Bump the npm_and_yarn group across 1 directories with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the /. directory:

Package	From	To
semver	5.7.2	7.5.4
core-js-compat	3.21.0	3.35.0
@babel/traverse	7.17.0	7.23.7
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
decode-uri-component	0.2.0	0.2.2
minimatch	3.0.4	3.1.2
recursive-readdir	2.2.2	2.2.3
serve	13.0.2	14.2.1
follow-redirects	1.15.1	1.15.5
tough-cookie	4.0.0	4.1.3
word-wrap	1.2.3	1.2.5

Updates semver from 5.7.2 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

... (truncated)

Commits

• 36cd334 chore: release 7.5.4
• 8456d87 chore: postinstall for dependabot template-oss PR
• dde1f00 chore: postinstall for dependabot template-oss PR
• dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
• d619f66 chore: postinstall for dependabot template-oss PR
• 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
• cc6fde2 fix: trim each range set before parsing
• 99d8287 fix: correctly parse long build ids as valid (#583)
• 4f0f6b1 chore: fix arguments in whitespace test (#574)
• 6bd1a37 chore: remove duplicate test in semver class (#575)
• Additional commits viewable in compare view

Updates core-js-compat from 3.21.0 to 3.35.0

Changelog

Sourced from core-js-compat's changelog.

3.35.0 - 2023.12.29

• { Map, Set, WeakMap, WeakSet }.{ from, of } became non-generic, following this and some other notes. Now they can be invoked without this, but no longer return subclass instances
• Fixed handling some cases of non-enumerable symbol keys from Symbol polyfill
• Removed unneeded NodeJS domains-related logic from queueMicrotask polyfill
• Fixed subclassing of wrapped ArrayBuffer
• Refactoring, many different minor optimizations
• Compat data improvements:
  • Array.fromAsync marked as supported from V8 ~ Chrome 121
  • It seems that the ancient Array.prototype.push bug is fixed in V8 ~ Chrome 122 (Hallelujah!)
  • ArrayBuffer.prototype.transfer and friends proposal features marked as supported from FF 122 and Bun 1.0.19
  • Object.groupBy and Map.groupBy marked as supported from Bun 1.0.19
  • Since Iterator helpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37
  • Added Opera Android 80 and updated Opera Android 79 compat data mapping
  • Added Samsung Internet 24 compat data mapping

3.34.0 - 2023.12.06

• Array grouping proposal:
  • Methods:
    • Object.groupBy
    • Map.groupBy
  • Moved to stable ES, November 2023 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Promise.withResolvers proposal:
  • Method:
    • Promise.withResolvers
  • Moved to stable ES, November 2023 TC39 meeting
  • Added es. namespace module, /es/ and /stable/ namespaces entries
• Fixed a web incompatibility issue of Iterator helpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meeting
• Added Uint8Array to / from base64 and hex stage 2 proposal:
  • Methods:
    • Uint8Array.fromBase64
    • Uint8Array.fromHex
    • Uint8Array.prototype.toBase64
    • Uint8Array.prototype.toHex
• Relaxed some specific cases of Number.fromString validation before clarification of proposal-number-fromstring/24
• Fixed @@toStringTag property descriptors on DOM collections, #1312
• Fixed the order of arguments validation in Array iteration methods, #1313
• Some minor atob / btoa improvements
• Compat data improvements:
  • Promise.withResolvers marked as shipped from FF121

3.33.3 - 2023.11.20

• Fixed an issue getting the global object on Duktape, #1303
• Avoid sharing internal [[DedentMap]] from String.dedent proposal between core-js instances before stabilization of the proposal
• Some internal untangling
• Compat data improvements:
  • Added Deno 1.38 compat data mapping
  • Array.fromAsync marked as supported from Deno 1.38
  • Symbol.{ dispose, asyncDispose } marked as supported from Deno 1.38
  • Added Opera Android 79 compat data mapping

... (truncated)

Commits

• eafff6c 3.35.0
• bd0b9fc mark Iterator helpers as supported from Deno 1.37
• 948e48f ArrayBuffer.prototype.transfer and friends proposal marked as supported fro...
• 9d24e4d mark Object.groupBy and Map.groupBy as supported from Bun 1.0.19
• a7b141b it seems that the ancient Array.prototype.push bug is fixed in V8 ~ Chrome ...
• 9d43cd6 mark ArrayBuffer.prototype.transfer and friends proposal features as suppor...
• ad8cc60 add Samsung Internet 24 compat data mapping
• acfd91c add Opera Android 80 compat data mapping
• 30f9650 specify deno 1.39 mapping
• b12aaa0 mark Array.fromAsync as supported from V8 ~ Chrome 121
• Additional commits viewable in compare view

