chore(deps): bump the npm_and_yarn group across 1 directory with 30 updates

[dependabot]

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
semantic-release	15.13.24	19.0.3
@babel/traverse	7.20.13	7.24.5
@sideway/formula	3.0.0	3.0.1
async	2.6.3	2.6.4
color-string	1.5.3	1.9.1
decode-uri-component	0.2.0	0.2.2
express	4.17.1	4.19.2
hosted-git-info	2.8.8	2.8.9
ini	1.3.5	1.3.8
ip	1.1.5	1.1.9
jszip	3.5.0	3.10.1
moment	2.27.0	2.30.1
normalize-url	4.5.0	4.5.1
qs	6.5.2	6.5.3
react-devtools-core	4.27.1	4.28.5
trim-newlines	3.0.0	3.0.1
ua-parser-js	0.7.21	0.7.37
word-wrap	1.2.3	1.2.5
ws	5.2.2	5.2.3

Updates semantic-release from 15.13.24 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

• log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
• upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

• npm-plugin: @semantic-release/npm has also dropped support for node v15
• node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits

• 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
• 2b94bb4 docs: update broken link to CI config recipes (#2378)
• b4bc191 docs: Correct circleci workflow (#2365)
• 2c30e26 Merge pull request #2333 from semantic-release/next
• Additional commits viewable in compare view

Updates @babel/traverse from 7.20.13 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Rom Grk (@​romgrk)
• @​liuxingbaoyu
• ynnsuis (@​sossost)

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

v7.24.4 (2024-04-03)

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16402 fix: Correctly prints { [key in Bar]? } (@​liuxingbaoyu)
  • #16394 fix: Correctly generate TSMappedType (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • #16390 Create bugfix plugin for classes in computed keys in Firefox (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16387 fix: support mutated outer decorated class binding (@​JLHwung)
  • #16385 fix: Decorators when super() exists and protoInit is not needed (@​liuxingbaoyu)
• babel-plugin-transform-block-scoping
  • #16384 fix: Transform scoping for for X in loop (@​liuxingbaoyu)
  • #16368 fix: Capture let when the for body is not a block (@​liuxingbaoyu)
• babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

• ddbea7d v7.24.5
• e779cad fix: TypeScript annotation affects output (#16377)
• ee48754 Use multiple TypeScript projects (#16430)
• 4d8b2d0 Make NodePath\<T | U> distributive (#16439)
• a84ec28 Enable eqeqeq rule (#16404)
• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• Additional commits viewable in compare view

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

• 5b44c1b 3.0.1
• 9fbc20a chore: better number regex
• 41ae98e Cleanup
• c59f35e Move to Sideway
• See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @​sideway/formula since your current version.

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates color-string from 1.5.3 to 1.9.1

Release notes

Sourced from color-string's releases.

1.9.0

Minor Release 1.9.0

• Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @​babycannotsay for their contribution!

1.8.2

Patch release 1.8.2

• Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @​gerdasi and @​mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1

• Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @​clytras for their contribution!

1.8.0

Minor release 1.8.0

• Add anchors to keyword regex (#64)

Thanks to @​cq360767996 for their contribution!

1.7.4

Patch Release 1.7.4

• Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)

1.7.3

Patch Release 1.7.3

• Fix hue modulo operation (#50)

Thanks to @​adroitwhiz for their contributions.

1.7.2

Patch Release 1.7.2

• Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)

Thanks to @​tolmasky for their contributions.

1.7.1

Patch release 1.7.1

... (truncated)

Commits

• See full diff in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates got from 6.7.1 to 11.5.2

Release notes

Sourced from got's releases.

v11.5.2

Docs

• Add hpagent to proxy section (#1363) a3e171c4d43c8bbb236ef3a04feb25ba6fdf6c49
• Mention header lowercasing inrequest migration guide (#1387) a748343363ecb0347897264fb49df4a8f4793997
• Fixed deprecationWarning on https options (#1391) 9a309bdbe7e2552c5bffbea253d58c39d6e6c3e3

Bug fixes

• Fix duplicated hooks when paginating e02845f1aa737d55dce23381d0f4f2a61b1eb5e1
• Fix dnsCache: true having no effect 043c9501b85172e09819d44ac8eb49c574b27bda

v11.5.1

Enhancements

• Upgrade http2-wrapper to 1.0.0-beta.5.0 16e7f031bb371571e1948091b88385be3485d83f
• Compatibility fix to ignore incorrect Node.js 12 typings f7a1379e417641613bf1b654e37f37a7e6447e0c 61d6f610ffa6b760d466ff910a8e959778ee36e0

