Bump the npm_and_yarn group across 4 directories with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the /tgui directory:

Package	From	To
webpack	5.94.0	5.104.1
dompurify	2.5.7	3.2.4
js-yaml	4.1.0	4.1.1
fastify	3.29.4	5.7.3
fastify-static	4.2.3	4.4.1
lodash	4.17.21	4.17.23
axios	1.8.4	1.13.5
brace-expansion	1.1.11	1.1.12
http-cache-semantics	4.1.0	4.2.0
minimatch	3.0.4	3.1.2
minimist	1.2.5	1.2.8
qs	6.5.2	6.5.5
send	0.17.1	0.17.2

Bumps the npm_and_yarn group with 1 update in the /tgui/packages/tgui directory: dompurify.
Bumps the npm_and_yarn group with 1 update in the /tgui/packages/tgui-bench directory: fastify.
Bumps the npm_and_yarn group with 1 update in the /tgui/packages/tgui-panel directory: dompurify.

Updates webpack from 5.94.0 to 5.104.1

Release notes

Sourced from webpack's releases.

v5.104.1

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

v5.104.0

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

v5.103.0

Features

• Added DotenvPlugin and top level dotenv option to enable this plugin
• Added WebpackManifestPlugin
• Added support the ignoreList option in devtool plugins
• Allow to use custom javascript parse function

... (truncated)

Changelog

Sourced from webpack's changelog.

5.104.1

Patch Changes

• 2efd21b: Reexports runtime calculation should not accessing WEBPACK_IMPORT_KEY decl with var.
• c510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.

5.104.0

Minor Changes

• d3dd841: Use method shorthand to render module content in __webpack_modules__ object.
• d3dd841: Enhance import.meta.env to support object access.
• 4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.
• 04cd530: Handle more at-rules for CSS modules.
• cafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.
• d3dd841: Added base64url, base62, base58, base52, base49, base36, base32 and base25 digests.
• 5983843: Provide a stable runtime function variable __webpack_global__.
• d3dd841: Improved localIdentName hashing for CSS.

Patch Changes

• 22c48fb: Added module existence check for informative error message in development mode.
• 50689e1: Use the fully qualified class name (or export name) for [fullhash] placeholder in CSS modules.
• d3dd841: Support universal lazy compilation.
• d3dd841: Fixed module library export definitions when multiple runtimes.
• d3dd841: Fixed CSS nesting and CSS custom properties parsing.
• d3dd841: Don't write fragment from URL to filename and apply fragment to module URL.
• aab1da9: Fixed bugs for css/global type.
• d3dd841: Compatibility import.meta.filename and import.meta.dirname with eval devtools.
• d3dd841: Handle nested __webpack_require__.
• 728ddb7: The speed of identifier parsing has been improved.
• 0f8b31b: Improve types.
• d3dd841: Don't corrupt debugId injection when hidden-source-map is used.
• 2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.
• d3dd841: Serialize HookWebpackError.
• d3dd841: Added ability to use built-in properties in dotenv and define plugin.
• 3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.
• d3dd841: Reduce collision for local indent name in CSS.
• d3dd841: Remove CSS link tags when CSS imports are removed.

Commits

• 24e3c2d chore(release): new release (#20253)
• 2efd21b fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...
• c510070 fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris
• 4b0501c ci: fix release (#20252)
• 0c213ce ci: use \<@&1450591255485743204> over @here for discord notificationw
• 5bf8bc5 refactor: types for benchmarks and tests
• 505a5e7 chore(release): new release (#20188)
• 0c06680 refactor: update eslint configuration
• 2eb0d6a ci: release announcement (#20238)
• b2b2459 ci: cancel in progress (#20239)
• Additional commits viewable in compare view

Updates dompurify from 2.5.7 to 3.2.4

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.4

• Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
• Added a new feature to allow specific hook removal, thanks @​davecardwell
• Added purify.js and purify.min.js to exports, thanks @​Aetherinox
• Added better logic in case no window object is president, thanks @​yehuya
• Updated some dependencies called out by dependabot
• Updated license files etc to show the correct year

DOMPurify 3.2.3

• Fixed two conditional sanitizer bypasses discovered by @​parrot409 and @​Slonser
• Updated the attribute clobbering checks to prevent future bypasses, thanks @​parrot409

DOMPurify 3.2.2

• Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
• Fixed several minor issues with the type definitions, thanks again @​reduckted
• Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
• Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

DOMPurify 3.2.1

• Fixed several minor issues with the type definitions, thanks @​reduckted @​ghiscoding @​asamuzaK @​MiniDigger
• Fixed an issue with non-minified dist files and order of imports, thanks @​reduckted

DOMPurify 3.2.0

• Added type declarations, thanks @​reduckted , @​philmayfield, @​aloisklink, @​ssi02014 and others
• Fixed a minor issue with the handling of hooks, thanks @​kevin-mizu

