Bump the npm_and_yarn group across 2 directories with 40 updates

[dependabot]

Bumps the npm_and_yarn group with 27 updates in the / directory:

Package	From	To
lodash	4.17.4	4.17.21
lodash-es	4.17.4	4.17.21
ansi-regex	2.0.0	2.1.1
async	2.5.0	2.6.4
debug	2.2.0	2.6.9
fsevents	1.1.2	1.2.13
fstream	1.0.10	1.0.12
ini	1.3.4	1.3.8
json-schema	0.2.3	0.4.0
jsprim	1.4.0	1.4.2
jsprim	1.3.1	1.4.2
qs	6.2.1	6.2.4
stringstream	0.0.5	0.0.6
tunnel-agent	0.4.3	0.6.0
npm	3.10.10	5.1.0
handlebars	4.0.10	4.7.8
js-yaml	3.9.0	3.14.1
jsdom	9.12.0	removed
jest	20.0.4	29.7.0
y18n	3.2.1	3.2.2
https-proxy-agent	2.0.0	2.2.4
ip	1.1.5	1.1.9
tar-fs	1.15.3	1.16.3
bl	1.2.1	1.2.3
npm	3.10.10	5.1.0
dot-prop	4.1.1	4.2.1
path-parse	1.0.5	1.0.7
randomatic	1.1.7	3.1.1
fill-range	2.2.3	2.2.4

Bumps the npm_and_yarn group with 26 updates in the /examples/universal directory:

Package	From	To
lodash	4.17.4	4.17.21
lodash-es	4.17.4	4.17.21
async	2.5.0	2.6.4
debug	2.6.8	2.6.9
express	4.15.3	4.19.2
serve-static	1.12.3	1.15.0
minimatch	3.0.4	3.1.2
fsevents	1.1.2	1.2.13
fstream	1.0.11	1.0.12
ini	1.3.4	1.3.8
json-schema	0.2.3	0.4.0
jsprim	1.4.0	1.4.2
qs	6.5.0	6.5.3
request	2.81.0	removed
jest	20.0.4	29.7.0
fsevents	1.1.2	1.2.13
semver	5.3.0	5.7.2
stringstream	0.0.5	0.0.6
glob-parent	2.0.0	5.1.2
watchpack	1.3.1	1.7.5
y18n	3.2.1	3.2.2
randomatic	1.1.7	3.1.1
fill-range	2.2.3	2.2.4
yargs-parser	4.2.1	21.1.1
webpack	2.7.0	5.91.0
webpack-dev-middleware	1.11.0	5.3.4
ua-parser-js	0.7.13	0.7.37

Updates lodash from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates lodash-es from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash-es since your current version.

Updates ansi-regex from 2.0.0 to 2.1.1

Commits

• 7c908e7 2.1.1
• fcb3c28 Support [P escape (delete character) (#10)
• e8beaf5 Use last XO & AVA versions that supports Node.js 0.10 and 0.12 (#11)
• dce3806 Use AVA instead of mocha (#7)
• 5f2c67a added question regarding non-standard codes
• 9d51315 add XO
• 11423e1 added Qix as maintainer
• c3bb7d1 update references to new org
• See full diff in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for ansi-regex since your current version.

Updates async from 2.5.0 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

v2.6.3

• Updated lodash to squelch a security warning (#1675)

v2.6.2

• Updated lodash to squelch a security warning (#1620)

v2.6.1

• Updated lodash to prevent npm audit warnings. (#1532, #1533)
• Made async-es more optimized for webpack users (#1517)
• Fixed a stack overflow with large collections and a synchronous iterator (#1514)
• Various small fixes/chores (#1505, #1511, #1527, #1530)

v2.6.0

• Added missing aliases for many methods. Previously, you could not (e.g.) require('async/find') or use async.anyLimit. (#1483)
• Improved queue performance. (#1448, #1454)
• Add missing sourcemap (#1452, #1453)
• Various doc updates (#1448, #1471, #1483)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• f1d8383 Version 2.6.3
• 2b674c1 update changelog
• eab740f fix: udpate lodash. closes #1675
• eaf32be Version 2.6.2
• 684b42e Update built files
• e1bd3da update changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates fsevents from 1.1.2 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

• Added node v10 for pre-built binaries
• C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

• BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
  • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
• Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
• Compatibility updates for nan v2.9.0

v1.1.3

• Added node v9 for pre-built binaries
• Fixed bug related to using --no-bin-links option on install
• Updated node-pre-gyp to latest version (0.6.39)

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Updates fstream from 1.0.10 to 1.0.12

Commits

• 4235459 1.0.12
• 6a77d2f Clobber a Link if it's in the way of a File
• 1e4527f 1.0.11
• ac4a9e3 Move props.path check below class init (#55)
• 24fabde build: clean up versions
• See full diff in compare view

Updates ini from 1.3.4 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• 738eca5 v1.3.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates json-schema from 0.2.3 to 0.4.0

Commits

• f6f6a3b Use a little more robust method of checking instances
• ef60987 Update version
• b62f1da Protect against constructor modification, #84
• fb427cd Link to json-schema-org repository in addition to site, fixes #54
• 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
• c52a27c Get basic test to pass
• b3f42b3 Add security policy
• 3b0cec3 Update version
• c28470f Update readme to acknowledge the state of the package
• 7dff9cd Merge pull request #81 from hodovani/patch-1
• Additional commits viewable in compare view

Updates jsprim from 1.4.0 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

• #35 Backport json-schema 0.4.0 to version 1.4.x

v1.4.1 (2017-08-02)

• #21 Update verror dep
• #22 Update extsprintf dependency
• #23 update contribution guidelines

Commits

• 5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
• f7d80a9 joyent/node-jsprim#21 Update verror dep
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates jsprim from 1.3.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

• #35 Backport json-schema 0.4.0 to version 1.4.x

v1.4.1 (2017-08-02)

• #21 Update verror dep
• #22 Update extsprintf dependency
• #23 update contribution guidelines

Commits

• 5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
• f7d80a9 joyent/node-jsprim#21 Update verror dep
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates qs from 6.2.1 to 6.2.4

Changelog

Sourced from qs's changelog.

6.2.4

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [Refactor] use cached Array.isArray
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] use safer-buffer instead of Buffer constructor
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

6.2.3

• [Fix] follow allowPrototypes option during merge (#201, #200)
• [Fix] chmod a-x
• [Fix] support keys starting with brackets (#202, #200)
• [Tests] up to node v7.7, v6.10, v4.8; disable osx builds since they block linux builds

6.2.2

• [Fix] ensure that allowPrototypes: false does not ever shadow Object.prototype properties

Commits

• 90d9f2b v6.2.4
• ba24e74 [Fix] parse: ignore __proto__ keys (#428)
• f047c9d [Dev Deps] backport from main
• 5f8e28b [actions] backport actions from main
• 2c38654 [Robustness] stringify: avoid relying on a global undefined (#427)
• 37e176d [meta] fix README.md (#399)
• 081a3ab [Tests] use safer-buffer instead of Buffer constructor
• 943e411 [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• 0d82916 [Fix] utils.merge: avoid a crash with a null target and an array source
• c103b90 [Fix] utils.merge`: avoid a crash with a null target and a truthy non-array...
• Additional commits viewable in compare view

Updates stringstream from 0.0.5 to 0.0.6

Commits

• fee31c5 0.0.6
• 2f4a9d4 Merge pull request #9 from mhart/fix-buffer-constructor-vuln
• afbc744 Ensure data is not a number in Buffer constructor
• See full diff in compare view

Updates tunnel-agent from 0.4.3 to 0.6.0

Commits

• 67df643 0.6.0
• 9ca95ec Use .from
• 8a7c86e 0.5.1
• 5fe6221 0.5.0
• 5bbaf62 Merge pull request #25 from request/safe-buffer
• cdc47b9 Migrating to safe-buffer for security reasons.
• See full diff in compare view

Updates npm from 3.10.10 to 5.1.0

Release notes

Sourced from npm's releases.

libnpmdiff: v5.0.21

5.0.21 (2024-02-26)

Dependencies

• workspace: @npmcli/[email protected]

Chores

• 1d4c464 #7252 @npmcli/[email protected] (@​lukekarrys)

libnpmpack: v5.0.21

5.0.21 (2024-02-26)

Dependencies

• workspace: @npmcli/[email protected]

Chores

• 1d4c464 #7252 @npmcli/[email protected] (@​lukekarrys)

libnpmfund: v5.0.10

Dependencies

• workspace: @npmcli/[email protected]

libnpmfund: v5.0.9

5.0.9 (2024-04-30)

Bug Fixes

• 3ec86a0 #7456 linting: no-unused-vars (#7456) (@​wraithgar)
• 57ebebf #7418 update repository.url in package.json (#7418) (@​wraithgar)

Dependencies

• workspace: @npmcli/[email protected]

libnpmfund: v5.0.8

5.0.8 (2024-04-25)

Dependencies

• workspace: @npmcli/[email protected]

libnpmfund: v5.0.7

5.0.7 (2024-04-10)

Dependencies

... (truncated)

Changelog

Sourced from npm's changelog.

