chore(deps): bump json5 and rollup-plugin-postcss

[dependabot[bot]]

Bumps json5 to 2.2.2 and updates ancestor dependency rollup-plugin-postcss. These dependencies need to be updated together.

Updates json5 from 2.1.0 to 2.2.2

Release notes

Sourced from json5's releases.

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1

• New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
• Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
• Fix: Spelling mistakes have been fixed. (#196)

Changelog

Sourced from json5's changelog.

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

• Fix: Bump minimist to v1.2.5. (#222)

v2.1.1 [code, diff]

• New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
• Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
• Fix: Spelling mistakes have been fixed. (#196)

Commits

• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
• 910ce25 docs: fix spelling of Aseem
• 2aab4dd test: require tap as t in cli tests
• 6d42686 test: remove mocha syntax from tests
• 4798b9d docs: update installation and usage for modules
• Additional commits viewable in compare view

Updates rollup-plugin-postcss from 2.0.3 to 4.0.2

Release notes

Sourced from rollup-plugin-postcss's releases.

v4.0.2

4.0.2 (2021-11-22)

Bug Fixes

• prioritize dart-sass over node-sass (#402) (caf3429)

v4.0.1

4.0.1 (2021-08-12)

Bug Fixes

• update to cssnano 5 (#357) (118253e)

v4.0.0

4.0.0 (2020-12-07)

Features

• upgrade postcss to 8.x (ceee1bc)

BREAKING CHANGES

• upgrade postcss to 8.x

Co-authored-by: Edward Elric SASUKE688848@gmail.com Co-authored-by: Ward Peeters ward@coding-tech.com

v3.1.8

3.1.8 (2020-08-30)

Bug Fixes

• make sourceMaps relative to the CSS output file (#274) (3de028d)

v3.1.7

3.1.7 (2020-08-30)

Bug Fixes

• types: options is actually optional (#311) (a7299a4)

v3.1.6

3.1.6 (2020-08-24)

... (truncated)

Commits

• 71593d9 chore: update ci node version
• caf3429 fix: prioritize dart-sass over node-sass (#402)
• 118253e fix: update to cssnano 5 (#357)
• a03c7bf build(deps): bump ini from 1.3.5 to 1.3.7 (#344)
• ceee1bc feat: upgrade postcss to 8.x
• 375412c change postcss to 8.x (#343)
• 6480f02 chore: upgrade dependencies (#342)
• 700eb14 chore: update postcss version to 8 (#325)
• 661c9ca chore: Fix typo in comment (#318)
• 3de028d fix: make sourceMaps relative to the CSS output file (#274)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ciampo/macro-carousel/network/alerts).