Bump the npm_and_yarn group across 1 directory with 36 updates

[dependabot]

Bumps the npm_and_yarn group with 32 updates in the / directory:

Package	From	To
got	11.8.2	11.8.5
liquidjs	9.22.1	10.0.0
next	11.0.0	13.5.1
node-fetch	2.6.1	2.6.7
semver	7.3.5	7.5.2
@actions/core	1.2.7	1.9.1
async	3.2.0	3.2.2
webpack	5.37.1	5.76.0
@babel/traverse	7.14.2	7.24.5
@sideway/formula	3.0.0	3.0.1
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.14.1	1.15.6
http-cache-semantics	4.0.3	4.1.1
jpeg-js	0.4.2	0.4.4
@jimp/jpeg	0.16.1	0.16.13
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
json5	1.0.1	1.0.2
jszip	3.6.0	3.10.1
minimatch	3.0.4	3.0.5
replace	1.2.1	1.2.2
minimist	1.2.5	1.2.8
path-parse	1.0.6	1.0.7
qs	6.5.2	6.5.3
tough-cookie	2.5.0	4.1.4
jsdom	16.5.3	16.7.0
website-scraper	4.2.3	5.3.1
trim	0.0.1	removed
remark-rehype	5.0.0	11.1.0
xml2js	0.4.19	0.5.0
rss-parser	3.12.0	3.13.0
parse-bmfont-xml	1.1.4	1.1.6

Updates got from 11.8.2 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

• Backport security fix sindresorhus/got@861ccd9
  • CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

• Bump cacheable-request dependency (#1921) 9463bb6
• Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

Commits

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
• See full diff in compare view

Updates liquidjs from 9.22.1 to 10.0.0

Release notes

Sourced from liquidjs's releases.

v10.0.0

10.0.0 (2022-11-27)

chore

• rename filters to snake style, #487 (ff112a4)

Code Refactoring

• _evalToken renamed to evalToken (4e1a30a)
• change ownPropertyOnly default value to true (7eb6216)
• delay creation of operatorsTrie and hide this implementation (bb58d3e)
• remove toThenable export (ffefd91)
• remove use of internal Context class in evalValue argument (b115077)

Performance Improvements

• target Node.js 14 for cjs bundle (main entry) (1f6ce7c)

BREAKING CHANGES

• evalToken now returns a generator (LiquidJS async), which is different from evalToken in previous LiquidJS versions.
• main entry need Node.js>=14 to run, you can build LiquidJS by your own by using ESM entry.
• ownPropertyOnly default value changed to true
• <liquidjs>.toThenable is removed, use <liquidjs>.toPromise instead
• evalValue won't support Context as second argument anymore.
• use operators instead of operatorsTrie as Tokenizer constructor argument, #500
• keys in <liquidjs>.filters are now in snake case (instead of camel case), identical to that in Liquid template.

v9.43.0

9.43.0 (2022-11-27)

Features

• support timezone offset argument for date filter, #553 (7a71485)

v9.42.1

9.42.1 (2022-10-21)

Bug Fixes

• truncatewords should use at least one word, #537 (32f613f)

v9.42.0

... (truncated)

Changelog

Sourced from liquidjs's changelog.

10.0.0 (2022-11-27)

Code Refactoring

• rename filters to snake style, #487 (ff112a4)
• _evalToken renamed to evalToken (4e1a30a)
• change ownPropertyOnly default value to true (7eb6216)
• delay creation of operatorsTrie and hide this implementation (bb58d3e)
• remove toThenable export (ffefd91)
• remove use of internal Context class in evalValue argument (b115077)

Performance Improvements

• target Node.js 14 for cjs bundle (main entry) (1f6ce7c)

BREAKING CHANGES

• evalToken now returns a generator (LiquidJS async), which is different from evalToken in previous LiquidJS versions.
• main entry need Node.js>=14 to run, you can build LiquidJS by your own by using ESM entry.
• ownPropertyOnly default value changed to true
• <liquidjs>.toThenable is removed, use <liquidjs>.toPromise instead
• evalValue won't support Context as second argument anymore.
• use operators instead of operatorsTrie as Tokenizer constructor argument, #500
• keys in <liquidjs>.filters are now in snake case (instead of camel case), identical to that in Liquid template.

9.43.0 (2022-11-27)

Features

• support timezone offset argument for date filter, #553 (7a71485)

9.42.1 (2022-10-21)

Bug Fixes

• truncatewords should use at least one word, #537 (32f613f)

9.42.0 (2022-08-27)

Features

• promise in expression & nested property, #533 #276 (bbf00f3)

9.41.0 (2022-08-24)

... (truncated)

Commits

• 9b9ef37 chore(release): 10.0.0 [skip ci]
• 5bbdc08 chore(deps): bump minimatch from 3.0.4 to 3.1.2
• 1380ac9 refactor: more consistent tags to make it easier to iterate over, #524
• 4e1a30a refactor: _evalToken renamed to evalToken
• 9299268 refactor: Tag class support in registerTag()
• 1f6ce7c perf: target Node.js 14 for cjs bundle (main entry)
• 7eb6216 refactor: change ownPropertyOnly default value to true
• ffefd91 refactor: remove toThenable export
• b115077 refactor: remove use of internal Context class in evalValue argument
• bb58d3e refactor: delay creation of operatorsTrie and hide this implementation
• Additional commits viewable in compare view

