Bump js-yaml, cssnano, grunt, grunt-contrib-imagemin and imagemin-svgo

[dependabot]

Bumps js-yaml to 3.14.1 and updates ancestor dependencies js-yaml, cssnano, grunt, grunt-contrib-imagemin and imagemin-svgo. These dependencies need to be updated together.

Updates js-yaml from 3.7.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for safe/loadAll(input, options)
• d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• Additional commits viewable in compare view

Updates cssnano from 3.10.0 to 6.0.3

Release notes

Sourced from cssnano's releases.

v6.0.3

Bug fixes

• do not sort unknown properties\

Other

• Require latest browserslist and postcss-selector-parser

v6.0.2

• fix: update cssnano peer dependency to 8.4.31 to avoid security issue
• fix: update postcss-calc to 9.0.1 to solve disappearing expressions inside two brackets
• deps(postcss-svgo): update SVGO to 3.0.5 and update doc
• chore: update css-declaration-sorter
• fix(postcss-minify-selectors): prevent mangling of timeline range names
• fix(postcss-convert-values): keep percent unit in @Property
• chore(cssnano): update lilconfig to 3.0.0

v6.0.1

Bug Fixes

• fix(postcss-merge-rules): do not merge nested rules (cssnano/cssnano@eb9a9a1)
• fix(postcss-reduce-idents): minify grid line names correctly (cssnano/cssnano@2af6687)

v6.0.0

Major Changes

• 99d1e6ab: postcss-normalize-url: remove normalize-url configuration options
• 4e272f88: postcss-svgo: Upgrade dependency svgo to v3 and increase the minimum supported node version to v14
• ca9d3f55: Switch minimum supported Node version to 14 for all packages
• 39a20405: feat!(cssnano): remove undocumented YAML config support

Migration instructions

• If you're not happy with the defaults for the normalize-url transform, turn it off completely. Options were removed as most would change the meaning of the URL, which is unexpcted in the case of CSS minification.
• In the unlikely event you're using YAML to configure cssnano, move the cssnano configuration inside the PostCSS config or use a configuration file in CommonJS or JSON format.

v5.1.15

Bug Fixes

• fix(postcsss-reduce-initial): fix mask-repeat conversion
• fix(postcss-colormin): don't minify colors in src declarations
• fix(postcss-merge-rules): do not merge conflicting flex and border properties

v5.1.14

Bug Fixes

• fix: update autoprefixer and browserslist
• fix(postcss-reduce-initial): improve initial properties data

v5.1.13

Bug Fixes

• fix TypeScript type of cssnano() return value (cssnano/cssnano@b92dbe3)

v5.1.12

Bug Fixes

... (truncated)

Commits

• 796988e Publish cssnano 6.0.3
• 1797d35 chore: add workflow to publish to npm
• b1aea33 chore(postcss-svgo)): update SVGO to 3.0.2
• 1ead72d chore: update postcss-selector-parser to 6.0.15
• f233b22 chore: update postcss-selector-parser
• bbca7b3 chore: update all dependencies
• b433b4c test(cssnano): update google-fonts-complete dependency
• a2107c6 Update development dependencies (#1541)
• 5066593 chore: update ESLint config to flat config
• 42249e7 fix(postcss-svgo): update SVGO to 3.1.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ludovicofischer, a new releaser for cssnano since your current version.

Updates grunt from 0.4.5 to 1.6.1

Release notes

Sourced from grunt's releases.

v1.6.1

• Changelog updates 72f6f03
• Merge pull request #1755 from gruntjs/rm-dep 8d4c183
• Add recursive 1c7d483
• Merge pull request #1756 from gruntjs/downgrade-glob 2d4fd38
• Downgrade glob 902db7c
• Fix syntax 494f243
• remove mkdirp b01389e
• remove dep on rimraf and mkdirp 0072510

gruntjs/grunt@v1.6.0...v1.6.1

v1.6.0

• Merge pull request #1750 from gruntjs/dep-update-jan28 2805dc3
• README updates 3f1e423
• Bump to 16 8fd096d
• Update more deps 42c5f95
• Bump eslint and node version 1d88050

gruntjs/grunt@v1.5.3...v1.6.0

v1.5.3

• Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

• Update Changelog 7f15fd5
• Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

