Bump the npm_and_yarn group across 1 directory with 14 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: axios and react-scripts.

Updates axios from 0.24.0 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Updates react-scripts from 4.0.3 to 5.0.1

Commits

• 19fa58d Publish
• 9802941 fix: webpack noise printed only if error or warning (#12245)
• 2eef1d0 Update templates to use React 18 createRoot (#12220)
• 221e511 Publish
• 5614c87 Add support for Tailwind (#11717)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• c7627ce Update webpack and dev server (#11646)
• 544befe Update package.json (#11597)
• Additional commits viewable in compare view

Updates semver from 5.7.2 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

6.2.0

• Coerce numbers to strings when passed to semver.coerce()
• Add rtl option to coerce from right to left

6.1.3

• Handle X-ranges properly in includePrerelease mode

6.1.2

• Do not throw when testing invalid version strings

6.1.1

• Add options support for semver.coerce()
• Handle undefined version passed to Range.test

6.1.0

• Add semver.compareBuild function
• Support * in semver.intersects

6.0

• Fix intersects logic.

  This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

• 44d27bc chore: release 6.3.1
• 928e56d fix: better handling of whitespace (#591)
• 39f6326 chore: @​npmcli/template-oss@​4.16.0
• 0eeceec 6.3.0
• 2779d96 Expose the token enum on the exports
• 9f5f615 changelog
• ce6190e 6.2.0
• 24af461 Add test coverage for bin file
• 388ec1c Add rtl option to coerce from right to left
• d062593 coerce(number) will coerce to a string
• Additional commits viewable in compare view

Updates ansi-html from 0.0.7 to 0.0.9

Commits

• See full diff in compare view

Updates loader-utils from 1.4.2 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

... (truncated)

Commits

• 6688b50 chore(release): 2.0.4
• ac09944 fix: ReDoS problem (#225)
• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• 5fb5562 chore(release): 2.0.1
• 1069f61 fix: md4 support on Node.js v17 (#193)
• d9f4e23 chore(release): 2.0.0
• 865dc03 refactor: switch to md4 by default (#168)
• Additional commits viewable in compare view

Updates browserslist from 4.14.2 to 4.23.0

Release notes

Sourced from browserslist's releases.

4.23.0

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

Changelog

Sourced from browserslist's changelog.

4.23.0

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

4.22.3

• Fixed white spaces support in supports query (@​g-plane).
• Fixed shared config like @company/package/browserslist-config (@​boucodes).

4.22.2

• Fixed idempotency in time queries with mobileToDesktop (by Aliaksei Sapach).

4.22.1

• Updated Firefox ESR (by @​lerkor).

4.22

• Added fully supports query (by Ben Scott).
• Added partially supports alias for supports query (by Ben Scott).

4.21.11

• Added warning to --update-db to move to new CLI (by Ivan Vasilev).
• Fixed docs (by Tatsunori Uchino).

4.21.10

• Updated Firefox ESR.

4.21.9

• Fixed Opera Mobile edge cases (by Steve Repsher).

4.21.8

• Fixed supports query and mobileToDesktop (by Steve Repsher).

4.21.7

• Fixed last queries for Android (by Steve Repsher).

4.21.6

• Fixed time queries with mobileToDesktop (by Steve Repsher).
• Fixed docs (by Tatsunori Uchino, Will Stone, and Dominik Pschenitschni).

4.21.5

• Fixed running Browserslist in browser environment.

4.21.4

• Updated Firefox ESR.

4.21.3

• Improved unknown region and unknown feature error (by Alexander Chabin).

4.21.2

• Updated Firefox ESR.

