</a> (2020-10-16)</h3>
<h3>Bug Fixes</h3>
<ul>
<li><strong>exports:</strong> node 13.0 and 13.1 require the dotted object form <em>with</em> a string fallback (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/105">#105</a>) (<a href="4f85d80dba">4f85d80</a>)</li>
</ul>
<h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.2...v5.0.3">5.0.3</a> (2020-10-16)</h3>
<h3>Bug Fixes</h3>
<ul>
<li><strong>exports:</strong> node 13.0-13.6 require a string fallback (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/103">#103</a>) (<a href="e39921e101">e39921e</a>)</li>
</ul>
<h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.1...v5.0.2">5.0.2</a> (2020-10-01)</h3>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deno:</strong> update types for deno ^1.4.0 (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/100">#100</a>) (<a href="3834d9ab13">3834d9a</a>)</li>
</ul>
<h3><a href="https://www.github.com/yargs/y18n/compare/v5.0.0...v5.0.1">5.0.1</a> (2020-09-05)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>main had old index path (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/98">#98</a>) (<a href="124f7b047b">124f7b0</a>)</li>
</ul>
<h2><a href="https://www.github.com/yargs/y18n/compare/v4.0.0...v5.0.0">5.0.0</a> (2020-09-05)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>exports maps are now used, which modifies import behavior.</li>
<li>drops Node 6 and 4. begin following Node.js LTS schedule (<a href="https://github-redirect.dependabot.com/yargs/y18n/issues/89">#89</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add support for ESM and Deno <a href="https://github-redirect.dependabot.com/yargs/y18n/issues/95">#95</a>) (<a href="4d7ae94bcb">4d7ae94</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/yargs/y18n/commits">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~oss-bot">oss-bot</a>, a new releaser for y18n since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Bump elliptic from 6.5.2 to 6.5.4 in /examples/canvas_webgl_minimal/www
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.4.
<details>
<summary>Commits</summary>
<ul>
<li><a href="43ac7f2300"><code>43ac7f2</code></a> 6.5.4</li>
<li><a href="f4bc72be11"><code>f4bc72b</code></a> package: bump deps</li>
<li><a href="441b7428b0"><code>441b742</code></a> ec: validate that a point before deriving keys</li>
<li><a href="e71b2d9359"><code>e71b2d9</code></a> lib: relint using eslint</li>
<li><a href="8421a01aa3"><code>8421a01</code></a> build(deps): bump elliptic from 6.4.1 to 6.5.3 (<a href="https://github-redirect.dependabot.com/indutny/elliptic/issues/231">#231</a>)</li>
<li><a href="8647803dc3"><code>8647803</code></a> 6.5.3</li>
<li><a href="856fe4d99f"><code>856fe4d</code></a> signature: prevent malleability and overflows</li>
<li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.4">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Passing actual color in fill attribute
Presently, when serializing to SVG, the `fill` attribute is being populated with a `PaintId` identifier, e.g.:
```svg
<path fill="PaintId(1)" d="M 0 0 L 431.8 0 L 431.8 279.4 L 0 279.4 z" />
```
This PR instead utilizes the base color, which results in the following alternative output:
```svg
<path fill="#ffffff" d="M 0 0 L 431.8 0 L 431.8 279.4 L 0 279.4 z" />
```
Bump ini from 1.3.5 to 1.3.8 in /examples/canvas_webgl_minimal/www
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
<details>
<summary>Commits</summary>
<ul>
<li><a href="a2c5da8660"><code>a2c5da8</code></a> 1.3.8</li>
<li><a href="af5c6bb5dc"><code>af5c6bb</code></a> Do not use Object.create(null)</li>
<li><a href="8b648a1ac4"><code>8b648a1</code></a> don't test where our devdeps don't even work</li>
<li><a href="c74c8af35f"><code>c74c8af</code></a> 1.3.7</li>
<li><a href="024b8b55ac"><code>024b8b5</code></a> update deps, add linting</li>
<li><a href="032fbaf5f0"><code>032fbaf</code></a> Use Object.create(null) to avoid default object property hazards</li>
<li><a href="2da90391ef"><code>2da9039</code></a> 1.3.6</li>
<li><a href="cfea636f53"><code>cfea636</code></a> better git push script, before publish instead of after</li>
<li><a href="56d2805e07"><code>56d2805</code></a> do not allow invalid hazardous string as section name</li>
<li>See full diff in <a href="https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for ini since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/servo/pathfinder/network/alerts).
</details>
Fix arm simd shuffling arguments
According to packed_simd docs, the syntax for simd_shuffle4()
is as follows:
"The indices must be in range [0, M * N) where M is the number of input
vectors (1 or 2)and N is the number of lanes of the input vectors. The
indices i in range [0, N) refer to the i-th element of vec0, while the
indices in range [N, 2*N) refer to the i - N-th element of vec1."
I did not find implementation or documentation for simd_shuffle4() but
I believe packed_simd implements exactly the same interface.
Plus, implementing this change has fixed font-kit glyph output on
an Apple M1 mac (64-bit arm).
Closes#450
According to packed_simd docs, the syntax for simd_shuffle4()
is as follows:
"The indices must be in range [0, M * N) where M is the number of input
vectors (1 or 2)and N is the number of lanes of the input vectors. The
indices i in range [0, N) refer to the i-th element of vec0, while the
indices in range [N, 2*N) refer to the i - N-th element of vec1."
I did not find implementation or documentation for simd_shuffle4() but
I believe packed_simd implements exactly the same interface.
Plus, implementing this change has fixed font-kit glyph output on
an Apple M1 mac (64-bit arm).
This could trigger spuriously for very long lines outside the view box. It
still indicates potential performance problem, but we shouldn't crash at least.
Closes#416.
dependabot[bot]