Bug fixes

• Prevent uncaught errors on HTTP errors 2d96679c0a007be657835e83c6afb20b4510e9c5 1ef053d2af7f9b050ce0a3d1884f45b285f2e775

Docs

• Mention HTTP/2 proxying in readme.md 4ebd26a4b8eef704fe216d333e2614b39dedf695
• Update the comparison table bd2d53269882e48af88ff736a2e82aecd9e1fbee c83393933c2b308a312ed4dc85d852c79445e400
• Document the hierarchy of error classes (#1359) 559526ee273fb60d152759d288bc76971abb99e2
• Fix example code for HTTPS proxy (#1360) 408334756ace0570ca4a0aded5a8aeac437eac33

v11.5.0

Improvements

• Add backoff option to pagination (#1182) 4be7446
• Upgrade dependencies (#1345) b9a855d 476c026 8d697bc
• Upgrade to TypeScript 3.9 (#1267) b51d836

Fixes

• Fix TypeScript types for Promise API (#1344) 676be6d
• Fix cache not working with HTTP2 ac5f67d
• Fix response event not being emitted on cache verify request (#1305) da4769e
• Work around a bug in Node.js <=12.18.2 f33e8bc
• Remove request error handler after response is downloaded e1afe82
• Revert "Remove request error handler after response is downloaded" aeb2e07

Docs

• Mention advanced usage of a beforeRequest hook 779062a
• Mention to end the stream if there&#39;s no body 044767e

... (truncated)

Commits

• b86d971 11.5.2
• 9a309bd Fixed deprecationWarning on https options (#1391)
• a748343 Mention header lowercasing inrequest migration guide (#1387)
• ddd7930 Add got4aws to AWS section (#1380)
• 043c950 Fix dnsCache: true having no effect
• e02845f Fix duplicated hooks when paginating
• a3e171c Add hpagent to proxy section (#1363)
• b38e39a 11.5.1
• 1ef053d Follow-up commit
• 2d96679 Prevent uncaught errors on HTTP errors
• Additional commits viewable in compare view

Updates handlebars from 4.7.6 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates http-cache-semantics from 3.8.1 to 4.1.0

Commits

• ed83aec Explain trust server date
• 1b35980 rfc 5861 (stale-if-error, stale-while-revalidate)
• 2c2fac2 Drop trustServerDate
• eb7028f Test names
• 84cc9a8 Bump
• ae5ecd5 Add status to tests
• 385b5d3 Minor storable bug
• 8ff37cb Fix test
• 1988c3f Rename var
• 7160146 Merge pull request #24 from non-binary/nb/fix-validators-typo
• Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates jszip from 3.5.0 to 3.10.1

Changelog

Sourced from jszip's changelog.

v3.10.1 2022-08-02

• Add sponsorship files.
  • If you appreciate the time spent maintaining JSZip then I would really appreciate your sponsorship.
• Consolidate metadata types and expose OnUpdateCallback #851 and #852
• use const instead var in example from README.markdown #828
• Switch manual download link to HTTPS #839

Internals:

• Replace jshint with eslint #842
• Add performance tests #834

v3.10.0 2022-05-20

• Change setimmediate dependency to more efficient one. Fixes Stuk/jszip#617 (see #829)
• Update types of currentFile metadata to include null (see #826)

v3.9.1 2022-04-06

• Fix recursive definition of InputFileFormat introduced in 3.9.0.

v3.9.0 2022-04-04

• Update types JSZip#loadAsync to accept a promise for data, and remove arguments from new JSZip() (see #752)
• Update types for compressionOptions to JSZipFileOptions and JSZipGeneratorOptions (see #722)
• Add types for generateInternalStream (see #774)

v3.8.0 2022-03-30

• Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

• Fix build of dist files.
  • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

v3.7.0 2021-07-23

• Fix: Use a null prototype object for this.files (see #766)
  • This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

v3.6.0 2021-02-09

• Fix: redirect main to dist on browsers (see #742)
• Fix duplicate require DataLengthProbe, utils (see #734)
• Fix small error in read_zip.md (see #703)

