Bump the npm_and_yarn group across 1 directory with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
browserify-sign	4.0.4	4.2.3
ejs	2.5.7	``
size-limit	0.11.6	11.1.1
handlebars	4.0.10	4.7.8
postcss	5.2.18	8.4.35
css-loader	0.28.7	6.10.0
ip	1.1.5	1.1.9
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
jsprim	1.3.1	1.4.2
lodash	4.17.4	4.17.21
ini	1.3.4	1.3.8
david	11.0.0	11.1.0
got	6.7.1	``
david	11.1.0	11.1.1
https-proxy-agent	1.0.0	2.2.4
nsp	2.8.1	3.2.1
url-parse	1.1.9	1.5.10
original	1.0.0	1.0.2

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Removes ejs

Updates size-limit from 0.11.6 to 11.1.1

Release notes

Sourced from size-limit's releases.

11.1.1

• Fixed Windows support (by @​aryaemami59).

11.1.0

• Added TypeScript support for config (by @​aryaemami59).
• Fixed webpack-why regression (by @​hoo00nn).

11.0.3

• Fixed .mjs config support (by @​aryaemami59).
• Updated esbuild.

Changelog

Sourced from size-limit's changelog.

11.1.1

• Fixed Windows support (by @​aryaemami59).

11.1.0

• Added TypeScript support for config (by @​aryaemami59).
• Fixed webpack-why regression (by @​hoo00nn).

11.0.3

• Fixed .mjs config support (by Arya Emami).
• Updated esbuild.

11.0.2

• Fixed require is not defined regression.
• Updated esbuild-visualizer.

11.0.1

• Updated estimo.
• Updated lilconfig.

11.0

• Moved to Brotli as default compression. Use gzip: true for old behavior.

10.0.3

• Fixed third-party plugins support (by @​JounQin).
• Fixed Windows support (by @​JounQin).

10.0.2

• Fixed require is not defined in webpack-css (by Andrey Medvedev).
• Fixed webpack config defined as function support (by @​lev875).

10.0.1

• Fixed imports and exports between packages.

10.0

• Removed @size-limit/dual-publish plugin.
• Moved projects to ESM (by @​lev875). Size Limit still can be used as CLI in CJS projects.
• Updated globby dependency.

9.0

• Remove Node.js 14 and 16 support.
• Moved to React from CDN for time plugin (by Aakansha Doshi).

8.2.6

• Fixed npm release process.

8.2.5

• Fixed opening report in @size-limit/esbuild-why (by Yaroslav Chapelskyi).
• Updated esbuild.

... (truncated)

Commits

• 2d063b9 Release 11.1.1 version
• bf49080 Update dependencies
• 1d07215 Fix config file path resolution on windows (#359)
• 20ba5da Release 11.1 version
• 388845b Add TS docs
• b36e823 Add support for TypeScript config files (.size-limit.ts, .size-limit.mts,...
• 4ffac80 Fix ensure compatibility with ES and CommonJS module systems for StatoscopeWe...
• 986857c Revert "Fix StatoscopeWebpackPlugin import to support default export (#357)"
• cb1844f Fix StatoscopeWebpackPlugin import to support default export (#357)
• 450ae46 Release 11.0.3 version
• Additional commits viewable in compare view

Updates handlebars from 4.0.10 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates postcss from 5.2.18 to 8.4.35

Release notes

Sourced from postcss's releases.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

... (truncated)

Commits

• See full diff in compare view

Updates css-loader from 0.28.7 to 6.10.0

Release notes

Sourced from css-loader's releases.

v6.10.0

6.10.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#1568) (3924679)
• pass the resourceQuery and resourceFragment to the auto and mode callback (#1569) (d641c4d)
• support named exports with any characters (6f43929)

v6.9.1

6.9.1 (2024-01-18)

Bug Fixes

• css nesting support
• @scope at-rule support

v6.9.0

6.9.0 (2024-01-09)

Features

• updated generateExportEntry to expose node details (#1556) (05002f3)

Bug Fixes

• css experiment detection (#1559) (f2cfe30)

v6.8.1

6.8.1 (2023-05-28)

Bug Fixes

• use cause for original errors and warnings (#1526) (ae3d8ae)

v6.8.0

6.8.0 (2023-05-27)

Features

• use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

... (truncated)

Changelog

Sourced from css-loader's changelog.

