Bump the npm_and_yarn group across 8 directories with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
next	13.1.1	13.5.0
vite	2.8.6	2.9.18
@babel/traverse	7.20.5	7.24.1
decode-uri-component	0.2.0	0.2.2
get-func-name	2.0.0	2.0.2
http-cache-semantics	4.1.0	4.1.1
ip	1.1.5	1.1.9
json5	2.2.1	2.2.3
loader-utils	3.2.0	3.2.1
minimist	1.2.5	1.2.8
semver	5.7.1	5.7.2
ua-parser-js	0.7.31	0.7.37

Bumps the npm_and_yarn group with 1 update in the /examples/contentlayer directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/mdx-bundler directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/next-mdx-remote directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/nextra directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/vite directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /packages/mdx directory: next and vite.

Updates next from 13.1.1 to 13.5.0

Commits

• ffafad2 v13.5.0
• 4a589ed v13.4.20-canary.41
• deb81cf fix styled-jsx alias (#55581)
• 1a9b0f6 improve internal error logging (#55582)
• 0631549 Fix react packages are not bundled for metadata routes (#55579)
• bad5365 Update supported config options for Turbopack (#55556)
• 8881c41 Fix useState function initialiser case for optimize_server_react transform ...
• 1025011 Add react-icons to optimizePackageImports (#55572)
• d5c35a1 chore: replace issue triaing actions with nissuer (#55525)
• 33c561b Consolidate experimental React opt-in & add ppr flag (#55560)
• Additional commits viewable in compare view

Updates vite from 2.8.6 to 2.9.18

Changelog

Sourced from vite's changelog.

2.9.18 (2024-03-24)

• fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657
• fix: port #16250 to v2 (#16254) (011bbca), closes #16250 #16254
• release: v2.9.17 (bfc5649)

2.9.17 (2024-01-19)

• fix: port #15653 to v2 (#15657) (1f855dc), closes #15653 #15657

2.9.16 (2023-05-26)

• fix: port #13348 to v2, fs.deny with leading double slash (#13350) (7d8100a), closes #13348 #13350

2.9.15 (2022-08-12)

• fix: backport make resolveConfig() concurrent safe (#9224) (#9229) (7f01a00), closes #9224 #9229
• fix: fs serve only edit pathname (fixes #9148) (#9654) (521bb39), closes #9148 #9654
• fix(ssr-manifest): check name before saving to ssrManifest (#9595) (e361a80), closes #9595
• chore: narrow down rollup version (#9651) (ed8d6a7), closes #9651

2.9.14 (2022-07-08)

• fix: backport #8979, re-encode url to prevent fs.allow bypass (fixes #8498) (#8990) (adb61c5), closes #8498 #8990
• fix: reverts #8471 (da77dee), closes #8471
• fix(css): backport #7746 (d4d89b9), closes #7746
• fix(css): backport #8936 (#8977) (84ec02a), closes #8936 #8977

2.9.13 (2022-06-27)

• fix: backport #8804, /@fs/ dir traversal with escaped chars (fixes #8498) (#8805) (e109d64), closes #8498 #8805
• fix(wasm): support decoding data URL in Node < v16 (#8668) (1afc1c2), closes #8668

2.9.12 (2022-06-10)

• fix: backport outdated optimized dep removed from module graph (#8534) (c0d6c60), closes #8534

... (truncated)

Commits

• 5936352 release: v2.9.18
• 011bbca fix: port #16250 to v2 (#16254)
• bfc5649 release: v2.9.17
• 1f855dc fix: port #15653 to v2 (#15657)
• ea814d7 release: v2.9.16
• 7d8100a fix: port #13348 to v2, fs.deny with leading double slash (#13350)
• 3a5543d release: v2.9.15
• 521bb39 fix: fs serve only edit pathname (fixes #9148) (#9654)
• ed8d6a7 chore: narrow down rollup version (#9651)
• e361a80 fix(ssr-manifest): check name before saving to ssrManifest (#9595)
• Additional commits viewable in compare view

Updates @babel/traverse from 7.20.5 to 7.24.1

Release notes

Sourced from @​babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• Other
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
• babel-plugin-transform-class-properties, babel-plugin-transform-classes
  • #16343 Use simpler assertThisInitialized more often (@​liuxingbaoyu)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse
  • #16342 Consider well-known and registered symbols as literals (@​nicolo-ribaudo)
• babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env
  • #16326 Reduce the use of class names (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @​ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

• babel-standalone

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #16323 Allow separate helpers to be excluded in Babel 8 (@​liuxingbaoyu)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env
  • #16318 [babel 8] Fix @babel/compat-data package.json (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
• babel-plugin-transform-class-properties, babel-plugin-transform-classes
  • #16343 Use simpler assertThisInitialized more often (@​liuxingbaoyu)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse
  • #16342 Consider well-known and registered symbols as literals (@​nicolo-ribaudo)
• babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env
  • #16326 Reduce the use of class names (@​liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

• babel-standalone
  • #11696 Export babel tooling packages in @babel/standalone (@​ajihyf)
• babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties
  • #16267 Implement noUninitializedPrivateFieldAccess assumption (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16242 Support decorator 2023-11 normative updates (@​JLHwung)
• babel-preset-flow
  • #16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@​nicolo-ribaudo)

... (truncated)

Commits

• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
• 08a057c Use Object.hasOwn when available (#16248)
• a0dd614 v7.23.9
• 1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
• e428a6d v7.23.7
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates get-func-name from 2.0.0 to 2.0.2

Release notes

Sourced from get-func-name's releases.

v2.0.2

What's Changed

Revert previous changes that shipped this as an ES module.

Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.2

v2.0.1

What's Changed

Fix GHSA-4q6p-r6v2-jvc5

Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.1

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by keithamus, a new releaser for get-func-name since your current version.

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

• 2449650 Update mocha
• 560b2d8 Don't use regex to trim whitespace
• b1bdb92 Remove linting package zoo
• c20dc7e Cache 308
• See full diff in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates json5 from 2.2.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates loader-utils from 3.2.0 to 3.2.1

Release notes

Sourced from loader-utils's releases.

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

Changelog

Sourced from loader-utils's changelog.

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

Commits

• a3fd3ca chore(release): 3.2.1
• d2d752d fix: ReDoS problem (#224)
• 52cd134 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#209)
• 9fe2381 chore: add .gitattributes for normalizing end of lines - fixes #203 (#204)
• See full diff in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates ua-parser-js from 0.7.31 to 0.7.37

Release notes

Sourced from ua-parser-js's releases.

v0.7.37

Version 0.7.37

• Fix misidentified WebView token as device model
• Increase UA_MAX_LENGTH to 500
• Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
• Add new device: Ulefone
• Improve device detection: Realme, Xiaomi Redmi
• Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.37

• Fix misidentified WebView token as device model
• Increase UA_MAX_LENGTH to 500
• Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
• Add new device: Ulefone
• Im...

  Description has been truncated

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@types/minimatch@3.0.5	None	0	8.2 kB	types
npm/argparse@1.0.10	environment, filesystem	+1	151 kB	vitaly
npm/assertion-error@1.1.0	None	0	5.64 kB	chaijs
npm/braces@3.0.2	None	+3	98.1 kB	doowb
npm/diff@4.0.2	None	0	335 kB	kpdecker
npm/has-symbols@1.0.3	None	0	20.6 kB	ljharb
npm/ini@1.3.8	None	0	9.3 kB	isaacs
npm/is-string@1.0.7	None	0	19.1 kB	ljharb
npm/is-symbol@1.0.4	None	0	22 kB	ljharb
npm/js-tokens@4.0.0	None	0	15.1 kB	lydell
npm/jsonparse@1.3.1	None	0	36.8 kB	creationix
npm/kind-of@6.0.3	None	0	22.8 kB	doowb
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/mkdirp@1.0.4	environment, filesystem	0	19.1 kB	isaacs
npm/nanoid@3.3.7	None	0	24.4 kB	ai
npm/normalize-path@3.0.0	None	0	9.22 kB	jonschlinkert
npm/object-keys@1.1.1	None	0	26.5 kB	ljharb
npm/path-parse@1.0.7	None	0	4.51 kB	jbgutierrez
npm/picomatch@2.3.1	None	0	90 kB	mrmlnc
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/source-map-js@1.2.0	None	0	140 kB	7rulnik
npm/string_decoder@1.1.1	None	0	15.3 kB	matteo.collina
npm/through@2.3.8	None	0	12.5 kB	dominictarr
npm/type-detect@4.0.8	None	0	42.1 kB	chaijs
npm/typescript@5.4.3	None	0	32.4 MB	typescript-bot
npm/util-deprecate@1.0.2	None	0	5.48 kB	tootallnate
npm/validate-npm-package-license@3.0.4	None	+1	28.4 kB	kemitchell
npm/xtend@4.0.2	None	0	6.46 kB	raynos

