Starting with node.js v14.13.0 CommonJS modules are parsed to detect their exports bindings. In this case pg is triggering the lazy loading of the pg-native dependency.

Please consider exporting the native feature in another compatible way.

See: https://github.com/nodejs/node/issues/35859

Is npm install pg-native to fix really that bad?

If it were any other dependency, that wouldn't be an issue. But in this case, this dependency requires build tools to be installed to build a native binary (https://www.npmjs.com/package/pg-native). It's not something one should be forced to do, if we don't plan on using that part of the library.

TBH I would also like to see a change in how the pg library is exporting its native part. So maybe it's not actionable from node.js itself.

• Version: 14.13.0
• Platform: Linux 5.4.0-52-generic #57~18.04.1-Ubuntu SMP Thu Oct 15 14:04:49 UTC 2020 x86_64 GNU/Linux

What steps will reproduce the bug?

Install pg npm dependency

Run the following module:

import pg from 'pg';

console.log(!!pg);

How often does it reproduce? Is there a required condition?

It always reproduces. The imported module needs to be a CommonJS module with getters.

In this case pg exports a getter that lazily tries to load another npm package: https://github.com/brianc/node-postgres/blob/master/packages/pg/lib/index.js#L32-L55

What is the expected behavior?

$ node -v
v14.12.0

$ node pg.mjs 
true

What do you see instead?

$ node -v
v14.13.0

$ node pg.mjs 
Cannot find module 'pg-native'
Require stack:
- /dev/temp/node-bugs/node_modules/pg/lib/native/client.js
- /dev/temp/node-bugs/node_modules/pg/lib/native/index.js
- /dev/temp/node-bugs/node_modules/pg/lib/index.js
true

Additional information

This change was introduced in https://github.com/nodejs/node/pull/35249

The same behavior is present with 0.2.0

Describe the bug

While attempting to run unit tests with @swc/jest, I noticed that an error occurs when running the CommonJS output from swc in an ESM project.

Input code

import foo from './package.json';
console.log(foo);

Config

{
  "jsc": {
    "transform": {
      "hidden": {
        "jest": true
      }
    }
  },
  "module": {
    "type": "commonjs"
  }
}

Expected behavior

The code should run without errors.

Actual behavior

Output:

"use strict";
var swcHelpers = require("@swc/helpers");
var _foo = swcHelpers.interopRequireDefault(require("./foo"));
console.log(_foo.default);

Result:

var _packageJson = swcHelpers.interopRequireDefault(require("./package.json"));
                              ^

TypeError: swcHelpers.interopRequireDefault is not a function
    at Object.<anonymous> (/tmp/swc-bug.cjs:3:31)
    at Module._compile (internal/modules/cjs/loader.js:1076:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1097:10)
    at Module.load (internal/modules/cjs/loader.js:941:32)
    at Function.Module._load (internal/modules/cjs/loader.js:782:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47

Version The version of @swc/core:

@swc/cli: 0.1.27 @swc/core: 1.2.36 @swc/helpers: 0.2.2

node version: 14.12.0

Describe the bug

A side-effect of the fix for #1130 when using await with optional chaining.

Input code

const item = await data?.foo();

Config

{
  "jsc": {
    "parser": {
      "syntax": "typescript"
    }
  }
}

Actual behavior

swc:

const item = await data === null || data === void 0 ? void 0 : data.foo();

babel:

const item = await (data === null || data === void 0 ? void 0 : data.foo());

Expected behavior

await with optional chaining should work correctly.

Version The version of @swc/core:

@swc/cli: 0.1.27 @swc/core: 1.2.35

Describe the feature

Babel has a feature where it can retain the same line numbers from the original source file.

This can be useful when you only use it to remove TS syntax, but keep the rest of the source file intact, and need to match line numbers from production error stack traces to original source code.

Is such a feature possible in swc, without degrading the performance?

Babel plugin or link to the feature description

https://babeljs.io/docs/en/options#retainlines

Ahh, I found the linux-musl build. But some instructions would be nice on the docs pages:

To use on Alpine Linux, also install the `@swc/core-linux-musl` npm package.

Describe the bug

Chained expressions with an optional chaining start are wrapped with parenthesis in a way which throws an error at runtime.