Updates @babel/traverse from 7.17.0 to 7.23.7

Release notes

Sourced from @​babel/traverse's releases.

v7.23.7 (2023-12-29)

🐛 Bug Fix

• babel-traverse
  • #16191 fix: Crash when removing without Program (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators
  • #16180 fix: Class decorator ctx.kind is wrong (@​liuxingbaoyu)
• babel-plugin-proposal-decorators
  • #16170 Fix decorator initProto usage in derived classes (@​JLHwung)
• babel-core
  • #16167 Avoid unpreventable unhandledRejection events (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-create-class-features-plugin
  • #16186 chore: Update deps (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16177 Merge decorators into class features (@​JLHwung)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.23.6 (2023-12-11)

Thanks @​martinez-hugo and @​odinho for your first pull requests!

👓 Spec Compliance

• babel-generator, babel-parser, babel-types
  • #16154 Remove TSPropertySignature.initializer (@​fisker)
• babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-types
  • #16139 Apply toPropertyKey on decorator context name (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16166 fix: Correctly indenting when retainLines is enabled (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management
  • #16150 using: Allow looking up Symbol.dispose on a function (@​odinho)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16161 Ensure the [[@@toPrimitive]] call of a decorated class member key is invoked once (@​JLHwung)
  • #16148 Support named evaluation for decorated anonymous class exp (@​JLHwung)
• babel-plugin-transform-for-of, babel-preset-env
  • #16011 fix: for of with iterableIsArray and shadowing variable (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16144 Set function name for decorated private non-field elements (@​JLHwung)
• babel-plugin-transform-typescript
  • #16137 Fix references to enum values with merging (@​nicolo-ribaudo)

🔬 Output optimization

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.23.7 (2023-12-29)

🐛 Bug Fix

• babel-traverse
  • #16191 fix: Crash when removing without Program (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators
  • #16180 fix: Class decorator ctx.kind is wrong (@​liuxingbaoyu)
• babel-plugin-proposal-decorators
  • #16170 Fix decorator initProto usage in derived classes (@​JLHwung)
• babel-core
  • #16167 Avoid unpreventable unhandledRejection events (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-create-class-features-plugin
  • #16186 chore: Update deps (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16177 Merge decorators into class features (@​JLHwung)

v7.23.6 (2023-12-11)

👓 Spec Compliance

• babel-generator, babel-parser, babel-types
  • #16154 Remove TSPropertySignature.initializer (@​fisker)
• babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-types
  • #16139 Apply toPropertyKey on decorator context name (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16166 fix: Correctly indenting when retainLines is enabled (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management
  • #16150 using: Allow looking up Symbol.dispose on a function (@​odinho)
• babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16161 Ensure the [[@@toPrimitive]] call of a decorated class member key is invoked once (@​JLHwung)
  • #16148 Support named evaluation for decorated anonymous class exp (@​JLHwung)
• babel-plugin-transform-for-of, babel-preset-env
  • #16011 fix: for of with iterableIsArray and shadowing variable (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16144 Set function name for decorated private non-field elements (@​JLHwung)
• babel-plugin-transform-typescript
  • #16137 Fix references to enum values with merging (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16159 Reuse computed key memoiser (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators
  • #16160 Optimize decorator helper size (@​liuxingbaoyu)

v7.23.5 (2023-11-29)

👓 Spec Compliance

• babel-plugin-proposal-decorators
  • #16138 Class binding is in TDZ during decorators initialization (@​nicolo-ribaudo)

... (truncated)

Commits

• e428a6d v7.23.7
• d292822 fix: Crash when removing without Program (#16191)
• d02c1f7 v7.23.6
• cce807f Bump debug to ^4.3.1 (#16164)
• 8479012 v7.23.5
• da7dc40 Do not remove bindings when removing assignment expression path (#16131)
• fadc081 fix: Unexpected duplication of comments (#16110)
• 13a5c83 v7.23.4
• 5e1c5f0 Use prettier 3.1 (#16098)
• 1bce5c9 v7.23.3
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates recursive-readdir from 2.2.2 to 2.2.3

Changelog

Sourced from recursive-readdir's changelog.

v2.2.3 - Mon, 19 Sep 2016 21:55:22 GMT

• 1840d5a7e58e9d8b96c217b8066077fec339de21 [fixed] updated minimatch to 3.0.5 (and added caret semver range) to address vulnerability in minimatch 3.0.4

v2.1.0 - Mon, 19 Sep 2016 21:55:22 GMT

v2.0.0 - Wed, 06 Apr 2016 04:31:02 GMT

v1.3.0 - Wed, 14 Oct 2015 14:35:55 GMT

• 45abf8fde380d7b1f5dc0e798d435ed50b834d9c [added] added custom matcher function to determine whether to ignore a file
• eebc91c67abce413d6213e8f389ba4e0d32ffb63 [fixed] allow ignoring directories

v1.2.1 - Wed, 14 Jan 2015 16:49:55 GMT

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by bnb, a new releaser for recursive-readdir since your current version.

Updates serve from 13.0.2 to 14.2.1

Release notes

Sourced from serve's releases.

14.2.1

Patches

• Set Access-Control-Allow-Headers: * default response header: #775

Credits

Huge thanks to @​hood for helping!

14.2.0

Minor Changes

• Update CORS headers to support PNA spec: #753
• Bump @zeit/schemas package: #756

Patches

• Update the license year: #752

Credits

Huge thanks to @​k-yle and @​IcedMonk for helping!

14.1.2

Patches

• Fix: add missing CLI option to argv parser: #742

Credits

Huge thanks to @​casperx for helping!

14.1.1

Patches

• Infra: move c8 (coverage) to devDeps: #743

Credits

Huge thanks to @​AviVahl for helping!

14.1.0

Minor Changes

• Feat: Add support for PFX or PKCS12 encoded certificates: #708
• Feat: add request logging: #716

Patches

• Docs(readme): add note about using node 14+: #715

... (truncated)

Commits

• 39eecc5 14.2.1
• aaa323d Set Access-Control-Allow-Headers: * default response header (#775)
• 155b412 14.2.0
• 87014ae Bump @zeit/schemas package (#756)
• 12d561f Update CORS headers to support PNA spec (#753)
• 30c8978 Update the license year. (#752)
• b877dd2 14.1.2
• dee1e04 fix: add missing CLI option to argv parser (#742)
• aa4a827 14.1.1
• e9cc380 infra: move c8 (coverage) to devDeps (#743)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for serve since your current version.

Updates follow-redirects from 1.15.1 to 1.15.5

Commits

• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• 3d42aec Add bracket tests.
• bcbb096 Do not directly set Error properties.
• 192dbe7 Release version 1.15.3 of the npm package.
• Additional commits viewable in compare view

Updates tough-cookie from 4.0.0 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by @​colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by @​colincasey in salesforce/tough-cookie#249
• 4.1.1 Patch -- allow special use domains by default by @​awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by @​ShivanKaul in salesforce/tough-cookie#189
• Missing param validation issue145 by @​medelibero-sfdc in salesforce/tough-cookie#193
• Create SECURITY.md by @​ShivanKaul in salesforce/tough-cookie#201
• Create CODE_OF_CONDUCT.md by @​ShivanKaul in salesforce/tough-cookie#200
• Fix for issue #195 by @​medelibero-sfdc in salesforce/tough-cookie#202
• Add explanation and more special-use domains by @​ShivanKaul in salesforce/tough-cookie#203
• Sync of constructor options for serialization by @​medelibero-sfdc in salesforce/tough-cookie#204
• Returned null in case of empty cookie value by @​vsin12 in salesforce/tough-cookie#196
• 132 str trim not a function by @​awaterma in salesforce/tough-cookie#209
• Fix for issue #153 by @​medelibero-sfdc in salesforce/tough-cookie#210
• Fix permuteDomain with trailing dot by @​ruoho-sfdc in salesforce/tough-cookie#216
• Issue #213 -- added gh-actions flow for building and testing tough-co… by @​awaterma in salesforce/tough-cookie#218
• Issue #210 -- Updated workflow to use npm install. by @​awaterma in salesforce/tough-cookie#220
• @GH-215 -- Tests that document localhost behavior when set as domain. by @​awaterma in salesforce/tough-cookie#221
• fix: MemoryCookieStore methods should exist on the prototype, not on the class. by @​wjhsf in salesforce/tough-cookie#226
• Unit test cases for allowSpecialUseDomain option by @​colincasey in salesforce/tough-cookie#225
• [Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by @​snyk-bot in salesforce/tough-cookie#228
• React Native Support by @​colincasey in salesforce/tough-cookie#227
• Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by @​svc-scm in salesforce/tough-cookie#223
• fix: domain match routine by @​colincasey in salesforce/tough-cookie#236
• Stop using the internal NodeJS punycode module by @​gboer in salesforce/tough-cookie#238
• Initial documentation review by @​mcarey86 in salesforce/tough-cookie#234
• fix: distinguish between no samesite and samesite=none by @​colincasey in salesforce/tough-cookie#240
• Prepare tough-cookie 4.1 for publ...

  Description has been truncated

  Note
  Automatic rebases have been disabled on this pull request as it has been open for over 30 days.