4.21.1

... (truncated)

Commits

• a23d971 Release 4.23 version
• 61e7712 Update dependencies
• 2c313aa Add Github release workflow
• 3caf908 Update CI
• b58ae05 feat: add BROWSERSLIST_ROOT_PATH (#819)
• 8ddc4d8 Update grammar definition file (#817)
• 65ad382 Release 4.22.3 version
• 0efec9b Add Node.js 21 to CI
• aaf5f2b Update dependencies
• a3ba90b Updated regex to have the option of adding an extension after @​companyName bu...
• Additional commits viewable in compare view

Updates ejs from 2.7.4 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates glob-parent from 3.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

• eliminate ReDoS (#36) (f923116)

v5.1.1

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

v5.1.0

Features

• add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

v5.0.0

⚠ BREAKING CHANGES

• Drop support for node <6 & bump dependencies

Miscellaneous Chores

• Drop support for node <6 & bump dependencies (896c0c0)

v4.0.0

⚠ BREAKING CHANGES

• question marks are valid path characters on Windows so avoid flagging as a glob when alone
• Update is-glob dependency

Features

• hoist regexps and strings for performance gains (4a80667)
• question marks are valid path characters on Windows so avoid flagging as a glob when alone (2a551dd)
• Update is-glob dependency (e41fcd8)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

• eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

• Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

5.1.0 (2021-01-27)

Features

• add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

5.0.0 (2021-01-27)

⚠ BREAKING CHANGES

• Drop support for node <6 & bump dependencies

... (truncated)

Commits

• eb2c439 chore: update changelog
• 12bcb6c chore: release 5.1.2
• f923116 fix: eliminate ReDoS (#36)
• 0b014a7 chore: add JSDoc returns information (#33)
• 2b24ebd chore: generate initial changelog
• 9b6e874 chore: release 5.1.1
• 749c35e ci: try wrapping the JOB_ID in a string
• 5d39def ci: attempt to switch to published coveralls
• 0b5b37f ci: put the npm step back in for only Windows
• 473f5d8 ci: update azure build images
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by phated, a new releaser for glob-parent since your current version.

Updates immer from 8.0.1 to 9.0.21

Release notes

Sourced from immer's releases.

v9.0.21

9.0.21 (2023-03-23)

Bug Fixes

• ensure type exports is first in package.json export declaration (#1018) (b6ccd0f)

v9.0.20

9.0.20 (2023-03-23)

Bug Fixes

• patching maps failed when using number keys (#1025) (dd83e2e)

v9.0.19

9.0.19 (2023-01-27)

Bug Fixes

• don't freeze drafts returned from produce if they were passed in as draft (#917) (46867f8)
• produce results should never be frozen when returned from nested produces, to prevent 'hiding' drafts. Fixes #935 (a810960)
• release and publish from 'main' rather than 'master' branch (82acc40)
• revert earlier fix (#990) for recursive types (#1014) (3eeb331)
• Upgrade Github actions to Node 16 attempt 1 (9d4ea93)
• Upgrade Github actions to Node 16 attempt 2 (082eecd)

v9.0.18

9.0.18 (2023-01-15)

Bug Fixes

• Preserve insertion order of Sets, fixes #819 (#976) (b3eeb69)
• unnecessarily recursive Draft type (#990) (b9eae1d)

v9.0.17

9.0.17 (2023-01-02)

Bug Fixes

• special case NaN in setter (#912) (5721bb7)

v9.0.16

9.0.16 (2022-10-22)

... (truncated)

Commits

• 7c15339 chore(deps): bump loader-utils from 2.0.0 to 2.0.4 in /website (#1026)
• f07ec9d chore(deps): bump @​sideway/formula from 3.0.0 to 3.0.1 in /website (#1027)
• b6ccd0f fix: ensure type exports is first in package.json export declaration (#1018)
• 385837d chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#1017)
• e1696b7 chore(deps): bump webpack from 5.75.0 to 5.76.1 in /website (#1024)
• dd83e2e fix: patching maps failed when using number keys (#1025)
• 082eecd fix: Upgrade Github actions to Node 16 attempt 2
• 9d4ea93 fix: Upgrade Github actions to Node 16 attempt 1
• 82acc40 fix: release and publish from 'main' rather than 'master' branch
• 3eeb331 fix: revert earlier fix (#990) for recursive types (#1014)
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.1.2

Commits

• 699c459 3.1.2
• 2f2b5ff fix: trim pattern
• 25d7c0d 3.1.1
• 55dda29 fix: treat nocase:true as always having magic
• 5e1fb8d 3.1.0
• f8145c5 Add 'allowWindowsEscape' option
• 570e8b1 add publishConfig for v3 publishes
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• Additional commits viewable in compare view

Updates node-forge from 0.10.0 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

• RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

• Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
• HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • The code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24771
  • GHSA ID: GHSA-cfm4-qjh2-4765
• HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • The code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24772
  • GHSA ID: GHSA-x4jg-mjrx-434g
• MEDIUM: Leniency in checking type octet.
  • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
  • CVE ID: CVE-2022-24773
  • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

• [asn1] Add fallback to pretty print invalid UTF8 data.
• [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
  • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
• [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

Commits

• a0a4a42 Release 1.3.1.
• a33830f Update changelog.
• 740954d Allow optional DigestAlgorithm parameters.
• 56f4316 Allow DigestInfo.DigestAlgorith.parameters to be optional
• cbf0bd5 Start 1.3.1-0.
• 6c5b901 Release 1.3.0.
• 0f3972a Update changelog.
• dc77b39 Fix error checking.
• bb822c0 Add advisory links.
• d4395fe Update changelog.
• Additional commits viewable in compare view

Updates postcss from 7.0.36 to 7.0.39

Release notes

Sourced from postcss's releases.

7.0.39

• Reduce package size.
• Backport nanocolors to picocolors migration.

7.0.38

• Update Processor#version.

7.0.37

• Backport chalk to nanocolors migration.

Changelog

Sourced from postcss's changelog.

7.0.39

• Reduce package size.
• Backport nanocolors to picocolors migration.

7.0.38

• Update Processor#version.

7.0.37

• Backport chalk to nanocolors migration.

Commits

• e17c1ef Release 7.0.39 version
• 6791bd3 Reduce npm package
• 44c581a Replace nanocolors with picocolors
• 8ba21fd Remove eslint-ci
• 3994c4a Release 7.0.38 version
• 6944e1d Remove development keys from package.json
• 4dd0af0 Release 7.0.37 version
• 8408eb4 Add compilation step
• 0c68063 Move tests to GitHub Actions
• 98b61ba Replace chalk to nanocolors
• See full diff in compare view

Updates shell-quote from 1.7.2 to 1.8.1

Changelog

Sourced from shell-quote's changelog.

v1.8.1 - 2023-04-07

Fixed

• [Fix] parse: preserve whitespace in comments [#6](https://github.com/ljharb/shell-quote/issues/6)
• [Fix] properly support the escape option [#5](https://github.com/ljharb/shell-quote/issues/5)

Commits

• [Refactor] parse: hoist getVar to module level b42ac73
• [Refactor] hoist some vars to module level 8f0c5c3
• [Refactor] parse: use slice over substr, cache some values fcb2e1a
• [Refactor] parse: a bit of cleanup 6780ec5
• [Refactor] parse: tweak the regex to not match nothing 227d474
• [Tests] increase coverage a66de94
• [Refactor] parse: avoid shadowing a function arg 1d58679

v1.8.0 - 2023-01-30

Commits

• [New] extract parse and quote to their own deep imports 553fdfc
• [Tests] add nyc coverage fd7ddcd
• [New] Add support for here strings (<<<) 9802fb3
• [New] parse: Add syntax support for duplicating input file descriptors 216b198
• [Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31
• [Tests] add evalmd c5549fc
• [actions] update checkout action 62e9b49

v1.7.4 - 2022-10-12

Merged

• Add node_modules to .gitignore [#48](https://github.com/ljharb/shell-quote/issues/48)

Commits

• [eslint] fix indentation and whitespace aaa9d1f
• [eslint] additional cleanup 397cb62
• [meta] add auto-changelog 497fca5
• [actions] add reusable workflows 4763c36
• [eslint] add eslint 6ee1437
• [readme] rename, add badges 7eb5134
• [meta] update URLs 67381b6
• [meta] create FUNDING.yml; add funding in package.json 8641572
• [meta] use npmignore to autogenerate an npmignore file

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
portfolio-pro	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 5, 2024 1:58am