🚮 Removed packages: npm/@octokit/core@3.6.0, npm/@octokit/request-error@2.1.0, npm/@octokit/request@5.6.3, npm/@octokit/rest@18.12.0, npm/@octokit/types@6.34.0, npm/agent-base@6.0.2, npm/ansi-styles@4.3.0, npm/array-back@3.1.0, npm/auto@10.34.0, npm/cosmiconfig@7.0.0, npm/debug@4.3.3, npm/deepmerge@4.2.2, npm/deprecation@2.3.1, npm/fast-glob@3.2.11, npm/fromentries@1.3.2, npm/glob@7.2.0, npm/lerna@4.0.0, npm/node-fetch@2.6.7, npm/prettier@2.5.1, npm/semver@7.3.5, npm/ts-node@9.1.1, npm/tslib@2.1.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Uses eval	npm/ajv@6.12.6	Eval Type: Function Location: Package overview	orphan: npm/ajv@6.12.6
Unmaintained	npm/imurmurhash@0.1.4	Last Publish: 8/24/2013, 8:45:23 PM	orphan: npm/imurmurhash@0.1.4
Unmaintained	npm/json-stable-stringify-without-jsonify@1.0.1	Last Publish: 12/15/2016, 10:00:35 PM	orphan: npm/json-stable-stringify-without-jsonify@1.0.1
Unmaintained	npm/natural-compare@1.4.0	Last Publish: 7/22/2016, 8:48:12 PM	orphan: npm/natural-compare@1.4.0
Unmaintained	npm/through@2.3.8	Last Publish: 7/3/2015, 1:38:39 PM	Source
Unmaintained	npm/safer-buffer@2.1.2	Last Publish: 4/8/2018, 10:42:42 AM	Source
Unmaintained	npm/setimmediate@1.0.5	Last Publish: 9/12/2016, 12:59:56 AM	orphan: npm/setimmediate@1.0.5
Unmaintained	npm/normalize-path@3.0.0	Last Publish: 4/19/2018, 2:54:47 PM	Source
Unmaintained	npm/node-int64@0.4.0	Last Publish: 4/4/2015, 2:52:16 AM	orphan: npm/node-int64@0.4.0
Unmaintained	npm/esprima@4.0.1	Last Publish: 7/13/2018, 8:39:14 AM	orphan: npm/esprima@4.0.1
Unmaintained	npm/type-detect@4.0.8	Last Publish: 2/1/2018, 2:30:41 PM	Source
Unmaintained	npm/validate-npm-package-license@3.0.4	Last Publish: 8/5/2018, 4:59:03 PM	Source
Unmaintained	npm/error-ex@1.3.2	Last Publish: 6/19/2018, 6:20:32 AM	orphan: npm/error-ex@1.3.2
Trivial Package	npm/is-arrayish@0.2.1	Location: Package overview	orphan: npm/is-arrayish@0.2.1
Unmaintained	npm/is-arrayish@0.2.1	Last Publish: 6/19/2018, 8:09:45 AM	orphan: npm/is-arrayish@0.2.1
Unmaintained	npm/util-deprecate@1.0.2	Last Publish: 10/7/2015, 6:37:40 PM	Source
Unmaintained	npm/delayed-stream@1.0.0	Last Publish: 4/30/2015, 10:10:29 PM	orphan: npm/delayed-stream@1.0.0
Unmaintained	npm/asynckit@0.4.0	Last Publish: 6/14/2016, 6:29:05 PM	orphan: npm/asynckit@0.4.0
New author	npm/kind-of@6.0.3	New Author: doowb Previous Author: jonschlinkert	Source
Unmaintained	npm/is-windows@1.0.2	Last Publish: 2/14/2018, 7:36:43 AM	orphan: npm/is-windows@1.0.2
Unmaintained	npm/wcwidth@1.0.1	Last Publish: 5/30/2016, 3:56:57 AM	orphan: npm/wcwidth@1.0.1
Trivial Package	npm/isarray@2.0.5	Location: Package overview	orphan: npm/isarray@2.0.5
Unmaintained	npm/get-caller-file@2.0.5	Last Publish: 3/9/2019, 9:48:30 PM	orphan: npm/get-caller-file@2.0.5
Unmaintained	npm/require-directory@2.1.1	Last Publish: 5/28/2015, 8:31:04 AM	orphan: npm/require-directory@2.1.1
New author	npm/source-map@0.5.7	New Author: tromey Previous Author: nickfitzgerald	orphan: npm/source-map@0.5.7
Unmaintained	npm/is-number@7.0.0	Last Publish: 7/4/2018, 3:08:58 PM	Source
Unmaintained	npm/lodash.memoize@4.1.2	Last Publish: 8/13/2016, 5:42:08 PM	orphan: npm/lodash.memoize@4.1.2
Unmaintained	npm/path-is-inside@1.0.2	Last Publish: 9/10/2016, 11:35:10 PM	orphan: npm/path-is-inside@1.0.2
Unmaintained	npm/clone@1.0.4	Last Publish: 3/21/2018, 9:21:25 PM	orphan: npm/clone@1.0.4
Unmaintained	npm/eastasianwidth@0.2.0	Last Publish: 1/1/2018, 9:26:07 AM	orphan: npm/eastasianwidth@0.2.0
New author	npm/cosmiconfig@7.1.0	New Author: d-fischer Previous Author: davidtheclark	orphan: npm/cosmiconfig@7.1.0
Unmaintained	npm/promise-inflight@1.0.1	Last Publish: 2/26/2017, 2:48:59 AM	orphan: npm/promise-inflight@1.0.1
Unmaintained	npm/jsonparse@1.3.1	Last Publish: 5/9/2017, 7:59:13 PM	Source
Unmaintained	npm/concat-stream@2.0.0	Last Publish: 12/21/2018, 2:22:15 PM	orphan: npm/concat-stream@2.0.0
Unmaintained	npm/minimalistic-assert@1.0.1	Last Publish: 4/11/2018, 12:21:23 PM	orphan: npm/minimalistic-assert@1.0.1
Trivial Package	npm/minimalistic-assert@1.0.1	Location: Package overview	orphan: npm/minimalistic-assert@1.0.1
New author	npm/pathval@1.1.1	New Author: chai Previous Author: chaijs	orphan: npm/pathval@1.1.1
Unmaintained	npm/source-list-map@2.0.1	Last Publish: 10/10/2018, 10:48:08 AM	orphan: npm/source-list-map@2.0.1
Unmaintained	npm/is-lambda@1.0.1	Last Publish: 5/24/2017, 7:07:11 PM	orphan: npm/is-lambda@1.0.1
Unmaintained	npm/lodash.isequal@4.5.0	Last Publish: 1/10/2017, 5:30:04 AM	orphan: npm/lodash.isequal@4.5.0
Unmaintained	npm/require-package-name@2.0.1	Last Publish: 5/7/2015, 2:11:17 PM	orphan: npm/require-package-name@2.0.1

