chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
debug	4.3.1	4.3.2
express	4.16.4	4.19.2
plotly.js	1.48.3	2.25.2
es5-ext	0.10.50	0.10.64
ip	1.1.5	1.1.9
moment	2.26.0	2.30.1
node-fetch	2.6.0	2.7.0
qs	6.5.2	6.5.3
underscore	1.9.1	1.13.6
webpack-dev-middleware	6.1.1	6.1.2
word-wrap	1.2.3	1.2.5
y18n	4.0.0	4.0.3

Updates debug from 4.3.1 to 4.3.2

Release notes

Sourced from debug's releases.

4.3.2

Patch release 4.3.2

• Caches enabled statuses on a per-logger basis to speed up .enabled checks (#799)

Thank you @​omg!

Commits

• e47f96d 4.3.2
• 1e9d38c cache enabled status per-logger (#799)
• See full diff in compare view

Updates express from 4.16.4 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates plotly.js from 1.48.3 to 2.25.2

Release notes

Sourced from plotly.js's releases.

v2.25.2

Changed

• Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

• Fix potential prototype pollution in plot API calls [#6703, 6704]

v2.25.1

Fixed

• Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

v2.25.0

Added

• Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
• Add options to include legends for shapes and newshape [#6653]
• Add Plotly.deleteActiveShape command [#6679]

Fixed

• Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
• Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
• Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

v2.24.3

Fixed

• Fix double clicking one item in a legend hides traces in other legends [#6655]
• Fix double click pie slices when having multiple legends [#6657]
• Fix per legend group and traceorder defaults when having multiple legends [#6664]

v2.24.2

Fixed

• Fix legend groups toggle (regression introduced in 2.22.0) #6639
• Fix waterfall hovertemplate not showing delta on totals similar #6635

v2.24.1

Fixed

• Fix minimal copying of arrays in minExtend function (regression introduced in 2.24.0) #6632

v2.24.0

Added

• add pattern to pie, funnelarea, sunburst, icicle and treemap traces [#6601, #6619, #6622, #6626, #6627, #6628, #6629], with thanks to @​thierryVergult for the contribution!

Fixed

• Fix to prevent accessing undefined (hoverText.hoverLabels) in case all currently shown markers have hoverinfo: "none" (regression introduced in 2.6.0) #6614,

... (truncated)

Changelog

Sourced from plotly.js's changelog.

[2.25.2] -- 2023-08-11

Changed

• Update Croatian translations in hr locale [#6690], with thanks to @​Mkranj for the contribution!

Fixed

• Fix potential prototype pollution in plot API calls [#6703, 6704]

[2.25.1] -- 2023-08-02

Fixed

• Fix clearing legend using react (regression introduced in 2.25.0) [#6695]

[2.25.0] -- 2023-07-25

Added

• Add "Equal Earth" projection to geo subplots [#6670], with thanks to @​apparebit for the contribution!
• Add options to include legends for shapes and newshape [#6653]
• Add Plotly.deleteActiveShape command [#6679]

Fixed

• Fix contour plot colorscale domain (take account of zmin, zmax, cmin and cmax) [#6625], with thanks to @​lvlte for the contribution!
• Fix text markers on non-mapbox styled maps [#6652], with thanks to @​baurt for the contribution!
• Fix unhide isolated traces in multi legend cases (regression introduced in 2.24.3) [#6684]

[2.24.3] -- 2023-07-05

Fixed

• Fix double clicking one item in a legend hides traces in other legends [#6655]
• Fix double click pie slices when having multiple legends [#6657]
• Fix per legend group and traceorder defaults when having multiple legends [#6664]

[2.24.2] -- 2023-06-09

Fixed

• Fix legend groups toggle (regression introduced in 2.22.0) #6639
• Fix waterfall hovertemplate not showing delta on totals similar #6635

[2.24.1] -- 2023-06-07

Fixed

... (truncated)

Commits

• e824199 2.25.2
• 920a50e update readme and changelog for v2.25.2
• 27932d6 Merge pull request #6705 from plotly/reduce-flakiness
• 0249840 Merge pull request #6704 from plotly/nestedProperty-proto
• a4a69d5 reduce flakiness on CI
• a860a32 Merge pull request #6690 from Mkranj/croatian_translation
• 5cfbd6e add test
• 2bec998 guard against polluting proto in nestedProperty
• 5efd2a1 Merge pull request #6703 from plotly/expandObjectPaths-proto
• e1e3175 fix delay in test
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by archmoj, a new releaser for plotly.js since your current version.

Updates es5-ext from 0.10.50 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates moment from 2.26.0 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

• Release Dec 27, 2023
• Revert moment/moment#5827, because it's breaking a lot of TS code.

