profile
viewpoint
Roderick Hsiao roderickhsiao @Tinder Palo Alto, CA, USA https://www.roderickhsiao.me Tech lead for https://tinder.com

yahoo/react-i13n 329

A performant, scalable and pluggable approach to instrumenting your React application.

roderickhsiao/react-in-viewport 146

Detect if React component is in viewport

roderickhsiao/react-aspect-ratio 55

Preserve space for your element to prevent browser reflow

roderickhsiao/idle-tracker 5

Javascript library to track browser inactivity

roderickhsiao/RandomPractice 1

Random coding practice

roderickhsiao/react-lazy-object 1

Lazy load multiple media when in viewport

roderickhsiao/So-You-Think-You-Can-Dance 1

Dance workshops, events, and informations

roderickhsiao/acss-site 0

Atomic CSS website

startedTheAlgorithms/Javascript

started time in 15 hours

startedappbaseio/searchbox

started time in 5 days

startedpiskelapp/piskel

started time in 5 days

startedsurma/rollup-plugin-comlink

started time in 5 days

startedgoogle/react-schemaorg

started time in 8 days

startedritz078/starring

started time in 9 days

startedbennettfeely/Clippy

started time in 12 days

startedgoogle/eleventy-high-performance-blog

started time in 13 days

issue closedroderickhsiao/react-aspect-ratio

aspect-ratio.css may get optimised away by webpack

I'm using react-apsect-ratio v1.0.42 in a site built with Gatsby v2.24.50

I'm finding that when deploying the web site, the aspect-ratio.css file is not included (although it works when in development mode). This means that the aspect-ratio is not set properly, and the styled element collapses to zero height.

Searching for solutions, I found this: https://github.com/gatsbyjs/gatsby/issues/19446

Essentially, this suggests that the CSS gets optimised away by Webpack. The work-around, which works for me, is to create a requirement for the CSS by not only importing it, but using the returned object somehow:

import rar from 'react-aspect-ratio/aspect-ratio.css';
console.log(rar); // work around overzealous dependency pruning

However, it says the problem stems from the consumed npm package declaring the CSS as side-effect free in package.json, which I see in react-aspect-ratio's package.json:

 "sideEffects": false

Apparently, CSS should be declared to have side-effects like this:

"sideEffects": [
    "*.css"
],

(As suggested on the webpack issue here: https://github.com/webpack/webpack/issues/6741#issuecomment-372720641)

Thanks for your work react-aspect-ratio!

closed time in 15 days

wu-lee

issue commentroderickhsiao/react-aspect-ratio

aspect-ratio.css may get optimised away by webpack

Hi @wu-lee thanks for report! Released 1.0.43 to mark CSS as side effect.

Let me know if it works.

wu-lee

comment created time in 15 days

push eventroderickhsiao/react-aspect-ratio

Roderick Hsiao

commit sha 654f5d07bfe6ef63c8dbd87e4cdd74e83777aed3

Mark CSS as side effect

view details

push time in 15 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 3b2d88ca70aa5098c7143bce1dec71f697b85a74

[Skip Ci] Daily cron job update

view details

push time in 15 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 88b7ed47db1399a54615b96efcdb4178d3566408

[Skip CI] auto deploy

view details

push time in 15 days

delete branch roderickhsiao/So-You-Think-You-Can-Dance

delete branch : dependabot/npm_and_yarn/packages/crawler/node-fetch-2.6.1

delete time in 15 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

dependabot[bot]

commit sha 311b6e628f713e8bfd2ef4db4c7f69efb0460533

Bump node-fetch from 2.6.0 to 2.6.1 in /packages/crawler (#72) Bumps [node-fetch](https://github.com/bitinn/node-fetch) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/bitinn/node-fetch/releases) - [Changelog](https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md) - [Commits](https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 15 days

