Bump debug, browser-sync, grunt-contrib-watch, karma and serve-static

[dependabot[bot]]

Bumps debug to 2.6.9 and updates ancestor dependencies debug, browser-sync, grunt-contrib-watch, karma and serve-static. These dependencies need to be updated together.

Updates debug from 2.6.8 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• See full diff in compare view

Updates browser-sync from 2.10.0 to 2.27.11

Release notes

Sourced from browser-sync's releases.

2.27.9

What's Changed

• fix(cli): Where's the command help? fixes #1929 by @​shakyShane in BrowserSync/browser-sync#1945

A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

2.27.8

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

• https://github.com/BrowserSync/browser-sync/commit/58ab4ab861d7c50b4349f25bdd4c7f8871d0ad32

Resolved Issues:

• BrowserSync/browser-sync#1850
• BrowserSync/browser-sync#1892
• BrowserSync/browser-sync#1925
• BrowserSync/browser-sync#1926
• BrowserSync/browser-sync#1933

Thanks to @​lachieh for the original PR, which helped me land this fix

added snippet: boolean option

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

... (truncated)

Changelog

Sourced from browser-sync's changelog.

2.23.1 (2018-01-01)

2.8.2 (2015-07-31)

Bug Fixes

• https: add newly generated ssl self-signed certs that will expire for 10 years - fixes (45104a7), closes #750

2.8.1 (2015-07-28)

Bug Fixes

• web-sockets: Use separate server for web sockets in proxy mode - fixes #625 (40017b4), closes #625

Features

• serve-static: Added option serveStatic to allow proxy/snippet mode to easily serve local fil (384ef67)

2.7.13 (2015-06-28)

Bug Fixes

• snippet: Allow async attribute to be removed from snippet with snippetOptions.async = fal (c32bec6), closes #670
• socket-options: allow socket.domain string|fn for setting domain only on socket path - fixes #69 (5157432), closes #690

Features

• api: expose sockets to public api (985682c)

2.7.12 (2015-06-17)

Bug Fixes

• client-script: allow proxy to also use client script middleware (c5fdbbf)
• client-script: serve cached/gzipped client JS file - fixes #657 (dbe9ffe), closes #657

... (truncated)

Commits

• 01caeb3 v2.27.11
• 74873cc updated deps (#1995)
• 88527a8 Add CodeSee architecture diagram workflow to repository (#1972)
• f6965a6 v2.27.10
• e6c7bed Updated portscanner to 2.2.0 (#1960)
• 6a587ec fix readme's
• 91258ae Merge branch 'browser-sync-1946-esbuild'
• f48d6b4 👋 app veyor
• 30c24dc Merge pull request #1947
• 9d24de5 drop webpack from UI
• Additional commits viewable in compare view

Updates grunt-contrib-watch from 0.6.1 to 1.1.0

Changelog

Sourced from grunt-contrib-watch's changelog.

v1.1.0: date: 2018-05-12 changes: - Update to tiny-lr@1.1.1, lodash@4.17.10, async@2.6.0 v1.0.1: date: 2018-04-20 changes: - Update to gaze@1.1, lodash@4 v1.0.0: date: 2016-03-12 changes: - Updated tiny-lr, gaze, async and lodash dependencies. - Fix endless loop issue with atBegin/nospawn. - Expose hostname parameter of tiny-lr. - Support cwd.event to emit events relative to path. - Removed peerDependencies setting.

Commits

• 3b7ddf4 v1.1.0
• 72b1214 Updating dependencies, async, lodash and tiny-lr
• 5adb27c Merge pull request #543 from digitalbazaar/master
• 6ec71e9 v1.0.1
• 7d20933 Update copyright year
• e3d19df Update ci configs
• d117574 Updating ci configs
• 99410a7 README.md: Fixed typos (#536)
• f07311b Update tiny-lr dependency to 1.x
• 7f8cf80 Add local grunt-cli
• Additional commits viewable in compare view

Updates karma from 0.13.19 to 6.4.1

Release notes

Sourced from karma's releases.

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.18

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

v6.3.17

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

v6.3.16

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

... (truncated)

Commits

• 0013121 chore(release): 6.4.1 [skip ci]
• 63d86be fix: pass integrity value
• 84f7cc3 chore(release): 6.4.0 [skip ci]
• f2d0663 docs: add integrity parameter
• dc51a2e feat: support SRI verification of link tags
• 6a54b1c feat: support SRI verification of script tags
• 5e71cf5 chore(release): 6.3.20 [skip ci]
• e17698f fix: prefer IPv4 addresses when resolving domains
• 60f4f79 build: add Node 16 and 18 to the CI matrix
• 6ff5aaf chore(release): 6.3.19 [skip ci]
• Additional commits viewable in compare view

Updates serve-static from 1.10.0 to 1.15.0

Release notes

Sourced from serve-static's releases.

1.15.0

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

1.14.1

• Set stricter CSP header in redirect response
• deps: send@0.17.1
  • deps: range-parser@~1.2.1

1.14.0

• deps: parseurl@~1.3.3
• deps: send@0.17.0
  • deps: http-errors@~1.7.2
  • deps: mime@1.6.0
  • deps: ms@2.1.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call

1.13.2

• Fix incorrect end tag in redirects
• deps: encodeurl@~1.0.2
  • Fix encoding % as last character
• deps: send@0.16.2
  • deps: depd@~1.1.2
  • deps: encodeurl@~1.0.2
  • deps: statuses@~1.4.0

1.13.1

• Fix regression when root is incorrectly set to a file
• deps: send@0.16.1

1.13.0

• deps: send@0.16.0
  • Add 70 new types for file extensions
  • Add immutable option
  • Fix missing </html> in default error & redirects
  • Set charset as "UTF-8" for .js and .json
  • Use instance methods on steam to check for listeners

... (truncated)

Changelog

Sourced from serve-static's changelog.

1.15.0 / 2022-03-24

• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1

1.14.2 / 2021-12-15

• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens

1.14.1 / 2019-05-10

• Set stricter CSP header in redirect response
• deps: send@0.17.1
  • deps: range-parser@~1.2.1

1.14.0 / 2019-05-07

• deps: parseurl@~1.3.3
• deps: send@0.17.0
  • deps: http-errors@~1.7.2
  • deps: mime@1.6.0
  • deps: ms@2.1.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call

1.13.2 / 2018-02-07

• Fix incorrect end tag in redirects
• deps: encodeurl@~1.0.2
  • Fix encoding % as last character
• deps: send@0.16.2
  • deps: depd@~1.1.2
  • deps: encodeurl@~1.0.2
  • deps: statuses@~1.4.0

1.13.1 / 2017-09-29

... (truncated)

Commits

• 9b5a12a 1.15.0
• a39a0df docs: update CI link
• d702ea2 build: Node.js@17.8
• ff1510a deps: send@0.18.0
• 813c7e4 build: mocha@9.2.2
• 2e029f9 build: Node.js@17.7
• 3269f31 build: supertest@6.2.2
• 71cd4f8 build: mocha@9.2.1
• a5cdf62 build: Node.js@17.5
• 9d11e38 build: Node.js@16.14
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/progilone/numahop/network/alerts).