[Security] Bump google-closure-library from 20200224.0.0 to 20210601.0.0

[dependabot-preview]

Bumps google-closure-library from 20200224.0.0 to 20210601.0.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Improper Input Validation in Google Closure Library A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation -- update your library to version v20200315.

Affected versions: <= 20200224

Release notes

Sourced from google-closure-library's releases.

Closure Library v20210601

New Additions

• goog.storage.mechanism.IterableMechanism now implements ES6 Iteration protocols. The default implementation delegates to the existing goog.iter.Iterator via a shim. Support for iteration using goog.iter.Iterable is softly deprecated and will eventually be removed in favour of ES6 iteration. (8e7279e5621ce841edd61c6ea481c92bbf208046)
• Add new goog.array toMap and bucketToMap methods that act like toObject and bucket, but return an ES6 map. (8d6fec3551bca138221171329262b311163d38e9)
• Introduce goog.singleton.getInstance() which can replace goog.addSingletonGetter(). (de7728494203b5578305a2a0978a66e7e37a965e)
• Implement MockClock.doTimeWarpAsync(). (a9e3d017ef764712cd31626489c1ee4a0dd7954a)
• goog.dom.fullscreen.requestFullscreenWithKeys now accepts options to pass to goog.dom.fullscreen.requestFullscreen when feasible. (8d18ebb3ede090af2f565d5a0cd807eff824502f)
• goog.iter.Iterator's next method (with ES4 iteration semantics) is being renamed to nextValueOrThrow. The existing next method has been left for backwards-compatibility and marked deprecated. Users are encouraged to migrate all usages of next to nextValueOrThrow. (f05a665bd158852c3719bf8f80f97efed7d8b7d9)
• Added a unique id to the aria-live regions created by goog.a11y.aria.Announcer and added a public method to get the id for a specific priority. (c0047efad336ac4486bcfae9ac355b4de714c085)
• goog.cloneObject and goog.object.unsafeClone now shallow-clone ES6 Maps and Sets. (8ad7d98dc1349e433a12eb4bf964992e489077ee)
• Add methods to goog.structs.Map to align the implementation with native ES6 Map. This marks the first of several steps in migrating goog.structs.Map to ES6 Map. (132696f3a783e425f1756f2cb8b9148e2ef42f36)
• Create goog.collections.maps, containing helper methods that operate on Map-Like collections. These functions are the intended replacement for various methods on goog.structs.Map, and as such various methods on goog.structs.Map are marked deprecated with their intended replacements noted in the deprecation message. (ba5012fb0dc117dd1b85894496b9d3b9af74b648)
• Support iterating over keys and values for ES6 Map and Set in goog.structs. (0515a7664164a707d35b57f905038edaa9f0b0e0)
• Copy functionality from goog.structs.Set that is not present on ES6 Set into helper functions in goog.collections.sets, and add additional methods on goog.structs.Set instances to align with native ES6 Set. goog.structs.Set is softly-deprecated in favour of ES6 Set. (6f2c86ccb7aa9926ea67c5dcc7e179a30953e633)
• Rename declarations of goog.iter.Iterator#next to #nextValueOrThrow, leaving behind aliasing implementations of #next. If your codebase uses goog.iter.Iterator, similar changes should be applied to your codebase to prepare for upcoming Closure Library changes that call nextValueOrThrow where next is currently called. (32872c4e2d8ee27604b35fde7388f656496a55f3)

Backwards Incompatible Changes

• Make goog.getScriptNonce private. Existing users should use goog.dom.safe.getScriptNonce instead. (69dc26e8cc81fbac3576bb97dfc0300b9a58414b)
• Remove goog.userAgent.isVersion, the old name for goog.userAgent.isVersionOrHigher. (62c6d5a985c234aa02e3b10cb764bdea2177a522)
• goog.debug.errorHandlerWeakDep has been removed. (edaa2d5339dc424d214da99adac539544249305e)
• Remove support for integrating with the ActiveX garbage collector in goog.debug.Trace as ActiveX is deprecated. (40e5451d72d507b8d02d760b9c2e8cb773996ee2)