PR merged roderickhsiao/So-You-Think-You-Can-Dance

Bump node-fetch from 2.6.0 to 2.6.1 in /packages/crawler dependencies

Bumps node-fetch from 2.6.0 to 2.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bitinn/node-fetch/releases">node-fetch's releases</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <p>See <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md#v261">CHANGELOG</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/node-fetch/node-fetch/blob/master/docs/CHANGELOG.md">node-fetch's changelog</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><strong>This is an important security release. It is strongly recommended to update as soon as possible.</strong></p> <ul> <li>Fix: honor the <code>size</code> option after following a redirect.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/node-fetch/node-fetch/commit/b5e2e41b2b50bf2997720d6125accaf0dd68c0ab"><code>b5e2e41</code></a> update version number</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334"><code>2358a6c</code></a> Honor the <code>size</code> option after following a redirect and revert data uri support</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/8c197f8982a238b3c345c64b17bfa92e16b4f7c4"><code>8c197f8</code></a> docs: Fix typos and grammatical errors in README.md (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/686">#686</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1e99050f944ac435fce26a9549eadcc2419a968a"><code>1e99050</code></a> fix: Change error message thrown with redirect mode set to error (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/653">#653</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/244e6f63d42025465796e3ca4ce813bf2c31fc5b"><code>244e6f6</code></a> docs: Show backers in README</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/6a5d192034a0f438551dffb6d2d8df2c00921d16"><code>6a5d192</code></a> fix: Properly parse meta tag when parameters are reversed (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/682">#682</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/47a24a03eb49a49d81b768892aee10074ed54a91"><code>47a24a0</code></a> chore: Add opencollective badge</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/7b136627c537cb24430b0310638c9177a85acee1"><code>7b13662</code></a> chore: Add funding link</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/5535c2ed478d418969ecfd60c16453462de2a53f"><code>5535c2e</code></a> fix: Check for global.fetch before binding it (<a href="https://github-redirect.dependabot.com/bitinn/node-fetch/issues/674">#674</a>)</li> <li><a href="https://github.com/node-fetch/node-fetch/commit/1d5778ad0d910dbd1584fb407a186f5a0bc1ea22"><code>1d5778a</code></a> docs: Add Discord badge</li> <li>Additional commits viewable in <a href="https://github.com/bitinn/node-fetch/compare/v2.6.0...v2.6.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~akepinski">akepinski</a>, a new releaser for node-fetch since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in 15 days

startedten1seven/what-input

started time in 16 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 6e015517df967a239fadfb13a07e0fc3a505d8ee

[Skip CI] auto deploy

view details

push time in 19 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

snyk-bot

commit sha fe703ff968bc434feb9d58311d91d2c9b980b56b

fix: packages/crawler/package.json & packages/crawler/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311

view details

push time in 19 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 2bf5916f0a7385aea1903393da2738b22a85f919

[Skip CI] auto deploy

view details

push time in 20 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha c589d125e6912ae1547da9cb7dafdd46c39d2da7

[Skip Ci] Daily cron job update

view details

push time in 21 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha f3d97622ede920bb5bd10dc8e220266ba61bdc1d

[Skip CI] auto deploy

view details

push time in 21 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

dependabot[bot]

commit sha abe4e0485bf3a5ce8f6e1e9abdbd948bdbea9037

Bump http-proxy from 1.18.0 to 1.18.1 in /packages/website (#71) Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 21 days

PR merged roderickhsiao/So-You-Think-You-Can-Dance

Bump http-proxy from 1.18.0 to 1.18.1 in /packages/website dependencies

Bumps http-proxy from 1.18.0 to 1.18.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md">http-proxy's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...v1.18.1">v1.18.1</a> - 2020-05-17</h2> <h3>Merged</h3> <ul> <li>Skip sending the proxyReq event when the expect header is present <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1447"><code>#1447</code></a></li> <li>Remove node6 support, add node12 to build <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1397"><code>#1397</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/http-party/node-http-proxy/commit/9b96cd725127a024dabebec6c7ea8c807272223d"><code>9b96cd7</code></a> 1.18.1</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/335aeeba2f0c286dc89c402eeb76af47834c89a3"><code>335aeeb</code></a> Skip sending the proxyReq event when the expect header is present (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1447">#1447</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/dba39668ba4c9ad461316e834b2d64b77e1ca88e"><code>dba3966</code></a> Remove node6 support, add node12 to build (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1397">#1397</a>)</li> <li>See full diff in <a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+10 -12

0 comment

1 changed file

dependabot[bot]

pr closed time in 21 days

startedLeaVerou/parsel

started time in 22 days

startedneomjs/neo

started time in 22 days

delete branch roderickhsiao/react-in-viewport

delete branch : dependabot/npm_and_yarn/bl-4.0.3

delete time in 22 days

push eventroderickhsiao/react-in-viewport

dependabot[bot]

commit sha 9e6aa2be5787b7015344245e0a9cc047f4c32a89

Bump bl from 4.0.2 to 4.0.3 (#66) Bumps [bl](https://github.com/rvagg/bl) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/rvagg/bl/releases) - [Commits](https://github.com/rvagg/bl/compare/v4.0.2...v4.0.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in 22 days

