Bump the npm_and_yarn group across 2 directories with 31 updates

[dependabot]

Bumps the npm_and_yarn group with 23 updates in the /ui.frontend.theme.dark directory:

Package	From	To
jquery	3.4.1	3.5.0
y18n	4.0.0	4.0.3
yargs-parser	11.1.1	13.1.2
webpack-dev-server	3.10.3	3.11.3
body-parser	1.20.1	1.20.3
express	4.18.2	4.21.2
ajv	6.11.0	6.12.6
serialize-javascript	2.1.2	4.0.0
terser-webpack-plugin	1.4.3	1.4.6
copy-webpack-plugin	5.1.1	5.1.2
minimist	1.2.6	1.2.8
postcss	7.0.39	8.5.3
autoprefixer	9.7.4	10.4.20
css-loader	3.4.2	7.1.2
cssnano	4.1.10	7.0.6
optimize-css-assets-webpack-plugin	5.0.3	6.0.1
postcss-loader	3.0.0	8.1.1
tar	4.4.13	removed
fsevents	1.2.11	1.2.13
dns-packet	1.3.1	1.3.4
follow-redirects	1.10.0	1.15.9
http-proxy	1.18.0	1.18.1
webpack-dev-middleware	3.7.2	removed
webpack-dev-server	3.11.3	5.2.0

Bumps the npm_and_yarn group with 23 updates in the /ui.frontend.theme.light directory:

Package	From	To
jquery	3.4.1	3.5.0
y18n	4.0.0	4.0.3
yargs-parser	11.1.1	13.1.2
webpack-dev-server	3.10.3	3.11.3
body-parser	1.20.1	1.20.3
express	4.18.2	4.21.2
ajv	6.11.0	6.12.6
serialize-javascript	2.1.2	4.0.0
terser-webpack-plugin	1.4.3	1.4.6
copy-webpack-plugin	5.1.1	5.1.2
minimist	1.2.0	1.2.7
postcss	7.0.39	8.5.3
autoprefixer	9.7.4	10.4.20
css-loader	3.4.2	7.1.2
cssnano	4.1.10	7.0.6
optimize-css-assets-webpack-plugin	5.0.3	6.0.1
postcss-loader	3.0.0	8.1.1
tar	4.4.13	removed
fsevents	1.2.11	1.2.13
dns-packet	1.3.1	1.3.4
follow-redirects	1.14.8	1.15.9
http-proxy	1.18.0	1.18.1
webpack-dev-middleware	3.7.2	removed
webpack-dev-server	3.11.3	5.2.0

Updates jquery from 3.4.1 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates y18n from 4.0.0 to 4.0.3

Changelog

Sourced from y18n's changelog.

4.0.3 (2021-04-07)

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

4.0.1 (2020-11-30)

Bug Fixes

• address prototype pollution issue (#108) (a9ac604)

Commits

• 0aa97c5 chore: release 4.x.x (#128)
• a8e7f04 build(release-please): configure branch properly (#127)
• 1e21a53 fix(release): 4.x.x should not enforce Node 10 (#126)
• 8dc7580 docs: update CHANGELOG
• 7de58ca fix: address prototype pollution issue
• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates yargs-parser from 11.1.1 to 13.1.2

Changelog

Sourced from yargs-parser's changelog.

15.0.0 (2019-10-07)

Features

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality (ef771ca)

BREAKING CHANGES

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality

14.0.0 (2019-09-06)

Bug Fixes

• boolean arrays with default values (#185) (7d42572)
• boolean now behaves the same as other array types (#184) (17ca3bd)
• eatNargs() for 'opt.narg === 0' and boolean typed options (#188) (c5a1db0)
• maybeCoerceNumber now takes precedence over coerce return value (#182) (2f26436)
• take into account aliases when appending arrays from config object (#199) (f8a2d3f)

Features

• add configuration option to "collect-unknown-options" (#181) (7909cc4)
• maybeCoerceNumber() now takes into account arrays (#187) (31c204b)

