Bump the npm_and_yarn group across 2 directories with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 22 updates in the / directory:

Package	From	To
got	11.8.2	11.8.5
parse-url	5.0.7	8.1.0
semver	7.3.5	7.5.2
electron	13.2.3	22.3.25
plist	3.0.4	3.0.5
terser	5.9.0	5.14.2
webpack	5.56.1	5.76.0
@babel/traverse	7.15.4	7.24.5
decode-uri-component	0.2.0	0.2.2
ejs	3.1.6	3.1.10
http-cache-semantics	4.1.0	4.1.1
ip	1.1.5	1.1.9
json5	1.0.1	1.0.2
jszip	3.7.1	3.10.1
minimist	1.2.5	1.2.8
nanoid	3.1.23	3.3.7
node-fetch	2.6.1	2.7.0
postcss	8.3.0	8.4.38
tar	6.1.10	6.2.1
trim-off-newlines	1.0.1	1.0.3
ua-parser-js	0.7.28	0.7.37
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 2 updates in the /app directory: parse-url and semver.

Updates got from 11.8.2 to 11.8.5

Release notes

Sourced from got's releases.

v11.8.5

• Backport security fix sindresorhus/got@861ccd9
  • CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

• Bump cacheable-request dependency (#1921) 9463bb6
• Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

Commits

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
• See full diff in compare view

Updates parse-url from 5.0.7 to 8.1.0

Release notes

Sourced from parse-url's releases.

8.1.0

[email protected]

• fix: cjs to load normalize-url /cc #58
• fix: Include index.d.ts in package.json /cc #63
• feat: support custom SSH username /cc #60
• feat: improve regex pattern /cc #59

Thanks to @​privatenumber and @​briancoit for their contributions! 🍰

8.0.0

parse-url 8.0.0

Breaking Changes

• The resource property will not contain the port, but the host one will.
• Throw an error if the input is invalid. Hence, file paths like /home/path/to/dir will only be valid if the file:https:// protocol is added (file:https://home/path/to/dir)
• Throw an error if the input length exceeds the maximum length (parse.MAX_URL_LENGTH), by default 2048.

Fixes

• fix file protocol spoofing #48, thanks @​vovikhangcdv!
• fix: support hyphens in git@ URLs (#50) #51, thanks @​crenshaw-dev!
• fix: support dot in git@ URLS #52, thanks @​GalHalupSeaLights!

Other changes

• build: add CommonJS distribution thanks to @​privatenumber! /cc #54 🍰

7.0.2

Add the url in the error object, fixes #14

7.0.1

📝 docs

7.0.0

parse-url 7.0.0

⭐ This is a major release of parse-url! ⭐

Breaking changes

• If the input url has a trailing slash, the trailing slash will be added in the pathname too.
• The port field is a string. By default empty.
• Added the password field (default: "")
• The resource may contain the port in it (e.g. resource: "domain.com:4200").

Features

• Faster
• More secure
• Cleaner codebase

6.0.0

... (truncated)

Commits

• See full diff in compare view

Updates semver from 7.3.5 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

7.3.8 (2022-10-04)

Bug Fixes

... (truncated)

Commits

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @​npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates electron from 13.2.3 to 22.3.25

Commits

• 1c1c132 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40026)
• d892c2b build: fixup autoninja (#39899)
• 6132e80 build: run on circle hosts for forks (#39865)
• a953199 build: use aks backed runners for linux builds (#39838)
• 056eacf chore: cherry-pick b2eab7500a18 from chromium (#39827)
• 5f8ef81 fix: ensure app load is limited to real asar files when appropriate (#39811)
• 4995c9e chore: cherry-pick 1 changes from Release-3-M116 (#39758)
• e29cdac build: fix depot_tools patch application (#39751)
• b58903d chore: cherry-pick 1 changes from Release-2-M116 (#39689)
• 33f9dce chore: cherry-pick 2 changes from Release-1-M116 (#39648)
• Additional commits viewable in compare view

Updates plist from 3.0.4 to 3.0.5

Changelog

Sourced from plist's changelog.

3.0.5 / 2022-03-23

• [96e2303d05] Prototype Pollution using .parse() #114 (mario-canva)
• update browserify from 16 to 17

Commits

• See full diff in compare view

Updates terser from 5.9.0 to 5.14.2

Changelog

Sourced from terser's changelog.