Input code

let data;
const result = data?.filter(item => Math.random() > 0.5).map(item => JSON.stringify(item));

Config

{
  "env": {
    "targets": {
      "node": "12.14.1"
    }
  },
  "jsc": {
    "externalHelpers": true,
    "parser": {
      "decorators": false,
      "dynamicImport": true,
      "syntax": "typescript",
      "tsx": false
    }
  }
}

Actual behavior

swc output:

let data;
const result = (data === null || data === void 0 ? void 0 : data.filter((item)=>Math.random() > 0.5
)).map((item)=>JSON.stringify(item)
);

babel output:

"use strict";

let data;
const result = data === null || data === void 0 ? void 0 : data.filter(item => Math.random() > 0.5).map(item => JSON.stringify(item));

Running with swc output:

$ swc ./test-swc.ts | node
[stdin]:3
)).map((item)=>JSON.stringify(item)
   ^

TypeError: Cannot read property 'map' of undefined

Running with babel output:

$ babel ./test-swc.ts | node

Expected behavior

Better wrapping of optional chaining expressions and no runtime errors.

Version The version of @swc/core:

@swc/cli: 0.1.27 @swc/core: 1.2.34

Describe the feature

Provide an Alpine Linux build or instructions on how to build one.

Bumps elliptic from 6.4.0 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li><a href="https://github.com/indutny/elliptic/commit/60489415e545efdfd3010ae74b9726facbf08ca8"><code>6048941</code></a> 6.5.2</li> <li><a href="https://github.com/indutny/elliptic/commit/9984964457c9f8a63b91b01ea103260417eca237"><code>9984964</code></a> package: bump dependencies</li> <li><a href="https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a"><code>ec735ed</code></a> utils: leak less information in <code>getNAF()</code></li> <li><a href="https://github.com/indutny/elliptic/commit/71e4e8e2f5b8f0bdbfbe106c72cc9fbc746d3d60"><code>71e4e8e</code></a> 6.5.1</li> <li><a href="https://github.com/indutny/elliptic/commit/7ec66ffa255079260126d87b1762a59ea10de5ea"><code>7ec66ff</code></a> short: add infinity check before multiplying</li> <li><a href="https://github.com/indutny/elliptic/commit/ee7970b92f388e981d694be0436c4c8036b5d36c"><code>ee7970b</code></a> travis: really move on</li> <li><a href="https://github.com/indutny/elliptic/commit/637d0216b58de7edee4f3eb5641295ac323acadb"><code>637d021</code></a> travis: move on</li> <li><a href="https://github.com/indutny/elliptic/commit/5ed0babb6467cd8575a9218265473fda926d9d42"><code>5ed0bab</code></a> package: update deps</li> <li>Additional commits viewable in <a href="https://github.com/indutny/elliptic/compare/v6.4.0...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Bumps lodash from 4.17.4 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.4...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Bumps websocket-extensions from 0.1.3 to 0.1.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md">websocket-extensions's changelog</a>.</em></p> <blockquote> <h3>0.1.4 / 2020-06-02</h3> <ul> <li>Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)</li> <li>Change license from MIT to Apache 2.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/faye/websocket-extensions-node/commit/8efd0cd6e35faf9bb9cb08759be1e27082177d43"><code>8efd0cd</code></a> Bump version to 0.1.4</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/3dad4ad44a8c5f74d4f8f4efd3f9d6e0b5df3051"><code>3dad4ad</code></a> Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/4a76c75efb1c5d6a2f60550e9501757458d19533"><code>4a76c75</code></a> Add Node versions 13 and 14 on Travis</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/44a677a9c0631daed0b0f4a4b68c095b624183b8"><code>44a677a</code></a> Formatting change: {...} should have spaces inside the braces</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/f6c50aba0c20ff45b0f87cea33babec1217ec3f5"><code>f6c50ab</code></a> Let npm reformat package.json</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/2d211f3705d52d9efb4f01daf5a253adf828592e"><code>2d211f3</code></a> Change markdown formatting of docs.</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/0b620834cc1e1f2eace1d55ab17f71d90d88271d"><code>0b62083</code></a> Update Travis target versions.</li> <li><a href="https://github.com/faye/websocket-extensions-node/commit/729a4653073fa8dd020561113513bfa2e2119415"><code>729a465</code></a> Switch license to Apache 2.0.</li> <li>See full diff in <a href="https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Bumps jquery from 3.3.1 to 3.5.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jquery/jquery/commit/7a0a850f3d41c0412609c1d32b1e602d4afe2f4e"><code>7a0a850</code></a> 3.5.0</li> <li><a href="https://github.com/jquery/jquery/commit/8570a08f6689223aa06ca8cc51d488c6d81d44f9"><code>8570a08</code></a> Release: Update AUTHORS.txt</li> <li><a href="https://github.com/jquery/jquery/commit/da3dd85b63c4e3a6a768132c2a83a1a6eec24840"><code>da3dd85</code></a> Ajax: Do not execute scripts for unsuccessful HTTP responses</li> <li><a href="https://github.com/jquery/jquery/commit/065143c2e93512eb0c82d1b344b71d06eb7cf01c"><code>065143c</code></a> Ajax: Overwrite s.contentType with content-type header value, if any</li> <li><a href="https://github.com/jquery/jquery/commit/1a4f10ddc37c34c6dc3a451ee451b5c6cf367399"><code>1a4f10d</code></a> Tests: Blacklist one focusin test in IE</li> <li><a href="https://github.com/jquery/jquery/commit/9e15d6b469556eccfa607c5ecf53b20c84529125"><code>9e15d6b</code></a> Event: Use only one focusin/out handler per matching window & document</li> <li><a href="https://github.com/jquery/jquery/commit/966a70909019aa09632c87c0002c522fa4a1e30e"><code>966a709</code></a> Manipulation: Skip the select wrapper for <option> outside of IE 9</li> <li><a href="https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"><code>1d61fd9</code></a> Manipulation: Make jQuery.htmlPrefilter an identity function</li> <li><a href="https://github.com/jquery/jquery/commit/04bf577e2f961c9dde85ddadc77f71bc7bc671cc"><code>04bf577</code></a> Selector: Update Sizzle from 2.3.4 to 2.3.5</li> <li><a href="https://github.com/jquery/jquery/commit/7506c9ca62a2f3ef773e19385918c31e9d62d412"><code>7506c9c</code></a> Build: Resolve Travis config warnings</li> <li>Additional commits viewable in <a href="https://github.com/jquery/jquery/compare/3.3.1...3.5.