Commits

• 0f2f1e4 3.10.1
• cae5510 Updates for v3.10.1
• 179c9a0 Update changelog for 3.10.1
• 61e1df5 Add Jekyll files to gitignore
• f299cce Merge pull request #852 from Stuk/metadata-ts
• 852887a Consolidate metadata types and expose OnUpdateCallback
• 5be00df Add sponsorship files
• dabe864 Update package-lock for benchmark
• cc554da Merge pull request #841 from stevennyman/patch-2
• caefbc0 Merge pull request #834 from Stuk/benchmark
• Additional commits viewable in compare view

Updates marked from 0.7.0 to 4.3.0

Release notes

Sourced from marked's releases.

v4.3.0

4.3.0 (2023-03-22)

Bug Fixes

• always return promise if async (

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/traverse@7.24.5	Transitive: environment	+8	1.46 MB	nicolo-ribaudo
npm/@gar/promisify@1.1.3	None	0	4.2 kB	gar
npm/@isaacs/string-locale-compare@1.1.0	None	0	3.16 kB	isaacs
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@npmcli/arborist@5.6.3	environment, filesystem, network	+49	1.63 MB	gar
npm/@npmcli/ci-detect@2.0.0	None	0	7.03 kB	gar
npm/@npmcli/config@4.2.2	environment, filesystem	+6	107 kB	nlf
npm/@npmcli/disparity-colors@2.0.0	None	+3	55.6 kB	gar
npm/@npmcli/fs@2.1.2	filesystem	+1	53.6 kB	gar
npm/@npmcli/map-workspaces@2.0.4	Transitive: environment, filesystem	+6	94.7 kB	lukekarrys
npm/@npmcli/run-script@4.2.1	environment, filesystem Transitive: shell	+3	32.8 kB	nlf
npm/@octokit/types@6.41.0	None	+1	2.31 MB	octokitbot
npm/@types/node@20.12.12	None	+1	2.13 MB	types
npm/agent-base@6.0.2	None	0	34.6 kB	tootallnate
npm/async@3.2.5	None	0	808 kB	aearly
npm/before-after-hook@2.2.3	None	0	37 kB	gr2m
npm/binary-extensions@2.3.0	None	0	5.03 kB	sindresorhus
npm/cacache@16.1.3	filesystem Transitive: environment	+18	181 kB	lukekarrys
npm/cidr-regex@3.1.1	None	+1	13.4 kB	silverwind
npm/cli-columns@4.0.0	None	+2	61.4 kB	shannonmoeller
npm/cli-table3@0.6.4	Transitive: environment	+3	139 kB	speedytwenty
npm/columnify@1.6.0	None	0	38.8 kB	timoxley
npm/conventional-commits-parser@3.2.4	None	+24	357 kB	oss-bot
npm/debug@4.3.4	environment	0	42.4 kB	qix
npm/destroy@1.2.0	filesystem	0	9.02 kB	dougwilson
npm/diff@5.2.0	None	0	429 kB	explodingcabbage
npm/fastest-levenshtein@1.0.16	None	0	21.3 kB	ka-weihe
npm/fs-minipass@2.1.0	filesystem	0	14.1 kB	isaacs
npm/handlebars@4.7.8	filesystem Transitive: eval	+2	3.71 MB	jaylinski
npm/import-fresh@3.3.0	Transitive: filesystem, unsafe	+3	19.8 kB	sindresorhus
npm/ini@1.3.8	None	0	9.3 kB	isaacs
npm/init-package-json@3.0.2	filesystem Transitive: unsafe	+4	72.9 kB	gar
npm/is-cidr@4.0.2	None	0	4.41 kB	silverwind
npm/jszip@3.10.1	None	+4	848 kB	stuk
npm/libnpmaccess@6.0.4	None	+1	23.5 kB	lukekarrys
npm/libnpmdiff@4.0.5	Transitive: filesystem	+4	174 kB	lukekarrys
npm/libnpmexec@4.0.14	environment Transitive: filesystem	+12	167 kB	gar
npm/libnpmfund@3.0.5	None	0	11 kB	gar
npm/libnpmhook@8.0.4	network	0	11.2 kB	lukekarrys
npm/libnpmorg@4.0.4	network	0	7.94 kB	lukekarrys
npm/libnpmpack@4.1.3	filesystem	0	5.51 kB	lukekarrys
npm/libnpmpublish@6.0.5	None	+2	57.7 kB	lukekarrys
npm/libnpmsearch@5.0.4	None	0	8.77 kB	lukekarrys
npm/libnpmteam@4.0.4	None	0	8.98 kB	lukekarrys
npm/libnpmversion@3.0.7	filesystem Transitive: shell	+8	125 kB	lukekarrys
npm/make-fetch-happen@10.2.1	environment, network	+22	1.35 MB	gar
npm/mime@2.6.0	None	0	60.1 kB	broofa
npm/minipass@3.3.6	None	+1	62.8 kB	isaacs
npm/minizlib@2.1.2	None	+1	32.1 kB	isaacs
npm/moment@2.30.1	None	0	4.35 MB	ichernev
npm/node-emoji@1.11.0	None	0	224 kB	omnidan
npm/node-gyp@9.4.1	environment, shell	+8	2.22 MB	lukekarrys
npm/normalize-url@4.5.1	None	0	18.1 kB	sindresorhus
npm/npm-audit-report@3.0.0	None	+4	67.7 kB	gar
npm/npm-package-arg@9.1.2	environment	+3	45.1 kB	lukekarrys
npm/npm-pick-manifest@7.0.2	None	+2	36.2 kB	lukekarrys
npm/npm-profile@6.2.1	network	0	28.2 kB	nlf
npm/npm-registry-fetch@13.3.1	environment, filesystem, network	+5	573 kB	gar
npm/npm-user-validate@1.0.1	None	0	3.68 kB	isaacs
npm/opener@1.5.2	shell	0	6.21 kB	domenic
npm/pacote@13.6.2	environment, filesystem, network Transitive: shell	+18	410 kB	gar
npm/parse-conflict-json@2.0.2	None	+2	36.3 kB	gar
npm/proc-log@2.0.1	None	0	5.25 kB	gar
npm/read-package-json-fast@2.0.3	filesystem	+2	150 kB	isaacs
npm/read-package-json@5.0.2	filesystem Transitive: environment	+5	62.4 kB	lukekarrys
npm/semantic-release@19.0.3	environment, network Transitive: eval, filesystem, shell, unsafe	+151	21.8 MB	semantic-release-bot
npm/send@0.18.0	filesystem, network	+10	125 kB	dougwilson
npm/serve-static@1.15.0	None	+2	36.8 kB	dougwilson
npm/ssri@9.0.1	None	0	37.5 kB	nlf
npm/tar@6.2.1	environment, filesystem	+2	251 kB	isaacs
npm/yaml@1.10.2	environment	0	448 kB	eemeli

