build(deps): bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
bson	1.0.4	1.1.4
fstream	1.0.11	1.0.12
mongodb	2.2.31	3.1.13
tar	2.2.1	6.2.1
grunt	1.0.1	1.5.3
lodash	3.7.0	4.17.21
jshint	2.9.5	2.9.7
handlebars	4.0.11	4.7.8
js-yaml	3.5.5	3.14.1
minimist	1.2.0	1.2.8
mkdirp	0.5.1	0.5.6
handlebars	4.0.11	4.7.8
mocha	4.1.0	10.4.0
minimatch	3.0.4	3.0.8
shelljs	0.3.0	removed
grunt-contrib-jshint	1.1.0	3.2.0

Updates bson from 1.0.4 to 1.1.4

Release notes

Sourced from bson's releases.

v1.1.4

The MongoDB Node.js team is pleased to announce version 1.1.4 of the bson module!

This patch release resolves an issue with BSON serialization with invalid _bsontype, originally reported by @​xiaofen9. MongoDB will be issuing a CVE for this vulnerability, and we recommend that all users pin their version of the bson module to 1.1.4 or higher.

Release Notes

Changelog

Sourced from bson's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.6.0 (2024-04-01)

Features

• NODE-5958: add BSON iterating API (#656) (269df91)
• NODE-5959: make byte parsing utils available on onDemand library (#662) (efab49a)

Bug Fixes

• NODE-6042: Binary.toString output with respect to position (#663) (d7898f9)
• NODE-6059: clean up experimental APIs (#665) (3289184)

6.5.0 (2024-03-12)

Features

• NODE-5506: add Binary subtype sensitive (#657) (748ca60)
• NODE-5957: add BSON indexing API (#654) (2ac17ec)

Bug Fixes

• NODE-6016: flip byte order depending on system endianness (#659) (6a7ef5d)

6.4.0 (2024-02-29)

Features

• NODE-5909: optimize writing basic latin strings (#645) (ec51256)

Bug Fixes

• NODE-5873: objectId symbol property not defined on instances from cross cjs and mjs (#643) (4d9884d)

Performance Improvements

• NODE-5557: move DataView and Set allocation used for double parsing and utf8 validation to nested path (#611) (9a150e1)
• NODE-5910: optimize small byte copies (#651) (24d035e)
• NODE-5934: replace DataView uses with bit math (#649) (6d343ab)
• NODE-5955: use pooled memory when possible (#653) (78c4264)

... (truncated)

Commits

• 6e782da 1.1.4
• 3809c13 fix: throw if invalid _bsontype is detected
• e4de7b5 1.1.3
• 8de4140 Revert "fix(_bsontype): only check bsontype if it is a prototype member."
• 179e1ed 1.1.2
• dd8a349 fix(_bsontype): only check bsontype if it is a prototype member.
• 3142508 1.1.1
• 8980296 chore: update browser_build
• 24aefba feat: replace new Buffer with modern versions
• 35beb90 chore: update package-lock.json
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mbroadst, a new releaser for bson since your current version.

Updates fstream from 1.0.11 to 1.0.12

Commits

• 4235459 1.0.12
• 6a77d2f Clobber a Link if it's in the way of a File
• See full diff in compare view

Updates mongodb from 2.2.31 to 3.1.13

Changelog

Sourced from mongodb's changelog.

3.1.13 (2019-01-23)

Bug Fixes

• restore ability to webpack by removing makeLazyLoader (050267d)
• bulk: honor ignoreUndefined in initializeUnorderedBulkOp (e806be4)
• changeStream: properly handle changeStream event mid-close (#1902) (5ad9fa9)
• db_ops: ensure we async resolve errors in createCollection (210c71d)

3.1.12 (2019-01-16)

Features

• core: update to mongodb-core v3.1.11 (9bef6e7)

3.1.11 (2019-01-15)

Bug Fixes

• bulk: fix error propagation in empty bulk.execute (a3adb3f)
• bulk: make sure that any error in bulk write is propagated (bedc2d2)
• bulk: properly calculate batch size for bulk writes (aafe71b)
• operations: do not call require in a hot path (ff82ff4)

3.1.10 (2018-11-16)