DOMPurify 3.1.7

• Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
• Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
• Added better support for Angular compiler, thanks @​jeroen1602
• Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
• Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
• Bumped several dependencies to be more up to date

DOMPurify 3.1.6

• Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
• Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
• Fixed a minor problem with the bower file pointing to the wrong dist path
• Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
• Updated several development dependencies

DOMPurify 3.1.5

• Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
• Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

DOMPurify 3.1.4

• Fixed an issue with the recently implemented isNaN checks, thanks @​tulach
• Added several new popover attributes to allow-list, thanks @​Gigabyte5671
• Fixed the tests and adjusted the test runner to cover all branches

... (truncated)

Commits

• ec29e65 Merge pull request #1062 from cure53/main
• 1c1b183 chore: Preparing 3.2.4 release
• d18ffcb fix: Changed the template literal regex to avoid a config-dependent bypass
• 0d64d2b Merge pull request #1060 from yehuya/initializeTestImprovements
• 9ad7933 tests: DOMPurify custom window tests improvements
• 72760ca Merge pull request #1059 from yehuya/fixMissingWindowElement
• bc72d44 Fix tests
• 363a89d fix: handle undefined Element in DOMPurify initialization
• f41b45d Update LICENSE
• b25bf26 Update README.md
• Additional commits viewable in compare view

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates fastify from 3.29.4 to 5.7.3

Release notes

Sourced from fastify's releases.

v5.7.3

⚠️ Security Release

• Fix GHSA-mrq3-vjjr-p77c CVE-2026-25224.

What's Changed

• docs: update Reply.send() documentation for string serialization by @​mcollina in fastify/fastify#6466
• chore: ignore agents config files by @​mcollina in fastify/fastify#6474
• docs: update vulnerability reporting to use GitHub Security by @​mcollina in fastify/fastify#6475

Full Changelog: fastify/fastify@v5.7.2...v5.7.3

v5.7.2

⚠️ Notice ⚠️

Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted.

What's Changed

• chore: npm ignore AI related files by @​climba03003 in fastify/fastify#6447
• chore: update sponsor url by @​Eomm in fastify/fastify#6450
• docs: add fastify-http-exceptions to Ecosystem.md by @​bhouston in fastify/fastify#6442
• docs: fix invalid shorten form schema example by @​climba03003 in fastify/fastify#6448
• docs: Simplify and tighten decorators example by @​smith558 in fastify/fastify#6451
• docs: Fix incorrect variable use by @​smith558 in fastify/fastify#6455
• chore: update sponsor link by @​Eomm in fastify/fastify#6460
• fix: Fix MIT Licence file to conform to standard by @​smith558 in fastify/fastify#6464
• docs: move querystringParser option under routerOptions by @​inyourtime in fastify/fastify#6463
• chore: Updated content-type header parsing by @​jsumners in fastify/fastify#6414

New Contributors

• @​bhouston made their first contribution in fastify/fastify#6442

Full Changelog: fastify/fastify@v5.7.1...v5.7.2

v5.7.1

What's Changed

• chore: Bump actions/checkout from 5 to 6 by @​dependabot[bot] in fastify/fastify#6434
• chore: updated version in the fastify.js by @​Tony133 in fastify/fastify#6446

Full Changelog: fastify/fastify@v5.7.0...v5.7.1

v5.7.0

What's Changed

• docs: Improved firebase serverless guide about process remaining stuck by @​alexandercerutti in fastify/fastify#6380
• docs: update migration guide with date-time breaking change by @​craftsman01 in fastify/fastify#6110
• chore: remove test file by @​Eomm in fastify/fastify#6384
• feat: speed up loading with custom compiler by @​Eomm in fastify/fastify#6383
• docs: replace all instances of twitter.com with x.com by @​cseas in fastify/fastify#6355

... (truncated)

Commits

• 49468ed Bumped v5.7.3
• eb11156 Merge commit from fork
• d98ce2a docs: update vulnerability reporting to use GitHub Security (#6475)
• 17172c4 Ignore agents config files (#6474)
• b48826f docs: update Reply.send() documentation for string serialization (#6466)
• e1e4fe7 v5.7.2
• 32d7b6a chore: Updated content-type header parsing (#6414)
• f4a6ac1 docs: move querystringParser example under routerOptions (#6463)
• 2af83d6 fix: Fix MIT Licence file to conform to standard (#6464)
• 5c14e05 chore: update sponsor link (#6460)
• Additional commits viewable in compare view

Updates fastify-static from 4.2.3 to 4.4.1

Release notes

Sourced from fastify-static's releases.

v4.4.1

⚠️ Security Release

This release fixes CVE-2021-22964, see GHSA-pgh6-m65r-2rhq for more details.