🚮 Removed packages: npm/@babel/helper-function-name@7.19.0, npm/@babel/traverse@7.20.13, npm/@iarna/cli@1.2.0, npm/@octokit/types@5.4.1, npm/@types/node@14.6.0, npm/agentkeepalive@3.5.2, npm/ansistyles@0.1.3, npm/async@3.2.4, npm/bin-links@1.1.8, npm/builtins@1.0.3, npm/byline@5.0.0, npm/byte-size@5.0.1, npm/cacache@12.0.4, npm/call-limit@1.1.1, npm/cidr-regex@2.0.10, npm/cli-columns@3.1.2, npm/cli-table3@0.5.1, npm/cmd-shim@3.0.3, npm/columnify@1.5.4, npm/config-chain@1.1.12, npm/conventional-commits-parser@3.1.0, npm/detect-indent@5.0.0, npm/dotenv@5.0.1, npm/duplexify@3.7.1, npm/editor@1.0.0, npm/err-code@1.1.2, npm/errno@0.1.7, npm/es6-promise@4.2.8, npm/figgy-pudding@3.5.2, npm/find-npm-prefix@1.0.2, npm/fs-minipass@1.2.7, npm/fs-vacuum@1.2.10, npm/fs-write-stream-atomic@1.0.10, npm/genfun@5.0.0, npm/gentle-fs@2.3.1, npm/hosted-git-info@2.8.8, npm/iferr@0.1.5, npm/ignore-walk@3.0.3, npm/ini@1.3.5, npm/init-package-json@1.10.3, npm/ip@1.1.5, npm/is-cidr@3.1.1, npm/jszip@3.5.0, npm/lazy-property@1.0.0, npm/libcipm@4.0.8, npm/libnpm@3.0.1, npm/libnpx@10.2.4, npm/lock-verify@2.2.1, npm/lodash._baseuniq@4.6.0, npm/lodash.without@4.4.0, npm/meant@1.0.2, npm/minipass@2.9.0, npm/moment@2.27.0, npm/node-gyp@5.1.1, npm/nopt@4.0.3, npm/normalize-url@4.5.0, npm/npm-audit-report@1.3.3, npm/npm-cache-filename@1.0.2, npm/npm-install-checks@3.0.2, npm/npm-lifecycle@3.1.5, npm/npm-package-arg@6.1.1, npm/npm-packlist@1.4.8, npm/npm-pick-manifest@3.0.2, npm/npm-profile@4.0.4, npm/npm-registry-fetch@4.0.7, npm/npm-user-validate@1.0.0, npm/object.getownpropertydescriptors@2.1.0, npm/opener@1.5.1, npm/osenv@0.1.5, npm/pacote@9.5.12, npm/query-string@6.13.1, npm/qw@1.0.1, npm/read-cmd-shim@1.0.5, npm/read-installed@4.0.3, npm/read-package-json@2.1.2, npm/read-package-tree@5.3.1, npm/run-queue@1.0.3, npm/semantic-release@15.13.24, npm/serve-static@1.14.1, npm/sha@3.0.0, npm/slide@1.1.6, npm/sorted-object@2.0.1, npm/sorted-union-stream@2.1.3, npm/ssri@6.0.1, npm/stringify-package@1.0.1, npm/tar@4.4.13, npm/umask@1.1.0, npm/update-notifier@2.5.0, npm/validate-npm-package-name@3.0.0, npm/word-wrap@1.2.3, npm/worker-farm@1.7.0