6.10.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#1568) (3924679)
• pass the resourceQuery and resourceFragment to the auto and mode callback (#1569) (d641c4d)
• support named exports with any characters (6f43929)

6.9.1 (2024-01-18)

Bug Fixes

• css nesting support
• @scope at-rule support

6.9.0 (2024-01-09)

Features

• updated generateExportEntry to expose node details (#1556) (05002f3)

Bug Fixes

• css experiment detection (#1559) (f2cfe30)

6.8.1 (2023-05-28)

Bug Fixes

• use cause for original errors and warnings (#1526) (ae3d8ae)

6.8.0 (2023-05-27)

Features

• use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

• warning and error serialization (#1523) (3e52969)

6.7.4 (2023-05-19)

... (truncated)

Commits

• 7bbb57c chore(release): 6.10.0
• d641c4d feat: pass the resourceQuery and resourceFragment to the auto and `mode...
• 3924679 feat: add @rspack/core as an optional peer dependency (#1568)
• 6f43929 feat: support named exports with any characters
• f9192ee chore(release): 6.9.1
• 6515be0 fix: css nesting support and @scope at-rule
• 0751f7a docs: update (#1562)
• 2d17551 chore(release): 6.9.0
• e38116f chore: update dependencies to latest version (#1561)
• d09ff73 test: getLocalIdent and node type (#1560)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits

• f6f6a3b Use a little more robust method of checking instances
• ef60987 Update version
• b62f1da Protect against constructor modification, #84
• fb427cd Link to json-schema-org repository in addition to site, fixes #54
• 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
• c52a27c Get basic test to pass
• b3f42b3 Add security policy
• 3b0cec3 Update version
• c28470f Update readme to acknowledge the state of the package
• 7dff9cd Merge pull request #81 from hodovani/patch-1
• Additional commits viewable in compare view

Updates jsprim from 1.4.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

• #35 Backport json-schema 0.4.0 to version 1.4.x

Commits

• 5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates jsprim from 1.3.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

• #35 Backport json-schema 0.4.0 to version 1.4.x

Commits

• 5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates lodash from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates ini from 1.3.4 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• 738eca5 v1.3.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates david from 11.0.0 to 11.1.0

Changelog

Sourced from david's changelog.

Changelog

The format is based on Keep a Changelog.

Commits

• 73fc671 11.1.0
• 8497cae chore: update dependencies
• a198ada feat: ignore dependencies via globs (#144)
• c29013f chore: update deps and README (#154)
• 008beaf Merge pull request #146 from DanielRuf/chore/cache-node-modules
• d0a2e19 Merge branch 'master' into chore/cache-node-modules
• d180e8d Merge pull request #147 from DanielRuf/chore/add-nodejs-8-10
• cc5db9f Merge pull request #145 from DanielRuf/chore/clone-last-5-commits
• 9aeda4e chore: cache node_modules
• d4bf0e6 chore: clone last 5 commits
• Additional commits viewable in compare view

Updates npm-user-validate from 0.1.5 to 1.0.1

Changelog

Sourced from npm-user-validate's changelog.

Changelog

2.0.0 (2022-12-12)

⚠️ BREAKING CHANGES

• this package is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

• 4cca0be #22 add template-oss (@​lukekarrys)

Commits

• 5c5471c 1.0.1
• c8a87da fix: update email validation
• cd75393 Publish only the minimum of files
• df602d6 1.0.0
• ac3b200 fix: added regex for blocking illegal characters in usernames
• c800063 fix: update build environment
• See full diff in compare view

Updates tough-cookie from 2.3.2 to 2.3.3

Commits

• 12d4266 2.3.3
• 98e0916 Merge pull request #97 from salesforce/spaces-ReDoS
• 4e2fb0b Document the 256 spaces limit
• f1ed420 Constrain spaces before = to 256
• fcc8abf Merge pull request #96 from YevhenLukomskyi/fix-test
• 1002fb4 fix test
• a928b54 Merge pull request #83 from awaterma/public-suffix
• ed31ba4 Updates to public suffix list.
• 92d5448 Dockerized project. Added .npmignore for docker files.
• ee60643 CookieJar.deserialize does not modify its input
• See full diff in compare view

Updates tar from 2.2.1 to 4.4.19

Changelog

Sourced from tar's changelog.

Changelog

6.2

• Add support for brotli compression

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

• Address unpack race conditions using path reservations
• Change large-numbers errors from TypeError to Error
• Add TAR_* error codes
• Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
• do not treat ignored entries as an invalid archive
• drop support for node v4
• unpack: conditionally use a file mapping to write files on Windows
• Set more portable 'mode' value in portable mode
• Set portable gzip option in portable mode

4.4

• Add 'mtime' option to tar creation to force mtime
• unpack: only reuse file fs entries if nlink = 1
• unpack: rename before unlinking files on Windows
• Fix encoding/decoding of base-256 numbers
• Use stat instead of lstat when checking CWD

... (truncated)

Commits

• 9a6faa0 4.4.19
• 70ef812 drop dirCache for symlink on all platforms
• 3e35515 4.4.18
• 52b09e3 fix: prevent path escape using drive-relative paths
• bb93ba2 fix: reserve paths properly for unicode, windows
• 2f1bca0 fix: prune dirCache properly for unicode, windows
• 9bf70a8 4.4.17
• 6aafff0 fix: skip extract if linkpath is stripped entirely
• 5c5059a fix: reserve paths case-insensitively
• fd6accb 4.4.16
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates dot-prop from 4.1.1 to 4.2.1

Release notes

Sourced from dot-prop's releases.

v4.2.1

• Backport sindresorhus/dot-prop@3039c8c to the v4.x release line.

Commits

• c914124 feat: patch 4.2.0 with fixes for CVE-2020-8116
• 70f7ed8 4.2.0
• df49d33 Return object from the .set() method (#42)
• See full diff in compare view

Removes got

Updates david from 11.1.0 to 11.1.1

Changelog

Sourced from david's changelog.

Changelog

The format is based on Keep a Changelog.

Commits

• 73fc671 11.1.0
• 8497cae chore: update dependencies
• a198ada feat: ignore dependencies via globs (#144)
• c29013f chore: update deps and README (#154)
• 008beaf Merge pull request #146 from DanielRuf/chore/cache-node-modules
• d0a2e19 Merge branch 'master' into chore/cache-node-modules
• d180e8d Merge pull request #147 from DanielRuf/chore/add-nodejs-8-10
• cc5db9f Merge pull request #145 from DanielRuf/chore/clone-last-5-commits
• 9aeda4e chore: cache node_modules
• d4bf0e6 chore: clone last 5 commits
• Additional commits viewable in compare view

Updates https-proxy-agent from 1.0.0 to 2.2.4

Commits

• See full diff in compare view

Updates nsp from 2.8.1 to 3.2.1

Commits

• See full diff in compare view

Updates url-parse from 1.1.9 to 1.5.10

Commits

• 8cd4c6c 1.5.10
• ce7a01f [fix] Improve handling of empty port
• 0071490 [doc] Update JSDoc comment
• a7044e3 [minor] Use more descriptive variable name
• d547792 [security] Add credits for CVE-2022-0691
• ad23357 1.5.9
• 0e3fb54 [fix] Strip all control characters from the beginning of the URL
• 61864a8 [security] Add credits for CVE-2022-0686
• bb0104d 1.5.8
• d5c6479 [fix] Handle the case where the port is specified but empty
• Additional commits viewable in compare view

Updates original from 1.0.0 to 1.0.2

Commits

• 3a6b7df [dist] 1.0.2
• 7658407 [pkg] Bump url-parse to latest
• f060834 [dist] 1.0.1
• da879e4 chore(package): update assume to version 2.0.1 (#14)