Updates next from 11.0.0 to 13.5.1

Commits

• 0c1c7f8 v13.5.1
• 9744285 v13.5.1-canary.1
• 44eba02 improve publish-release (#55597)
• c652dc8 v13.5.1-canary.0
• ffafad2 v13.5.0
• 4a589ed v13.4.20-canary.41
• deb81cf fix styled-jsx alias (#55581)
• 1a9b0f6 improve internal error logging (#55582)
• 0631549 Fix react packages are not bundled for metadata routes (#55579)
• bad5365 Update supported config options for Turbopack (#55556)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

Updates node-fetch from 2.6.1 to 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

v2.6.6

What's Changed

• fix(URL): prefer built in URL version when available and fallback to whatwg by @​jimmywarting in node-fetch/node-fetch#1352

Full Changelog: node-fetch/node-fetch@v2.6.5...v2.6.6

v2.6.2

fixed main path in package.json

Commits

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (...
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by endless, a new releaser for node-fetch since your current version.

Updates semver from 7.3.5 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

7.3.8 (2022-10-04)

Bug Fixes

... (truncated)

Commits

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @​npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates @actions/core from 1.2.7 to 1.9.1

Changelog

Sourced from @​actions/core's changelog.

1.9.1

• Randomize delimiter when calling core.exportVariable

1.9.0

• Added toPosixPath, toWin32Path and toPlatformPath utilities #1102

1.8.2

• Update to v2.0.1 of @actions/http-client #1087

1.8.1

• Update to v2.0.0 of @actions/http-client

1.8.0

• Deprecate markdownSummary extension export in favor of summary
  • actions/toolkit#1072
  • actions/toolkit#1073

1.7.0

• Added markdownSummary extension

1.6.0

• Added OIDC Client function getIDToken
• Added file parameter to AnnotationProperties

1.5.0

• Added support for notice annotations and more annotation fields

1.4.0

• Added the getMultilineInput function

1.3.0

• Added the trimWhitespace option to getInput
• Added the getBooleanInput function

Commits

• See full diff in compare view

Updates async from 3.2.0 to 3.2.2

Changelog

Sourced from async's changelog.

v3.2.2

• Fix potential prototype pollution exploit

v3.2.1

• Use queueMicrotask if available to the environment (#1761)
• Minor perf improvement in priorityQueue (#1727)
• More examples in documentation (#1726)
• Various doc fixes (#1708, #1712, #1717, #1740, #1739, #1749, #1756)
• Improved test coverage (#1754)

Commits

• acc084e Version 3.2.2
• acd7316 Update built files
• b50d648 update changelog for 3.2.2
• e1ecdbf Fix prototype pollution vulnerability
• fc9ba65 Fix(docs): use plural callbacks word in lib/map.js (#1765)
• b1b69b0 regen docs
• cac52e3 update changelog
• d1af045 Version 3.2.1
• b31840e Update built files
• 159a119 Enhance examples for Collections methods. (#1726)
• Additional commits viewable in compare view

Updates postcss from 8.3.0 to 8.4.14

Release notes

Sourced from postcss's releases.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

8.4.3

• Fixed this.css.replace is not a function error.

8.4.2

• Fixed previous source map support in zero plugins mode.

8.4.1

• Fixed Stringifier types (by @​43081j).

8.4 “President Camio”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

8.4.3

• Fixed this.css.replace is not a function error.

8.4.2

• Fixed previous source map support in zero plugins mode.

8.4.1

• Fixed Stringifier types (by James Garbutt).

8.4 “President Camio”

• Added ranges for errors and warnings (by Adaline Valentina Simonian).
• Added Stringifier types (by James Garbutt).

... (truncated)

Commits

• b7d1836 Release 8.4.14 version
• 57006b4 Update dependencies
• 2a97ab8 Merge pull request #1744 from zardoy/patch-1
• 6447b55 Merge pull request #1747 from ben-lau/main
• e36ed17 Update plugins.md
• 24f2efc Update depedencies
• 9bda624 Try to fix CI
• 7cd8e27 improve warnings count testing
• 2295e28 fix tests
• fc19f1b fix: print deprecation warning only when plugin is used
• Additional commits viewable in compare view

Updates webpack from 5.37.1 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in webpack/webpack#16500
• Improve hash performance via conditional initialization by @​lvivski in webpack/webpack#16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in webpack/webpack#16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in webpack/webpack#16759

Features

• add target to LoaderContext type by @​askoufis in webpack/webpack#16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in webpack/webpack#16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in webpack/webpack#16614
• Replace TypeScript logo in README by @​jakebailey in webpack/webpack#16613
• Update actions/cache dependencies by @​piwysocki in webpack/webpack#16493

New Contributors

• @​Jack-Works made their first contribution in webpack/webpack#16500
• @​lvivski made their first contribution in webpack/webpack#16491
• @​jakebailey made their first contribution in webpack/webpack#16614
• @​akhilgkrishnan made their first contribution in webpack/webpack#16446
• @​ryanwilsonperkin made their first contribution in webpack/webpack#16703
• @​piwysocki made their first contribution in webpack/webpack#16493
• @​askoufis made their first contribution in webpack/webpack#16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

... (truncated)

Commits

• 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request #16493 from piwysocki/patch-1
• 5f34acf feat: Add target to LoaderContext type
• b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request #16613 from jakebailey/ts-logo
• 302eb37 Merge pull request #16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates @babel/traverse from 7.14.2 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Rom Grk (@​romgrk)
• @​liuxingbaoyu
• ynnsuis (@​sossost)

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24....

Description has been truncated