Bump the npm_and_yarn group across 1 directory with 21 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 18 updates in the / directory:

Package	From	To
gh-pages	3.1.0	5.0.0
webpack	5.75.0	5.76.0
ajv	6.10.2	6.12.6
ansi-regex	4.1.0	4.1.1
d3-color	1.4.0	3.1.0
d3-zoom	1.8.3	3.0.0
decode-uri-component	0.2.0	0.2.2
dns-packet	1.3.1	1.3.4
eventsource	1.0.7	1.1.2
express	4.17.1	4.19.2
follow-redirects	1.12.1	1.15.6
fsevents	1.2.9	1.2.13
ip	1.1.5	1.1.9
lodash	4.17.19	4.17.21
postcss	8.4.20	8.4.38
url-parse	1.4.7	1.5.10
webpack-dev-middleware	3.7.2	7.2.1
webpack-dev-server	3.11.0	5.0.4

Updates gh-pages from 3.1.0 to 5.0.0

Release notes

Sourced from gh-pages's releases.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

What's Changed

• Assorted updates by @​tschaub in tschaub/gh-pages#452
• Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. by @​Nezteb in tschaub/gh-pages#445
• Bump actions/checkout from 2 to 3 by @​dependabot in tschaub/gh-pages#453
• Bump actions/setup-node from 1 to 3 by @​dependabot in tschaub/gh-pages#455
• Bump email-addresses from 3.0.1 to 5.0.0 by @​dependabot in tschaub/gh-pages#454
• Bump async from 2.6.4 to 3.2.4 by @​dependabot in tschaub/gh-pages#459
• Remove quotation marks by @​Vicropht in tschaub/gh-pages#438

New Contributors

• @​Nezteb made their first contribution in tschaub/gh-pages#445
• @​Vicropht made their first contribution in tschaub/gh-pages#438

Full Changelog: https://github.com/tschaub/gh-pages/compare/v4.0.0...v5.0.0

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in tschaub/gh-pages#423
• Bump async from 2.6.1 to 2.6.4 by @​dependabot in tschaub/gh-pages#427
• Bump path-parse from 1.0.6 to 1.0.7 by @​dependabot in tschaub/gh-pages#431
• Bump ansi-regex from 3.0.0 to 3.0.1 by @​dependabot in tschaub/gh-pages#430
• Updated dev dependencies and formatting by @​tschaub in tschaub/gh-pages#432

Full Changelog: https://github.com/tschaub/gh-pages/compare/v3.2.3...v4.0.0

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

Changelog

Sourced from gh-pages's changelog.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

• #438 - Remove quotation marks (@​Vicropht)
• #459 - Bump async from 2.6.4 to 3.2.4 (@​tschaub)
• #454 - Bump email-addresses from 3.0.1 to 5.0.0 (@​tschaub)
• #455 - Bump actions/setup-node from 1 to 3 (@​tschaub)
• #453 - Bump actions/checkout from 2 to 3 (@​tschaub)
• #445 - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. (@​Nezteb)
• #452 - Assorted updates (@​tschaub)

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

• #432 - Updated dev dependencies and formatting (@​tschaub)
• #430 - Bump ansi-regex from 3.0.0 to 3.0.1 (@​tschaub)
• #431 - Bump path-parse from 1.0.6 to 1.0.7 (@​tschaub)
• #427 - Bump async from 2.6.1 to 2.6.4 (@​tschaub)
• #423 - Bump minimist from 1.2.5 to 1.2.6 (@​tschaub)

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.2.2

• #396 - Revert "security(deps): bump filenamify-url to 2.1.1" (@​tschaub)

v3.2.1

• #393 - security(deps): bump filenamify-url to 2.1.1 (@​AviVahl)

v3.2.0

This release updates a few development dependencies and adds a bit of documentation.

• #391 - Update dev dependencies (@​tschaub)
• #375 - Add note about domain problem (@​demee)
• #390 - Fix little typo in the README (@​cizordj)
• #388 - Bump hosted-git-info from 2.8.8 to 2.8.9 (@​tschaub)
• #387 - Bump y18n from 4.0.0 to 4.0.3 (@​tschaub)
• #378 - Add GitHub Actions tips to readme.md (@​mickelsonmichael)
• #386 - Bump lodash from 4.17.14 to 4.17.21 (@​tschaub)

Commits

• f729b97 5.0.0
• 51534c7 Log changes
• ace063b Merge pull request #438 from Vicropht/patch-1
• 58e54be Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.4
• 2189df3 Bump async from 2.6.4 to 3.2.4
• 051846e Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-...
• 5c91c67 Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-...
• fe0ad83 Merge pull request #453 from tschaub/dependabot/github_actions/actions/checko...
• b89287d Merge pull request #445 from Nezteb/patch-1
• e890bd1 Bump email-addresses from 3.0.1 to 5.0.0
• Additional commits viewable in compare view

Updates webpack from 5.75.0 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in webpack/webpack#16500
• Improve hash performance via conditional initialization by @​lvivski in webpack/webpack#16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in webpack/webpack#16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in webpack/webpack#16759

Features

• add target to LoaderContext type by @​askoufis in webpack/webpack#16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in webpack/webpack#16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in webpack/webpack#16614
• Replace TypeScript logo in README by @​jakebailey in webpack/webpack#16613
• Update actions/cache dependencies by @​piwysocki in webpack/webpack#16493

New Contributors

• @​Jack-Works made their first contribution in webpack/webpack#16500
• @​lvivski made their first contribution in webpack/webpack#16491
• @​jakebailey made their first contribution in webpack/webpack#16614
• @​akhilgkrishnan made their first contribution in webpack/webpack#16446
• @​ryanwilsonperkin made their first contribution in webpack/webpack#16703
• @​piwysocki made their first contribution in webpack/webpack#16493
• @​askoufis made their first contribution in webpack/webpack#16781

