Bump the npm_and_yarn group across 3 directories with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
postcss	8.4.47	8.4.49
smol-toml	1.3.0	1.3.1
browserslist	4.24.0	4.24.3
@eslint/plugin-kit	0.2.0	0.2.4
cross-spawn	7.0.3	7.0.6
nanoid	3.3.7	3.3.8
shell-quote	1.8.1	1.8.2

Bumps the npm_and_yarn group with 2 updates in the /scripts/release directory: micromatch and cross-spawn.
Bumps the npm_and_yarn group with 1 update in the /website directory: express.

Updates postcss from 8.4.47 to 8.4.49

Release notes

Sourced from postcss's releases.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

Changelog

Sourced from postcss's changelog.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

Commits

• aed8b89 Release 8.4.49 version
• 3450630 Fix position calculations when offset is missing (#1983)
• 77420d6 Release 8.4.48 version
• 341529f Update dependencies
• 66fa667 Add Node.js 23 to CI
• 1a8b261 fix inconsistent position calculations (#1980)
• 1cc6ac3 Clarify usage in docs
• See full diff in compare view

Updates smol-toml from 1.3.0 to 1.3.1

Commits

• See full diff in compare view

Updates browserslist from 4.24.0 to 4.24.3

Release notes

Sourced from browserslist's releases.

4.24.3

• Updated Firefox ESR (by @​fpapado).

4.24.2

• Clarify outdated caniuse-lite warning text.

4.24.1

• Added months since last caniuse-lite update to the warning (by @​mezhnin).

Changelog

Sourced from browserslist's changelog.

4.24.3

• Updated Firefox ESR (by @​fpapado).

4.24.2

• Clarify outdated caniuse-lite warning text.

4.24.1

• Added months since last caniuse-lite update to the warning (by @​mezhnin).

Commits

• 958d62e Release 4.24.3 version
• 4e1bfff Update dependencies
• 6f5a4fc Update Firefox ESR versions (#858)
• df1d063 Bump nanoid from 5.0.7 to 5.0.9 (#856)
• d80b676 Bump cross-spawn from 7.0.3 to 7.0.5 (#854)
• 119cc9f Fix typo in README (#853)
• aeb283c Bump @​eslint/plugin-kit from 0.2.1 to 0.2.3 (#852)
• 065c69b Release 4.24.2 version
• c30a4b5 More clear warning text
• 8fbb304 Release 4.24.1 version
• Additional commits viewable in compare view

Updates @eslint/plugin-kit from 0.2.0 to 0.2.4

Release notes

Sourced from @​eslint/plugin-kit's releases.

plugin-kit: v0.2.4

0.2.4 (2024-12-04)

Bug Fixes

• Update RuleVisitor type (#135) (156d601)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.9.0 to ^0.9.1

plugin-kit: v0.2.3

0.2.3 (2024-11-14)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.8.0 to ^0.9.0

plugin-kit: v0.2.2

0.2.2 (2024-10-25)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.7.0 to ^0.8.0

plugin-kit: v0.2.1

0.2.1 (2024-10-18)

Dependencies

• The following workspace dependencies were updated
  • devDependencies
    • @​eslint/core bumped from ^0.6.0 to ^0.7.0

Commits

• dd8d161 chore: release main (#136)
• f7cb7e2 chore: add type tests for core package (#137)
• 44d812d docs: Update README sponsors
• b280b8b docs: Update README sponsors
• 5a18ce6 docs: Update README sponsors
• 156d601 fix: Update RuleVisitor type (#135)
• 8852527 chore: fully type check packages/*/src files (#117)
• a957ee3 chore: release main (#130)
• 3591a78 feat: Add Language#normalizeLanguageOptions() (#131)
• 2fa68b7 chore: fix formatting error (#133)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates shell-quote from 1.8.1 to 1.8.2

Changelog

Sourced from shell-quote's changelog.

v1.8.2 - 2024-11-27

Fixed

• [Fix] quote: preserve empty strings [#18](https://github.com/ljharb/shell-quote/issues/18)

Commits

• [meta] fix changelog tags 0fb9fd8
• [actions] split out node 10-20, and 20+ 819bd84
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape fc56408
• [actions] update npm for windows tests fdeb0fd
• [Dev Deps] update @ljharb/eslint-config, aud, tape b8a4a3b
• [actions] prevent node 14 on ARM mac from failing 9eecafc
• [meta] exclude more files from the package 4044e7f
• [Tests] replace aud with npm audit 8cfdbd8
• [meta] add missing engines.node 843820e
• [Dev Deps] add missing peer dep 4c3b88d
• [Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6 80322ed