PR merged roderickhsiao/react-in-viewport

Bump bl from 4.0.2 to 4.0.3 dependencies

Bumps bl from 4.0.2 to 4.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rvagg/bl/releases">bl's releases</a>.</em></p> <blockquote> <h2>v4.0.3</h2> <p>Fix unintialized memory access</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rvagg/bl/commit/f659836cc84211cad41b73bad89c78f7f874c626"><code>f659836</code></a> Bumped v4.0.3</li> <li><a href="https://github.com/rvagg/bl/commit/7a4ae7f818a4ceba234f3d186a1ffb3f0a34ad0c"><code>7a4ae7f</code></a> Node v14</li> <li><a href="https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190"><code>d3e240e</code></a> Fix unintialized memory access</li> <li><a href="https://github.com/rvagg/bl/commit/1c590ad49e10a158783ada7cc0662d9e0cc6cc11"><code>1c590ad</code></a> add license MIT tag to package.json (<a href="https://github-redirect.dependabot.com/rvagg/bl/issues/83">#83</a>)</li> <li>See full diff in <a href="https://github.com/rvagg/bl/compare/v4.0.2...v4.0.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in 22 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 4a52a1c54e56985664260291a2297d9dc193e2e6

[Skip CI] auto deploy

view details

push time in 24 days

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha da3ba6a26897a67b4de5b1bc1f46f1cdccf7116e

[Skip Ci] Daily cron job update

view details

push time in a month

delete branch roderickhsiao/So-You-Think-You-Can-Dance

delete branch : dependabot/npm_and_yarn/packages/website/markdown-to-jsx-6.11.4

delete time in a month

push eventroderickhsiao/So-You-Think-You-Can-Dance

dependabot[bot]

commit sha 2ea2cba992cc4f6547a465daf5591d0017c45a4a

Bump markdown-to-jsx from 6.11.1 to 6.11.4 in /packages/website (#69) Bumps [markdown-to-jsx](https://github.com/probablyup/markdown-to-jsx) from 6.11.1 to 6.11.4. - [Release notes](https://github.com/probablyup/markdown-to-jsx/releases) - [Commits](https://github.com/probablyup/markdown-to-jsx/compare/6.11.1...6.11.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in a month

PR merged roderickhsiao/So-You-Think-You-Can-Dance

Bump markdown-to-jsx from 6.11.1 to 6.11.4 in /packages/website dependencies

Bumps markdown-to-jsx from 6.11.1 to 6.11.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/probablyup/markdown-to-jsx/releases">markdown-to-jsx's releases</a>.</em></p> <blockquote> <p>6.11.4: Mitigates security vulnerability where maliciously crafted markdown links could use <code>data:</code> or <code>vbscript:</code> urls to trigger an xss injection ( <a href="https://github-redirect.dependabot.com/probablyup/markdown-to-jsx/issues/306">#306</a> / <a href="https://www.npmjs.com/advisories/1219">https://www.npmjs.com/advisories/1219</a> ), even when using <code>options.disableParsingRawHTML</code></p> <p>Note that currently, the default <code>options.disableParsingRawHTML = false</code> should still only be used for trusted input, as arbitrary html, including script tags.</p> <p>6.11.3 has no changes (I held the publish script upside down; the only change from 6.11.2 is the version number 😅)</p> <h2>6.11.2</h2> <p>[FIX] - Footnote references (<a href="https://github-redirect.dependabot.com/probablyup/markdown-to-jsx/issues/304">#304</a>) thanks <a href="https://github.com/csantos1113">@csantos1113</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/probablyup/markdown-to-jsx/commit/0d2ddc04d2ba9bf4215cc76d6f6e2717db6ddc8e"><code>0d2ddc0</code></a> v6.11.4</li> <li><a href="https://github.com/probablyup/markdown-to-jsx/commit/105d6a6998f9fb23795843355da4a7ed1e106a29"><code>105d6a6</code></a> XSS: Fix sanitizeUrl vbscript/data xss</li> <li><a href="https://github.com/probablyup/markdown-to-jsx/commit/8dfbc86326e7de0557b7c0af32b9483ab21afba4"><code>8dfbc86</code></a> Create CONTRIBUTING.md</li> <li><a href="https://github.com/probablyup/markdown-to-jsx/commit/47f0bb1aa8606e00fc1222eb5450a7b81960358d"><code>47f0bb1</code></a> v6.11.2</li> <li><a href="https://github.com/probablyup/markdown-to-jsx/commit/66e256765c1290002cb43976b50ed93f80dbb429"><code>66e2567</code></a> [FIX] - Footnote references (<a href="https://github-redirect.dependabot.com/probablyup/markdown-to-jsx/issues/304">#304</a>)</li> <li>See full diff in <a href="https://github.com/probablyup/markdown-to-jsx/compare/6.11.1...6.11.4">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ariabuckles">ariabuckles</a>, a new releaser for markdown-to-jsx since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+5 -5

0 comment

2 changed files

dependabot[bot]

pr closed time in a month

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha e010433115748880ce6700aeeb1aece9663f0ad3

