build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: bson, mongodb, tar and grunt.

Updates bson from 1.0.4 to 1.1.4

Release notes

Sourced from bson's releases.

v1.1.4

The MongoDB Node.js team is pleased to announce version 1.1.4 of the bson module!

This patch release resolves an issue with BSON serialization with invalid _bsontype, originally reported by @​xiaofen9. MongoDB will be issuing a CVE for this vulnerability, and we recommend that all users pin their version of the bson module to 1.1.4 or higher.

Release Notes

Changelog

Sourced from bson's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.6.0 (2024-04-01)

Features

• NODE-5958: add BSON iterating API (#656) (269df91)
• NODE-5959: make byte parsing utils available on onDemand library (#662) (efab49a)

Bug Fixes

• NODE-6042: Binary.toString output with respect to position (#663) (d7898f9)
• NODE-6059: clean up experimental APIs (#665) (3289184)

6.5.0 (2024-03-12)

Features

• NODE-5506: add Binary subtype sensitive (#657) (748ca60)
• NODE-5957: add BSON indexing API (#654) (2ac17ec)

Bug Fixes

• NODE-6016: flip byte order depending on system endianness (#659) (6a7ef5d)

6.4.0 (2024-02-29)

Features

• NODE-5909: optimize writing basic latin strings (#645) (ec51256)

Bug Fixes

• NODE-5873: objectId symbol property not defined on instances from cross cjs and mjs (#643) (4d9884d)

Performance Improvements

• NODE-5557: move DataView and Set allocation used for double parsing and utf8 validation to nested path (#611) (9a150e1)
• NODE-5910: optimize small byte copies (#651) (24d035e)
• NODE-5934: replace DataView uses with bit math (#649) (6d343ab)
• NODE-5955: use pooled memory when possible (#653) (78c4264)

... (truncated)

Commits

• 6e782da 1.1.4
• 3809c13 fix: throw if invalid _bsontype is detected
• e4de7b5 1.1.3
• 8de4140 Revert "fix(_bsontype): only check bsontype if it is a prototype member."
• 179e1ed 1.1.2
• dd8a349 fix(_bsontype): only check bsontype if it is a prototype member.
• 3142508 1.1.1
• 8980296 chore: update browser_build
• 24aefba feat: replace new Buffer with modern versions
• 35beb90 chore: update package-lock.json
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mbroadst, a new releaser for bson since your current version.

Updates mongodb from 2.2.26 to 3.1.13

Changelog

Sourced from mongodb's changelog.

3.1.13 (2019-01-23)

Bug Fixes

• restore ability to webpack by removing makeLazyLoader (050267d)
• bulk: honor ignoreUndefined in initializeUnorderedBulkOp (e806be4)
• changeStream: properly handle changeStream event mid-close (#1902) (5ad9fa9)
• db_ops: ensure we async resolve errors in createCollection (210c71d)

3.1.12 (2019-01-16)

Features

• core: update to mongodb-core v3.1.11 (9bef6e7)

3.1.11 (2019-01-15)

Bug Fixes

• bulk: fix error propagation in empty bulk.execute (a3adb3f)
• bulk: make sure that any error in bulk write is propagated (bedc2d2)
• bulk: properly calculate batch size for bulk writes (aafe71b)
• operations: do not call require in a hot path (ff82ff4)

3.1.10 (2018-11-16)

Bug Fixes

• auth: remember to default to admin database (c7dec28)

Features

• core: update to mongodb-core v3.1.9 (bd3355b)

... (truncated)

Commits

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing makeLazyLoader
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mbroadst, a new releaser for mongodb since your current version.

Updates tar from 2.2.1 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

6.2

• Add support for brotli compression

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

• Address unpack race conditions using path reservations
• Change large-numbers errors from TypeError to Error
• Add TAR_* error codes
• Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
• do not treat ignored entries as an invalid archive
• drop support for node v4
• unpack: conditionally use a file mapping to write files on Windows
• Set more portable 'mode' value in portable mode
• Set portable gzip option in portable mode

4.4

• Add 'mtime' option to tar creation to force mtime
• unpack: only reuse file fs entries if nlink = 1
• unpack: rename before unlinking files on Windows
• Fix encoding/decoding of base-256 numbers
• Use stat instead of lstat when checking CWD

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates grunt from 1.0.4 to 1.6.1

Release notes

Sourced from grunt's releases.

v1.6.1

• Changelog updates 72f6f03
• Merge pull request #1755 from gruntjs/rm-dep 8d4c183
• Add recursive 1c7d483
• Merge pull request #1756 from gruntjs/downgrade-glob 2d4fd38
• Downgrade glob 902db7c
• Fix syntax 494f243
• remove mkdirp b01389e
• remove dep on rimraf and mkdirp 0072510

gruntjs/grunt@v1.6.0...v1.6.1

v1.6.0

• Merge pull request #1750 from gruntjs/dep-update-jan28 2805dc3
• README updates 3f1e423
• Bump to 16 8fd096d
• Update more deps 42c5f95
• Bump eslint and node version 1d88050

gruntjs/grunt@v1.5.3...v1.6.0

v1.5.3

• Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

• Update Changelog 7f15fd5
• Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

• Merge pull request #1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

• Updated changelog b2b2c2b
• Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #1736 from justlep/main fdc7056

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.6.1 date: 2023-01-31 changes: - Downgrades to glob 7 for Windows compatability - Removes mkdirp and rimraf in favour of node.js APIs. v1.6.0 date: 2023-01-28 changes: - Requires node.js 16+. - template.date now uses dateformat ~4.6.2. - other dependency updates such as glob, rimraf, etc. v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0

... (truncated)

Commits

• 8372e11 1.6.1
• 72f6f03 Changelog updates
• 8d4c183 Merge pull request #1755 from gruntjs/rm-dep
• 1c7d483 Add recursive
• 2d4fd38 Merge pull request #1756 from gruntjs/downgrade-glob
• 902db7c Downgrade glob
• 494f243 Fix syntax
• b01389e remove mkdirp
• 0072510 remove dep on rimraf and mkdirp
• 0afeb5c 1.6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.