Bump minimist, extract-zip, mkdirp and publish-please

[dependabot[bot]]

Bumps minimist to 1.2.8 and updates ancestor dependencies minimist, extract-zip, mkdirp and publish-please. These dependencies need to be updated together.

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates extract-zip from 1.6.7 to 1.7.0

Release notes

Sourced from extract-zip's releases.

1.7.0

Added

• Error handler for zipfile object (#67)

Changed

• Don't pin dependency requirements to specific versions (#88)

1.6.8

Dependencies

• Update mkdirp to 0.5.4.

Commits

• c2b1c17 1.7.0
• 990fc64 Add error handler to zipfile object (#67)
• 8285111 feat: don't pin dependency requirements (#88)
• 2a8df24 1.6.8
• 30ab06c build(deps): upgrade mkdirp to 0.5.4 for security
• 2b2a84e build: ignore lock files
• See full diff in compare view

Updates mkdirp from 0.5.1 to 0.5.6

Commits

• 92f086d 0.5.6
• 2a28125 clean up tests
• c905d65 update minimist
• 049cf18 0.5.5
• bea6382 Remove unnecessary umask calls
• 42a012c 0.5.4
• 2867920 fix infinite loop on windows machines
• d784e70 0.5.3
• d612c5d add files list so this package isn't a monster
• b2e7ba0 0.5.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates publish-please from 3.2.0 to 5.5.2

Release notes

Sourced from publish-please's releases.

v5.5.1

[5.5.1] - 2019-07-28

Fixed

• fix vulnerability in lodash (by Phillip Manwaring)

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#551---2019-07-28

v5.5.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#550---2019-07-01

v5.4.3

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#543---2018-12-02

v5.4.2

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#542---2018-11-29

v5.4.1

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#541---2018-11-26

v5.4.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#540---2018-11-26

v5.3.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#530---2018-11-21

v5.2.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#520---2018-11-04

v5.1.1

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#511---2018-10-30

v5.1.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#510---2018-10-29

v5.0.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#5000---2018-10-27

v4.1.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#410---2018-10-13

v4.0.1

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#401---2018-10-11

v4.0.0

Changelog: https://github.com/inikulin/publish-please/blob/master/CHANGELOG.md#400---2018-10-01

Changelog

Sourced from publish-please's changelog.

[5.5.2] - 2020-10-08

Fixed

• fix vulnerability in lodash (by Arseniy Rubtsov)

[5.5.1] - 2019-07-28

Fixed

• fix vulnerability in lodash (by Phillip Manwaring)

[5.5.0] - 2019-07-01

Added

• add the ability to use a tag prefix (by Fredrik Wollsén)

[5.4.3] - 2018-12-02

Changed

• align the README with all previous changes

[5.4.2] - 2018-11-29

Fixed

• fix CI reporter on TeamCity

[5.4.1] - 2018-11-26

Fixed

• package 5.4.0 was published too early. Do not use it.

[5.4.0] - 2018-11-26

Changed

• dry-run workflow should not prompt for user input

Fixed

• tgz file is left in project directory after successfull dry-run

Fixed

• last message showned in publishing workflow is not correct

[5.3.0] - 2018-11-21

Added

• add a CI reporter and be able to automatically switch from elegant status reporter to CI reporter when running on CI

[5.2.0] - 2018-11-04

Added

• be able to override .sensitivedata on per project basis

[5.1.1] - 2018-10-30

Fixed

• fix: tgz file is left in project directory after publishing

[5.1.0] - 2018-10-29

Changed

• update/remove dependencies

[5.0.0] - 2018-10-27

Fixed

... (truncated)

Commits

• d90ef2f Merge pull request #98 from arubtsov/bump-lodash
• d5bcc49 bump version and update CHANGELOG.md
• 55bf951 fix 'Should allow publishing with special flag'
• c005721 fix npx integration tests with npm audit
• a4e4d73 fix integration test for lodash (4.17.20)
• 434478c fix 'Should ignore vulnerabilities configured in .auditignorefile'
• a4e6d1f fix 'Should report vulnerability that is not stored in .auditignore file (pac...
• cccaecf fix 'Should report vulnerability that is not stored in .auditignore file '
• 067f063 fix 'Should report vulnerability on lodash@4.16.4 as direct dependency'
• 923ab78 fix 'Should report vulnerability on lodash < 4.17.5 as transitive dependency'
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rb3as, a new releaser for publish-please since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MozillaReality/fxr-cli/network/alerts).