chore(deps): bump the dependencies group with 5 updates

[dependabot[bot]]

Bumps the dependencies group with 5 updates:

Package	From	To
@nodesecure/js-x-ray	6.3.0	7.2.0
pacote	17.0.4	18.0.6
semver	7.6.0	7.6.2
@npmcli/arborist	7.5.1	7.5.3
itertools	2.3.1	2.3.2

Updates @nodesecure/js-x-ray from 6.3.0 to 7.2.0

Release notes

Sourced from @​nodesecure/js-x-ray's releases.

v7.2.0

What's Changed

• feat: add intialize and finalize for AstAnalyser.analyze API by @​tony-go in NodeSecure/js-x-ray#269
• feat: enable initalize and finalize for AstAnalyser.analyseFile by @​tony-go in NodeSecure/js-x-ray#271
• Fix entry files analyser by @​fraxken in NodeSecure/js-x-ray#272

Full Changelog: https://github.com/NodeSecure/js-x-ray/compare/v7.1.1...v7.2.0

v7.1.1

What's Changed

• refactor: implement API exports & minimal docs by @​fraxken in NodeSecure/js-x-ray#264

Full Changelog: https://github.com/NodeSecure/js-x-ray/compare/v7.1.0...v7.1.1

v7.1.0

What's Changed

• chore(deps): bump the github-actions group with 2 updates by @​dependabot in NodeSecure/js-x-ray#255
• chore(deps-dev): bump eslint from 8.57.0 to 9.0.0 in the development-dependencies group by @​dependabot in NodeSecure/js-x-ray#257
• Create EntryFilesAnalyzer class to analyze a set of entry files by @​jean-michelet in NodeSecure/js-x-ray#258
• Handle ImportExpression nodes by @​jean-michelet in NodeSecure/js-x-ray#261
• chore(deps): bump the github-actions group with 5 updates by @​dependabot in NodeSecure/js-x-ray#262
• add shady link regex for check url with ips by @​sairuss7 in NodeSecure/js-x-ray#260
• docs: add sairuss7 as a contributor for code by @​allcontributors in NodeSecure/js-x-ray#263

EntryFilesAnalyzer

import { EntryFilesAnalyser } from "@nodesecure/js-x-ray";
const efa = new EntryFilesAnalyser();
const entryFiles = ["./path/to/file"];
for await (const fileResult of efa.analyse(entryFiles)) {
console.log(entryFiles);
}

New Contributors

• @​sairuss7 made their first contribution in NodeSecure/js-x-ray#260

Full Changelog: https://github.com/NodeSecure/js-x-ray/compare/v7.0.0...v7.1.0

v7.0.0

What's Changed

• chore(deps): bump is-svg from 4.4.0 to 5.0.0 by @​dependabot in NodeSecure/js-x-ray#181
• Docs: Fix badges in workspaces by @​fabnguess in NodeSecure/js-x-ray#184
• fix the example in readme to prevent "location" field displays wrong way when running as script with Node.js. (nested displayed as [Array]) by @​zxkmm in NodeSecure/js-x-ray#185
• refactor(test): move regress to /issues folder by @​fraxken in NodeSecure/js-x-ray#186

... (truncated)

Commits

• 96318de 7.2.0
• 5cc6031 Merge pull request #272 from NodeSecure/fix-entry-files-analyser
• 777ed54 refactor(test): import from project entry file to avoid issues
• 69272f6 fix(EntryFilesAnalyser): use fileURLToPath for Windows
• 5fcd7a5 feat: enable initalize and finalize for AstAnalyser.analyseFile (#271)
• d02cf1b feat: add intialize and finalize for AstAnalyser.analyze API (#269)
• 12baaaf 7.1.1
• ed6ae3e refactor: implement API exports & minimal docs (#264)
• c24938b 7.1.0
• 583edff docs: add sairuss7 as a contributor for code (#263)
• Additional commits viewable in compare view

Updates pacote from 17.0.4 to 18.0.6

Release notes

Sourced from pacote's releases.

v18.0.6

18.0.6 (2024-05-07)

Bug Fixes

• 79441a5 #371 clean up requires (#371) (@​wraithgar)
• b19aacb #369 isolate full and corgi packuments in packumentCache (#369) (@​wraithgar)

v18.0.5

18.0.5 (2024-05-06)

