chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
debug	`4.3.1`	`4.3.2`
plotly.js	`1.48.3`	`2.25.2`
es5-ext	`0.10.50`	`0.10.64`
ip	`1.1.5`	`1.1.9`
moment	`2.26.0`	`2.30.1`
node-fetch	`2.6.0`	`2.7.0`
underscore	`1.9.1`	`1.13.6`
word-wrap	`1.2.3`	`1.2.5`
y18n	`4.0.0`	`4.0.3`

Updates debug from 4.3.1 to 4.3.2

Release notes

Sourced from debug's releases.

4.3.2

Patch release 4.3.2

Caches enabled statuses on a per-logger basis to speed up .enabled checks (#799)

Thank you @omg!

Commits

e47f96d 4.3.2
1e9d38c cache enabled status per-logger (#799)
See full diff in compare view

Updates plotly.js from 1.48.3 to 2.25.2

Release notes

Sourced from plotly.js's releases.

v2.25.2

Changed

Update Croatian translations in hr locale [#6690], with thanks to @Mkranj for the contribution!

Fixed

Fix potential prototype pollution in plot API calls [#6703, 6704]

v2.25.1

Fixed

Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

v2.25.0

Added

Add "Equal Earth" projection to geo subplots [#6670], with thanks to @apparebit for the contribution!

Add options to include legends for shapes and newshape [#6653]

Add Plotly.deleteActiveShape command [#6679]

Fixed

Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @lvlte for the contribution!

Fix text markers on non-mapbox styled maps [#6652], with thanks to @baurt for the contribution!

Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

v2.24.3

Fixed

Fix double clicking one item in a legend hides traces in other legends [#6655]

Fix double click pie slices when having multiple legends [#6657]

Fix per legend group and traceorder defaults when having multiple legends [#6664]

v2.24.2

Fixed

Fix legend groups toggle (regression introduced in 2.22.0) #6639

Fix waterfall hovertemplate not showing delta on totals similar #6635

v2.24.1

Fixed

Fix minimal copying of arrays in minExtend function (regression introduced in 2.24.0) #6632

v2.24.0

Added

add pattern to pie, funnelarea, sunburst, icicle and treemap traces [#6601, #6619, #6622, #6626, #6627, #6628, #6629], with thanks to @thierryVergult for the contribution!

Fixed

Fix to prevent accessing undefined (hoverText.hoverLabels) in case all currently shown markers have hoverinfo: "none" (regression introduced in 2.6.0) #6614,

... (truncated)

Changelog

Sourced from plotly.js's changelog.

[2.25.2] -- 2023-08-11

Changed

Update Croatian translations in hr locale [#6690], with thanks to @Mkranj for the contribution!

Fixed

Fix potential prototype pollution in plot API calls [#6703, 6704]

[2.25.1] -- 2023-08-02

Fixed

Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

[2.25.0] -- 2023-07-25

Added

Add "Equal Earth" projection to geo subplots [#6670], with thanks to @apparebit for the contribution!

Add options to include legends for shapes and newshape [#6653]

Add Plotly.deleteActiveShape command [#6679]

Fixed

Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @lvlte for the contribution!

Fix text markers on non-mapbox styled maps [#6652], with thanks to @baurt for the contribution!

Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

[2.24.3] -- 2023-07-05

Fixed

Fix double clicking one item in a legend hides traces in other legends [#6655]

Fix double click pie slices when having multiple legends [#6657]

Fix per legend group and traceorder defaults when having multiple legends [#6664]

[2.24.2] -- 2023-06-09

Fixed

Fix legend groups toggle (regression introduced in 2.22.0) #6639

Fix waterfall hovertemplate not showing delta on totals similar #6635

[2.24.1] -- 2023-06-07

Fixed

... (truncated)

Commits

e824199 2.25.2
920a50e update readme and changelog for v2.25.2
27932d6 Merge pull request #6705 from plotly/reduce-flakiness
0249840 Merge pull request #6704 from plotly/nestedProperty-proto
a4a69d5 reduce flakiness on CI
a860a32 Merge pull request #6690 from Mkranj/croatian_translation
5cfbd6e add test
2bec998 guard against polluting proto in nestedProperty
5efd2a1 Merge pull request #6703 from plotly/expandObjectPaths-proto
e1e3175 fix delay in test
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by archmoj, a new releaser for plotly.js since your current version.

Updates es5-ext from 0.10.50 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

Manifest improvements:

(#190) (b8dc53f)

(c51d552)

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Bump dependencies (d7e0a61)

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

Improve postinstall script configuration (ab6b121)

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

Do not rely on problematic regex (3551cdd), addresses #201

Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021

Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

Manifest improvements:

(#190) (b8dc53f)

(c51d552)

0.10.61 (2022-04-20)

Bug Fixes

Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

Improve manifest wording (#122) (eb7ae59)

Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

f76b03d chore: Release v0.10.64
2881acd chore: Bump dependencies
c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
16f2b72 docs: Fix date in the changelog
de4e03c chore: Release v0.10.63
3fd53b7 chore: Upgrade lint-staged to v13
bf8ed79 chore: Ensure postinstall script does not crash on Windows
2cbbb07 chore: Bump dependencies
22d0416 chore: Bump LICENSE year
a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
5dc3b2f 1.1.8
8e6f28b lib: even better node 6 support
088c9e5 1.1.7
1a4ca35 lib: add back support for Node.js 6
af82ef4 1.1.6
dba19f6 package: exclude test folder from publishing
7cd7f30 ci: use github workflows
4de50ae lib: node 18 support
See full diff in compare view

Updates minimist from 0.0.5 to 0.0.8

Changelog

Sourced from minimist's changelog.

v0.0.8 - 2014-02-20

Commits

return '' if flag is string and empty fa63ed4

handle joined single letters 66c248f

v0.0.7 - 2014-02-08

Commits

another swap of .test for .match d1da408

v0.0.6 - 2014-02-08

Commits

use .test() instead of .match() to not crash on non-string values in the arguments array 7e0d1ad

Commits

3754568 0.0.8
66c248f handle joined single letters
fa63ed4 return '' if flag is string and empty
cd46bf9 0.0.7
d1da408 another swap of .test for .match
8ef0bdf 0.0.6
7e0d1ad use .test() instead of .match() to not crash on non-string values in the argu...
See full diff in compare view

Updates moment from 2.26.0 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

Release Dec 27, 2023

Revert moment/moment#5827, because it's breaking a lot of TS code.

2.30.0 Full changelog

Release Dec 26, 2023

2.29.4

Release Jul 6, 2022

#6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

Release Apr 17, 2022

#5995 [bugfix] Remove const usage

#5990 misc: fix advisory link

2.29.2 See full changelog

Release Apr 3 2022

Address https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

485d9a7 Build 2.30.1
e048b09 Bump version to 2.30.1
f9f2d58 Update changelog for 2.30.1
a52ffb2 Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"
ddd6809 Build 2.30.0
be64d00 Bump version to 2.30.0
ad41179 Update changelog for 2.30.0
63fe479 [misc] Make code ES6 compatible
0f0195f Revert "Merge pull request #5599 from Alanscut:issue_4985"
15b82f5 Revert "Merge pull request #5597 from Alanscut:issue-5596"
Additional commits viewable in compare view

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

"global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

9b9d458 feat: AbortError (#1744)
65ae25a fix: Remove the default connection close header (#1765)
8bc3a7c fix: socket variable testing for undefined (#1726)
afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
29909d7 fix: handle bom in text and json (#1739)
70f592d fix: "global is not defined" (#1704)
0f1ebb0 Prevent error when response is null (#1699)
6e9464d ci(release): install dependencies
dd2a0ba ci(release): install dependencies
49bef02 ci(release): use latest Node LTS
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates static-eval from 0.2.4 to 2.1.1

Release notes

Sourced from static-eval's releases.

v2.1.1

Update escodegen. @FabianWarnecke in #43

escodegen doesn't officially support all the Node.js versions that static-eval supports, but so far it still works on them. This has been the case for both v1.x and v2.1.0 of escodegen, so the upgrade doesn't change that situation.

v2.1.0

Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@archmoj in #31)

Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

v2.0.5

Fix function bodies being invoked during declaration. (@RoboPhred in #30)

v2.0.4

Short-circuit evaluation in && and || expressions. (@RoboPhred in #28)

Start tracking changes.

v2.0.3

Disallows accessing .constructor and .__proto__ properties, which could be used to access the Function() constructor. (browserify/static-eval#27) Thanks to an anonymous reporter!

