deps: bump the safe-dependencies group with 6 updates

[dependabot[bot]]

Bumps the safe-dependencies group with 6 updates:

Package	From	To
dotenv	16.4.1	16.4.5
express	4.18.2	4.19.2
got	14.1.0	14.2.1
eslint	8.56.0	8.57.0
prettier	3.2.4	3.2.5
prettier-plugin-packagejson	2.4.10	2.4.14

Updates dotenv from 16.4.1 to 16.4.5

Changelog

Sourced from dotenv's changelog.

16.4.5 (2024-02-19)

Changed

• 🐞 fix recent regression when using path option. return to historical behavior: do not attempt to auto find .env if path set. (regression was introduced in 16.4.3) #814

16.4.4 (2024-02-13)

Changed

• 🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #812

16.4.3 (2024-02-12)

Changed

• Fixed processing of multiple files in options.path #805

16.4.2 (2024-02-10)

Changed

• Changed funding link in package.json to dotenvx.com

Commits

• 9f3e833 16.4.5
• 6924177 Merge pull request #814 from motdotla/dont-check-existance
• 3533420 changelog 🪵
• 249e5a6 adjust logic to support tests
• 87fd887 do not check if exists
• 1146910 rename .env-multiline to .env.multiline
• d03e397 16.4.4
• 3275a0a changelog 🪵
• f40a8c3 Merge pull request #812 from motdotla/patch-12
• 1dc22d3 replace 14 chaining operator
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates got from 14.1.0 to 14.2.1

Release notes

Sourced from got's releases.

v14.2.1

• Fix error handling when UTF-8 decoding fails (#2336) c81a611

https://github.com/sindresorhus/got/compare/v14.2.0...v14.2.1

v14.2.0

• Add cause property with the original error to RequestError (#2327) 4cbd01d

https://github.com/sindresorhus/got/compare/v14.1.0...v14.2.0

Commits

• 8da9912 14.2.1
• c81a611 Fix error handling when UTF8 decoding fails (#2336)
• 897f385 14.2.0
• 4cbd01d Add cause property with the original error to RequestError (#2327)
• See full diff in compare view

Updates eslint from 8.56.0 to 8.57.0

Release notes

Sourced from eslint's releases.

v8.57.0

Features

• 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
• dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)

Bug Fixes

• 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
• 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
• 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
• 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)

Documentation

• 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
• 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
• 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)

Chores

• 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143) (Milos Djermanovic)
• 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
• f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
• 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)

Changelog

Sourced from eslint's changelog.

v8.57.0 - February 23, 2024

• 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143) (Milos Djermanovic)
• 5c356bb chore: package.json update for @​eslint/js release (Jenkins)
• 84922d0 docs: Show prerelease version in dropdown (#18139) (Nicholas C. Zakas)
• 1120b9b feat: Add loadESLint() API method for v8 (#18098) (Nicholas C. Zakas)
• 5b8c363 docs: Switch to Ethical Ads (#18117) (Milos Djermanovic)
• 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064) (Nitin Kumar)
• f4a1fe2 test: add more tests for ignoring files and directories (#18068) (Nitin Kumar)
• 69dd1d1 fix: Ensure config keys are printed for config errors (#18067) (Nitin Kumar)
• 9852a31 fix: deep merge behavior in flat config (#18065) (Nitin Kumar)
• dca7d0f feat: Enable eslint.config.mjs and eslint.config.cjs (#18066) (Nitin Kumar)
• 4c7e9b0 fix: allow circular references in config (#18056) (Milos Djermanovic)
• 77dbfd9 docs: show NEXT in version selectors (#18052) (Milos Djermanovic)
• 42c0aef ci: Enable CI for v8.x branch (#18047) (Milos Djermanovic)

v9.0.0-beta.0 - February 9, 2024

• e40d1d7 chore: upgrade @​eslint/js@​9.0.0-beta.0 (#18108) (Milos Djermanovic)
• 9870f93 chore: package.json update for @​eslint/js release (Jenkins)
• 2c62e79 chore: upgrade @​eslint/eslintrc@​3.0.1 (#18107) (Milos Djermanovic)
• 81f0294 chore: upgrade espree@10.0.1 (#18106) (Milos Djermanovic)
• 5e2b292 chore: upgrade eslint-visitor-keys@4.0.0 (#18105) (Milos Djermanovic)
• 9163646 feat!: Rule Tester checks for missing placeholder data in the message (#18073) (fnx)
• 53f0f47 feat: Add loadESLint() API method for v9 (#18097) (Nicholas C. Zakas)
• f1c7e6f docs: Switch to Ethical Ads (#18090) (Strek)
• 15c143f docs: JS Foundation -> OpenJS Foundation in PR template (#18092) (Nicholas C. Zakas)
• c4d26fd fix: use-isnan doesn't report on SequenceExpressions (#18059) (StyleShit)
• 6ea339e docs: add stricter rule test validations to v9 migration guide (#18085) (Milos Djermanovic)
• ce838ad chore: replace dependency npm-run-all with npm-run-all2 ^5.0.0 (#18045) (renovate[bot])
• 3c816f1 docs: use relative link from CLI to core concepts (#18083) (Milos Djermanovic)
• 54df731 chore: update dependency markdownlint-cli to ^0.39.0 (#18084) (renovate[bot])
• 9458735 docs: fix malformed eslint config comments in rule examples (#18078) (Francesco Trotta)
• 07a1ada docs: link from --fix CLI doc to the relevant core concept (#18080) (Bryan Mishkin)
• 8f06a60 chore: update dependency shelljs to ^0.8.5 (#18079) (Francesco Trotta)
• b844324 docs: Update team responsibilities (#18048) (Nicholas C. Zakas)
• aadfb60 docs: document languageOptions and other v9 changes for context (#18074) (fnx)
• 3c4d51d feat!: default for enforceForClassMembers in no-useless-computed-key (#18054) (Francesco Trotta)
• 47e60f8 feat!: Stricter rule test validations (#17654) (fnx)
• 1a94589 feat!: no-unused-vars default caughtErrors to 'all' (#18043) (Josh Goldberg ✨)
• 857e242 docs: tweak explanation for meta.docs rule properties (#18057) (Bryan Mishkin)
• 10485e8 docs: recommend messageId over message for reporting rule violations (#18050) (Bryan Mishkin)
• 98b5ab4 docs: Update README (GitHub Actions Bot)
• 93ffe30 chore: update dependency file-entry-cache to v8 (#17903) (renovate[bot])
• 505fbf4 docs: update no-restricted-imports rule (#18015) (Tanuj Kanti)
• 2d11d46 feat: add suggestions to use-isnan in binary expressions (#17996) (StyleShit)
• c25b4af docs: Update README (GitHub Actions Bot)