Commits

• b19fc77 v1.8.2
• 59d29ea [Fix] quote: preserve empty strings
• 819bd84 [actions] split out node 10-20, and 20+
• 4c3b88d [Dev Deps] add missing peer dep
• fc56408 [Dev Deps] update @ljharb/eslint-config, auto-changelog, npmignore, tape
• 8cfdbd8 [Tests] replace aud with npm audit
• 9eecafc [actions] prevent node 14 on ARM mac from failing
• 843820e [meta] add missing engines.node
• 4044e7f [meta] exclude more files from the package
• fdeb0fd [actions] update npm for windows tests
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates path-to-regexp from 0.1.7 to 0.1.12

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking (again)

Fixed

• Improved backtracking protection for 0.1.x, will break some previously valid paths (see previous advisory: GHSA-9wv6-86v2-598j)

pillarjs/path-to-regexp@v0.1.11...v0.1.12

Error on bad input

Changed

• Add error on bad input values 8f09549

pillarjs/path-to-regexp@v0.1.10...v0.1.11

Backtrack protection

Fixed

• Add backtrack protection to parameters 29b96b4
  • This will break some edge cases but should improve performance

pillarjs/path-to-regexp@v0.1.9...v0.1.10

Support non-lookahead regex output

Added

• Allow a non-lookahead regex (#312) c4272e4

component/path-to-regexp@v0.1.8...v0.1.9

Support named matching groups in RegExp

Added

• Add support for named matching groups (#301) 114f62d

pillarjs/path-to-regexp@v0.1.7...v0.1.8

Commits

• 640e694 0.1.12
• f01c26a Merge commit from fork
• 0c71192 0.1.11
• 8f09549 Add error on bad input values
• c827fce 0.1.10
• 29b96b4 Add backtrack protection to parameters
• ac4c234 Update repo url (#314)
• bdb6635 0.1.9
• c4272e4 Allow a non-lookahead regex (#312)
• 51a1955 0.1.8
• Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Size Change: +1.12 kB (+0.01%)

Total Size: 7.73 MB

Filename	Size	Change
./dist/index.mjs	737 kB	+295 B (+0.04%)
./dist/plugins/postcss.js	153 kB	+411 B (+0.27%)
./dist/plugins/postcss.mjs	153 kB	+411 B (+0.27%)

ℹ️ View Unchanged

Filename	Size
./dist/bin	4.1 kB
./dist/bin/prettier.cjs	2.1 kB
./dist/doc.d.ts	7.42 kB
./dist/doc.js	53.1 kB
./dist/doc.mjs	49.6 kB
./dist/index.cjs	36.8 kB
./dist/index.d.ts	26.8 kB
./dist/internal	4.1 kB
./dist/internal/cli.mjs	125 kB
./dist/LICENSE	205 kB
./dist/package.json	6.3 kB
./dist/plugins	4.1 kB
./dist/plugins/acorn.d.ts	109 B
./dist/plugins/acorn.js	152 kB
./dist/plugins/acorn.mjs	152 kB
./dist/plugins/angular.d.ts	177 B
./dist/plugins/angular.js	44.4 kB
./dist/plugins/angular.mjs	43.7 kB
./dist/plugins/babel.d.ts	419 B
./dist/plugins/babel.js	314 kB
./dist/plugins/babel.mjs	314 kB
./dist/plugins/estree.d.ts	11 B
./dist/plugins/estree.js	201 kB
./dist/plugins/estree.mjs	200 kB
./dist/plugins/flow.d.ts	90 B
./dist/plugins/flow.js	661 kB
./dist/plugins/flow.mjs	660 kB
./dist/plugins/glimmer.d.ts	93 B
./dist/plugins/glimmer.js	143 kB
./dist/plugins/glimmer.mjs	142 kB
./dist/plugins/graphql.d.ts	93 B
./dist/plugins/graphql.js	43.6 kB
./dist/plugins/graphql.mjs	43 kB
./dist/plugins/html.d.ts	139 B
./dist/plugins/html.js	151 kB
./dist/plugins/html.mjs	151 kB
./dist/plugins/markdown.d.ts	127 B
./dist/plugins/markdown.js	149 kB
./dist/plugins/markdown.mjs	148 kB
./dist/plugins/meriyah.d.ts	93 B
./dist/plugins/meriyah.js	131 kB
./dist/plugins/meriyah.mjs	131 kB
./dist/plugins/postcss.d.ts	121 B
./dist/plugins/typescript.d.ts	96 B
./dist/plugins/typescript.js	890 kB
./dist/plugins/typescript.mjs	889 kB
./dist/plugins/yaml.d.ts	90 B
./dist/plugins/yaml.js	122 kB
./dist/plugins/yaml.mjs	122 kB
./dist/README.md	4.03 kB
./dist/standalone.d.ts	1.37 kB
./dist/standalone.js	82.1 kB
./dist/standalone.mjs	81.8 kB

_{compressed-size-action}