Full Changelog: https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0

Commits

• 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request #16493 from piwysocki/patch-1
• 5f34acf feat: Add target to LoaderContext type
• b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request #16613 from jakebailey/ts-logo
• 302eb37 Merge pull request #16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates ajv from 6.10.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates ansi-regex from 4.1.0 to 4.1.1

Commits

• 64735d2 v4.1.1
• 75a657d Fix potential ReDoS (#37)
• See full diff in compare view

Updates d3-color from 1.4.0 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

• Add rgb.clamp and hsl.clamp. #102
• Add color.formatHex8. #103
• Fix color.formatHsl to clamp values to the expected range. #83
• Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

v3.0.1

• Make build reproducible.

v3.0.0

• Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

• Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

Commits

• 7a1573e 3.1.0
• 75c19c4 update LICENSE
• ef94e01 update dependencies
• 5e9f757 method shorthand
• e4bc34e formatHex8 (#103)
• ac660c6 {rgb,hsl}.clamp() (#102)
• 70e3a04 clamp HSL format (#101)
• 994d8fd avoid backtracking (#100)
• 7d61bbe 3.0.1
• 93bc4ff related d3/d33; extract copyrights from LICENSE
• Additional commits viewable in compare view

Updates d3-zoom from 1.8.3 to 3.0.0

Release notes

Sourced from d3-zoom's releases.

v3.0.0

• Adopt type: module.
• Update dependencies.
• Make build reproducible.
• Declare wheel listener as non-passive. #225
• Fix variable initialization error. #235
• Expose ZoomTransform constructor. #191

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

• Add zoom.tapDistance. #180
• Change zoom.on to pass the event directly to listeners.
• Change the default zoom.filter to observe wheel events if the control key is pressed. #204 #213
• Change the default zoom.wheelDelta to go faster if the control key is pressed. #204 #213
• Don‘t set touch-action: none. #206
• Upgrade to d3-selection 2.

See https://observablehq.com/@​d3/zoom-with-tooltip for an example.

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-brush 1.x or use a transpiler.

Commits

• debbe3d 3.0.0
• 3419879 Expose ZoomTransform constructor. (#191)
• e2f0e73 fix #235; currentTarget initialization
• c774f9e Adopt type=module (#234)
• e9aa6cb Merge pull request #236 from fidelthomet/patch-1
• 506ccf3 Docs: Update default value for zoom.filter
• 84a5e7b adding passive flag to wheel zoom event listener to remove google's warning
• db169ea v2.0.0
• 8f81ee7 d3 dependencies
• c2fa604 Merge pull request #205 from d3/two
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates dns-packet from 1.3.1 to 1.3.4

Commits

• ebdf849 1.3.4
• ac57872 move all allocUnsafes to allocs for easier maintenance
• c64c950 1.3.3
• 0598ba1 fix .. in encodingLength
• 010aedb 1.3.2
• 0d0d593 backport encodingLength fix to v1
• See full diff in compare view

Updates eventsource from 1.0.7 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2

• Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

• Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0

• Improve performance for large messages across many chunks (#130 Trent Willis)
• Add createConnection option for http or https requests (#120 Vasily Lavrov)
• Support HTTP 302 redirects (#116 Ryan Bonte)
• Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
• Add new to correct test (#111 Stéphane Alnet)
• Fix reconnections attempts now happen more than once (#136 Icy Fish)

Commits

• 0a8b85b 1.1.2
• f99ae66 docs: update history for 1.1.2
• 06c9721 chore: rebuild polyfill
• 9494642 fix: inline origin resolution, drop original dependency (#281)
• aa7a408 1.1.1
• 56d489e chore: rebuild polyfill
• 4a951e5 docs: update history for 1.1.1
• f9f6416 fix: strip sensitive headers on redirect to different origin
• 9dd0687 1.1.0
• 49497ba Update history for 1.1.0 (#146)
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/expressjs/express/compare/4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: https://github.com/expressjs/express/compare/4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: https://github.com/expressjs/express/compare/4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.12.1 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates fsevents from 1.2.9 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• See full diff in compare view

Updates minimist from 0.0.8 to 1.2.5

Changelog

Sourced from minimist's changelog.

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

• security notice 4cf1354
• additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

• more failing proto pollution tests 13c01a5
• even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

• failing test for protocol pollution 0efed03
• cleanup 67d3722
• console.dir -> console.log 47acf72
• don't assign onto proto 63e7ed0

v1.2.1 - 2020-03-10

Merged

• move the opts['--'] example back where it belongs [#63](https://github.com/minimistjs/minimist/issues/63)

Commits

• add test 6be5dae
• fix bad boolean regexp ac3fc79

v1.2.0 - 2015-08-24

Commits

• failing -k=v short test 63416b8
• kv short fix 6bbe145
• failing kv short test f72ab7f
• fixed kv test f5a48c3
• enforce space between arg key and value 86b321a

v1.1.3 - 2015-08-06

Commits

... (truncated)

Commits

• aeb3e27 1.2.5
• 278677b 1.2.4
• 4cf1354 security notice
• 1043d21 additional test for constructor prototype pollution
• 6457d74 1.2.3
• 38a4d1c even more aggressive checks for protocol pollution
• 13c01a5 more failing proto pollution tests
• f34df07 1.2.2
• 67d3722 cleanup
• 63e7ed0 don't assign onto proto
• Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates lodash from 4.17.19 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• See full diff in
  dependabot[bot] commented 6 months ago

  Looks like these dependencies are updatable in another way, so this is no longer needed.