Bug Fixes

• 5e75582 #368 dont set _contentLength if not in headers (#368) (@​lukekarrys)
• 1b6950b #365 move bin to its own directory (@​lukekarrys)
• 1b6950b #365 refactor: symbol cleanup (#365) (@​lukekarrys)

v18.0.4

18.0.4 (2024-05-04)

Bug Fixes

• 5fd2c80 #363 linting: no-unused-vars (@​lukekarrys)

Chores

• d867639 #363 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• a235f37 #363 postinstall for dependabot template-oss PR (@​lukekarrys)

v18.0.3

18.0.3 (2024-04-30)

Dependencies

• 5ecce7a #360 npm-registry-fetch@17.0.0 (#360)

v18.0.2

18.0.2 (2024-04-24)

Bug Fixes

• 116b277 #358 don't strip underscore attributes in .manifest() (#358) (@​wraithgar)

v18.0.1

18.0.1 (2024-04-23)

Bug Fixes

• b547e0d #356 use @​npmcli/package-json (#356) (@​lukekarrys)

... (truncated)

Changelog

Sourced from pacote's changelog.

18.0.6 (2024-05-07)

Bug Fixes

• 79441a5 #371 clean up requires (#371) (@​wraithgar)
• b19aacb #369 isolate full and corgi packuments in packumentCache (#369) (@​wraithgar)

18.0.5 (2024-05-06)

Bug Fixes

• 5e75582 #368 dont set _contentLength if not in headers (#368) (@​lukekarrys)
• 1b6950b #365 move bin to its own directory (@​lukekarrys)
• 1b6950b #365 refactor: symbol cleanup (#365) (@​lukekarrys)

18.0.4 (2024-05-04)

Bug Fixes

• 5fd2c80 #363 linting: no-unused-vars (@​lukekarrys)

Chores

• d867639 #363 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• a235f37 #363 postinstall for dependabot template-oss PR (@​lukekarrys)

18.0.3 (2024-04-30)

Dependencies

• 5ecce7a #360 npm-registry-fetch@17.0.0 (#360)

18.0.2 (2024-04-24)

Bug Fixes

• 116b277 #358 don't strip underscore attributes in .manifest() (#358) (@​wraithgar)

18.0.1 (2024-04-23)

Bug Fixes

• b547e0d #356 use @​npmcli/package-json (#356) (@​lukekarrys)

18.0.0 (2024-04-15)

⚠️ BREAKING CHANGES

• The silent option was used to control whether @npmcli/run-script would write a banner via console.log. Now ouput will be emitted via an process.emit('output').

... (truncated)

Commits

• f54ea83 chore: release 18.0.6 (#370)
• 79441a5 fix: clean up requires (#371)
• b19aacb fix: isolate full and corgi packuments in packumentCache (#369)
• 8b58a32 chore: release 18.0.5 (#367)
• 5e75582 fix: dont set _contentLength if not in headers (#368)
• 1b6950b fix(refactor): symbol cleanup (#365)
• 005d8a9 chore: release 18.0.4 (#364)
• 5fd2c80 fix(linting): no-unused-vars
• a235f37 chore: postinstall for dependabot template-oss PR
• d867639 chore: bump @​npmcli/template-oss to 4.22.0
• Additional commits viewable in compare view

Updates semver from 7.6.0 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

Changelog

Sourced from semver's changelog.

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

Commits

• eb1380b chore: release 7.6.2 (#714)
• 6466ba9 fix(lru): use map.delete() directly (#713)
• d777418 chore: release 7.6.1 (#706)
• 988a8de deps: uninstall lru-cache (#709)
• 5feeb7f chore: postinstall for dependabot template-oss PR
• dd09b60 chore: bump @​npmcli/template-oss to 4.22.0
• c570a34 fix(linting): no-unused-vars
• ad8ff11 fix: use internal cache implementation
• 3fabe4d deps: remove lru-cache
• ec49cdc chore: chore: chore: postinstall for dependabot template-oss PR
• Additional commits viewable in compare view

Updates @npmcli/arborist from 7.5.1 to 7.5.3

Release notes

Sourced from @​npmcli/arborist's releases.

arborist: v7.5.3

7.5.3 (2024-05-29)

