Bump json5, @cschleiden/azure-devops-react-scripts and loader-utils

[dependabot[bot]]

Bumps json5 to 1.0.2 and updates ancestor dependencies json5, @cschleiden/azure-devops-react-scripts and loader-utils. These dependencies need to be updated together.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates @cschleiden/azure-devops-react-scripts from 2.1.3 to 3.0.1-1

Changelog

Sourced from @​cschleiden/azure-devops-react-scripts's changelog.

2.1.8 (March 7, 2019)

v2.1.8 is a maintenance release that reapplies the TypeScript speed improvements (#6406) in a new major version of react-dev-utils.

Migrating from 2.1.7 to 2.1.8

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@2.1.8

or

yarn add --exact react-scripts@2.1.8

2.1.7 (March 7, 2019)

v2.1.7 is a maintenance release that temporarily reverts the TypeScript speed improvements (#6406) to fix a dependency issue in react-dev-utils.

Migrating from 2.1.6 to 2.1.7

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@2.1.7

or

yarn add --exact react-scripts@2.1.7

2.1.6 (March 6, 2019)

v2.1.6 is a maintenance release that brings a few new improvements, most notably:

• :rocket: Reduced TypeScript rebuild times while running the development server. This was previously introduced in v2.1.4 but had to be reverted. Thanks to @​ianschmitz for getting this ready.

:bug: Bug Fix

• react-dev-utils
  • #6511 Fix deploy instructions to make link clickable. (@​sbimochan)
• react-scripts
  • #6472 Revert CSS sourcemaps in development. (@​bugzpodder)
  • #6444 Revert "Switch to eval-source-map (#5060)". (@​ianschmitz)

... (truncated)

Commits

• See full diff in compare view

Updates loader-utils from 1.1.0 to 1.2.3

Release notes

Sourced from loader-utils's releases.

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

• fixed a hash type extracting in interpolateName (#137) (f8a71f4)

v1.2.1

1.2.1 (2018-12-25)

Bug Fixes

• isUrlRequest: better handle absolute urls and non standards (#134) (aca43da)

Reverts

• PR #79 (#135) (73d350a)

v1.2.0

1.2.0 (2018-12-24)

Features

• interpolateName: support [contenthash]

Fixes

• urlToRequest: empty urls are not rewritten to relative requests
• urlToRequest: don't rewrite absolute urls
• isUrlRequest: ignore all url with extension (like moz-extension:, ms-browser-extension: and etc)
• isUrlRequest: ignore about:blank
• interpolateName: failing explicitly when ran out of emoji
• interpolateName: [hash] token regex in interpolate string to capture any hash algorithm name
• interpolateName: parse string for emoji count before use

Changelog

Sourced from loader-utils's changelog.

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

• fixed a hash type extracting in interpolateName (#137) (f8a71f4)

1.2.1 (2018-12-25)

Bug Fixes

• isUrlRequest: better handle absolute urls and non standards (#134) (aca43da)

Reverts

• PR #79 (#135) (73d350a)

1.2.0 (2018-12-24)

Features

• interpolateName: support [contenthash]

Fixes

• urlToRequest: empty urls are not rewritten to relative requests
• urlToRequest: don't rewrite absolute urls
• isUrlRequest: ignore all url with extension (like moz-extension:, ms-browser-extension: and etc)
• isUrlRequest: ignore about:blank
• interpolateName: failing explicitly when ran out of emoji
• interpolateName: [hash] token regex in interpolate string to capture any hash algorithm name

... (truncated)

Commits

• b91a76c chore(release): 1.2.3
• 3528fd9 fix(interpolateName): don't interpolated hashType without hash or `conten...
• 809b690 chore(release): 1.2.2
• d69c303 test: interpolateName util (#138)
• f8a71f4 fix: fixed a hash type extracting in interpolateName (#137)
• 489ef12 chore(release): 1.2.1
• 73d350a revert: PR #79 (#135)
• aca43da fix(isUrlRequest): better handle absolute urls and non standards (#134)
• ba4f0d0 chore(release): 1.2.0 (#131)
• c5c7322 test: more (#132)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/microsoft/azure-boards-estimate/network/alerts).