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@babel/generator@7.24.5, npm/@babel/traverse@7.24.5, npm/@colors/colors@1.5.0, npm/@gar/promisify@1.1.3, npm/@isaacs/string-locale-compare@1.1.0, npm/@jridgewell/gen-mapping@0.3.5, npm/@jridgewell/resolve-uri@3.1.2, npm/@jridgewell/set-array@1.2.1, npm/@jridgewell/trace-mapping@0.3.25, npm/@npmcli/arborist@5.6.3, npm/@npmcli/ci-detect@2.0.0, npm/@npmcli/config@4.2.2, npm/@npmcli/disparity-colors@2.0.0, npm/@npmcli/fs@2.1.2, npm/@npmcli/git@3.0.2, npm/@npmcli/installed-package-contents@1.0.7, npm/@npmcli/map-workspaces@2.0.4, npm/@npmcli/metavuln-calculator@3.1.1, npm/@npmcli/move-file@2.0.1, npm/@npmcli/name-from-folder@1.0.1, npm/@npmcli/node-gyp@2.0.0, npm/@npmcli/package-json@2.0.0, npm/@npmcli/promise-spawn@3.0.0, npm/@npmcli/query@1.2.0, npm/@npmcli/run-script@4.2.1, npm/@octokit/auth-token@2.5.0, npm/@octokit/auth-token@3.0.4, npm/@octokit/auth-token@5.1.1, npm/@octokit/core@4.2.4, npm/@octokit/core@6.1.2, npm/@octokit/endpoint@10.1.1, npm/@octokit/endpoint@6.0.12, npm/@octokit/endpoint@7.0.6, npm/@octokit/graphql@5.0.6, npm/@octokit/graphql@8.1.1, npm/@octokit/openapi-types@12.11.0, npm/@octokit/openapi-types@18.1.1, npm/@octokit/openapi-types@22.2.0, npm/@octokit/plugin-paginate-rest@6.1.2, npm/@octokit/plugin-request-log@1.0.4, npm/@octokit/plugin-retry@4.1.6, npm/@octokit/plugin-throttling@5.2.3, npm/@octokit/request-error@2.1.0, npm/@octokit/request-error@3.0.3, npm/@octokit/request-error@6.1.1, npm/@octokit/request@5.6.3, npm/@octokit/request@6.2.8, npm/@octokit/request@9.1.1, npm/@octokit/tsconfig@1.0.2, npm/@octokit/types@13.5.0, npm/@octokit/types@6.41.0, npm/@octokit/types@9.3.2, npm/@pnpm/config.env-replace@1.1.0, npm/@pnpm/network.ca-file@1.0.2, npm/@pnpm/npm-conf@2.2.2, npm/@semantic-release/commit-analyzer@7.0.0, npm/@semantic-release/commit-analyzer@9.0.2, npm/@semantic-release/error@3.0.0, npm/@semantic-release/github@6.0.2, npm/@semantic-release/github@8.1.0, npm/@semantic-release/npm@6.0.0, npm/@semantic-release/npm@9.0.2, npm/@semantic-release/release-notes-generator@10.0.3, npm/@sideway/formula@3.0.1, npm/@tootallnate/once@1.1.2, npm/@tootallnate/once@2.0.0, npm/@types/node@20.12.12, npm/@types/parse-json@4.0.2, npm/agent-base@6.0.2, npm/agent-base@7.1.1, npm/agentkeepalive@4.5.0, npm/ansi-escapes@6.2.1, npm/ansi-styles@4.3.0, npm/are-we-there-yet@3.0.1, npm/async@2.6.4, npm/async@3.2.5, npm/before-after-hook@2.2.3, npm/before-after-hook@3.0.2, npm/bin-links@3.0.3, npm/binary-extensions@2.3.0, npm/body-parser@1.20.2, npm/brace-expansion@2.0.1, npm/builtins@5.1.0, npm/bytes@3.1.2, npm/cacache@16.1.3, npm/chalk@5.3.0, npm/chownr@2.0.0, npm/cidr-regex@3.1.1, npm/cli-columns@4.0.0, npm/cli-table3@0.6.4, npm/cli-table@0.3.11, npm/cmd-shim@5.0.0, npm/color-string@1.9.1, npm/columnify@1.6.0, npm/common-ancestor-path@1.0.1, npm/config-chain@1.1.13, npm/content-disposition@0.5.4, npm/content-type@1.0.5, npm/conventional-changelog-writer@4.1.0, npm/conventional-changelog-writer@5.0.1, npm/conventional-commits-filter@2.0.7, npm/conventional-commits-parser@3.2.4, npm/cookie@0.6.0, npm/cosmiconfig@6.0.0, npm/cosmiconfig@7.1.0, npm/crypto-random-string@2.0.0, npm/cssesc@3.0.0, npm/debug@4.3.4, npm/decode-uri-component@0.2.2, npm/del@6.1.1, npm/destroy@1.2.0, npm/diff@5.2.0, npm/env-ci@5.5.0, npm/err-code@2.0.3, npm/exponential-backoff@3.1.1, npm/express@4.19.2, npm/fastest-levenshtein@1.0.16, npm/finalhandler@1.2.0, npm/find-versions@4.0.0, npm/forwarded@0.2.0, npm/fromentries@1.3.2, npm/fs-extra@11.2.0, npm/fs-minipass@2.1.0, npm/gauge@4.0.4, npm/glob@8.1.0, npm/handlebars@4.7.8, npm/hosted-git-info@2.8.9, npm/hosted-git-info@3.0.8, npm/hosted-git-info@4.1.0, npm/hosted-git-info@5.2.1, npm/http-errors@2.0.0, npm/http-proxy-agent@4.0.1, npm/http-proxy-agent@5.0.0, npm/http-proxy-agent@7.0.2, npm/https-proxy-agent@5.0.1, npm/https-proxy-agent@7.0.4, npm/ignore-walk@5.0.1, npm/import-fresh@3.3.0, npm/import-from@4.0.0, npm/ini@1.3.8, npm/ini@3.0.1, npm/init-package-json@3.0.2, npm/into-stream@6.0.0, npm/ip-address@9.0.5, npm/ip-regex@4.3.0, npm/ip@1.1.9, npm/is-cidr@4.0.2, npm/is-lambda@1.0.1, npm/is-path-cwd@2.2.0, npm/is-path-inside@3.0.3, npm/is-plain-object@5.0.0, npm/issue-parser@6.0.0, npm/jsbn@1.1.0, npm/json-parse-even-better-errors@2.3.1, npm/json-stringify-nice@1.1.4, npm/jsonfile@6.1.0, npm/jszip@3.10.1, npm/just-diff-apply@5.5.0, npm/just-diff@5.2.0, npm/libnpmaccess@6.0.4, npm/libnpmdiff@4.0.5, npm/libnpmexec@4.0.14, npm/libnpmfund@3.0.5, npm/libnpmhook@8.0.4, npm/libnpmorg@4.0.4, npm/libnpmpack@4.1.3, npm/libnpmpublish@6.0.5, npm/libnpmsearch@5.0.4, npm/libnpmteam@4.0.4, npm/libnpmversion@3.0.7, npm/lru-cache@7.18.3, npm/macos-release@2.5.1, npm/make-fetch-happen@10.2.1, npm/marked-terminal@5.2.0, npm/marked@0.8.2, npm/marked@4.3.0, npm/meow@8.1.2, npm/mime@2.6.0, npm/mime@3.0.0, npm/minimatch@5.1.6, npm/minipass-collect@1.0.2, npm/minipass-fetch@2.1.2, npm/minipass-flush@1.0.5, npm/minipass-json-stream@1.0.1, npm/minipass-pipeline@1.2.4, npm/minipass-sized@1.0.3, npm/minipass@3.3.6, npm/minipass@5.0.0, npm/minizlib@2.1.2, npm/mkdirp-infer-owner@2.0.0, npm/moment@2.30.1, npm/ms@2.1.3, npm/node-emoji@1.11.0, npm/node-gyp@9.4.1, npm/nopt@6.0.0, npm/normalize-package-data@3.0.3, npm/normalize-package-data@4.0.1, npm/normalize-url@4.5.1, npm/normalize-url@6.1.0, npm/npm-audit-report@3.0.0, npm/npm-bundled@1.1.2, npm/npm-bundled@2.0.1, npm/npm-install-checks@5.0.0, npm/npm-normalize-package-bin@2.0.0, npm/npm-package-arg@9.1.2, npm/npm-packlist@5.1.3, npm/npm-pick-manifest@7.0.2, npm/npm-profile@6.2.1, npm/npm-registry-fetch@13.3.1, npm/npm-user-validate@1.0.1, npm/npm@6.14.18, npm/npm@8.19.4, npm/npmlog@6.0.2, npm/on-finished@2.4.1, npm/opener@1.5.2, npm/p-each-series@2.2.0, npm/p-map@4.0.0, npm/p-retry@4.6.2, npm/pacote@13.6.2, npm/parse-conflict-json@2.0.2, npm/postcss-selector-parser@6.0.16, npm/proc-log@2.0.1, npm/promise-all-reject-late@1.0.1, npm/promise-call-limit@1.0.2, npm/promise-retry@2.0.1, npm/proxy-addr@2.0.7, npm/qs@6.11.0, npm/qs@6.5.3, npm/raw-body@2.5.2, npm/react-devtools-core@4.28.5, npm/read-cmd-shim@3.0.1, npm/read-package-json-fast@2.0.3, npm/read-package-json@5.0.2, npm/registry-auth-token@4.2.2, npm/registry-auth-token@5.0.2, npm/retry@0.13.1, npm/semantic-release@15.14.0, npm/semantic-release@16.0.4, npm/semantic-release@19.0.3, npm/semver-diff@3.1.1, npm/semver-regex@3.1.4, npm/semver@7.6.0, npm/send@0.18.0, npm/serve-static@1.15.0, npm/setimmediate@1.0.5, npm/setprototypeof@1.2.0, npm/side-channel@1.0.6, npm/smart-buffer@4.2.0, npm/socks-proxy-agent@7.0.0, npm/socks@2.8.3, npm/split2@3.2.2, npm/sprintf-js@1.1.3, npm/ssri@9.0.1, npm/statuses@2.0.1, npm/supports-hyperlinks@2.3.0, npm/tar@6.2.1, npm/tempy@1.0.1, npm/through2@4.0.2, npm/toidentifier@1.0.1, npm/treeverse@2.0.0, npm/trim-newlines@3.0.1, npm/type-fest@0.16.0, npm/type-fest@0.18.1, npm/ua-parser-js@0.7.37, npm/unique-filename@2.0.1, npm/unique-slug@3.0.0, npm/unique-string@2.0.0, npm/universal-user-agent@7.0.2, npm/universalify@2.0.1, npm/validate-npm-package-name@4.0.0, npm/walk-up-path@1.0.0, npm/wide-align@1.1.5, npm/write-file-atomic@4.0.2, npm/ws@5.2.3, npm/ws@7.5.9, npm/yaml@1.10.2

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

[legobeat]

@dependabot recreate

[jpcloureiro]

@dependabot rebase

[sethkfman]

LGTM

[sethkfman]

@SocketSecurity ignore-all Socket.dev showed no issues with upgrade of package https://socket.dev/npm/package/semantic-release/overview/19.0.3