[Skip CI] auto deploy

view details

push time in a month

push eventroderickhsiao/idle-tracker

dependabot[bot]

commit sha 83473f5ce2f7b8c7f47ced4fc6c57b4db095b3c9

Bump bl from 4.0.2 to 4.0.3 (#24) Bumps [bl](https://github.com/rvagg/bl) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/rvagg/bl/releases) - [Commits](https://github.com/rvagg/bl/compare/v4.0.2...v4.0.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in a month

PR merged roderickhsiao/idle-tracker

Bump bl from 4.0.2 to 4.0.3 dependencies

Bumps bl from 4.0.2 to 4.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rvagg/bl/releases">bl's releases</a>.</em></p> <blockquote> <h2>v4.0.3</h2> <p>Fix unintialized memory access</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rvagg/bl/commit/f659836cc84211cad41b73bad89c78f7f874c626"><code>f659836</code></a> Bumped v4.0.3</li> <li><a href="https://github.com/rvagg/bl/commit/7a4ae7f818a4ceba234f3d186a1ffb3f0a34ad0c"><code>7a4ae7f</code></a> Node v14</li> <li><a href="https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190"><code>d3e240e</code></a> Fix unintialized memory access</li> <li><a href="https://github.com/rvagg/bl/commit/1c590ad49e10a158783ada7cc0662d9e0cc6cc11"><code>1c590ad</code></a> add license MIT tag to package.json (<a href="https://github-redirect.dependabot.com/rvagg/bl/issues/83">#83</a>)</li> <li>See full diff in <a href="https://github.com/rvagg/bl/compare/v4.0.2...v4.0.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

delete branch roderickhsiao/So-You-Think-You-Can-Dance

delete branch : dependabot/npm_and_yarn/packages/crawler/bl-4.0.3

delete time in a month

push eventroderickhsiao/So-You-Think-You-Can-Dance

dependabot[bot]

commit sha 05cf82a194322134a5fedffa4aecce73f0446221

Bump bl from 4.0.2 to 4.0.3 in /packages/crawler (#68) Bumps [bl](https://github.com/rvagg/bl) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/rvagg/bl/releases) - [Commits](https://github.com/rvagg/bl/compare/v4.0.2...v4.0.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

push time in a month

PR merged roderickhsiao/So-You-Think-You-Can-Dance

Bump bl from 4.0.2 to 4.0.3 in /packages/crawler dependencies

Bumps bl from 4.0.2 to 4.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rvagg/bl/releases">bl's releases</a>.</em></p> <blockquote> <h2>v4.0.3</h2> <p>Fix unintialized memory access</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rvagg/bl/commit/f659836cc84211cad41b73bad89c78f7f874c626"><code>f659836</code></a> Bumped v4.0.3</li> <li><a href="https://github.com/rvagg/bl/commit/7a4ae7f818a4ceba234f3d186a1ffb3f0a34ad0c"><code>7a4ae7f</code></a> Node v14</li> <li><a href="https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190"><code>d3e240e</code></a> Fix unintialized memory access</li> <li><a href="https://github.com/rvagg/bl/commit/1c590ad49e10a158783ada7cc0662d9e0cc6cc11"><code>1c590ad</code></a> add license MIT tag to package.json (<a href="https://github-redirect.dependabot.com/rvagg/bl/issues/83">#83</a>)</li> <li>See full diff in <a href="https://github.com/rvagg/bl/compare/v4.0.2...v4.0.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+10 -14

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 781822f73c5ffd140d5ab16e8b275f43ab7216fb

[Skip CI] auto deploy

view details

push time in a month

issue commentjoeattardi/emoji-button

[Feature] Emoji names internationalization

Thanks for the library!

I think what we can support locale data without increasing the main bundle is let user to provide the data

  1. build time generated locale data
  2. export those data like emoji-button/locale-data/fr.js
  3. when initialized the component
import frEmojiData from 'emoji-button/locale-data/fr';
const emojiButton = new EmojiButton({
  localeData: frEmojiData
});
  1. use en as default but replace with custom passed in data

in this case it won't be included in main bundle and user decide which locale data to display/search.

qortex

comment created time in a month

startedmgechev/google-interview-preparation-problems

started time in a month

issue commentformatjs/formatjs

[RFC] Enforcing AST at runtime in `FormattedMessage`/`formatMessage`

Thanks @longlho for the hard work, we actually pretty thrilled to see if we can improve the performance. Due to the complexity of the app, I'll need some more time to have solid experiment data related to the pre-parsed AST changes, but I'll update team once I have some more concrete details.

Cheers

longlho

comment created time in a month

issue commentformatjs/formatjs

[RFC] Enforcing AST at runtime in `FormattedMessage`/`formatMessage`

From Tinders's use case,

we have around 1300 messages 102kb and we dehydrate the message from server side to client side (JSON), after measuring the initial lighthouse score, we decide not to rollout the pre-parsed AST version as it negatively affect the score. The increase in page load size seems to be expensive for 3g network conditions and also increase the initial render parsing.

