chore(deps): bump the dependencies group across 1 directory with 2 updates

[dependabot[bot]]

Bumps the dependencies group with 2 updates in the / directory: @nodesecure/js-x-ray and pacote.

Updates @nodesecure/js-x-ray from 6.3.0 to 7.0.0

Release notes

Sourced from @​nodesecure/js-x-ray's releases.

v7.0.0

What's Changed

• chore(deps): bump is-svg from 4.4.0 to 5.0.0 by @​dependabot in NodeSecure/js-x-ray#181
• Docs: Fix badges in workspaces by @​fabnguess in NodeSecure/js-x-ray#184
• fix the example in readme to prevent "location" field displays wrong way when running as script with Node.js. (nested displayed as [Array]) by @​zxkmm in NodeSecure/js-x-ray#185
• refactor(test): move regress to /issues folder by @​fraxken in NodeSecure/js-x-ray#186
• refactor: remove ASTDeps class and rename Anaysis to SourceFile by @​fraxken in NodeSecure/js-x-ray#187
• refactor: use new SourceParser class by @​fraxken in NodeSecure/js-x-ray#189
• chore(deps): bump string-width from 5.1.2 to 7.0.0 by @​dependabot in NodeSecure/js-x-ray#182
• refactor(probe): allow array of validateNode functions by @​fraxken in NodeSecure/js-x-ray#191
• docs: estree-ast-utils typo by @​PierreDemailly in NodeSecure/js-x-ray#192
• fix(estree-ast-utils): add missing d.ts by @​fraxken in NodeSecure/js-x-ray#193
• feat(getCallExpressionIdentifier): add resolveCallExpression option by @​fraxken in NodeSecure/js-x-ray#194
• refactor: new ProbeRunner class by @​fraxken in NodeSecure/js-x-ray#195
• fix(unsafe-import): warning on unsafe-import using eval/require by @​tchapacan in NodeSecure/js-x-ray#190
• fix(isRequire): do not resolve CallExpr by @​fraxken in NodeSecure/js-x-ray#200
• Remove mockedFunction for Node.js test runner mock method by @​jean-michelet in NodeSecure/js-x-ray#201
• docs: add jean-michelet as a contributor for test by @​allcontributors in NodeSecure/js-x-ray#202
• chore(deps-dev): bump c8 from 8.0.1 to 9.0.0 by @​dependabot in NodeSecure/js-x-ray#199
• chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 by @​dependabot in NodeSecure/js-x-ray#197
• Bug#170 by @​jean-michelet in NodeSecure/js-x-ray#206
• feat(probeRunner): assert probes method in proberunner by @​tchapacan in NodeSecure/js-x-ray#204
• docs: add tchapacan as a contributor for code, and test by @​allcontributors in NodeSecure/js-x-ray#207
• Report.isOneLineRequire should be true if single line LogicalExpression assignment by @​jean-michelet in NodeSecure/js-x-ray#205
• refactor: split utils by @​mkarkkainen in NodeSecure/js-x-ray#209
• docs: add mkarkkainen as a contributor for code by @​allcontributors in NodeSecure/js-x-ray#210
• replace dead link by the webarchive one by @​jean-michelet in NodeSecure/js-x-ray#213
• build path.join called in require if args are string literals by @​jean-michelet in NodeSecure/js-x-ray#212
• chore(deps): bump actions/setup-node from 4.0.0 to 4.0.1 by @​dependabot in NodeSecure/js-x-ray#198
• chore(deps): bump github/codeql-action from 2.22.8 to 3.22.12 by @​dependabot in NodeSecure/js-x-ray#196
• Make SourceParser class heritable + create and use JsSourceParser in … by @​jean-michelet in NodeSecure/js-x-ray#215
• Refactor runASTAnalysis functions to use class AstAnalyser by @​jean-michelet in NodeSecure/js-x-ray#216
• docs: add jean-michelet as a contributor for code, test, and doc by @​allcontributors in NodeSecure/js-x-ray#217
• Create ts-source-parser package by @​jean-michelet in NodeSecure/js-x-ray#218
• docs(suspicious-file): fix typo by @​FredGuiou in NodeSecure/js-x-ray#219
• docs: add FredGuiou as a contributor for doc by @​allcontributors in NodeSecure/js-x-ray#222
• Update doc by @​jean-michelet in NodeSecure/js-x-ray#226
• refactor: consider Function("return this") as safe by @​fraxken in NodeSecure/js-x-ray#211
• refactor(analysis) : rename 'analysis' variable to 'sourceFile' by @​FredGuiou in NodeSecure/js-x-ray#232
• chore(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 by @​dependabot in NodeSecure/js-x-ray#230
• chore(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0 by @​dependabot in NodeSecure/js-x-ray#229
• chore(deps): bump github/codeql-action from 3.22.12 to 3.23.2 by @​dependabot in NodeSecure/js-x-ray#228
• docs: add FredGuiou as a contributor for code, and doc by @​allcontributors in NodeSecure/js-x-ray#234
• Refactor isRequire probe with new class RequireCallExpressionWalker by @​jean-michelet in NodeSecure/js-x-ray#231
• Use JsSourceParser as default parser for AstAnalyser class by @​madina0801 in NodeSecure/js-x-ray#227
• docs: add madina0801 as a contributor for code by @​allcontributors in NodeSecure/js-x-ray#236
• refactor!: implement NodeCounter & Deobfuscator class by @​fraxken in NodeSecure/js-x-ray#239
• refactor(sec-literal/test): use the Node.js native test runner by @​fabnguess in NodeSecure/js-x-ray#242
• chore: update copyright by @​fabnguess in NodeSecure/js-x-ray#240
• chore: using dependabot groups by @​fabnguess in NodeSecure/js-x-ray#244