Bug Fixes

• auth: remember to default to admin database (c7dec28)

Features

• core: update to mongodb-core v3.1.9 (bd3355b)

... (truncated)

Commits

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing makeLazyLoader
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• Additional commits viewable in compare view

Updates tar from 2.2.1 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

6.2

• Add support for brotli compression

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

• Address unpack race conditions using path reservations
• Change large-numbers errors from TypeError to Error
• Add TAR_* error codes
• Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
• do not treat ignored entries as an invalid archive
• drop support for node v4
• unpack: conditionally use a file mapping to write files on Windows
• Set more portable 'mode' value in portable mode
• Set portable gzip option in portable mode

4.4

• Add 'mtime' option to tar creation to force mtime
• unpack: only reuse file fs entries if nlink = 1
• unpack: rename before unlinking files on Windows
• Fix encoding/decoding of base-256 numbers
• Use stat instead of lstat when checking CWD

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates grunt from 1.0.1 to 1.5.3

Release notes

Sourced from grunt's releases.

v1.5.3

• Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

• Update Changelog 7f15fd5
• Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

• Merge pull request #1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

• Updated changelog b2b2c2b
• Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #1736 from justlep/main fdc7056
• support .cjs extension e35fe54

gruntjs/grunt@v1.4.1...v1.5.0

v1.4.1

• Update Changelog e7625e5
• Merge pull request #1731 from gruntjs/update-options 5d67e34
• Fix ci install d13bf88
• Switch to Actions 08896ae
• Update grunt-known-options eee0673
• Add note about a breaking change 1b6e288

gruntjs/grunt@v1.4.0...v1.4.1

v1.4.0

• Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
• Update changelog and util dep 106ed17
• Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
• Update CLI and nodeunit 47cf8b6
• Merge pull request #1722 from gruntjs/update-through e86db1c
• Update deps 4952368

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency.

... (truncated)

Commits

• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request #1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling
• d5969ec 1.5.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt since your current version.

Updates getobject from 0.1.0 to 1.0.2

Release notes

Sourced from getobject's releases.

v1.0.2

• Merge pull request #8 from cowboy/dependabot/npm_and_yarn/path-parse-1.0.7 6f86cf7
• Bump path-parse from 1.0.6 to 1.0.7 6e79841

cowboy/node-getobject@v1.0.1...v1.0.2

v1.0.1

• Update deps 141e3a5
• Merge pull request #7 from cowboy/dependabot/npm_and_yarn/hosted-git-info-2.8.9 c97cf3e
• Bump hosted-git-info from 2.8.8 to 2.8.9 201e91b
• Update dev deps 5ffb873

cowboy/node-getobject@v1.0.0...v1.0.1

v1.0.0

No release notes provided.

Commits

• 46e55ec 1.0.2
• 6f86cf7 Merge pull request #8 from cowboy/dependabot/npm_and_yarn/path-parse-1.0.7
• 6e79841 Bump path-parse from 1.0.6 to 1.0.7
• 84bd719 1.0.1
• 141e3a5 Update deps
• c97cf3e Merge pull request #7 from cowboy/dependabot/npm_and_yarn/hosted-git-info-2.8.9
• 201e91b Bump hosted-git-info from 2.8.8 to 2.8.9
• 5ffb873 Update dev deps
• 92e0d1f 1.0.0
• 6828cb9 README updates
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for getobject since your current version.

Updates lodash from 3.7.0 to 4.17.21

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table> 

... (truncated)

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates jshint from 2.9.5 to 2.9.7

Release notes

Sourced from jshint's releases.