Not sure if it is worth it to trade a runtime 100ms for connection time for bigger payload?

longlho

comment created time in a month

startedmikecao/umami

started time in a month

Pull request review commentyahoo/subscribe-ui-event

Remove event listener after test

 {   "name": "subscribe-ui-event",-  "version": "2.0.5",+  "version": "2.0.6",

Just realized that you bump 2.0.6 already lol, @redonkulus could you help to release 2.0.7 💙

roderickhsiao

comment created time in a month

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha ac4a3aaa164f242f202b4d34661ae852f431a402

[Skip CI] auto deploy

view details

push time in a month

push eventroderickhsiao/So-You-Think-You-Can-Dance

snyk-bot

commit sha da26d1c4d9c379899a605e53601d1d16ab2ba1f1

fix: packages/crawler/package.json & packages/crawler/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103

view details

push time in a month

delete branch roderickhsiao/subscribe-ui-event

delete branch : passiveRemove

delete time in a month

issue commentyahoo/subscribe-ui-event

Listen element's scroll not only window's

You can pass target in the option config https://github.com/yahoo/subscribe-ui-event/blob/master/src/mainEventConnectors.js#L96

hellopath

comment created time in 2 months

PR opened yahoo/subscribe-ui-event

Remove event listener after test

Forget to remove the listener after test.

+2 -1

0 comment

2 changed files

pr created time in 2 months

create barnchroderickhsiao/subscribe-ui-event

branch : passiveRemove

created branch time in 2 months

push eventroderickhsiao/idle-tracker

Roderick Hsiao

commit sha c4ea1d3841d3adb5903d9425b6aeac420b189d3a

Remove listener after test

view details

push time in 2 months

push eventroderickhsiao/idle-tracker

Roderick Hsiao

commit sha 79a9ebe3482a8f33054f44bab06e3593523ed3cd

Release 0.0.7

view details

push time in 2 months

push eventroderickhsiao/idle-tracker

Roderick Hsiao

commit sha 6a85e09ebbc2e6f08cab86bebda42688a6010ed3

Support passive event and fix memory leak

view details

push time in 2 months

push eventroderickhsiao/idle-tracker

Roderick Hsiao

commit sha e91ec68683b0e5a512f68f561f4138a92f4055d5

Create supportPassiveEvent.js

view details

push time in 2 months

issue commentroderickhsiao/react-in-viewport

return after disconnecting

leaveCountRef.current += 1;
inViewportRef.current = isInViewport;
forceUpdate(isInViewport);

Still required to update the component at that specific exit for viewport.

sibasishm

comment created time in 2 months

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 14e490855027f8cef5713812643f58b75039a82e

[Skip Ci] Daily cron job update

view details

push time in 2 months

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 2c43c985ca5657f88544128b12f331a358240ebf

[Skip CI] auto deploy

view details

push time in 2 months

delete branch roderickhsiao/So-You-Think-You-Can-Dance

delete branch : snyk-upgrade-c724425c2e0722f2318a71f088bbca1e

delete time in 2 months

push eventroderickhsiao/So-You-Think-You-Can-Dance

Snyk bot

commit sha cf709a63e5b71ee842442b69798055d7ec0e538f

[Snyk] Upgrade @material-ui/core from 4.9.5 to 4.9.12 (#59) * fix: upgrade @material-ui/core from 4.9.5 to 4.9.12 Snyk has created this PR to upgrade @material-ui/core from 4.9.5 to 4.9.12. See this package in NPM: https://www.npmjs.com/package/@material-ui/core See this project in Snyk: https://app.snyk.io/org/roderickhsiao/project/03239e39-6e83-41fa-84ac-d99626797509?utm_source=github&utm_medium=upgrade-pr * fix: upgrade @material-ui/core from 4.9.5 to 4.9.12 Snyk has created this PR to upgrade @material-ui/core from 4.9.5 to 4.9.12. See this package in NPM: https://www.npmjs.com/package/@material-ui/core See this project in Snyk: https://app.snyk.io/org/roderickhsiao/project/03239e39-6e83-41fa-84ac-d99626797509?utm_source=github&utm_medium=upgrade-pr

view details

push time in 2 months

PR merged roderickhsiao/So-You-Think-You-Can-Dance

[Snyk] Upgrade @material-ui/core from 4.9.5 to 4.9.12

<h3>Snyk has created this PR to upgrade @material-ui/core from 4.9.5 to 4.9.12.</h3>

merge advice

<details> <summary>✨What is Merge Advice?</summary> We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues.<a href="https://support.snyk.io/hc/en-us/articles/360007389537" target="_blank"> Learn more</a>, and <a href="https://forms.gle/gg4TXpp5pukJxC23A" target="_blank">share your feedback</a> to help improve this feature. 🙏 </details> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/>

  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released 5 days ago, on 2020-04-26.

