Minor Release 1.9.0

• Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @babycannotsay for their contribution!

Patch release 1.8.2

• Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @gerdasi and @mastertheblaster for reporting and confirming the bug!

Patch release 1.8.1

• Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @clytras for their contribution!

Minor release 1.8.0

• Add anchors to keyword regex (#64)

Thanks to @cq360767996 for their contribution!

Patch Release 1.7.4

• Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)

Patch Release 1.7.3

• Fix hue modulo operation (#50)

Thanks to @adroitwhiz for their contributions.

Patch Release 1.7.2

• Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)

Thanks to @tolmasky for their contributions.

Patch release 1.7.1

• Reduce acceptable characters in keyword matching regex (#42)

Thanks to @benmccann for their contributions!

Minor Release 1.7.0

• Add support for space-separated RGB (#58)
• Removed Travis CI in favor of Github Actions
• Small repository cleanup.

Thanks to @JJC1138 and @clytras for their contributions!

Minor release 1.6.0

• #55 - Add support for space-separated HSL

Thanks @htunnicliff for the contribution :)

Release notes copied verbatim from the commit message, which can be found here: 0789e21284c33d89ebc4ab4ca6f759b9375ac9d3

Discovered by Yeting Li, c/o Colin Ife via Snyk.io.

A ReDos (Regular Expression Denial of Service) vulnerability
was responsibly disclosed to me via email by Colin on
Mar 5 2021 regarding an exponential time complexity for
linearly increasing input lengths for `hwb()` color strings.

Strings reaching more than 5000 characters would see several
milliseconds of processing time; strings reaching more than
50,000 characters began seeing 1500ms (1.5s) of processing time.

The cause was due to a the regular expression that parses
hwb() strings - specifically, the hue value - where
the integer portion of the hue value used a 0-or-more quantifier
shortly thereafter followed by a 1-or-more quantifier.

This caused excessive backtracking and a cartesian scan,
resulting in exponential time complexity given a linear
increase in input length.

Thank you Yeting Li and Colin Ife for bringing this to my
attention in a secure, responsible and professional manner.

A CVE will not be assigned for this vulnerability.

• Removes rounding of alpha values in RGBA hex (#rrggbbaa) and condensed-hex (#rgba) parsers, which caused certain unique inputs to result in identical outputs (see https://github.com/qix-/color/issues/174).

• Fixed: HSL alpha channel (#16)
• Fixed: ability to parse signed number (#15)
• Removed: component.json
• Removed: browser build

- Added: license field to package.json (#17)

Check out commit logs for earlier releases