Bump the npm_and_yarn group across 3 directories with 26 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
karma	3.1.4	6.3.16
trix	2.0.0	2.1.1
jquery	2.2.4	3.5.0
browserify-sign	4.2.1	4.2.3
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.15.2	1.15.6
json5	1.0.1	1.0.2
semver	5.6.0	5.7.2
word-wrap	1.2.3	1.2.5
y18n	4.0.0	4.0.3

Bumps the npm_and_yarn group with 11 updates in the /actionmailbox/test/dummy directory:

Package	From	To
browserify-sign	4.0.4	4.2.3
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.7.0	1.15.6
fsevents	1.1.3	1.2.13
loader-utils	1.1.0	1.4.2
minimatch	3.0.4	3.0.8
y18n	3.2.1	3.2.2
@babel/traverse	7.3.4	7.24.7
eventsource	1.0.7	1.1.2
express	4.16.2	4.19.2
url-parse	1.4.4	1.5.10

Bumps the npm_and_yarn group with 2 updates in the /actionview directory: karma and jquery.

Updates karma from 3.1.4 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates trix from 2.0.0 to 2.1.1

Release notes

Sourced from trix's releases.

v2.1.1

What's Changed

• Bump tar from 6.2.0 to 6.2.1 by @​dependabot in basecamp/trix#1146
• Sanitize noscript to prevent copy and paste XSS by @​lewispb in basecamp/trix#1147
• Sanitize HTML content in data-trix-* attributes by @​lewispb & @​afcapel in basecamp/trix#1149

New Contributors

• @​lewispb made their first contribution in basecamp/trix#1147

Full Changelog: basecamp/trix@v2.1.0...v2.1.1

v2.1.0

What's Changed

• Bump ip from 1.1.8 to 1.1.9 by @​dependabot in basecamp/trix#1136
• Bump follow-redirects from 1.15.4 to 1.15.6 by @​dependabot in basecamp/trix#1140
• Allow custom HTML attributes in blocks by @​afcapel in basecamp/trix#1138

Full Changelog: basecamp/trix@v2.0.10...v2.1.0

v2.0.10

What's Changed

• Use the target range to insert the replacement text by @​afcapel in basecamp/trix#1131

Full Changelog: basecamp/trix@v2.0.9...v2.0.10

v2.0.9

What's Changed

• Pass invoking element as event data by @​swanson in basecamp/trix#1112
• Update unpkg revision by @​jmscholen in basecamp/trix#1115
• Bump follow-redirects from 1.15.3 to 1.15.4 by @​dependabot in basecamp/trix#1118
• Rebrand back to 37signals by @​northeastprince in basecamp/trix#1123
• Add default word-break to trix-content by @​afcapel in basecamp/trix#1126
• Request render after insertReplacementText by @​afcapel in basecamp/trix#1129
• Only run test on SauceLabs when SAUCE_ACCESS_KEY is set by @​afcapel in basecamp/trix#1130

New Contributors

• @​swanson made their first contribution in basecamp/trix#1112
• @​jmscholen made their first contribution in basecamp/trix#1115

Full Changelog: basecamp/trix@v2.0.8...v2.0.9

v2.0.8

What's Changed

• Include source maps in the npm package by @​afcapel in basecamp/trix#1098
• Normalize lone CRs as new lines by @​josefarias in basecamp/trix#1099
• Bump @​babel/traverse from 7.23.0 to 7.23.2 by @​dependabot in basecamp/trix#1102

New Contributors

... (truncated)

Commits

• 0c79bcb v2.1.1
• 1a5c68a Merge pull request #1149 from basecamp/paste-html-sanitize
• 14bac18 Sanitize HTML content in data-trix-* attributes
• 1abe3d2 Test attachment content is sanitized
• 841ff19 Merge pull request #1147 from basecamp/sanitize-noscript
• 5e03f4a Sanitize noscript to prevent copy and paste XSS
• 36c7aeb Merge pull request #1146 from basecamp/dependabot/npm_and_yarn/tar-6.2.1
• c6023ed Bump tar from 6.2.0 to 6.2.1
• 968ceda v2.1.0
• bf8f52a Merge pull request #1138 from basecamp/custom-html-block-attributes
• Additional commits viewable in compare view

Updates jquery from 2.2.4 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates braces from 0.1.5 to 2.3.2

Changelog

Sourced from braces's changelog.