BREAKING CHANGES

• unless "parse-numbers" is set to "false", arrays of numeric strings are now parsed as numbers, rather than strings.
• we have dropped the broken "defaulted" functionality; we would like to revisit adding this in the future.
• maybeCoerceNumber now takes precedence over coerce return value (#182)

13.1.1 (2019-06-10)

Bug Fixes

• convert values to strings when tokenizing (#167) (57b7883)
• nargs should allow duplicates when duplicate-arguments-array=false (#164) (47ccb0b)
• should populate "_" when given config with "short-option-groups" false (#179) (6055974)

13.1.0 (2019-05-05)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates webpack-dev-server from 3.10.3 to 3.11.3

Release notes

Sourced from webpack-dev-server's releases.

v3.11.3

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#4011) (4fef67b)

v3.11.2

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

v3.11.1

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#2948) (4837dc9)
• vulnerable deps (#2949) (78dde50)

v3.11.0

3.11.0 (2020-05-08)

Features

• add icons for directory viewer (#2441) (e953d01)
• allow multiple contentBasePublicPath paths (#2489) (c6bdfe4)
• emit progress-update (#2498) (4808abd), closes #1666
• add invalidate endpoint (#2493) (89ffb86)
• allow open option to accept an object (#2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#2512) (06583f2)
• security vulnerability in yargs-parser (#2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#2507) (0d5c681)
• support entry descriptor (closes #2453) (#2465) (8bbef6a)
• update jquery (#2516) (99ccfd8)

Changelog

Sourced from webpack-dev-server's changelog.

3.11.3 (2021-11-08)

Bug Fixes

• replace ansi-html with ansi-html-community (#4011) (4fef67b)

3.11.2 (2021-01-13)

Bug Fixes

• cli arguments for serve command (a5fe337)

3.11.1 (2020-12-29)

Bug Fixes

• the open option works using webpack serve without value (#2948) (4837dc9)
• vulnerable deps (#2949) (78dde50)

3.11.0 (2020-05-08)

Features

• add icons for directory viewer (#2441) (e953d01)
• allow multiple contentBasePublicPath paths (#2489) (c6bdfe4)
• emit progress-update (#2498) (4808abd), closes #1666
• add invalidate endpoint (#2493) (89ffb86)
• allow open option to accept an object (#2492) (adeb92e)

Bug Fixes

• do not swallow errors from server (#2512) (06583f2)
• security vulnerability in yargs-parser (#2566) (41d1d0c)
• don't crash on setupExitSignals(undefined) (#2507) (0d5c681)
• support entry descriptor (closes #2453) (#2465) (8bbef6a)
• update jquery (#2516) (99ccfd8)

Commits

• aa3cddc chore(release): 3.11.3
• 4fef67b fix: replace ansi-html with ansi-html-community (#4011)
• 5cb545f chore(release): 3.11.2
• a5fe337 fix: cli arguments for serve command
• 7e70eee chore(release): 3.11.1
• 78dde50 fix: vulnerable deps (#2949)
• 4837dc9 fix: the open option works using webpack serve without value (#2948)
• 4ab1f21 chore(release): 3.11.0
• 0e51fb1 fix: invalidate route (#2584)
• f857c40 chore: deps and tests
• Additional commits viewable in compare view

Updates body-parser from 1.20.1 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to [email protected] by @​wesleytodd in expressjs/body-parser#527
• deps: [email protected] by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: [email protected] (#521)
• 9478591 fix: pin to [email protected]
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: [email protected] by @​blakeembrey in expressjs/express#5956
• deps: bump [email protected] by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: [email protected]
  • Fix backtracking protection
• deps: [email protected]
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

... (truncated)

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump [email protected] (#6209)
• 59fc270 deps: [email protected] (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates cookie from 0.5.0 to 0.7.1

Release notes

Sourced from cookie's releases.