v9.0.0-alpha.2 - January 26, 2024

... (truncated)

Commits

• abea3b6 8.57.0
• 1cd3f8c Build: changelog update for 8.57.0
• 1813aec chore: upgrade @​eslint/js@​8.57.0 (#18143)
• 5c356bb chore: package.json update for @​eslint/js release
• 84922d0 docs: Show prerelease version in dropdown (#18139)
• 1120b9b feat: Add loadESLint() API method for v8 (#18098)
• 5b8c363 docs: Switch to Ethical Ads (#18117)
• 2196d97 fix: handle absolute file paths in FlatRuleTester (#18064)
• f4a1fe2 test: add more tests for ignoring files and directories (#18068)
• 69dd1d1 fix: Ensure config keys are printed for config errors (#18067)
• Additional commits viewable in compare view

Updates prettier from 3.2.4 to 3.2.5

Release notes

Sourced from prettier's releases.

3.2.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.2.5

diff

Support Angular inline styles as single template literal (#15968 by @​sosukesuzuki)

Angular v17 supports single string inline styles.

// Input
@Component({
  template: `<div>...</div>`,
  styles: `h1 { color: blue; }`,
})
export class AppComponent {}
// Prettier 3.2.4
@​Component({
template: &lt;div&gt;...&lt;/div&gt;,
styles: h1 { color: blue; },
})
export class AppComponent {}
// Prettier 3.2.5
@​Component({
template: &lt;div&gt;...&lt;/div&gt;,
styles: h1 { color: blue; },
})
export class AppComponent {}

Unexpected embedded formatting for Angular template (#15969 by @​JounQin)

Computed template should not be considered as Angular component template

// Input
const template = "foobar";
@​Component({
[template]: <h1>{{       hello }}</h1>,
})
export class AppComponent {}
</tr></table>

... (truncated)

Commits

• 7142cf3 Release 3.2.5
• 8cbee2e chore(deps): update glimmer to v0.88.1 (#15991)
• 45baee0 chore(deps): update dependency magic-string to v0.30.6 (#16022)
• 9fb32a1 Minor refactor to property print (#15924)
• 08f1940 Update install script for husky v9 (#16000)
• 6d0b1d2 Update yarn to v4.1.0 (#16021)
• c8ba8db chore(deps): update dependency @​angular/compiler to v17.1.2 (#16018)
• e2250ec chore(deps): update typescript-eslint to v6.20.0 (#16015)
• 02865f6 chore(deps): update dependency npm-run-all2 to v6.1.2 (#16017)
• 014ee5d chore(deps): update dependency hermes-parser to v0.19.0 (#16014)
• Additional commits viewable in compare view

Updates prettier-plugin-packagejson from 2.4.10 to 2.4.14

Release notes

Sourced from prettier-plugin-packagejson's releases.

v2.4.14

2.4.14 (2024-03-31)

Bug Fixes

• deps: update dependency sort-package-json to v2.10.0 (e2bb083)

v2.4.13

2.4.13 (2024-03-28)

Bug Fixes

• deps: update dependency sort-package-json to v2.9.0 (c4d4366)

v2.4.12

2.4.12 (2024-02-22)

Bug Fixes

• deps: update dependency sort-package-json to v2.8.0 (8991b5b)

v2.4.11

2.4.11 (2024-02-15)

Bug Fixes

• .js to .cjs for compatibility with { "type": "module" } (ac3a006)

Commits

• 499cae4 Merge pull request #156 from matzkoh/renovate/sort-package-json-2.x
• e2bb083 fix(deps): update dependency sort-package-json to v2.10.0
• 24c8758 Merge pull request #155 from matzkoh/renovate/sort-package-json-2.x
• c4d4366 fix(deps): update dependency sort-package-json to v2.9.0
• ab3df7c Merge pull request #154 from matzkoh/renovate/node-20.x
• 11c47ea chore(deps): update dependency node to v20.12.0
• b3e96c2 Merge pull request #152 from matzkoh/renovate/lock-file-maintenance
• 130323a chore(deps): lock file maintenance
• 7da86da Merge pull request #151 from matzkoh/renovate/lock-file-maintenance
• 479852a chore(deps): lock file maintenance
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions