Bump the npm_and_yarn group across 2 directories with 28 updates

[dependabot]

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package	From	To
gh-pages	2.2.0	5.0.0
semver	5.7.1	5.7.2
json5	1.0.1	1.0.2
@babel/traverse	7.11.0	7.24.1
ansi-regex	5.0.0	5.0.1
ansi-regex	4.1.0	5.0.1
browserslist	4.16.6	4.23.0
color-string	1.6.0	1.9.1
postcss	6.0.1	8.4.38
microbundle	0.12.3	0.15.1
debug	4.1.1	4.3.4
decode-uri-component	0.2.0	0.2.2
jsdom	16.4.0	16.7.0
minimatch	3.0.4	3.1.2
node-notifier	7.0.2	8.0.2
@jest/reporters	26.3.0	26.6.2
semver-regex	2.0.0	3.1.4
husky	4.2.5	4.3.8
shell-quote	1.7.2	1.8.1
word-wrap	1.2.3	1.2.5
ws	7.4.6	7.5.9
y18n	4.0.1	4.0.3

Bumps the npm_and_yarn group with 4 updates in the /example directory: semver, json5, postcss and next.

Updates gh-pages from 2.2.0 to 5.0.0

Release notes

Sourced from gh-pages's releases.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

What's Changed

• Assorted updates by @​tschaub in tschaub/gh-pages#452
• Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. by @​Nezteb in tschaub/gh-pages#445
• Bump actions/checkout from 2 to 3 by @​dependabot in tschaub/gh-pages#453
• Bump actions/setup-node from 1 to 3 by @​dependabot in tschaub/gh-pages#455
• Bump email-addresses from 3.0.1 to 5.0.0 by @​dependabot in tschaub/gh-pages#454
• Bump async from 2.6.4 to 3.2.4 by @​dependabot in tschaub/gh-pages#459
• Remove quotation marks by @​Vicropht in tschaub/gh-pages#438

New Contributors

• @​Nezteb made their first contribution in tschaub/gh-pages#445
• @​Vicropht made their first contribution in tschaub/gh-pages#438

Full Changelog: tschaub/gh-pages@v4.0.0...v5.0.0

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in tschaub/gh-pages#423
• Bump async from 2.6.1 to 2.6.4 by @​dependabot in tschaub/gh-pages#427
• Bump path-parse from 1.0.6 to 1.0.7 by @​dependabot in tschaub/gh-pages#431
• Bump ansi-regex from 3.0.0 to 3.0.1 by @​dependabot in tschaub/gh-pages#430
• Updated dev dependencies and formatting by @​tschaub in tschaub/gh-pages#432

Full Changelog: tschaub/gh-pages@v3.2.3...v4.0.0

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.0.0

Breaking changes:

None really. But tests are no longer run on Node < 10. Development dependencies were updated to address security warnings, and this meant tests could no longer be run on Node 6 or 8. If you still use these Node versions, you may still be able to use this library, but be warned that tests are no longer run on these versions.

All changes:

• #357 - Dev dependency updates (@​tschaub)
• #333 - Update readme with command line options (@​Victoire44)
• #356 - Test as a GitHub action (@​tschaub)
• #355 - feat(beforeAdd): allow custom script before git add (@​Xiphe)
• #336 - Fix remove not working properly (@​sunghwan2789)
• #328 - Update .travis.yml (@​XhmikosR)

... (truncated)

Changelog

Sourced from gh-pages's changelog.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

• #438 - Remove quotation marks (@​Vicropht)
• #459 - Bump async from 2.6.4 to 3.2.4 (@​tschaub)
• #454 - Bump email-addresses from 3.0.1 to 5.0.0 (@​tschaub)
• #455 - Bump actions/setup-node from 1 to 3 (@​tschaub)
• #453 - Bump actions/checkout from 2 to 3 (@​tschaub)
• #445 - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. (@​Nezteb)
• #452 - Assorted updates (@​tschaub)

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

• #432 - Updated dev dependencies and formatting (@​tschaub)
• #430 - Bump ansi-regex from 3.0.0 to 3.0.1 (@​tschaub)
• #431 - Bump path-parse from 1.0.6 to 1.0.7 (@​tschaub)
• #427 - Bump async from 2.6.1 to 2.6.4 (@​tschaub)
• #423 - Bump minimist from 1.2.5 to 1.2.6 (@​tschaub)

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.2.2

• #396 - Revert "security(deps): bump filenamify-url to 2.1.1" (@​tschaub)

v3.2.1

• #393 - security(deps): bump filenamify-url to 2.1.1 (@​AviVahl)

v3.2.0

This release updates a few development dependencies and adds a bit of documentation.

• #391 - Update dev dependencies (@​tschaub)
• #375 - Add note about domain problem (@​demee)
• #390 - Fix little typo in the README (@​cizordj)
• #388 - Bump hosted-git-info from 2.8.8 to 2.8.9 (@​tschaub)
• #387 - Bump y18n from 4.0.0 to 4.0.3 (@​tschaub)
• #378 - Add GitHub Actions tips to readme.md (@​mickelsonmichael)
• #386 - Bump lodash from 4.17.14 to 4.17.21 (@​tschaub)

... (truncated)

Commits

• f729b97 5.0.0
• 51534c7 Log changes
• ace063b Merge pull request #438 from Vicropht/patch-1
• 58e54be Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.4
• 2189df3 Bump async from 2.6.4 to 3.2.4
• 051846e Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-...
• 5c91c67 Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-...
• fe0ad83 Merge pull request #453 from tschaub/dependabot/github_actions/actions/checko...
• b89287d Merge pull request #445 from Nezteb/patch-1
• e890bd1 Bump email-addresses from 3.0.1 to 5.0.0
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates @babel/traverse from 7.11.0 to 7.24.1

Release notes

Sourced from @​babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• Other
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
• babel-plugin-transform-class-properties, babel-plugin-transform-classes
  • #16343 Use simpler assertThisInitialized more often (@​liuxingbaoyu)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse
  • #16342 Consider well-known and registered symbols as literals (@​nicolo-ribaudo)
• babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env
  • #16326 Reduce the use of class names (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @​ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

• babel-standalone

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #16323 Allow separate helpers to be excluded in Babel 8 (@​liuxingbaoyu)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env
  • #16318 [babel 8] Fix @babel/compat-data package.json (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
• babel-plugin-transform-class-properties, babel-plugin-transform-classes
  • #16343 Use simpler assertThisInitialized more often (@​liuxingbaoyu)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse
  • #16342 Consider well-known and registered symbols as literals (@​nicolo-ribaudo)
• babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env
  • #16326 Reduce the use of class names (@​liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

• babel-standalone
  • #11696 Export babel tooling packages in @babel/standalone (@​ajihyf)
• babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • #16267 Implement noUninitializedPrivateFieldAccess assumption (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16242 Support decorator 2023-11 normative updates (@​JLHwung)
• babel-preset-flow
  • #16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@​nicolo-ribaudo)

... (truncated)

Commits

• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
• 08a057c Use Object.hasOwn when available (#16248)
• a0dd614 v7.23.9
• 1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
• e428a6d v7.23.7
• Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates async from 2.6.3 to 3.2.5

Changelog

Sourced from async's changelog.

v3.2.5

• Ensure Error objects such as AggregateError are propagated without modification (#1920)

v3.2.4

• Fix a bug in priorityQueue where it didn't wait for the result. (#1725)
• Fix a bug where unshiftAsync was included in priorityQueue. (#1790)

v3.2.3

• Fix bugs in comment parsing in autoInject. (#1767, #1780)

v3.2.2

• Fix potential prototype pollution exploit

v3.2.1

• Use queueMicrotask if available to the environment (#1761)
• Minor perf improvement in priorityQueue (#1727)
• More examples in documentation (#1726)
• Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)
• Improved test coverage (#1754)

v3.2.0

• Fix a bug in Safari related to overwriting func.name
• Remove built-in browserify configuration (#1653)
• Varios doc fixes (#1688, #1703, #1704)

v3.1.1

• Allow redefining name property on wrapped functions.

v3.1.0

• Added q.pushAsync and q.unshiftAsync, analagous to q.push and q.unshift, except they always do not accept a callback, and reject if processing the task errors. (#1659)
• Promises returned from q.push and q.unshift when a callback is not passed now resolve even if an error ocurred. (#1659)
• Fixed a parsing bug in autoInject with complicated function bodies (#1663)
• Added ES6+ configuration for Browserify bundlers (#1653)
• Various doc fixes (#1664, #1658, #1665, #1652)

v3.0.1

Bug fixes

• Fixed a regression where arrays passed to queue and cargo would be completely flattened. (#1645)
• Clarified Async's browser support (#1643)

v3.0.0

The async/await release!

There are a lot of new features and subtle breaking changes in this major version, but the biggest feature is that most Async methods return a Promise if you omit the callback, meaning you can await them from within an async function.

</tr></table> 

... (truncated)

Commits

• 87e94e6 Version 3.2.5
• 44ed0fb Update built files
• af02a3d work around compiler quirk
• 3c7a711 path to config file
• 91fd894 requireConfigFile: false
• 0412f8d Ensure error objects are propagated without modification (#1920)
• ab3c56a Update .eslintrc.json to use es2021
• 8610499 Run lint on node 20
• ffd4cfb Run coverage on node 20
• 253f5dc Update Node version matrix in CI
• Additional commits viewable in compare view

Updates browserslist from 4.16.6 to 4.23.0

Release notes

Sourced from browserslist's releases.

4.23.0

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

Changelog

Sourced from browserslist's changelog.

4.23.0

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

4.22.3

• Fixed white spaces support in supports query (@​g-plane).
• Fixed shared config like @company/package/browserslist-config (@​boucodes).

4.22.2

• Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

• Updated Firefox ESR (by @​lerkor).

4.22

• Added fully supports query (by Ben Scott).
• Added partially supports alias for supports query (by Ben Scott).

4.21.11

• Added warning to --update-db to move to new CLI (by Ivan Vasilev).
• Fixed docs (by Tatsunori Uchino).

4.21.10

• Updated Firefox ESR.

4.21.9

• Fixed Opera Mobile edge cases (by Steve Repsher).

4.21.8

• Fixed supports query and mobileToDesktop (by Steve Repsher).

4.21.7

• Fixed last queries for Android (by Steve Repsher).

4.21.6

• Fixed time queries with mobileToDesktop (by Steve Repsher).
• Fixed docs (by Tatsunori Uchino, Will Stone, and Dominik Pschenitschni).

4.21.5

• Fixed running Browserslist in browser environment.

4.21.4

• Updated Firefox ESR.

4.21.3

• Improved unknown region and unknown feature error (by Alexander Chabin).

4.21.2

• Updated Firefox ESR.

4.21.1

... (truncated)

Commits

• a23d971 Release 4.23 version
• 61e7712 Update dependencies
• 2c313aa Add Github release workflow
• 3caf908 Update CI
• b58ae05 feat: add BROWSERSLIST_ROOT_PATH (#819)
• 8ddc4d8 Update grammar definition file (#817)
• 65ad382 Release 4.22.3 version
• 0efec9b Add Node.js 21 to CI
• aaf5f2b Update dependencies
• a3ba90b Updated regex to have the option of adding an extension after @​companyName bu...
• Additional commits viewable in compare view

Updates color-string from 1.6.0 to 1.9.1

Release notes

Sourced from color-string's releases.

1.9.0

Minor Release 1.9.0

• Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @​babycannotsay for their contribution!

1.8.2

Patch release 1.8.2

• Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @​gerdasi and @​mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1

• Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @​clytras for their contribution!

1.8.0

Minor release 1.8.0

• Add anchors to keyword regex (