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

Commits

• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates ajv from 6.11.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates serialize-javascript from 2.1.2 to 4.0.0

Release notes

Sourced from serialize-javascript's releases.

v4.0.0

Changelog

• Bump nyc from 15.0.1 to 15.1.0 (#85)
• support for bigint (#80)

Behavior changes for BigInt

It serializes BigInt values as follows since this version. The result of serialization may be changed if you are passing BigInt values into the serialize-javascript.

v4.x:

const serialize = require('serialize-javascript');
serialize({big: BigInt('10')}); // '{"big":BigInt("10")}'

v3.x:

const serialize = require('serialize-javascript');
serialize({big: BigInt('10')}); // throws error

---

Thank you @​mum-never-proud for this release.

v3.1.0

• Bump mocha from 7.1.2 to 7.2.0 (#83)
• Bump mocha from 7.1.1 to 7.1.2 (#82)
• Bump nyc from 15.0.0 to 15.0.1 (#81)
• Don't replace regex / function placeholders within string literals (#79)
• [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
• Bump mocha from 7.1.0 to 7.1.1 (#77)
• Bump mocha from 7.0.1 to 7.1.0 (#74)
• Update example in README (#73)

Note: the randombytes has been added to the dependency package to improve the generation of UIDs. Check the #22 for more information. Thanks to @​JordanMilne and @​Siebes for this change.

v3.0.0

• Introduce support for Infinity (@​vthibault, #72)
• Bump mocha from 7.0.0 to 7.0.1 (#71)
• Test on Node.js v12 (@​okuryu, #70)
• Bump mocha from 6.2.2 to 7.0.0 (#69)
• Bump nyc from 14.1.1 to 15.0.0 (#68)

Behavior changes for Infinity

It serializes Infinity values as follows since this version. The result of serialization may be changed if you are passing Infinity values into the serialize-javascript.

... (truncated)

Commits

• a8a458c v4.0.0
• 0849988 Update example code
• e997f21 Bump nyc from 15.0.1 to 15.1.0 (#85)
• 418dd82 Revert "Revert "support for bigint (#80)""
• b54341e v3.1.0
• 7cee7e4 Revert "support for bigint (#80)"
• 026a445 Bump mocha from 7.1.2 to 7.2.0 (#83)
• 5130a71 support for bigint (#80)
• ea76b23 Bump mocha from 7.1.1 to 7.1.2 (#82)
• 073c8d8 Bump nyc from 15.0.0 to 15.0.1 (#81)
• Additional commits viewable in compare view

Updates terser-webpack-plugin from 1.4.3 to 1.4.6

Release notes

Sourced from terser-webpack-plugin's releases.

v1.4.6

1.4.6 (2024-07-23)

Bug Fixes

• compatibility with Node.js@18 (#608) (c47d231)

v1.4.5

1.4.5 (2020-08-12)

• update serialize-javascript

v1.4.4

1.4.4 (2020-06-03)

Bug Fixes

• security problem (#257) (915e25b)

Changelog

Sourced from terser-webpack-plugin's changelog.

1.4.6 (2024-07-23)

Bug Fixes

• compatibility with Node.js@18 (#608) (c47d231)

1.4.5 (2020-08-12)

• update serialize-javascript

1.4.4 (2020-06-03)

Bug Fixes

• security problem (#257) (915e25b)

Commits

• 7c1b679 chore(release): 1.4.6
• c47d231 fix: compatibility with Node.js@18 (#608)
• f9c543a chore(release): 1.4.5
• 779ef53 chore: update serialize-javascript (#297)
• 467f505 chore(release): 1.4.4
• 915e25b fix: security problem (#257)
• See full diff in compare view

Updates copy-webpack-plugin from 5.1.1 to 5.1.2

Release notes

Sourced from copy-webpack-plugin's releases.

v5.1.2

5.1.2 (2020-08-27)

Bug Fixes

• security: update serialize-javascript (#521) (a42d63f)

Changelog

Sourced from copy-webpack-plugin's changelog.

5.1.2 (2020-08-27)

Bug Fixes

• security: update serialize-javascript (#521) (a42d63f)

Commits

• 650d44d chore(release): 5.1.2
• a42d63f fix(security): update serialize-javascript (#521)
• See full diff in compare view

Updates elliptic from 6.5.2 to 6.5.4

Commits

• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
• 8647803 6.5.3
• 856fe4d signature: prevent malleability and overflows
• See full diff in compare view

Updates express from 4.18.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: [email protected] by @​blakeembrey in