Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
glob-parent	5.1.2	6.0.1
semver	5.7.2	7.5.4
core-js-compat	3.23.1	3.37.1
ejs	3.1.8	3.1.10
webpack	4.44.2	4.47.0

Updates glob-parent from 5.1.2 to 6.0.1

Release notes

Sourced from glob-parent's releases.

glob-parent v6.0.1

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

glob-parent v6.0.0

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

• eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

• Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

5.1.0 (2021-01-27)

Features

• add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

5.0.0 (2021-01-27)

⚠ BREAKING CHANGES

• Drop support for node <6 & bump dependencies

... (truncated)

Commits

• e1a15e1 chore: release 6.0.1 (#52)
• 8cdac1e chore: Run prettier
• 3e9f04a fix: Resolve ReDoS vulnerability from CVE-2021-35065 (#49)
• 3ad9597 chore: Run prettier
• 6fd137b chore: release 6.0.0 (#41)
• 32f6d52 fix!: Correct mishandled escaped path separators (#34)
• aa91a48 chore(ci): Upgrade coveralls action to 1.1.2
• 94dc54f chore(ci): Update workflow
• 6b6c5c2 chore: fix typo in badges
• 5384066 Build: Run prettier
• Additional commits viewable in compare view

Updates semver from 5.7.2 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

... (truncated)

Commits

• 36cd334 chore: release 7.5.4
• 8456d87 chore: postinstall for dependabot template-oss PR
• dde1f00 chore: postinstall for dependabot template-oss PR
• dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
• d619f66 chore: postinstall for dependabot template-oss PR
• 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
• cc6fde2 fix: trim each range set before parsing
• 99d8287 fix: correctly parse long build ids as valid (#583)
• 4f0f6b1 chore: fix arguments in whitespace test (#574)
• 6bd1a37 chore: remove duplicate test in semver class (#575)
• Additional commits viewable in compare view

Updates core-js-compat from 3.23.1 to 3.37.1

Changelog

Sourced from core-js-compat's changelog.

3.37.1 - 2024.05.14

• Changes v3.37.0...v3.37.1
• Fixed URL.parse feature detection for some specific cases
• Compat data improvements:
  • Set methods proposal added and marked as supported from FF 127
  • Symbol.dispose added and marked as supported from V8 ~ Chromium 125
  • Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } added and marked as supported from Deno 1.43
  • URL.parse added and marked as supported from Chromium 126
  • URL.parse added and marked as supported from NodeJS 22.0
  • URL.parse added and marked as supported from Deno 1.43
  • Added Rhino 1.7.15 compat data, many features marked as supported
  • Added NodeJS 22.0 compat data mapping
  • Added Deno 1.43 compat data mapping
  • Added Electron 31 compat data mapping
  • Updated Opera Android 82 compat data mapping
  • Added Samsung Internet 26 compat data mapping
  • Added Oculus Quest Browser 33 compat data mapping

3.37.0 - 2024.04.17

• Changes v3.36.1...v3.37.0
• New Set methods proposal:
  • Built-ins:
    • Set.prototype.intersection
    • Set.prototype.union
    • Set.prototype.difference
    • Set.prototype.symmetricDifference
    • Set.prototype.isSubsetOf
    • Set.prototype.isSupersetOf
    • Set.prototype.isDisjointFrom
  • Moved to stable ES, April 2024 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Explicit Resource Management stage 3 proposal:
  • Some minor updates like explicit-resource-management/217
• Added Math.sumPrecise stage 2.7 proposal:
  • Built-ins:
    • Math.sumPrecise
• Promise.try proposal:
  • Built-ins:
    • Promise.try
  • Added optional arguments support, promise-try/16
  • Moved to stage 2.7, April 2024 TC39 meeting
• RegExp.escape stage 2 proposal:
  • Moved to hex-escape semantics, regex-escaping/67
    • It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
• Pattern matching stage 1 proposal:
  • Built-ins:
    • Symbol.customMatcher
  • Once again, the used well-known symbol was renamed
  • Added new entries for that
• Added Extractors stage 1 proposal:

... (truncated)

Commits

• d044cb5 3.37.1
• ca59ee7 update Electron 31 compat data mapping
• d27edd5 URL.parse added and marked as supported from Chromium 126
• f0f7416 Set methods proposal added and marked as supported from FF 127
• de8ce56 add Rhino 1.7.15 compat data
• 1b7d98d Math.f16round and DataView.prototype.{ getFloat16, setFloat16 } from `Flo...
• 54b6a86 URL.parse added and marked as supported from Deno 1.43
• 8b92f43 add Deno 1.43 compat data mapping
• e863c48 add Samsung Internet 26 compat data mapping
• 22bd526 add Oculus Quest Browser 33 compat data mapping
• Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates webpack from 4.44.2 to 4.47.0

Release notes

Sourced from webpack's releases.

v4.47.0

New Features

• [Security] - Add support for md4 in Node >=18. by @​iclanton in webpack/webpack#17628

New Contributors

• @​iclanton made their first contribution in webpack/webpack#17628

Full Changelog: webpack/webpack@v4.46.0...v4.47.0

Commits

• dfffd6a 4.47.0
• 7395af8 Merge pull request #17628 from iclanton/webpack4-md4-hash
• 9b50972 Update SplitChunksPlugin to use the updated createHash function.
• 6f6ae98 Add support for md4 in Node >=18.
• 3956274 Merge pull request #13778 from StyleT/feature/custom_externals_for_systemjs_t...
• 1f11600 fix: fixed work of the non-system type externals for "system" library target
• 444e59f 4.46.0
• 758bb25 Merge pull request #12387 from webpack/bugfix/12386
• 79de1a2 enable backward-compatibility for resolve.roots
• ef75c04 Fix filename in azure pipeline
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud