Bump minimist, extract-zip and grunt-contrib-handlebars

[dependabot[bot]]

Bumps minimist to 1.2.7 and updates ancestor dependencies minimist, extract-zip and grunt-contrib-handlebars. These dependencies need to be updated together.

Updates minimist from 1.2.5 to 1.2.7

Changelog

Sourced from minimist's changelog.

v1.2.7 - 2022-10-10

Commits

• [meta] add auto-changelog 0ebf4eb
• [actions] add reusable workflows e115b63
• [eslint] add eslint; rules to enable later are warnings f58745b
• [Dev Deps] switch from covert to nyc ab03356
• [readme] rename and add badges 236f4a0
• [meta] create FUNDING.yml; add funding in package.json 783a49b
• [meta] use npmignore to autogenerate an npmignore file f81ece6
• Only apps should have lockfiles 56cad44
• [Dev Deps] update covert, tape; remove unnecessary tap 49c5f9f
• [Tests] add aud in posttest 228ae93
• [meta] add safe-publish-latest 01fc23f
• [meta] update repo URLs 6b164c7

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

Commits

• c590d75 v1.2.7
• 0ebf4eb [meta] add auto-changelog
• e115b63 [actions] add reusable workflows
• 01fc23f [meta] add safe-publish-latest
• f58745b [eslint] add eslint; rules to enable later are warnings
• 228ae93 [Tests] add aud in posttest
• 236f4a0 [readme] rename and add badges
• ab03356 [Dev Deps] switch from covert to nyc
• 49c5f9f [Dev Deps] update covert, tape; remove unnecessary tap
• 783a49b [meta] create FUNDING.yml; add funding in package.json
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates extract-zip from 1.6.7 to 1.7.0

Release notes

Sourced from extract-zip's releases.

1.7.0

Added

• Error handler for zipfile object (#67)

Changed

• Don't pin dependency requirements to specific versions (#88)

1.6.8

Dependencies

• Update mkdirp to 0.5.4.

Commits

• c2b1c17 1.7.0
• 990fc64 Add error handler to zipfile object (#67)
• 8285111 feat: don't pin dependency requirements (#88)
• 2a8df24 1.6.8
• 30ab06c build(deps): upgrade mkdirp to 0.5.4 for security
• 2b2a84e build: ignore lock files
• See full diff in compare view

Updates grunt-contrib-handlebars from 1.0.0 to 3.0.0

Release notes

Sourced from grunt-contrib-handlebars's releases.

v3.0.0

• v3.0.0 90ad7de
• Merge pull request #182 from gruntjs/updates2 11695bb
• Remove old CI 5213487
• Add Actions 1a0aa8d
• Bump hosted-git-info from 2.8.4 to 2.8.9 (#181) b9387c3
• Bump lodash from 4.17.15 to 4.17.21 (#180) c4bc6e8
• Merge pull request #178 from gruntjs/dependabot/npm_and_yarn/grunt-1.3.0 a88002c
• Bump grunt from 1.0.4 to 1.3.0 3a44358
• Merge pull request #177 from gruntjs/dependabot/npm_and_yarn/y18n-4.0.1 0f89e69
• Bump y18n from 4.0.0 to 4.0.1 c261c7e
• Merge pull request #175 from gruntjs/dependabot/npm_and_yarn/yargs-parser-13.1.2 cb8162c
• Bump yargs-parser from 13.1.1 to 13.1.2 cedc05c

https://github.com/gruntjs/grunt-contrib-handlebars/compare/v2.0.0...v3.0.0

Changelog

Sourced from grunt-contrib-handlebars's changelog.

v3.0.0: date: 2021-05-14 changes: - Docs, CI and dependency updates. Requires node 12+. v2.0.0: date: 2019-09-30 changes: - Docs, CI and dependency updates.

Commits

• 90ad7de v3.0.0
• 11695bb Merge pull request #182 from gruntjs/updates2
• 5213487 Remove old CI
• 1a0aa8d Add Actions
• b9387c3 Bump hosted-git-info from 2.8.4 to 2.8.9 (#181)
• c4bc6e8 Bump lodash from 4.17.15 to 4.17.21 (#180)
• a88002c Merge pull request #178 from gruntjs/dependabot/npm_and_yarn/grunt-1.3.0
• 3a44358 Bump grunt from 1.0.4 to 1.3.0
• 0f89e69 Merge pull request #177 from gruntjs/dependabot/npm_and_yarn/y18n-4.0.1
• c261c7e Bump y18n from 4.0.0 to 4.0.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/UUDigitalHumanitieslab/microcontact/network/alerts).

[dependabot[bot]]

Superseded by #181.