Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: postcss and @quasar/app.

Updates postcss from 7.0.39 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

... (truncated)

Commits

• a69d45e Release 8.4.38 version
• 64e35d9 Update dependencies
• c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
• b45e7e9 fix endIndex
• 1bea246 failing test: for endIndex 0 in rangeBy
• 0fd1d86 Add changelog auto release on Github
• 49c906e Release 8.4.37 version
• b5bd92c Fix another broken prev source map issue
• 2882039 Update dependencies
• e5ad939 Release 8.4.36 version
• Additional commits viewable in compare view

Updates @quasar/app from 2.4.3 to 3.3.3

Commits

• ad27458 chore(app): Bump version
• f6856ac feat(app): upgrade deps
• ba04f89 feat(docs): update vue links (since v3 is now default/latest version)
• 453dfda feat(docs): update vue links (since v3 is now default/latest version)
• 656a42d fix(app): Capacitor not opening IDE when configured to do so (regression) #12368
• 2437d97 feat(docs): make some instances of quasar.conf more clear that they refer to ...
• 9f8a083 chore(ui): Bump version
• 7d9ab19 feat(ui): various small improvements
• 7dfca62 feat(TS/QForm): broaden the definition of the submit event #12399
• dc6d64a Merge branch 'dev' of github.com:quasarframework/quasar into dev
• Additional commits viewable in compare view

Updates braces from 2.3.2 to 3.0.2

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates express from 4.17.3 to 4.17.2

Changelog

Sourced from express's changelog.

4.17.3 / 2022-02-16

• deps: accepts@~1.3.8
  • deps: mime-types@~2.1.34
  • deps: negotiator@0.6.3
• deps: body-parser@1.19.2
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
  • deps: raw-body@2.4.3
• deps: cookie@0.4.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• pref: remove unnecessary regexp for trust proxy

4.17.2 / 2021-12-16

• Fix handling of undefined in res.jsonp
• Fix handling of undefined when "json escape" is enabled
• Fix incorrect middleware execution with unanchored RegExps
• Fix res.jsonp(obj, status) deprecation message
• Fix typo in res.is JSDoc
• deps: body-parser@1.19.1
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• deps: content-disposition@0.5.4
  • deps: safe-buffer@5.2.1
• deps: cookie@0.4.1
  • Fix maxAge option to reject invalid values
• deps: proxy-addr@~2.0.7
  • Use req.socket over deprecated req.connection
  • deps: forwarded@0.2.0
  • deps: ipaddr.js@1.9.1
• deps: qs@6.9.6
• deps: safe-buffer@5.2.1
• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens
• deps: serve-static@1.14.2
  • deps: send@0.17.2
• deps: setprototypeof@1.2.0

4.17.1 / 2019-05-25

... (truncated)

Commits

• ea537d9 4.17.2
• eee93a2 build: update example dependencies
• b35773c build: eslint@7.32.0
• c8a4200 build: mocha@9.1.3
• 21cf522 examples: improve 404 message wording
• a24f27a deps: serve-static@1.14.2
• a33266a build: support Node.js 14.x
• 6fe271e build: support Node.js 13.x
• cbe25d6 deps: setprototypeof@1.2.0
• 3bb6d96 examples: demonstrate sub directory download
• Additional commits viewable in compare view

Updates webpack-dev-middleware from 3.7.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)
• compatibility with Node.js 18

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

• types (#1187) (0f82e1d)

v5.3.0

5.3.0 (2021-12-16)

Features

• added types (a2fa77f)
• removed cjs wrapper (#1146) (b6d53d3)

v5.2.2

5.2.2 (2021-11-17)

Chore

• update schema-utils package to 4.0.0 version

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)

5.3.1 (2022-02-01)

Bug Fixes

• types (#1187) (0f82e1d)

5.3.0 (2021-12-16)

Features

• added types (a2fa77f)
• removed cjs wrapper (#1146) (b6d53d3)

5.2.2 (2021-11-17)

Chore

• update schema-utils package to 4.0.0 version

5.2.1 (2021-09-25)

• internal release, no visible changes and features

5.2.0 (2021-09-24)

... (truncated)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• f3c62b8 chore(release): 5.3.3
• eeb8aa8 fix: types for Request and Response (#1271)
• 1a45388 chore(release): 5.3.2
• b8fb945 chore(deps): memfs force update (#1269)
• f88067d chore: update deps and ci (#1260)
• 7186318 chore(deps-dev): bump @​commitlint/cli
• 57c50ef ci: update checkout, setup-node, and codecov actions (#1267)
• 840146a chore(deps-dev): bump @​babel/preset-env
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml