chore(deps): bump the npm_and_yarn group across 1 directory with 18 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
commitizen	4.2.4	4.3.0
semantic-release	17.2.3	19.0.3
webpack-bundle-analyzer	3.9.0	4.10.2
braces	3.0.2	3.0.3
express	4.18.2	4.19.2
follow-redirects	1.15.3	1.15.6
tar	6.1.11	removed
semantic-release	19.0.3	24.0.0
webpack-dev-middleware	5.3.3	5.3.4

Updates commitizen from 4.2.4 to 4.3.0

Release notes

Sourced from commitizen's releases.

v4.3.0

4.3.0 (2023-01-19)

Features

• init: add pnpm support (#915) (c1f4142), closes #893 #858

v4.2.6

4.2.6 (2022-12-06)

Bug Fixes

• sec: upgrade semantic-release to 19.0.3 (#953) (815c69d)

v4.2.5

4.2.5 (2022-07-17)

Bug Fixes

• deps: update all non-major dependencies (69de704)
• deps: update all non-major dependencies (3c2553f)
• deps: update dependencies from renovatebot PRs (#862) (64a8ed6)
• deps: update dependency glob to v7.1.6 (#861) (2505419)
• deps: update dependency inquirer to v8 (#874) (9c7e863)
• do not include .nyc_output in published files (#851) (68c377b), closes 4.2.4#d2h-425221 #730
• fix the "isFunction" utility to match both "asyncFunction"s and "Function"s (#927) (25dc80c), closes #926
• git-cz.js,staging.js: check for staged files before running prompt (#818) (fdb73cd), closes #785 #585 #785

Commits

• c1f4142 feat(init): add pnpm support (#915)
• 87138d3 chore(deps) Update all non-major dependencies
• 815c69d fix(sec): upgrade semantic-release to 19.0.3 (#953)
• 0939910 ci(release): defined a github workflow to release with semantic-release (#923)
• 757a806 chore(deps): update all non-major dependencies
• 25dc80c fix: fix the "isFunction" utility to match both "asyncFunction"s and "Functio...
• fc283fb chore(deps): update dependency semver to v7.3.7
• c35a3c7 chore(deps): update all non-major dependencies
• 69de704 fix(deps): update all non-major dependencies
• e79f3ee chore(deps): update dependency @​babel/core to v7.17.8
• Additional commits viewable in compare view

Updates semantic-release from 17.2.3 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

• log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
• upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

• npm-plugin: @semantic-release/npm has also dropped support for node v15
• node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits

• 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
• 2b94bb4 docs: update broken link to CI config recipes (#2378)
• b4bc191 docs: Correct circleci workflow (#2365)
• 2c30e26 Merge pull request #2333 from semantic-release/next
• Additional commits viewable in compare view

Updates webpack-bundle-analyzer from 3.9.0 to 4.10.2

Changelog

Sourced from webpack-bundle-analyzer's changelog.

4.10.2

• Bug Fix

  • fix .cjs files not being handled (#512 by @​Rush)

• Internal

  • Remove is-plain-object (#627 by @​SukkaW)

4.10.1

• Bug Fix
  • fix this.handleValueChange.cancel() is not a function (#611 by @​life2015)

4.10.0

• Improvement

  • Allows filtering the list of entrypoints (#624 by @​chriskrogh)

• Internal

  • Make module much slimmer by replacing all lodash.* packages (#612) by @​sukkaw.

4.9.1

• Internal

  • Replace some lodash usages with JavaScript native API (#505) by @​sukkaw.
  • Make module much slimmer (#609) by @​sukkaw.

• Bug Fix

  • fix analyzerMode: 'server' on certain machines (#611 by @​panbenson)

4.9.0

• Improvement
  • Display modules included in concatenated entry modules on Webpack 5 when "Show content of concatenated modules" is checked (#602 by @​pgoldberg)

4.8.0

• Improvement

  • Support reading large (>500MB) stats.json files (#423 by @​henry-alakazhang)
  • Improve search UX by graying out non-matches (#554 by @​starpit)

• Internal

  • Add Node.js v16.x to CI and update GitHub actions (#539 by @​amareshsm)

4.7.0

• New Feature
  • Add the ability to filter to displaying only initial chunks per entrypoint (#519 by @​pas-trop-de-zele)

4.6.1

... (truncated)

Commits

• See full diff in compare view

Updates ansi-regex from 2.1.1 to 4.1.1

Release notes

Sourced from ansi-regex's releases.

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• 64735d2 v4.1.1
• 75a657d Fix potential ReDoS (#37)
• a079ab2 4.1.0
• 96200bb Support more escape types like links (#29)
• e076cd1 Add Tidelift mention in the readme
• a1d9246 4.0.0
• ced7421 Require Node.js 6
• eac826a Add option to only match the first occurrence (#24)
• 385eca9 Add scroll escapes (#20)
• 14839a4 Add failing test for #21 (#22)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.3 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

• 2449650 Update mocha
• 560b2d8 Don't use regex to trim whitespace
• b1bdb92 Remove linting package zoo
• c20dc7e Cache 308
• See full diff in compare view

Updates ip from 1.1.5 to 2.0.0

Commits

• 4b2f4e7 2.0.0
• 369d56d lib: use Buffer.alloc
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates marked from 1.2.9 to 4.3.0

Release notes

Sourced from marked's releases.

v4.3.0

4.3.0 (2023-03-22)

Bug Fixes

• always return promise if async (#2728) (042dcc5)
• fenced code doesn't need a trailing newline (#2756) (3acbb7f)

Features

• add preprocess and postprocess hooks (#2730) (9b452bc)

v4.2.12

4.2.12 (2023-01-14)

Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.

Bug Fixes

• revert to build script in ci (d2ab474)

v4.2.11

4.2.11 (2023-01-14)

Bug Fixes

• just build in version (22ac2cf)

v4.2.10

4.2.10 (2023-01-14)

Bug Fixes

• use version (fd759b3)

v4.2.9

4.2.9 (2023-01-14)

Bug Fixes

• fix version (96380c3)

... (truncated)

Commits

• d65cf63 chore(release): 4.3.0 [skip ci]
• 28f4342 🗜️ build v4.3.0 [skip ci]
• 9b452bc feat: add preprocess and postprocess hooks (#2730)
• 042dcc5 fix: always return promise if async (#2728)
• 3acbb7f fix: fenced code doesn't need a trailing newline (#2756)
• d1f1319 chore(deps-dev): Bump rollup from 3.19.1 to 3.20.0 (#2760)
• 0ced8a5 chore(deps-dev): Bump jasmine from 4.5.0 to 4.6.0 (#2758)
• a5bbe19 chore(deps-dev): Bump @​babel/core from 7.21.0 to 7.21.3 (#2761)
• 00f6e2a chore(deps-dev): Bump semantic-release from 20.1.1 to 20.1.3 (#2759)
• 8c7bca8 chore(deps-dev): Bump node-fetch from 3.3.0 to 3.3.1 (#2754)
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.7

Changelog

Sourced from minimist's changelog.

v1.2.7 - 2022-10-10

Commits

• [meta] add auto-changelog 0ebf4eb
• [actions] add reusable workflows e115b63
• [eslint] add eslint; rules to enable later are warnings f58745b
• [Dev Deps] switch from covert to nyc ab03356
• [readme] rename and add badges 236f4a0
• [meta] create FUNDING.yml; add funding in package.json 783a49b
• [meta] use npmignore to autogenerate an npmignore file f81ece6
• Only apps should have lockfiles 56cad44
• [Dev Deps] update covert, tape; remove unnecessary tap 49c5f9f
• [Tests] add aud in posttest 228ae93
• [meta] add safe-publish-latest 01fc23f
• [meta] update repo URLs 6b164c7

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

Commits

• c590d75 v1.2.7
• 0ebf4eb [meta] add auto-changelog
• e115b63 [actions] add reusable workflows
• 01fc23f [meta] add safe-publish-latest
• f58745b [eslint] add eslint; rules to enable later are warnings
• 228ae93 [Tests] add aud in posttest
• 236f4a0 [readme] rename and add badges
• ab03356 [Dev Deps] switch from covert to nyc
• 49c5f9f [Dev Deps] update covert, tape; remove unnecessary tap
• 783a49b [meta] create FUNDING.yml; add funding in package.json
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates npm from 7.24.2 to 8.19.4

Release notes

Sourced from npm's releases.

libnpmexec: v8.1.3

8.1.3 (2024-07-09)

Bug Fixes

• 71c6848 #7587 exec: npx to run specified version if multiple version exist globally (#7587) (@​milaninfy)

Dependencies

• workspace: @npmcli/[email protected]

libnpmexec: v8.1.2

8.1.2 (2024-05-29)

Bug Fixes

• 6b55646 #7569 exec: look in workspace and root for bin entries (#7569) (@​wraithgar)
• 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@​reggi)

Dependencies

• workspace: @npmcli/[email protected]

libnpmexec: v8.1.1

8.1.1 (2024-05-15)

Dependencies

• ea0b07d #7482 [email protected]
• a9a6dcd #7480 [email protected]
• 43331e4 #7480 [email protected]

Chores

• 9c4d3c4 #7467 template-oss-apply (@​lukekarrys)
• 2b7ec54 #7467 [email protected] (@​lukekarrys)

libnpmexec: v8.1.0

8.1.0 (2024-04-30)

Features

• 7e349f4 #7432 add spinner (#7432) (@​lukekarrys)

Bug Fixes

• 57ebebf #7418 update repository.url in package.json (#7418) (@​wraithgar)

... (truncated)

Changelog

Sourced from npm's changelog.

8.19.4 (2023-02-14)

Documentation

• dd51f34 #6155 don't redirect "npm config' to itself (#6155) (@​ivanosevitch)

Dependencies

• cfab523 #6166 [email protected] (#6166)

8.19.3 (2022-11-03)

Bug Fixes

• 26f3d0b #5761 use hosted-git-info to parse registry urls (#5761) (@​lukekarrys)

Documentation

• bd92aa0 #5753 name and version description change (#5753) (@​dominikgorczyca)

Dependencies

• Workspace: @npmcli/[email protected]
• Workspace: [email protected]
• Workspace: [email protected]

8.19.2 (2022-09-13)

Dependencies

• Workspace: @npmcli/[email protected]
• Workspace: [email protected]
• Workspace: [email protected]

8.19.1 (2022-09-01)

Bug Fixes

• d60b43f #5438 fix: Turn off progress bar when using web based authorization (@​sandeepmeduru)

8.19.0 (2022-08-31)

Features

• d94a9f5 #5347 feat: add deprecation warnings to access commands (@​wraithgar)

Bug Fixes

• bd2ae5d #5323 fix: linting (@​wraithgar)

... (truncated)

Commits

• 2f0b4df chore: release 8.19.4
• cd9c9fd chore: @​npmcli/template-oss@​4.11.4 (#6167)
• cfab523 deps: [email protected] (#6166)
• dd51f34 docs: don't redirect "npm config' to itself (#6155)
• 93bd6d1 chore(node-pr): various fixes and updates for the node PR script (#5817)
• ef42996 chore: release 8.19.3
• 50a7d32 chore: re-add async to function (#5812)
• 9931679 chore: check version to determine whether to publish (#5811)
• c10abe0 chore: tag backported workspaces during publish script
• 5866217 chore: ignore-scripts when installing docs deps
• Additional commits viewable in compare view

Updates qs from 6.5.2 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

• [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
• [readme] fix version badge

6.10.5

• [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

• [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
• [meta] use npmignore to autogenerate an npmignore file
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [Tests] clean up stringify tests slightly
• [meta] fix README.md (#399)
• Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits

• 56763c1 v6.11.0
• ddd3e29 [readme] fix version badge
• c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
• 95bc018 v6.10.5
• 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
• ba9703c v6.10.4
• 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
• 113b990 [Dev Deps] update object-inspect
• c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
• 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
• Additional commits viewable in compare view

Updates semver-regex from 2.0.0 to 3.1.4

Release notes

Sourced from semver-regex's releases.

v3.1.4

• Backport of ReDoS fix sindresorhus/semver-regex@7712ba5

v3.1.2

• Fix regex catastrophic backtracking 6baf2cc Working around this meant accepting some obscure false-positives. I don't think it will affect any real code, but it's good to be aware of. See the disabled tests in the commit.

sindresorhus/semver-regex@v3.1.1...v3.1.2

v3.1.1

• Allow 0 as numeric identifier (#19) c64c57f

sindresorhus/semver-regex@v3.1.0...v3.1.1

v3.1.0

• Add TypeScript definition (#16) 039944b

sindresorhus/semver-regex@v3.0.0...v3.1.0

v3.0.0

Breaking:

• Require Node.js 8 (#15) 3fe447d

Enhancements:

• Make the regex better adhere to semver syntax (#15) 3fe447d