Full Changelog: fastify/fastify-static@v4.4.0...v4.4.1

v4.4.0

What's Changed

• Extended dir-list information by @​Jelenkee in fastify/fastify-static#241

Full Changelog: fastify/fastify-static@v4.3.0...v4.4.0

v4.3.0

What's Changed

• Add options overload parameter to sendFile function (#238) by @​mav-rik in fastify/fastify-static#239

Full Changelog: fastify/fastify-static@v4.2.4...v4.3.0

v4.2.4

⚠️ Security release

CVE: CVE-2021-22963 Security Advisory: GHSA-p6vg-p826-qp3v See also: https://hackerone.com/reports/1354255 (disclosed soon)

What's Changed

• Bump actions/setup-node from 2.3.1 to 2.3.2 by @​dependabot in fastify/fastify-static#226
• Bump actions/setup-node from 2.3.2 to 2.4.0 by @​dependabot in fastify/fastify-static#227
• Bump fastify/github-action-merge-dependabot from 2.2.0 to 2.3.0 by @​dependabot in fastify/fastify-static#228
• Bump fastify/github-action-merge-dependabot from 2.3.0 to 2.4.0 by @​dependabot in fastify/fastify-static#229
• Bump fastify/github-action-merge-dependabot from 2.4.0 to 2.5.0 by @​dependabot in fastify/fastify-static#233
• fix(docs): list example and index option by @​ZiiMakc in fastify/fastify-static#235
• build(deps): bump actions/setup-node from 2.4.0 to 2.4.1 by @​dependabot in fastify/fastify-static#236
• Fix a typo in docs in usage examples of "download" method by @​mav-rik in fastify/fastify-static#237

New Contributors

• @​mav-rik made their first contribution in fastify/fastify-static#237

Full Changelog: fastify/fastify-static@v4.2.3...v4.2.4

Commits

• f324f8b Bumped v4.4.1
• c31f17d Merge pull request from GHSA-pgh6-m65r-2rhq
• bbdf96f Bumped v4.4.0
• 9e3286c Extended dir-list information (#241)
• 33bc265 Bumped v4.3.0
• 8da6140 Add options overload parameter to sendFile function (#238) (#239)
• d97b2cf Bumped v4.2.4
• 861e0e9 Merge pull request from GHSA-p6vg-p826-qp3v
• 521b641 docs(readme): fix the 'download' method examples (#237)
• 905468d build(deps): bump actions/setup-node from 2.4.0 to 2.4.1 (#236)
• Additional commits viewable in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates axios from 1.8.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• 44f33b4 1.1.12
• c460dbd pkg: publish on tag 1.x
• ccb8ac6 fmt
• c3c73c8 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• See full diff in compare view

Updates cookie from 0.4.1 to 1.1.1

Release notes

Sourced from cookie's releases.

v1.1.1

Fixed

• Overwrite value in passed in options (#253) c66147c
  • When value was provided in serialize(key, value, { value }) the value in options was used instead of the value passed as an argument

---

jshttp/cookie@v1.1.0...v1.1.1

v1.1.0

Added:

• Add stringifyCookie and parseSetCookie methods (#244, #214)
• Rename existing methods for clarity (old method names remain for backward compatibility)
  • parse → parseCookie
  • serialize → stringifySetCookie
• Add side effects field (#245) 00b0327

---

jshttp/cookie@v1.0.2...v1.1.0

v1.0.2

Fixed

• Loosen cookie name/value validation (#210)
• fix: options.priority used incorrect fallback (#207) by @​jonchurch

Added

• Add import example to README (#190) by @​isnifer

jshttp/cookie@v1.0.1...v1.0.2

v1.0.1

Added

• Allow case insensitive options (#194) 3bed080

jshttp/cookie@v1.0.0...v1.0.1

v1.0.0

Breaking changes

• Use modern JS features, ship TypeScript definition (#175) 1cc64ff
  • Adds __esModule marker, imports need to use import { parse, serialize } or import * as cookie
• Minimum node.js v18
• Uses null prototype object for parse return value
• Changes strict and priority to match the lower case strings (i.e. low, not LOW or Low)

... (truncated)

Commits

• 1b89eec 1.1.1
• c66147c Overwrite value in passed in options (#253)
• 09cec9f 1.1.0
• 05ebd34 Add tests for parsing top sites (#249)
• 6214eaf Add benchmark for parseSetCookie (#247)
• 71798d7 Fix skip over of boolean attributes (#248)
• 9e41cf1 build(deps): bump the npm_and_yarn group across 1 directory with 4 updates (#...
• 6fea506 Add parse method for set-cookie (#244)
• 00b0327 Add side effects field (#245)
• 94586de feat: remove dependabot from repo (#242)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates http-cache-semantics from 4.1.0 to 4.2.0

Commits

• See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation a...

  Description has been truncated

[dependabot]

Superseded by #6.