JSHint 2.9.7

2.9.7 (2018-12-07)

This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

JSHint 2.9.6

2.9.6 (2018-07-30)

Bug Fixes

• Add missing global objects for browser env (badc7a4)
• Add other Fetch spec globals (07bb596), closes #2582
• Allow closing over immutable bindings (7091685)
• Allow computed method names in obj literal (a5ff715)
• Allow empty export and trailing comma (631327e), closes #2567
• Avoid infinite loop on invalid for stmt (56a4379)
• Consistently ignore dot-prefixed dirs (8d4317e)
• Correct impl of built-in bindings (a11d631)
• Correct interpretation of whitespace (dd06eea)
• Correct location of reported error (1c434a3)
• Correct location reported for W043 (1d04868)
• Correct reporting of var name in list comprehensions (0ff6644)
• Correct restriction on function name (55aa54e)
• Correct spelling of Uint8ClampedArray (8df4a32)
• Create block scope for switch statements (aa2be10)
• Disallow default values in rest parameters (b420aed)
• Do not create binding for illegal syntax (9fe8c94)
• Do not warn about non-ambiguous linebreaks (ab3ab85)
• Fix "is is" message typos (7993101)
• Preserve functionality in "legacy" Node.js (2f6ac13)
• recognize Jasmine global spyOnProperty (827237f), closes #3183
• Relax restriction on asgnmnt to arguments (0a66710)
• Remove warning W100 (ff71d3c)
• Report error for duplicate arrow params (506c7d5)
• Report error for redeclared generator fns (8896fa3)
• Restrict "name" of strict mode functions (a554c89)
• Restrict super usage to valid forms (8f3f880)
• Restrict IdentifierNames in ES5 code (5995a9f)
• Tolerate division following closing brace (3aa02db)
• Tolerate RegExp as void operand (3f920b5)
• Tolerate whitespace in inline directives (efeb0f8)

Features

• List outer scoped variables of W083 (d03662c), closes #3211

Changelog

Sourced from jshint's changelog.

2.9.7 (2018-12-07)

This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

2.9.6 (2018-07-30)

Bug Fixes

• Add missing global objects for browser env (badc7a4)
• Add other Fetch spec globals (07bb596), closes #2582
• Allow closing over immutable bindings (7091685)
• Allow computed method names in obj literal (a5ff715)
• Allow empty export and trailing comma (631327e), closes #2567
• Avoid infinite loop on invalid for stmt (56a4379)
• Consistently ignore dot-prefixed dirs (8d4317e)
• Correct impl of built-in bindings (a11d631)
• Correct interpretation of whitespace (dd06eea)
• Correct location of reported error (1c434a3)
• Correct location reported for W043 (1d04868)
• Correct reporting of var name in list comprehensions (0ff6644)
• Correct restriction on function name (55aa54e)
• Correct spelling of Uint8ClampedArray (8df4a32)
• Create block scope for switch statements (aa2be10)
• Disallow default values in rest parameters (b420aed)
• Do not create binding for illegal syntax (9fe8c94)
• Do not warn about non-ambiguous linebreaks (ab3ab85)
• Fix "is is" message typos (7993101)
• Preserve functionality in "legacy" Node.js (2f6ac13)
• recognize Jasmine global spyOnProperty (827237f), closes #3183
• Relax restriction on asgnmnt to arguments (0a66710)
• Remove warning W100 (ff71d3c)
• Report error for duplicate arrow params (506c7d5)
• Report error for redeclared generator fns (8896fa3)
• Restrict "name" of strict mode functions (a554c89)
• Restrict super usage to valid forms (8f3f880)
• Restrict IdentifierNames in ES5 code (5995a9f)
• Tolerate division following closing brace (3aa02db)
• Tolerate RegExp as void operand (3f920b5)
• Tolerate whitespace in inline directives (efeb0f8)

Features

• List outer scoped variables of W083 (d03662c), closes #3211

Commits

• 01bf8c6 v2.9.7
• 71f2f1f [[TEST]] Assert CLI behavior: stdin w/o filename
• 3a8ef8b Added Spotify to companies who use JSHint (#3333)
• 80c7fda [[CHORE]] Relocate development dependency
• f70250b [[CHORE]] Relocate development dependencies
• d5c1a00 v2.9.6
• ab3ab85 [[FIX]] Do not warn about non-ambiguous linebreaks
• eaca85b [[CHORE]] Improve test coverage for ASI warning
• 0a66710 [[FIX]] Relax restriction on asgnmnt to arguments
• 3aa02db [[FIX]] Tolerate division following closing brace
• Additional commits viewable in compare view

Updates handlebars from 4.0.11 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates js-yaml from 3.5.5 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for safe/loadAll(input, options)
• d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• Additional commits viewable in compare view

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json