• Merge pull request #1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

• Updated changelog b2b2c2b
• Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #1736 from justlep/main fdc7056

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.6.1 date: 2023-01-31 changes: - Downgrades to glob 7 for Windows compatability - Removes mkdirp and rimraf in favour of node.js APIs. v1.6.0 date: 2023-01-28 changes: - Requires node.js 16+. - template.date now uses dateformat ~4.6.2. - other dependency updates such as glob, rimraf, etc. v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0

... (truncated)

Commits

• 8372e11 1.6.1
• 72f6f03 Changelog updates
• 8d4c183 Merge pull request #1755 from gruntjs/rm-dep
• 1c7d483 Add recursive
• 2d4fd38 Merge pull request #1756 from gruntjs/downgrade-glob
• 902db7c Downgrade glob
• 494f243 Fix syntax
• b01389e remove mkdirp
• 0072510 remove dep on rimraf and mkdirp
• 0afeb5c 1.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt since your current version.

Updates grunt-contrib-imagemin from 1.0.1 to 4.0.0

Release notes

Sourced from grunt-contrib-imagemin's releases.

v3.1.0

No release notes provided.

v3.0.0

No release notes provided.

v2.0.1

• Fix plugin options gruntjs/grunt-contrib-imagemin@4b7d009

v2.0.0

• Add XO and AVA gruntjs/grunt-contrib-imagemin@1f245ac
• ES2015ify and remove support for Node.js versions older than v4 gruntjs/grunt-contrib-imagemin@65ff84e
• Remove changelog in favor of releases page gruntjs/grunt-contrib-imagemin@c8a2752

Commits

• 7e61b18 Merge pull request #393 from gruntjs/fix-up-xo
• 2cf6a34 Update deps
• bc556d2 Merge pull request #392 from whyisjake/issue-391
• 2917a2a Rollback AVA a bit.
• aa7a9ca Security Audit Fixes.
• ea0548b 3.1.0
• 8b3fa28 Update imagemin deps to fix tunnel-agent 0.4.3 vulnerability
• 72d2a32 package.json: add individual scripts.
• 021bf3d Update .editorconfig to match the current state.
• 861d695 readme.md: use uls.
• Additional commits viewable in compare view

Updates imagemin-svgo from 4.2.1 to 10.0.1

Release notes

Sourced from imagemin-svgo's releases.

v10.0.1

• Specify exports field ebd0041

imagemin/imagemin-svgo@v10.0.0...v10.0.1

v10.0.0

• Fix usage 836063c
• Use native ESM and update dependencies (#50) 35866f7

imagemin/imagemin-svgo@v9.0.0...v10.0.0

v9.0.0

• Use GitHub Action instead (#44) a42fbfe
• Upgrade svgo (#43) 43888a0
• Update API usage 11dac11

imagemin/imagemin-svgo@v8.0.0...v9.0.0

v8.0.0

• Require Node.js 10 (#40) fa899fc

imagemin/imagemin-svgo@v7.1.0...v8.0.0

v7.1.0

• Upgrade dependencies 71a27ac

imagemin/imagemin-svgo@v7.0.0...v7.1.0

Commits

• 925c911 10.0.1
• ebd0041 Specify exports field
• 949d697 10.0.0
• 836063c Fix usage
• 35866f7 Use native ESM and update dependencies (#50)
• beba5b2 9.0.0
• a42fbfe Use GitHub Action instead (#44)
• 43888a0 Upgrade svgo (#43)
• 11dac11 Update API usage
• bc04dc0 8.0.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by 1000ch, a new releaser for imagemin-svgo since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.