2.30.0 Full changelog

• Release Dec 26, 2023

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

• Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

• 485d9a7 Build 2.30.1
• e048b09 Bump version to 2.30.1
• f9f2d58 Update changelog for 2.30.1
• a52ffb2 Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"
• ddd6809 Build 2.30.0
• be64d00 Bump version to 2.30.0
• ad41179 Update changelog for 2.30.0
• 63fe479 [misc] Make code ES6 compatible
• 0f0195f Revert "Merge pull request #5599 from Alanscut:issue_4985"
• 15b82f5 Revert "Merge pull request #5597 from Alanscut:issue-5596"
• Additional commits viewable in compare view

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates static-eval from 0.2.4 to 2.1.1

Release notes

Sourced from static-eval's releases.

v2.1.1

• Update escodegen. @​FabianWarnecke in #43

  escodegen doesn't officially support all the Node.js versions that static-eval supports, but so far it still works on them. This has been the case for both v1.x and v2.1.0 of escodegen, so the upgrade doesn't change that situation.

v2.1.0

• Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@​archmoj in #31)

  Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

v2.0.5

• Fix function bodies being invoked during declaration. (@​RoboPhred in #30)

v2.0.4

• Short-circuit evaluation in && and || expressions. (@​RoboPhred in #28)
• Start tracking changes.

v2.0.3

Disallows accessing .constructor and .__proto__ properties, which could be used to access the Function() constructor. (browserify/static-eval#27) Thanks to an anonymous reporter!

Changelog

Sourced from static-eval's changelog.

2.1.1

• Update escodegen. @​FabianWarnecke in #43

  escodegen doesn't officially support all the Node.js versions that static-eval supports, but so far it still works on them. This has been the case for both v1.x and v2.1.0 of escodegen, so the upgrade doesn't change that situation.

2.1.0

• Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@​archmoj in #31)

  Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

2.0.5

• Fix function bodies being invoked during declaration. (@​RoboPhred in #30)

2.0.4

• Short-circuit evaluation in && and || expressions. (@​RoboPhred in #28)
• Start tracking changes.

Commits

• c682147 2.1.1
• 22fc478 Merge pull request #43 from FabianWarnecke/patch-1
• cdf877d Update dependency "escodegen".
• aff732b maybe they will email me about "security" issues if i put this in there
• 1a4d734 2.1.0
• 054adac ci: add node 14
• 09c4b83 Merge pull request #31 from archmoj/allow-cwise-transform
• e619afc make option to enable allowAccessToMethodsOnFunctions namely to be used by cw...
• 36587c2 remove trailing spaces
• 798b0d5 ci: add node 12 and 13
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by goto-bus-stop, a new releaser for static-eval since your current version.

Updates underscore from 1.9.1 to 1.13.6

Commits

• bd2d35c Merge remote-tracking branch 'upstream/master'
• 2e7c0f2 Update generated files, tag 1.13.6 release
• 732cafe Underscore 1.13.6
• e8f86fb Add changelog entry for versioin 1.13.6
• 43e827a Bump the version to 1.13.6 (hotfix)
• 1c1d1a2 Remove patch-package postinstall script
• 4eb6894 Merge pull request #2974 from paulsmithkc/patch-1
• 2edcdc1 Hostfix for broken builds
• 66ee70d Verify that production and doc builds still work in CI
• 68e5eb6 Update generated sources, tag 1.13.5 release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.

Updates webpack-dev-middleware from 6.1.1 to 6.1.2

Release notes

Sourced from webpack-dev-middleware's releases.

v6.1.2

6.1.2 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1778) (9670b34)

Changelog

Sourced from webpack-dev-middleware's changelog.

6.1.2 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1778) (9670b34)

Commits

• 54e4a96 chore(release): 6.1.2
• 9670b34 fix(security): do not allow to read files above (#1778)
• See full diff in compare view

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• 🔒 fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

• 207044e 1.2.5
• 9894315 revert default indent
• f64b188 run verb to generate README
• 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
• 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
• bfa694e Update .github/workflows/publish.yml
• ace0b3c chore: bump version to 1.2.4
• 6fd7275 chore: add publish workflow
• 30d6daf chore: fix test
• 655929c chore: remove package-lock
• Additional commits viewable in compare view

Updates y18n from 4.0.0 to 4.0.3

Changelog

Sourced from y18n's changelog.

4.0.3 (2021-04-07)

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

4.0.1 (2020-11-30)

Bug Fixes

• address prototype pollution issue (#108) (a9ac604)

Commits

• 0aa97c5 chore: release 4.x.x (#128)
• a8e7f04 build(release-please): configure branch properly (#127)
• 1e21a53 fix(release): 4.x.x should not enforce Node 10 (#126)
• 8dc7580 docs: update CHANGELOG
• 7de58ca fix: address prototype pollution issue
• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• `@dependabot show <dependency n...

Description has been truncated

[dependabot]

Superseded by #1025.