v5.14.2

• Security fix for RegExps that should not be evaluated (regexp DDOS)
• Source maps improvements (#1211)
• Performance improvements in long property access evaluation (#1213)

v5.14.1

• keep_numbers option added to TypeScript defs (#1208)
• Fixed parsing of nested template strings (#1204)

v5.14.0

• Switched to @​jridgewell/source-map for sourcemap generation (#1190, #1181)
• Fixed source maps with non-terminated segments (#1106)
• Enabled typescript types to be imported from the package (#1194)
• Extra DOM props have been added (#1191)
• Delete the AST while generating code, as a means to save RAM

v5.13.1

• Removed self-assignments (varname=varname) (closes #1081)
• Separated inlining code (for inlining things into references, or removing IIFEs)
• Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#1176)

v5.13.0

• All calls to eval() were removed (#1171, #1184)
• source-map was updated to 0.8.0-beta.0 (#1164)
• NavigatorUAData was added to domprops to avoid property mangling (#1166)

v5.12.1

• Fixed an issue with function definitions inside blocks (#1155)
• Fixed parens of new in some situations (closes #1159)

v5.12.0

• TERSER_DEBUG_DIR environment variable
• @​copyright comments are now preserved with the comments="some" option (#1153)

v5.11.0

• Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#1147)
• acorn is now a regular dependency

v5.10.0

• Massive optimization to max_line_len (#1109)
• Basic support for import assertions
• Marked ES2022 Object.hasOwn as a pure function
• Fix delete optional?.property
• New CI/CD pipeline with github actions (#1057)

... (truncated)

Commits

• c5cb19d 5.14.2
• a4da734 fix potential regexp DDOS
• 839b81b Add source mapping for closing } (#1211)
• 645a092 Optimize property access evaluation (#1213)
• 6706fec 5.14.1
• 4a56ef2 update changelog
• c558e12 Add keep_numbers option. Closes #1208
• f745ac7 fix parsing of nested template strings. Closes #1204
• 1707753 5.14.0
• cb82833 update changelog
• Additional commits viewable in compare view

Updates webpack from 5.56.1 to 5.76.0

Release notes

Sourced from webpack's releases.

v5.76.0

Bugfixes

• Avoid cross-realm object access by @​Jack-Works in webpack/webpack#16500
• Improve hash performance via conditional initialization by @​lvivski in webpack/webpack#16491
• Serialize generatedCode info to fix bug in asset module cache restoration by @​ryanwilsonperkin in webpack/webpack#16703
• Improve performance of hashRegExp lookup by @​ryanwilsonperkin in webpack/webpack#16759

Features

• add target to LoaderContext type by @​askoufis in webpack/webpack#16781

Security

• CVE-2022-37603 fixed by @​akhilgkrishnan in webpack/webpack#16446

Repo Changes

• Fix HTML5 logo in README by @​jakebailey in webpack/webpack#16614
• Replace TypeScript logo in README by @​jakebailey in webpack/webpack#16613
• Update actions/cache dependencies by @​piwysocki in webpack/webpack#16493

New Contributors

• @​Jack-Works made their first contribution in webpack/webpack#16500
• @​lvivski made their first contribution in webpack/webpack#16491
• @​jakebailey made their first contribution in webpack/webpack#16614
• @​akhilgkrishnan made their first contribution in webpack/webpack#16446
• @​ryanwilsonperkin made their first contribution in webpack/webpack#16703
• @​piwysocki made their first contribution in webpack/webpack#16493
• @​askoufis made their first contribution in webpack/webpack#16781

Full Changelog: webpack/webpack@v5.75.0...v5.76.0

v5.75.0

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

... (truncated)

Commits

• 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request #16493 from piwysocki/patch-1
• 5f34acf feat: Add target to LoaderContext type
• b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request #16613 from jakebailey/ts-logo
• 302eb37 Merge pull request #16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack since your current version.

Updates @babel/traverse from 7.15.4 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Rom Grk (@​romgrk)
• @​liuxingbaoyu
• ynnsuis (@​sossost)

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

v7.24.4 (2024-04-03)

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16402 fix: Correctly prints { [key in Bar]? } (@​liuxingbaoyu)
  • #16394 fix: Correctly generate TSMappedType (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • #16390 Create bugfix plugin for classes in computed keys in Firefox (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16387 fix: support mutated outer decorated class binding (@​JLHwung)
  • #16385 fix: Decorators when super() exists and protoInit is not needed (@​liuxingbaoyu)
• babel-plugin-transform-block-scoping
  • #16384 fix: Transform scoping for for X in loop (@​liuxingbaoyu)
  • #16368 fix: Capture let when the for body is not a block (@​liuxingbaoyu)
• babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

• ddbea7d v7.24.5
• e779cad fix: TypeScript annotation affects output (#16377)
• ee48754 Use multiple TypeScript projects (#16430)
• 4d8b2d0 Make NodePath\<T | U> distributive (#16439)
• a84ec28 Enable eqeqeq rule (#16404)
• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates ejs from 3.1.6 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates http-cache-semantics from 4.1.0 to 4.1.1

Commits

• 2449650 Update mocha
• 560b2d8 Don't use regex to trim whitespace
• b1bdb92 Remove linting package zoo
• c20dc7e Cache 308
• See full diff in compare view

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9