Bump json5, @wordpress/scripts and loader-utils in /compat-js

[dependabot[bot]]

Bumps json5 to 2.2.3 and updates ancestor dependencies json5, @wordpress/scripts and loader-utils. These dependencies need to be updated together.

Updates json5 from 2.2.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates @wordpress/scripts from 16.1.4 to 25.1.0

Changelog

Sourced from @​wordpress/scripts's changelog.

25.1.0 (2023-01-02)

25.0.0 (2022-12-14)

Breaking Changes

• Updated dependencies to require React 18 (45235)

24.6.0 (2022-11-16)

24.5.0 (2022-11-02)

24.4.0 (2022-10-19)

24.3.0 (2022-10-05)

24.2.0 (2022-09-21)

24.1.0 (2022-09-13)

New Features

• Update the default webpack config to allow webp image format (#43880).
• Update webpack configuration for the build and start commands to automatically copy PHP files listed in the render field of block.json files from the source to the build folder (#43917).

24.0.0 (2022-08-24)

Breaking Change

• Increase the minimum Node.js version to 14 and minimum npm version to 6.14.4 (#43141).
• The bundled @wordpress/eslint-plugin package got updated to the new major version and the default linting for Jest unit tests is now handled in the default config in this package (#43272).

Bug Fix

• Packages: Replace is-plain-obj with is-plain-object (#43511).

23.7.2 (2022-08-17)

Bug Fix

• Jest Preset: Improve is-plain-obj transformation ignore (#43271).

23.7.1 (2022-08-12)

Bug Fix

• Jest Preset: Ignore is-plain-obj transformation (#43179).

23.6.0 (2022-07-27)

... (truncated)

Commits

• 200bee7 chore(release): publish
• 54dbc81 Update changelog files
• 7b578b1 Merge changes published in the Gutenberg plugin "release/14.9" branch
• 1eb65aa chore(release): publish
• bcb7752 Update changelog files
• b0e6e34 Merge changes published in the Gutenberg plugin "release/14.8" branch
• 7ac04f4 chore(release): publish
• 640566e Update changelog files
• 511f4cc chore(release): publish
• 76b1b0e Update changelog files
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by gutenbergplugin, a new releaser for @​wordpress/scripts since your current version.

Updates loader-utils from 1.4.2 to 3.2.1

Release notes

Sourced from loader-utils's releases.

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

v3.2.0

3.2.0 (2021-11-11)

Features

• hash uniformity for base digests (451858b)

v3.1.3

3.1.3 (2021-11-04)

Bug Fixes

• crash with md4 hash (#198) (ef084d4)

v3.1.2

3.1.2 (2021-11-04)

Bug Fixes

• bug with unicode characters (#196) (0426405)

v3.1.1

3.1.1 (2021-11-04)

Bug Fixes

• base64 and unicode characters (02b1f3f)

v3.1.0

3.1.0 (2021-10-29)

Features

• added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

v3.0.0

3.0.0 (2021-10-20)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

3.2.0 (2021-11-11)

Features

• hash uniformity for base digests (451858b)

3.1.3 (2021-11-04)

Bug Fixes

• crash with md4 hash (#198) (ef084d4)

3.1.2 (2021-11-04)

Bug Fixes

• bug with unicode characters (#196) (0426405)

3.1.1 (2021-11-04)

Bug Fixes

• base64 and unicode characters (02b1f3f)

3.1.0 (2021-10-29)

Features

• added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

3.0.0 (2021-10-20)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 12.13.0 (93a87ce)
• use xxhash64 by default for [hash]/[contenthash] and getHashDigest API
• [emoji] was removed without replacements, please use custom function if you need this

... (truncated)

Commits

• a3fd3ca chore(release): 3.2.1
• d2d752d fix: ReDoS problem (#224)
• 52cd134 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#209)
• 9fe2381 chore: add .gitattributes for normalizing end of lines - fixes #203 (#204)
• a282654 chore(release): 3.2.0
• f2a524b chore(deps): update (#200)
• 451858b feat: hash uniformity for base digests
• f7dbfe1 chore(release): 3.1.3
• ef084d4 fix: crash with md4 hash (#198)
• 097f5c3 chore(release): 3.1.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FortAwesome/wordpress-fontawesome/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.