Changelog

10.8.0 (2024-05-15)

Features

• 1e375c1 #7442 create exit handler class (#7442) (@​lukekarrys)

Bug Fixes

• d5c3289 #7513 refactor: use output buffer and error for more commands (#7513) (@​lukekarrys)
• 12f103c #7533 add first param titles to logs where missing (#7533) (@​lukekarrys)
• badeac2 #7521 config: use redact on config output (#7521) (@​lukekarrys)
• 76aef74 #7520 view: refactor exec and execWorkspaces to call same methods (#7520) (@​lukekarrys)
• b54cdb8 #7515 refactor: create new error output primitives (#7515) (@​lukekarrys)
• e40454c #7506 view: dont unwrap arrays in json mode (#7506) (@​lukekarrys)
• 6f64148 require stdout to be a TTY for progress (#7507) (@​lukekarrys)
• db62910 #7504 config: be more aggressive about hiding protected values (#7504) (@​wraithgar)
• 6d456bb #7497 dont write log file for completion commands (#7497) (@​lukekarrys)
• 722c0fa #7463 limit packument cache size based on heap size (@​wraithgar)
• ca1a68d #7474 log if npm deprecate does not match any version (#7474) (@​mbtools)
• 261ea19 #7457 run input.start around help and openining urls (@​lukekarrys)
• 4ab6cf4 #7459 publish: validate dist-tag (#7459) (@​reggi)

Documentation

• b2ce025 #7518 suggest correct bin entry (#7518) (@​Santoshraj2)
• bdd2aae #7502 remove obsolete removal using make uninstall (#7502) (@​avinal)
• c3d2819 #7496 npm help json/global command on windows (#7496) (@​klm-turing, @​lukekarrys)
• 268303c #7479 add npm version to every local help output (#7479) (@​klm-turing)
• e39d422 #7473 suggest "npm repo" for showing the repo of a package (#7473) (@​full-stop)
• f6fff32 #7433 clarify what peerDependenciesMeta does (#7433) (@​xuhdev, @​wraithgar)

Dependencies

• 1cdc662 #7522 @tufjs/[email protected]
• 898bcfd #7522 @sigstore/[email protected]
• fec3c94 #7522 [email protected]
• cb85973 #7522 [email protected]
• e189873 #7498 @sigstore/[email protected]
• c2b28f9 #7498 [email protected]
• 9064ffc #7498 @sigstore/[email protected]
• fd42986 #7498 @npmcli/[email protected]
• 4e53e33 #7498 [email protected]
• f078c82 #7495 [email protected]
• 58f773c #7495 [email protected]
• ea0b07d #7482 [email protected]
• 8d161a4 #7482 [email protected]
• 5b2317b #7463 add lru-cache
• 26fefb8 #7480 [email protected]

... (truncated)

Commits

• 24ec9f2 5.1.0
• 8cefdc3 update AUTHORS
• db0a2f8 doc: update changelog for [email protected]
• 20ff05f remove: Make file: spec/link removal match specification
• 993f673 config: remove old comment (#17600)
• a09c1a6 run-script: allow custom shell (#16687)
• 7d65004 config: refactor to use Object.assign (#17563)
• 9e5a943 install/deps: Compute required package in legacy npm compatible way (#17590)
• 06ba0a1 install: fix spurious removal reporting (#17591)
• 3fc6477 validate-args: Check for name and version (#17592)
• Additional commits viewable in compare view

Updates handlebars from 4.0.10 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates js-yaml from 3.9.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[...

Description has been truncated

[backstage-catalog-validator]

⚠️ Este repositório ainda não está catalogado no Backstage. ⚠️

Por favor, catalogue-o seguindo as instruções nesta documentação. [Via VPN].

💁 Qualquer problema ou dúvida, estamos no Slack, basta abrir um ticket no canal #help-foundation-platform.