View full report↗︎

Next steps

What is eval?

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

What are unmaintained packages?

Package has not been updated in more than 5 years and may be unmaintained. Problems with the package may go unaddressed.

Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.

What are trivial packages?

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Removing this package as a dependency and implementing its logic will reduce supply chain risk.

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/ajv@6.12.6
• @SocketSecurity ignore npm/imurmurhash@0.1.4
• @SocketSecurity ignore npm/json-stable-stringify-without-jsonify@1.0.1
• @SocketSecurity ignore npm/natural-compare@1.4.0
• @SocketSecurity ignore npm/through@2.3.8
• @SocketSecurity ignore npm/safer-buffer@2.1.2
• @SocketSecurity ignore npm/setimmediate@1.0.5
• @SocketSecurity ignore npm/normalize-path@3.0.0
• @SocketSecurity ignore npm/node-int64@0.4.0
• @SocketSecurity ignore npm/esprima@4.0.1
• @SocketSecurity ignore npm/type-detect@4.0.8
• @SocketSecurity ignore npm/validate-npm-package-license@3.0.4
• @SocketSecurity ignore npm/error-ex@1.3.2
• @SocketSecurity ignore npm/is-arrayish@0.2.1
• @SocketSecurity ignore npm/util-deprecate@1.0.2
• @SocketSecurity ignore npm/delayed-stream@1.0.0
• @SocketSecurity ignore npm/asynckit@0.4.0
• @SocketSecurity ignore npm/kind-of@6.0.3
• @SocketSecurity ignore npm/is-windows@1.0.2
• @SocketSecurity ignore npm/wcwidth@1.0.1
• @SocketSecurity ignore npm/isarray@2.0.5
• @SocketSecurity ignore npm/get-caller-file@2.0.5
• @SocketSecurity ignore npm/require-directory@2.1.1
• @SocketSecurity ignore npm/source-map@0.5.7
• @SocketSecurity ignore npm/is-number@7.0.0
• @SocketSecurity ignore npm/lodash.memoize@4.1.2
• @SocketSecurity ignore npm/path-is-inside@1.0.2
• @SocketSecurity ignore npm/clone@1.0.4
• @SocketSecurity ignore npm/eastasianwidth@0.2.0
• @SocketSecurity ignore npm/cosmiconfig@7.1.0
• @SocketSecurity ignore npm/promise-inflight@1.0.1
• @SocketSecurity ignore npm/jsonparse@1.3.1
• @SocketSecurity ignore npm/concat-stream@2.0.0
• @SocketSecurity ignore npm/minimalistic-assert@1.0.1
• @SocketSecurity ignore npm/pathval@1.1.1
• @SocketSecurity ignore npm/source-list-map@2.0.1
• @SocketSecurity ignore npm/is-lambda@1.0.1
• @SocketSecurity ignore npm/lodash.isequal@4.5.0
• @SocketSecurity ignore npm/require-package-name@2.0.1