... (truncated)

Commits

• 7a18ca7 7.0.0
• 086258d ci(nodejs): automatically merge dependabot PR (#254)
• c157bae feat(customProbes): inject custom probes as param for AstAnalyser (#250)
• 4394c8f chore(deps): bump the dependencies group with 1 update (#252)
• 4fdd261 chore(deps): bump the github-actions group with 3 updates (#248)
• 929c275 refactor(estree-ast-utils/test): migrate to test_runner (#251)
• 9e4ad1f chore: using dependabot groups (#244)
• 7feeacb chore(LICENSE): update copyright (#240)
• 425f270 refactor(sec-literal/test): use the Node.js native test runner (#242)
• 3f51fed refactor!: implement NodeCounter & Deobfuscator class (#239)
• Additional commits viewable in compare view

Updates pacote from 17.0.7 to 18.0.2

Release notes

Sourced from pacote's releases.

v18.0.2

18.0.2 (2024-04-24)

Bug Fixes

• 116b277 #358 don't strip underscore attributes in .manifest() (#358) (@​wraithgar)

v18.0.1

18.0.1 (2024-04-23)

Bug Fixes

• b547e0d #356 use @​npmcli/package-json (#356) (@​lukekarrys)

v18.0.0

18.0.0 (2024-04-15)

⚠️ BREAKING CHANGES

• The silent option was used to control whether @npmcli/run-script would write a banner via console.log. Now ouput will be emitted via an process.emit('output').

Features

• 0c04569 #352 remove silent option (@​lukekarrys)

Dependencies

• cb3abc2 #352 bump @​npmcli/run-script from 7.0.4 to 8.0.0 (@​dependabot[bot])

Chores

• 7089bb1 #355 postinstall for dependabot template-oss PR (@​lukekarrys)
• 4952672 #355 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

Changelog

Sourced from pacote's changelog.

18.0.2 (2024-04-24)

Bug Fixes

• 116b277 #358 don't strip underscore attributes in .manifest() (#358) (@​wraithgar)

18.0.1 (2024-04-23)

Bug Fixes

• b547e0d #356 use @​npmcli/package-json (#356) (@​lukekarrys)

18.0.0 (2024-04-15)

⚠️ BREAKING CHANGES

• The silent option was used to control whether @npmcli/run-script would write a banner via console.log. Now ouput will be emitted via an process.emit('output').

Features

• 0c04569 #352 remove silent option (@​lukekarrys)

Dependencies

• cb3abc2 #352 bump @​npmcli/run-script from 7.0.4 to 8.0.0 (@​dependabot[bot])

Chores

• 7089bb1 #355 postinstall for dependabot template-oss PR (@​lukekarrys)
• 4952672 #355 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

Commits

• c4f6821 chore: release 18.0.2 (#359)
• 116b277 fix: don't strip underscore attributes in .manifest() (#358)
• 0cd82be chore: release 18.0.1 (#357)
• b547e0d fix: use @​npmcli/package-json (#356)
• 066ead2 chore: release 18.0.0 (#354)
• 7089bb1 chore: postinstall for dependabot template-oss PR
• 4952672 chore: bump @​npmcli/template-oss from 4.21.3 to 4.21.4
• 0c04569 feat!: remove silent option
• cb3abc2 deps: bump @​npmcli/run-script from 7.0.4 to 8.0.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Superseded by #238.