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mgol">mgol</a>, a new releaser for jquery since your current version.</p> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Bumps https-proxy-agent from 2.1.1 to 2.2.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/TooTallNate/node-https-proxy-agent/releases">https-proxy-agent's releases</a>.</em></p> <blockquote> <h2>2.2.4</h2> <h3>Patches</h3> <ul> <li>Add <code>.editorconfig</code> file: a0d4a20458498fc31e5721471bd2b655e992d44b</li> <li>Add <code>.eslintrc.js</code> file: eecea74a1db1c943eaa4f667a561fd47c33da897</li> <li>Use a <code>net.Socket</code> instead of a plain <code>EventEmitter</code> for replaying proxy errors: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/83">#83</a></li> <li>Remove unused <code>stream</code> module: 9fdcd47bd813e9979ee57920c69e2ee2e0683cd4</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/lpinca">@lpinca</a> for helping!</p> <h2>2.2.3</h2> <h3>Patches</h3> <ul> <li>Update README with actual <code>secureProxy</code> behavior: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/65">#65</a></li> <li>Update <code>proxy</code> to v1.0.0: d0e3c18079119057b05582cb72d4fda21dfc2546</li> <li>Remove unreachable code: 46aad0988b471f042856436cf3192b0e09e36fe6</li> <li>Test on Node.js 10 and 12: 3535951e482ea52af4888938f59649ed92e81b2b</li> <li>Fix compatibility with Node.js >= 10.0.0: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/73">#73</a></li> <li>Use an <code>EventEmitter</code> to replay failed proxy connect HTTP requests: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/77">#77</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/stoically">@stoically</a>, <a href="https://github.com/lpinca">@lpinca</a>, and <a href="https://github.com/zkochan">@zkochan</a> for helping!</p> <h2>2.2.2</h2> <h3>Patches</h3> <ul> <li>Remove <code>package-lock.json</code>: c881009b9873707f5c4a0e9c277dde588e1139c7</li> <li>Ignore test directory, History.md and .travis.yml when creating npm package. Fixes <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/42">#42</a>: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/45">#45</a></li> <li>Update <code>agent-base</code> to v4.2: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/50">#50</a></li> <li>Add TypeScript type definitions: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/66">#66</a></li> <li>Feat(typescript): Allow input to be options or string: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/68">#68</a></li> <li>Update <code>agent-base</code> to v4.3: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/69">#69</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/marco-c">@marco-c</a>, <a href="https://github.com/tareqhs">@tareqhs</a>, <a href="https://github.com/ianhowe76">@ianhowe76</a>, and <a href="https://github.com/BYK">@BYK</a> for helping!</p> <h2>2.2.1</h2> <h3>Patches</h3> <ul> <li>Add <code>defaultPort</code> field: <a href="https://github-redirect.dependabot.com/TooTallNate/node-https-proxy-agent/issues/43">#43</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/jan-auer">@jan-auer</a> for helping!</p> <h2>2.2.0</h2> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/4c4cce8cb60fd3ac6171e4428f972698eb49f45a"><code>4c4cce8</code></a> 2.2.4</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/9fdcd47bd813e9979ee57920c69e2ee2e0683cd4"><code>9fdcd47</code></a> Remove unused <code>stream</code> module</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/34ea8841922fb6447563b0521f972ac3a6062303"><code>34ea884</code></a> Use a <code>net.Socket</code> instead of a plain <code>EventEmitter</code> for replaying proxy erro...</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/4296770b6a0e631e3f8e7bd6cfd41ac8e91a3ec4"><code>4296770</code></a> Prettier</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/eecea74a1db1c943eaa4f667a561fd47c33da897"><code>eecea74</code></a> Add <code>.eslintrc.js</code> file</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/a0d4a20458498fc31e5721471bd2b655e992d44b"><code>a0d4a20</code></a> Add <code>.editorconfig</code> file</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/0d8e8bfe8b12e6ffe79a39eb93068cdf64c17e78"><code>0d8e8bf</code></a> 2.2.3</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/850b8359b7d0467d721705106b58f4c7cfb937dd"><code>850b835</code></a> Revert "Use Mocha 5 for Node 4 support"</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/f5f56fa48ea4d2a61c385938e7753f5c1fe049d6"><code>f5f56fa</code></a> Remove Node 4 from Travis</li> <li><a href="https://github.com/TooTallNate/node-https-proxy-agent/commit/bb837b984bd868ad69080812eb8eab01181b21d7"><code>bb837b9</code></a> Revert "Remove Node 4 from Travis"</li> <li>Additional commits viewable in <a href="https://github.com/TooTallNate/node-https-proxy-agent/compare/2.1.1...2.2.4">compare view</a></li> </ul> </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Bumps handlebars from 4.0.11 to 4.5.3. <details> <summary>Changelog</summary>