Other Changes

• Deprecate Closure Python scripts. (89659f0e69904a3e8f0488e48c296949769d2b20)
• Create the script tag in jsloader.safeLoad using the document it will be appended to, instead of the current document. (aa5b129ee7d6d3d062e2d3fc7b0176382394756e)
• Allow dimension picker to be extended. (be5fd1a2faed48c7933d6cba1d0b2b840508f60b)
• Correctly parse ISO 8601 date strings representing dates in years 0-99. (1f76d5fc7099df4af847d1d5e80acb1df2ce4908)
• Add goog.dom.safe.getScriptNonce, take 2. (de69cc1e459916daf11c03b67fdf274e7ac1a208)
• Fix 'undefined' streaming response header in testing XhrIo. (c1b7b9632f695bfb40fc247566edaa8a1050be2e)
• A data update based on ICU69.1. (1bfee285cbf082fa8aa57ee1df5921cba11f1b91)
• Fix test filtering for generated test names, which can contain any character. (99c8cc3d3c6b08dd6c6e586dbb0c1b2b39c87498)
• Compact decimals formatting - inheritance improvement (from CLDR). (21ad23937506ac3959402c1ad145e17ed0ab3465)
• Allow shouldRunTests to be respected in nested tests when a containing test object does not define shouldRunTests. (5e49bff82abe4df8a95af170ac08d51fa46a2949)
• Delete script nonce cache. (4dcfc9eac3fc0a318562d106ad79ecbe59494369)
• introduce goog.getLocale() (5d1bd017e0f203e6e71b7805680550092a69d989)
• Allow goog.ui.InputDatePicker to use any implementation of a DateTime(Parser|Formatter). (7bf5f747887d9f6b01533ed086150d8cff595ab6)
• Minor optimisation of base64 serialization. (eef94a686ff66cb4a81d68dd20b494ec10dfbcd2)
• Fix verbalization in PaletteRenderer (ce40d50008a331e5755ce25d4e5d5950e6a1957b)
• Improvement to time zone detection. (15fe94f6c8fb47f5fc42186594023a8c9b8b2beb)
• Fixes output for infinity in compact short style (2c26f37806ebdfa123946f31fcdfb58a6d95e4cd)

Closure Library v20210406

New Additions

• DebugError constructor takes an optional error as a cause for error chaining. (8797fa82e0f1c061e64f04de3c203ab13ae43e1c)
• Implement a predictive parsing option for goog.i18n.DateTimeParse with support for limited pattern symbols. (1e6e512f7ef895f8d3b064a8c682dc5342aec1da)

Backwards Incompatible Changes

• Delete an unused goog.provide goog.fx.TransitionBase.State. (5ee9c7f1ee0090017f813b9e6516d4fa0fc2d0fd)
• Some private-looking constants (TRANSPORT_SERVICE_ and SETUP_ACK_) that were actually being used outside of goog.net.xpc have been renamed and locked down to @package-visible. (3688e9a30a47075adcb2e1536604205216d41be3)
• Removed goog.ui.media.FlashObject (396116741bc0fb5c7302a044d4d2e2f39bf34e9e)

... (truncated)

Commits

• d6b8100 Bump Closure Library version to 20210601.0.0.
• 2c26f37 Fixes a minor error in formatting infinity in compact style.
• 32872c4 RELNOTES[NEW]: Rename declarations of goog.iter.Iterator#next to #nextValueOr...
• dd2c8c6 Internal change
• 811af9c Fix typo in comment.
• a8dc3fe Introduce trial fetch upload streaming requests
• 15fe94f Check the native API before falling back to the "fingerprint" algorithm for t...
• 40e5451 RELNOTES[INC]: Remove support for integrating with the ActiveX garbage collec...
• 842265a Copy jsdoc from goog.Thenable onto goog.Promise.
• ce40d50 In paletteRenderer, set role="grid" attribute in <table> instead of the
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for google-closure-library since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)