Bump the npm_and_yarn group across 1 directory with 26 updates

[dependabot]

Bumps the npm_and_yarn group with 18 updates in the / directory:

Package	From	To
karma	5.1.0	6.3.16
ajv	6.12.2	6.12.6
ansi-regex	4.1.0	4.1.1
async	2.6.3	2.6.4
braces	3.0.2	3.0.3
babel-plugin-add-module-exports	1.0.2	1.0.4
webpack	4.43.0	5.92.0
webpack-cli	3.3.12	5.1.4
webpack-dev-server	3.11.0	5.0.4
loader-utils	1.4.0	1.4.2
follow-redirects	1.12.1	1.15.6
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
lodash	4.17.19	4.17.21
minimist	1.2.5	1.2.8
qs	6.5.2	6.5.3
webpack-dev-middleware	3.7.2	removed
karma-webpack	4.0.2	5.0.1

Updates karma from 5.1.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates ajv from 6.12.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates ansi-regex from 4.1.0 to 4.1.1

Commits

• 64735d2 v4.1.1
• 75a657d Fix potential ReDoS (#37)
• See full diff in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates babel-plugin-add-module-exports from 1.0.2 to 1.0.4

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for babel-plugin-add-module-exports since your current version.

Updates webpack from 4.43.0 to 5.92.0

Release notes

Sourced from webpack's releases.

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic
• Fixed failed to resolve promise when eager import a dynamic cjs
• Avoid generation extra code for external modules when remapping is not required
• The css/global type now handles the exports name
• Avoid hashing for @keyframe and @property at-rules in css/global type
• Fixed mangle with destructuring for JSON modules
• The stats.hasWarnings() method now respects the ignoreWarnings option
• Fixed ArrayQueue iterator
• Correct behavior of __webpack_exports_info__.a.b.canMangle
• Changed to the correct plugin name for the CommonJsChunkFormatPlugin plugin
• Set the chunkLoading option to the import when environment is unknown and output is module
• Fixed when runtimeChunk has no exports when module chunkFormat used
• [CSS] Fixed parsing minimized CSS import
• [CSS] URLs in CSS files now have correct public path
• [CSS] The css module type should not allow parser to switch mode
• [Types] Improved context module types

New Features

• Added platform target properties to compiler
• Improved multi compiler cache location and validating it
• Support import attributes spec (with keyword)
• Support node: prefix for Node.js core modules in runtime code
• Support prefetch/preload for module chunk format
• Support "..." in the importsFields option for resolver
• Root module is less prone to be wrapped in IIFE
• Export InitFragment class for plugins
• Export compileBooleanMatcher util for plugins
• Export InputFileSystem and OutputFileSystem types
• [CSS] Support the esModule generator option for CSS modules
• [CSS] Support CSS when chunk format is module

v5.91.0

Bug Fixes

• Deserializer for ignored modules doesn't crash
• Allow the unsafeCache option to be a proxy object
• Normalize the snapshot.unmanagedPaths option
• Fixed fs types
• Fixed resolve's plugins types
• Fixed wrongly calculate postOrderIndex
• Fixed watching types
• Output import attrbiutes/import assertions for external JS imports
• Throw an error when DllPlugin needs to generate multiple manifest files, but the path is the same
• [CSS] Output layer/supports/media for external CSS imports

... (truncated)

Commits

• 34e2561 chore(release): 5.92.0
• 796bb6b chore(deps): update
• 65b3684 ci: fix
• 5da27ad ci: fix
• 09afe04 ci: fix
• 9d899d4 chore: small fixes
• de6d4b2 style: fix
• 1954237 chore: fix lint and types
• 7acd348 revert: changes in examples
• ab3e93b style: fix
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates webpack-cli from 3.3.12 to 5.1.4

Release notes

Sourced from webpack-cli's releases.

v5.1.4

5.1.4 (2023-06-07)

Bug Fixes

• multi compiler progress output (f659624)

v5.1.3

5.1.3 (2023-06-04)

Bug Fixes

• regression for custom configurations (#3834) (bb4f8eb)

v5.1.2

5.1.2 (2023-06-04)

Bug Fixes

• improve check for custom webpack and webpack-dev-server package existance (0931ab6)
• improve help for some flags (f468614)
• improved support for .cts and .mts extensions (a77daf2)

v5.1.1

5.1.1 (2023-05-09)

Bug Fixes

• false positive warning when --watch used (#3783) (c0436ba)

v5.1.0

5.1.0 (2023-05-07)

Features

• shareable webpack configs using extends (#3738) (d04d0b9)

Performance Improvements

• simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

v5.0.2

5.0.2 (2023-04-21)

Bug Fixes

• error message for missing default export in configuration (#3685) (e0a4a09)
• perf: reduced startup time (3b79059)

v5.0.1

... (truncated)

Changelog

Sourced from webpack-cli's changelog.

5.1.4 (2023-06-07)

Bug Fixes

• multi compiler progress output (f659624)

5.1.3 (2023-06-04)

Bug Fixes

• regression for custom configurations (#3834) (bb4f8eb)

5.1.2 (2023-06-04)

Bug Fixes

• improve check for custom webpack and webpack-dev-server package existance (0931ab6)
• improve help for some flags (f468614)
• improved support for .cts and .mts extensions (a77daf2)

5.1.1 (2023-05-09)

Bug Fixes

• false positive warning when --watch used (#3783) (c0436ba)

5.1.0 (2023-05-07)

Features

• shareable webpack configs using extends (#3738) (d04d0b9)

Performance Improvements

• simplify logic, reduce extra loops and perf (#3767) (6afe1d3)

5.0.2 (2023-04-21)

Bug Fixes

• error message for missing default export in configuration (#3685) (e0a4a09)
• perf: reduced startup time (3b79059)

5.0.1 (2022-12-05)

Bug Fixes

• make define-process-env-node-env alias node-env (#3514) (346a518)

5.0.0 (2022-11-17)

... (truncated)

Commits

• e07f0e5 chore(release): publish new version
• 0345c6f chore(deps-dev): bump @​typescript-eslint/parser from 5.59.8 to 5.59.9 (#3839)
• f659624 fix: multi compiler progress output
• 0d1ff01 chore(deps-dev): bump webpack from 5.85.0 to 5.85.1 (#3837)
• a7ec146 chore(deps-dev): bump @​typescript-eslint/eslint-plugin (#3838)
• 9464635 chore(deps-dev): bump eslint from 8.41.0 to 8.42.0 (#3835)
• cf1796f docs: update changelog
• 7899c39 chore(release): publish new version
• bb4f8eb fix: regression for custom configurations (#3834)
• 14b9c18 docs: update changelog
• Additional commits viewable in compare view

Updates webpack-dev-server from 3.11.0 to 5.0.4

Release notes

Sourced from webpack-dev-server's releases.

v5.0.4

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

v5.0.3

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

v5.0.2

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

v5.0.1

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

v5.0.0

5.0.0 (2024-02-12)

Migration Guide and Changes.

v4.15.2

4.15.2 (2024-03-20)

Bug Fixes

• security: bump webpack-dev-middleware (4116209)

v4.15.1

4.15.1 (2023-06-09)

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

5.0.1 (2024-02-13)

Bug Fixes

• avoid using eval in client (#5045) (7681477)
• overlay and require-trusted-types-for (#5046) (e115436)

5.0.0 (2024-02-12)

Migration Guide and Changes.

4.15.1 (2023-06-09)

Bug Fixes

• replace :: with localhost before openBrowser() (#4856) (874c44b)
• types: compatibility with @types/ws (#4899) (34bcec2)

4.15.0 (2023-05-07)

Features

• overlay displays unhandled promise rejection (#4849) (d1dd430)

4.14.0 (2023-05-06)

... (truncated)

Commits

• 64a1860 chore(release): 5.0.4
• aab576a fix(security): bump webpack-dev-middleware (#5112)
• fb6f22a chore(deps-dev): bump @​commitlint/config-conventional (#5104)
• ba9dfb6 chore(deps-dev): bump @​commitlint/cli from 19.0.3 to 19.1.0 (#5103)
• 08cab58 chore(release): 5.0.3
• 37f4760 chore(deps-dev): bump @​types/node from 20.11.25 to 20.11.26 (#5102)
• 6e1aed3 fix(types): proxy (#5101)
• 8ea7cb8 chore(deps): bump open from 10.0.4 to 10.1.0 (#5100)
• c6a3586 chore(deps-dev): bump puppeteer from 22.4.0 to 22.4.1 (#5099)
• 2201442 chore(deps): update (#5096)
• Additional commits viewable in compare view

Updates dns-packet from 1.3.1 to 5.6.1

Changelog

Sourced from dns-packet's changelog.

Version 5.6.0 - 2023-04-18

• Feature: Added support for the TLSA record type.

Version 5.5.0 - 2023-03-27

• Feature: Added support for the NAPTR record type.

Version 5.4.0 - 2022-06-14

• Feature: Added support for the SSHFP record type.

Version 5.2.0 - 2019-02-21

• Feature: Added support for de/encoding certain OPT options.

Version 5.1.0 - 2019-01-22

• Feature: Added support for the RP record type.

Version 5.0.0 - 2018-06-01

• Breaking: Node.js 6.0.0 or greater is now required.
• Feature: Added support for DNSSEC record types.

Version 4.1.0 - 2018-02-11

• Feature: Added support for the MX record type.

Version 4.0.0 - 2018-02-04

• Feature: Added streamEncode and streamDecode methods for encoding TCP packets.
• Breaking: Changed the decoded value of TXT records to an array of Buffers. This is to accomodate DNS-SD records which rely on the individual strings record being separated.
• Breaking: Renamed the flag_trunc and flag_auth to flag_tc and flag_aa to match the names of these in the dns standards.

Version 3.0.0 - 2018-01-12

• Breaking: The class option has been changed from integer to string.

Version 2.0.0 - 2018-01-11

• Breaking: Converted module to ES2015, now requires Node.js 4.0 or greater

Commits

• 7b66620 v5.6.1
• 13f19d9 Proper Encoding/Decoding for Email Name Representation for SOA and RP Records...
• 519f55d test node 20
• e50f34c 5.6.0
• f14f483 Add TLSA support (#92)
• ec4d317 sort record types in README alphabetically
• a0687b3 5.5.0
• aca1ff7 implement the NAPTR record (#89)
• 31d3caf 5.4.0
• 0fc249c add SSHFP to readme
• Additional commits viewable in compare view

Updates ws from 6.1.4 to 8.11.0

Release notes

Sourced from ws's releases.

8.11.0

Features

• WebSocket.prototype.addEventListener() now supports an event listener specified as an object with a handleEvent() method. (9ab743aa).

Bug fixes

• WebSocket.prototype.addEventListener() now adds an event listener only if it is not already in the list of the event listeners for the specified event type (1cec17da).

8.10.0

Features

• Added an export for package.json (211d5d38).

8.9.0

Features

• Added the ability to connect to Windows named pipes (#2079).

8.8.1

Bug fixes

• The Authorization and Cookie headers are no longer sent if the original request for the opening handshake is sent to an IPC server and the client is redirected to another IPC server (bc8bd34e).

8.8.0

Features

• Added the WS_NO_BUFFER_UTIL and WS_NO_UTF_8_VALIDATE environment variables (becf237c).

8.7.0

Features

• Added the ability to inspect the invalid handshake requests and respond to them with a custom HTTP response. (6e5a5ce3).

Bug fixes

• The handshake is now aborted if the Upgrade header field value in the HTTP response is not a case-insensitive match for the value "websocket" (0fdcc0af).
• The Authorization and Cookie headers are no longer sent when following an insecure redirect (wss: to ws:) to the same host (d68ba9e1).

8.6.0

Features

... (truncated)

Commits

• afd8c62 [dist] 8.11.0
• 1cec17d [fix] Add the same event listener only once
• 9ab743a [feature] Add support for objets with a handleEvent() method
• 38f7879 [ci] Test on node 19
• cdca711 [dist] 8.10.0
• 211d5d3 [pkg] Add package.json export
• c4d6eb3 [ci] Do not use the set-output command
• 966f9d4 [dist] 8.9.0
• e628f2b [feature] Support Windows named pipes (#2079)
• 7ff26d9 [doc] Fix nits
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

Updates follow-redirects from 1.12.1 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits

• f6f6a3b Use a little more robust method of checking instances
• ef60987 Update version
• b62f1da Protect against constructor modification, #84
• fb427cd Link to json-schema-org repository in addition to site, fixes #54
• 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84