[2.3.2] - 2018-04-08

• start refactoring
• cover sets
• better range handling

[2.3.1] - 2018-02-17

• Remove unnecessary escape in Regex. (#14)

[2.3.0] - 2017-10-19

• minor code reorganization
• optimize regex
• expose maxLength option

[2.2.1] - 2017-05-30

• don't condense when braces contain extglobs

[2.2.0] - 2017-05-28

• ensure word boundaries are preserved
• fixes edge case where extglob characters precede a brace pattern

[2.1.1] - 2017-04-27

• use snapdragon-node
• handle edge case
• optimizations, lint

[2.0.4] - 2017-04-11

• pass opts to compiler
• minor optimization in create method
• re-write parser handlers to remove negation regex

[2.0.3] - 2016-12-10

• use split-string
• clear queue at the end
• adds sequences example
• add unit tests

[2.0.2] - 2016-10-21

• fix comma handling in nested extglobs

[2.0.1] - 2016-10-20

... (truncated)

Commits

• See full diff in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates engine.io from 3.2.1 to 6.5.4

Release notes

Sourced from engine.io's releases.

6.5.4

This release contains some minor changes which should improve the memory usage of the server, notably this.

Links

• Diff: socketio/engine.io@6.5.3...6.5.4
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.3

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Links

• Diff: socketio/engine.io@6.5.2...6.5.3
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.2

Bug Fixes

• webtransport: add proper framing (a306db0)

Links

• Diff: socketio/engine.io@6.5.1...6.5.2
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.1

Bug Fixes

• prevent crash when accessing TextDecoder (#684) (6dd2bc4)

Credits

Huge thanks to @​iowaguy for helping!

Links

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.5.4 (2023-11-09)

This release contains some minor changes which should improve the memory usage of the server, notably this.

Dependencies

• ws@~8.11.0 (no change)

6.5.3 (2023-10-06)

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Dependencies

• ws@~8.11.0 (no change)

6.5.2 (2023-08-01)

Bug Fixes

• webtransport: add proper framing (a306db0)

Dependencies

• ws@~8.11.0 (no change)

6.5.1 (2023-06-27)

Bug Fixes

• prevent crash when accessing TextDecoder (#684) (6dd2bc4)

Credits

... (truncated)

Commits

• ff0fbfb chore(release): 6.5.4
• 09acb17 ci: add Node.js 20 in the test matrix
• 39937f8 refactor: minor cleanups
• 43c1c1c refactor: simplify code
• 3b5e79e refactor: remove useless references
• f27a6c3 refactor: remove useless reference
• 2da559a chore(release): 6.5.3
• 9545b44 refactor: add cache-control header in the polling response
• ff1c861 fix(webtransport): properly handle abruptly closed connections
• c6bf8c0 fix: improve compatibility with node16 module resolution (#689)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates log4js from 3.0.6 to 6.9.1

Changelog

Sourced from log4js's changelog.