Bug Fixes

• 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@​reggi)

Chores

• 4a36d78 #7568 fix linting in arborist debugger (@​wraithgar)

libnpmpublish: v7.5.2

7.5.2 (2024-02-26)

Dependencies

• 73ee6cc #7010 ci-info@4.0.0

Chores

• 1d4c464 #7252 @npmcli/template-oss@4.21.3 (@​lukekarrys)

arborist: v7.5.2

7.5.2 (2024-05-15)

Bug Fixes

• 12f103c #7533 add first param titles to logs where missing (#7533) (@​lukekarrys)
• e290352 #7499 revert DepsQueue to re-sort on pop() (#7499) (@​lukekarrys)
• 56a27fa #7494 avoid caching manifests as promises (@​wraithgar)
• 722c0fa #7463 limit packument cache size based on heap size (@​wraithgar)
• effe910 #7475 dont omit license from stored manifests (#7475) (@​lukekarrys)

Dependencies

• fd42986 #7498 @npmcli/fs@3.1.1
• ea0b07d #7482 pacote@18.0.6
• 5b2317b #7463 add lru-cache
• 7e15b6d #7480 @npmcli/metavuln-calculator@7.1.1
• 8b20f8c #7480 ssri@10.0.6
• a9a6dcd #7480 pacote@18.0.5
• e2fdb65 #7480 npm-pick-manifest@9.0.1
• e71f541 #7480 nopt@7.2.1
• 18c3b40 #7480 json-parse-even-better-errors@3.0.2
• 714e3e1 #7480 hosted-git-info@7.0.2
• f94d672 #7480 cacache@18.0.3
• 43331e4 #7480 bin-links@4.0.4
• 63ef498 #7457 npm-registry-fetch@17.0.1

Chores

... (truncated)

Changelog

Sourced from @​npmcli/arborist's changelog.

7.5.3 (2024-05-29)

Bug Fixes

• 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@​reggi)

Chores

• 4a36d78 #7568 fix linting in arborist debugger (@​wraithgar)

7.5.2 (2024-05-15)

Bug Fixes

• 12f103c #7533 add first param titles to logs where missing (#7533) (@​lukekarrys)
• e290352 #7499 revert DepsQueue to re-sort on pop() (#7499) (@​lukekarrys)
• 56a27fa #7494 avoid caching manifests as promises (@​wraithgar)
• 722c0fa #7463 limit packument cache size based on heap size (@​wraithgar)
• effe910 #7475 dont omit license from stored manifests (#7475) (@​lukekarrys)

Dependencies

• fd42986 #7498 @npmcli/fs@3.1.1
• ea0b07d #7482 pacote@18.0.6
• 5b2317b #7463 add lru-cache
• 7e15b6d #7480 @npmcli/metavuln-calculator@7.1.1
• 8b20f8c #7480 ssri@10.0.6
• a9a6dcd #7480 pacote@18.0.5
• e2fdb65 #7480 npm-pick-manifest@9.0.1
• e71f541 #7480 nopt@7.2.1
• 18c3b40 #7480 json-parse-even-better-errors@3.0.2
• 714e3e1 #7480 hosted-git-info@7.0.2
• f94d672 #7480 cacache@18.0.3
• 43331e4 #7480 bin-links@4.0.4
• 63ef498 #7457 npm-registry-fetch@17.0.1

Chores

• 9c4d3c4 #7467 template-oss-apply (@​lukekarrys)
• 2b7ec54 #7467 template-oss@4.22.0 (@​lukekarrys)

Commits

• See full diff in compare view

Updates itertools from 2.3.1 to 2.3.2

Release notes

Sourced from itertools's releases.

v2.3.2

• Fix missing top-level exports for izipLongest3 and intersperse

Changelog

Sourced from itertools's changelog.

[2.3.2] - 2024-05-27

• Fix missing top-level exports for izipLongest3 and intersperse

Commits

• 7a46373 Release 2.3.2
• ab98597 Upgrade all dependencies (#1052)
• eb915be Also add missing intersperse top-level export
• 2b80fa6 Ensure missing imports at the top-level would be caught in the future
• ddaee94 Fix missing [i]zipLongest3 exports (#1051)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[fraxken]

@dependabot rebase

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.