Bump the npm_and_yarn group across 1 directory with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 18 updates in the / directory:

Package	From	To
codecov	3.0.0	3.7.1
browserify-sign	4.0.4	4.2.3
cached-path-relative	1.0.1	1.1.0
diff	3.4.0	3.5.0
elliptic	6.4.0	6.5.5
extend	3.0.1	3.0.2
fsevents	1.1.3	1.2.13
handlebars	4.0.11	4.7.8
hosted-git-info	2.5.0	2.8.9
ini	1.3.5	1.3.8
lodash	4.17.4	4.17.21
minimatch	3.0.4	3.1.2
nwmatcher	1.4.3	1.4.4
path-parse	1.0.5	1.0.7
shell-quote	1.6.1	1.8.1
stringstream	0.0.5	0.0.6
tmpl	1.0.4	1.0.5
y18n	3.2.1	3.2.2

Updates codecov from 3.0.0 to 3.7.1

Release notes

Sourced from codecov's releases.

v3.6.4

Fix for Cirrus CI

v3.6.3

AWS Codebuild fixes + package updates

v3.6.2

command line args sanitised

v3.6.1

Fix for Semaphore

v3.6.0

AWS CodeBuild Semaphore v2

v3.3.0

Added pipe --pipe, -l

v3.1.0

Custom Yaml file Token from .codecov.yml

v3.0.4

Security fixes

v3.0.3

Fix for not git repos

V3.0.2

No release notes provided.

v3.0.1

Fixing security vulnerability

Changelog

Sourced from codecov's changelog.

3.7.1

• Move to execFileSync and security fixes

3.7.0

• Remove the X-Amz-Acl: public-read header

3.6.4

• Fix Cirrus CI

3.6.3

• Fix for AWS Codebuild & package updates

3.6.2

• Command line args sanitized fix

3.6.1

• Fix for Semaphore

3.6.0

• Added AWS CodeBuild and Semaphore2

3.5.0

• Added TeamCity support

3.4.0

• Added Heroku CI support

3.3.0

• Added pipe with --pipe, -l

3.2.0

• Added azure pipelines .

3.1.0

• Custom yaml file. Allow codecov token from yml file.

3.0.4

... (truncated)

Commits

• 29dd5b6 3.7.1
• c0711c6 Switch from execSync to execFileSync (#180)
• 5f6cc62 Bump lodash from 4.17.15 to 4.17.19 (#183)
• 0c4d7f3 Merge pull request #182 from codecov/update-readme-badges
• cc5e121 Update depstat image and urls
• b44b44e Update readme with 400 error info (#181)
• bb79335 V3.7.0 (#179)
• 0d7b9b0 Remove 'x-amz-acl': 'public-read' header (#178)
• eeff4e1 Bump acorn from 5.7.3 to 5.7.4 (#174)
• eb8a527 Merge pull request #172 from RoboCafaz/bugfix/codebuild-pr-parser
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by drazisil, a new releaser for codecov since your current version.

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cached-path-relative from 1.0.1 to 1.1.0

Commits

• See full diff in compare view

Updates diff from 3.4.0 to 3.5.0

Changelog

Sourced from diff's changelog.

v3.5.0 - March 4th, 2018

• Omit redundant slice in join method of diffArrays - 1023590
• Support patches with empty lines - fb0f208
• Accept a custom JSON replacer function for JSON diffing - 69c7f0a
• Optimize parch header parser - 2aec429
• Fix typos - e89c832

Commits

Commits

• e9ab948 v3.5.0
• b73884c Update release notes
• 8953021 Update release notes
• 1023590 Omit redundant slice in join method of diffArrays
• c72ef4a Add missing test coverage
• b9ef24f Support patches with empty lines
• 10aaabb Support patches with empty lines
• 196d3aa Support patches with empty lines
• e24d789 Support patches with empty lines
• 8616a02 Support patches with empty lines
• Additional commits viewable in compare view

Updates elliptic from 6.4.0 to 6.5.5

Commits

• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
• 8647803 6.5.3
• 856fe4d signature: prevent malleability and overflows
• Additional commits viewable in compare view

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

Commits

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• See full diff in compare view

Updates fsevents from 1.1.3 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

• Added node v10 for pre-built binaries
• C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

• BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
  • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
• Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
• Compatibility updates for nan v2.9.0

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Updates handlebars from 4.0.11 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates hawk from 3.1.3 to 6.0.2

Commits

• d251edf Fix missing let in crypto browser helper. Closes #210
• 5c25e82 Merge pull request #205 from LKI/master
• c7f9fab Be more specific on hash algorithm in README
• 2c0012f Update deps. Closes #203
• 05e585d Merge pull request #198 from Dreyer/fix_readme
• 40a9fab Updated usage example in README.md
• 7ea2c0a 6.0.0
• 54be9e2 Linting
• 552f81e Remove component support. Closes #196
• 0816715 Remove bower support. Closes #195
• Additional commits viewable in compare view

Updates hoek from 2.16.3 to 4.2.0

Commits

• 1db691b 4.2.0
• a4b9939 node 8
• 8a2e118 Merge pull request #204 from g-k/add-escape-json
• be57205 escapeJson matching on charcodes
• 9bff98b document escapeJSON function
• d1231c9 remove unused namedJson internal
• cf70d6d match and replace once to improve escapeJson perf
• a758d13 trigger rebuild for travis
• c5c19d7 only escape JSON we care about
• f28a438 Add escapeJson
• Additional commits viewable in compare view

Updates hosted-git-info from 2.5.0 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

• #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

• Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
• Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

