Bump the npm_and_yarn group across 1 directory with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
grunt-karma	4.0.0	4.0.2
karma	5.1.0	6.3.16
braces	3.0.2	3.0.3
es5-ext	0.10.53	0.10.64
follow-redirects	1.12.1	1.15.6
glob-parent	5.1.1	5.1.2
ini	1.3.5	1.3.8
minimatch	3.0.4	3.0.8
minimist	1.2.5	1.2.8
path-parse	1.0.6	1.0.7
semver	7.3.2	7.6.2
word-wrap	1.2.3	1.2.5

Updates grunt-karma from 4.0.0 to 4.0.2

Release notes

Sourced from grunt-karma's releases.

v4.0.2

4.0.2 (2021-05-11)

Bug Fixes

• karma: accept karma 6.x in peerDependencies (#303) (fe01a67)

v4.0.1

4.0.1 (2021-05-11)

Bug Fixes

• karma: use recommended parseConfig pattern for Karma 6 (#297) (a38d9a9)

Changelog

Sourced from grunt-karma's changelog.

4.0.2 (2021-05-11)

Bug Fixes

• karma: accept karma 6.x in peerDependencies (#303) (fe01a67)

4.0.1 (2021-05-11)

Bug Fixes

• karma: use recommended parseConfig pattern for Karma 6 (#297) (a38d9a9)

Commits

• f961953 chore(release): 4.0.2 [skip ci]
• fe01a67 fix(karma): accept karma 6.x in peerDependencies (#303)
• 88e5200 chore(release): 4.0.1 [skip ci]
• a38d9a9 fix(karma): use recommended parseConfig pattern for Karma 6 (#297)
• c547a61 chore(deps): bump lodash from 4.17.13 to 4.17.19 (#289)
• 45b9259 chore(deps): bump grunt from 1.0.1 to 1.1.0 (#285)
• a6d4fc9 chore(deps): bump underscore.string from 3.3.4 to 3.3.5 (#281)
• 909bc28 chore(deps): bump lodash.merge from 4.6.1 to 4.6.2 (#280)
• d030e08 chore(deps): bump acorn from 5.7.2 to 5.7.4 (#282)
• 658a272 chore(deps): bump handlebars from 4.0.12 to 4.7.6 (#284)
• Additional commits viewable in compare view

Updates karma from 5.1.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates engine.io from 3.4.2 to 6.5.5

Release notes

Sourced from engine.io's releases.

6.5.5

This release contains a bump of the ws dependency, which includes an important security fix.

Advisory: GHSA-3h5v-q93c-6h6q

Bug Fixes

• types: make socket.request writable (#697) (0efa04b)

Links

• Diff: socketio/engine.io@6.5.4...6.5.5
• Client release: -
• ws@~8.17.1 (diff)

6.5.4

This release contains some minor changes which should improve the memory usage of the server, notably this.

Links

• Diff: socketio/engine.io@6.5.3...6.5.4
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.3

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Links

• Diff: socketio/engine.io@6.5.2...6.5.3
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.2

Bug Fixes

• webtransport: add proper framing (a306db0)

Links

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.5.5 (2024-06-18)

This release contains a bump of the ws dependency, which includes an important security fix.

Advisory: GHSA-3h5v-q93c-6h6q

Bug Fixes

• types: make socket.request writable (#697) (0efa04b)

Dependencies

• ws@~8.17.1 (diff)

3.6.2 (2024-06-18)

This release contains a bump of the ws dependency, which includes an important security fix.

Advisory: GHSA-3h5v-q93c-6h6q

Dependencies

• ws@~7.5.10 (diff)

6.5.4 (2023-11-09)

This release contains some minor changes which should improve the memory usage of the server, notably this.

Dependencies

• ws@~8.11.0 (no change)

6.5.3 (2023-10-06)

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Dependencies

... (truncated)

Commits

• 0cb977a chore(release): 6.5.5
• adaa207 chore(deps): bump ws from 8.11.0 to 8.17.1 (#702)
• 0efa04b fix(types): make socket.request writable (#697)
• ff0fbfb chore(release): 6.5.4
• 09acb17 ci: add Node.js 20 in the test matrix
• 39937f8 refactor: minor cleanups
• 43c1c1c refactor: simplify code
• 3b5e79e refactor: remove useless references
• f27a6c3 refactor: remove useless reference
• 2da559a chore(release): 6.5.3
• Additional commits viewable in compare view

Updates es5-ext from 0.10.53 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates follow-redirects from 1.12.1 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates glob-parent from 5.1.1 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

• eliminate ReDoS (#36) (f923116)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

• eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

• Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

Commits

• eb2c439 chore: update changelog
• 12bcb6c chore: release 5.1.2
• f923116 fix: eliminate ReDoS (#36)
• 0b014a7 chore: add JSDoc returns information (#33)
• 2b24ebd chore: generate initial changelog
• See full diff in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates lodash from 4.17.19 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates log4js from 6.3.0 to 6.9.1

Changelog

Sourced from log4js's changelog.

6.9.1

• fix(7922e82): regex for stacktrace - thanks @​lamweili
  • addresses #1377 which has a regression since 6.8.0 from #1363 at commit 7922e82

6.9.0

• feat: support for idempotent logging on browser - thanks @​aellerton
  • addresses #968, #1270, #1288, #1372
• docs: added that log4js.getLogger() may call log4js.configure() - thanks @​lamweili

6.8.0

• feat: added log4js.isConfigured() API - thanks @​lamweili
  • docs: added log4js.isConfigured() - thanks @​lamweili
• feat(layout): support a specifier on %m - thanks @​lamweili
• fix: tilde expansion for windows - thanks @​lamweili
• docs: updated typescript usage - thanks @​lamweili
• test: improved test for fileAppender - thanks @​lamweili
• ci: generate coverage report in both text and html - thanks @​lamweili
• ci: replaced deprecated github set-output - thanks @​lamweili
• chore(deps): updated dependencies - thanks @​lamweili
  • chore(deps): bump streamroller from 3.1.3 to 3.1.5
  • chore(deps): updated package-lock.json
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.3.0 to 17.4.4
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.3.0 to 17.4.4
  • chore(deps-dev): bump eslint from 8.28.0 to 8.34.0
  • chore(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0
  • chore(deps-dev): bump eslint-import-resolver-node from 0.3.6 to 0.3.7
  • chore(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.5
  • chore(deps-dev): bump fs-extra from 10.1.0 to 11.1.0
  • chore(deps-dev): bump husky from 8.0.2 to 8.0.3
  • chore(deps-dev): bump prettier from 2.8.0 to 2.8.4
  • chore(deps-dev): bump tap from 16.3.2 to 16.3.4
  • chore(deps-dev): bump typescript from 4.9.3 to 4.9.5
  • chore(deps-dev): updated package-lock.json
• chore(deps-dev): bump json5 from 1.0.1 to 1.0.2 - thanks @​Dependabot

6.7.1

• type: updated Configuration.levels type to allow for custom log levels - thanks @​lamweili
• docs: fixed typo in layouts.md - thanks @​dtslvr
• chore(deps-dev): updated dependencies - thanks @​lamweili
  • chore(deps-dev): bump @​commitlint/cli from 17.1.2 to 17.3.0
  • chore(deps-dev): bump @​commitlint/config-conventional from 17.1.0 to 17.3.0
  • chore(deps-dev): bump eslint from 8.24.0 to 8.28.0
  • chore(deps-dev): bump husky from 8.0.1 to 8.0.2
  • chore(deps-dev): bump prettier from 2.7.1 to 2.8.0
  • chore(deps-dev): bump tap from 16.3.0 to 16.3.2

... (truncated)

Commits

• 26dcec6 6.9.1
• 63ae5b9 Merge pull request #1379 from log4js-node/update-docs
• 185fa66 docs: updated changelog for 6.9.1
• ed54dc2 Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...
• 2628688 fix(7922e82): regex for stacktrace
• b3919d8 6.9.0
• 7cfe8a4 Merge pull request #1376 from log4js-node/update-docs
• f89e7b6 docs: updated changelog for 6.9.0
• 0082928 Merge pull request #1375 from log4js-node/update-docs
• c0db6a4 docs: added that log4js.getLogger() may call log4js.configure()
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.0.8

Commits

• 782c264 3.0.8
• 6ade2da fix: trim pattern
• a6f52b0 3.0.7
• e4cd434 fix: treat nocase:true as always having magic
• e6bbe1c publishConfig for 3.0
• 5b7cd33 3.0.6
• 20b4b56 [fix] revert all breaking syntax changes
• 2ff0388 document, expose, and test 'partial:true' option
• 5dbd6a7 ci: tests and makework
• dbda065 full test coverage, adding tests, deleting dead code
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates path-parse from 1.0.6 to 1.0.7

Commits

• See full diff in compare view

Updates semver from 7.3.2 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 cho...

  Description has been truncated