Bump minimist, hexo and hexo-deployer-git

[dependabot[bot]]

Bumps minimist, hexo and hexo-deployer-git. These dependencies needed to be updated together. Updates minimist from 1.2.5 to 1.2.6

Commits

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• See full diff in compare view

Updates hexo from 4.2.0 to 6.2.0

Release notes

Sourced from hexo's releases.

6.2.0

Fixes

• fix(#4917): suppress YAMLException when load js-yaml by @​yoshinorin in hexojs/hexo#4927
  • This change is workaround for #4917. Please see PR comments.
• chore(deps): bump warehouse from 4.0.0 to 4.0.1 by @​yoshinorin in hexojs/hexo#4943
  • This change is workaround for #4922. Please see hexojs/warehouse#123

Refactors

• chore: replace deprecated String.prototype.substr() by @​CommanderRoot in hexojs/hexo#4918

Dependencies

• chore: bump sinon from 12.0.1 to 13.0.2 by @​dependabot in hexojs/hexo#4944
• chore: bump mocha from 9.2.2 to 10.0.0 by @​dependabot in hexojs/hexo#4960
• chore(deps): bump hexo-util from 2.6.0 to 2.6.1 by @​yoshinorin in hexojs/hexo#4957
• chore: bump actions/checkout from 2 to 3 by @​dependabot in hexojs/hexo#4905

Miscs

• chore(bot): delete stale bot by @​yoshinorin in hexojs/hexo#4901
• chore(ISSUE_TEMPLATE): delete Your theme _config.yml section by @​yoshinorin in hexojs/hexo#4931

New Contributors

• @​CommanderRoot made their first contribution in hexojs/hexo#4918

Full Changelog: https://github.com/hexojs/hexo/compare/6.1.0...6.2.0

6.1.0

New Features

• feat(toc): Support unnumbered headings by @​Cerallin in hexojs/hexo#4871
• Exclude some languages in code highlighting by @​corvofeng in hexojs/hexo#3865
• Add line threshold option for codeblocks by @​dbelokon in hexojs/hexo#4821

Fixes

• fix(#1490): if post_asset_folder is set, restrict renderable files to default file extension by @​kristofzerbe in hexojs/hexo#4781
• chore/fix(benchmark): fix benchmark on node 16+ by @​SukkaW in hexojs/hexo#4906
• fix: plugin loading conflict with @​vercel/nft by @​SukkaW in hexojs/hexo#4863
• Fix js-yaml tags for v4.0.0+ by @​marcofranssen in hexojs/hexo#4869

Tests

• chore/test: use chai#should by @​SukkaW in hexojs/hexo#4902

Dependencies

... (truncated)

Commits

• cbafd6e chore: bump version from 6.1.0 to 6.2.0 (#4950)
• f009b7a chore(deps): bump hexo-util from 2.6.0 to 2.6.1 (#4957)
• 10eaaca chore: bump mocha from 9.2.2 to 10.0.0 (#4960)
• 0d7c693 chore(deps): bump warehouse from 4.0.0 to 4.0.1 (#4943)
• 42a0ade chore: bump sinon from 12.0.1 to 13.0.2 (#4944)
• d9ff35b chore(ISSUE_TEMPLATE): delete Your theme _config.yml section (#4931)
• e15ad72 fix(#4917): suppress YAMLException when load js-yaml (#4927)
• 8d21027 chore(bot): delete stale bot (#4901)
• ba81258 chore: replace deprecated String.prototype.substr() (#4918)
• f4a5f04 chore: bump actions/checkout from 2 to 3 (#4905)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by yoshinorin, a new releaser for hexo since your current version.

Updates hexo-deployer-git from 2.1.0 to 3.0.0

Release notes

Sourced from hexo-deployer-git's releases.

v3.0.0

Changes

• release: 3.0.0 @​stevenjoezhang (#198)
• Replace swig-templates with nunjucks @​stevenjoezhang (#173)

Dependencies

• chore(deps-dev): bump mocha from 7.2.0 to 8.0.1 @​dependabot-preview (#190)
• chore(deps-dev): bump eslint from 6.8.0 to 7.1.0 @​dependabot-preview (#188)
• chore(deps): bump hexo-fs from 2.0.0 to 3.0.1 @​dependabot-preview (#178)
• chore(deps): bump hexo-util from 1.9.0 to 2.1.0 @​dependabot-preview (#184)
• Bump eslint-config-hexo from 3.0.0 to 4.1.0 @​dependabot-preview (#156)
• chore(deps): bump chalk from 3.0.0 to 4.0.0 @​dependabot-preview (#176)
• chore(deps-dev): bump mocha from 6.2.3 to 7.1.2 @​dependabot-preview (#179)
• Bump nyc from 14.1.1 to 15.0.0 @​dependabot-preview (#157)

Misc

• ci: drop node 8 & add node 14 @​SukkaW (#181)
• chore: add release-drafter @​YoshinoriN (#166)

Commits

• 70e2c8f release: 3.0.0 (#198)
• a431418 chore(deps-dev): bump mocha from 7.2.0 to 8.0.1 (#190)
• d95bf33 chore(deps-dev): bump eslint from 6.8.0 to 7.1.0 (#188)
• 751b7a7 chore(deps): bump hexo-fs from 2.0.0 to 3.0.1 (#178)
• c312a15 chore(deps): bump hexo-util from 1.9.0 to 2.1.0 (#184)
• 6abb97b ci: drop node 8 & add node 14 (#181)
• d38cabd chore(deps-dev): eslint-config-hexo from 3.0.0 to 4.1.0 (#156)
• 6e84df7 chore(deps): bump chalk from 3.0.0 to 4.0.0 (#176)
• da86591 chore(deps-dev): bump mocha from 6.2.3 to 7.1.2 (#179)
• 6732e1e chore: add release-drafter (#166)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by yoshinorin, a new releaser for hexo-deployer-git since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @miRoox.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/miRoox/blog/network/alerts).

[miRoox]

@dependabot squash and merge

[dependabot[bot]]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.