<hr/>

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

<!--- (snyk:metadata:{"prId":"afd46cef-85ce-4d15-a93c-ae2f728d5f09","dependencies":[{"name":"@material-ui/core","from":"4.9.5","to":"4.9.12"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/roderickhsiao/project/03239e39-6e83-41fa-84ac-d99626797509?utm_source=github&utm_medium=upgrade-pr","projectPublicId":"03239e39-6e83-41fa-84ac-d99626797509","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":7,"publishedDate":"2020-04-26T23:18:07.311Z"},"templateVariants":["merge-advice-badge-shown"],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false}) --->

+1267 -77

0 comment

2 changed files

snyk-bot

pr closed time in 2 months

delete branch roderickhsiao/roderickhsiao.me

delete branch : dependabot/npm_and_yarn/serialize-javascript-4.0.0

delete time in 2 months

push eventroderickhsiao/roderickhsiao.me

dependabot[bot]

commit sha a3b9b931f81bdf84d9e0c4bb1f18d1e17bc2c921

Bump serialize-javascript from 2.1.2 to 4.0.0 Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 2.1.2 to 4.0.0. - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](https://github.com/yahoo/serialize-javascript/compare/v2.1.2...v4.0.0) Signed-off-by: dependabot[bot] <support@github.com>

view details

Roderick Hsiao

commit sha 760cedd78529fee927f99334100e47c83867a719

Merge pull request #26 from roderickhsiao/dependabot/npm_and_yarn/serialize-javascript-4.0.0 Bump serialize-javascript from 2.1.2 to 4.0.0

view details

push time in 2 months

PR merged roderickhsiao/roderickhsiao.me

Bump serialize-javascript from 2.1.2 to 4.0.0 dependencies

Bumps serialize-javascript from 2.1.2 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/yahoo/serialize-javascript/releases">serialize-javascript's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p><strong>Changelog</strong></p> <ul> <li>Bump nyc from 15.0.1 to 15.1.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/85">#85</a>)</li> <li>support for bigint (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/80">#80</a>)</li> </ul> <p><strong>Behavior changes for BigInt</strong></p> <p>It serializes <code>BigInt</code> values as follows since this version. The result of serialization may be changed if you are passing <code>BigInt</code> values into the serialize-javascript.</p> <p>v4.x:</p> <pre lang="js"><code>const serialize = require('serialize-javascript'); <p>serialize({big: BigInt('10')}); // '{"big":BigInt("10")}' </code></pre></p> <p>v3.x:</p> <pre lang="js"><code>const serialize = require('serialize-javascript'); <p>serialize({big: BigInt('10')}); // throws error </code></pre></p> <hr /> <p>Thank you <a href="https://github.com/mum-never-proud">@mum-never-proud</a> for this release.</p> <h2>v3.1.0</h2> <ul> <li>Bump mocha from 7.1.2 to 7.2.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/83">#83</a>)</li> <li>Bump mocha from 7.1.1 to 7.1.2 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/82">#82</a>)</li> <li>Bump nyc from 15.0.0 to 15.0.1 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/81">#81</a>)</li> <li>Don't replace regex / function placeholders within string literals (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/79">#79</a>)</li> <li>[Security] Bump minimist from 1.2.0 to 1.2.5 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/78">#78</a>)</li> <li>Bump mocha from 7.1.0 to 7.1.1 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/77">#77</a>)</li> <li>Bump mocha from 7.0.1 to 7.1.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/74">#74</a>)</li> <li>Update example in README (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/73">#73</a>)</li> </ul> <p>Note: the <code>randombytes</code> has been added to the dependency package to improve the generation of UIDs. Check the <a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/22">#22</a> for more information. Thanks to <a href="https://github.com/JordanMilne">@JordanMilne</a> and <a href="https://github.com/Siebes">@Siebes</a> for this change.</p> <h2>v3.0.0</h2> <ul> <li>Introduce support for Infinity (<a href="https://github.com/vthibault">@vthibault</a>, <a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/72">#72</a>)</li> <li>Bump mocha from 7.0.0 to 7.0.1 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/71">#71</a>)</li> <li>Test on Node.js v12 (<a href="https://github.com/okuryu">@okuryu</a>, <a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/70">#70</a>)</li> <li>Bump mocha from 6.2.2 to 7.0.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/69">#69</a>)</li> <li>Bump nyc from 14.1.1 to 15.0.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/68">#68</a>)</li> </ul> <h3>Behavior changes for <code>Infinity</code></h3> <p>It serializes <code>Infinity</code> values as follows since this version. The result of serialization may be changed if you are passing <code>Infinity</code> values into the <code>serialize-javascript</code>.</p> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yahoo/serialize-javascript/commit/a8a458c9a98771005d9315f11b4fd6e61373de21"><code>a8a458c</code></a> v4.0.0</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/0849988db3028121f060ba32da7c75e14e0fd3ce"><code>0849988</code></a> Update example code</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/e997f216f7f5ed5d1fda442471a4a80eeb9e8192"><code>e997f21</code></a> Bump nyc from 15.0.1 to 15.1.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/85">#85</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/418dd82b071e9c798be4bf8c3ac194495f191974"><code>418dd82</code></a> Revert "Revert "support for bigint (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/80">#80</a>)""</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/b54341e3f4be20b415148219767049173f0974d8"><code>b54341e</code></a> v3.1.0</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/7cee7e4a4c65a34817678cec444f5cbe9b9e7e8b"><code>7cee7e4</code></a> Revert "support for bigint (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/80">#80</a>)"</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/026a44501826fa848481944f6f20935fcdc6ba7a"><code>026a445</code></a> Bump mocha from 7.1.2 to 7.2.0 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/83">#83</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/5130a71ecd70cfc9f9fdafdaa1b394b00ea902e2"><code>5130a71</code></a> support for bigint (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/80">#80</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/ea76b2312dcc0d10022b22215fde5ec0194d7837"><code>ea76b23</code></a> Bump mocha from 7.1.1 to 7.1.2 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/82">#82</a>)</li> <li><a href="https://github.com/yahoo/serialize-javascript/commit/073c8d8c0da9e52425ea246c4672ca7d11225ea7"><code>073c8d8</code></a> Bump nyc from 15.0.0 to 15.0.1 (<a href="https://github-redirect.dependabot.com/yahoo/serialize-javascript/issues/81">#81</a>)</li> <li>Additional commits viewable in <a href="https://github.com/yahoo/serialize-javascript/compare/v2.1.2...v4.0.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

startedGoogleChromeLabs/progressive-tooling

started time in 2 months

startedzachleat/speedlify

started time in 2 months

startedreact-spring/zustand

started time in 2 months

startedreactjs/react-gradual-upgrade-demo

started time in 2 months

push eventroderickhsiao/So-You-Think-You-Can-Dance

snyk-bot

commit sha e04f8861af1b789a75a56558cc9eabca29755f66

fix: packages/website/package.json & packages/website/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FLAT-596927

view details

push time in 2 months

startedlindelof/awesome-web-effect

started time in 2 months

startedmoroshko/react-scanner

started time in 2 months

push eventroderickhsiao/So-You-Think-You-Can-Dance

Roderick Hsiao

commit sha 5cca4972af0e193314d77611636eecdd227b01c9

[Skip CI] auto deploy

view details

push time in 2 months

push eventroderickhsiao/formatjs-1

Roderick Hsiao

commit sha 3349df6e59dc533dbe9b0c6b7a7ded6f05081788

Coding style

view details

push time in 2 months

PR opened formatjs/formatjs

Handle missing ICU data bug

Better handle https://github.com/formatjs/formatjs/issues/1879 when browser doesn't include full ICU data where the prototype function exists.

+12 -1

0 comment

1 changed file

pr created time in 2 months

push eventroderickhsiao/formatjs-1

Roderick Hsiao

commit sha 067b676abeee52af8ef5e60d68e0e00e8d598883

Handle missing ICU data bug

view details

push time in 2 months

fork roderickhsiao/formatjs-1

The monorepo home to all of the FormatJS related libraries, most notably react-intl.

https://formatjs.io/

fork in 2 months

issue closedformatjs/formatjs

Ast parser exception

Which package? intl-messageformat-parser@5.3.7

Describe the bug Parsing exception thrown if one escape character is in front of xml tag

To Reproduce Code sandbox

  1. Try to parse string with ' directly in front of the tag (some language such as French will have sentence like Télécharger à partir d'Instagram (upload from Instagram)
const messageWithError = `{source, select, a {I select <b>A</b>} b {I select d'<b>B</b>}}`;
  1. Syntax error thrown
import { parse } from "intl-messageformat-parser";

const message = `{source, select, a {I select <b>A</b>} b {I select <b>B</b>}}`;
console.log(parse(message)); // no error

const messageWithError = `{source, select, a {I select <b>A</b>} b {I select d'<b>B</b>}}`;
console.log(parse(messageWithError));
// SyntaxError: Expected "#", "'", "\n", "{", argumentElement, double apostrophes, end of input, or tagElement but "<" found.`