Sourced from handlebars's changelog.

v4.5.3 - November 18th, 2019

Bugfixes:

• fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
• fix: add more properties required to be enumerable - 1988878

Chores / Build:

• fix: use !== 0 instead of != 0 - c02b05f
• add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

Security:

• The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

Compatibility notes:

• Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
• The semantics have not changed in cases where the properties are enumerable, as in:

{
  __proto__: 'some string'
}

• The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

Commits

v4.5.2 - November 13th, 2019

Bugfixes

• fix: use String(field) in lookup when checking for "constructor" - d541378
• test: add fluent API for testing Handlebars - c2ac79c

Compatibility notes:

• no incompatibility are to be expected </tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

• c819c8b v4.5.3
• 827c9d0 Update release notes
• f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
• 1988878 fix: add more properties required to be enumerable
• 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
• 0817dad test: add sinon as global variable to eslint in the specs
• 93516a0 test: add sinon.js for spies, deprecate current assertions
• 93e284e chore: add chai and dirty-chai for better test assertions
• c02b05f fix: use !== 0 instead of != 0
• 8de121d v4.5.2
• Additional commits viewable in compare view </details> <br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

Shouldn't TS complain here about the notExistingField?

AFAIK mongoose.Document has _id: any. If you defined your _id in your model interface as ObjectId or string, it should work. :crossed_fingers:

Why is any allowed here?

According to https://docs.mongodb.com/manual/reference/method/db.collection.find/#find-projection, only 0, 1, true, false and the ProjectionOperators are allowed.

nit: This parameter intendation looks off. Either keep all on the same line, or break up each parameter on its own line.

Please submit a PR with unit tests. Thanks!

I've been offline for a while, so I didn't see your PR.

Please add some unit tests for the changes you made and I'll merge the PR afterwards.

export type SchemaMember<T, V> = {[P in keyof T]?: V} | {[key: string]: V};