Bump the npm_and_yarn group group with 6 updates

[dependabot]

Bumps the npm_and_yarn group group with 6 updates:

Package	From	To
jsonwebtoken	9.0.0	9.0.2
@types/jsonwebtoken	8.5.1	9.0.6
next	13.5.0	14.1.0
sqlite3	5.1.5	5.1.7
postcss	8.4.14	8.4.31
semver	5.7.1	5.7.2

Updates jsonwebtoken from 9.0.0 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

Commits

• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates @types/jsonwebtoken from 8.5.1 to 9.0.6

Commits

• See full diff in compare view

Updates next from 13.5.0 to 14.1.0

Release notes

Sourced from next's releases.

v14.1.0

Core Changes

• Turbopack: switch to a single client components entrypoint: #59352
• Update swc_core to v0.86.98 and turbopack: #59393
• Fix cases for the optimize_server_react transform: #59390
• Use new JSX transform: #56294
• loading.tsx should have no effect on partial rendering when PPR is enabled: #59196
• Update font data: #59426
• Remove CacheNode.status field: #59472
• Rename CacheNode.data → .lazyData : #59473
• Generate Params Cleanup: #59431
• Fix webpack chunks handling in traces: #59498
• Rename CacheNode.subTreeData -> .rsc : #59491
• fix NODE_OPTIONS=inspect: #59530
• Add CacheNode.prefetchRsc field: #59537
• allow passing wildcard domains in serverActions.allowedDomains: #59428
• Page Info Cleanup: #59430
• Fix force-static and fetch no-store cases: #59549
• Should not show no index for client rendering bailout: #59531
• Enable build worker by default: #59405
• Fork navigateReducer into PPR and non-PPR versions: #59538
• cleanup magic segment strings: #59552
• chore: update Turbopack: #59589
• Fix another magic segment string constant: #59591
• Make CacheNodeSeedData match FlightRouterState more closely: #59590
• transpilePackages should override default settings for external packages: #59385
• move segment constants to separate file: #59587
• Revert "Page Info Cleanup (#59430)": #59592
• Fix useOptimistic in server components bug. Add tests for invalid React server APIs: #59621
• Partial Pre Rendering Headers: #59447
• Add tests for invalid React server APIs: #59622
• Refactor setup-dev-bundler to make Turbopack/Webpack split clearer: #59650
• refactor and simplify app dynamic components: #59658
• Change manifestPath to pagesManifestPath: #59657
• Fix issue with outputFileTracingExcludes and pages/api edge runtime: #59157
• Update font data: #59722
• Remove path normalization logic when uploading .next/trace traces: #59305
• LayoutRouter: Support segment value of Promise to asynchronously bail out and trigger a server patch: #59724
• fix: Allow start turbopack dev server for a project using middleware: #59759
• fix: gracefully shutdown server: #59551
• Revert "fix: gracefully shutdown server (#59551)": #59792
• Optionally bundle legacy react-dom/server APIs based on usage: #59737
• fix default handling in route groups that handle interception: #59752
• Transpile all code on app browser layer: #59569
• Initial implementation of PPR client navigations: #59725
• fix(turbopack): prevent edge entrypoint from becoming an async module: #59818
• Ensure we validate revalidate configs properly: #59822
• Update error check in validateRevalidate: #59826
• Rename confusing loaders: #59827

... (truncated)

Commits

• 16e7a5b v14.1.0
• 8a3881f Update labeler.json (#60843)
• 1b255a6 v14.0.5-canary.68
• 02c2f11 Enable missing suspense bailout by default (#60840)
• 2096dfa v14.0.5-canary.67
• b8d8e6e dx: warn the deprecated cache configs are used (#60836)
• c192f4e turbopack: rename custom cache handler configs (#60828)
• 2227ae5 Revert "Fix: Throw an error for empty array return in generateStaticParams ...
• b7f5107 Fix: respect init.cache if fetch input is request instance (#60821)
• 752c15e Add metrics names for unstable_cache (#60802)
• Additional commits viewable in compare view

Updates sqlite3 from 5.1.5 to 5.1.7

Release notes

Sourced from sqlite3's releases.

v5.1.7

What's Changed

• Updated bundled SQLite to v3.44.2 by @​daniellockyer
• Replaced @mapbox/node-pre-gyp with prebuild + prebuild-install (TryGhost/node-sqlite3@605c7f9) by @​daniellockyer
  • this should fix a lot of bundling issues reported by the community
• Improved RowToJS performance by removing Napi::String::New instantiation by @​daniellockyer
• Various minor code refactors and improvements (thanks @​zenon8adams!)

New Contributors

• @​zenon8adams made their first contribution in TryGhost/node-sqlite3#1701

Full Changelog: TryGhost/node-sqlite3@v5.1.6...v5.1.7

v5.1.7-rc.0

Please install v5.1.7 instead.

Full Changelog: TryGhost/node-sqlite3@v5.1.6...v5.1.7-rc.0

v5.1.6

What's Changed

• Fixed glibc compatibility by hardcoding lower version for log2 by @​daniellockyer
• Add generic type annotations for Statement and Database get/all/each methods callback rows by @​stevescruz in TryGhost/node-sqlite3#1686

New Contributors

• @​stevescruz made their first contribution in TryGhost/node-sqlite3#1686

Full Changelog: TryGhost/node-sqlite3@v5.1.5...v5.1.6

Commits

• ba4ba07 v5.1.7
• d04c1fb Removed Node version from matrix title
• 03d6e75 v5.1.7-rc.0
• 8398daa Fixed uploading assets from Docker
• 8b86e41 Fixed uploading release assets on Windows
• 83c8c0a Configured releases to be created as prereleases
• f792f69 Update dependency node-addon-api to v7
• 4ef11bf Removed extraneous parameter to event emit function
• e99160a Inlined init() functions into class header files
• 3372130 Improved RowToJS performance by removing Napi::String::New instantiation
• Additional commits viewable in compare view

Updates postcss from 8.4.14 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.