Expected behavior A string directly in the front of an xml tag should consider valid

closed time in 2 months

roderickhsiao

issue commentformatjs/formatjs

Ast parser exception

Thanks for the details explanation! Not sure if its easy for people to avoid using U+2019 but I think if its by the spec, should be a correct behavior.

roderickhsiao

comment created time in 2 months

issue commentformatjs/formatjs

[F.Y.I] Browser bugs for Intl.DisplayNames (Android)

Ha, not sure if its helpful as I think most of people will do the same prototype type method check in the code base to reduce bundlesize, and if so, the polyfill won't bel load

if (!Intl.DisplayName) {
  // load polyfill
}
roderickhsiao

comment created time in 2 months

issue openedformatjs/formatjs

[F.Y.I] Browser bugs for Intl.DisplayNames (Android)

Which package?

@formatjs/intl-displaynames

Is this a BUG REPORT or FEATURE REQUEST? (choose one)

This is not a bug of the library, just put it up here in case people are searching for similar issues. Our recommendation in the library it detect if Intl.DisplayNames is available then load the polyfills and intl data, however, Android only ship the method without full ICU data, hence the polyfill fallback won't work as expected.

Expected behavior

Browser doesn't have full ICU data for Intl.DisplayNames when Intl.DisplayNames method is available. (Only "US" is available even in English)

const regionNames = new Intl.DisplayNames(['en'], {type: 'region'}); 
console.log(regionNames.of('US')); // United States
console.log(regionNames.of('CA')); // Canada

Current behavior

const regionNames = new Intl.DisplayNames(['en'], {type: 'region'}); 
console.log(regionNames.of('US')); // United States
console.log(regionNames.of('CA')); // CA

Step to reproduce for BUG REPORT

https://bugs.chromium.org/p/chromium/issues/detail?id=1097432

1. Intl.DisplayNames // Check if Intl.DisplayNames exists, will return the constructor function
2. Intl.DisplayNames.supportedLocalesOf(['en', 'zh-Hant']); // Check if locales supported, expecting return true
3. const regionNames = new Intl.DisplayNames(['en'], {type: 'region'}); // constructor, expecting no return value (undefined), console.log(regionNames) should return the instance
4. regionNames.of('US') // To show US's region name, expecting "United States" (correct)
5. regionNames.of('CA') // To show CA's region name. expecting "Canada" (wrong, returning "CA")
6. const regionNamesTW = new Intl.DisplayNames(['zh-Hant'], {type: 'region'}); // constructor for locale
7. regionNamesTW.of('US'); // expecting "美國" (wrong, returning "United States")
8. regionNamesTW.of('CA'); // expecting "加拿大" (wrong, returning  "CA")

Extra

Currently our workaround is to do a false check if regionNames.of('CA') === 'CA conditionally and detect the native method in favor of polyfill

created time in 2 months

issue openedformatjs/formatjs

Ast parser exception

Which package? intl-messageformat-parser@5.3.7

Describe the bug Parsing exception thrown if one escape character is in front of xml tag

To Reproduce Code sandbox

  1. Try to parse string with ' directly in front of the tag (some language such as French will have sentence like Télécharger à partir d'Instagram (upload from Instagram)
const messageWithError = `{source, select, a {I select <b>A</b>} b {I select '<b>B</b>}}`;
  1. Syntax error thrown
`SyntaxError: Expected "#", "'", "\n", "{", argumentElement, double apostrophes, end of input, or tagElement but "<" found.`

Expected behavior A string directly in the front of an xml tag should consider valid

created time in 2 months

startedpmmmwh/react-refresh-webpack-plugin

started time in 2 months

delete branch roderickhsiao/react-intl

delete branch : patch-2

delete time in 2 months

startedGoogleChromeLabs/AutoWebPerf

started time in 2 months

startedModusCreateOrg/gimbal

started time in 2 months

issue commentyahoo/react-i13n

React I13n 3.0.0

If anyone can help https://github.com/yahoo/react-i13n/pull/259 will unblock the biggest task for 3.0.0 :)

roderickhsiao

comment created time in 2 months

startedpetyosi/react-virtuoso

started time in 2 months

starteduber/react-view

started time in 2 months

startedfrancisrstokes/super-expressive

started time in 2 months

startedflexbox/machine-learning-with-javascript

started time in 2 months

starteddaybrush/moveable

started time in 2 months

startedjoeattardi/emoji-button

started time in 2 months

startedimmerjs/immer

started time in 2 months

startedinfinitered/nsfwjs

started time in 2 months

push eventroderickhsiao/roderickhsiao

Roderick Hsiao

commit sha a2762e97f8782e8ed98e8d30f10c783d0baaeaa6

Update README.md

view details

push time in 2 months

more