Changelog

Sourced from static-eval's changelog.

2.1.1

Update escodegen. @FabianWarnecke in #43

escodegen doesn't officially support all the Node.js versions that static-eval supports, but so far it still works on them. This has been the case for both v1.x and v2.1.0 of escodegen, so the upgrade doesn't change that situation.

2.1.0

Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@archmoj in #31)

Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

2.0.5

Fix function bodies being invoked during declaration. (@RoboPhred in #30)

2.0.4

Short-circuit evaluation in && and || expressions. (@RoboPhred in #28)

Start tracking changes.

Commits

c682147 2.1.1
22fc478 Merge pull request #43 from FabianWarnecke/patch-1
cdf877d Update dependency "escodegen".
aff732b maybe they will email me about "security" issues if i put this in there
1a4d734 2.1.0
054adac ci: add node 14
09c4b83 Merge pull request #31 from archmoj/allow-cwise-transform
e619afc make option to enable allowAccessToMethodsOnFunctions namely to be used by cw...
36587c2 remove trailing spaces
798b0d5 ci: add node 12 and 13
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by goto-bus-stop, a new releaser for static-eval since your current version.

Updates underscore from 1.9.1 to 1.13.6

Commits

bd2d35c Merge remote-tracking branch 'upstream/master'
2e7c0f2 Update generated files, tag 1.13.6 release
732cafe Underscore 1.13.6
e8f86fb Add changelog entry for versioin 1.13.6
43e827a Bump the version to 1.13.6 (hotfix)
1c1d1a2 Remove patch-package postinstall script
4eb6894 Merge pull request #2974 from paulsmithkc/patch-1
2edcdc1 Hostfix for broken builds
66ee70d Verify that production and doc builds still work in CI
68e5eb6 Update generated sources, tag 1.13.5 release
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5

1.2.4

What's Changed

Remove default indent by @mohd-akram in jonschlinkert/word-wrap#24

🔒fix: CVE 2023 26115 (2) by @OlafConijn in jonschlinkert/word-wrap#41

:lock: fix: CVE-2023-26115 by @aashutoshrathi in jonschlinkert/word-wrap#33

chore: publish workflow by @OlafConijn in jonschlinkert/word-wrap#42

New Contributors

@mohd-akram made their first contribution in jonschlinkert/word-wrap#24

@OlafConijn made their first contribution in jonschlinkert/word-wrap#41

@aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4

Commits

207044e 1.2.5
9894315 revert default indent
f64b188 run verb to generate README
03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
bfa694e Update .github/workflows/publish.yml
ace0b3c chore: bump version to 1.2.4
6fd7275 chore: add publish workflow
30d6daf chore: fix test
655929c chore: remove package-lock
Additional commits viewable in compare view

Updates y18n from 4.0.0 to 4.0.3

Changelog

Sourced from y18n's changelog.

4.0.3 (2021-04-07)

Bug Fixes

release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

4.0.1 (2020-11-30)

Bug Fixes

address prototype pollution issue (#108) (a9ac604)

Commits

0aa97c5 chore: release 4.x.x (#128)
a8e7f04 build(release-please): configure branch properly (#127)
1e21a53 fix(release): 4.x.x should not enforce Node 10 (#126)
8dc7580 docs: update CHANGELOG
7de58ca fix: address prototype pollution issue
See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GoogleChrome/lighthouse-ci/network/alerts).

GoogleChrome / lighthouse-ci