6.9.1

• fix(7922e82): regex for stacktrace - thanks @​lamweili
  • addresses #1377 which has a regression since 6.8.0 from #1363 at commit 7922e82

6.9.0

• feat: support for idempotent logging on browser - thanks @​aellerton
  • addresses #968, #1270, #1288, #1372
• docs: added that log4js.getLogger() may call log4js.configure() - thanks @​lamweili

6.8.0

• feat: added log4js.isConfigured() API - thanks @​lamweili
  • docs: added log4js.isConfigured() - thanks @​lamweili
• feat(layout): support a specifier on %m - thanks @​lamweili
• fix: tilde expansion for windows - thanks @​lamweili
• docs: updated typescript usage - thanks @​lamweili
• test: improved test for fileAppender - thanks @​lamweili
• ci: generate coverage report in both text and html - thanks @​lamweili
• ci: replaced deprecated github set-output - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps): bump streamroller from 3.1.3 to 3.1.5
  • chore(deps): updated package-lock.json
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.3.0 to 17.4.4
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.3.0 to 17.4.4
  • chore(deps-dev): bump eslint from 8.28.0 to 8.34.0
  • chore(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0
  • chore(deps-dev): bump eslint-import-resolver-node from 0.3.6 to 0.3.7
  • chore(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.5
  • chore(deps-dev): bump fs-extra from 10.1.0 to 11.1.0
  • chore(deps-dev): bump husky from 8.0.2 to 8.0.3
  • chore(deps-dev): bump prettier from 2.8.0 to 2.8.4
  • chore(deps-dev): bump tap from 16.3.2 to 16.3.4
  • chore(deps-dev): bump typescript from 4.9.3 to 4.9.5
  • chore(deps-dev): updated package-lock.json
• chore(deps-dev): bump json5 from 1.0.1 to 1.0.2 - thanks @​Dependabot

6.7.1

• type: updated Configuration.levels type to allow for custom log levels - thanks @​lamweili
• docs: fixed typo in layouts.md - thanks @​dtslvr
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.1.2 to 17.3.0
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.1.0 to 17.3.0
  • chore(deps-dev): bump eslint from 8.24.0 to 8.28.0
  • chore(deps-dev): bump husky from 8.0.1 to 8.0.2
  • chore(deps-dev): bump prettier from 2.7.1 to 2.8.0
  • chore(deps-dev): bump tap from 16.3.0 to 16.3.2

... (truncated)

Commits

• 26dcec6 6.9.1
• 63ae5b9 Merge pull request #1379 from log4js-node/update-docs
• 185fa66 docs: updated changelog for 6.9.1
• ed54dc2 Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...
• 2628688 fix(7922e82): regex for stacktrace
• b3919d8 6.9.0
• 7cfe8a4 Merge pull request #1376 from log4js-node/update-docs
• f89e7b6 docs: updated changelog for 6.9.0
• 0082928 Merge pull request #1375 from log4js-node/update-docs
• c0db6a4 docs: added that log4js.getLogger() may call log4js.configure()
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by csausdev, a new releaser for log4js since your current version.

Updates minimist from 0.0.10 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

• security notice 4cf1354
• additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

• more failing proto pollution tests 13c01a5
• even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

• failing test for protocol pollution 0efed03
• cleanup 67d3722
• console.dir -> console.log 47acf72
• don't assign onto proto 63e7ed0

v1.2.1 - 2020-03-10

Merged

• move the opts['--'] example back where it belongs [#63](https://github.com/minimistjs/minimist/issues/63)

Commits

• add test 6be5dae
• fix bad boolean regexp ac3fc79

v1.2.0 - 2015-08-24

Commits

• failing -k=v short test 63416b8
• kv short fix 6bbe145

... (truncated)

Commits

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• aeb3e27 1.2.5
• 278677b 1.2.4
• 4cf1354 security notice
• 1043d21 additional test for constructor prototype pollution
• 6457d74 1.2.3
• 38a4d1c even more aggressive checks for protocol pollution
• Additional commits viewable in compare view

Updates semver from 5.6.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• 8055dda 5.7.0
• 604e73d auto-publishing scripts
• bed01e2 remove the nomin comments, since we don't minify any more anyway
• 9cb68f1 document parse method
• 38d42ca 5.7 changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates socket.io-parser from 3.2.0 to 4.2.4

Release notes

Sourced from socket.io-parser's releases.

4.2.4

Bug Fixes

Description has been truncated