• updated pathmatch for gitlab (e8325b5), closes #51
• updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• afeaefd chore(release): 2.8.8
• 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
• 7440afa chore(release): 2.8.7
• 2d0bb66 fix: Do not attempt to use url.URL when unavailable
• f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
• e1b83df chore(release): 2.8.6
• ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
• 624fd6f chore(release): 2.8.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates js-yaml from 3.10.0 to 3.13.1

Changelog

Sourced from js-yaml's changelog.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

Commits

• 665aadd 3.13.1 released
• da8ecf2 Browser files rebuild
• b2f9e88 Merge pull request #480 from nodeca/toString
• e18afbf Fix possible code execution in (already unsafe) load()
• 9d4ce5e 3.13.0 released
• f64c673 Browser files rebuild
• a567ef3 Restrict data types for object keys
• 59b6e76 Fix test name
• e4267fc 3.12.2 released
• 7231a49 Browser files rebuild
• Additional commits viewable in compare view

Updates lodash from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates nwmatcher from 1.4.3 to 1.4.4

Commits

• See full diff in compare view

Updates path-parse from 1.0.5 to 1.0.7

Commits

• See full diff in compare view

Updates qs from 6.4.0 to 6.5.1

Changelog

Sourced from qs's changelog.

6.5.1

• [Fix] Fix parsing & compacting very deep objects (#224)
• [Refactor] name utils functions
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v8.4; use nvm install-latest-npm so newer npm doesn’t break older node
• [Tests] Use precise dist for Node.js 0.6 runtime (#225)
• [Tests] make 0.6 required, now that it’s passing
• [Tests] on node v8.2; fix npm on node 0.6

6.5.0

• [New] add utils.assign
• [New] pass default encoder/decoder to custom encoder/decoder functions (#206)
• [New] parse/stringify: add ignoreQueryPrefix/addQueryPrefix options, respectively (#213)
• [Fix] Handle stringifying empty objects with addQueryPrefix (#217)
• [Fix] do not mutate options argument (#207)
• [Refactor] parse: cache index to reuse in else statement (#182)
• [Docs] add various badges to readme (#208)
• [Dev Deps] update eslint, browserify, iconv-lite, tape
• [Tests] up to node v8.1, v7.10, v6.11; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
• [Tests] add editorconfig-tools

6.4.1

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] use safer-buffer instead of Buffer constructor
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 0e838da v6.5.1
• 53b54cb [Refactor] name utils functions.
• dfd28c6 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• 461a04d Merge pull request #224 from dougwilson/non-recursive-compact
• 2ed6ea4 Fix parsing & compacting very deep objects
• 841b933 [Tests] up to node v8.4; use nvm install-latest-npm so newer npm doesn’...
• 3be7c11 Use precise dist for Node.js 0.6 runtime
• 489f2f8 [Tests] make 0.6 required, now that it’s passing
• a80052d [Tests] on node v8.2; fix npm on node 0.6
• d66ac17 v6.5.0
• Additional commits viewable in compare view

Updates request from 2.81.0 to 2.83.0

Changelog

Sourced from request's changelog.

v2.83.0 (2017/09/27)

• #2776 Updating tough-cookie due to security fix. (#2776) (@​karlnorling)

v2.82.0 (2017/09/19)

• #2703 Add Node.js v8 to Travis CI (@​ryysud)
• #2751 Update of hawk and qs to latest version (#2751) (@​Olivier-Moreau)
• #2658 Fixed some text in README.md (#2658) (@​Marketionist)
• #2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@​greenkeeperio-bot)
• #2641 Update README to simplify & update convenience methods (#2641) (@​FredKSchott)
• #2541 Add convenience method for HTTP OPTIONS (#2541) (@​jamesseanwright)
• #2605 Add promise support section to README (#2605) (@​FredKSchott)
• #2579 refactor(lint): replace eslint with standard (#2579) (@​ahmadnassri)
• #2598 Update codecov to version 2.0.2 🚀 (@​greenkeeperio-bot)
• #2590 Adds test-timing keepAlive test (@​nicjansma)
• #2589 fix tabulation on request example README.MD (@​odykyi)
• #2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@​ahmadnassri)

Commits

• dd427d7 2.83.0
• 5b623b5 Updating tough-cookie due to security fix. (#2776)
• 6f1b51e 2.82.1
• 0ab5c36 2.82.0
• ffdf0d3 Updating deps.
• 4386836 Merge branch 'master' of github.com:request/request
• 1527407 Merge pull request #2703 from ryysud/add-nodejs-v8-to-travis
• 3afcbf8 Merge branch 'master' of github.com:request/request
• 479143d Update of hawk and qs to latest version (#2751)
• 169be11 Add Node.js v8 to Travis CI
• Additional commits viewable in compare view

Updates shell-quote from 1.6.1 to 1.8.1

Changelog

Sourced from shell-quote's changelog.

v1.8.1 - 2023-04-07

Fixed

• [Fix] parse: preserve whitespace in comments [#6](https://github.com/ljharb/shell-quote/issues/6)
• [Fix] properly support the escape option [#5](https://github.com/ljharb/shell-quote/issues/5)

Commits

• [Refactor] parse: hoist getVar to module level b42ac73
• [Refactor] hoist some vars to module level 8f0c5c3
• [Refactor] parse: use slice over substr, cache some values fcb2e1a
• [Refactor] parse: a bit of cleanup 6780ec5
• [Refactor] parse: tweak the regex to not match nothing 227d474
• [Tests] increase coverage a66de94
• [Refactor] parse: avoid shadowing a function arg 1d58679

v1.8.0 - 2023-01-30

Commits

• [New] extract parse and quote to their own deep imports 553fdfc
• [Tests] add nyc coverage fd7ddcd
• [New] Add support for here strings (<<<) 9802fb3
• [New] parse: Add syntax support for duplicating input file descriptors 216b198
• [Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31
• [Tests] add evalmd